BookStack Code Mirror - bookstack/blob - tests/PublicActionTest.php

   1 <?php
   2
   3 namespace Tests;
   4
   5 use BookStack\Entities\Models\Book;
   6 use BookStack\Entities\Models\Chapter;
   7 use BookStack\Permissions\Models\RolePermission;
   8 use BookStack\Users\Models\Role;
   9 use BookStack\Users\Models\User;
  10 use Illuminate\Support\Facades\Auth;
  11 use Illuminate\Support\Facades\View;
  12
  13 class PublicActionTest extends TestCase
  14 {
  15     public function test_app_not_public()
  16     {
  17         $this->setSettings(['app-public' => 'false']);
  18         $book = $this->entities->book();
  19         $this->get('/books')->assertRedirect('/login');
  20         $this->get($book->getUrl())->assertRedirect('/login');
  21
  22         $page = $this->entities->page();
  23         $this->get($page->getUrl())->assertRedirect('/login');
  24     }
  25
  26     public function test_login_link_visible()
  27     {
  28         $this->setSettings(['app-public' => 'true']);
  29         $resp = $this->get('/');
  30         $this->withHtml($resp)->assertElementExists('a[href="' . url('/login') . '"]');
  31     }
  32
  33     public function test_register_link_visible_when_enabled()
  34     {
  35         $this->setSettings(['app-public' => 'true']);
  36         $home = $this->get('/');
  37         $home->assertSee(url('/login'));
  38         $home->assertDontSee(url('/register'));
  39
  40         $this->setSettings(['app-public' => 'true', 'registration-enabled' => 'true']);
  41         $home = $this->get('/');
  42         $home->assertSee(url('/login'));
  43         $home->assertSee(url('/register'));
  44     }
  45
  46     public function test_books_viewable()
  47     {
  48         $this->setSettings(['app-public' => 'true']);
  49         $books = Book::query()->orderBy('name', 'asc')->take(10)->get();
  50         $bookToVisit = $books[1];
  51
  52         // Check books index page is showing
  53         $resp = $this->get('/books');
  54         $resp->assertStatus(200);
  55         $resp->assertSee($books[0]->name);
  56
  57         // Check individual book page is showing and it's child contents are visible.
  58         $resp = $this->get($bookToVisit->getUrl());
  59         $resp->assertSee($bookToVisit->name);
  60         $resp->assertSee($bookToVisit->chapters()->first()->name);
  61     }
  62
  63     public function test_chapters_viewable()
  64     {
  65         $this->setSettings(['app-public' => 'true']);
  66         /** @var Chapter $chapterToVisit */
  67         $chapterToVisit = Chapter::query()->first();
  68         $pageToVisit = $chapterToVisit->pages()->first();
  69
  70         // Check chapters index page is showing
  71         $resp = $this->get($chapterToVisit->getUrl());
  72         $resp->assertStatus(200);
  73         $resp->assertSee($chapterToVisit->name);
  74         // Check individual chapter page is showing and it's child contents are visible.
