skobkin/point-tools
1
1
Fork 0
Code Issues 4 Pull requests 1 Releases Activity

Compare commits

merge into: skobkin:feature_post_subscription
Branches Tags
skobkin:master
skobkin:symfony6_remake
skobkin:symfony6_remake_markdown_parser
skobkin:feature_post_subscription
skobkin:update_doctrine_fixtures
...
pull from: skobkin:master
Branches Tags
skobkin:symfony6_remake
skobkin:symfony6_remake_markdown_parser
skobkin:master
skobkin:feature_post_subscription
skobkin:update_doctrine_fixtures

14 commits
feature_po ... master

Author SHA1 Message Date
Alexey Eschenko 07f89712d9 Merged in composer_update (pull request #27) 
composer update.
 2020-04-29 14:22:11 +00:00
Alexey Skobkin fd09f389f7
composer update. 2020-04-29 16:55:02 +03:00
Alexey Skobkin b6f7ac8ec5 Fixing UserRepositoryTest according to new test users. 2019-04-03 20:40:09 +03:00
Alexey Skobkin f598864d4d Crutch-fixing PostController::showAction() exception handling with 404 instead of 403 exception. 2019-04-03 20:34:16 +03:00
Alexey Skobkin 44c4158602 Fixing automatic replacing of AccessDeniedExceptions with InsufficientAuthenticationException in Symfony\Component\Security\Http\Firewall\ExceptionListener::handleAccessDeniedException(). 2019-04-03 20:16:34 +03:00
Alexey Skobkin aa751bbbc1 Fixing MainControllerTest::testAjaxUserAutoCompleteHasValidUserObjectsForUnnamedUser() in case of user's name in null instead of empty string. 2019-04-03 19:43:32 +03:00
Alexey Skobkin 9e5f59a2b2 Fixina small MainControllerTest problems. 2019-04-03 19:38:57 +03:00
Alexey Skobkin 7fcdcbf728 Fixing AJAX data deserialization in the MainControllerTest. 2019-04-03 19:34:01 +03:00
Alexey Skobkin 60dcc5e955 Fixing MainControllerTest dependencies. 2019-04-03 19:28:18 +03:00
Alexey Skobkin c3605b2db1 Fixing MainControllerTest::{testAjaxUserAutoCompleteHasOptions, testFindUsersLikeLogin}() and adding new tests for user without name. 2019-04-03 19:19:03 +03:00
Alexey Skobkin b455a6c8e7 Adding new tests in PostControllerTest to check for potential private post leakage. 2019-04-03 18:55:29 +03:00
Alexey Skobkin 5e8935ce66 Fixing PostController::showAction() exception on private author's post. 2019-04-03 18:52:36 +03:00
Alexey Skobkin d9c0673445 Fixing user and post data fixtures to fix PostControllerTest::testShortPostPageIsOk() according to previous privacy fix. New post for more advanced privacy test-cases added. Test must be written though. 2019-04-03 18:38:53 +03:00
Alexey Skobkin 0c004085fd Fixing privacy in PostController::showAction(). 2019-04-03 18:07:47 +03:00
9 changed files with 1281 additions and 734 deletions
Show stats Expand all files Collapse all files

2
app/config/security.yml
View file

@ -9,4 +9,4 @@ security:
security: false security: false
default: default:
anonymous: ~ anonymous: true

1
composer.json
View file

@ -13,6 +13,7 @@
}, },
"require": { "require": {
"php": ">=7.1.0", "php": ">=7.1.0",
"ext-json": "*",
"symfony/symfony": "^3.4", "symfony/symfony": "^3.4",
"doctrine/orm": "^2.5", "doctrine/orm": "^2.5",
"doctrine/annotations": "^1.3.0", "doctrine/annotations": "^1.3.0",

1800
composer.lock generated
View file

File diff suppressed because it is too large Load diff

12
src/Skobkin/Bundle/PointToolsBundle/Controller/PostController.php
View file

@ -12,11 +12,19 @@ class PostController extends AbstractController
{ {
/** /**
* @ParamConverter("post", class="SkobkinPointToolsBundle:Blogs\Post") * @ParamConverter("post", class="SkobkinPointToolsBundle:Blogs\Post")
*
* @return Response
*/ */
public function showAction(Post $post, PostRepository $postRepository): Response public function showAction(Post $post, PostRepository $postRepository): Response
{ {
if ((!$post->getAuthor()->isPublic()) || $post->getAuthor()->isWhitelistOnly()) {
/**
* Throwing 404 instead of 403 because of
* @see \Symfony\Component\Security\Http\Firewall\ExceptionListener::handleAccessDeniedException()
* starts to replace 403 by 401 exceptions for anonymous users and tries to authenticate them.
*/
throw $this->createNotFoundException('Author\'s blog is private.');
//throw $this->createAccessDeniedException('Author\'s blog is private.');
}
return $this->render('SkobkinPointToolsBundle:Post:show.html.twig', [ return $this->render('SkobkinPointToolsBundle:Post:show.html.twig', [
'post' => $postRepository->getPostWithComments($post->getId()), 'post' => $postRepository->getPostWithComments($post->getId()),
]); ]);

