fix display of v2 pastes in JS, fixing parsing of comments in PHP, avoid exposing expiration date (we provide time_to_live, would allow calculation of creation date of paste)

This commit is contained in:
El RIDO 2019-05-15 07:44:03 +02:00
parent cc1c55129f
commit 09162a3c57
No known key found for this signature in database
GPG Key ID: 0F5C940A6BD81F92
10 changed files with 136 additions and 92 deletions

View File

@ -1621,11 +1621,11 @@ jQuery.PrivateBin = (function($, RawDeflate) {
* *
* @name PasteStatus.showRemainingTime * @name PasteStatus.showRemainingTime
* @function * @function
* @param {object} pasteMetaData * @param {object} paste
*/ */
me.showRemainingTime = function(pasteMetaData) me.showRemainingTime = function(paste)
{ {
if (pasteMetaData.burnafterreading) { if ((paste.adata && paste.adata[3]) || paste.meta.burnafterreading) {
// display paste "for your eyes only" if it is deleted // display paste "for your eyes only" if it is deleted
// the paste has been deleted when the JSON with the ciphertext // the paste has been deleted when the JSON with the ciphertext
@ -1637,9 +1637,9 @@ jQuery.PrivateBin = (function($, RawDeflate) {
// discourage cloning (it cannot really be prevented) // discourage cloning (it cannot really be prevented)
TopNav.hideCloneButton(); TopNav.hideCloneButton();
} else if (pasteMetaData.expire_date) { } else if (paste.meta.time_to_live || paste.meta.remaining_time) {
// display paste expiration // display paste expiration
let expiration = Helper.secondsToHuman(pasteMetaData.time_to_live || pasteMetaData.remaining_time), let expiration = Helper.secondsToHuman(paste.meta.time_to_live || paste.meta.remaining_time),
expirationLabel = [ expirationLabel = [
'This document will expire in %d ' + expiration[1] + '.', 'This document will expire in %d ' + expiration[1] + '.',
'This document will expire in %d ' + expiration[1] + 's.' 'This document will expire in %d ' + expiration[1] + 's.'
@ -2885,14 +2885,14 @@ jQuery.PrivateBin = (function($, RawDeflate) {
// set date // set date
$commentEntry.find('span.commentdate') $commentEntry.find('span.commentdate')
.text(' (' + (new Date(comment.meta.postdate * 1000).toLocaleString()) + ')') .text(' (' + (new Date((comment.meta.created || comment.meta.postdate) * 1000).toLocaleString()) + ')')
.attr('title', 'CommentID: ' + comment.id); .attr('title', 'CommentID: ' + comment.id);
// if an avatar is available, display it // if an avatar is available, display it
if (comment.meta.vizhash) { if (comment.meta.icon || comment.meta.vizhash) {
$commentEntry.find('span.nickname') $commentEntry.find('span.nickname')
.before( .before(
'<img src="' + comment.meta.vizhash + '" class="vizhash" /> ' '<img src="' + (comment.meta.icon || comment.meta.vizhash) + '" class="vizhash" /> '
); );
$(document).on('languageLoaded', function () { $(document).on('languageLoaded', function () {
$commentEntry.find('img.vizhash') $commentEntry.find('img.vizhash')
@ -4038,6 +4038,7 @@ jQuery.PrivateBin = (function($, RawDeflate) {
} }
await ServerInteraction.setCipherMessage(cipherMessage).catch(Alert.showError); await ServerInteraction.setCipherMessage(cipherMessage).catch(Alert.showError);
ServerInteraction.run();
}; };
/** /**
@ -4246,7 +4247,7 @@ jQuery.PrivateBin = (function($, RawDeflate) {
if (paste.comments[i].hasOwnProperty('v') && paste.comments[i].v === 2) { if (paste.comments[i].hasOwnProperty('v') && paste.comments[i].v === 2) {
// version 2 comment // version 2 comment
commentDecryptionPromises.push( commentDecryptionPromises.push(
CryptTool.decipher(key, password, paste.comments[i].ct) CryptTool.decipher(key, password, [paste.comments[i].ct, paste.comments[i].adata])
.then((commentJson) => { .then((commentJson) => {
const commentMessage = JSON.parse(commentJson); const commentMessage = JSON.parse(commentJson);
return [ return [
@ -4335,12 +4336,12 @@ jQuery.PrivateBin = (function($, RawDeflate) {
decryptionPromises.push(decryptPaste(paste, key, password)) decryptionPromises.push(decryptPaste(paste, key, password))
// if the discussion is opened on this paste, display it // if the discussion is opened on this paste, display it
if (paste.meta.opendiscussion) { if ((paste.adata && paste.adata[2]) || paste.meta.opendiscussion) {
decryptionPromises.push(decryptComments(paste, key, password)); decryptionPromises.push(decryptComments(paste, key, password));
} }
// shows the remaining time (until) deletion // shows the remaining time (until) deletion
PasteStatus.showRemainingTime(paste.meta); PasteStatus.showRemainingTime(paste);
Promise.all(decryptionPromises) Promise.all(decryptionPromises)
.then(() => { .then(() => {

