BookStack Code Mirror - bookstack/blob - tests/PublicActionTest.php

   1 <?php
   2
   3 namespace Tests;
   4
   5 use BookStack\Auth\Permissions\JointPermissionBuilder;
   6 use BookStack\Auth\Permissions\RolePermission;
   7 use BookStack\Auth\Role;
   8 use BookStack\Auth\User;
   9 use BookStack\Entities\Models\Book;
  10 use BookStack\Entities\Models\Chapter;
  11 use Illuminate\Support\Facades\Auth;
  12 use Illuminate\Support\Facades\View;
  13
  14 class PublicActionTest extends TestCase
  15 {
  16     public function test_app_not_public()
  17     {
  18         $this->setSettings(['app-public' => 'false']);
  19         $book = $this->entities->book();
  20         $this->get('/books')->assertRedirect('/login');
  21         $this->get($book->getUrl())->assertRedirect('/login');
  22
  23         $page = $this->entities->page();
  24         $this->get($page->getUrl())->assertRedirect('/login');
  25     }
  26
  27     public function test_login_link_visible()
  28     {
  29         $this->setSettings(['app-public' => 'true']);
  30         $resp = $this->get('/');
  31         $this->withHtml($resp)->assertElementExists('a[href="' . url('/login') . '"]');
  32     }
  33
  34     public function test_register_link_visible_when_enabled()
  35     {
  36         $this->setSettings(['app-public' => 'true']);
  37         $home = $this->get('/');
  38         $home->assertSee(url('/login'));
  39         $home->assertDontSee(url('/register'));
  40
  41         $this->setSettings(['app-public' => 'true', 'registration-enabled' => 'true']);
  42         $home = $this->get('/');
  43         $home->assertSee(url('/login'));
  44         $home->assertSee(url('/register'));
  45     }
  46
  47     public function test_books_viewable()
  48     {
  49         $this->setSettings(['app-public' => 'true']);
  50         $books = Book::query()->orderBy('name', 'asc')->take(10)->get();
  51         $bookToVisit = $books[1];
  52
  53         // Check books index page is showing
  54         $resp = $this->get('/books');
  55         $resp->assertStatus(200);
  56         $resp->assertSee($books[0]->name);
  57
  58         // Check individual book page is showing and it's child contents are visible.
  59         $resp = $this->get($bookToVisit->getUrl());
  60         $resp->assertSee($bookToVisit->name);
  61         $resp->assertSee($bookToVisit->chapters()->first()->name);
  62     }
  63
  64     public function test_chapters_viewable()
  65     {
  66         $this->setSettings(['app-public' => 'true']);
  67         /** @var Chapter $chapterToVisit */
  68         $chapterToVisit = Chapter::query()->first();
  69         $pageToVisit = $chapterToVisit->pages()->first();
  70
  71         // Check chapters index page is showing
  72         $resp = $this->get($chapterToVisit->getUrl());
  73         $resp->assertStatus(200);
  74         $resp->assertSee($chapterToVisit->name);
  75         // Check individual chapter page is showing and it's child contents are visible.
