ctrlv-privatebin/tst/RequestTest.php

220 lines
8.1 KiB
PHP
Raw Normal View History

2015-09-27 15:37:17 +02:00
<?php
2016-07-21 17:09:48 +02:00
use PrivateBin\Request;
2016-07-21 17:09:48 +02:00
class RequestTest extends PHPUnit_Framework_TestCase
2015-09-27 15:37:17 +02:00
{
public function setUp()
{
/* Setup Routine */
}
public function tearDown()
{
/* Tear Down Routine */
}
public function reset()
{
$_SERVER = array();
$_GET = array();
$_POST = array();
2015-09-27 15:37:17 +02:00
}
/**
* Returns 16 random hexadecimal characters.
*
* @access public
* @return string
*/
public function getRandomId()
{
// 8 binary bytes are 16 characters long in hex
return bin2hex(random_bytes(8));
}
/**
* Returns random query safe characters.
*
* @access public
* @return string
*/
public function getRandomQueryChars()
{
2019-01-20 12:28:03 +01:00
$queryChars = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ=';
$queryCharCount = strlen($queryChars) - 1;
2019-01-20 12:28:03 +01:00
$resultLength = random_int(1, 10);
$result = '';
for ($i = 0; $i < $resultLength; ++$i) {
$result .= $queryChars[random_int(0, $queryCharCount)];
}
return $result;
}
2015-09-27 15:37:17 +02:00
public function testView()
{
$this->reset();
$_SERVER['REQUEST_METHOD'] = 'GET';
$request = new Request;
2015-09-27 15:37:17 +02:00
$this->assertFalse($request->isJsonApiCall(), 'is HTML call');
$this->assertEquals('view', $request->getOperation());
}
public function testRead()
{
$this->reset();
2019-01-20 12:28:03 +01:00
$id = $this->getRandomId();
2015-09-27 15:37:17 +02:00
$_SERVER['REQUEST_METHOD'] = 'GET';
$_SERVER['QUERY_STRING'] = $id;
2019-01-21 23:49:33 +01:00
$_GET[$id] = '';
$request = new Request;
2015-09-27 15:37:17 +02:00
$this->assertFalse($request->isJsonApiCall(), 'is HTML call');
$this->assertEquals($id, $request->getParam('pasteid'));
2015-09-27 15:37:17 +02:00
$this->assertEquals('read', $request->getOperation());
}
public function testDelete()
{
$this->reset();
2019-01-20 12:28:03 +01:00
$id = $this->getRandomId();
2015-09-27 15:37:17 +02:00
$_SERVER['REQUEST_METHOD'] = 'GET';
$_GET['pasteid'] = $id;
$_GET['deletetoken'] = 'bar';
$request = new Request;
2015-09-27 15:37:17 +02:00
$this->assertFalse($request->isJsonApiCall(), 'is HTML call');
$this->assertEquals('delete', $request->getOperation());
$this->assertEquals($id, $request->getParam('pasteid'));
2015-09-27 15:37:17 +02:00
$this->assertEquals('bar', $request->getParam('deletetoken'));
}
public function testApiCreate()
{
$this->reset();
$_SERVER['REQUEST_METHOD'] = 'PUT';
2015-09-27 15:37:17 +02:00
$_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest';
$file = tempnam(sys_get_temp_dir(), 'FOO');
2019-05-10 07:55:39 +02:00
file_put_contents($file, 'ct=foo');
Request::setInputStream($file);
$request = new Request;
unlink($file);
2015-09-27 15:37:17 +02:00
$this->assertTrue($request->isJsonApiCall(), 'is JSON Api call');
$this->assertEquals('create', $request->getOperation());
2019-05-10 07:55:39 +02:00
$this->assertEquals('foo', $request->getParam('ct'));
2015-09-27 15:37:17 +02:00
}
public function testApiCreateAlternative()
{
$this->reset();
$_SERVER['REQUEST_METHOD'] = 'POST';
$_SERVER['HTTP_ACCEPT'] = 'application/json, text/javascript, */*; q=0.01';
2019-05-10 07:55:39 +02:00
$_POST['ct'] = 'foo';
$request = new Request;
2015-09-27 15:37:17 +02:00
$this->assertTrue($request->isJsonApiCall(), 'is JSON Api call');
$this->assertEquals('create', $request->getOperation());
2019-05-10 07:55:39 +02:00
$this->assertEquals('foo', $request->getParam('ct'));
2015-09-27 15:37:17 +02:00
}
public function testApiRead()
{
$this->reset();
2019-01-20 12:28:03 +01:00
$id = $this->getRandomId();
2015-09-27 15:37:17 +02:00
$_SERVER['REQUEST_METHOD'] = 'GET';
$_SERVER['HTTP_ACCEPT'] = 'application/json, text/javascript, */*; q=0.01';
