]> BookStack Code Mirror - bookstack/blobdiff - tests/Entity/CommentTest.php
projects / bookstack / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Added OIDC group sync functionality
[bookstack] / tests / Entity / CommentTest.php
diff --git a/tests/Entity/CommentTest.php b/tests/Entity/CommentTest.php
index a2126407b43d121b10f6c55cad07eda7d0455b25..1e8ecbcac2cad0a1bda62c38303e2575df3ae775 100644 (file)
--- a/tests/Entity/CommentTest.php
+++ b/tests/Entity/CommentTest.php
@@ -1,19 +1,20 @@
-<?php namespace Tests\Entity;
+<?php
+
+namespace Tests\Entity;
 
 
-use BookStack\Entities\Page;
 use BookStack\Actions\Comment;
 use BookStack\Actions\Comment;
+use BookStack\Entities\Models\Page;
 use Tests\TestCase;
 
 class CommentTest extends TestCase
 {
 use Tests\TestCase;
 
 class CommentTest extends TestCase
 {
-
     public function test_add_comment()
     {
         $this->asAdmin();
         $page = Page::first();
 
     public function test_add_comment()
     {
         $this->asAdmin();
         $page = Page::first();
 
-        $comment = factory(Comment::class)->make(['parent_id' => 2]);
-        $resp = $this->postJson("/ajax/page/$page->id/comment", $comment->getAttributes());
+        $comment = Comment::factory()->make(['parent_id' => 2]);
+        $resp = $this->postJson("/comment/$page->id", $comment->getAttributes());
 
         $resp->assertStatus(200);
         $resp->assertSee($comment->text);
 
         $resp->assertStatus(200);
         $resp->assertSee($comment->text);
@@ -22,11 +23,11 @@ class CommentTest extends TestCase
         $pageResp->assertSee($comment->text);
 
         $this->assertDatabaseHas('comments', [
         $pageResp->assertSee($comment->text);
 
         $this->assertDatabaseHas('comments', [
-            'local_id' => 1,
-            'entity_id' => $page->id,
+            'local_id'    => 1,
+            'entity_id'   => $page->id,
             'entity_type' => Page::newModelInstance()->getMorphClass(),
             'entity_type' => Page::newModelInstance()->getMorphClass(),
-            'text' => $comment->text,
-            'parent_id' => 2
+            'text'        => $comment->text,
+            'parent_id'   => 2,
         ]);
     }
 
         ]);
     }
 
@@ -35,14 +36,13 @@ class CommentTest extends TestCase
         $this->asAdmin();
         $page = Page::first();
 
         $this->asAdmin();
         $page = Page::first();
 
-        $comment = factory(Comment::class)->make();
-        $this->postJson("/ajax/page/$page->id/comment", $comment->getAttributes());
+        $comment = Comment::factory()->make();
+        $this->postJson("/comment/$page->id", $comment->getAttributes());
 
         $comment = $page->comments()->first();
         $newText = 'updated text content';
 
         $comment = $page->comments()->first();
         $newText = 'updated text content';
-        $resp = $this->putJson("/ajax/comment/$comment->id", [
+        $resp = $this->putJson("/comment/$comment->id", [
             'text' => $newText,
             'text' => $newText,
-            'html' => '<p>'.$newText.'</p>',
         ]);
 
         $resp->assertStatus(200);
         ]);
 
         $resp->assertStatus(200);
@@ -50,8 +50,8 @@ class CommentTest extends TestCase
         $resp->assertDontSee($comment->text);
 
         $this->assertDatabaseHas('comments', [
         $resp->assertDontSee($comment->text);
 
         $this->assertDatabaseHas('comments', [
-            'text' => $newText,
-            'entity_id' => $page->id
+            'text'      => $newText,
+            'entity_id' => $page->id,
         ]);
     }
 
         ]);
     }
 
@@ -60,16 +60,58 @@ class CommentTest extends TestCase
         $this->asAdmin();
         $page = Page::first();
 
         $this->asAdmin();
         $page = Page::first();
 
-        $comment = factory(Comment::class)->make();
-        $this->postJson("/ajax/page/$page->id/comment", $comment->getAttributes());
+        $comment = Comment::factory()->make();
+        $this->postJson("/comment/$page->id", $comment->getAttributes());
 
         $comment = $page->comments()->first();
 
 
         $comment = $page->comments()->first();
 
-        $resp = $this->delete("/ajax/comment/$comment->id");
+        $resp = $this->delete("/comment/$comment->id");
         $resp->assertStatus(200);
 
         $this->assertDatabaseMissing('comments', [
         $resp->assertStatus(200);
 
         $this->assertDatabaseMissing('comments', [
-            'id' => $comment->id
+            'id' => $comment->id,
+        ]);
+    }
+
+    public function test_comments_converts_markdown_input_to_html()
+    {
+        $page = Page::first();
+        $this->asAdmin()->postJson("/comment/$page->id", [
+            'text' => '# My Title',
+        ]);
+
+        $this->assertDatabaseHas('comments', [
+            'entity_id'   => $page->id,
+            'entity_type' => $page->getMorphClass(),
+            'text'        => '# My Title',
+            'html'        => "<h1>My Title</h1>\n",
         ]);
         ]);
+
+        $pageView = $this->get($page->getUrl());
+        $pageView->assertSee('<h1>My Title</h1>', false);
+    }
+
+    public function test_html_cannot_be_injected_via_comment_content()
+    {
+        $this->asAdmin();
+        $page = Page::first();
+
+        $script = '<script>const a = "script";</script>\n\n# sometextinthecomment';
+        $this->postJson("/comment/$page->id", [
+            'text' => $script,
+        ]);
+
+        $pageView = $this->get($page->getUrl());
+        $pageView->assertDontSee($script, false);
+        $pageView->assertSee('sometextinthecomment');
+
+        $comment = $page->comments()->first();
+        $this->putJson("/comment/$comment->id", [
+            'text' => $script . 'updated',
+        ]);
+
+        $pageView = $this->get($page->getUrl());
+        $pageView->assertDontSee($script, false);
+        $pageView->assertSee('sometextinthecommentupdated');
     }
 }
     }
 }
The core source code for the BookStack project.