BookStack Code Mirror - bookstack/blob - tests/PublicActionTest.php

   1 <?php
   2
   3 namespace Tests;
   4
   5 use BookStack\Auth\Permissions\JointPermissionBuilder;
   6 use BookStack\Auth\Permissions\RolePermission;
   7 use BookStack\Auth\Role;
   8 use BookStack\Auth\User;
   9 use BookStack\Entities\Models\Book;
  10 use BookStack\Entities\Models\Chapter;
  11 use BookStack\Entities\Models\Page;
  12 use Illuminate\Support\Facades\Auth;
  13 use Illuminate\Support\Facades\View;
  14
  15 class PublicActionTest extends TestCase
  16 {
  17     public function test_app_not_public()
  18     {
  19         $this->setSettings(['app-public' => 'false']);
  20         $book = Book::query()->first();
  21         $this->get('/books')->assertRedirect('/login');
  22         $this->get($book->getUrl())->assertRedirect('/login');
  23
  24         $page = Page::query()->first();
  25         $this->get($page->getUrl())->assertRedirect('/login');
  26     }
  27
  28     public function test_login_link_visible()
  29     {
  30         $this->setSettings(['app-public' => 'true']);
  31         $resp = $this->get('/');
  32         $this->withHtml($resp)->assertElementExists('a[href="' . url('/login') . '"]');
  33     }
  34
  35     public function test_register_link_visible_when_enabled()
  36     {
  37         $this->setSettings(['app-public' => 'true']);
  38         $home = $this->get('/');
  39         $home->assertSee(url('/login'));
  40         $home->assertDontSee(url('/register'));
  41
  42         $this->setSettings(['app-public' => 'true', 'registration-enabled' => 'true']);
  43         $home = $this->get('/');
  44         $home->assertSee(url('/login'));
  45         $home->assertSee(url('/register'));
  46     }
  47
  48     public function test_books_viewable()
  49     {
  50         $this->setSettings(['app-public' => 'true']);
  51         $books = Book::query()->orderBy('name', 'asc')->take(10)->get();
  52         $bookToVisit = $books[1];
  53
  54         // Check books index page is showing
  55         $resp = $this->get('/books');
  56         $resp->assertStatus(200);
  57         $resp->assertSee($books[0]->name);
  58
  59         // Check individual book page is showing and it's child contents are visible.
  60         $resp = $this->get($bookToVisit->getUrl());
  61         $resp->assertSee($bookToVisit->name);
  62         $resp->assertSee($bookToVisit->chapters()->first()->name);
  63     }
  64
  65     public function test_chapters_viewable()
  66     {
  67         $this->setSettings(['app-public' => 'true']);
  68         /** @var Chapter $chapterToVisit */
  69         $chapterToVisit = Chapter::query()->first();
  70         $pageToVisit = $chapterToVisit->pages()->first();
  71
  72         // Check chapters index page is showing
  73         $resp = $this->get($chapterToVisit->getUrl());
  74         $resp->assertStatus(200);
  75         $resp->assertSee($chapterToVisit->name);
  76         // Check individual chapter page is showing and it's child contents are visible.
