<?php
+namespace Tests;
+
+use BookStack\Auth\Permissions\JointPermissionBuilder;
+use BookStack\Auth\Permissions\PermissionsRepo;
+use BookStack\Auth\Permissions\RolePermission;
+use BookStack\Auth\Role;
+use BookStack\Auth\User;
+use BookStack\Entities\Models\Book;
+use BookStack\Entities\Models\Bookshelf;
+use BookStack\Entities\Models\Chapter;
+use BookStack\Entities\Models\Entity;
+use BookStack\Entities\Models\Page;
+use BookStack\Entities\Repos\BookRepo;
+use BookStack\Entities\Repos\BookshelfRepo;
+use BookStack\Entities\Repos\ChapterRepo;
+use BookStack\Entities\Repos\PageRepo;
+use BookStack\Settings\SettingService;
+use BookStack\Uploads\HttpFetcher;
+use GuzzleHttp\Client;
+use GuzzleHttp\Handler\MockHandler;
+use GuzzleHttp\HandlerStack;
+use GuzzleHttp\Middleware;
use Illuminate\Foundation\Testing\DatabaseTransactions;
-use Symfony\Component\DomCrawler\Crawler;
+use Illuminate\Foundation\Testing\TestCase as BaseTestCase;
+use Illuminate\Http\JsonResponse;
+use Illuminate\Support\Env;
+use Illuminate\Support\Facades\Log;
+use Illuminate\Testing\Assert as PHPUnit;
+use Monolog\Handler\TestHandler;
+use Monolog\Logger;
+use Psr\Http\Client\ClientInterface;
+use Ssddanbrown\AssertHtml\TestsHtml;
-class TestCase extends Illuminate\Foundation\Testing\TestCase
+abstract class TestCase extends BaseTestCase
{
-
+ use CreatesApplication;
use DatabaseTransactions;
+ use TestsHtml;
+
+ protected ?User $admin = null;
+ protected ?User $editor = null;
/**
* The base URL to use while testing the application.
- *
- * @var string
*/
- protected $baseUrl = 'http://localhost';
- private $admin;
+ protected string $baseUrl = 'http://localhost';
/**
- * Creates the application.
- *
- * @return \Illuminate\Foundation\Application
+ * Set the current user context to be an admin.
*/
- public function createApplication()
+ public function asAdmin()
{
- $app = require __DIR__.'/../bootstrap/app.php';
+ return $this->actingAs($this->getAdmin());
+ }
- $app->make(Illuminate\Contracts\Console\Kernel::class)->bootstrap();
+ /**
+ * Get the current admin user.
+ */
+ public function getAdmin(): User
+ {
+ if (is_null($this->admin)) {
+ $adminRole = Role::getSystemRole('admin');
+ $this->admin = $adminRole->users->first();
+ }
- return $app;
+ return $this->admin;
}
- public function asAdmin()
+ /**
+ * Set the current user context to be an editor.
+ */
+ public function asEditor()
{
- if($this->admin === null) {
- $adminRole = \BookStack\Role::getRole('admin');
- $this->admin = $adminRole->users->first();
+ return $this->actingAs($this->getEditor());
+ }
+
+ /**
+ * Get a editor user.
+ */
+ protected function getEditor(): User
+ {
+ if ($this->editor === null) {
+ $editorRole = Role::getRole('editor');
+ $this->editor = $editorRole->users->first();
+ }
+
+ return $this->editor;
+ }
+
+ /**
+ * Get an instance of a user with 'viewer' permissions.
+ */
+ protected function getViewer(array $attributes = []): User
+ {
+ $user = Role::getRole('viewer')->users()->first();
+ if (!empty($attributes)) {
+ $user->forceFill($attributes)->save();
}
- return $this->actingAs($this->admin);
+
+ return $user;
+ }
+
+ /**
+ * Get a user that's not a system user such as the guest user.
+ */
+ public function getNormalUser(): User
+ {
+ return User::query()->where('system_name', '=', null)->get()->last();
+ }
+
+ /**
+ * Regenerate the permission for an entity.
+ */
+ protected function regenEntityPermissions(Entity $entity): void
+ {
+ $entity->rebuildPermissions();
+ $entity->load('jointPermissions');
+ }
+
+ /**
+ * Create and return a new bookshelf.
+ */
+ public function newShelf(array $input = ['name' => 'test shelf', 'description' => 'My new test shelf']): Bookshelf
+ {
+ return app(BookshelfRepo::class)->create($input, []);
+ }
+
+ /**
+ * Create and return a new book.