View File

@ -44,7 +44,45 @@ describe('PasteStatus', function () {
}); });
jsc.property( jsc.property(
'shows burn after reading message or remaining time', 'shows burn after reading message or remaining time v1',
'bool',
'nat',
jsc.nearray(common.jscA2zString()),
jsc.nearray(common.jscA2zString()),
jsc.nearray(common.jscQueryString()),
'string',
function (
burnafterreading, remainingTime,
schema, address, query, fragment
) {
var clean = jsdom('', {
url: schema.join('') + '://' + address.join('') +
'/?' + query.join('') + '#' + fragment
}),
result;
$('body').html('<div id="remainingtime" class="hidden"></div>');
$.PrivateBin.PasteStatus.init();
$.PrivateBin.PasteStatus.showRemainingTime({'meta': {
'burnafterreading': burnafterreading,
'remaining_time': remainingTime
}});
if (burnafterreading) {
result = $('#remainingtime').hasClass('foryoureyesonly') &&
!$('#remainingtime').hasClass('hidden');
} else if (remainingTime) {
result =!$('#remainingtime').hasClass('foryoureyesonly') &&
!$('#remainingtime').hasClass('hidden');
} else {
result = $('#remainingtime').hasClass('hidden') &&
!$('#remainingtime').hasClass('foryoureyesonly');
}
clean();
return result;
}
);
jsc.property(
'shows burn after reading message or remaining time v2',
'bool', 'bool',
'nat', 'nat',
jsc.nearray(common.jscA2zString()), jsc.nearray(common.jscA2zString()),
@ -63,9 +101,10 @@ describe('PasteStatus', function () {
$('body').html('<div id="remainingtime" class="hidden"></div>'); $('body').html('<div id="remainingtime" class="hidden"></div>');
$.PrivateBin.PasteStatus.init(); $.PrivateBin.PasteStatus.init();
$.PrivateBin.PasteStatus.showRemainingTime({ $.PrivateBin.PasteStatus.showRemainingTime({
'burnafterreading': burnafterreading, 'adata': [null, null, null, burnafterreading],
'remaining_time': remainingTime, 'meta': {
'expire_date': remainingTime ? ((new Date()).getTime() / 1000) + remainingTime : 0 'time_to_live': remainingTime
}
}); });
if (burnafterreading) { if (burnafterreading) {
result = $('#remainingtime').hasClass('foryoureyesonly') && result = $('#remainingtime').hasClass('foryoureyesonly') &&

View File

@ -213,7 +213,7 @@ class Controller
array_key_exists('parentid', $data) && array_key_exists('parentid', $data) &&
!empty($data['parentid']); !empty($data['parentid']);
if (!FormatV2::isValid($data, $isComment)) { if (!FormatV2::isValid($data, $isComment)) {
return $this->_return_message(1, 'Invalid data.'); return $this->_return_message(1, I18n::_('Invalid data.'));
} }
$sizelimit = $this->_conf->getKey('sizelimit'); $sizelimit = $this->_conf->getKey('sizelimit');
// Ensure content is not too big. // Ensure content is not too big.
@ -240,7 +240,7 @@ class Controller
} }
$this->_return_message(0, $comment->getId()); $this->_return_message(0, $comment->getId());
} else { } else {
$this->_return_message(1, 'Invalid data.'); $this->_return_message(1, I18n::_('Invalid data.'));
} }
} }
// The user posts a standard paste. // The user posts a standard paste.