  75         $resp->assertSee($pageToVisit->name);
  76         $resp = $this->get($pageToVisit->getUrl());
  77         $resp->assertStatus(200);
  78         $resp->assertSee($chapterToVisit->book->name);
  79         $resp->assertSee($chapterToVisit->name);
  80     }
  81
  82     public function test_public_page_creation()
  83     {
  84         $this->setSettings(['app-public' => 'true']);
  85         $publicRole = Role::getSystemRole('public');
  86         // Grant all permissions to public
  87         $publicRole->permissions()->detach();
  88         foreach (RolePermission::all() as $perm) {
  89             $publicRole->attachPermission($perm);
  90         }
  91         user()->clearPermissionCache();
  92
  93         $chapter = $this->entities->chapter();
  94         $resp = $this->get($chapter->getUrl());
  95         $resp->assertSee('New Page');
  96         $this->withHtml($resp)->assertElementExists('a[href="' . $chapter->getUrl('/create-page') . '"]');
  97
  98         $resp = $this->get($chapter->getUrl('/create-page'));
  99         $resp->assertSee('Continue');
 100         $resp->assertSee('Page Name');
 101         $this->withHtml($resp)->assertElementExists('form[action="' . $chapter->getUrl('/create-guest-page') . '"]');
 102
 103         $resp = $this->post($chapter->getUrl('/create-guest-page'), ['name' => 'My guest page']);
 104         $resp->assertRedirect($chapter->book->getUrl('/page/my-guest-page/edit'));
 105
 106         $user = $this->users->guest();
 107         $this->assertDatabaseHas('pages', [
 108             'name'       => 'My guest page',
 109             'chapter_id' => $chapter->id,
 110             'created_by' => $user->id,
 111             'updated_by' => $user->id,
 112         ]);
 113     }
 114
 115     public function test_content_not_listed_on_404_for_public_users()
 116     {
 117         $page = $this->entities->page();
 118         $page->fill(['name' => 'my testing random unique page name'])->save();
 119         $this->asAdmin()->get($page->getUrl()); // Fake visit to show on recents
 120         $resp = $this->get('/cats/dogs/hippos');
 121         $resp->assertStatus(404);
 122         $resp->assertSee($page->name);
 123         View::share('pageTitle', '');
 124
 125         Auth::logout();
 126         $resp = $this->get('/cats/dogs/hippos');
 127         $resp->assertStatus(404);
 128         $resp->assertDontSee($page->name);
 129     }
 130
 131     public function test_default_favicon_file_created_upon_access()
 132     {
 133         $faviconPath = public_path('favicon.ico');
 134         if (file_exists($faviconPath)) {
 135             unlink($faviconPath);
 136         }
 137
 138         $this->assertFileDoesNotExist($faviconPath);
 139         $this->get('/favicon.ico');
 140         $this->assertFileExists($faviconPath);
 141     }
 142
 143     public function test_public_view_then_login_redirects_to_previous_content()
 144     {
 145         $this->setSettings(['app-public' => 'true']);
 146         $book = $this->entities->book();
 147         $resp = $this->get($book->getUrl());
 148         $resp->assertSee($book->name);
 149
 150         $this->get('/login');
 151         $resp = $this->post('/login', ['email' => '[email protected]', 'password' => 'password']);
 152         $resp->assertRedirect($book->getUrl());
 153     }
 154
 155     public function test_access_hidden_content_then_login_redirects_to_intended_content()
 156     {
 157         $this->setSettings(['app-public' => 'true']);
 158         $book = $this->entities->book();
 159         $this->permissions->setEntityPermissions($book);
 160
 161         $resp = $this->get($book->getUrl());
 162         $resp->assertSee('Book not found');
 163
 164         $this->get('/login');
 165         $resp = $this->post('/login', ['email' => '[email protected]', 'password' => 'password']);
 166         $resp->assertRedirect($book->getUrl());
 167         $this->followRedirects($resp)->assertSee($book->name);
 168     }
 169
 170     public function test_public_view_can_take_on_other_roles()
 171     {
 172         $this->setSettings(['app-public' => 'true']);
 173         $newRole = $this->users->attachNewRole($this->users->guest(), []);
 174         $page = $this->entities->page();
 175         $this->permissions->disableEntityInheritedPermissions($page);
 176         $this->permissions->addEntityPermission($page, ['view', 'update'], $newRole);
 177
 178         $resp = $this->get($page->getUrl());
 179         $resp->assertOk();
 180
 181         $this->withHtml($resp)->assertLinkExists($page->getUrl('/edit'));
 182     }
 183
 184     public function test_public_user_cannot_view_or_update_their_profile()
 185     {
 186         $this->setSettings(['app-public' => 'true']);
 187         $guest = $this->users->guest();
 188
 189         $resp = $this->get($guest->getEditUrl());
 190         $this->assertPermissionError($resp);
 191
 192         $resp = $this->put($guest->getEditUrl(), ['name' => 'My new guest name']);
 193         $this->assertPermissionError($resp);
 194     }
 195 }