Commit Graph

193 Commits

Author SHA1 Message Date
Franz Liedke
b10a17529d
Convert more controller tests to request tests 2020-03-20 18:54:20 +01:00
Franz Liedke
bc80085ce4 Apply fixes from StyleCI
[ci skip] [skip ci]
2020-03-20 17:28:58 +00:00
Franz Liedke
f31fbc5bcf
Tests: Use new authenticatedAs option where useful
There are two more API integration tests that explicitly add the
"Authorization" header right now:

- `Flarum\Tests\integration\api\authentication\WithApiKeyTest`
- `Flarum\Tests\integration\api\csrf_protection\RequireCsrfTokenTest`

These two specifically test authentication, so in those cases the
explicitness seems desirable.
2020-03-20 18:28:35 +01:00
Franz Liedke
25f772c1ea
Replace authenticatedRequest() by request() option
I feel this makes the parameters a bit more clear, does not rely on
inheritance (you can only inherit from one class, but we might want more
of these helpers in the future), and has less side effects (e.g. no
creation and, more importantly, deletion of users in the database).

Refs #2052.
2020-03-20 18:23:06 +01:00
Franz Liedke
a13c0bb612
Tests: Extract trait for building requests 2020-03-20 17:51:03 +01:00
Alexander Skvortsov
4791cc77b3
Add Authenticated Test Case utility 2020-03-20 17:18:35 +01:00
Franz Liedke
4b45ce0a58
Add a baseline test for the middleware extender
Refs #2017.
2020-03-06 15:05:16 +01:00
Franz Liedke
4413848c11 Apply fixes from StyleCI
[ci skip] [skip ci]
2020-03-06 13:55:39 +00:00
Matt Kilgore
9212330ac2
Test Middleware extender (#2017) 2020-03-06 14:55:21 +01:00
Franz Liedke
eaf1767008
Merge pull request #2002 from flarum/fl/extender-tests
Start testing extenders
2020-02-14 18:47:58 +01:00
Clark Winkelmann
d5ebbab3a7
Rename dead is_activated references with the new is_email_confirmed (#1974) 2020-02-14 15:34:32 +01:00
Franz Liedke
c01eea58b6
Start testing Route extender 2020-02-08 00:04:32 +01:00
Franz Liedke
19cb74c856
Integration tests: Allow registering extenders 2020-02-07 23:29:14 +01:00
Franz Liedke
27bcdb949b
Integration tests: Add lazy server helper
This allows sending requests directly in an integration test, without
having *explicitly* booted the app.
2020-02-07 23:28:37 +01:00
Franz Liedke
94fc460240
Integration tests: Create app lazily when needed
This will allow registering extenders in test scenarios. Previously,
this would not have had any effect as the app would have booted already.
2020-02-07 23:22:22 +01:00
Franz Liedke
76f7d566b2
Convert another test
Test the request, not a controller (implementation detail). This also
focuses on the observable behavior instead of hacking our way into the
middleware pipeline in order to observe internal behavior.

The authenticated user is now determined by looking at the API response
to compare permissions and (non-)existing JSON keys.
2020-01-22 23:39:41 +01:00
Matt Kilgore
d7a5a6ad14 Change Zend namespace to Laminas (#1963)
Also ensure backwards compatibility for extensions that use the Zend framework but don't explicitly require it.
2020-01-06 22:29:34 +01:00
Franz Liedke
d492579638 Apply fixes from StyleCI
[ci skip] [skip ci]
2019-11-28 00:16:50 +00:00
Clark Winkelmann
40f709e7c6 Fix tests to include expectation count and run user saving events 2019-11-26 10:13:18 +01:00
Clark Winkelmann
264ff9f7bb Add unit test for AvatarUploader 2019-11-26 10:13:18 +01:00
Daniel Klabbers
63b039a800 incorrect ability used, drop prefix discussion. 2019-11-22 08:17:02 +01:00
Daniel Klabbers
213045aa03 test only on the hidePosts policy ability 2019-11-22 08:17:02 +01:00
Daniël Klabbers
4adf342ce3 [review] using orWhere to allow any where to follow in extensions 2019-11-22 08:17:02 +01:00
Daniël Klabbers
b150636906 fixes #1827
- set default statement to block access
- added tests to confirm all scenarios work as intended
2019-11-22 08:17:02 +01:00
Franz Liedke
4f1adba387
Automatically set up Mockery for unit tests
- Use provided PhpUnit listener to enforce verification of expectations.
- Include Mockery's trait to auto-close Mockery after each test.
2019-11-21 00:51:11 +01:00
David Sevilla Martin
c712d23e9c Add test for discussion posts being deleted on discussion delete from DB 2019-11-18 09:23:53 +01:00
David Sevilla Martin
d69c4035d9 Fix failing tests 2019-11-18 09:23:53 +01:00
Franz Liedke
9f6ec80432
Revert search performance regression
We decided it is better to have a less intelligent search (that does not
match search terms in titles) for some people than a bad-performing
search for everyone.