47
src/Skobkin/Bundle/PointToolsBundle/DataFixtures/ORM/LoadPostData.php
View file

@ -2,33 +2,64 @@
namespace Skobkin\Bundle\PointToolsBundle\DataFixtures\ORM; namespace Skobkin\Bundle\PointToolsBundle\DataFixtures\ORM;
use Doctrine\Common\DataFixtures\AbstractFixture; use Doctrine\Common\DataFixtures\{AbstractFixture, OrderedFixtureInterface};
use Doctrine\Common\DataFixtures\OrderedFixtureInterface;
use Doctrine\Common\Persistence\ObjectManager; use Doctrine\Common\Persistence\ObjectManager;
use Skobkin\Bundle\PointToolsBundle\Entity\Blogs\Post; use Skobkin\Bundle\PointToolsBundle\Entity\{Blogs\Post, User};
use Skobkin\Bundle\PointToolsBundle\Entity\User;
class LoadPostData extends AbstractFixture implements OrderedFixtureInterface class LoadPostData extends AbstractFixture implements OrderedFixtureInterface
{ {
public const POST_ID_LONG = 'longpost';
public const POST_ID_SHORT = 'shortpost';
public const POST_ID_PR_USER = 'prusrpst';
public const POST_ID_WL_USER = 'wlusrpst';
public const POST_ID_PR_WL_USER = 'prwlusrpst';
public function load(ObjectManager $om) public function load(ObjectManager $om)
{ {
/** @var User $testUser */ /** @var User $mainUser */
$testUser = $this->getReference('test_user_99999'); $mainUser = $this->getReference('test_user_'.LoadUserData::USER_MAIN_ID);
/** @var User $privateUser */
$privateUser = $this->getReference('test_user_'.LoadUserData::USER_PRIV_ID);
/** @var User $wlUser */
$wlUser = $this->getReference('test_user_'.LoadUserData::USER_WLON_ID);
/** @var User $prWlUser */
$prWlUser = $this->getReference('test_user_'.LoadUserData::USER_PRWL_ID);
$longPost = (new Post('longpost', $testUser, new \DateTime(), Post::TYPE_POST)) $longPost = (new Post(self::POST_ID_LONG, $mainUser, new \DateTime(), Post::TYPE_POST))
->setText('Test post with many comments') ->setText('Test post with many comments')
->setPrivate(false) ->setPrivate(false)
->setDeleted(false) ->setDeleted(false)
; ;
$shortPost = (new Post('shortpost', $testUser, new \DateTime(), Post::TYPE_POST)) $shortPost = (new Post(self::POST_ID_SHORT, $mainUser, new \DateTime(), Post::TYPE_POST))
->setText('Test short post') ->setText('Test short post')
->setPrivate(false) ->setPrivate(false)
->setDeleted(false) ->setDeleted(false)
; ;
$privateUserPost = (new Post(self::POST_ID_PR_USER, $privateUser, new \DateTime(), Post::TYPE_POST))
->setText('Post from private user. Should not be visible in the public feed.')
->setPrivate(false)
->setDeleted(false)
;
$wlUserPost = (new Post(self::POST_ID_WL_USER, $wlUser, new \DateTime(), Post::TYPE_POST))
->setText('Post from whitelist-only user. Should only be visible for whitelisted users.')
->setPrivate(false)
->setDeleted(false)
;
$privateWlUserPost = (new Post(self::POST_ID_PR_WL_USER, $prWlUser, new \DateTime(), Post::TYPE_POST))
->setText('Post from private AND whitelist-only user. Should not be visible in the public feed.')
->setPrivate(false)
->setDeleted(false)
;
$om->persist($longPost); $om->persist($longPost);
$om->persist($shortPost); $om->persist($shortPost);
$om->persist($privateUserPost);
$om->persist($wlUserPost);
$om->persist($privateWlUserPost);
$om->flush(); $om->flush();
$this->addReference('test_post_longpost', $longPost); $this->addReference('test_post_longpost', $longPost);