View File

@ -52,13 +52,15 @@ class FormatV2
} }
} }
$cipherParams = $isComment ? $message['adata'] : $message['adata'][0];
// Make sure some fields are base64 data: // Make sure some fields are base64 data:
// - initialization vector // - initialization vector
if (!base64_decode($message['adata'][0][0], true)) { if (!base64_decode($cipherParams[0], true)) {
return false; return false;
} }
// - salt // - salt
if (!base64_decode($message['adata'][0][1], true)) { if (!base64_decode($cipherParams[1], true)) {
return false; return false;
} }
// - cipher text // - cipher text
@ -68,11 +70,11 @@ class FormatV2
// Make sure some fields have a reasonable size: // Make sure some fields have a reasonable size:
// - initialization vector // - initialization vector
if (strlen($message['adata'][0][0]) > 24) { if (strlen($cipherParams[0]) > 24) {
return false; return false;
} }
// - salt // - salt
if (strlen($message['adata'][0][1]) > 14) { if (strlen($cipherParams[1]) > 14) {
return false; return false;
} }
@ -82,27 +84,27 @@ class FormatV2
return false; return false;
} }
// - iterations, refuse less then 10000 iterations (minimum NIST recommendation) // - iterations, refuse less then 10000 iterations (minimum NIST recommendation)
if (!is_int($message['adata'][0][2]) || $message['adata'][0][2] <= 10000) { if (!is_int($cipherParams[2]) || $cipherParams[2] <= 10000) {
return false; return false;
} }
// - key size // - key size
if (!in_array($message['adata'][0][3], array(128, 192, 256), true)) { if (!in_array($cipherParams[3], array(128, 192, 256), true)) {
return false; return false;
} }
// - tag size // - tag size
if (!in_array($message['adata'][0][4], array(64, 96, 128), true)) { if (!in_array($cipherParams[4], array(64, 96, 128), true)) {
return false; return false;
} }
// - algorithm, must be AES // - algorithm, must be AES
if ($message['adata'][0][5] !== 'aes') { if ($cipherParams[5] !== 'aes') {
return false; return false;
} }
// - mode // - mode
if (!in_array($message['adata'][0][6], array('ctr', 'cbc', 'gcm'), true)) { if (!in_array($cipherParams[6], array('ctr', 'cbc', 'gcm'), true)) {
return false; return false;
} }
// - compression // - compression
if (!in_array($message['adata'][0][7], array('zlib', 'none'), true)) { if (!in_array($cipherParams[7], array('zlib', 'none'), true)) {
return false; return false;
} }

View File

@ -45,6 +45,7 @@ class Paste extends AbstractModel
} }
// We kindly provide the remaining time before expiration (in seconds) // We kindly provide the remaining time before expiration (in seconds)
$data['meta']['time_to_live'] = $data['meta']['expire_date'] - time(); $data['meta']['time_to_live'] = $data['meta']['expire_date'] - time();
unset($data['meta']['expire_date']);
} }
// check if non-expired burn after reading paste needs to be deleted // check if non-expired burn after reading paste needs to be deleted

