Commit Graph

19 Commits

Author SHA1 Message Date
Franz Liedke
a737b98e7f Bypass CSRF token check when using access tokens
Fixes #1828.
2020-02-04 22:37:24 +01:00
Franz Liedke
970c0f5604 PHPUnit: Get rid of deprecated annotation
Refs #1795.
2020-02-04 22:37:24 +01:00
Franz Liedke
0a22a66189 Prevent MySQL search operators from taking effect
We do not want to inherit MySQL's fulltext query language, so let's
just drop all non-word characters from the search term.

Fixes #1498.
2020-02-04 22:37:24 +01:00
luceos
1948b7e6f4 Apply fixes from StyleCI
[ci skip] [skip ci]
2020-02-04 21:11:08 +00:00
Franz Liedke
d66d2aa26e
Convert more helpers in tests 2019-07-06 01:30:59 +02:00
Daniël Klabbers
935a968257 fixed tests on master, missing views directory and suppressing notices from tempnam when storing files in tmp 2019-06-24 13:00:36 +02:00
Daniël Klabbers
803582c437
Apply fixes from StyleCI (#1800)
[ci skip] [skip ci]
2019-06-24 09:15:15 +02:00
Franz Liedke
8e86d38804 Merge pull request from GHSA-3wjh-93gr-chh6
* Integration tests: Memoize request handler as well

This is useful to send HTTP requests (or their PSR-7 equivalents)
through the entire application's middleware stack (instead of
talking to specific controllers, which should be considered
implementation detail).

* Add tests for CSRF token check

* Integration tests: Configure vendor path

Now that this is possible, make the easy change...

* Implement middleware for CSRF token verification

This fixes a rather large oversight in Flarum's codebase, which was that
we had no explicit CSRF protection using the traditional token approach.

The JS frontend was actually sending these tokens, but the backend did
not require them.

* Accept CSRF token in request body as well

* Refactor tests to shorten HTTP requests

Multiple tests now provide JSON request bodies, and others copy cookies
from previous responses, so let's provide convenient helpers for these.

* Fixed issue with tmp/storage/views not existing, this caused tmpname to notice.
Fixed csrf test that assumed an access token allows application access, which is actually api token.
Improved return type hinting in the StartSession middleware

* Using a different setting key now, so that it won't break tests whenever you re-run them once smtp is set.
Fixed, badly, the test to create users etc caused by the prepareDatabase flushing all settings by default.

* added custom view, now needs translation
2019-06-24 09:14:38 +02:00
Franz Liedke
54876cfbd6
Integration tests: Fix test setup 2019-06-13 00:13:38 +02:00
Franz Liedke
d822a6f84c
Apply fixes from StyleCI (#1756)
[ci skip] [skip ci]
2019-03-07 00:22:15 +01:00
Franz Liedke
26c3bcdb74
Add regression test for #1738
This should ensure we can always search for search terms that appear
either only in the subject or only in the text of discussions.
2019-03-07 00:21:43 +01:00
Franz Liedke
df0bd52283
Add helpful (?) output to test setup script 2019-02-03 20:39:33 +01:00
Franz Liedke
5556df54f9
Setup Composer commands for testing and setup 2019-02-03 20:39:33 +01:00
Franz Liedke
cf746079ed
Make integration tests independent
This creates a dedicated test suite for integration tests. All of them
can be run independently, and there is no order dependency - previously,
all integration tests needed the installer test to run first, and they
would fail if installation failed.

Now, the developer will have to set up a Flarum database to be used by
these tests. A setup script to make this simple will be added in the
next commit.

Small tradeoff: the installer is NOT tested in our test suite anymore,
only implicitly through the setup script. If we decide that this is a
problem, we can still set up separate, dedicated installer tests which
should probably test the web installer.
2019-02-03 20:39:32 +01:00
Franz Liedke
4d10536d35
Move integration tests to separate directory
Again, we do all of this to prepare for creating "real" test suites for
each type of tests.
2019-02-01 19:01:12 +01:00
Toby Zerner
7706914b33 Get rid of Codeception for now
There's nothing in there that's of value.
2015-07-18 10:55:30 +09:30
Toby Zerner
2c46888db5 Upgrade to L5 + huge refactor + more. closes #2
New stuff:
- Signup + email confirmation.
- Updated authentication strategy with remember cookies. closes #5
- New search system with some example gambits! This is cool - check out
the source. Fulltext drivers will be implemented as decorators
overriding the EloquentPostRepository’s findByContent method.
- Lay down the foundation for bootstrapping the Ember app.
- Update Web layer’s asset manager to properly publish CSS/JS files.
- Console commands to run installation migrations and seeds.

Refactoring:
- New structure: move models, repositories, commands, and events into
their own namespaces, rather than grouping by entity.
- All events are classes.
- Use L5 middleware and command bus implementations.
- Clearer use of repositories and the Active Record pattern.
Repositories are used only for retrieval of ActiveRecord objects, and
then save/delete operations are called directly on those ActiveRecords.
This way, we don’t over-abstract at the cost of Eloquent magic, but
testing is still easy.
- Refactor of Web layer so that it uses the Actions routing
architecture.
- “Actor” concept instead of depending on Laravel’s Auth.
- General cleanup!
2015-02-24 20:33:18 +10:30
Allineer
823a3f0e82 [proposal] cameCase in the test names
Sorry :)
2015-01-22 01:42:47 +03:00
Toby Zerner
c91c1518d5 Integration tests for DiscussionRepository
Also add some TestDummy factories (needs more work)
2015-01-21 12:22:20 +10:30