28
src/Skobkin/Bundle/PointToolsBundle/DataFixtures/ORM/LoadUserData.php
View file

@ -9,25 +9,27 @@ use Skobkin\Bundle\PointToolsBundle\Entity\User;
class LoadUserData extends AbstractFixture implements OrderedFixtureInterface class LoadUserData extends AbstractFixture implements OrderedFixtureInterface
{ {
public const USER_MAIN_ID = 99999;
public const USER_SCND_ID = 99998;
public const USER_PRIV_ID = 99997;
public const USER_WLON_ID = 99996;
public const USER_PRWL_ID = 99995;
public const USER_UNNM_ID = 99994;
private $users = [ private $users = [
// 99999 ['id' => self::USER_MAIN_ID, 'login' => 'testuser', 'name' => 'Test User 1', 'private' => false, 'whitelist-only' => false],
['login' => 'testuser', 'name' => 'Test User 1'], ['id' => self::USER_SCND_ID, 'login' => 'testuser2', 'name' => 'Test User 2 for autocomplete test', 'private' => false, 'whitelist-only' => false],
// 99998 ['id' => self::USER_PRIV_ID, 'login' => 'private_user', 'name' => 'Test User 3', 'private' => true, 'whitelist-only' => false],
['login' => 'testuser2', 'name' => 'Test User 2'], ['id' => self::USER_WLON_ID, 'login' => 'whitelist_only_user', 'name' => 'Test User 4', 'private' => false, 'whitelist-only' => true],
// 99997 ['id' => self::USER_PRWL_ID, 'login' => 'private_whitelist_only_user', 'name' => 'Test User 4', 'private' => false, 'whitelist-only' => true],
['login' => 'testuser3', 'name' => 'Test User 3'], ['id' => self::USER_UNNM_ID, 'login' => 'unnamed_user', 'name' => null, 'private' => false, 'whitelist-only' => false],
// 99996
['login' => 'testuser4', 'name' => 'Test User 4'],
//99995
['login' => 'testuser5', 'name' => null],
]; ];
public function load(ObjectManager $om) public function load(ObjectManager $om)
{ {
$userId = 99999;
foreach ($this->users as $userData) { foreach ($this->users as $userData) {
$user = new User($userId--, new \DateTime(), $userData['login'], $userData['name']); $user = new User($userData['id'], new \DateTime(), $userData['login'], $userData['name']);
$user->updatePrivacy(!$userData['private'], $userData['whitelist-only']);
$om->persist($user); $om->persist($user);