View File

@ -71,7 +71,7 @@ if ($MARKDOWN):
endif; endif;
?> ?>
<script type="text/javascript" data-cfasync="false" src="js/purify-1.0.7.js" integrity="sha512-VnKJHLosO8z2ojNvWk9BEKYqnhZyWK9rM90FgZUUEp/PRnUqR5OLLKE0a3BkVmn7YgB7LXRrjHgFHQYKd6DAIA==" crossorigin="anonymous"></script> <script type="text/javascript" data-cfasync="false" src="js/purify-1.0.7.js" integrity="sha512-VnKJHLosO8z2ojNvWk9BEKYqnhZyWK9rM90FgZUUEp/PRnUqR5OLLKE0a3BkVmn7YgB7LXRrjHgFHQYKd6DAIA==" crossorigin="anonymous"></script>
<script type="text/javascript" data-cfasync="false" src="js/privatebin.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-YCn+cUn5IWzAnD+URrUMfDVZ9SjPtPw//qVIYf7ZIMxmh+oODCN/NbZq30K/8ldA1Al0udP5RQg4PyE6j6wdBQ==" crossorigin="anonymous"></script> <script type="text/javascript" data-cfasync="false" src="js/privatebin.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-h1C1N6TZ+iqfDWbftNalmtkkjmOfeFM7UB5ozNkH7zvaE4LkyCxhpvMGLObFycpCdA0W7VF8nVoLhRkRTmrQmg==" crossorigin="anonymous"></script>
<!--[if lt IE 10]> <!--[if lt IE 10]>
<style type="text/css">body {padding-left:60px;padding-right:60px;} #ienotice {display:block;} #oldienotice {display:block;}</style> <style type="text/css">body {padding-left:60px;padding-right:60px;} #ienotice {display:block;} #oldienotice {display:block;}</style>
<![endif]--> <![endif]-->

View File

@ -49,7 +49,7 @@ if ($MARKDOWN):
endif; endif;
?> ?>
<script type="text/javascript" data-cfasync="false" src="js/purify-1.0.7.js" integrity="sha512-VnKJHLosO8z2ojNvWk9BEKYqnhZyWK9rM90FgZUUEp/PRnUqR5OLLKE0a3BkVmn7YgB7LXRrjHgFHQYKd6DAIA==" crossorigin="anonymous"></script> <script type="text/javascript" data-cfasync="false" src="js/purify-1.0.7.js" integrity="sha512-VnKJHLosO8z2ojNvWk9BEKYqnhZyWK9rM90FgZUUEp/PRnUqR5OLLKE0a3BkVmn7YgB7LXRrjHgFHQYKd6DAIA==" crossorigin="anonymous"></script>
<script type="text/javascript" data-cfasync="false" src="js/privatebin.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-YCn+cUn5IWzAnD+URrUMfDVZ9SjPtPw//qVIYf7ZIMxmh+oODCN/NbZq30K/8ldA1Al0udP5RQg4PyE6j6wdBQ==" crossorigin="anonymous"></script> <script type="text/javascript" data-cfasync="false" src="js/privatebin.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-h1C1N6TZ+iqfDWbftNalmtkkjmOfeFM7UB5ozNkH7zvaE4LkyCxhpvMGLObFycpCdA0W7VF8nVoLhRkRTmrQmg==" crossorigin="anonymous"></script>
<!--[if lt IE 10]> <!--[if lt IE 10]>
<style type="text/css">body {padding-left:60px;padding-right:60px;} #ienotice {display:block;} #oldienotice {display:block;}</style> <style type="text/css">body {padding-left:60px;padding-right:60px;} #ienotice {display:block;} #oldienotice {display:block;}</style>
<![endif]--> <![endif]-->

View File

@ -192,6 +192,7 @@ class Helper
{ {
$example = $version === 1 ? self::$commentV1 : self::$pasteV2; $example = $version === 1 ? self::$commentV1 : self::$pasteV2;
if ($version === 2) { if ($version === 2) {
$example['adata'] = $example['adata'][0];
$example['pasteid'] = $example['parentid'] = self::getPasteId(); $example['pasteid'] = $example['parentid'] = self::getPasteId();
$example['meta']['created'] = self::$commentV1['meta']['postdate']; $example['meta']['created'] = self::$commentV1['meta']['postdate'];
$example['meta']['icon'] = self::$commentV1['meta']['vizhash']; $example['meta']['icon'] = self::$commentV1['meta']['vizhash'];

