Commit Graph

11 Commits

Author SHA1 Message Date
Franz Liedke
25f772c1ea
Replace authenticatedRequest() by request() option
I feel this makes the parameters a bit more clear, does not rely on
inheritance (you can only inherit from one class, but we might want more
of these helpers in the future), and has less side effects (e.g. no
creation and, more importantly, deletion of users in the database).

Refs #2052.
2020-03-20 18:23:06 +01:00
Franz Liedke
a13c0bb612
Tests: Extract trait for building requests 2020-03-20 17:51:03 +01:00
Franz Liedke
19cb74c856
Integration tests: Allow registering extenders 2020-02-07 23:29:14 +01:00
Franz Liedke
27bcdb949b
Integration tests: Add lazy server helper
This allows sending requests directly in an integration test, without
having *explicitly* booted the app.
2020-02-07 23:28:37 +01:00
Franz Liedke
94fc460240
Integration tests: Create app lazily when needed
This will allow registering extenders in test scenarios. Previously,
this would not have had any effect as the app would have booted already.
2020-02-07 23:22:22 +01:00
Matt Kilgore
d7a5a6ad14 Change Zend namespace to Laminas (#1963)
Also ensure backwards compatibility for extensions that use the Zend framework but don't explicitly require it.
2020-01-06 22:29:34 +01:00
Franz Liedke
d492579638 Apply fixes from StyleCI
[ci skip] [skip ci]
2019-11-28 00:16:50 +00:00
Daniël Klabbers
803582c437
Apply fixes from StyleCI (#1800)
[ci skip] [skip ci]
2019-06-24 09:15:15 +02:00
Franz Liedke
8e86d38804 Merge pull request from GHSA-3wjh-93gr-chh6
* Integration tests: Memoize request handler as well

This is useful to send HTTP requests (or their PSR-7 equivalents)
through the entire application's middleware stack (instead of
talking to specific controllers, which should be considered
implementation detail).

* Add tests for CSRF token check

* Integration tests: Configure vendor path

Now that this is possible, make the easy change...

* Implement middleware for CSRF token verification

This fixes a rather large oversight in Flarum's codebase, which was that
we had no explicit CSRF protection using the traditional token approach.

The JS frontend was actually sending these tokens, but the backend did
not require them.

* Accept CSRF token in request body as well

* Refactor tests to shorten HTTP requests

Multiple tests now provide JSON request bodies, and others copy cookies
from previous responses, so let's provide convenient helpers for these.

* Fixed issue with tmp/storage/views not existing, this caused tmpname to notice.
Fixed csrf test that assumed an access token allows application access, which is actually api token.
Improved return type hinting in the StartSession middleware

* Using a different setting key now, so that it won't break tests whenever you re-run them once smtp is set.
Fixed, badly, the test to create users etc caused by the prepareDatabase flushing all settings by default.

* added custom view, now needs translation
2019-06-24 09:14:38 +02:00
Franz Liedke
cf746079ed
Make integration tests independent
This creates a dedicated test suite for integration tests. All of them
can be run independently, and there is no order dependency - previously,
all integration tests needed the installer test to run first, and they
would fail if installation failed.

Now, the developer will have to set up a Flarum database to be used by
these tests. A setup script to make this simple will be added in the
next commit.

Small tradeoff: the installer is NOT tested in our test suite anymore,
only implicitly through the setup script. If we decide that this is a
problem, we can still set up separate, dedicated installer tests which
should probably test the web installer.
2019-02-03 20:39:32 +01:00
Franz Liedke
4d10536d35
Move integration tests to separate directory
Again, we do all of this to prepare for creating "real" test suites for
each type of tests.
2019-02-01 19:01:12 +01:00