BookStack Code Mirror - bookstack/blob - tests/Entity/CommentTest.php

   1 <?php
   2
   3 namespace Tests\Entity;
   4
   5 use BookStack\Activity\ActivityType;
   6 use BookStack\Activity\Models\Comment;
   7 use BookStack\Entities\Models\Page;
   8 use Tests\TestCase;
   9
  10 class CommentTest extends TestCase
  11 {
  12     public function test_add_comment()
  13     {
  14         $this->asAdmin();
  15         $page = $this->entities->page();
  16
  17         $comment = Comment::factory()->make(['parent_id' => 2]);
  18         $resp = $this->postJson("/comment/$page->id", $comment->getAttributes());
  19
  20         $resp->assertStatus(200);
  21         $resp->assertSee($comment->html, false);
  22
  23         $pageResp = $this->get($page->getUrl());
  24         $pageResp->assertSee($comment->html, false);
  25
  26         $this->assertDatabaseHas('comments', [
  27             'local_id'    => 1,
  28             'entity_id'   => $page->id,
  29             'entity_type' => Page::newModelInstance()->getMorphClass(),
  30             'text'        => null,
  31             'parent_id'   => 2,
  32         ]);
  33
  34         $this->assertActivityExists(ActivityType::COMMENT_CREATE);
  35     }
  36
  37     public function test_comment_edit()
  38     {
  39         $this->asAdmin();
  40         $page = $this->entities->page();
  41
  42         $comment = Comment::factory()->make();
  43         $this->postJson("/comment/$page->id", $comment->getAttributes());
  44
  45         $comment = $page->comments()->first();
  46         $newHtml = '<p>updated text content</p>';
  47         $resp = $this->putJson("/comment/$comment->id", [
  48             'html' => $newHtml,
  49         ]);
  50
  51         $resp->assertStatus(200);
  52         $resp->assertSee($newHtml, false);
  53         $resp->assertDontSee($comment->html, false);
  54
  55         $this->assertDatabaseHas('comments', [
  56             'html'      => $newHtml,
  57             'entity_id' => $page->id,
  58         ]);
  59
  60         $this->assertActivityExists(ActivityType::COMMENT_UPDATE);
  61     }
  62
  63     public function test_comment_delete()
  64     {
  65         $this->asAdmin();
  66         $page = $this->entities->page();
  67
  68         $comment = Comment::factory()->make();
  69         $this->postJson("/comment/$page->id", $comment->getAttributes());
  70
  71         $comment = $page->comments()->first();
  72
  73         $resp = $this->delete("/comment/$comment->id");
  74         $resp->assertStatus(200);
  75
  76         $this->assertDatabaseMissing('comments', [
  77             'id' => $comment->id,
  78         ]);
  79
  80         $this->assertActivityExists(ActivityType::COMMENT_DELETE);
  81     }
  82
  83     public function test_scripts_cannot_be_injected_via_comment_html()
  84     {
  85         $page = $this->entities->page();
  86
  87         $script = '<script>const a = "script";</script><p onclick="1">My lovely comment</p>';
  88         $this->asAdmin()->postJson("/comment/$page->id", [
  89             'html' => $script,
  90         ]);
  91
  92         $pageView = $this->get($page->getUrl());
  93         $pageView->assertDontSee($script, false);
  94         $pageView->assertSee('<p>My lovely comment</p>', false);
  95
  96         $comment = $page->comments()->first();
  97         $this->putJson("/comment/$comment->id", [
  98             'html' => $script . '<p>updated</p>',
  99         ]);
 100
 101         $pageView = $this->get($page->getUrl());
 102         $pageView->assertDontSee($script, false);
 103         $pageView->assertSee('<p>My lovely comment</p><p>updated</p>');
 104     }
 105
 106     public function test_scripts_are_removed_even_if_already_in_db()
 107     {
 108         $page = $this->entities->page();
 109         Comment::factory()->create([
