X-Git-Url: http://source.bookstackapp.com/bookstack/blobdiff_plain/a6633642232efd164d4708967ab59e498fbff896..refs/pull/3012/head:/tests/Uploads/AttachmentTest.php
diff --git a/tests/Uploads/AttachmentTest.php b/tests/Uploads/AttachmentTest.php
index 1ca9ea23b..588b7054a 100644
--- a/tests/Uploads/AttachmentTest.php
+++ b/tests/Uploads/AttachmentTest.php
@@ -1,42 +1,43 @@
-getTestFile($name);
+
return $this->call('POST', '/attachments/upload', ['uploaded_to' => $uploadedTo], [], ['file' => $file], []);
}
/**
- * Create a new attachment
+ * Create a new attachment.
*/
protected function createAttachment(Page $page): Attachment
{
$this->post('attachments/link', [
- 'attachment_link_url' => 'https://example.com',
- 'attachment_link_name' => 'Example Attachment Link',
+ 'attachment_link_url' => 'https://example.com',
+ 'attachment_link_name' => 'Example Attachment Link',
'attachment_link_uploaded_to' => $page->id,
]);
@@ -57,16 +58,16 @@ class AttachmentTest extends TestCase
public function test_file_upload()
{
- $page = Page::first();
+ $page = Page::query()->first();
$this->asAdmin();
$admin = $this->getAdmin();
$fileName = 'upload_test_file.txt';
$expectedResp = [
- 'name' => $fileName,
+ 'name' => $fileName,
'uploaded_to'=> $page->id,
- 'extension' => 'txt',
- 'order' => 1,
+ 'extension' => 'txt',
+ 'order' => 1,
'created_by' => $admin->id,
'updated_by' => $admin->id,
];
@@ -75,9 +76,9 @@ class AttachmentTest extends TestCase
$upload->assertStatus(200);
$attachment = Attachment::query()->orderBy('id', 'desc')->first();
- $expectedResp['path'] = $attachment->path;
-
$upload->assertJson($expectedResp);
+
+ $expectedResp['path'] = $attachment->path;
$this->assertDatabaseHas('attachments', $expectedResp);
$this->deleteUploads();
@@ -85,10 +86,9 @@ class AttachmentTest extends TestCase
public function test_file_upload_does_not_use_filename()
{
- $page = Page::first();
+ $page = Page::query()->first();
$fileName = 'upload_test_file.txt';
-
$upload = $this->asAdmin()->uploadFile($fileName, $page->id);
$upload->assertStatus(200);
@@ -99,7 +99,7 @@ class AttachmentTest extends TestCase
public function test_file_display_and_access()
{
- $page = Page::first();
+ $page = Page::query()->first();
$this->asAdmin();
$fileName = 'upload_test_file.txt';
@@ -119,25 +119,25 @@ class AttachmentTest extends TestCase
public function test_attaching_link_to_page()
{
- $page = Page::first();
+ $page = Page::query()->first();
$admin = $this->getAdmin();
$this->asAdmin();
$linkReq = $this->call('POST', 'attachments/link', [
- 'attachment_link_url' => 'https://example.com',
- 'attachment_link_name' => 'Example Attachment Link',
+ 'attachment_link_url' => 'https://example.com',
+ 'attachment_link_name' => 'Example Attachment Link',
'attachment_link_uploaded_to' => $page->id,
]);
$expectedData = [
- 'path' => 'https://example.com',
- 'name' => 'Example Attachment Link',
+ 'path' => 'https://example.com',
+ 'name' => 'Example Attachment Link',
'uploaded_to' => $page->id,
- 'created_by' => $admin->id,
- 'updated_by' => $admin->id,
- 'external' => true,
- 'order' => 1,
- 'extension' => ''
+ 'created_by' => $admin->id,
+ 'updated_by' => $admin->id,
+ 'external' => true,
+ 'order' => 1,
+ 'extension' => '',
];
$linkReq->assertStatus(200);
@@ -156,20 +156,20 @@ class AttachmentTest extends TestCase
public function test_attachment_updating()
{
- $page = Page::first();
+ $page = Page::query()->first();
$this->asAdmin();
$attachment = $this->createAttachment($page);
$update = $this->call('PUT', 'attachments/' . $attachment->id, [
'attachment_edit_name' => 'My new attachment name',
- 'attachment_edit_url' => 'https://test.example.com'
+ 'attachment_edit_url' => 'https://test.example.com',
]);
$expectedData = [
- 'id' => $attachment->id,
- 'path' => 'https://test.example.com',
- 'name' => 'My new attachment name',
- 'uploaded_to' => $page->id
+ 'id' => $attachment->id,
+ 'path' => 'https://test.example.com',
