X-Git-Url: http://source.bookstackapp.com/bookstack/blobdiff_plain/9135a85de4eef32a91c7a3ee0aa405ed454e5a4c..refs/pull/5280/head:/tests/Entity/CommentTest.php diff --git a/tests/Entity/CommentTest.php b/tests/Entity/CommentTest.php index 99e3525a0..73136235c 100644 --- a/tests/Entity/CommentTest.php +++ b/tests/Entity/CommentTest.php @@ -2,7 +2,8 @@ namespace Tests\Entity; -use BookStack\Actions\Comment; +use BookStack\Activity\ActivityType; +use BookStack\Activity\Models\Comment; use BookStack\Entities\Models\Page; use Tests\TestCase; @@ -17,18 +18,20 @@ class CommentTest extends TestCase $resp = $this->postJson("/comment/$page->id", $comment->getAttributes()); $resp->assertStatus(200); - $resp->assertSee($comment->text); + $resp->assertSee($comment->html, false); $pageResp = $this->get($page->getUrl()); - $pageResp->assertSee($comment->text); + $pageResp->assertSee($comment->html, false); $this->assertDatabaseHas('comments', [ 'local_id' => 1, 'entity_id' => $page->id, 'entity_type' => Page::newModelInstance()->getMorphClass(), - 'text' => $comment->text, + 'text' => null, 'parent_id' => 2, ]); + + $this->assertActivityExists(ActivityType::COMMENT_CREATE); } public function test_comment_edit() @@ -40,19 +43,21 @@ class CommentTest extends TestCase $this->postJson("/comment/$page->id", $comment->getAttributes()); $comment = $page->comments()->first(); - $newText = 'updated text content'; + $newHtml = '

updated text content

'; $resp = $this->putJson("/comment/$comment->id", [ - 'text' => $newText, + 'html' => $newHtml, ]); $resp->assertStatus(200); - $resp->assertSee($newText); - $resp->assertDontSee($comment->text); + $resp->assertSee($newHtml, false); + $resp->assertDontSee($comment->html, false); $this->assertDatabaseHas('comments', [ - 'text' => $newText, + 'html' => $newHtml, 'entity_id' => $page->id, ]); + + $this->assertActivityExists(ActivityType::COMMENT_UPDATE); } public function test_comment_delete() @@ -71,47 +76,142 @@ class CommentTest extends TestCase $this->assertDatabaseMissing('comments', [ 'id' => $comment->id, ]); + + $this->assertActivityExists(ActivityType::COMMENT_DELETE); } - public function test_comments_converts_markdown_input_to_html() + public function test_scripts_cannot_be_injected_via_comment_html() { $page = $this->entities->page(); + + $script = '

My lovely comment

'; $this->asAdmin()->postJson("/comment/$page->id", [ - 'text' => '# My Title', + 'html' => $script, ]); - $this->assertDatabaseHas('comments', [ - 'entity_id' => $page->id, - 'entity_type' => $page->getMorphClass(), - 'text' => '# My Title', - 'html' => "

My Title

\n", + $pageView = $this->get($page->getUrl()); + $pageView->assertDontSee($script, false); + $pageView->assertSee('

My lovely comment

', false); + + $comment = $page->comments()->first(); + $this->putJson("/comment/$comment->id", [ + 'html' => $script . '

updated

', ]); $pageView = $this->get($page->getUrl()); - $pageView->assertSee('

My Title

', false); + $pageView->assertDontSee($script, false); + $pageView->assertSee('

My lovely comment

updated

'); } - public function test_html_cannot_be_injected_via_comment_content() + public function test_scripts_are_removed_even_if_already_in_db() + { + $page = $this->entities->page(); + Comment::factory()->create([ + 'html' => '

scriptincommentest

', + 'entity_type' => 'page', 'entity_id' => $page + ]); + + $resp = $this->asAdmin()->get($page->getUrl()); + $resp->assertSee('scriptincommentest', false); + $resp->assertDontSee('superbadscript', false); + $resp->assertDontSee('superbadonclick', false); + } + + public function test_comment_html_is_limited() { - $this->asAdmin(); $page = $this->entities->page(); + $input = '

