X-Git-Url: http://source.bookstackapp.com/bookstack/blobdiff_plain/f77236aa3832a5a0f050e097c60189b9b6a19969..8bdf948743016f0461e589759130cbb50e46ab20:/tests/Entity/CommentTest.php diff --git a/tests/Entity/CommentTest.php b/tests/Entity/CommentTest.php index b613f80a1..baf0d392b 100644 --- a/tests/Entity/CommentTest.php +++ b/tests/Entity/CommentTest.php @@ -2,7 +2,8 @@ namespace Tests\Entity; -use BookStack\Actions\Comment; +use BookStack\Activity\ActivityType; +use BookStack\Activity\Models\Comment; use BookStack\Entities\Models\Page; use Tests\TestCase; @@ -11,56 +12,86 @@ class CommentTest extends TestCase public function test_add_comment() { $this->asAdmin(); - $page = Page::first(); + $page = $this->entities->page(); - $comment = factory(Comment::class)->make(['parent_id' => 2]); + $comment = Comment::factory()->make(['parent_id' => 2]); $resp = $this->postJson("/comment/$page->id", $comment->getAttributes()); $resp->assertStatus(200); - $resp->assertSee($comment->text); + $resp->assertSee($comment->html, false); $pageResp = $this->get($page->getUrl()); - $pageResp->assertSee($comment->text); + $pageResp->assertSee($comment->html, false); $this->assertDatabaseHas('comments', [ 'local_id' => 1, 'entity_id' => $page->id, 'entity_type' => Page::newModelInstance()->getMorphClass(), - 'text' => $comment->text, + 'text' => null, 'parent_id' => 2, ]); + + $this->assertActivityExists(ActivityType::COMMENT_CREATE); + } + public function test_add_comment_stores_content_reference_only_if_format_valid() + { + $validityByRefs = [ + 'bkmrk-my-title:4589284922:4-3' => true, + 'bkmrk-my-title:4589284922:' => true, + 'bkmrk-my-title:4589284922:abc' => false, + 'my-title:4589284922:' => false, + 'bkmrk-my-title-4589284922:' => false, + ]; + + $page = $this->entities->page(); + + foreach ($validityByRefs as $ref => $valid) { + $this->asAdmin()->postJson("/comment/$page->id", [ + 'html' => '

My comment

', + 'parent_id' => null, + 'content_ref' => $ref, + ]); + + if ($valid) { + $this->assertDatabaseHas('comments', ['entity_id' => $page->id, 'content_ref' => $ref]); + } else { + $this->assertDatabaseMissing('comments', ['entity_id' => $page->id, 'content_ref' => $ref]); + } + } } public function test_comment_edit() { $this->asAdmin(); - $page = Page::first(); + $page = $this->entities->page(); - $comment = factory(Comment::class)->make(); + $comment = Comment::factory()->make(); $this->postJson("/comment/$page->id", $comment->getAttributes()); $comment = $page->comments()->first(); - $newText = 'updated text content'; + $newHtml = '

updated text content

'; $resp = $this->putJson("/comment/$comment->id", [ - 'text' => $newText, + 'html' => $newHtml, ]); $resp->assertStatus(200); - $resp->assertSee($newText); - $resp->assertDontSee($comment->text); + $resp->assertSee($newHtml, false); + $resp->assertDontSee($comment->html, false); $this->assertDatabaseHas('comments', [ - 'text' => $newText, + 'html' => $newHtml, 'entity_id' => $page->id, ]); + + $this->assertActivityExists(ActivityType::COMMENT_UPDATE); } public function test_comment_delete() { $this->asAdmin(); - $page = Page::first(); + $page = $this->entities->page(); - $comment = factory(Comment::class)->make(); + $comment = Comment::factory()->make(); $this->postJson("/comment/$page->id", $comment->getAttributes()); $comment = $page->comments()->first(); @@ -71,47 +102,219 @@ class CommentTest extends TestCase $this->assertDatabaseMissing('comments', [ 'id' => $comment->id, ]); + + $this->assertActivityExists(ActivityType::COMMENT_DELETE); } - public function test_comments_converts_markdown_input_to_html() + public function test_comment_archive_and_unarchive() { - $page = Page::first(); - $this->asAdmin()->postJson("/comment/$page->id", [ - 'text' => '# My Title', + $this->asAdmin(); + $page = $this->entities->page(); + + $comment = Comment::factory()->make(); + $page->comments()->save($comment); + $comment->refresh(); + + $this->put("/comment/$comment->id/archive"); + + $this->assertDatabaseHas('comments', [ + 'id' => $comment->id, + 'archived' => true, ]); + $this->assertActivityExists(ActivityType::COMMENT_UPDATE); + + $this->put("/comment/$comment->id/unarchive"); + $this->assertDatabaseHas('comments', [ - 'entity_id' => $page->id, - 'entity_type' => $page->getMorphClass(), - 'text' => '# My Title', - 'html' => "

