]> BookStack Code Mirror - bookstack/blob - tests/Api/PagesApiTest.php
projects / bookstack / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Merge pull request #4320 from devdot/improve-api-auth-exception
[bookstack] / tests / Api / PagesApiTest.php
1 <?php
2
3 namespace Tests\Api;
4
5 use BookStack\Entities\Models\Chapter;
6 use BookStack\Entities\Models\Page;
7 use Carbon\Carbon;
8 use Illuminate\Support\Facades\DB;
9 use Tests\TestCase;
10
11 class PagesApiTest extends TestCase
12 {
13     use TestsApi;
14
15     protected string $baseEndpoint = '/api/pages';
16
17     public function test_index_endpoint_returns_expected_page()
18     {
19         $this->actingAsApiEditor();
20         $firstPage = Page::query()->orderBy('id', 'asc')->first();
21
22         $resp = $this->getJson($this->baseEndpoint . '?count=1&sort=+id');
23         $resp->assertJson(['data' => [
24             [
25                 'id'       => $firstPage->id,
26                 'name'     => $firstPage->name,
27                 'slug'     => $firstPage->slug,
28                 'book_id'  => $firstPage->book->id,
29                 'priority' => $firstPage->priority,
30             ],
31         ]]);
32     }
33
34     public function test_create_endpoint()
35     {
36         $this->actingAsApiEditor();
37         $book = $this->entities->book();
38         $details = [
39             'name'    => 'My API page',
40             'book_id' => $book->id,
41             'html'    => '<p>My new page content</p>',
42             'tags'    => [
43                 [
44                     'name'  => 'tagname',
45                     'value' => 'tagvalue',
46                 ],
47             ],
48         ];
49
50         $resp = $this->postJson($this->baseEndpoint, $details);
51         unset($details['html']);
52         $resp->assertStatus(200);
53         $newItem = Page::query()->orderByDesc('id')->where('name', '=', $details['name'])->first();
54         $resp->assertJson(array_merge($details, ['id' => $newItem->id, 'slug' => $newItem->slug]));
55         $this->assertDatabaseHas('tags', [
56             'entity_id'   => $newItem->id,
57             'entity_type' => $newItem->getMorphClass(),
58             'name'        => 'tagname',
59             'value'       => 'tagvalue',
60         ]);
61         $resp->assertSeeText('My new page content');
62         $resp->assertJsonMissing(['book' => []]);
63         $this->assertActivityExists('page_create', $newItem);
64     }
65
66     public function test_page_name_needed_to_create()
67     {
68         $this->actingAsApiEditor();
69         $book = $this->entities->book();
70         $details = [
71             'book_id' => $book->id,
72             'html'    => '<p>A page created via the API</p>',
73         ];
74
75         $resp = $this->postJson($this->baseEndpoint, $details);
76         $resp->assertStatus(422);
77         $resp->assertJson($this->validationResponse([
78             'name' => ['The name field is required.'],
79         ]));
80     }
81
82     public function test_book_id_or_chapter_id_needed_to_create()
83     {
84         $this->actingAsApiEditor();
85         $details = [
86             'name' => 'My api page',
87             'html' => '<p>A page created via the API</p>',
88         ];
89
90         $resp = $this->postJson($this->baseEndpoint, $details);
91         $resp->assertStatus(422);
92         $resp->assertJson($this->validationResponse([
93             'book_id'    => ['The book id field is required when chapter id is not present.'],
94             'chapter_id' => ['The chapter id field is required when book id is not present.'],
95         ]));
96
97         $chapter = $this->entities->chapter();
98         $resp = $this->postJson($this->baseEndpoint, array_merge($details, ['chapter_id' => $chapter->id]));
99         $resp->assertStatus(200);
100
101         $book = $this->entities->book();
102         $resp = $this->postJson($this->baseEndpoint, array_merge($details, ['book_id' => $book->id]));
103         $resp->assertStatus(200);
104     }
105
106     public function test_markdown_can_be_provided_for_create()
107     {
108         $this->actingAsApiEditor();
109         $book = $this->entities->book();
110         $details = [
111             'book_id'  => $book->id,
112             'name'     => 'My api page',
113             'markdown' => "# A new API page \n[link](https://example.com)",
114         ];
115
116         $resp = $this->postJson($this->baseEndpoint, $details);
117         $resp->assertJson(['markdown' => $details['markdown']]);
118
119         $respHtml = $resp->json('html');