+ */
+ public function newBook(array $input = ['name' => 'test book', 'description' => 'My new test book']): Book
+ {
+ return app(BookRepo::class)->create($input);
+ }
+
+ /**
+ * Create and return a new test chapter.
+ */
+ public function newChapter(array $input, Book $book): Chapter
+ {
+ return app(ChapterRepo::class)->create($input, $book);
+ }
+
+ /**
+ * Create and return a new test page.
+ */
+ public function newPage(array $input = ['name' => 'test page', 'html' => 'My new test page']): Page
+ {
+ $book = Book::query()->first();
+ $pageRepo = app(PageRepo::class);
+ $draftPage = $pageRepo->getNewDraftPage($book);
+
+ return $pageRepo->publishDraft($draftPage, $input);
}
/**
* Quickly sets an array of settings.
- * @param $settingsArray
*/
- protected function setSettings($settingsArray)
+ protected function setSettings(array $settingsArray): void
{
- $settings = app('BookStack\Services\SettingService');
+ $settings = app(SettingService::class);
foreach ($settingsArray as $key => $value) {
$settings->put($key, $value);
}
}
/**
- * Create a group of entities that belong to a specific user.
- * @param $creatorUser
- * @param $updaterUser
- * @return array
- */
- protected function createEntityChainBelongingToUser($creatorUser, $updaterUser = false)
- {
- if ($updaterUser === false) $updaterUser = $creatorUser;
- $book = factory(BookStack\Book::class)->create(['created_by' => $creatorUser->id, 'updated_by' => $updaterUser->id]);
- $chapter = factory(BookStack\Chapter::class)->create(['created_by' => $creatorUser->id, 'updated_by' => $updaterUser->id]);
- $page = factory(BookStack\Page::class)->create(['created_by' => $creatorUser->id, 'updated_by' => $updaterUser->id, 'book_id' => $book->id]);
- $book->chapters()->saveMany([$chapter]);
- $chapter->pages()->saveMany([$page]);
- return [
- 'book' => $book,
- 'chapter' => $chapter,
- 'page' => $page
- ];
+ * Manually set some permissions on an entity.
+ */
+ protected function setEntityRestrictions(Entity $entity, array $actions = [], array $roles = []): void
+ {
+ $entity->restricted = true;
+ $entity->permissions()->delete();
+
+ $permissions = [];
+ foreach ($actions as $action) {
+ foreach ($roles as $role) {
+ $permissions[] = [
+ 'role_id' => $role->id,
+ 'action' => strtolower($action),
+ ];
+ }
+ }
+ $entity->permissions()->createMany($permissions);
+
+ $entity->save();
+ $entity->load('permissions');
+ $this->app->make(JointPermissionBuilder::class)->rebuildForEntity($entity);
+ $entity->load('jointPermissions');
}
/**
- * Quick way to create a new user
- * @param array $attributes
- * @return mixed
+ * Give the given user some permissions.
*/
- protected function getNewUser($attributes = [])
+ protected function giveUserPermissions(User $user, array $permissions = []): void
{
- $user = factory(\BookStack\User::class)->create($attributes);
- $role = \BookStack\Role::getRole('editor');
- $user->attachRole($role);;
- return $user;
+ $newRole = $this->createNewRole($permissions);
+ $user->attachRole($newRole);
+ $user->load('roles');
+ $user->clearPermissionCache();
}
/**
- * Quick way to create a new user without any permissions
- * @param array $attributes
- * @return mixed
+ * Completely remove the given permission name from the given user.
*/
- protected function getNewBlankUser($attributes = [])
+ protected function removePermissionFromUser(User $user, string $permissionName)
{
- $user = factory(\BookStack\User::class)->create($attributes);
- return $user;
+ $permissionBuilder = app()->make(JointPermissionBuilder::class);
+
+ /** @var RolePermission $permission */
+ $permission = RolePermission::query()->where('name', '=', $permissionName)->firstOrFail();
+
+ $roles = $user->roles()->whereHas('permissions', function ($query) use ($permission) {
+ $query->where('id', '=', $permission->id);
+ })->get();
+
+ /** @var Role $role */
+ foreach ($roles as $role) {
+ $role->detachPermission($permission);
+ $permissionBuilder->rebuildForRole($role);
+ }
+
+ $user->clearPermissionCache();
}
/**
- * Assert that a given string is seen inside an element.