My Title

\n", + 'id' => $comment->id, + 'archived' => false, ]); - $pageView = $this->get($page->getUrl()); - $pageView->assertSee('

My Title

', false); + $this->assertActivityExists(ActivityType::COMMENT_UPDATE); } - public function test_html_cannot_be_injected_via_comment_content() + public function test_archive_endpoints_require_delete_or_edit_permissions() { - $this->asAdmin(); - $page = Page::first(); + $viewer = $this->users->viewer(); + $page = $this->entities->page(); - $script = '\n\n# sometextinthecomment'; - $this->postJson("/comment/$page->id", [ - 'text' => $script, + $comment = Comment::factory()->make(); + $page->comments()->save($comment); + $comment->refresh(); + + $endpoints = ["/comment/$comment->id/archive", "/comment/$comment->id/unarchive"]; + + foreach ($endpoints as $endpoint) { + $resp = $this->actingAs($viewer)->put($endpoint); + $this->assertPermissionError($resp); + } + + $this->permissions->grantUserRolePermissions($viewer, ['comment-delete-all']); + + foreach ($endpoints as $endpoint) { + $resp = $this->actingAs($viewer)->put($endpoint); + $resp->assertOk(); + } + + $this->permissions->removeUserRolePermissions($viewer, ['comment-delete-all']); + $this->permissions->grantUserRolePermissions($viewer, ['comment-update-all']); + + foreach ($endpoints as $endpoint) { + $resp = $this->actingAs($viewer)->put($endpoint); + $resp->assertOk(); + } + } + + public function test_scripts_cannot_be_injected_via_comment_html() + { + $page = $this->entities->page(); + + $script = '

My lovely comment

'; + $this->asAdmin()->postJson("/comment/$page->id", [ + 'html' => $script, ]); $pageView = $this->get($page->getUrl()); $pageView->assertDontSee($script, false); - $pageView->assertSee('sometextinthecomment'); + $pageView->assertSee('

My lovely comment

', false); $comment = $page->comments()->first(); $this->putJson("/comment/$comment->id", [ - 'text' => $script . 'updated', + 'html' => $script . '

updated

', ]); $pageView = $this->get($page->getUrl()); $pageView->assertDontSee($script, false); - $pageView->assertSee('sometextinthecommentupdated'); + $pageView->assertSee('

My lovely comment

updated

'); + } + + public function test_scripts_are_removed_even_if_already_in_db() + { + $page = $this->entities->page(); + Comment::factory()->create([ + 'html' => '

scriptincommentest

', + 'entity_type' => 'page', 'entity_id' => $page + ]); + + $resp = $this->asAdmin()->get($page->getUrl()); + $resp->assertSee('scriptincommentest', false); + $resp->assertDontSee('superbadscript', false); + $resp->assertDontSee('superbadonclick', false); + } + + public function test_comment_html_is_limited() + { + $page = $this->entities->page(); + $input = '

Test

Contenta

Hello

'; + $expected = '