View File

@ -8,7 +8,7 @@ use PrivateBin\Request;
class ControllerTest extends PHPUnit_Framework_TestCase class ControllerTest extends PHPUnit_Framework_TestCase
{ {
protected $_model; protected $_data;
protected $_path; protected $_path;
@ -16,7 +16,7 @@ class ControllerTest extends PHPUnit_Framework_TestCase
{ {
/* Setup Routine */ /* Setup Routine */
$this->_path = sys_get_temp_dir() . DIRECTORY_SEPARATOR . 'privatebin_data'; $this->_path = sys_get_temp_dir() . DIRECTORY_SEPARATOR . 'privatebin_data';
$this->_model = Filesystem::getInstance(array('dir' => $this->_path)); $this->_data = Filesystem::getInstance(array('dir' => $this->_path));
$this->reset(); $this->reset();
} }
@ -33,8 +33,8 @@ class ControllerTest extends PHPUnit_Framework_TestCase
$_POST = array(); $_POST = array();
$_GET = array(); $_GET = array();
$_SERVER = array(); $_SERVER = array();
if ($this->_model->exists(Helper::getPasteId())) { if ($this->_data->exists(Helper::getPasteId())) {
$this->_model->delete(Helper::getPasteId()); $this->_data->delete(Helper::getPasteId());
} }
$options = parse_ini_file(CONF_SAMPLE, true); $options = parse_ini_file(CONF_SAMPLE, true);
$options['purge']['dir'] = $this->_path; $options['purge']['dir'] = $this->_path;
@ -180,8 +180,8 @@ class ControllerTest extends PHPUnit_Framework_TestCase
ob_end_clean(); ob_end_clean();
$response = json_decode($content, true); $response = json_decode($content, true);
$this->assertEquals(0, $response['status'], 'outputs status'); $this->assertEquals(0, $response['status'], 'outputs status');
$this->assertTrue($this->_model->exists($response['id']), 'paste exists after posting data'); $this->assertTrue($this->_data->exists($response['id']), 'paste exists after posting data');
$paste = $this->_model->read($response['id']); $paste = $this->_data->read($response['id']);
$this->assertEquals( $this->assertEquals(
hash_hmac('sha256', $response['id'], $paste['meta']['salt']), hash_hmac('sha256', $response['id'], $paste['meta']['salt']),
$response['deletetoken'], $response['deletetoken'],
@ -211,8 +211,8 @@ class ControllerTest extends PHPUnit_Framework_TestCase
ob_end_clean(); ob_end_clean();
$response = json_decode($content, true); $response = json_decode($content, true);
$this->assertEquals(0, $response['status'], 'outputs status'); $this->assertEquals(0, $response['status'], 'outputs status');
$this->assertTrue($this->_model->exists($response['id']), 'paste exists after posting data'); $this->assertTrue($this->_data->exists($response['id']), 'paste exists after posting data');
$paste = $this->_model->read($response['id']); $paste = $this->_data->read($response['id']);
$this->assertEquals( $this->assertEquals(
hash_hmac('sha256', $response['id'], $paste['meta']['salt']), hash_hmac('sha256', $response['id'], $paste['meta']['salt']),
$response['deletetoken'], $response['deletetoken'],
@ -242,7 +242,7 @@ class ControllerTest extends PHPUnit_Framework_TestCase
ob_end_clean(); ob_end_clean();
$response = json_decode($content, true); $response = json_decode($content, true);
$this->assertEquals(1, $response['status'], 'outputs error status'); $this->assertEquals(1, $response['status'], 'outputs error status');
$this->assertFalse($this->_model->exists(Helper::getPasteId()), 'paste exists after posting data'); $this->assertFalse($this->_data->exists(Helper::getPasteId()), 'paste exists after posting data');
} }
/** /**
@ -267,8 +267,8 @@ class ControllerTest extends PHPUnit_Framework_TestCase
ob_end_clean(); ob_end_clean();
$response = json_decode($content, true); $response = json_decode($content, true);
$this->assertEquals(0, $response['status'], 'outputs status'); $this->assertEquals(0, $response['status'], 'outputs status');
$this->assertTrue($this->_model->exists($response['id']), 'paste exists after posting data'); $this->assertTrue($this->_data->exists($response['id']), 'paste exists after posting data');
$paste = $this->_model->read($response['id']); $paste = $this->_data->read($response['id']);
$this->assertEquals( $this->assertEquals(