- *
- * @param bool|string|null $element
- * @param integer $position
- * @param string $text
- * @param bool $negate
- * @return $this
+ * Create a new basic role for testing purposes.
*/
- protected function seeInNthElement($element, $position, $text, $negate = false)
+ protected function createNewRole(array $permissions = []): Role
{
- $method = $negate ? 'assertNotRegExp' : 'assertRegExp';
+ $permissionRepo = app(PermissionsRepo::class);
+ $roleData = Role::factory()->make()->toArray();
+ $roleData['permissions'] = array_flip($permissions);
- $rawPattern = preg_quote($text, '/');
+ return $permissionRepo->saveNewRole($roleData);
+ }
- $escapedPattern = preg_quote(e($text), '/');
+ /**
+ * Create a group of entities that belong to a specific user.
+ *
+ * @return array{book: Book, chapter: Chapter, page: Page}
+ */
+ protected function createEntityChainBelongingToUser(User $creatorUser, ?User $updaterUser = null): array
+ {
+ if (empty($updaterUser)) {
+ $updaterUser = $creatorUser;
+ }
- $content = $this->crawler->filter($element)->eq($position)->html();
+ $userAttrs = ['created_by' => $creatorUser->id, 'owned_by' => $creatorUser->id, 'updated_by' => $updaterUser->id];
+ $book = Book::factory()->create($userAttrs);
+ $chapter = Chapter::factory()->create(array_merge(['book_id' => $book->id], $userAttrs));
+ $page = Page::factory()->create(array_merge(['book_id' => $book->id, 'chapter_id' => $chapter->id], $userAttrs));
- $pattern = $rawPattern == $escapedPattern
- ? $rawPattern : "({$rawPattern}|{$escapedPattern})";
+ $this->app->make(JointPermissionBuilder::class)->rebuildForEntity($book);
- $this->$method("/$pattern/i", $content);
+ return compact('book', 'chapter', 'page');
+ }
- return $this;
+ /**
+ * Mock the HttpFetcher service and return the given data on fetch.
+ */
+ protected function mockHttpFetch($returnData, int $times = 1)
+ {
+ $mockHttp = Mockery::mock(HttpFetcher::class);
+ $this->app[HttpFetcher::class] = $mockHttp;
+ $mockHttp->shouldReceive('fetch')
+ ->times($times)
+ ->andReturn($returnData);
}
/**
- * Assert that the current page matches a given URI.
+ * Mock the http client used in BookStack.
+ * Returns a reference to the container which holds all history of http transactions.
*
- * @param string $uri
- * @return $this
+ * @link https://docs.guzzlephp.org/en/stable/testing.html#history-middleware
*/
- protected function seePageUrlIs($uri)
+ protected function &mockHttpClient(array $responses = []): array
{
- $this->assertEquals(
- $uri, $this->currentUri, "Did not land on expected page [{$uri}].\n"
- );
+ $container = [];
+ $history = Middleware::history($container);
+ $mock = new MockHandler($responses);
+ $handlerStack = new HandlerStack($mock);
+ $handlerStack->push($history);
+ $this->app[ClientInterface::class] = new Client(['handler' => $handlerStack]);
- return $this;
+ return $container;
}
/**
- * Do a forced visit that does not error out on exception.
- * @param string $uri
- * @param array $parameters
- * @param array $cookies
- * @param array $files
- * @return $this
+ * Run a set test with the given env variable.
+ * Remembers the original and resets the value after test.
*/
- protected function forceVisit($uri, $parameters = [], $cookies = [], $files = [])
+ protected function runWithEnv(string $name, $value, callable $callback)
{
- $method = 'GET';
- $uri = $this->prepareUrlForRequest($uri);
- $this->call($method, $uri, $parameters, $cookies, $files);
- $this->clearInputs()->followRedirects();
- $this->currentUri = $this->app->make('request')->fullUrl();
- $this->crawler = new Crawler($this->response->getContent(), $uri);
- return $this;
+ Env::disablePutenv();
+ $originalVal = $_SERVER[$name] ?? null;
+
+ if (is_null($value)) {
+ unset($_SERVER[$name]);
+ } else {
+ $_SERVER[$name] = $value;
+ }
+
+ $this->refreshApplication();
+ $callback();
+
+ if (is_null($originalVal)) {
+ unset($_SERVER[$name]);
+ } else {
+ $_SERVER[$name] = $originalVal;
+ }
+ }
+
+ /**
+ * Check the keys and properties in the given map to include
+ * exist, albeit not exclusively, within the map to check.
