BookStack Code Mirror - bookstack/blobdiff - tests/Uploads/AttachmentTest.php

index 2248bc2c5d15a3833ac129fb9bb6ae007e30b191..b6fcb8f69995d3767d5dc1a8f3f140b5f469d66a 100644 (file)

--- a/tests/Uploads/AttachmentTest.php

+++ b/tests/Uploads/AttachmentTest.php

@@ -17,13 +17,13 @@ class AttachmentTest extends TestCase

protected function getTestFile(string $fileName): UploadedFile

{

- return new UploadedFile(base_path('tests/test-data/test-file.txt'), $fileName, 'text/plain', 55, null, true);

+ return new UploadedFile(base_path('tests/test-data/test-file.txt'), $fileName, 'text/plain', null, true);

}

/**

* Uploads a file with the given name.

- protected function uploadFile(string $name, int $uploadedTo = 0): \Illuminate\Foundation\Testing\TestResponse

+ protected function uploadFile(string $name, int $uploadedTo = 0): \Illuminate\Testing\TestResponse

{

$file = $this->getTestFile($name);

@@ -44,6 +44,21 @@ class AttachmentTest extends TestCase

return Attachment::query()->latest()->first();

}

+ /**

+ * Create a new upload attachment from the given data.

+ */

+ protected function createUploadAttachment(Page $page, string $filename, string $content, string $mimeType): Attachment

+ {

+ $file = tmpfile();

+ $filePath = stream_get_meta_data($file)['uri'];

+ file_put_contents($filePath, $content);

+ $upload = new UploadedFile($filePath, $filename, $mimeType, null, true);

+ $this->call('POST', '/attachments/upload', ['uploaded_to' => $page->id], [], ['file' => $upload], []);

+ return $page->attachments()->latest()->firstOrFail();

+ }

/**

* Delete all uploaded files.

* To assist with cleanup.

@@ -58,14 +73,14 @@ class AttachmentTest extends TestCase

public function test_file_upload()

{

- $page = Page::query()->first();

+ $page = $this->entities->page();

$this->asAdmin();

$admin = $this->getAdmin();

$fileName = 'upload_test_file.txt';

$expectedResp = [

'name' => $fileName,

- 'uploaded_to'=> $page->id,

+ 'uploaded_to' => $page->id,

'extension' => 'txt',

'order' => 1,

'created_by' => $admin->id,

@@ -76,9 +91,9 @@ class AttachmentTest extends TestCase

$upload->assertStatus(200);

$attachment = Attachment::query()->orderBy('id', 'desc')->first();

- $expectedResp['path'] = $attachment->path;

$upload->assertJson($expectedResp);

+ $expectedResp['path'] = $attachment->path;

$this->assertDatabaseHas('attachments', $expectedResp);

$this->deleteUploads();

@@ -86,7 +101,7 @@ class AttachmentTest extends TestCase

public function test_file_upload_does_not_use_filename()

{

- $page = Page::query()->first();

+ $page = $this->entities->page();

$fileName = 'upload_test_file.txt';

$upload = $this->asAdmin()->uploadFile($fileName, $page->id);

@@ -94,12 +109,13 @@ class AttachmentTest extends TestCase

$attachment = Attachment::query()->orderBy('id', 'desc')->first();

$this->assertStringNotContainsString($fileName, $attachment->path);

- $this->assertStringEndsWith('.txt', $attachment->path);

+ $this->assertStringEndsWith('-txt', $attachment->path);

+ $this->deleteUploads();

}

public function test_file_display_and_access()

{

- $page = Page::query()->first();

+ $page = $this->entities->page();

$this->asAdmin();

$fileName = 'upload_test_file.txt';

@@ -112,14 +128,15 @@ class AttachmentTest extends TestCase

$pageGet->assertSee($attachment->getUrl());

$attachmentGet = $this->get($attachment->getUrl());

- $attachmentGet->assertSee('Hi, This is a test file for testing the upload process.');

+ $content = $attachmentGet->streamedContent();

+ $this->assertStringContainsString('Hi, This is a test file for testing the upload process.', $content);

$this->deleteUploads();

