X-Git-Url: http://source.bookstackapp.com/bookstack/blobdiff_plain/f84bf8e883e8e5bd9a24b908e2f90a2742d36d19..06901b878f2c8057a6f9b7d2e0adfda425c68dee:/tests/Entity/CommentTest.php diff --git a/tests/Entity/CommentTest.php b/tests/Entity/CommentTest.php index a2126407b..76e014e80 100644 --- a/tests/Entity/CommentTest.php +++ b/tests/Entity/CommentTest.php @@ -1,19 +1,21 @@ -asAdmin(); - $page = Page::first(); + $page = $this->entities->page(); - $comment = factory(Comment::class)->make(['parent_id' => 2]); - $resp = $this->postJson("/ajax/page/$page->id/comment", $comment->getAttributes()); + $comment = Comment::factory()->make(['parent_id' => 2]); + $resp = $this->postJson("/comment/$page->id", $comment->getAttributes()); $resp->assertStatus(200); $resp->assertSee($comment->text); @@ -22,54 +24,171 @@ class CommentTest extends TestCase $pageResp->assertSee($comment->text); $this->assertDatabaseHas('comments', [ - 'local_id' => 1, - 'entity_id' => $page->id, + 'local_id' => 1, + 'entity_id' => $page->id, 'entity_type' => Page::newModelInstance()->getMorphClass(), - 'text' => $comment->text, - 'parent_id' => 2 + 'text' => null, + 'parent_id' => 2, ]); + + $this->assertActivityExists(ActivityType::COMMENT_CREATE); } public function test_comment_edit() { $this->asAdmin(); - $page = Page::first(); + $page = $this->entities->page(); - $comment = factory(Comment::class)->make(); - $this->postJson("/ajax/page/$page->id/comment", $comment->getAttributes()); + $comment = Comment::factory()->make(); + $this->postJson("/comment/$page->id", $comment->getAttributes()); $comment = $page->comments()->first(); - $newText = 'updated text content'; - $resp = $this->putJson("/ajax/comment/$comment->id", [ - 'text' => $newText, - 'html' => '

'.$newText.'

', + $newHtml = '

updated text content

'; + $resp = $this->putJson("/comment/$comment->id", [ + 'html' => $newHtml, ]); $resp->assertStatus(200); - $resp->assertSee($newText); - $resp->assertDontSee($comment->text); + $resp->assertSee($newHtml, false); + $resp->assertDontSee($comment->html, false); $this->assertDatabaseHas('comments', [ - 'text' => $newText, - 'entity_id' => $page->id + 'html' => $newHtml, + 'entity_id' => $page->id, ]); + + $this->assertActivityExists(ActivityType::COMMENT_UPDATE); } public function test_comment_delete() { $this->asAdmin(); - $page = Page::first(); + $page = $this->entities->page(); - $comment = factory(Comment::class)->make(); - $this->postJson("/ajax/page/$page->id/comment", $comment->getAttributes()); + $comment = Comment::factory()->make(); + $this->postJson("/comment/$page->id", $comment->getAttributes()); $comment = $page->comments()->first(); - $resp = $this->delete("/ajax/comment/$comment->id"); + $resp = $this->delete("/comment/$comment->id"); $resp->assertStatus(200); $this->assertDatabaseMissing('comments', [ - 'id' => $comment->id + 'id' => $comment->id, + ]); + + $this->assertActivityExists(ActivityType::COMMENT_DELETE); + } + + public function test_scripts_cannot_be_injected_via_comment_html() + { + $page = $this->entities->page(); + + $script = '

My lovely comment

'; + $this->asAdmin()->postJson("/comment/$page->id", [ + 'html' => $script, + ]); + + $pageView = $this->get($page->getUrl()); + $pageView->assertDontSee($script, false); + $pageView->assertSee('

My lovely comment

', false); + + $comment = $page->comments()->first(); + $this->putJson("/comment/$comment->id", [ + 'html' => $script . '

updated

', + ]); + + $pageView = $this->get($page->getUrl()); + $pageView->assertDontSee($script, false); + $pageView->assertSee('

My lovely comment

updated

'); + } + + public function test_scripts_are_removed_even_if_already_in_db() + { + $page = $this->entities->page(); + Comment::factory()->create([ + 'html' => '

scriptincommentest

', + 'entity_type' => 'page', 'entity_id' => $page + ]); + + $resp = $this->asAdmin()->get($page->getUrl()); + $resp->assertSee('scriptincommentest', false); + $resp->assertDontSee('superbadscript', false); + $resp->assertDontSee('superbadonclick', false); + } + + public function test_reply_comments_are_nested() + { + $this->asAdmin(); + $page = $this->entities->page(); + + $this->postJson("/comment/$page->id", ['html' => '

My new comment

']); + $this->postJson("/comment/$page->id", ['html' => '

My new comment

']); + + $respHtml = $this->withHtml($this->get($page->getUrl())); + $respHtml->assertElementCount('.comment-branch', 3); + $respHtml->assertElementNotExists('.comment-branch .comment-branch'); + + $comment = $page->comments()->first(); + $resp = $this->postJson("/comment/$page->id", [ + 'html' => '

My nested comment

', 'parent_id' => $comment->local_id + ]); + $resp->assertStatus(200); + + $respHtml = $this->withHtml($this->get($page->getUrl())); + $respHtml->assertElementCount('.comment-branch', 4); + $respHtml->assertElementContains('.comment-branch .comment-branch', 'My nested comment'); + } + + public function test_comments_are_visible_in_the_page_editor() + { + $page = $this->entities->page(); + + $this->asAdmin()->postJson("/comment/$page->id", ['html' => '

My great comment to see in the editor

']); + + $respHtml = $this->withHtml($this->get($page->getUrl('/edit'))); + $respHtml->assertElementContains('.comment-box .content', 'My great comment to see in the editor'); + } + + public function test_comment_creator_name_truncated() + { + [$longNamedUser] = $this->users->newUserWithRole(['name' => 'Wolfeschlegelsteinhausenbergerdorff'], ['comment-create-all', 'page-view-all']); + $page = $this->entities->page(); + + $comment = Comment::factory()->make(); + $this->actingAs($longNamedUser)->postJson("/comment/$page->id", $comment->getAttributes()); + + $pageResp = $this->asAdmin()->get($page->getUrl()); + $pageResp->assertSee('Wolfeschlegels…'); + } + + public function test_comment_editor_js_loaded_with_create_or_edit_permissions() + { + $editor = $this->users->editor(); + $page = $this->entities->page(); + + $resp = $this->actingAs($editor)->get($page->getUrl()); + $resp->assertSee('tinymce.min.js?', false); + $resp->assertSee('window.editor_translations', false); + $resp->assertSee('component="entity-selector"', false); + + $this->permissions->removeUserRolePermissions($editor, ['comment-create-all']); + $this->permissions->grantUserRolePermissions($editor, ['comment-update-own']); + + $resp = $this->actingAs($editor)->get($page->getUrl()); + $resp->assertDontSee('tinymce.min.js?', false); + $resp->assertDontSee('window.editor_translations', false); + $resp->assertDontSee('component="entity-selector"', false); + + Comment::factory()->create([ + 'created_by' => $editor->id, + 'entity_type' => 'page', + 'entity_id' => $page->id, ]); + + $resp = $this->actingAs($editor)->get($page->getUrl()); + $resp->assertSee('tinymce.min.js?', false); + $resp->assertSee('window.editor_translations', false); + $resp->assertSee('component="entity-selector"', false); } }