120         $this->assertStringContainsString('new API page</h1>', $respHtml);
121         $this->assertStringContainsString('link</a>', $respHtml);
122         $this->assertStringContainsString('href="https://example.com"', $respHtml);
123     }
124
125     public function test_read_endpoint()
126     {
127         $this->actingAsApiEditor();
128         $page = $this->entities->page();
129
130         $resp = $this->getJson($this->baseEndpoint . "/{$page->id}");
131         $resp->assertStatus(200);
132         $resp->assertJson([
133             'id'         => $page->id,
134             'slug'       => $page->slug,
135             'created_by' => [
136                 'name' => $page->createdBy->name,
137             ],
138             'book_id'    => $page->book_id,
139             'updated_by' => [
140                 'name' => $page->createdBy->name,
141             ],
142             'owned_by' => [
143                 'name' => $page->ownedBy->name,
144             ],
145         ]);
146     }
147
148     public function test_read_endpoint_provides_rendered_html()
149     {
150         $this->actingAsApiEditor();
151         $page = $this->entities->page();
152         $page->html = "<p>testing</p><script>alert('danger')</script><h1>Hello</h1>";
153         $page->save();
154
155         $resp = $this->getJson($this->baseEndpoint . "/{$page->id}");
156         $html = $resp->json('html');
157         $this->assertStringNotContainsString('script', $html);
158         $this->assertStringContainsString('Hello', $html);
159         $this->assertStringContainsString('testing', $html);
160     }
161
162     public function test_read_endpoint_provides_raw_html()
163     {
164         $html = "<p>testing</p><script>alert('danger')</script><h1>Hello</h1>";
165
166         $this->actingAsApiEditor();
167         $page = $this->entities->page();
168         $page->html = $html;
169         $page->save();
170
171         $resp = $this->getJson($this->baseEndpoint . "/{$page->id}");
172         $this->assertEquals($html, $resp->json('raw_html'));
173         $this->assertNotEquals($html, $resp->json('html'));
174     }
175
176     public function test_read_endpoint_returns_not_found()
177     {
178         $this->actingAsApiEditor();
179         // get an id that is not used
180         $id = Page::orderBy('id', 'desc')->first()->id + 1;
181         $this->assertNull(Page::find($id));
182
183         $resp = $this->getJson($this->baseEndpoint . "/$id");
184
185         $resp->assertNotFound();
186         $this->assertNull($resp->json('id'));
187         $resp->assertJsonIsObject('error');
188         $resp->assertJsonStructure([
189             'error' => [
190                 'code',
191                 'message',
192             ],
193         ]);
194         $this->assertSame(404, $resp->json('error')['code']);
195     }
196
197     public function test_update_endpoint()
198     {
199         $this->actingAsApiEditor();
200         $page = $this->entities->page();
201         $details = [
202             'name' => 'My updated API page',
203             'html' => '<p>A page created via the API</p>',
204             'tags' => [
205                 [
206                     'name'  => 'freshtag',
207                     'value' => 'freshtagval',
208                 ],
209             ],
210         ];
211
212         $resp = $this->putJson($this->baseEndpoint . "/{$page->id}", $details);
213         $page->refresh();
214
215         $resp->assertStatus(200);
216         unset($details['html']);
217         $resp->assertJson(array_merge($details, [
218             'id' => $page->id, 'slug' => $page->slug, 'book_id' => $page->book_id,
219         ]));
220         $this->assertActivityExists('page_update', $page);
221     }
222
223     public function test_providing_new_chapter_id_on_update_will_move_page()
224     {
225         $this->actingAsApiEditor();
226         $page = $this->entities->page();
227         $chapter = Chapter::visible()->where('book_id', '!=', $page->book_id)->first();
228         $details = [
229             'name'       => 'My updated API page',
230             'chapter_id' => $chapter->id,
231             'html'       => '<p>A page created via the API</p>',
232         ];
233
234         $resp = $this->putJson($this->baseEndpoint . "/{$page->id}", $details);
235         $resp->assertStatus(200);
236         $resp->assertJson([
237             'chapter_id' => $chapter->id,
238             'book_id'    => $chapter->book_id,
239         ]);
240     }
241
242     public function test_providing_move_via_update_requires_page_create_permission_on_new_parent()
243     {