$_SERVER['QUERY_STRING'] = $id;
2019-01-21 23:49:33 +01:00
$_GET[$id] = '';
$request = new Request;
2015-09-27 15:37:17 +02:00
$this->assertTrue($request->isJsonApiCall(), 'is JSON Api call');
$this->assertEquals($id, $request->getParam('pasteid'));
2015-09-27 15:37:17 +02:00
$this->assertEquals('read', $request->getOperation());
}
public function testApiDelete()
{
$this->reset();
2019-01-20 12:28:03 +01:00
$id = $this->getRandomId();
$_SERVER['REQUEST_METHOD'] = 'POST';
2015-09-27 15:37:17 +02:00
$_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest';
$_SERVER['QUERY_STRING'] = $id;
2019-01-22 00:12:02 +01:00
$_GET = array($id => '');
$_POST['deletetoken'] = 'bar';
$request = new Request;
2015-09-27 15:37:17 +02:00
$this->assertTrue($request->isJsonApiCall(), 'is JSON Api call');
$this->assertEquals('delete', $request->getOperation());
$this->assertEquals($id, $request->getParam('pasteid'));
2015-09-27 15:37:17 +02:00
$this->assertEquals('bar', $request->getParam('deletetoken'));
}
public function testReadWithNegotiation()
{
$this->reset();
2019-01-20 12:28:03 +01:00
$id = $this->getRandomId();
$_SERVER['REQUEST_METHOD'] = 'GET';
$_SERVER['HTTP_ACCEPT'] = 'text/html,text/html; charset=UTF-8,application/xhtml+xml, application/xml;q=0.9,*/*;q=0.8, text/csv,application/json';
$_SERVER['QUERY_STRING'] = $id;
2019-01-21 23:49:33 +01:00
$_GET[$id] = '';
$request = new Request;
$this->assertFalse($request->isJsonApiCall(), 'is HTML call');
$this->assertEquals($id, $request->getParam('pasteid'));
$this->assertEquals('read', $request->getOperation());
}
public function testReadWithXhtmlNegotiation()
{
$this->reset();
2019-01-20 12:28:03 +01:00
$id = $this->getRandomId();
$_SERVER['REQUEST_METHOD'] = 'GET';
$_SERVER['HTTP_ACCEPT'] = 'application/xhtml+xml,text/html,text/html; charset=UTF-8, application/xml;q=0.9,*/*;q=0.8, text/csv,application/json';
$_SERVER['QUERY_STRING'] = $id;
2019-01-21 23:49:33 +01:00
$_GET[$id] = '';
$request = new Request;
$this->assertFalse($request->isJsonApiCall(), 'is HTML call');
$this->assertEquals($id, $request->getParam('pasteid'));
$this->assertEquals('read', $request->getOperation());
}
public function testApiReadWithNegotiation()
{
$this->reset();
2019-01-20 12:28:03 +01:00
$id = $this->getRandomId();
$_SERVER['REQUEST_METHOD'] = 'GET';
$_SERVER['HTTP_ACCEPT'] = 'text/plain,text/csv, application/xml;q=0.9, application/json, text/html,text/html; charset=UTF-8,application/xhtml+xml, */*;q=0.8';
$_SERVER['QUERY_STRING'] = $id;
2019-01-21 23:49:33 +01:00
$_GET[$id] = '';
$request = new Request;
$this->assertTrue($request->isJsonApiCall(), 'is JSON Api call');
$this->assertEquals($id, $request->getParam('pasteid'));
$this->assertEquals('read', $request->getOperation());
}
public function testReadWithFailedNegotiation()
{
$this->reset();
2019-01-20 12:28:03 +01:00
$id = $this->getRandomId();
$_SERVER['REQUEST_METHOD'] = 'GET';
$_SERVER['HTTP_ACCEPT'] = 'text/plain,text/csv, application/xml;q=0.9, */*;q=0.8';
$_SERVER['QUERY_STRING'] = $id;
2019-01-21 23:49:33 +01:00
$_GET[$id] = '';
$request = new Request;
$this->assertFalse($request->isJsonApiCall(), 'is HTML call');
$this->assertEquals($id, $request->getParam('pasteid'));
$this->assertEquals('read', $request->getOperation());
}
public function testPasteIdExtraction()
{
$this->reset();
2019-01-20 12:28:03 +01:00
$id = $this->getRandomId();
$queryParams = array($id);
$queryParamCount = random_int(1, 5);
for ($i = 0; $i < $queryParamCount; ++$i) {
array_push($queryParams, $this->getRandomQueryChars());
}
shuffle($queryParams);
$_SERVER['REQUEST_METHOD'] = 'GET';
$_SERVER['QUERY_STRING'] = implode('&', $queryParams);
2019-01-21 23:49:33 +01:00
$_GET[$id] = '';
$request = new Request;
$this->assertEquals($id, $request->getParam('pasteid'));
}
2016-07-11 14:15:20 +02:00
}