X-Git-Url: http://source.bookstackapp.com/bookstack/blobdiff_plain/dabe79a438f22612e7d68c8d1de7817505b59b93..refs/pull/2227/head:/tests/Uploads/ImageTest.php diff --git a/tests/Uploads/ImageTest.php b/tests/Uploads/ImageTest.php index 3f6c021a7..08ac63326 100644 --- a/tests/Uploads/ImageTest.php +++ b/tests/Uploads/ImageTest.php @@ -71,11 +71,7 @@ class ImageTest extends TestCase $newName = Str::random(); $update = $this->put('/images/' . $image->id, ['name' => $newName]); $update->assertSuccessful(); - $update->assertJson([ - 'id' => $image->id, - 'name' => $newName, - 'type' => 'gallery', - ]); + $update->assertSee($newName); $this->deleteImage($imgDetails['path']); @@ -92,31 +88,22 @@ class ImageTest extends TestCase $imgDetails = $this->uploadGalleryImage(); $image = Image::query()->first(); - $emptyJson = ['images' => [], 'has_more' => false]; - $resultJson = [ - 'images' => [ - [ - 'id' => $image->id, - 'name' => $imgDetails['name'], - ] - ], - 'has_more' => false, - ]; - $pageId = $imgDetails['page']->id; $firstPageRequest = $this->get("/images/gallery?page=1&uploaded_to={$pageId}"); - $firstPageRequest->assertSuccessful()->assertJson($resultJson); + $firstPageRequest->assertSuccessful()->assertElementExists('div'); + $firstPageRequest->assertSuccessful()->assertSeeText($image->name); $secondPageRequest = $this->get("/images/gallery?page=2&uploaded_to={$pageId}"); - $secondPageRequest->assertSuccessful()->assertExactJson($emptyJson); + $secondPageRequest->assertSuccessful()->assertElementNotExists('div'); $namePartial = substr($imgDetails['name'], 0, 3); $searchHitRequest = $this->get("/images/gallery?page=1&uploaded_to={$pageId}&search={$namePartial}"); - $searchHitRequest->assertSuccessful()->assertJson($resultJson); + $searchHitRequest->assertSuccessful()->assertSee($imgDetails['name']); $namePartial = Str::random(16); - $searchHitRequest = $this->get("/images/gallery?page=1&uploaded_to={$pageId}&search={$namePartial}"); - $searchHitRequest->assertSuccessful()->assertExactJson($emptyJson); + $searchFailRequest = $this->get("/images/gallery?page=1&uploaded_to={$pageId}&search={$namePartial}"); + $searchFailRequest->assertSuccessful()->assertDontSee($imgDetails['name']); + $searchFailRequest->assertSuccessful()->assertElementNotExists('div'); } public function test_image_usage() @@ -131,14 +118,10 @@ class ImageTest extends TestCase $page->html = ''; $page->save(); - $usage = $this->get('/images/usage/' . $image->id); + $usage = $this->get('/images/edit/' . $image->id . '?delete=true'); $usage->assertSuccessful(); - $usage->assertJson([ - [ - 'id' => $page->id, - 'name' => $page->name - ] - ]); + $usage->assertSeeText($page->name); + $usage->assertSee($page->getUrl()); $this->deleteImage($imgDetails['path']); } @@ -199,6 +182,38 @@ class ImageTest extends TestCase $this->assertFalse(file_exists(public_path($relPath)), 'Uploaded double extension file was uploaded but should have been stopped'); } + public function test_url_entities_removed_from_filenames() + { + $this->asEditor(); + $badNames = [ + "bad-char-#-image.png", + "bad-char-?-image.png", + "?