Adding new tests in PostControllerTest to check for potential private post leakage.

This commit is contained in:
Alexey Skobkin 2019-04-03 18:55:29 +03:00
parent 5e8935ce66
commit b455a6c8e7
2 changed files with 45 additions and 11 deletions

View file

@ -8,6 +8,12 @@ use Skobkin\Bundle\PointToolsBundle\Entity\{Blogs\Post, User};
class LoadPostData extends AbstractFixture implements OrderedFixtureInterface class LoadPostData extends AbstractFixture implements OrderedFixtureInterface
{ {
public const POST_ID_LONG = 'longpost';
public const POST_ID_SHORT = 'shortpost';
public const POST_ID_PR_USER = 'prusrpst';
public const POST_ID_WL_USER = 'wlusrpst';
public const POST_ID_PR_WL_USER = 'prwlusrpst';
public function load(ObjectManager $om) public function load(ObjectManager $om)
{ {
/** @var User $mainUser */ /** @var User $mainUser */
@ -19,31 +25,31 @@ class LoadPostData extends AbstractFixture implements OrderedFixtureInterface
/** @var User $prWlUser */ /** @var User $prWlUser */
$prWlUser = $this->getReference('test_user_'.LoadUserData::USER_PRWL_ID); $prWlUser = $this->getReference('test_user_'.LoadUserData::USER_PRWL_ID);
$longPost = (new Post('longpost', $mainUser, new \DateTime(), Post::TYPE_POST)) $longPost = (new Post(self::POST_ID_LONG, $mainUser, new \DateTime(), Post::TYPE_POST))
->setText('Test post with many comments') ->setText('Test post with many comments')
->setPrivate(false) ->setPrivate(false)
->setDeleted(false) ->setDeleted(false)
; ;
$shortPost = (new Post('shortpost', $mainUser, new \DateTime(), Post::TYPE_POST)) $shortPost = (new Post(self::POST_ID_SHORT, $mainUser, new \DateTime(), Post::TYPE_POST))
->setText('Test short post') ->setText('Test short post')
->setPrivate(false) ->setPrivate(false)
->setDeleted(false) ->setDeleted(false)
; ;
$privateUserPost = (new Post('prusrpst', $privateUser, new \DateTime(), Post::TYPE_POST)) $privateUserPost = (new Post(self::POST_ID_PR_USER, $privateUser, new \DateTime(), Post::TYPE_POST))
->setText('Post from private user. Should not be visible in the public feed.') ->setText('Post from private user. Should not be visible in the public feed.')
->setPrivate(false) ->setPrivate(false)
->setDeleted(false) ->setDeleted(false)
; ;
$wlUserPost = (new Post('wlusrpst', $wlUser, new \DateTime(), Post::TYPE_POST)) $wlUserPost = (new Post(self::POST_ID_WL_USER, $wlUser, new \DateTime(), Post::TYPE_POST))
->setText('Post from whitelist-only user. Should only be visible for whitelisted users.') ->setText('Post from whitelist-only user. Should only be visible for whitelisted users.')
->setPrivate(false) ->setPrivate(false)
->setDeleted(false) ->setDeleted(false)
; ;
$privateWlUserPost = (new Post('prwlusrpst', $prWlUser, new \DateTime(), Post::TYPE_POST)) $privateWlUserPost = (new Post(self::POST_ID_PR_WL_USER, $prWlUser, new \DateTime(), Post::TYPE_POST))
->setText('Post from private AND whitelist-only user. Should not be visible in the public feed.') ->setText('Post from private AND whitelist-only user. Should not be visible in the public feed.')
->setPrivate(false) ->setPrivate(false)
->setDeleted(false) ->setDeleted(false)

View file

@ -2,15 +2,15 @@
namespace Tests\Skobkin\PointToolsBundle\Controller; namespace Tests\Skobkin\PointToolsBundle\Controller;
use Symfony\Bundle\FrameworkBundle\Test\WebTestCase; use Skobkin\Bundle\PointToolsBundle\DataFixtures\ORM\LoadPostData;
use Symfony\Bundle\FrameworkBundle\{Client, Test\WebTestCase};
use Symfony\Component\DomCrawler\Crawler; use Symfony\Component\DomCrawler\Crawler;
class PostControllerTest extends WebTestCase class PostControllerTest extends WebTestCase
{ {
public function testNonExistingPostPage() public function testNonExistingPostPage()
{ {
$client = static::createClient(); $client = $this->createClientForPostId('nonexistingpost');
$client->request('GET', '/nonexistingpost');
$this->assertTrue($client->getResponse()->isNotFound(), '404 response code for non-existing post'); $this->assertTrue($client->getResponse()->isNotFound(), '404 response code for non-existing post');
} }
@ -20,12 +20,11 @@ class PostControllerTest extends WebTestCase
*/ */
public function testShortPostPageIsOk() public function testShortPostPageIsOk()
{ {
$client = static::createClient(); $client = $this->createClientForPostId(LoadPostData::POST_ID_SHORT);
$crawler = $client->request('GET', '/shortpost');
$this->assertTrue($client->getResponse()->isOk(), '200 response code for existing post'); $this->assertTrue($client->getResponse()->isOk(), '200 response code for existing post');
return $crawler; return $client->getCrawler();
} }
/** /**
@ -58,4 +57,33 @@ class PostControllerTest extends WebTestCase
$this->assertEquals(1, $p->count(), '.post-text has zero or more than one paragraphs'); $this->assertEquals(1, $p->count(), '.post-text has zero or more than one paragraphs');
$this->assertEquals('Test short post', $p->text(), '.post-text has no correct post text'); $this->assertEquals('Test short post', $p->text(), '.post-text has no correct post text');
} }
public function testPrivateUserPostForbidden()
{
$client = $this->createClientForPostId(LoadPostData::POST_ID_PR_USER);
$this->assertTrue($client->getResponse()->isForbidden(), '403 response code for private user\'s post');
}
public function testWhitelistOnlyUserPostForbidden()
{
$client = $this->createClientForPostId(LoadPostData::POST_ID_WL_USER);
$this->assertTrue($client->getResponse()->isForbidden(), '403 response code for whitelist-only user\'s post');
}
public function testPrivateWhitelistOnlyUserPostForbidden()
{
$client = $this->createClientForPostId(LoadPostData::POST_ID_PR_WL_USER);
$this->assertTrue($client->getResponse()->isForbidden(), '403 response code for private whitelist-only user\'s post');
}
private function createClientForPostId(string $id): Client
{
$client = static::createClient();
$client->request('GET', '/'.$id);
return $client;
}
} }