Contenta

'; + + $resp = $this->asAdmin()->post("/comment/{$page->id}", ['html' => $input]); + $resp->assertOk(); + $this->assertDatabaseHas('comments', [ + 'entity_type' => 'page', + 'entity_id' => $page->id, + 'html' => $expected, + ]); + + $comment = $page->comments()->first(); + $resp = $this->put("/comment/{$comment->id}", ['html' => $input]); + $resp->assertOk(); + $this->assertDatabaseHas('comments', [ + 'id' => $comment->id, + 'html' => $expected, + ]); + } + + public function test_reply_comments_are_nested() + { + $this->asAdmin(); + $page = $this->entities->page(); + + $this->postJson("/comment/$page->id", ['html' => '

My new comment

']); + $this->postJson("/comment/$page->id", ['html' => '

My new comment

']); + + $respHtml = $this->withHtml($this->get($page->getUrl())); + $respHtml->assertElementCount('.comment-branch', 3); + $respHtml->assertElementNotExists('.comment-branch .comment-branch'); + + $comment = $page->comments()->first(); + $resp = $this->postJson("/comment/$page->id", [ + 'html' => '

My nested comment

', 'parent_id' => $comment->local_id + ]); + $resp->assertStatus(200); + + $respHtml = $this->withHtml($this->get($page->getUrl())); + $respHtml->assertElementCount('.comment-branch', 4); + $respHtml->assertElementContains('.comment-branch .comment-branch', 'My nested comment'); + } + + public function test_comments_are_visible_in_the_page_editor() + { + $page = $this->entities->page(); + + $this->asAdmin()->postJson("/comment/$page->id", ['html' => '

My great comment to see in the editor

']); + + $respHtml = $this->withHtml($this->get($page->getUrl('/edit'))); + $respHtml->assertElementContains('.comment-box .content', 'My great comment to see in the editor'); + } + + public function test_comment_creator_name_truncated() + { + [$longNamedUser] = $this->users->newUserWithRole(['name' => 'Wolfeschlegelsteinhausenbergerdorff'], ['comment-create-all', 'page-view-all']); + $page = $this->entities->page(); + + $comment = Comment::factory()->make(); + $this->actingAs($longNamedUser)->postJson("/comment/$page->id", $comment->getAttributes()); + + $pageResp = $this->asAdmin()->get($page->getUrl()); + $pageResp->assertSee('Wolfeschlegels…'); + } + + public function test_comment_editor_js_loaded_with_create_or_edit_permissions() + { + $editor = $this->users->editor(); + $page = $this->entities->page(); + + $resp = $this->actingAs($editor)->get($page->getUrl()); + $resp->assertSee('tinymce.min.js?', false); + $resp->assertSee('window.editor_translations', false); + $resp->assertSee('component="entity-selector"', false); + + $this->permissions->removeUserRolePermissions($editor, ['comment-create-all']); + $this->permissions->grantUserRolePermissions($editor, ['comment-update-own']); + + $resp = $this->actingAs($editor)->get($page->getUrl()); + $resp->assertDontSee('tinymce.min.js?', false); + $resp->assertDontSee('window.editor_translations', false); + $resp->assertDontSee('component="entity-selector"', false); + + Comment::factory()->create([ + 'created_by' => $editor->id, + 'entity_type' => 'page', + 'entity_id' => $page->id, + ]); + + $resp = $this->actingAs($editor)->get($page->getUrl()); + $resp->assertSee('tinymce.min.js?', false); + $resp->assertSee('window.editor_translations', false); + $resp->assertSee('component="entity-selector"', false); + } + + public function test_comment_displays_relative_times() + { + $page = $this->entities->page(); + $comment = Comment::factory()->create(['entity_id' => $page->id, 'entity_type' => $page->getMorphClass()]); + $comment->created_at = now()->subWeek(); + $comment->updated_at = now()->subDay(); + $comment->save(); + + $pageResp = $this->asAdmin()->get($page->getUrl()); + $html = $this->withHtml($pageResp); + + // Create date shows relative time as text to user + $html->assertElementContains('.comment-box', 'commented 1 week ago'); + // Updated indicator has full time as title + $html->assertElementContains('.comment-box span[title^="Updated ' . $comment->updated_at->format('Y-m-d') . '"]', 'Updated'); } }