#.png", + "?.png", + "#.png", + ]; + foreach ($badNames as $name) { + $galleryFile = $this->getTestImage($name); + $page = Page::first(); + $badPath = $this->getTestImagePath('gallery', $name); + $this->deleteImage($badPath); + + $upload = $this->call('POST', '/images/gallery', ['uploaded_to' => $page->id], [], ['file' => $galleryFile], []); + $upload->assertStatus(200); + + $lastImage = Image::query()->latest('id')->first(); + $newFileName = explode('.', basename($lastImage->path))[0]; + + $this->assertEquals($lastImage->name, $name); + $this->assertFalse(strpos($lastImage->path, $name), 'Path contains original image name'); + $this->assertFalse(file_exists(public_path($badPath)), 'Uploaded image file name was not stripped of url entities'); + + $this->assertTrue(strlen($newFileName) > 0, 'File name was reduced to nothing'); + + $this->deleteImage($lastImage->path); + } + } + public function test_secure_images_uploads_to_correct_place() { config()->set('filesystems.images', 'local_secure'); @@ -262,10 +277,11 @@ class ImageTest extends TestCase $page = Page::first(); $this->asAdmin(); $imageName = 'first-image.png'; + $relPath = $this->getTestImagePath('gallery', $imageName); + $this->deleteImage($relPath); $this->uploadImage($imageName, $page->id); $image = Image::first(); - $relPath = $this->getTestImagePath('gallery', $imageName); $delete = $this->delete( '/images/' . $image->id); $delete->assertStatus(200); @@ -278,48 +294,29 @@ class ImageTest extends TestCase $this->assertFalse(file_exists(public_path($relPath)), 'Uploaded image has not been deleted as expected'); } - public function testBase64Get() + public function test_image_delete_does_not_delete_similar_images() { $page = Page::first(); $this->asAdmin(); $imageName = 'first-image.png'; - $this->uploadImage($imageName, $page->id); - $image = Image::first(); - $image->type = 'drawio'; - $image->save(); - - $imageGet = $this->getJson("/images/drawio/base64/{$image->id}"); - $imageGet->assertJson([ - 'content' => 'iVBORw0KGgoAAAANSUhEUgAAAAUAAAAFCAIAAAACDbGyAAAACXBIWXMAAAsTAAALEwEAmpwYAAAAB3RJTUUH4gEcDCo5iYNs+gAAAB1pVFh0Q29tbWVudAAAAAAAQ3JlYXRlZCB3aXRoIEdJTVBkLmUHAAAAFElEQVQI12O0jN/KgASYGFABqXwAZtoBV6Sl3hIAAAAASUVORK5CYII=' - ]); - } - - public function test_drawing_base64_upload() - { - $page = Page::first(); - $editor = $this->getEditor(); - $this->actingAs($editor); + $relPath = $this->getTestImagePath('gallery', $imageName); + $this->deleteImage($relPath); - $upload = $this->postJson('images/drawio', [ - 'uploaded_to' => $page->id, - 'image' => 'image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAUAAAAFCAIAAAACDbGyAAAACXBIWXMAAAsTAAALEwEAmpwYAAAAB3RJTUUH4gEcDCo5iYNs+gAAAB1pVFh0Q29tbWVudAAAAAAAQ3JlYXRlZCB3aXRoIEdJTVBkLmUHAAAAFElEQVQI12O0jN/KgASYGFABqXwAZtoBV6Sl3hIAAAAASUVORK5CYII=' - ]); + $this->uploadImage($imageName, $page->id); + $this->uploadImage($imageName, $page->id); + $this->uploadImage($imageName, $page->id); - $upload->assertStatus(200); - $upload->assertJson([ - 'type' => 'drawio', - 'uploaded_to' => $page->id, - 'created_by' => $editor->id, - 'updated_by' => $editor->id, - ]); + $image = Image::first(); + $folder = public_path(dirname($relPath)); + $imageCount = count(glob($folder . '/*')); - $image = Image::where('type', '=', 'drawio')->first(); - $this->assertTrue(file_exists(public_path($image->path)), 'Uploaded image not found at path: '. public_path($image->path)); + $delete = $this->delete( '/images/' . $image->id); + $delete->assertStatus(200); - $testImageData = file_get_contents($this->getTestImageFilePath()); - $uploadedImageData = file_get_contents(public_path($image->path)); - $this->assertTrue($testImageData === $uploadedImageData, "Uploaded image file data does not match our test image as expected"); + $newCount = count(glob($folder . '/*')); + $this->assertEquals($imageCount - 1, $newCount, 'More files than expected have been deleted'); + $this->assertFalse(file_exists(public_path($relPath)), 'Uploaded image has not been deleted as expected'); } protected function getTestProfileImage()