BookStack Code Mirror - bookstack/blob - tests/PublicActionTest.php

   1 <?php namespace Tests;
   2
   3 use Auth;
   4 use BookStack\Auth\Permissions\PermissionService;
   5 use BookStack\Auth\Permissions\RolePermission;
   6 use BookStack\Auth\Role;
   7 use BookStack\Auth\User;
   8 use BookStack\Entities\Models\Book;
   9 use BookStack\Entities\Models\Chapter;
  10 use BookStack\Entities\Models\Page;
  11
  12 class PublicActionTest extends TestCase
  13 {
  14
  15     public function test_app_not_public()
  16     {
  17         $this->setSettings(['app-public' => 'false']);
  18         $book = Book::query()->first();
  19         $this->get('/books')->assertRedirect('/login');
  20         $this->get($book->getUrl())->assertRedirect('/login');
  21
  22         $page = Page::query()->first();
  23         $this->get($page->getUrl())->assertRedirect('/login');
  24     }
  25
  26     public function test_login_link_visible()
  27     {
  28         $this->setSettings(['app-public' => 'true']);
  29         $this->get('/')->assertElementExists('a[href="'.url('/login').'"]');
  30     }
  31
  32     public function test_register_link_visible_when_enabled()
  33     {
  34         $this->setSettings(['app-public' => 'true']);
  35         $home = $this->get('/');
  36         $home->assertSee(url('/login'));
  37         $home->assertDontSee(url('/register'));
  38
  39         $this->setSettings(['app-public' => 'true', 'registration-enabled' => 'true']);
  40         $home = $this->get('/');
  41         $home->assertSee(url('/login'));
  42         $home->assertSee(url('/register'));
  43     }
  44
  45     public function test_books_viewable()
  46     {
  47         $this->setSettings(['app-public' => 'true']);
  48         $books = Book::query()->orderBy('name', 'asc')->take(10)->get();
  49         $bookToVisit = $books[1];
  50
  51         // Check books index page is showing
  52         $resp = $this->get('/books');
  53         $resp->assertStatus(200);
  54         $resp->assertSee($books[0]->name);
  55
  56         // Check individual book page is showing and it's child contents are visible.
  57         $resp = $this->get($bookToVisit->getUrl());
  58         $resp->assertSee($bookToVisit->name);
  59         $resp->assertSee($bookToVisit->chapters()->first()->name);
  60     }
  61
  62     public function test_chapters_viewable()
  63     {
  64         $this->setSettings(['app-public' => 'true']);
  65         /** @var Chapter $chapterToVisit */
  66         $chapterToVisit = Chapter::query()->first();
  67         $pageToVisit = $chapterToVisit->pages()->first();
  68
  69         // Check chapters index page is showing
  70         $resp = $this->get($chapterToVisit->getUrl());
  71         $resp->assertStatus(200);
  72         $resp->assertSee($chapterToVisit->name);
  73         // Check individual chapter page is showing and it's child contents are visible.
  74         $resp->assertSee($pageToVisit->name);
  75         $resp = $this->get($pageToVisit->getUrl());
  76         $resp->assertStatus(200);
  77         $resp->assertSee($chapterToVisit->book->name);
  78         $resp->assertSee($chapterToVisit->name);
  79     }
  80
  81     public function test_public_page_creation()
  82     {
  83         $this->setSettings(['app-public' => 'true']);
  84         $publicRole = Role::getSystemRole('public');
  85         // Grant all permissions to public
  86         $publicRole->permissions()->detach();
  87         foreach (RolePermission::all() as $perm) {
  88             $publicRole->attachPermission($perm);
  89         }
  90         $this->app[PermissionService::class]->buildJointPermissionForRole($publicRole);
  91
  92         /** @var Chapter $chapter */
  93         $chapter = Chapter::query()->first();
  94         $resp = $this->get($chapter->getUrl());
  95         $resp->assertSee('New Page');
  96         $resp->assertElementExists('a[href="'.$chapter->getUrl('/create-page').'"]');
  97
  98         $resp = $this->get($chapter->getUrl('/create-page'));
  99         $resp->assertSee('Continue');
 100         $resp->assertSee('Page Name');
 101         $resp->assertElementExists('form[action="'.$chapter->getUrl('/create-guest-page').'"]');
 102
 103         $resp = $this->post($chapter->getUrl('/create-guest-page'), ['name' => 'My guest page']);
 104         $resp->assertRedirect($chapter->book->getUrl('/page/my-guest-page/edit'));
 105
 106         $user = User::getDefault();
 107         $this->assertDatabaseHas('pages', [
 108             'name' => 'My guest page',
 109             'chapter_id' => $chapter->id,
 110             'created_by' => $user->id,
 111             'updated_by' => $user->id
 112         ]);
 113     }
 114
 115     public function test_content_not_listed_on_404_for_public_users()
 116     {
 117         $page = Page::query()->first();
 118         $this->asAdmin()->get($page->getUrl()); // Fake visit to show on recents
 119         $resp = $this->get('/cats/dogs/hippos');
 120         $resp->assertStatus(404);
 121         $resp->assertSee($page->name);
 122
 123         Auth::logout();
 124         $resp = $this->get('/cats/dogs/hippos');
 125         $resp->assertStatus(404);
 126         $resp->assertDontSee($page->name);
 127     }
 128
 129     public function test_robots_effected_by_public_status()
 130     {
 131         $this->get('/robots.txt')->assertSee("User-agent: *\nDisallow: /");
 132
 133         $this->setSettings(['app-public' => 'true']);
 134
 135         $resp = $this->get('/robots.txt');
 136         $resp->assertSee("User-agent: *\nDisallow:");
 137         $resp->assertDontSee("Disallow: /");
 138     }
 139
 140     public function test_robots_effected_by_setting()
 141     {
 142         $this->get('/robots.txt')->assertSee("User-agent: *\nDisallow: /");
 143
 144         config()->set('app.allow_robots', true);
 145
 146         $resp = $this->get('/robots.txt');
 147         $resp->assertSee("User-agent: *\nDisallow:");
 148         $resp->assertDontSee("Disallow: /");
 149
 150         // Check config overrides app-public setting
 151         config()->set('app.allow_robots', false);
 152         $this->setSettings(['app-public' => 'true']);
 153         $this->get('/robots.txt')->assertSee("User-agent: *\nDisallow: /");
 154     }
 155
 156     public function test_public_view_then_login_redirects_to_previous_content()
 157     {
 158         $this->setSettings(['app-public' => 'true']);
 159         /** @var Book $book */
 160         $book = Book::query()->first();
 161         $resp = $this->get($book->getUrl());
 162         $resp->assertSee($book->name);
 163
 164         $this->get('/login');
 165         $resp = $this->post('/login', ['email' => '[email protected]', 'password' => 'password']);
 166         $resp->assertRedirect($book->getUrl());
 167     }
 168
 169     public function test_access_hidden_content_then_login_redirects_to_intended_content()
 170     {
 171         $this->setSettings(['app-public' => 'true']);
 172         /** @var Book $book */
 173         $book = Book::query()->first();
 174         $this->setEntityRestrictions($book);
 175
 176         $resp = $this->get($book->getUrl());
 177         $resp->assertSee('Book not found');
 178
 179         $this->get('/login');
 180         $resp = $this->post('/login', ['email' => '[email protected]', 'password' => 'password']);
 181         $resp->assertRedirect($book->getUrl());
 182         $this->followRedirects($resp)->assertSee($book->name);
 183     }
 184 }