Adding new tests in PostControllerTest to check for potential private post leakage.

This commit is contained in:
Alexey Skobkin 2019-04-03 18:55:29 +03:00
parent 5e8935ce66
commit b455a6c8e7
2 changed files with 45 additions and 11 deletions

View file

@ -8,6 +8,12 @@ use Skobkin\Bundle\PointToolsBundle\Entity\{Blogs\Post, User};
class LoadPostData extends AbstractFixture implements OrderedFixtureInterface
{
public const POST_ID_LONG = 'longpost';
public const POST_ID_SHORT = 'shortpost';
public const POST_ID_PR_USER = 'prusrpst';
public const POST_ID_WL_USER = 'wlusrpst';
public const POST_ID_PR_WL_USER = 'prwlusrpst';
public function load(ObjectManager $om)
{
/** @var User $mainUser */
@ -19,31 +25,31 @@ class LoadPostData extends AbstractFixture implements OrderedFixtureInterface
/** @var User $prWlUser */
$prWlUser = $this->getReference('test_user_'.LoadUserData::USER_PRWL_ID);
$longPost = (new Post('longpost', $mainUser, new \DateTime(), Post::TYPE_POST))
$longPost = (new Post(self::POST_ID_LONG, $mainUser, new \DateTime(), Post::TYPE_POST))
->setText('Test post with many comments')
->setPrivate(false)
->setDeleted(false)
;
$shortPost = (new Post('shortpost', $mainUser, new \DateTime(), Post::TYPE_POST))
$shortPost = (new Post(self::POST_ID_SHORT, $mainUser, new \DateTime(), Post::TYPE_POST))
->setText('Test short post')
->setPrivate(false)
->setDeleted(false)
;
$privateUserPost = (new Post('prusrpst', $privateUser, new \DateTime(), Post::TYPE_POST))
$privateUserPost = (new Post(self::POST_ID_PR_USER, $privateUser, new \DateTime(), Post::TYPE_POST))
->setText('Post from private user. Should not be visible in the public feed.')
->setPrivate(false)
->setDeleted(false)
;
$wlUserPost = (new Post('wlusrpst', $wlUser, new \DateTime(), Post::TYPE_POST))
$wlUserPost = (new Post(self::POST_ID_WL_USER, $wlUser, new \DateTime(), Post::TYPE_POST))
->setText('Post from whitelist-only user. Should only be visible for whitelisted users.')
->setPrivate(false)
->setDeleted(false)
;
$privateWlUserPost = (new Post('prwlusrpst', $prWlUser, new \DateTime(), Post::TYPE_POST))
$privateWlUserPost = (new Post(self::POST_ID_PR_WL_USER, $prWlUser, new \DateTime(), Post::TYPE_POST))
->setText('Post from private AND whitelist-only user. Should not be visible in the public feed.')
->setPrivate(false)
->setDeleted(false)

View file

@ -2,15 +2,15 @@
namespace Tests\Skobkin\PointToolsBundle\Controller;
use Symfony\Bundle\FrameworkBundle\Test\WebTestCase;
use Skobkin\Bundle\PointToolsBundle\DataFixtures\ORM\LoadPostData;
use Symfony\Bundle\FrameworkBundle\{Client, Test\WebTestCase};
use Symfony\Component\DomCrawler\Crawler;
class PostControllerTest extends WebTestCase
{
public function testNonExistingPostPage()
{
$client = static::createClient();
$client->request('GET', '/nonexistingpost');
$client = $this->createClientForPostId('nonexistingpost');
$this->assertTrue($client->getResponse()->isNotFound(), '404 response code for non-existing post');
}
@ -20,12 +20,11 @@ class PostControllerTest extends WebTestCase
*/
public function testShortPostPageIsOk()
{
$client = static::createClient();
$crawler = $client->request('GET', '/shortpost');
$client = $this->createClientForPostId(LoadPostData::POST_ID_SHORT);
$this->assertTrue($client->getResponse()->isOk(), '200 response code for existing post');
return $crawler;
return $client->getCrawler();
}
/**
@ -58,4 +57,33 @@ class PostControllerTest extends WebTestCase
$this->assertEquals(1, $p->count(), '.post-text has zero or more than one paragraphs');
$this->assertEquals('Test short post', $p->text(), '.post-text has no correct post text');
}
public function testPrivateUserPostForbidden()
{
$client = $this->createClientForPostId(LoadPostData::POST_ID_PR_USER);
$this->assertTrue($client->getResponse()->isForbidden(), '403 response code for private user\'s post');
}
public function testWhitelistOnlyUserPostForbidden()
{
$client = $this->createClientForPostId(LoadPostData::POST_ID_WL_USER);
$this->assertTrue($client->getResponse()->isForbidden(), '403 response code for whitelist-only user\'s post');
}
public function testPrivateWhitelistOnlyUserPostForbidden()
{
$client = $this->createClientForPostId(LoadPostData::POST_ID_PR_WL_USER);
$this->assertTrue($client->getResponse()->isForbidden(), '403 response code for private whitelist-only user\'s post');
}
private function createClientForPostId(string $id): Client
{
$client = static::createClient();
$client->request('GET', '/'.$id);
return $client;
}
}