77
tests/Skobkin/PointToolsBundle/Controller/MainControllerTest.php
View file

@ -2,11 +2,12 @@
namespace Tests\Skobkin\PointToolsBundle\Controller; namespace Tests\Skobkin\PointToolsBundle\Controller;
use Symfony\Bundle\FrameworkBundle\Client;
use Symfony\Bundle\FrameworkBundle\Test\WebTestCase; use Symfony\Bundle\FrameworkBundle\Test\WebTestCase;
class MainControllerTest extends WebTestCase class MainControllerTest extends WebTestCase
{ {
public function testUserSearch() public function testUserSearch(): void
{ {
$client = static::createClient(); $client = static::createClient();
$crawler = $client->request('GET', '/'); $crawler = $client->request('GET', '/');
@ -19,7 +20,7 @@ class MainControllerTest extends WebTestCase
$this->assertTrue($client->getResponse()->isRedirect('/user/testuser'), 'Redirect to testuser\'s page didn\'t happen'); $this->assertTrue($client->getResponse()->isRedirect('/user/testuser'), 'Redirect to testuser\'s page didn\'t happen');
} }
public function testNonExistingUserSearch() public function testNonExistingUserSearch(): void
{ {
$client = static::createClient(); $client = static::createClient();
$crawler = $client->request('GET', '/'); $crawler = $client->request('GET', '/');
@ -49,7 +50,7 @@ class MainControllerTest extends WebTestCase
$this->assertEquals(' Login not found', $firstError->text(), 'Incorrect error text'); $this->assertEquals(' Login not found', $firstError->text(), 'Incorrect error text');
} }
public function testUserStats() public function testUserStats(): void
{ {
$client = static::createClient(); $client = static::createClient();
$crawler = $client->request('GET', '/'); $crawler = $client->request('GET', '/');
@ -75,14 +76,10 @@ class MainControllerTest extends WebTestCase
/** /**
* Tests AJAX user search autocomplete and returns JSON response string * Tests AJAX user search autocomplete and returns JSON response string
*
* @return string
*/ */
public function testAjaxUserAutoComplete() public function testAjaxUserAutoComplete(): string
{ {
$client = static::createClient(); $client = $this->createClientForAjaxUserSearchByLogin('testuser');
// We need to search all test user with 'testuser5' included which will test the code against null-string problem in User#getName()
$client->request('GET', '/ajax/users/search/testuser');
$this->assertTrue($client->getResponse()->headers->contains('Content-Type', 'application/json'), 'Response has "Content-Type" = "application/json"'); $this->assertTrue($client->getResponse()->headers->contains('Content-Type', 'application/json'), 'Response has "Content-Type" = "application/json"');
@ -91,26 +88,22 @@ class MainControllerTest extends WebTestCase
/** /**
* @depends testAjaxUserAutoComplete * @depends testAjaxUserAutoComplete
*
* @param $json
*/ */
public function testAjaxUserAutoCompleteHasOptions($json) public function testAjaxUserAutoCompleteHasOptions(string $json): array
{ {
$data = json_decode($json); $data = json_decode($json, true);
$this->assertNotNull($data, 'JSON data successfully decoded and not empty'); $this->assertNotNull($data, 'JSON data successfully decoded and not empty');
$this->assertTrue(is_array($data), 'JSON data is array'); $this->assertTrue(is_array($data), 'JSON data is array');
$this->assertCount(5, $data, 'Array has 5 elements'); $this->assertCount(2, $data, 'Array has 2 elements');
return $data; return $data;
} }
/** /**
* @depends testAjaxUserAutoCompleteHasOptions * @depends testAjaxUserAutoCompleteHasOptions
*
* @param array $users
*/ */
public function testAjaxUserAutoCompleteHasValidUserObjects(array $users) public function testAjaxUserAutoCompleteHasValidUserObjects(array $users): void
{ {
foreach ($users as $key => $user) { foreach ($users as $key => $user) {
$this->assertTrue(array_key_exists('login', $user), sprintf('%d row of result has \'login\' field', $key)); $this->assertTrue(array_key_exists('login', $user), sprintf('%d row of result has \'login\' field', $key));
@ -118,7 +111,43 @@ class MainControllerTest extends WebTestCase
} }
} }
public function testAjaxUserAutoCompleteForNonExistingUser() /**
* Tests AJAX user search autocomplete for unnamed user and returns JSON response string
*/
public function testAjaxUserAutoCompleteForUnnamedUser(): string
{
$client = $this->createClientForAjaxUserSearchByLogin('unnamed_user');
$this->assertTrue($client->getResponse()->headers->contains('Content-Type', 'application/json'), 'Response has "Content-Type" = "application/json"');
return $client->getResponse()->getContent();
}
/**
* @depends testAjaxUserAutoCompleteForUnnamedUser
*/
public function testAjaxUserAutoCompleteHasOptionsForUnnamedUser(string $json): array
{
$data = json_decode($json, true);
$this->assertNotNull($data, 'JSON data successfully decoded and not empty');
$this->assertInternalType('array', $data, 'JSON data is array');
$this->assertCount(1, $data, 'Array has 1 elements');
return reset($data);
}
/**
* @depends testAjaxUserAutoCompleteHasOptionsForUnnamedUser
*/
public function testAjaxUserAutoCompleteHasValidUserObjectsForUnnamedUser(array $user): void
{
$this->assertTrue(array_key_exists('login', $user), 'Result has \'login\' field');
$this->assertTrue(array_key_exists('name', $user), 'Result has \'name\' field');
$this->assertEquals(true, ('' === $user['name'] || null === $user['name']), 'User name is empty string or null');
}
public function testAjaxUserAutoCompleteIsEmptyForNonExistingUser(): void
{ {
$client = static::createClient(); $client = static::createClient();
$client->request('GET', '/ajax/users/search/aksdjhaskdjhqwhdgqkjwhdgkjah'); $client->request('GET', '/ajax/users/search/aksdjhaskdjhqwhdgqkjwhdgkjah');
@ -128,7 +157,15 @@ class MainControllerTest extends WebTestCase
$data = json_decode($client->getResponse()->getContent()); $data = json_decode($client->getResponse()->getContent());
$this->assertNotNull($data, 'JSON data successfully decoded and not empty'); $this->assertNotNull($data, 'JSON data successfully decoded and not empty');
$this->assertTrue(is_array($data), 'JSON data is array'); $this->assertInternalType('array', $data, 'JSON data is array');
$this->assertEquals(0, count($data), 'Array has no elements'); $this->assertCount(0, $data, 'Array has no elements');
}
private function createClientForAjaxUserSearchByLogin(string $login): Client
{
$client = static::createClient();
$client->request('GET', '/ajax/users/search/'.$login);
return $client;
} }
} }

