2015-09-28 22:09:13 +08:00
|
|
|
<?php
|
2016-02-26 11:09:39 +08:00
|
|
|
|
|
|
|
/*
|
|
|
|
* This file is part of Flarum.
|
|
|
|
*
|
2019-11-28 08:16:50 +08:00
|
|
|
* For detailed copyright and license information, please view the
|
|
|
|
* LICENSE file that was distributed with this source code.
|
2016-02-26 11:09:39 +08:00
|
|
|
*/
|
|
|
|
|
2019-01-02 05:17:09 +08:00
|
|
|
namespace Flarum\Tests\integration;
|
2015-09-28 22:09:13 +08:00
|
|
|
|
2020-02-08 06:29:14 +08:00
|
|
|
use Flarum\Extend\ExtenderInterface;
|
2020-08-22 00:21:33 +08:00
|
|
|
use Flarum\Foundation\Config;
|
2019-01-31 04:15:27 +08:00
|
|
|
use Flarum\Foundation\InstalledSite;
|
2020-05-01 17:53:55 +08:00
|
|
|
use Flarum\Foundation\Paths;
|
2019-01-31 04:15:27 +08:00
|
|
|
use Illuminate\Database\ConnectionInterface;
|
2020-01-07 05:29:34 +08:00
|
|
|
use Laminas\Diactoros\ServerRequest;
|
Merge pull request from GHSA-3wjh-93gr-chh6
* Integration tests: Memoize request handler as well
This is useful to send HTTP requests (or their PSR-7 equivalents)
through the entire application's middleware stack (instead of
talking to specific controllers, which should be considered
implementation detail).
* Add tests for CSRF token check
* Integration tests: Configure vendor path
Now that this is possible, make the easy change...
* Implement middleware for CSRF token verification
This fixes a rather large oversight in Flarum's codebase, which was that
we had no explicit CSRF protection using the traditional token approach.
The JS frontend was actually sending these tokens, but the backend did
not require them.
* Accept CSRF token in request body as well
* Refactor tests to shorten HTTP requests
Multiple tests now provide JSON request bodies, and others copy cookies
from previous responses, so let's provide convenient helpers for these.
* Fixed issue with tmp/storage/views not existing, this caused tmpname to notice.
Fixed csrf test that assumed an access token allows application access, which is actually api token.
Improved return type hinting in the StartSession middleware
* Using a different setting key now, so that it won't break tests whenever you re-run them once smtp is set.
Fixed, badly, the test to create users etc caused by the prepareDatabase flushing all settings by default.
* added custom view, now needs translation
2019-06-24 15:14:39 +08:00
|
|
|
use Psr\Http\Message\ResponseInterface;
|
|
|
|
use Psr\Http\Message\ServerRequestInterface;
|
2020-02-08 06:28:37 +08:00
|
|
|
use Psr\Http\Server\RequestHandlerInterface;
|
2015-09-28 22:09:13 +08:00
|
|
|
|
2019-01-31 04:15:27 +08:00
|
|
|
abstract class TestCase extends \PHPUnit\Framework\TestCase
|
2015-09-28 22:09:13 +08:00
|
|
|
{
|
2020-03-21 00:48:39 +08:00
|
|
|
use BuildsHttpRequests;
|
|
|
|
|
2020-05-20 05:12:08 +08:00
|
|
|
protected function tearDown(): void
|
|
|
|
{
|
|
|
|
parent::tearDown();
|
|
|
|
|
|
|
|
$this->database()->rollBack();
|
|
|
|
}
|
|
|
|
|
Merge pull request from GHSA-3wjh-93gr-chh6
* Integration tests: Memoize request handler as well
This is useful to send HTTP requests (or their PSR-7 equivalents)
through the entire application's middleware stack (instead of
talking to specific controllers, which should be considered
implementation detail).
* Add tests for CSRF token check
* Integration tests: Configure vendor path
Now that this is possible, make the easy change...