244         $this->actingAsApiEditor();
245         $page = $this->entities->page();
246         $chapter = Chapter::visible()->where('book_id', '!=', $page->book_id)->first();
247         $this->permissions->setEntityPermissions($chapter, ['view'], [$this->users->editor()->roles()->first()]);
248         $details = [
249             'name'       => 'My updated API page',
250             'chapter_id' => $chapter->id,
251             'html'       => '<p>A page created via the API</p>',
252         ];
253
254         $resp = $this->putJson($this->baseEndpoint . "/{$page->id}", $details);
255         $resp->assertStatus(403);
256     }
257
258     public function test_update_endpoint_does_not_wipe_content_if_no_html_or_md_provided()
259     {
260         $this->actingAsApiEditor();
261         $page = $this->entities->page();
262         $originalContent = $page->html;
263         $details = [
264             'name' => 'My updated API page',
265             'tags' => [
266                 [
267                     'name'  => 'freshtag',
268                     'value' => 'freshtagval',
269                 ],
270             ],
271         ];
272
273         $this->putJson($this->baseEndpoint . "/{$page->id}", $details);
274         $page->refresh();
275
276         $this->assertEquals($originalContent, $page->html);
277     }
278
279     public function test_update_increments_updated_date_if_only_tags_are_sent()
280     {
281         $this->actingAsApiEditor();
282         $page = $this->entities->page();
283         DB::table('pages')->where('id', '=', $page->id)->update(['updated_at' => Carbon::now()->subWeek()]);
284
285         $details = [
286             'tags' => [['name' => 'Category', 'value' => 'Testing']],
287         ];
288
289         $resp = $this->putJson($this->baseEndpoint . "/{$page->id}", $details);
290         $resp->assertOk();
291
292         $page->refresh();
293         $this->assertGreaterThan(Carbon::now()->subDay()->unix(), $page->updated_at->unix());
294     }
295
296     public function test_delete_endpoint()
297     {
298         $this->actingAsApiEditor();
299         $page = $this->entities->page();
300         $resp = $this->deleteJson($this->baseEndpoint . "/{$page->id}");
301
302         $resp->assertStatus(204);
303         $this->assertActivityExists('page_delete', $page);
304     }
305
306     public function test_export_html_endpoint()
307     {
308         $this->actingAsApiEditor();
309         $page = $this->entities->page();
310
311         $resp = $this->get($this->baseEndpoint . "/{$page->id}/export/html");
312         $resp->assertStatus(200);
313         $resp->assertSee($page->name);
314         $resp->assertHeader('Content-Disposition', 'attachment; filename="' . $page->slug . '.html"');
315     }
316
317     public function test_export_plain_text_endpoint()
318     {
319         $this->actingAsApiEditor();
320         $page = $this->entities->page();
321
322         $resp = $this->get($this->baseEndpoint . "/{$page->id}/export/plaintext");
323         $resp->assertStatus(200);
324         $resp->assertSee($page->name);
325         $resp->assertHeader('Content-Disposition', 'attachment; filename="' . $page->slug . '.txt"');
326     }
327
328     public function test_export_pdf_endpoint()
329     {
330         $this->actingAsApiEditor();
331         $page = $this->entities->page();
332
333         $resp = $this->get($this->baseEndpoint . "/{$page->id}/export/pdf");
334         $resp->assertStatus(200);
335         $resp->assertHeader('Content-Disposition', 'attachment; filename="' . $page->slug . '.pdf"');
336     }
337
338     public function test_export_markdown_endpoint()
339     {
340         $this->actingAsApiEditor();
341         $page = $this->entities->page();
342
343         $resp = $this->get($this->baseEndpoint . "/{$page->id}/export/markdown");
344         $resp->assertStatus(200);
345         $resp->assertSee('# ' . $page->name);
346         $resp->assertHeader('Content-Disposition', 'attachment; filename="' . $page->slug . '.md"');
347     }
348
349     public function test_cant_export_when_not_have_permission()
350     {
351         $types = ['html', 'plaintext', 'pdf', 'markdown'];
352         $this->actingAsApiEditor();
353         $this->permissions->removeUserRolePermissions($this->users->editor(), ['content-export']);
354
355         $page = $this->entities->page();
356         foreach ($types as $type) {
357             $resp = $this->get($this->baseEndpoint . "/{$page->id}/export/{$type}");
358             $this->assertPermissionError($resp);
359         }
360     }
361 }
The core source code for the BookStack project.