<?php
+namespace Tests;
+
+use BookStack\Auth\Permissions\JointPermissionBuilder;
+use BookStack\Auth\Permissions\RolePermission;
+use BookStack\Auth\Role;
+use BookStack\Auth\User;
+use BookStack\Entities\Models\Book;
+use BookStack\Entities\Models\Chapter;
+use Illuminate\Support\Facades\Auth;
+use Illuminate\Support\Facades\View;
+
class PublicActionTest extends TestCase
{
-
public function test_app_not_public()
{
$this->setSettings(['app-public' => 'false']);
- $book = \BookStack\Book::orderBy('name', 'asc')->first();
- $this->visit('/books')->seePageIs('/login');
- $this->visit($book->getUrl())->seePageIs('/login');
+ $book = $this->entities->book();
+ $this->get('/books')->assertRedirect('/login');
+ $this->get($book->getUrl())->assertRedirect('/login');
+
+ $page = $this->entities->page();
+ $this->get($page->getUrl())->assertRedirect('/login');
+ }
+
+ public function test_login_link_visible()
+ {
+ $this->setSettings(['app-public' => 'true']);
+ $resp = $this->get('/');
+ $this->withHtml($resp)->assertElementExists('a[href="' . url('/login') . '"]');
+ }
+
+ public function test_register_link_visible_when_enabled()
+ {
+ $this->setSettings(['app-public' => 'true']);
+ $home = $this->get('/');
+ $home->assertSee(url('/login'));
+ $home->assertDontSee(url('/register'));
- $page = \BookStack\Page::first();
- $this->visit($page->getUrl())->seePageIs('/login');
+ $this->setSettings(['app-public' => 'true', 'registration-enabled' => 'true']);
+ $home = $this->get('/');
+ $home->assertSee(url('/login'));
+ $home->assertSee(url('/register'));
}
public function test_books_viewable()
{
$this->setSettings(['app-public' => 'true']);
- $books = \BookStack\Book::orderBy('name', 'asc')->take(10)->get();
+ $books = Book::query()->orderBy('name', 'asc')->take(10)->get();
$bookToVisit = $books[1];
// Check books index page is showing
- $this->visit('/books')
- ->seeStatusCode(200)
- ->see($books[0]->name)
- // Check individual book page is showing and it's child contents are visible.
- ->click($bookToVisit->name)
- ->seePageIs($bookToVisit->getUrl())
- ->see($bookToVisit->name)
- ->see($bookToVisit->chapters()->first()->name);
+ $resp = $this->get('/books');
+ $resp->assertStatus(200);
+ $resp->assertSee($books[0]->name);
+
+ // Check individual book page is showing and it's child contents are visible.
+ $resp = $this->get($bookToVisit->getUrl());
+ $resp->assertSee($bookToVisit->name);
+ $resp->assertSee($bookToVisit->chapters()->first()->name);
}
public function test_chapters_viewable()
{
$this->setSettings(['app-public' => 'true']);
- $chapterToVisit = \BookStack\Chapter::first();
+ /** @var Chapter $chapterToVisit */
+ $chapterToVisit = Chapter::query()->first();
$pageToVisit = $chapterToVisit->pages()->first();
// Check chapters index page is showing
- $this->visit($chapterToVisit->getUrl())
- ->seeStatusCode(200)
- ->see($chapterToVisit->name)
- // Check individual chapter page is showing and it's child contents are visible.
- ->see($pageToVisit->name)
- ->click($pageToVisit->name)
- ->see($chapterToVisit->book->name)
- ->see($chapterToVisit->name)
- ->seePageIs($pageToVisit->getUrl());
+ $resp = $this->get($chapterToVisit->getUrl());
+ $resp->assertStatus(200);
+ $resp->assertSee($chapterToVisit->name);
+ // Check individual chapter page is showing and it's child contents are visible.