* Implement middleware for CSRF token verification
This fixes a rather large oversight in Flarum's codebase, which was that
we had no explicit CSRF protection using the traditional token approach.
The JS frontend was actually sending these tokens, but the backend did
not require them.
* Accept CSRF token in request body as well
* Refactor tests to shorten HTTP requests
Multiple tests now provide JSON request bodies, and others copy cookies
from previous responses, so let's provide convenient helpers for these.
* Fixed issue with tmp/storage/views not existing, this caused tmpname to notice.
Fixed csrf test that assumed an access token allows application access, which is actually api token.
Improved return type hinting in the StartSession middleware
* Using a different setting key now, so that it won't break tests whenever you re-run them once smtp is set.
Fixed, badly, the test to create users etc caused by the prepareDatabase flushing all settings by default.
* added custom view, now needs translation
2019-06-24 15:14:39 +08:00
|
|
|
/**
|
|
|
|
* @var \Flarum\Foundation\InstalledApp
|
|
|
|
*/
|
2019-01-31 04:15:27 +08:00
|
|
|
protected $app;
|
|
|
|
|
|
|
|
/**
|
|
|
|
* @return \Flarum\Foundation\InstalledApp
|
|
|
|
*/
|
|
|
|
protected function app()
|
|
|
|
{
|
Merge pull request from GHSA-3wjh-93gr-chh6
* Integration tests: Memoize request handler as well
This is useful to send HTTP requests (or their PSR-7 equivalents)
through the entire application's middleware stack (instead of
talking to specific controllers, which should be considered
implementation detail).
* Add tests for CSRF token check
* Integration tests: Configure vendor path
Now that this is possible, make the easy change...
* Implement middleware for CSRF token verification
This fixes a rather large oversight in Flarum's codebase, which was that
we had no explicit CSRF protection using the traditional token approach.
The JS frontend was actually sending these tokens, but the backend did
not require them.
* Accept CSRF token in request body as well
* Refactor tests to shorten HTTP requests
Multiple tests now provide JSON request bodies, and others copy cookies
from previous responses, so let's provide convenient helpers for these.
* Fixed issue with tmp/storage/views not existing, this caused tmpname to notice.
Fixed csrf test that assumed an access token allows application access, which is actually api token.
Improved return type hinting in the StartSession middleware
* Using a different setting key now, so that it won't break tests whenever you re-run them once smtp is set.
Fixed, badly, the test to create users etc caused by the prepareDatabase flushing all settings by default.
* added custom view, now needs translation
2019-06-24 15:14:39 +08:00
|
|
|
if (is_null($this->app)) {
|
|
|
|
$site = new InstalledSite(
|
2020-05-01 17:53:55 +08:00
|
|
|
new Paths([
|
Merge pull request from GHSA-3wjh-93gr-chh6
* Integration tests: Memoize request handler as well
This is useful to send HTTP requests (or their PSR-7 equivalents)
through the entire application's middleware stack (instead of
talking to specific controllers, which should be considered
implementation detail).
* Add tests for CSRF token check
* Integration tests: Configure vendor path
Now that this is possible, make the easy change...
* Implement middleware for CSRF token verification
This fixes a rather large oversight in Flarum's codebase, which was that
we had no explicit CSRF protection using the traditional token approach.
The JS frontend was actually sending these tokens, but the backend did
not require them.
* Accept CSRF token in request body as well
* Refactor tests to shorten HTTP requests
Multiple tests now provide JSON request bodies, and others copy cookies
from previous responses, so let's provide convenient helpers for these.
* Fixed issue with tmp/storage/views not existing, this caused tmpname to notice.
Fixed csrf test that assumed an access token allows application access, which is actually api token.
Improved return type hinting in the StartSession middleware
* Using a different setting key now, so that it won't break tests whenever you re-run them once smtp is set.
