X-Git-Url: http://source.bookstackapp.com/bookstack/blobdiff_plain/193e2ffebe920234438faff812f731de7b36ca9f..refs/pull/2393/head:/tests/Uploads/ImageTest.php diff --git a/tests/Uploads/ImageTest.php b/tests/Uploads/ImageTest.php index 8373a809c..1c736d672 100644 --- a/tests/Uploads/ImageTest.php +++ b/tests/Uploads/ImageTest.php @@ -2,8 +2,9 @@ use BookStack\Entities\Repos\PageRepo; use BookStack\Uploads\Image; -use BookStack\Entities\Page; +use BookStack\Entities\Models\Page; use BookStack\Uploads\ImageService; +use Illuminate\Support\Str; use Tests\TestCase; class ImageTest extends TestCase @@ -17,14 +18,10 @@ class ImageTest extends TestCase $admin = $this->getAdmin(); $this->actingAs($admin); - $imageName = 'first-image.png'; - $relPath = $this->getTestImagePath('gallery', $imageName); - $this->deleteImage($relPath); + $imgDetails = $this->uploadGalleryImage($page); + $relPath = $imgDetails['path']; - $upload = $this->uploadImage($imageName, $page->id); - $upload->assertStatus(200); - - $this->assertTrue(file_exists(public_path($relPath)), 'Uploaded image not found at path: '. public_path($relPath)); + $this->assertTrue(file_exists(public_path($relPath)), 'Uploaded image found at path: '. public_path($relPath)); $this->deleteImage($relPath); @@ -35,10 +32,100 @@ class ImageTest extends TestCase 'path' => $relPath, 'created_by' => $admin->id, 'updated_by' => $admin->id, - 'name' => $imageName + 'name' => $imgDetails['name'], ]); } + public function test_image_display_thumbnail_generation_does_not_increase_image_size() + { + $page = Page::first(); + $admin = $this->getAdmin(); + $this->actingAs($admin); + + $originalFile = $this->getTestImageFilePath('compressed.png'); + $originalFileSize = filesize($originalFile); + $imgDetails = $this->uploadGalleryImage($page, 'compressed.png'); + $relPath = $imgDetails['path']; + + $this->assertTrue(file_exists(public_path($relPath)), 'Uploaded image found at path: '. public_path($relPath)); + $displayImage = $imgDetails['response']->thumbs->display; + + $displayImageRelPath = implode('/', array_slice(explode('/', $displayImage), 3)); + $displayImagePath = public_path($displayImageRelPath); + $displayFileSize = filesize($displayImagePath); + + $this->deleteImage($relPath); + $this->deleteImage($displayImageRelPath); + + $this->assertEquals($originalFileSize, $displayFileSize, 'Display thumbnail generation should not increase image size'); + } + + public function test_image_edit() + { + $editor = $this->getEditor(); + $this->actingAs($editor); + + $imgDetails = $this->uploadGalleryImage(); + $image = Image::query()->first(); + + $newName = Str::random(); + $update = $this->put('/images/' . $image->id, ['name' => $newName]); + $update->assertSuccessful(); + $update->assertSee($newName); + + $this->deleteImage($imgDetails['path']); + + $this->assertDatabaseHas('images', [ + 'type' => 'gallery', + 'name' => $newName + ]); + } + + public function test_gallery_get_list_format() + { + $this->asEditor(); + + $imgDetails = $this->uploadGalleryImage(); + $image = Image::query()->first(); + + $pageId = $imgDetails['page']->id; + $firstPageRequest = $this->get("/images/gallery?page=1&uploaded_to={$pageId}"); + $firstPageRequest->assertSuccessful()->assertElementExists('div'); + $firstPageRequest->assertSuccessful()->assertSeeText($image->name); + + $secondPageRequest = $this->get("/images/gallery?page=2&uploaded_to={$pageId}"); + $secondPageRequest->assertSuccessful()->assertElementNotExists('div'); + + $namePartial = substr($imgDetails['name'], 0, 3); + $searchHitRequest = $this->get("/images/gallery?page=1&uploaded_to={$pageId}&search={$namePartial}"); + $searchHitRequest->assertSuccessful()->assertSee($imgDetails['name']); + + $namePartial = Str::random(16); + $searchFailRequest = $this->get("/images/gallery?page=1&uploaded_to={$pageId}&search={$namePartial}"); + $searchFailRequest->assertSuccessful()->assertDontSee($imgDetails['name']); + $searchFailRequest->assertSuccessful()->assertElementNotExists('div'); + } + + public