}

public function test_attaching_link_to_page()

{

- $page = Page::query()->first();

+ $page = $this->entities->page();

$admin = $this->getAdmin();

$this->asAdmin();

@@ -156,7 +173,7 @@ class AttachmentTest extends TestCase

public function test_attachment_updating()

{

- $page = Page::query()->first();

+ $page = $this->entities->page();

$this->asAdmin();

$attachment = $this->createAttachment($page);

@@ -180,7 +197,7 @@ class AttachmentTest extends TestCase

public function test_file_deletion()

{

- $page = Page::query()->first();

+ $page = $this->entities->page();

$this->asAdmin();

$fileName = 'deletion_test.txt';

$this->uploadFile($fileName, $page->id);

@@ -202,7 +219,7 @@ class AttachmentTest extends TestCase

public function test_attachment_deletion_on_page_deletion()

{

- $page = Page::query()->first();

+ $page = $this->entities->page();

$this->asAdmin();

$fileName = 'deletion_test.txt';

$this->uploadFile($fileName, $page->id);

@@ -230,17 +247,13 @@ class AttachmentTest extends TestCase

{

$admin = $this->getAdmin();

$viewer = $this->getViewer();

- $page = Page::query()->first(); /** @var Page $page */

+ $page = $this->entities->page(); /** @var Page $page */

$this->actingAs($admin);

$fileName = 'permission_test.txt';

$this->uploadFile($fileName, $page->id);

$attachment = Attachment::orderBy('id', 'desc')->take(1)->first();

- $page->restricted = true;

- $page->permissions()->delete();

- $page->save();

- $page->rebuildPermissions();

- $page->load('jointPermissions');

+ $this->entities->setPermissions($page, [], []);

$this->actingAs($viewer);

$attachmentGet = $this->get($attachment->getUrl());

@@ -252,7 +265,7 @@ class AttachmentTest extends TestCase

public function test_data_and_js_links_cannot_be_attached_to_a_page()

{

- $page = Page::query()->first();

+ $page = $this->entities->page();

$this->asAdmin();

$badLinks = [

@@ -293,7 +306,7 @@ class AttachmentTest extends TestCase

public function test_file_access_with_open_query_param_provides_inline_response_with_correct_content_type()

{

- $page = Page::query()->first();

+ $page = $this->entities->page();

$this->asAdmin();

$fileName = 'upload_test_file.txt';

@@ -305,7 +318,38 @@ class AttachmentTest extends TestCase

// http-foundation/Response does some 'fixing' of responses to add charsets to text responses.

$attachmentGet->assertHeader('Content-Type', 'text/plain; charset=UTF-8');

$attachmentGet->assertHeader('Content-Disposition', 'inline; filename="upload_test_file.txt"');

+ $attachmentGet->assertHeader('X-Content-Type-Options', 'nosniff');

+ $this->deleteUploads();

+ }

+ public function test_html_file_access_with_open_forces_plain_content_type()

+ {

+ $page = $this->entities->page();

+ $this->asAdmin();

+ $attachment = $this->createUploadAttachment($page, 'test_file.html', '<html></html><p>testing</p>', 'text/html');

+ $attachmentGet = $this->get($attachment->getUrl(true));

+ // http-foundation/Response does some 'fixing' of responses to add charsets to text responses.

+ $attachmentGet->assertHeader('Content-Type', 'text/plain; charset=UTF-8');

+ $attachmentGet->assertHeader('Content-Disposition', 'inline; filename="test_file.html"');

+ $this->deleteUploads();

+ }

+ public function test_file_upload_works_when_local_secure_restricted_is_in_use()

+ {

+ config()->set('filesystems.attachments', 'local_secure_restricted');

+ $page = $this->entities->page();

+ $fileName = 'upload_test_file.txt';

+ $upload = $this->asAdmin()->uploadFile($fileName, $page->id);

+ $upload->assertStatus(200);

+ $attachment = Attachment::query()->orderBy('id', 'desc')->where('uploaded_to', '=', $page->id)->first();

+ $this->assertFileExists(storage_path($attachment->path));

$this->deleteUploads();

}