Fixed, badly, the test to create users etc caused by the prepareDatabase flushing all settings by default.
* added custom view, now needs translation
2019-06-24 15:14:39 +08:00
|
|
|
'base' => __DIR__.'/tmp',
|
|
|
|
'vendor' => __DIR__.'/../../vendor',
|
|
|
|
'public' => __DIR__.'/tmp/public',
|
|
|
|
'storage' => __DIR__.'/tmp/storage',
|
2020-05-01 17:53:55 +08:00
|
|
|
]),
|
2020-08-22 00:21:33 +08:00
|
|
|
new Config(include __DIR__.'/tmp/config.php')
|
Merge pull request from GHSA-3wjh-93gr-chh6
* Integration tests: Memoize request handler as well
This is useful to send HTTP requests (or their PSR-7 equivalents)
through the entire application's middleware stack (instead of
talking to specific controllers, which should be considered
implementation detail).
* Add tests for CSRF token check
* Integration tests: Configure vendor path
Now that this is possible, make the easy change...
* Implement middleware for CSRF token verification
This fixes a rather large oversight in Flarum's codebase, which was that
we had no explicit CSRF protection using the traditional token approach.
The JS frontend was actually sending these tokens, but the backend did
not require them.
* Accept CSRF token in request body as well
* Refactor tests to shorten HTTP requests
Multiple tests now provide JSON request bodies, and others copy cookies
from previous responses, so let's provide convenient helpers for these.
* Fixed issue with tmp/storage/views not existing, this caused tmpname to notice.
Fixed csrf test that assumed an access token allows application access, which is actually api token.
Improved return type hinting in the StartSession middleware
* Using a different setting key now, so that it won't break tests whenever you re-run them once smtp is set.
Fixed, badly, the test to create users etc caused by the prepareDatabase flushing all settings by default.
* added custom view, now needs translation
2019-06-24 15:14:39 +08:00
|
|
|
);
|
2019-01-31 04:15:27 +08:00
|
|
|
|
2020-02-08 06:29:14 +08:00
|
|
|
$site->extendWith($this->extenders);
|
|
|
|
|
Merge pull request from GHSA-3wjh-93gr-chh6
* Integration tests: Memoize request handler as well
This is useful to send HTTP requests (or their PSR-7 equivalents)
through the entire application's middleware stack (instead of
talking to specific controllers, which should be considered
implementation detail).
* Add tests for CSRF token check
* Integration tests: Configure vendor path
Now that this is possible, make the easy change...
* Implement middleware for CSRF token verification
This fixes a rather large oversight in Flarum's codebase, which was that
we had no explicit CSRF protection using the traditional token approach.
The JS frontend was actually sending these tokens, but the backend did
not require them.
* Accept CSRF token in request body as well
* Refactor tests to shorten HTTP requests
Multiple tests now provide JSON request bodies, and others copy cookies
from previous responses, so let's provide convenient helpers for these.
* Fixed issue with tmp/storage/views not existing, this caused tmpname to notice.
Fixed csrf test that assumed an access token allows application access, which is actually api token.
Improved return type hinting in the StartSession middleware
* Using a different setting key now, so that it won't break tests whenever you re-run them once smtp is set.
Fixed, badly, the test to create users etc caused by the prepareDatabase flushing all settings by default.
* added custom view, now needs translation
2019-06-24 15:14:39 +08:00
|
|
|
$this->app = $site->bootApp();
|
2020-05-22 04:35:06 +08:00
|
|
|
|
|
|
|
$this->database()->beginTransaction();
|
|
|
|
|
|
|
|
$this->populateDatabase();
|
Merge pull request from GHSA-3wjh-93gr-chh6
* Integration tests: Memoize request handler as well
This is useful to send HTTP requests (or their PSR-7 equivalents)
through the entire application's middleware stack (instead of
talking to specific controllers, which should be considered
implementation detail).