Test

Contenta

Hello

'; + $expected = '

Contenta

'; - $script = '\n\n# sometextinthecomment'; - $this->postJson("/comment/$page->id", [ - 'text' => $script, + $resp = $this->asAdmin()->post("/comment/{$page->id}", ['html' => $input]); + $resp->assertOk(); + $this->assertDatabaseHas('comments', [ + 'entity_type' => 'page', + 'entity_id' => $page->id, + 'html' => $expected, ]); - $pageView = $this->get($page->getUrl()); - $pageView->assertDontSee($script, false); - $pageView->assertSee('sometextinthecomment'); + $comment = $page->comments()->first(); + $resp = $this->put("/comment/{$comment->id}", ['html' => $input]); + $resp->assertOk(); + $this->assertDatabaseHas('comments', [ + 'id' => $comment->id, + 'html' => $expected, + ]); + } + + public function test_reply_comments_are_nested() + { + $this->asAdmin(); + $page = $this->entities->page(); + + $this->postJson("/comment/$page->id", ['html' => '

My new comment

']); + $this->postJson("/comment/$page->id", ['html' => '

My new comment

']); + + $respHtml = $this->withHtml($this->get($page->getUrl())); + $respHtml->assertElementCount('.comment-branch', 3); + $respHtml->assertElementNotExists('.comment-branch .comment-branch'); $comment = $page->comments()->first(); - $this->putJson("/comment/$comment->id", [ - 'text' => $script . 'updated', + $resp = $this->postJson("/comment/$page->id", [ + 'html' => '

My nested comment

', 'parent_id' => $comment->local_id ]); + $resp->assertStatus(200); - $pageView = $this->get($page->getUrl()); - $pageView->assertDontSee($script, false); - $pageView->assertSee('sometextinthecommentupdated'); + $respHtml = $this->withHtml($this->get($page->getUrl())); + $respHtml->assertElementCount('.comment-branch', 4); + $respHtml->assertElementContains('.comment-branch .comment-branch', 'My nested comment'); + } + + public function test_comments_are_visible_in_the_page_editor() + { + $page = $this->entities->page(); + + $this->asAdmin()->postJson("/comment/$page->id", ['html' => '

My great comment to see in the editor

']); + + $respHtml = $this->withHtml($this->get($page->getUrl('/edit'))); + $respHtml->assertElementContains('.comment-box .content', 'My great comment to see in the editor'); + } + + public function test_comment_creator_name_truncated() + { + [$longNamedUser] = $this->users->newUserWithRole(['name' => 'Wolfeschlegelsteinhausenbergerdorff'], ['comment-create-all', 'page-view-all']); + $page = $this->entities->page(); + + $comment = Comment::factory()->make(); + $this->actingAs($longNamedUser)->postJson("/comment/$page->id", $comment->getAttributes()); + + $pageResp = $this->asAdmin()->get($page->getUrl()); + $pageResp->assertSee('Wolfeschlegels…'); + } + + public function test_comment_editor_js_loaded_with_create_or_edit_permissions() + { + $editor = $this->users->editor(); + $page = $this->entities->page(); + + $resp = $this->actingAs($editor)->get($page->getUrl()); + $resp->assertSee('tinymce.min.js?', false); + $resp->assertSee('window.editor_translations', false); + $resp->assertSee('component="entity-selector"', false); + + $this->permissions->removeUserRolePermissions($editor, ['comment-create-all']); + $this->permissions->grantUserRolePermissions($editor, ['comment-update-own']); + + $resp = $this->actingAs($editor)->get($page->getUrl()); + $resp->assertDontSee('tinymce.min.js?', false); + $resp->assertDontSee('window.editor_translations', false); + $resp->assertDontSee('component="entity-selector"', false); + + Comment::factory()->create([ + 'created_by' => $editor->id, + 'entity_type' => 'page', + 'entity_id' => $page->id, + ]); + + $resp = $this->actingAs($editor)->get($page->getUrl()); + $resp->assertSee('tinymce.min.js?', false); + $resp->assertSee('window.editor_translations', false); + $resp->assertSee('component="entity-selector"', false); } }