respective book and chapter structure added.

[bookstack] / tests / Api / AttachmentsApiTest.php

diff --git a/tests/Api/AttachmentsApiTest.php b/tests/Api/AttachmentsApiTest.php
index bfa47343e96884e189b756cf6dbb16fb5ab3739e..b03f280ac6784074ab692df20b3ded892d6c8f32 100644 (file)
--- a/tests/Api/AttachmentsApiTest.php
+++ b/tests/Api/AttachmentsApiTest.php
@@ -5,6 +5,7 @@ namespace Tests\Api;
 use BookStack\Entities\Models\Page;
 use BookStack\Uploads\Attachment;
 use Illuminate\Http\UploadedFile;
+use Illuminate\Testing\AssertableJsonString;
 use Tests\TestCase;
 
 class AttachmentsApiTest extends TestCase
@@ -16,7 +17,7 @@ class AttachmentsApiTest extends TestCase
     public function test_index_endpoint_returns_expected_book()
     {
         $this->actingAsApiEditor();
-        $page = Page::query()->first();
+        $page = $this->entities->page();
         $attachment = $this->createAttachmentForPage($page, [
             'name'     => 'My test attachment',
             'external' => true,
@@ -36,8 +37,7 @@ class AttachmentsApiTest extends TestCase
     public function test_attachments_listing_based_upon_page_visibility()
     {
         $this->actingAsApiEditor();
-        /** @var Page $page */
-        $page = Page::query()->first();
+        $page = $this->entities->page();
         $attachment = $this->createAttachmentForPage($page, [
             'name'     => 'My test attachment',
             'external' => true,
@@ -50,9 +50,7 @@ class AttachmentsApiTest extends TestCase
             ],
         ]]);
 
-        $page->restricted = true;
-        $page->save();
-        $this->regenEntityPermissions($page);
+        $this->permissions->setEntityPermissions($page, [], []);
 
         $resp = $this->getJson($this->baseEndpoint . '?count=1&sort=+id');
         $resp->assertJsonMissing(['data' => [
@@ -65,8 +63,7 @@ class AttachmentsApiTest extends TestCase
     public function test_create_endpoint_for_link_attachment()
     {
         $this->actingAsApiAdmin();
-        /** @var Page $page */
-        $page = Page::query()->first();
+        $page = $this->entities->page();
 
         $details = [
             'name'        => 'My attachment',
@@ -84,8 +81,7 @@ class AttachmentsApiTest extends TestCase
     public function test_create_endpoint_for_upload_attachment()
     {
         $this->actingAsApiAdmin();
-        /** @var Page $page */
-        $page = Page::query()->first();
+        $page = $this->entities->page();
         $file = $this->getTestFile('textfile.txt');
 
         $details = [
@@ -102,11 +98,33 @@ class AttachmentsApiTest extends TestCase
         unlink(storage_path($newItem->path));
     }
 
+    public function test_upload_limit_restricts_attachment_uploads()
+    {
+        $this->actingAsApiAdmin();
+        $page = $this->entities->page();
+
+        config()->set('app.upload_limit', 1);
+
+        $file = tmpfile();
+        $filePath = stream_get_meta_data($file)['uri'];
+        fwrite($file, str_repeat('a', 1200000));
+        $file = new UploadedFile($filePath, 'test.txt', 'text/plain', null, true);
+
+        $details = [
+            'name'        => 'My attachment',
+            'uploaded_to' => $page->id,
+        ];
+        $resp = $this->call('POST', $this->baseEndpoint, $details, [], ['file' => $file]);
+        $resp->assertStatus(422);
+        $resp->assertJson($this->validationResponse([
+            'file' => ['The file may not be greater than 1000 kilobytes.'],
+        ]));
+    }
+
     public function test_name_needed_to_create()
     {
         $this->actingAsApiAdmin();
-        /** @var Page $page */
-        $page = Page::query()->first();
+        $page = $this->entities->page();
 
         $details = [
             'uploaded_to' => $page->id,
@@ -115,22 +133,13 @@ class AttachmentsApiTest extends TestCase
 
         $resp = $this->postJson($this->baseEndpoint, $details);
         $resp->assertStatus(422);
-        $resp->assertJson([
-            'error' => [
-                'message'    => 'The given data was invalid.',
-                'validation' => [
-                    'name' => ['The name field is required.'],
-                ],
-                'code' => 422,
-            ],
-        ]);
+        $resp->assertJson($this->validationResponse(['name' => ['The name field is required.']]));
     }
 
     public function test_link_or_file_needed_to_create()
     {
         $this->actingAsApiAdmin();
-        /** @var Page $page */
-        $page = Page::query()->first();
+        $page = $this->entities->page();
 
         $details = [
             'name'        => 'my attachment',
@@ -139,23 +148,32 @@ class AttachmentsApiTest extends TestCase
 