* Add tests for CSRF token check
* Integration tests: Configure vendor path
Now that this is possible, make the easy change...
* Implement middleware for CSRF token verification
This fixes a rather large oversight in Flarum's codebase, which was that
we had no explicit CSRF protection using the traditional token approach.
The JS frontend was actually sending these tokens, but the backend did
not require them.
* Accept CSRF token in request body as well
* Refactor tests to shorten HTTP requests
Multiple tests now provide JSON request bodies, and others copy cookies
from previous responses, so let's provide convenient helpers for these.
* Fixed issue with tmp/storage/views not existing, this caused tmpname to notice.
Fixed csrf test that assumed an access token allows application access, which is actually api token.
Improved return type hinting in the StartSession middleware
* Using a different setting key now, so that it won't break tests whenever you re-run them once smtp is set.
Fixed, badly, the test to create users etc caused by the prepareDatabase flushing all settings by default.
* added custom view, now needs translation
2019-06-24 15:14:39 +08:00
|
|
|
}
|
2019-01-31 04:15:27 +08:00
|
|
|
|
Merge pull request from GHSA-3wjh-93gr-chh6
* Integration tests: Memoize request handler as well
This is useful to send HTTP requests (or their PSR-7 equivalents)
through the entire application's middleware stack (instead of
talking to specific controllers, which should be considered
implementation detail).
* Add tests for CSRF token check
* Integration tests: Configure vendor path
Now that this is possible, make the easy change...
* Implement middleware for CSRF token verification
This fixes a rather large oversight in Flarum's codebase, which was that
we had no explicit CSRF protection using the traditional token approach.
The JS frontend was actually sending these tokens, but the backend did
not require them.
* Accept CSRF token in request body as well
* Refactor tests to shorten HTTP requests
Multiple tests now provide JSON request bodies, and others copy cookies
from previous responses, so let's provide convenient helpers for these.
* Fixed issue with tmp/storage/views not existing, this caused tmpname to notice.
Fixed csrf test that assumed an access token allows application access, which is actually api token.
Improved return type hinting in the StartSession middleware
* Using a different setting key now, so that it won't break tests whenever you re-run them once smtp is set.
Fixed, badly, the test to create users etc caused by the prepareDatabase flushing all settings by default.
* added custom view, now needs translation
2019-06-24 15:14:39 +08:00
|
|
|
return $this->app;
|
2019-01-31 04:15:27 +08:00
|
|
|
}
|
|
|
|
|
2020-02-08 06:29:14 +08:00
|
|
|
/**
|
|
|
|
* @var ExtenderInterface[]
|
|
|
|
*/
|
|
|
|
protected $extenders = [];
|
|
|
|
|
2020-05-23 08:00:25 +08:00
|
|
|
protected function extend(ExtenderInterface ...$extenders)
|
2020-02-08 06:29:14 +08:00
|
|
|
{
|
2020-05-23 08:00:25 +08:00
|
|
|
$this->extenders = array_merge($this->extenders, $extenders);
|
2020-02-08 06:29:14 +08:00
|
|
|
}
|
|
|
|
|
2020-02-08 06:28:37 +08:00
|
|
|
/**
|
|
|
|
* @var RequestHandlerInterface
|
|
|
|
*/
|
|
|
|
protected $server;
|
|
|
|
|
|
|
|
protected function server(): RequestHandlerInterface
|
|
|
|
{
|
|
|
|
if (is_null($this->server)) {
|
|
|
|
$this->server = $this->app()->getRequestHandler();
|
|
|
|
}
|
|
|
|
|
|
|
|
return $this->server;
|
|
|
|
}
|
|
|
|
|
2019-01-31 04:15:27 +08:00
|
|
|
protected $database;
|
|
|
|
|
|
|
|
protected function database(): ConnectionInterface
|
|
|
|
{
|
|
|
|
if (is_null($this->database)) {
|
|
|
|
$this->database = $this->app()->getContainer()->make(
|
|
|
|
ConnectionInterface::class
|
|
|
|
);
|
|
|
|
}
|
|
|
|
|
|
|
|
return $this->database;
|
2015-09-28 22:09:13 +08:00
|
|
|
}
|
|
|
|
|
2020-05-22 04:35:06 +08:00
|
|
|
protected $databaseContent = [];
|
|
|
|
|
2019-01-31 04:15:27 +08:00
|
|
|
protected function prepareDatabase(array $tableData)
|
2020-05-22 04:35:06 +08:00
|
|
|
{
|
|
|
|
$this->databaseContent = array_merge_recursive(
|
|
|
|
$this->databaseContent,
|
|
|
|
$tableData
|
|
|
|
);
|
|
|
|
}
|
|
|
|
|
|
|
|
protected function populateDatabase()
|
2015-09-28 22:09:13 +08:00
|
|
|
{
|
2019-01-31 04:15:27 +08:00
|
|
|
// We temporarily disable foreign key checks to simplify this process.