  76         $resp->assertSee($pageToVisit->name);
  77         $resp = $this->get($pageToVisit->getUrl());
  78         $resp->assertStatus(200);
  79         $resp->assertSee($chapterToVisit->book->name);
  80         $resp->assertSee($chapterToVisit->name);
  81     }
  82
  83     public function test_public_page_creation()
  84     {
  85         $this->setSettings(['app-public' => 'true']);
  86         $publicRole = Role::getSystemRole('public');
  87         // Grant all permissions to public
  88         $publicRole->permissions()->detach();
  89         foreach (RolePermission::all() as $perm) {
  90             $publicRole->attachPermission($perm);
  91         }
  92         $this->app->make(JointPermissionBuilder::class)->rebuildForRole($publicRole);
  93         user()->clearPermissionCache();
  94
  95         $chapter = $this->entities->chapter();
  96         $resp = $this->get($chapter->getUrl());
  97         $resp->assertSee('New Page');
  98         $this->withHtml($resp)->assertElementExists('a[href="' . $chapter->getUrl('/create-page') . '"]');
  99
 100         $resp = $this->get($chapter->getUrl('/create-page'));
 101         $resp->assertSee('Continue');
 102         $resp->assertSee('Page Name');
 103         $this->withHtml($resp)->assertElementExists('form[action="' . $chapter->getUrl('/create-guest-page') . '"]');
 104
 105         $resp = $this->post($chapter->getUrl('/create-guest-page'), ['name' => 'My guest page']);
 106         $resp->assertRedirect($chapter->book->getUrl('/page/my-guest-page/edit'));
 107
 108         $user = User::getDefault();
 109         $this->assertDatabaseHas('pages', [
 110             'name'       => 'My guest page',
 111             'chapter_id' => $chapter->id,
 112             'created_by' => $user->id,
 113             'updated_by' => $user->id,
 114         ]);
 115     }
 116
 117     public function test_content_not_listed_on_404_for_public_users()
 118     {
 119         $page = $this->entities->page();
 120         $page->fill(['name' => 'my testing random unique page name'])->save();
 121         $this->asAdmin()->get($page->getUrl()); // Fake visit to show on recents
 122         $resp = $this->get('/cats/dogs/hippos');
 123         $resp->assertStatus(404);
 124         $resp->assertSee($page->name);
 125         View::share('pageTitle', '');
 126
 127         Auth::logout();
 128         $resp = $this->get('/cats/dogs/hippos');
 129         $resp->assertStatus(404);
 130         $resp->assertDontSee($page->name);
 131     }
 132
 133     public function test_robots_effected_by_public_status()
 134     {
 135         $this->get('/robots.txt')->assertSee("User-agent: *\nDisallow: /");
 136
 137         $this->setSettings(['app-public' => 'true']);
 138
 139         $resp = $this->get('/robots.txt');
 140         $resp->assertSee("User-agent: *\nDisallow:");
 141         $resp->assertDontSee('Disallow: /');
 142     }
 143
 144     public function test_robots_effected_by_setting()
 145     {
 146         $this->get('/robots.txt')->assertSee("User-agent: *\nDisallow: /");
 147
 148         config()->set('app.allow_robots', true);
 149
 150         $resp = $this->get('/robots.txt');
 151         $resp->assertSee("User-agent: *\nDisallow:");
 152         $resp->assertDontSee('Disallow: /');
 153
 154         // Check config overrides app-public setting
 155         config()->set('app.allow_robots', false);
 156         $this->setSettings(['app-public' => 'true']);
 157         $this->get('/robots.txt')->assertSee("User-agent: *\nDisallow: /");
 158     }
 159
 160     public function test_public_view_then_login_redirects_to_previous_content()
 161     {
 162         $this->setSettings(['app-public' => 'true']);
 163         $book = $this->entities->book();
 164         $resp = $this->get($book->getUrl());
 165         $resp->assertSee($book->name);
 166
 167         $this->get('/login');
 168         $resp = $this->post('/login', ['email' => '[email protected]', 'password' => 'password']);
 169         $resp->assertRedirect($book->getUrl());
 170     }
 171
 172     public function test_access_hidden_content_then_login_redirects_to_intended_content()
 173     {
 174         $this->setSettings(['app-public' => 'true']);
 175         $book = $this->entities->book();
 176         $this->permissions->setEntityPermissions($book);
 177
 178         $resp = $this->get($book->getUrl());
 179         $resp->assertSee('Book not found');
 180
 181         $this->get('/login');
 182         $resp = $this->post('/login', ['email' => '[email protected]', 'password' => 'password']);
 183         $resp->assertRedirect($book->getUrl());
 184         $this->followRedirects($resp)->assertSee($book->name);
 185     }
 186 }