We will revisit the search performance topic in the next release cycle,
possibly with larger changes around indexing.

Refs #1738, #1741, #1764.
2019-10-26 15:41:39 +02:00
Franz Liedke
3417c0cbee
Cleanup code from #1876
- Extract a method for email address generation
- Consistent types
- No docblocks for types where superfluous
- Tweak console output
- Don't inherit from integration test's base class in unit test
2019-09-24 01:00:22 +02:00
Stefan Totev
738ca405fe Normalize Base URL during installation
- Fix base url when is appended with a script filename
- Add default base url http://flarum.local when CLI wizard used
- Remove some code duplication
- Add minor improvement to the UX when CLI wizard used
- Add tests
- Extract base url normalisation into its own value object
2019-09-24 00:26:51 +02:00
Franz Liedke
3b5691ee28
Restore beta.9 behavior of assertCan()
In flarum/core#1854, I changed the implementation of `assertCan()` to be
more aware of the user's log-in status. I came across this when unifying
our API's response status code when actors are not authenticated or not
authorized to do something.

@luceos rightfully had to tweak this again in ea84fc4, because the
behavior changed for one of the few API endpoints that checked for a
permission that even guests can have.

It turns out having this complex behavior in `assertCan()` is quite
misleading, because the name suggests a simple permission check and
nothing more.

Where we actually want to differ between HTTP 401 and 403, we can do
this using two method calls, and enforce it with our tests.

If this turns out to be problematic or extremely common, we can revisit
this and introduce a method with a different, better name in the future.

This commit restores the method's behavior in the last release, so we
also avoid another breaking change for extensions.
2019-09-14 21:32:00 +02:00
Franz Liedke
18593e0d7d
Add a test for viewUserList guest permission
This test would have failed without commit ea84fc4. Next, I will revert
that commit and most of my PR #1854, so we need this test to ensure the
API continues to behave as desired.
2019-09-14 21:30:09 +02:00
Franz Liedke
40e1b61fe6 Apply fixes from StyleCI
[ci skip] [skip ci]
2019-09-14 18:57:28 +00:00
Franz Liedke
95dcb45d65
Convert more controller tests to feature tests 2019-09-14 13:09:56 +02:00
Franz Liedke
538136153c
Send a HTTP 401 for incorrect login credentials
This fixes a regression from #1843 and #1854. Now, the frontend again
shows the proper "Incorrect login details" message instead of "You
do not have permission to do that".
2019-09-13 15:03:03 +02:00
Franz Liedke
c330662241
Convert another controller test to feature test
Decouple from implementation, test closer to HTTP...
2019-09-13 14:58:45 +02:00
Franz Liedke
ed51f9ff0a
Fix failing test 2019-09-05 00:07:40 +02:00
Franz Liedke
dcf88df0c7
Restore error details in JSON-API error formatter
Fixes #1865. Refs #1843.
2019-09-04 01:44:22 +02:00
Franz Liedke
3eb28dfb16
Convert controller test to request test
This further decouples these tests from the implementation (i.e. which
controller are we calling?).
2019-09-04 01:27:24 +02:00
Franz Liedke
04bcf1eef6
Fix inconsistent status codes
HTTP 401 should be used when logging in (i.e. authenticating) would make
a difference; HTTP 403 is reserved for requests that fail because the
already authenticated user is not authorized (i.e. lacking permissions)
to do something.
2019-08-21 00:06:31 +02:00
Franz Liedke
9f71e2c3cb
Remove old error handler, middleware and tests 2019-08-10 00:26:24 +02:00
Franz Liedke
81a8736ba9
API Client: Use new error handling mechanism 2019-08-10 00:26:24 +02:00
Franz Liedke
cfbaa84fbc
Wire up new error handling stack 2019-08-10 00:26:23 +02:00
Franz Liedke
8604ea3020
Bypass CSRF token check when using access tokens
Fixes #1828.
2019-08-01 22:53:31 +02:00
Franz Liedke
f357434a72
PHPUnit: Get rid of deprecated annotation
Refs #1795.
2019-07-30 00:09:10 +02:00
Franz Liedke
1502fc98d8
Prevent MySQL search operators from taking effect
We do not want to inherit MySQL's fulltext query language, so let's
just drop all non-word characters from the search term.