 110             'html' => '<script>superbadscript</script><p onclick="superbadonclick">scriptincommentest</p>',
 111             'entity_type' => 'page', 'entity_id' => $page
 112         ]);
 113
 114         $resp = $this->asAdmin()->get($page->getUrl());
 115         $resp->assertSee('scriptincommentest', false);
 116         $resp->assertDontSee('superbadscript', false);
 117         $resp->assertDontSee('superbadonclick', false);
 118     }
 119
 120     public function test_reply_comments_are_nested()
 121     {
 122         $this->asAdmin();
 123         $page = $this->entities->page();
 124
 125         $this->postJson("/comment/$page->id", ['html' => '<p>My new comment</p>']);
 126         $this->postJson("/comment/$page->id", ['html' => '<p>My new comment</p>']);
 127
 128         $respHtml = $this->withHtml($this->get($page->getUrl()));
 129         $respHtml->assertElementCount('.comment-branch', 3);
 130         $respHtml->assertElementNotExists('.comment-branch .comment-branch');
 131
 132         $comment = $page->comments()->first();
 133         $resp = $this->postJson("/comment/$page->id", [
 134             'html' => '<p>My nested comment</p>', 'parent_id' => $comment->local_id
 135         ]);
 136         $resp->assertStatus(200);
 137
 138         $respHtml = $this->withHtml($this->get($page->getUrl()));
 139         $respHtml->assertElementCount('.comment-branch', 4);
 140         $respHtml->assertElementContains('.comment-branch .comment-branch', 'My nested comment');
 141     }
 142
 143     public function test_comments_are_visible_in_the_page_editor()
 144     {
 145         $page = $this->entities->page();
 146
 147         $this->asAdmin()->postJson("/comment/$page->id", ['html' => '<p>My great comment to see in the editor</p>']);
 148
 149         $respHtml = $this->withHtml($this->get($page->getUrl('/edit')));
 150         $respHtml->assertElementContains('.comment-box .content', 'My great comment to see in the editor');
 151     }
 152
 153     public function test_comment_creator_name_truncated()
 154     {
 155         [$longNamedUser] = $this->users->newUserWithRole(['name' => 'Wolfeschlegelsteinhausenbergerdorff'], ['comment-create-all', 'page-view-all']);
 156         $page = $this->entities->page();
 157
 158         $comment = Comment::factory()->make();
 159         $this->actingAs($longNamedUser)->postJson("/comment/$page->id", $comment->getAttributes());
 160
 161         $pageResp = $this->asAdmin()->get($page->getUrl());
 162         $pageResp->assertSee('Wolfeschlegels…');
 163     }
 164
 165     public function test_comment_editor_js_loaded_with_create_or_edit_permissions()
 166     {
 167         $editor = $this->users->editor();
 168         $page = $this->entities->page();
 169
 170         $resp = $this->actingAs($editor)->get($page->getUrl());
 171         $resp->assertSee('tinymce.min.js?', false);
 172         $resp->assertSee('window.editor_translations', false);
 173         $resp->assertSee('component="entity-selector"', false);
 174
 175         $this->permissions->removeUserRolePermissions($editor, ['comment-create-all']);
 176         $this->permissions->grantUserRolePermissions($editor, ['comment-update-own']);
 177
 178         $resp = $this->actingAs($editor)->get($page->getUrl());
 179         $resp->assertDontSee('tinymce.min.js?', false);
 180         $resp->assertDontSee('window.editor_translations', false);
 181         $resp->assertDontSee('component="entity-selector"', false);
 182
 183         Comment::factory()->create([
 184             'created_by'  => $editor->id,
 185             'entity_type' => 'page',
 186             'entity_id'   => $page->id,
 187         ]);
 188
 189         $resp = $this->actingAs($editor)->get($page->getUrl());
 190         $resp->assertSee('tinymce.min.js?', false);
 191         $resp->assertSee('window.editor_translations', false);
 192         $resp->assertSee('component="entity-selector"', false);
 193     }
 194 }