         $resp = $this->postJson($this->baseEndpoint, $details);
         $resp->assertStatus(422);
-        $resp->assertJson([
-            'error' => [
-                'message'    => 'The given data was invalid.',
-                'validation' => [
-                    'file' => ['The file field is required when link is not present.'],
-                    'link' => ['The link field is required when file is not present.'],
-                ],
-                'code' => 422,
-            ],
-        ]);
+        $resp->assertJson($this->validationResponse([
+            'file' => ['The file field is required when link is not present.'],
+            'link' => ['The link field is required when file is not present.'],
+        ]));
+    }
+
+    public function test_message_shown_if_file_is_not_a_valid_file()
+    {
+        $this->actingAsApiAdmin();
+        $page = $this->entities->page();
+
+        $details = [
+            'name'        => 'my attachment',
+            'uploaded_to' => $page->id,
+            'file'        => 'cat',
+        ];
+
+        $resp = $this->postJson($this->baseEndpoint, $details);
+        $resp->assertStatus(422);
+        $resp->assertJson($this->validationResponse(['file' => ['The file must be provided as a valid file.']]));
     }
 
     public function test_read_endpoint_for_link_attachment()
     {
         $this->actingAsApiAdmin();
-        /** @var Page $page */
-        $page = Page::query()->first();
+        $page = $this->entities->page();
 
         $attachment = $this->createAttachmentForPage($page, [
             'name'  => 'my attachment',
@@ -188,8 +206,7 @@ class AttachmentsApiTest extends TestCase
     public function test_read_endpoint_for_file_attachment()
     {
         $this->actingAsApiAdmin();
-        /** @var Page $page */
-        $page = Page::query()->first();
+        $page = $this->entities->page();
         $file = $this->getTestFile('textfile.txt');
 
         $details = [
@@ -201,9 +218,11 @@ class AttachmentsApiTest extends TestCase
         $attachment = Attachment::query()->orderByDesc('id')->where('name', '=', $details['name'])->firstOrFail();
 
         $resp = $this->getJson("{$this->baseEndpoint}/{$attachment->id}");
-
         $resp->assertStatus(200);
-        $resp->assertJson([
+        $resp->assertHeader('Content-Type', 'application/json');
+
+        $json = new AssertableJsonString($resp->streamedContent());
+        $json->assertSubset([
             'id'          => $attachment->id,
             'content'     => base64_encode(file_get_contents(storage_path($attachment->path))),
             'external'    => false,
@@ -227,14 +246,13 @@ class AttachmentsApiTest extends TestCase
     public function test_attachment_not_visible_on_other_users_draft()
     {
         $this->actingAsApiAdmin();
-        $editor = $this->getEditor();
+        $editor = $this->users->editor();
 
-        /** @var Page $page */
-        $page = Page::query()->first();
+        $page = $this->entities->page();
         $page->draft = true;
-        $page->owned_by = $editor;
+        $page->owned_by = $editor->id;
         $page->save();
-        $this->regenEntityPermissions($page);
+        $this->permissions->regenerateForEntity($page);
 
         $attachment = $this->createAttachmentForPage($page, [
             'name'  => 'my attachment',
@@ -250,8 +268,7 @@ class AttachmentsApiTest extends TestCase
     public function test_update_endpoint()
     {
         $this->actingAsApiAdmin();
-        /** @var Page $page */
-        $page = Page::query()->first();
+        $page = $this->entities->page();
         $attachment = $this->createAttachmentForPage($page);
 
         $details = [
@@ -268,8 +285,7 @@ class AttachmentsApiTest extends TestCase
     public function test_update_link_attachment_to_file()
     {
         $this->actingAsApiAdmin();
-        /** @var Page $page */
-        $page = Page::query()->first();
+        $page = $this->entities->page();
         $attachment = $this->createAttachmentForPage($page);
         $file = $this->getTestFile('textfile.txt');
 
@@ -288,8 +304,7 @@ class AttachmentsApiTest extends TestCase
     public function test_update_file_attachment_to_link()
     {
         $this->actingAsApiAdmin();
-        /** @var Page $page */
-        $page = Page::query()->first();
+        $page = $this->entities->page();
         $file = $this->getTestFile('textfile.txt');
         $this->call('POST', $this->baseEndpoint, ['name' => 'My file attachment', 'uploaded_to' => $page->id], [], ['file' => $file]);
         /** @var Attachment $attachment */
@@ -316,8 +331,7 @@ class AttachmentsApiTest extends TestCase
     public function test_delete_endpoint()
     {
         $this->actingAsApiAdmin();
-        /** @var Page $page */
-        $page = Page::query()->first();
+        $page = $this->entities->page();
         $attachment = $this->createAttachmentForPage($page);
 
         $resp = $this->deleteJson("{$this->baseEndpoint}/{$attachment->id}");
@@ -328,7 +342,7 @@ class AttachmentsApiTest extends TestCase
 
     protected function createAttachmentForPage(Page $page, $attributes = []): Attachment
     {
-        $admin = $this->getAdmin();
+        $admin = $this->users->admin();
         /** @var Attachment $attachment */
         $attachment = $page->attachments()->forceCreate(array_merge([
             'uploaded_to' => $page->id,