Fixes #1498.
2019-07-23 23:55:06 +02:00
Franz Liedke
8c841c3266
Update test libraries 2019-07-06 01:49:55 +02:00
Franz Liedke
d66d2aa26e
Convert more helpers in tests 2019-07-06 01:30:59 +02:00
Daniël Klabbers
935a968257 fixed tests on master, missing views directory and suppressing notices from tempnam when storing files in tmp 2019-06-24 13:00:36 +02:00
Daniël Klabbers
803582c437
Apply fixes from StyleCI (#1800)
[ci skip] [skip ci]
2019-06-24 09:15:15 +02:00
Franz Liedke
8e86d38804 Merge pull request from GHSA-3wjh-93gr-chh6
* Integration tests: Memoize request handler as well

This is useful to send HTTP requests (or their PSR-7 equivalents)
through the entire application's middleware stack (instead of
talking to specific controllers, which should be considered
implementation detail).

* Add tests for CSRF token check

* Integration tests: Configure vendor path

Now that this is possible, make the easy change...

* Implement middleware for CSRF token verification

This fixes a rather large oversight in Flarum's codebase, which was that
we had no explicit CSRF protection using the traditional token approach.

The JS frontend was actually sending these tokens, but the backend did
not require them.

* Accept CSRF token in request body as well

* Refactor tests to shorten HTTP requests

Multiple tests now provide JSON request bodies, and others copy cookies
from previous responses, so let's provide convenient helpers for these.

* Fixed issue with tmp/storage/views not existing, this caused tmpname to notice.
Fixed csrf test that assumed an access token allows application access, which is actually api token.
Improved return type hinting in the StartSession middleware

* Using a different setting key now, so that it won't break tests whenever you re-run them once smtp is set.
Fixed, badly, the test to create users etc caused by the prepareDatabase flushing all settings by default.

* added custom view, now needs translation
2019-06-24 09:14:38 +02:00
Franz Liedke
54876cfbd6
Integration tests: Fix test setup 2019-06-13 00:13:38 +02:00
Franz Liedke
d822a6f84c
Apply fixes from StyleCI (#1756)
[ci skip] [skip ci]
2019-03-07 00:22:15 +01:00
Franz Liedke
26c3bcdb74
Add regression test for #1738
This should ensure we can always search for search terms that appear
either only in the subject or only in the text of discussions.
2019-03-07 00:21:43 +01:00
Franz Liedke
df0bd52283
Add helpful (?) output to test setup script 2019-02-03 20:39:33 +01:00
Franz Liedke
5556df54f9
Setup Composer commands for testing and setup 2019-02-03 20:39:33 +01:00
Franz Liedke
cf746079ed
Make integration tests independent
This creates a dedicated test suite for integration tests. All of them
can be run independently, and there is no order dependency - previously,
all integration tests needed the installer test to run first, and they
would fail if installation failed.