+ */
+ protected function assertArrayMapIncludes(array $mapToInclude, array $mapToCheck, string $message = ''): void
+ {
+ $passed = true;
+
+ foreach ($mapToInclude as $key => $value) {
+ if (!isset($mapToCheck[$key]) || $mapToCheck[$key] !== $mapToInclude[$key]) {
+ $passed = false;
+ }
+ }
+
+ $toIncludeStr = print_r($mapToInclude, true);
+ $toCheckStr = print_r($mapToCheck, true);
+ self::assertThat($passed, self::isTrue(), "Failed asserting that given map:\n\n{$toCheckStr}\n\nincludes:\n\n{$toIncludeStr}");
+ }
+
+ /**
+ * Assert a permission error has occurred.
+ */
+ protected function assertPermissionError($response)
+ {
+ PHPUnit::assertTrue($this->isPermissionError($response->baseResponse ?? $response->response), 'Failed asserting the response contains a permission error.');
+ }
+
+ /**
+ * Assert a permission error has occurred.
+ */
+ protected function assertNotPermissionError($response)
+ {
+ PHPUnit::assertFalse($this->isPermissionError($response->baseResponse ?? $response->response), 'Failed asserting the response does not contain a permission error.');
}
/**
- * Click the text within the selected element.
- * @param $parentElement
- * @param $linkText
- * @return $this
+ * Check if the given response is a permission error.
*/
- protected function clickInElement($parentElement, $linkText)
+ private function isPermissionError($response): bool
{
- $elem = $this->crawler->filter($parentElement);
- $link = $elem->selectLink($linkText);
- $this->visit($link->link()->getUri());
+ return $response->status() === 302
+ && (
+ (
+ $response->headers->get('Location') === url('/')
+ && strpos(session()->pull('error', ''), 'You do not have permission to access') === 0
+ )
+ ||
+ (
+ $response instanceof JsonResponse &&
+ $response->json(['error' => 'You do not have permission to perform the requested action.'])
+ )
+ );
+ }
+
+ /**
+ * Assert that the session has a particular error notification message set.
+ */
+ protected function assertSessionError(string $message)
+ {
+ $error = session()->get('error');
+ PHPUnit::assertTrue($error === $message, "Failed asserting the session contains an error. \nFound: {$error}\nExpecting: {$message}");
+ }
+
+ /**
+ * Assert the session contains a specific entry.
+ */
+ protected function assertSessionHas(string $key): self
+ {
+ $this->assertTrue(session()->has($key), "Session does not contain a [{$key}] entry");
+
return $this;
}
+
+ protected function assertNotificationContains(\Illuminate\Testing\TestResponse $resp, string $text)
+ {
+ return $this->withHtml($resp)->assertElementContains('[notification]', $text);
+ }
+
+ /**
+ * Set a test handler as the logging interface for the application.
+ * Allows capture of logs for checking against during tests.
+ */
+ protected function withTestLogger(): TestHandler
+ {
+ $monolog = new Logger('testing');
+ $testHandler = new TestHandler();
+ $monolog->pushHandler($testHandler);
+
+ Log::extend('testing', function () use ($monolog) {
+ return $monolog;
+ });
+ Log::setDefaultDriver('testing');
+
+ return $testHandler;
+ }
+
+ /**
+ * Assert that an activity entry exists of the given key.
+ * Checks the activity belongs to the given entity if provided.
+ */
+ protected function assertActivityExists(string $type, ?Entity $entity = null, string $detail = '')
+ {
+ $detailsToCheck = ['type' => $type];
+
+ if ($entity) {
+ $detailsToCheck['entity_type'] = $entity->getMorphClass();
+ $detailsToCheck['entity_id'] = $entity->id;
+ }
+
+ if ($detail) {
+ $detailsToCheck['detail'] = $detail;
+ }
+
+ $this->assertDatabaseHas('activities', $detailsToCheck);
+ }
+
+ /**
+ * @return Entity[]
+ */
+ protected function getEachEntityType(): array
+ {
+ return [
+ 'page' => Page::query()->first(),
+ 'chapter' => Chapter::query()->first(),
+ 'book' => Book::query()->first(),
+ 'bookshelf' => Bookshelf::query()->first(),
+ ];
+ }
}