|
|
|
|
$this->database()->getSchemaBuilder()->disableForeignKeyConstraints();
|
|
|
|
|
|
|
|
// Then, insert all rows required for this test case.
|
2020-05-22 04:35:06 +08:00
|
|
|
foreach ($this->databaseContent as $table => $rows) {
|
Merge pull request from GHSA-3wjh-93gr-chh6
* Integration tests: Memoize request handler as well
This is useful to send HTTP requests (or their PSR-7 equivalents)
through the entire application's middleware stack (instead of
talking to specific controllers, which should be considered
implementation detail).
* Add tests for CSRF token check
* Integration tests: Configure vendor path
Now that this is possible, make the easy change...
* Implement middleware for CSRF token verification
This fixes a rather large oversight in Flarum's codebase, which was that
we had no explicit CSRF protection using the traditional token approach.
The JS frontend was actually sending these tokens, but the backend did
not require them.
* Accept CSRF token in request body as well
* Refactor tests to shorten HTTP requests
Multiple tests now provide JSON request bodies, and others copy cookies
from previous responses, so let's provide convenient helpers for these.
* Fixed issue with tmp/storage/views not existing, this caused tmpname to notice.
Fixed csrf test that assumed an access token allows application access, which is actually api token.
Improved return type hinting in the StartSession middleware
* Using a different setting key now, so that it won't break tests whenever you re-run them once smtp is set.
Fixed, badly, the test to create users etc caused by the prepareDatabase flushing all settings by default.
* added custom view, now needs translation
2019-06-24 15:14:39 +08:00
|
|
|
foreach ($rows as $row) {
|
|
|
|
if ($table === 'settings') {
|
|
|
|
$this->database()->table($table)->updateOrInsert(
|
|
|
|
['key' => $row['key']],
|
|
|
|
$row
|
|
|
|
);
|
|
|
|
} else {
|
|
|
|
$this->database()->table($table)->updateOrInsert(
|
|
|
|
isset($row['id']) ? ['id' => $row['id']] : $row,
|
|
|
|
$row
|
|
|
|
);
|
|
|
|
}
|
|
|
|
}
|
2019-01-31 04:15:27 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
// And finally, turn on foreign key checks again.
|
|
|
|
$this->database()->getSchemaBuilder()->enableForeignKeyConstraints();
|
2015-09-28 22:09:13 +08:00
|
|
|
}
|
Merge pull request from GHSA-3wjh-93gr-chh6
* Integration tests: Memoize request handler as well
This is useful to send HTTP requests (or their PSR-7 equivalents)
through the entire application's middleware stack (instead of
talking to specific controllers, which should be considered
implementation detail).
* Add tests for CSRF token check
* Integration tests: Configure vendor path
Now that this is possible, make the easy change...
* Implement middleware for CSRF token verification
This fixes a rather large oversight in Flarum's codebase, which was that
we had no explicit CSRF protection using the traditional token approach.