Now, the developer will have to set up a Flarum database to be used by
these tests. A setup script to make this simple will be added in the
next commit.

Small tradeoff: the installer is NOT tested in our test suite anymore,
only implicitly through the setup script. If we decide that this is a
problem, we can still set up separate, dedicated installer tests which
should probably test the web installer.
2019-02-03 20:39:32 +01:00
Franz Liedke
4d10536d35
Move integration tests to separate directory
Again, we do all of this to prepare for creating "real" test suites for
each type of tests.
2019-02-01 19:01:12 +01:00
Franz Liedke
ba16ebe61f
Extract pure unit tests so that they can run fast
- Move to separate directory (base for a separate test suite)
- Inherit directly from PhpUnit
- Configure test suite with dedicated XML file
2019-02-01 19:01:09 +01:00
Franz Liedke
968152b740
DatabaseConfig: Implement Arrayable contract 2019-02-01 13:00:07 +01:00
Franz Liedke
af185fd3d1
Fix tests 2019-02-01 10:33:21 +01:00
Franz Liedke
bc9e8f68f1
Move default settings to install step
The various installation "frontends" (such as GUI and console) can now
provide custom overrides, if they want to.
2019-01-31 21:52:06 +01:00
Franz Liedke
de6001f4cf
Fix the test setup and installer tests
We are still testing the installation logic, but not testing the
actual CLI task. I would love to do that, but IMO we first need to
find a way to do this fully from the outside, by invoking and
talking to the installer through the shell.

Because acceptance tests are easier to do when fully decoupled from
the application. (After all, they are intended to save us from
breaking things when changing code; and we cannot prove that when
we change the tests at the same time.)

It might be easier to start with acceptance tests for the web
installer, though.
2019-01-31 21:52:05 +01:00
Daniël Klabbers
167059027e Increasing test coverage (#1711)
* added a few more tests, renamed singular to plural to match controller

* increase error reporting

* removed debugging and wait for tests
2019-01-01 21:02:18 +01:00
Franz Liedke
009ddcdb63
Add regression test for email crawling vulnerability
Refs #1628.
2018-11-09 12:02:26 +01:00
Franz Liedke
d021dc2399
Move trait to base test class
This way, its properties can be overwritten in subclasses of
`ApiControllerTestCase`. This isn't allowed when those subclasses
use the trait directly.
2018-11-09 12:02:21 +01:00
Daniël Klabbers
bb0fc165af [b8] master token fix (#1622)
* fixed not being able to use master token because id column no longer holds key
* added flexibility of user_id column
* added tests to confirm the api keys actually work as intended
2018-11-07 22:34:09 +01:00
Daniël Klabbers
c446c5cc61 fixes author gambit when used with fulltext search, added test to cover (#1620)
* fixes author gambit when used with fulltext search, added test to cover

* Apply fixes from StyleCI

[ci skip] [skip ci]
2018-10-29 23:01:25 +01:00
Franz Liedke
4775535421
Fix tests 2018-10-24 22:38:47 +02:00
Franz Liedke
6c0d73afa0
Fix tests 2018-09-22 00:40:19 +02:00
Toby Zerner
2b174b17fc Fix tests 2018-09-21 14:32:41 +09:30
Franz Liedke
0ce289be4c
Travis: Add table prefix to build matrix (#1568)
Fixes #1564.
2018-09-16 20:59:40 +02:00
Toby Zerner
70058652b5 Rename user.isActivated 2018-08-24 22:13:05 +09:30
Toby Zerner
e241518506 Rename discussion.startPost 2018-08-24 22:13:05 +09:30
Toby Zerner
582054c61c Merge branch 'master' into 1236-database-changes 2018-08-24 21:07:00 +09:30
Franz Liedke
034000ea0b
Fix tests after sites refactoring 2018-08-22 07:58:50 +02:00
Franz Liedke
fb5740926a
Split SessionServiceProvider from UserServiceProvider
This lets us register the former during installation, where the
latter is not yet registered.