40
tests/Skobkin/PointToolsBundle/Controller/PostControllerTest.php
View file

@ -2,15 +2,15 @@
namespace Tests\Skobkin\PointToolsBundle\Controller; namespace Tests\Skobkin\PointToolsBundle\Controller;
use Symfony\Bundle\FrameworkBundle\Test\WebTestCase; use Skobkin\Bundle\PointToolsBundle\DataFixtures\ORM\LoadPostData;
use Symfony\Bundle\FrameworkBundle\{Client, Test\WebTestCase};
use Symfony\Component\DomCrawler\Crawler; use Symfony\Component\DomCrawler\Crawler;
class PostControllerTest extends WebTestCase class PostControllerTest extends WebTestCase
{ {
public function testNonExistingPostPage() public function testNonExistingPostPage()
{ {
$client = static::createClient(); $client = $this->createClientForPostId('nonexistingpost');
$client->request('GET', '/nonexistingpost');
$this->assertTrue($client->getResponse()->isNotFound(), '404 response code for non-existing post'); $this->assertTrue($client->getResponse()->isNotFound(), '404 response code for non-existing post');
} }
@ -20,12 +20,11 @@ class PostControllerTest extends WebTestCase
*/ */
public function testShortPostPageIsOk() public function testShortPostPageIsOk()
{ {
$client = static::createClient(); $client = $this->createClientForPostId(LoadPostData::POST_ID_SHORT);
$crawler = $client->request('GET', '/shortpost');
$this->assertTrue($client->getResponse()->isOk(), '200 response code for existing post'); $this->assertTrue($client->getResponse()->isOk(), '200 response code for existing post');
return $crawler; return $client->getCrawler();
} }
/** /**
@ -58,4 +57,33 @@ class PostControllerTest extends WebTestCase
$this->assertEquals(1, $p->count(), '.post-text has zero or more than one paragraphs'); $this->assertEquals(1, $p->count(), '.post-text has zero or more than one paragraphs');
$this->assertEquals('Test short post', $p->text(), '.post-text has no correct post text'); $this->assertEquals('Test short post', $p->text(), '.post-text has no correct post text');
} }
public function testPrivateUserPostForbidden()
{
$client = $this->createClientForPostId(LoadPostData::POST_ID_PR_USER);
$this->assertTrue($client->getResponse()->isNotFound(), '404 response code for private user\'s post');
}
public function testWhitelistOnlyUserPostForbidden()
{
$client = $this->createClientForPostId(LoadPostData::POST_ID_WL_USER);
$this->assertTrue($client->getResponse()->isNotFound(), '404 response code for whitelist-only user\'s post');
}
public function testPrivateWhitelistOnlyUserPostForbidden()
{
$client = $this->createClientForPostId(LoadPostData::POST_ID_PR_WL_USER);
$this->assertTrue($client->getResponse()->isNotFound(), '404 response code for private whitelist-only user\'s post');
}
private function createClientForPostId(string $id): Client
{
$client = static::createClient();
$client->request('GET', '/'.$id);
return $client;
}
} }

6
tests/Skobkin/PointToolsBundle/Repository/UserRepositoryTest.php
View file

@ -32,7 +32,7 @@ class UserRepositoryTest extends KernelTestCase
{ {
$users = $this->userRepo->findAll(); $users = $this->userRepo->findAll();
$this->assertCount(5, $users, 'Not exactly 5 users in the databas'); $this->assertCount(6, $users, 'Not exactly 6 users in the databas');
} }
public function testFindOneByLogin() public function testFindOneByLogin()
@ -58,14 +58,14 @@ class UserRepositoryTest extends KernelTestCase
// Searching LIKE %stus% (testuserX) // Searching LIKE %stus% (testuserX)
$users = $this->userRepo->findUsersLikeLogin('stus'); $users = $this->userRepo->findUsersLikeLogin('stus');
$this->assertCount(5, $users, 'Repository found not exactly 5 users'); $this->assertCount(2, $users, 'Repository found not exactly 5 users');
} }
public function testGetUsersCount() public function testGetUsersCount()
{ {
$count = $this->userRepo->getUsersCount(); $count = $this->userRepo->getUsersCount();
$this->assertEquals(5, $count, 'Counted not exactly 5 users'); $this->assertEquals(6, $count, 'Counted not exactly 5 users');
} }
public function testFindUserSubscribersById() public function testFindUserSubscribersById()