The JS frontend was actually sending these tokens, but the backend did
not require them.
* Accept CSRF token in request body as well
* Refactor tests to shorten HTTP requests
Multiple tests now provide JSON request bodies, and others copy cookies
from previous responses, so let's provide convenient helpers for these.
* Fixed issue with tmp/storage/views not existing, this caused tmpname to notice.
Fixed csrf test that assumed an access token allows application access, which is actually api token.
Improved return type hinting in the StartSession middleware
* Using a different setting key now, so that it won't break tests whenever you re-run them once smtp is set.
Fixed, badly, the test to create users etc caused by the prepareDatabase flushing all settings by default.
* added custom view, now needs translation
2019-06-24 15:14:39 +08:00
|
|
|
|
|
|
|
/**
|
|
|
|
* Send a full HTTP request through Flarum's middleware stack.
|
|
|
|
*/
|
|
|
|
protected function send(ServerRequestInterface $request): ResponseInterface
|
|
|
|
{
|
2020-02-08 06:28:37 +08:00
|
|
|
return $this->server()->handle($request);
|
Merge pull request from GHSA-3wjh-93gr-chh6
* Integration tests: Memoize request handler as well
This is useful to send HTTP requests (or their PSR-7 equivalents)
through the entire application's middleware stack (instead of
talking to specific controllers, which should be considered
implementation detail).
* Add tests for CSRF token check
* Integration tests: Configure vendor path
Now that this is possible, make the easy change...
* Implement middleware for CSRF token verification
This fixes a rather large oversight in Flarum's codebase, which was that
we had no explicit CSRF protection using the traditional token approach.
The JS frontend was actually sending these tokens, but the backend did
not require them.
* Accept CSRF token in request body as well
* Refactor tests to shorten HTTP requests
Multiple tests now provide JSON request bodies, and others copy cookies
from previous responses, so let's provide convenient helpers for these.
* Fixed issue with tmp/storage/views not existing, this caused tmpname to notice.
Fixed csrf test that assumed an access token allows application access, which is actually api token.
Improved return type hinting in the StartSession middleware
* Using a different setting key now, so that it won't break tests whenever you re-run them once smtp is set.
Fixed, badly, the test to create users etc caused by the prepareDatabase flushing all settings by default.
* added custom view, now needs translation
2019-06-24 15:14:39 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Build a HTTP request that can be passed through middleware.
|
|
|
|
*
|
2020-03-21 00:48:39 +08:00
|
|
|
* This method simplifies building HTTP requests for use in our HTTP-level
|
Merge pull request from GHSA-3wjh-93gr-chh6
* Integration tests: Memoize request handler as well
This is useful to send HTTP requests (or their PSR-7 equivalents)
through the entire application's middleware stack (instead of
talking to specific controllers, which should be considered
implementation detail).
* Add tests for CSRF token check
* Integration tests: Configure vendor path
Now that this is possible, make the easy change...
* Implement middleware for CSRF token verification
This fixes a rather large oversight in Flarum's codebase, which was that
we had no explicit CSRF protection using the traditional token approach.
The JS frontend was actually sending these tokens, but the backend did
not require them.
* Accept CSRF token in request body as well
* Refactor tests to shorten HTTP requests
Multiple tests now provide JSON request bodies, and others copy cookies
from previous responses, so let's provide convenient helpers for these.
* Fixed issue with tmp/storage/views not existing, this caused tmpname to notice.
Fixed csrf test that assumed an access token allows application access, which is actually api token.
Improved return type hinting in the StartSession middleware
* Using a different setting key now, so that it won't break tests whenever you re-run them once smtp is set.
Fixed, badly, the test to create users etc caused by the prepareDatabase flushing all settings by default.