+ 'name' => 'My new attachment name',
+ 'uploaded_to' => $page->id,
];
$update->assertStatus(200);
@@ -180,7 +180,7 @@ class AttachmentTest extends TestCase
public function test_file_deletion()
{
- $page = Page::first();
+ $page = Page::query()->first();
$this->asAdmin();
$fileName = 'deletion_test.txt';
$this->uploadFile($fileName, $page->id);
@@ -193,7 +193,7 @@ class AttachmentTest extends TestCase
$this->delete($attachment->getUrl());
$this->assertDatabaseMissing('attachments', [
- 'name' => $fileName
+ 'name' => $fileName,
]);
$this->assertFalse(file_exists($filePath), 'File at path ' . $filePath . ' was not deleted as expected');
@@ -202,7 +202,7 @@ class AttachmentTest extends TestCase
public function test_attachment_deletion_on_page_deletion()
{
- $page = Page::first();
+ $page = Page::query()->first();
$this->asAdmin();
$fileName = 'deletion_test.txt';
$this->uploadFile($fileName, $page->id);
@@ -212,14 +212,14 @@ class AttachmentTest extends TestCase
$this->assertTrue(file_exists($filePath), 'File at path ' . $filePath . ' does not exist');
$this->assertDatabaseHas('attachments', [
- 'name' => $fileName
+ 'name' => $fileName,
]);
app(PageRepo::class)->destroy($page);
app(TrashCan::class)->empty();
$this->assertDatabaseMissing('attachments', [
- 'name' => $fileName
+ 'name' => $fileName,
]);
$this->assertFalse(file_exists($filePath), 'File at path ' . $filePath . ' was not deleted as expected');
@@ -230,8 +230,7 @@ class AttachmentTest extends TestCase
{
$admin = $this->getAdmin();
$viewer = $this->getViewer();
- $page = Page::first(); /** @var Page $page */
-
+ $page = Page::query()->first(); /** @var Page $page */
$this->actingAs($admin);
$fileName = 'permission_test.txt';
$this->uploadFile($fileName, $page->id);
@@ -246,14 +245,14 @@ class AttachmentTest extends TestCase
$this->actingAs($viewer);
$attachmentGet = $this->get($attachment->getUrl());
$attachmentGet->assertStatus(404);
- $attachmentGet->assertSee("Attachment not found");
+ $attachmentGet->assertSee('Attachment not found');
$this->deleteUploads();
}
public function test_data_and_js_links_cannot_be_attached_to_a_page()
{
- $page = Page::first();
+ $page = Page::query()->first();
$this->asAdmin();
$badLinks = [
@@ -261,15 +260,15 @@ class AttachmentTest extends TestCase
' javascript:alert("bunny")',
'JavaScript:alert("bunny")',
"\t\n\t\nJavaScript:alert(\"bunny\")",
- "data:text/html;",
- "Data:text/html;",
- "Data:text/html;",
+ 'data:text/html;',
+ 'Data:text/html;',
+ 'Data:text/html;',
];
foreach ($badLinks as $badLink) {
$linkReq = $this->post('attachments/link', [
- 'attachment_link_url' => $badLink,
- 'attachment_link_name' => 'Example Attachment Link',
+ 'attachment_link_url' => $badLink,
+ 'attachment_link_name' => 'Example Attachment Link',
'attachment_link_uploaded_to' => $page->id,
]);
$linkReq->assertStatus(422);
@@ -282,7 +281,7 @@ class AttachmentTest extends TestCase
foreach ($badLinks as $badLink) {
$linkReq = $this->put('attachments/' . $attachment->id, [
- 'attachment_edit_url' => $badLink,
+ 'attachment_edit_url' => $badLink,
'attachment_edit_name' => 'Example Attachment Link',
]);
$linkReq->assertStatus(422);
@@ -291,4 +290,22 @@ class AttachmentTest extends TestCase
]);
}
}
+
+ public function test_file_access_with_open_query_param_provides_inline_response_with_correct_content_type()
+ {
+ $page = Page::query()->first();
+ $this->asAdmin();
+ $fileName = 'upload_test_file.txt';
+
+ $upload = $this->uploadFile($fileName, $page->id);
+ $upload->assertStatus(200);
+ $attachment = Attachment::query()->orderBy('id', 'desc')->take(1)->first();
+
+ $attachmentGet = $this->get($attachment->getUrl(true));
+ // http-foundation/Response does some 'fixing' of responses to add charsets to text responses.
+ $attachmentGet->assertHeader('Content-Type', 'text/plain; charset=UTF-8');
+ $attachmentGet->assertHeader('Content-Disposition', 'inline; filename="upload_test_file.txt"');
+
+ $this->deleteUploads();
+ }
}