+ $resp->assertSee($pageToVisit->name);
+ $resp = $this->get($pageToVisit->getUrl());
+ $resp->assertStatus(200);
+ $resp->assertSee($chapterToVisit->book->name);
+ $resp->assertSee($chapterToVisit->name);
}
public function test_public_page_creation()
{
$this->setSettings(['app-public' => 'true']);
- $publicRole = \BookStack\Role::getSystemRole('public');
+ $publicRole = Role::getSystemRole('public');
// Grant all permissions to public
$publicRole->permissions()->detach();
- foreach (\BookStack\RolePermission::all() as $perm) {
+ foreach (RolePermission::all() as $perm) {
$publicRole->attachPermission($perm);
}
- $this->app[\BookStack\Services\PermissionService::class]->buildJointPermissionForRole($publicRole);
-
- $chapter = \BookStack\Chapter::first();
- $this->visit($chapter->book->getUrl());
- $this->visit($chapter->getUrl())
- ->click('New Page')
- ->see('New Page')
- ->seePageIs($chapter->getUrl('/create-page'));
-
- $this->submitForm('Continue', [
- 'name' => 'My guest page'
- ])->seePageIs($chapter->book->getUrl('/page/my-guest-page/edit'));
-
- $user = \BookStack\User::getDefault();
- $this->seeInDatabase('pages', [
- 'name' => 'My guest page',
+ $this->app->make(JointPermissionBuilder::class)->rebuildForRole($publicRole);
+ user()->clearPermissionCache();
+
+ $chapter = $this->entities->chapter();
+ $resp = $this->get($chapter->getUrl());
+ $resp->assertSee('New Page');
+ $this->withHtml($resp)->assertElementExists('a[href="' . $chapter->getUrl('/create-page') . '"]');
+
+ $resp = $this->get($chapter->getUrl('/create-page'));
+ $resp->assertSee('Continue');
+ $resp->assertSee('Page Name');
+ $this->withHtml($resp)->assertElementExists('form[action="' . $chapter->getUrl('/create-guest-page') . '"]');
+
+ $resp = $this->post($chapter->getUrl('/create-guest-page'), ['name' => 'My guest page']);
+ $resp->assertRedirect($chapter->book->getUrl('/page/my-guest-page/edit'));
+
+ $user = User::getDefault();
+ $this->assertDatabaseHas('pages', [
+ 'name' => 'My guest page',
'chapter_id' => $chapter->id,
'created_by' => $user->id,
- 'updated_by' => $user->id
+ 'updated_by' => $user->id,
]);
}
-}
\ No newline at end of file
+ public function test_content_not_listed_on_404_for_public_users()
+ {
+ $page = $this->entities->page();
+ $page->fill(['name' => 'my testing random unique page name'])->save();
+ $this->asAdmin()->get($page->getUrl()); // Fake visit to show on recents
+ $resp = $this->get('/cats/dogs/hippos');
+ $resp->assertStatus(404);
+ $resp->assertSee($page->name);
+ View::share('pageTitle', '');
+
+ Auth::logout();
+ $resp = $this->get('/cats/dogs/hippos');
+ $resp->assertStatus(404);
+ $resp->assertDontSee($page->name);
+ }
+
+ public function test_robots_effected_by_public_status()
+ {
+ $this->get('/robots.txt')->assertSee("User-agent: *\nDisallow: /");
+
+ $this->setSettings(['app-public' => 'true']);
+
+ $resp = $this->get('/robots.txt');
+ $resp->assertSee("User-agent: *\nDisallow:");
+ $resp->assertDontSee('Disallow: /');
+ }
+
+ public function test_robots_effected_by_setting()
+ {
+ $this->get('/robots.txt')->assertSee("User-agent: *\nDisallow: /");
+
+ config()->set('app.allow_robots', true);
+
+ $resp = $this->get('/robots.txt');
+ $resp->assertSee("User-agent: *\nDisallow:");
+ $resp->assertDontSee('Disallow: /');
+
+ // Check config overrides app-public setting
+ config()->set('app.allow_robots', false);
+ $this->setSettings(['app-public' => 'true']);
+ $this->get('/robots.txt')->assertSee("User-agent: *\nDisallow: /");
+ }
+
+ public function test_public_view_then_login_redirects_to_previous_content()
+ {
+ $this->setSettings(['app-public' => 'true']);
+ $book = $this->entities->book();
+ $resp = $this->get($book->getUrl());
+ $resp->assertSee($book->name);
+
+ $this->get('/login');
+ $resp = $this->post('/login', ['email' => '
[email protected]', 'password' => 'password']);
+ $resp->assertRedirect($book->getUrl());
+ }
+
+ public function test_access_hidden_content_then_login_redirects_to_intended_content()
+ {
+ $this->setSettings(['app-public' => 'true']);
+ $book = $this->entities->book();
+ $this->entities->setPermissions($book);
+
+ $resp = $this->get($book->getUrl());
+ $resp->assertSee('Book not found');
+
+ $this->get('/login');
+ $resp = $this->post('/login', ['email' => '
[email protected]', 'password' => 'password']);
+ $resp->assertRedirect($book->getUrl());
+ $this->followRedirects($resp)->assertSee($book->name);
+ }
+}
projects / bookstack / blobdiff