function test_image_usage() + { + $page = Page::first(); + $editor = $this->getEditor(); + $this->actingAs($editor); + + $imgDetails = $this->uploadGalleryImage($page); + + $image = Image::query()->first(); + $page->html = ''; + $page->save(); + + $usage = $this->get('/images/edit/' . $image->id . '?delete=true'); + $usage->assertSuccessful(); + $usage->assertSeeText($page->name); + $usage->assertSee($page->getUrl()); + + $this->deleteImage($imgDetails['path']); + } + public function test_php_files_cannot_be_uploaded() { $page = Page::first(); @@ -50,7 +137,7 @@ class ImageTest extends TestCase $this->deleteImage($relPath); $file = $this->getTestImage($fileName); - $upload = $this->withHeader('Content-Type', 'image/jpeg')->call('POST', '/images/gallery/upload', ['uploaded_to' => $page->id], [], ['file' => $file], []); + $upload = $this->withHeader('Content-Type', 'image/jpeg')->call('POST', '/images/gallery', ['uploaded_to' => $page->id], [], ['file' => $file], []); $upload->assertStatus(302); $this->assertFalse(file_exists(public_path($relPath)), 'Uploaded php file was uploaded but should have been stopped'); @@ -72,7 +159,7 @@ class ImageTest extends TestCase $this->deleteImage($relPath); $file = $this->getTestImage($fileName); - $upload = $this->withHeader('Content-Type', 'image/jpeg')->call('POST', '/images/gallery/upload', ['uploaded_to' => $page->id], [], ['file' => $file], []); + $upload = $this->withHeader('Content-Type', 'image/jpeg')->call('POST', '/images/gallery', ['uploaded_to' => $page->id], [], ['file' => $file], []); $upload->assertStatus(302); $this->assertFalse(file_exists(public_path($relPath)), 'Uploaded php file was uploaded but should have been stopped'); @@ -89,21 +176,53 @@ class ImageTest extends TestCase $this->deleteImage($relPath); $file = $this->getTestImage($fileName); - $upload = $this->withHeader('Content-Type', 'image/png')->call('POST', '/images/gallery/upload', ['uploaded_to' => $page->id], [], ['file' => $file], []); + $upload = $this->withHeader('Content-Type', 'image/png')->call('POST', '/images/gallery', ['uploaded_to' => $page->id], [], ['file' => $file], []); $upload->assertStatus(302); $this->assertFalse(file_exists(public_path($relPath)), 'Uploaded double extension file was uploaded but should have been stopped'); } + public function test_url_entities_removed_from_filenames() + { + $this->asEditor(); + $badNames = [ + "bad-char-#-image.png", + "bad-char-?-image.png", + "?#.png", + "?.png", + "#.png", + ]; + foreach ($badNames as $name) { + $galleryFile = $this->getTestImage($name); + $page = Page::first(); + $badPath = $this->getTestImagePath('gallery', $name); + $this->deleteImage($badPath); + + $upload = $this->call('POST', '/images/gallery', ['uploaded_to' => $page->id], [], ['file' => $galleryFile], []); + $upload->assertStatus(200); + + $lastImage = Image::query()->latest('id')->first(); + $newFileName = explode('.', basename($lastImage->path))[0]; + + $this->assertEquals($lastImage->name, $name); + $this->assertFalse(strpos($lastImage->path, $name), 'Path contains original image name'); + $this->assertFalse(file_exists(public_path($badPath)), 'Uploaded image file name was not stripped of url entities'); + + $this->assertTrue(strlen($newFileName) > 0, 'File name was reduced to nothing'); + + $this->deleteImage($lastImage->path); + } + } + public function test_secure_images_uploads_to_correct_place() { - config()->set('filesystems.default', 'local_secure'); + config()->set('filesystems.images', 'local_secure'); $this->asEditor(); $galleryFile = $this->getTestImage('my-secure-test-upload.png'); $page = Page::first(); - $expectedPath = storage_path('uploads/images/gallery/' . Date('Y-m-M') . '/my-secure-test-upload.png'); + $expectedPath = storage_path('uploads/images/gallery/' . Date('Y-m') . '/my-secure-test-upload.png'); - $upload = $this->call('POST', '/images/gallery/upload', ['uploaded_to' => $page->id], [], ['file' => $galleryFile], []); + $upload = $this->call('POST', '/images/gallery', ['uploaded_to' => $page->id], [], ['file' => $galleryFile], []); $upload->assertStatus(200); $this->assertTrue(file_exists($expectedPath), 'Uploaded image not found at path: '. $expectedPath); @@ -115,13 +234,13 @@ class ImageTest extends TestCase public function test_secure_images_included_in_exports() { - config()->set('filesystems.default', 'local_secure'); + config()->set('filesystems.images', 'local_secure'); $this->asEditor(); $galleryFile = $this->getTestImage('my-secure-test-upload.png'); $page = Page::first(); - $expectedPath = storage_path('uploads/images/gallery/' . Date('Y-m-M') . '/my-secure-test-upload.png'); + $expectedPath = storage_path('uploads/images/gallery/' . Date('Y-m') . '/my-secure-test-upload.png'); - $upload = $this->call('POST', '/images/gallery/upload', ['uploaded_to' => $page->id], [], ['file' => $galleryFile], []); + $upload = $this->call('POST', '/images/gallery', ['uploaded_to' => $page->id], [], ['file' => $galleryFile], []); $imageUrl = json_decode($upload->getContent(), true)['url']; $page->html .= ""; $page->save(); @@ -129,7 +248,7 @@ class ImageTest extends TestCase $encodedImageContent = base64_encode(file_get_contents($expectedPath)); $export = $this->get($page->getUrl('/export/html')); - $this->assertTrue(str_contains($export->getContent(), $encodedImageContent), 'Uploaded image in export content'); + $this->assertTrue(strpos($export->getContent(), $encodedImageContent) !== false, 'Uploaded image in export content'); if (file_exists($expectedPath)) { unlink($expectedPath); @@ -138,14 +257,13 @@ class ImageTest extends TestCase public function test_system_images_remain_public() { - config()->set('filesystems.default', 'local_secure'); - $this->asEditor(); + config()->set('filesystems.images', 'local_secure'); + $this->asAdmin(); $galleryFile = $this->getTestImage('my-system-test-upload.png'); - $page = Page::first(); - $expectedPath = public_path('uploads/images/system/' . Date('Y-m-M') . '/my-system-test-upload.png'); + $expectedPath = public_path('uploads/images/system/' . Date('Y-m') . '/my-system-test-upload.png'); - $upload = $this->call('POST', '/images/system/upload', ['uploaded_to' => $page->id], [], ['file' => $galleryFile], []); - $upload->assertStatus(200); + $upload = $this->call('POST', '/settings', [], [], ['app_logo' => $galleryFile], []); + $upload->assertRedirect('/settings'); $this->assertTrue(file_exists($expectedPath), 'Uploaded image not found at path: '. $expectedPath); @@ -159,10 +277,11 @@ class ImageTest extends TestCase $page = Page::first(); $this->asAdmin(); $imageName = 'first-image.png'; + $relPath = $this->getTestImagePath('gallery', $imageName); + $this->deleteImage($relPath); $this->uploadImage($imageName, $page->id); $image = Image::first(); - $relPath = $this->getTestImagePath('gallery', $imageName); $delete = $this->delete( '/images/' . $image->id); $delete->assertStatus(200); @@ -175,46 +294,54 @@ class ImageTest extends TestCase $this->assertFalse(file_exists(public_path($relPath)), 'Uploaded image has not been deleted as expected'); } - public function testBase64Get() + public function test_image_delete_does_not_delete_similar_images() { $page = Page::first(); $this->asAdmin(); $imageName = 'first-image.png'; + $relPath = $this->getTestImagePath('gallery', $imageName); + $this->deleteImage($relPath); + + $this->uploadImage($imageName, $page->id); $this->uploadImage($imageName, $page->id); + $this->uploadImage($imageName, $page->id); + $image = Image::first(); + $folder = public_path(dirname($relPath)); + $imageCount = count(glob($folder . '/*')); - $imageGet = $this->getJson("/images/base64/{$image->id}"); - $imageGet->assertJson([ - 'content' => 'iVBORw0KGgoAAAANSUhEUgAAAAUAAAAFCAIAAAACDbGyAAAACXBIWXMAAAsTAAALEwEAmpwYAAAAB3RJTUUH4gEcDCo5iYNs+gAAAB1pVFh0Q29tbWVudAAAAAAAQ3JlYXRlZCB3aXRoIEdJTVBkLmUHAAAAFElEQVQI12O0jN/KgASYGFABqXwAZtoBV6Sl3hIAAAAASUVORK5CYII=' - ]); + $delete = $this->delete( '/images/' . $image->id); + $delete->assertStatus(200); + + $newCount = count(glob($folder . '/*')); + $this->assertEquals($imageCount - 1, $newCount, 'More files than expected have been deleted'); + $this->assertFalse(file_exists(public_path($relPath)), 'Uploaded image has not been deleted as expected'); } - public function test_drawing_base64_upload() + protected function getTestProfileImage() { - $page = Page::first(); - $editor = $this->getEditor(); - $this->actingAs($editor); + $imageName = 'profile.png'; + $relPath = $this->getTestImagePath('user', $imageName); + $this->deleteImage($relPath); - $upload = $this->postJson('images/drawing/upload', [ - 'uploaded_to' => $page->id, - 'image' => 'image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAUAAAAFCAIAAAACDbGyAAAACXBIWXMAAAsTAAALEwEAmpwYAAAAB3RJTUUH4gEcDCo5iYNs+gAAAB1pVFh0Q29tbWVudAAAAAAAQ3JlYXRlZCB3aXRoIEdJTVBkLmUHAAAAFElEQVQI12O0jN/KgASYGFABqXwAZtoBV6Sl3hIAAAAASUVORK5CYII=' - ]); + return $this->getTestImage($imageName); + } - $upload->assertStatus(200); - $upload->assertJson([ - 'type' => 'drawio', - 'uploaded_to' => $page->id, - 'created_by' => $editor->id, - 'updated_by' => $editor->id, - ]); + public function test_user_image_upload() + { + $editor = $this->getEditor(); + $admin = $this->getAdmin(); + $this->actingAs($admin); - $image = Image::where('type', '=', 'drawio')->first(); - $this->assertTrue(file_exists(public_path($image->path)), 'Uploaded image not found at path: '. public_path($image->path)); + $file = $this->getTestProfileImage(); + $this->call('PUT', '/settings/users/' . $editor->id, [], [], ['profile_image' => $file], []); - $testImageData = file_get_contents($this->getTestImageFilePath()); - $uploadedImageData = file_get_contents(public_path($image->path)); - $this->assertTrue($testImageData === $uploadedImageData, "Uploaded image file data does not match our test image as expected"); + $this->assertDatabaseHas('images', [ + 'type' => 'user', + 'uploaded_to' => $editor->id, + 'created_by' => $admin->id, + ]); } public function test_user_images_deleted_on_user_deletion() @@ -222,23 +349,28 @@ class ImageTest extends TestCase $editor = $this->getEditor(); $this->actingAs($editor); - $imageName = 'profile.png'; - $relPath = $this->getTestImagePath('gallery', $imageName); - $this->deleteImage($relPath); - - $file = $this->getTestImage($imageName); - $this->call('POST', '/images/user/upload', [], [], ['file' => $file], []); - $this->call('POST', '/images/user/upload', [], [], ['file' => $file], []); + $file = $this->getTestProfileImage(); + $this->call('PUT', '/settings/users/' . $editor->id, [], [], ['profile_image' => $file], []); $profileImages = Image::where('type', '=', 'user')->where('created_by', '=', $editor->id)->get(); - $this->assertTrue($profileImages->count() === 2, "Found profile images does not match upload count"); + $this->assertTrue($profileImages->count() === 1, "Found profile images does not match upload count"); + + $imagePath = public_path($profileImages->first()->path); + $this->assertTrue(file_exists($imagePath)); $userDelete = $this->asAdmin()->delete("/settings/users/{$editor->id}"); $userDelete->assertStatus(302); + $this->assertDatabaseMissing('images', [ 'type' => 'user', 'created_by' => $editor->id ]); + $this->assertDatabaseMissing('images', [ + 'type' => 'user', + 'uploaded_to' => $editor->id + ]); + + $this->assertFalse(file_exists($imagePath)); } public function test_deleted_unused_images() @@ -256,7 +388,7 @@ class ImageTest extends TestCase $image = Image::where('type', '=', 'gallery')->first(); $pageRepo = app(PageRepo::class); - $pageRepo->updatePage($page, $page->book_id, [ + $pageRepo->update($page, [ 'name' => $page->name, 'html' => $page->html . "url}\">", 'summary' => '' @@ -268,7 +400,7 @@ class ImageTest extends TestCase $this->assertCount(0, $toDelete); // Save a revision of our page without the image; - $pageRepo->updatePage($page, $page->book_id, [ + $pageRepo->update($page, [ 'name' => $page->name, 'html' => "

Hello

", 'summary' => ''