* added custom view, now needs translation
2019-06-24 15:14:39 +08:00
|
|
|
* integration tests. It provides options for all features repeatedly being
|
|
|
|
* used in those tests.
|
|
|
|
*
|
|
|
|
* @param string $method
|
|
|
|
* @param string $path
|
|
|
|
* @param array $options
|
|
|
|
* An array of optional request properties.
|
|
|
|
* Currently supported:
|
|
|
|
* - "json" should point to a JSON-serializable object that will be
|
|
|
|
* serialized and used as request body. The corresponding Content-Type
|
|
|
|
* header will be set automatically.
|
2020-03-21 01:22:52 +08:00
|
|
|
* - "authenticatedAs" should identify an *existing* user by ID. This will
|
|
|
|
* cause an access token to be created for this user, which will be used
|
|
|
|
* to authenticate the request via the "Authorization" header.
|
Merge pull request from GHSA-3wjh-93gr-chh6
* Integration tests: Memoize request handler as well
This is useful to send HTTP requests (or their PSR-7 equivalents)
through the entire application's middleware stack (instead of
talking to specific controllers, which should be considered
implementation detail).
* Add tests for CSRF token check
* Integration tests: Configure vendor path
Now that this is possible, make the easy change...
* Implement middleware for CSRF token verification
This fixes a rather large oversight in Flarum's codebase, which was that
we had no explicit CSRF protection using the traditional token approach.
The JS frontend was actually sending these tokens, but the backend did
not require them.
* Accept CSRF token in request body as well
* Refactor tests to shorten HTTP requests
Multiple tests now provide JSON request bodies, and others copy cookies
from previous responses, so let's provide convenient helpers for these.
* Fixed issue with tmp/storage/views not existing, this caused tmpname to notice.
Fixed csrf test that assumed an access token allows application access, which is actually api token.
Improved return type hinting in the StartSession middleware
* Using a different setting key now, so that it won't break tests whenever you re-run them once smtp is set.
Fixed, badly, the test to create users etc caused by the prepareDatabase flushing all settings by default.
* added custom view, now needs translation
2019-06-24 15:14:39 +08:00
|
|
|
* - "cookiesFrom" should hold a response object from a previous HTTP
|
|
|
|
* interaction. All cookies returned from the server in that response
|
|
|
|
* (via the "Set-Cookie" header) will be copied to the cookie params of
|
|
|
|
* the new request.
|
|
|
|
* @return ServerRequestInterface
|
|
|
|
*/
|
|
|
|
protected function request(string $method, string $path, array $options = []): ServerRequestInterface
|
|
|
|
{
|
|
|
|
$request = new ServerRequest([], [], $path, $method);
|
|
|
|
|
|
|
|
// Do we want a JSON request body?
|
|
|
|
if (isset($options['json'])) {
|
2020-03-21 00:48:39 +08:00
|
|
|
$request = $this->requestWithJsonBody(
|
2020-03-21 01:28:58 +08:00
|
|
|
$request,
|
|
|
|
$options['json']
|
2020-03-21 00:48:39 +08:00
|
|
|
);
|
Merge pull request from GHSA-3wjh-93gr-chh6
* Integration tests: Memoize request handler as well
This is useful to send HTTP requests (or their PSR-7 equivalents)
through the entire application's middleware stack (instead of
talking to specific controllers, which should be considered
implementation detail).
* Add tests for CSRF token check
* Integration tests: Configure vendor path
Now that this is possible, make the easy change...
* Implement middleware for CSRF token verification
This fixes a rather large oversight in Flarum's codebase, which was that
we had no explicit CSRF protection using the traditional token approach.
The JS frontend was actually sending these tokens, but the backend did
not require them.
* Accept CSRF token in request body as well
* Refactor tests to shorten HTTP requests
Multiple tests now provide JSON request bodies, and others copy cookies
from previous responses, so let's provide convenient helpers for these.
* Fixed issue with tmp/storage/views not existing, this caused tmpname to notice.
Fixed csrf test that assumed an access token allows application access, which is actually api token.