  77         $resp->assertSee($pageToVisit->name);
  78         $resp = $this->get($pageToVisit->getUrl());
  79         $resp->assertStatus(200);
  80         $resp->assertSee($chapterToVisit->book->name);
  81         $resp->assertSee($chapterToVisit->name);
  82     }
  83
  84     public function test_public_page_creation()
  85     {
  86         $this->setSettings(['app-public' => 'true']);
  87         $publicRole = Role::getSystemRole('public');
  88         // Grant all permissions to public
  89         $publicRole->permissions()->detach();
  90         foreach (RolePermission::all() as $perm) {
  91             $publicRole->attachPermission($perm);
  92         }
  93         $this->app->make(JointPermissionBuilder::class)->rebuildForRole($publicRole);
  94         user()->clearPermissionCache();
  95
  96         /** @var Chapter $chapter */
  97         $chapter = Chapter::query()->first();
  98         $resp = $this->get($chapter->getUrl());
  99         $resp->assertSee('New Page');
 100         $this->withHtml($resp)->assertElementExists('a[href="' . $chapter->getUrl('/create-page') . '"]');
 101
 102         $resp = $this->get($chapter->getUrl('/create-page'));
 103         $resp->assertSee('Continue');
 104         $resp->assertSee('Page Name');
 105         $this->withHtml($resp)->assertElementExists('form[action="' . $chapter->getUrl('/create-guest-page') . '"]');
 106
 107         $resp = $this->post($chapter->getUrl('/create-guest-page'), ['name' => 'My guest page']);
 108         $resp->assertRedirect($chapter->book->getUrl('/page/my-guest-page/edit'));
 109
 110         $user = User::getDefault();
 111         $this->assertDatabaseHas('pages', [
 112             'name'       => 'My guest page',
 113             'chapter_id' => $chapter->id,
 114             'created_by' => $user->id,
 115             'updated_by' => $user->id,
 116         ]);
 117     }
 118
 119     public function test_content_not_listed_on_404_for_public_users()
 120     {
 121         $page = Page::query()->first();
 122         $page->fill(['name' => 'my testing random unique page name'])->save();
 123         $this->asAdmin()->get($page->getUrl()); // Fake visit to show on recents
 124         $resp = $this->get('/cats/dogs/hippos');
 125         $resp->assertStatus(404);
 126         $resp->assertSee($page->name);
 127         View::share('pageTitle', '');
 128
 129         Auth::logout();
 130         $resp = $this->get('/cats/dogs/hippos');
 131         $resp->assertStatus(404);
 132         $resp->assertDontSee($page->name);
 133     }
 134
 135     public function test_robots_effected_by_public_status()
 136     {
 137         $this->get('/robots.txt')->assertSee("User-agent: *\nDisallow: /");
 138
 139         $this->setSettings(['app-public' => 'true']);
 140
 141         $resp = $this->get('/robots.txt');
 142         $resp->assertSee("User-agent: *\nDisallow:");
 143         $resp->assertDontSee('Disallow: /');
 144     }
 145
 146     public function test_robots_effected_by_setting()
 147     {
 148         $this->get('/robots.txt')->assertSee("User-agent: *\nDisallow: /");
 149
 150         config()->set('app.allow_robots', true);
 151
 152         $resp = $this->get('/robots.txt');
 153         $resp->assertSee("User-agent: *\nDisallow:");
 154         $resp->assertDontSee('Disallow: /');
 155
 156         // Check config overrides app-public setting
 157         config()->set('app.allow_robots', false);
 158         $this->setSettings(['app-public' => 'true']);
 159         $this->get('/robots.txt')->assertSee("User-agent: *\nDisallow: /");
 160     }
 161
 162     public function test_public_view_then_login_redirects_to_previous_content()
 163     {
 164         $this->setSettings(['app-public' => 'true']);
 165         /** @var Book $book */
 166         $book = Book::query()->first();
 167         $resp = $this->get($book->getUrl());
 168         $resp->assertSee($book->name);
 169
 170         $this->get('/login');
 171         $resp = $this->post('/login', ['email' => '[email protected]', 'password' => 'password']);
 172         $resp->assertRedirect($book->getUrl());
 173     }
 174
 175     public function test_access_hidden_content_then_login_redirects_to_intended_content()
 176     {
 177         $this->setSettings(['app-public' => 'true']);
 178         /** @var Book $book */
 179         $book = Book::query()->first();
 180         $this->setEntityRestrictions($book);
 181
 182         $resp = $this->get($book->getUrl());
 183         $resp->assertSee('Book not found');
 184
 185         $this->get('/login');
 186         $resp = $this->post('/login', ['email' => '[email protected]', 'password' => 'password']);
 187         $resp->assertRedirect($book->getUrl());
 188         $this->followRedirects($resp)->assertSee($book->name);
 189     }
 190 }