That, in turn, means we can finally re-enable the StartSession
middleware in the installer app, which we need to log in the new
admin user when installation is complete.
2018-08-22 07:58:50 +02:00
Daniel Klabbers
2cd77e231f Merge branch 'master' into 1236-database-changes 2018-06-19 09:57:47 +02:00
Sajjad Hashemian
22f2df3670 rename TokenController to CreateTokenController 2018-06-06 09:40:29 +04:30
Daniël Klabbers
26b02adc9d
Merge branch 'master' into 1236-database-changes 2018-06-03 21:51:01 +02:00
Franz Liedke
b3d45fd6f8
Replace ControllerInterface with PSR-15 interface
The custom interface already had the same signature as the
one from the standard (except for the return type hint), so
why not use that one now? :)
2018-05-30 09:49:47 +02:00
Daniël Klabbers
b3cbc5d1bd
[wip] 1211 mariadb compatibility (#1440)
fixes #1211 

As we've already upgraded our minimum requirement to 7.1 there's no current need to force a constraint on dbal 2.7+.
2018-05-29 05:51:22 +02:00
Daniel Klabbers
30358e98c0 merged api tests into branch 2018-05-16 09:27:01 +02:00
Daniël Klabbers
e226f81515
additional tests for api controllers (#1433)
* added CreatePostControllerTest

* added DeleteDiscussionControllerTest

* added ListDiscussionControllerTest

* added TokenControllerTest

* minor improvement to policy, no need for Carbon object there, added ShowDiscussionControllerTest

* added showDiscussionControllerTest but cant make Guests view the discussion created by a user

* viewing for guests tested, we might need factories
2018-05-16 09:25:48 +02:00
Daniel Klabbers
a9501ceae0 Merge branch 'master' into 1236-database-changes 2018-05-14 13:32:48 +02:00
Daniël Klabbers
2a721926d3
adds a few additional api controller tests (#1429)
* added CreatePostControllerTest

* added DeleteDiscussionControllerTest

* added ListDiscussionControllerTest

* Apply fixes from StyleCI

[ci skip] [skip ci]
2018-05-14 13:32:19 +02:00
Daniel Klabbers
fd859e33be fixed several column changes found by tests 2018-05-14 11:34:24 +02:00
Daniel Klabbers
0058067b1b merged master 2018-05-14 09:23:06 +02:00
Daniël Klabbers
c4a501f82a
Improved foundational backend unit tests (#1405)
* part one of adding tests, updating core

* Apply fixes from StyleCI

[ci skip] [skip ci]

* we need xdebug for code coverage, and hhvm was already removed

* forgot about the sidecar for mysql completely 🤦

* gitignore removed this installed json we need to fake that we have extensions

* using reguarded closure
2018-04-17 11:15:28 +02:00
Daniel Klabbers
beec59232f we can move this file deeper into storage 2018-04-13 09:12:56 +02:00
luceos
371f33e99e Apply fixes from StyleCI
[ci skip] [skip ci]
2018-04-13 07:07:02 +00:00
Daniel Klabbers
264664ac79 added the create discussion test, also renamed some classes that seem to have been incorrectly renamed from the other testing branch 2018-04-13 09:06:42 +02:00
Daniel Klabbers
17f29f83c9 adds api controller tests 2018-04-13 07:52:39 +02:00
Daniel Klabbers
c9c8fa0fde gitignore removed this installed json we need to fake that we have extensions 2018-04-13 07:34:04 +02:00
luceos
8574b57fc5 Apply fixes from StyleCI
[ci skip] [skip ci]
2018-04-13 05:13:32 +00:00
Daniel Klabbers
dcb3821777 part one of adding tests, updating core 2018-04-13 07:13:10 +02:00
Franz Liedke
e8d915850d
Fix test namespace 2018-03-04 00:04:43 +01:00
Franz Liedke
a061eda019
Change namespace of test classes
(as implemented by @luceos in his WIP PR)
2018-03-04 00:01:49 +01:00
Toby Zerner
1c1cefa017 Update test namespaces 2018-01-11 01:25:10 +10:30
Daniel Klabbers
4d9e2335c7 pleasing the angry god Circle 2017-11-27 11:05:15 +01:00