Improved return type hinting in the StartSession middleware
* Using a different setting key now, so that it won't break tests whenever you re-run them once smtp is set.
Fixed, badly, the test to create users etc caused by the prepareDatabase flushing all settings by default.
* added custom view, now needs translation
2019-06-24 15:14:39 +08:00
|
|
|
}
|
|
|
|
|
2020-03-21 01:22:52 +08:00
|
|
|
// Authenticate as a given user
|
|
|
|
if (isset($options['authenticatedAs'])) {
|
|
|
|
$request = $this->requestAsUser(
|
2020-03-21 01:28:58 +08:00
|
|
|
$request,
|
|
|
|
$options['authenticatedAs']
|
2020-03-21 01:22:52 +08:00
|
|
|
);
|
|
|
|
}
|
|
|
|
|
Merge pull request from GHSA-3wjh-93gr-chh6
* Integration tests: Memoize request handler as well
This is useful to send HTTP requests (or their PSR-7 equivalents)
through the entire application's middleware stack (instead of
talking to specific controllers, which should be considered
implementation detail).
* Add tests for CSRF token check
* Integration tests: Configure vendor path
Now that this is possible, make the easy change...
* Implement middleware for CSRF token verification
This fixes a rather large oversight in Flarum's codebase, which was that
we had no explicit CSRF protection using the traditional token approach.
The JS frontend was actually sending these tokens, but the backend did
not require them.
* Accept CSRF token in request body as well
* Refactor tests to shorten HTTP requests
Multiple tests now provide JSON request bodies, and others copy cookies
from previous responses, so let's provide convenient helpers for these.
* Fixed issue with tmp/storage/views not existing, this caused tmpname to notice.
Fixed csrf test that assumed an access token allows application access, which is actually api token.
Improved return type hinting in the StartSession middleware
* Using a different setting key now, so that it won't break tests whenever you re-run them once smtp is set.
Fixed, badly, the test to create users etc caused by the prepareDatabase flushing all settings by default.
* added custom view, now needs translation
2019-06-24 15:14:39 +08:00
|
|
|
// Let's copy the cookies from a previous response
|
|
|
|
if (isset($options['cookiesFrom'])) {
|
2020-03-21 00:48:39 +08:00
|
|
|
$request = $this->requestWithCookiesFrom(
|
2020-03-21 01:28:58 +08:00
|
|
|
$request,
|
|
|
|
$options['cookiesFrom']
|
Merge pull request from GHSA-3wjh-93gr-chh6
* Integration tests: Memoize request handler as well
This is useful to send HTTP requests (or their PSR-7 equivalents)
through the entire application's middleware stack (instead of
talking to specific controllers, which should be considered
implementation detail).
* Add tests for CSRF token check
* Integration tests: Configure vendor path
Now that this is possible, make the easy change...
* Implement middleware for CSRF token verification
This fixes a rather large oversight in Flarum's codebase, which was that
we had no explicit CSRF protection using the traditional token approach.
The JS frontend was actually sending these tokens, but the backend did
not require them.
* Accept CSRF token in request body as well
* Refactor tests to shorten HTTP requests
Multiple tests now provide JSON request bodies, and others copy cookies
from previous responses, so let's provide convenient helpers for these.
* Fixed issue with tmp/storage/views not existing, this caused tmpname to notice.
Fixed csrf test that assumed an access token allows application access, which is actually api token.
Improved return type hinting in the StartSession middleware
* Using a different setting key now, so that it won't break tests whenever you re-run them once smtp is set.
Fixed, badly, the test to create users etc caused by the prepareDatabase flushing all settings by default.
* added custom view, now needs translation
2019-06-24 15:14:39 +08:00
|
|
|
);
|
|
|
|
}
|
|
|
|
|
|
|
|
return $request;
|
|
|
|
}
|
2015-09-28 22:09:13 +08:00
|
|
|
}
|