hash_hmac('sha256', $response['id'], $paste['meta']['salt']), hash_hmac('sha256', $response['id'], $paste['meta']['salt']),
$response['deletetoken'], $response['deletetoken'],
@ -284,7 +284,7 @@ class ControllerTest extends PHPUnit_Framework_TestCase
$options = parse_ini_file(CONF, true); $options = parse_ini_file(CONF, true);
$options['traffic']['limit'] = 0; $options['traffic']['limit'] = 0;
Helper::createIniFile(CONF, $options); Helper::createIniFile(CONF, $options);
$this->_model->create(Helper::getPasteId(), Helper::getPaste()); $this->_data->create(Helper::getPasteId(), Helper::getPaste());
$paste = Helper::getPasteJson(); $paste = Helper::getPasteJson();
$file = tempnam(sys_get_temp_dir(), 'FOO'); $file = tempnam(sys_get_temp_dir(), 'FOO');
file_put_contents($file, $paste); file_put_contents($file, $paste);
@ -298,7 +298,7 @@ class ControllerTest extends PHPUnit_Framework_TestCase
ob_end_clean(); ob_end_clean();
$response = json_decode($content, true); $response = json_decode($content, true);
$this->assertEquals(1, $response['status'], 'outputs error status'); $this->assertEquals(1, $response['status'], 'outputs error status');
$this->assertTrue($this->_model->exists(Helper::getPasteId()), 'paste exists after posting data'); $this->assertTrue($this->_data->exists(Helper::getPasteId()), 'paste exists after posting data');
} }
/** /**
@ -323,8 +323,8 @@ class ControllerTest extends PHPUnit_Framework_TestCase
ob_end_clean(); ob_end_clean();
$response = json_decode($content, true); $response = json_decode($content, true);
$this->assertEquals(0, $response['status'], 'outputs status'); $this->assertEquals(0, $response['status'], 'outputs status');
$this->assertTrue($this->_model->exists($response['id']), 'paste exists after posting data'); $this->assertTrue($this->_data->exists($response['id']), 'paste exists after posting data');
$paste = $this->_model->read($response['id']); $paste = $this->_data->read($response['id']);
$this->assertEquals( $this->assertEquals(
hash_hmac('sha256', $response['id'], $paste['meta']['salt']), hash_hmac('sha256', $response['id'], $paste['meta']['salt']),
$response['deletetoken'], $response['deletetoken'],
@ -355,8 +355,8 @@ class ControllerTest extends PHPUnit_Framework_TestCase
ob_end_clean(); ob_end_clean();
$response = json_decode($content, true); $response = json_decode($content, true);
$this->assertEquals(0, $response['status'], 'outputs status'); $this->assertEquals(0, $response['status'], 'outputs status');
$this->assertTrue($this->_model->exists($response['id']), 'paste exists after posting data'); $this->assertTrue($this->_data->exists($response['id']), 'paste exists after posting data');
$paste = $this->_model->read($response['id']); $paste = $this->_data->read($response['id']);
$this->assertEquals( $this->assertEquals(
hash_hmac('sha256', $response['id'], $paste['meta']['salt']), hash_hmac('sha256', $response['id'], $paste['meta']['salt']),
$response['deletetoken'], $response['deletetoken'],
@ -387,8 +387,8 @@ class ControllerTest extends PHPUnit_Framework_TestCase
ob_end_clean(); ob_end_clean();
$response = json_decode($content, true); $response = json_decode($content, true);
$this->assertEquals(0, $response['status'], 'outputs status'); $this->assertEquals(0, $response['status'], 'outputs status');
$this->assertTrue($this->_model->exists($response['id']), 'paste exists after posting data'); $this->assertTrue($this->_data->exists($response['id']), 'paste exists after posting data');
$paste = $this->_model->read($response['id']); $paste = $this->_data->read($response['id']);
$this->assertEquals( $this->assertEquals(
hash_hmac('sha256', $response['id'], $paste['meta']['salt']), hash_hmac('sha256', $response['id'], $paste['meta']['salt']),
$response['deletetoken'], $response['deletetoken'],
@ -418,7 +418,7 @@ class ControllerTest extends PHPUnit_Framework_TestCase
ob_end_clean(); ob_end_clean();
$response = json_decode($content, true); $response = json_decode($content, true);
$this->assertEquals(1, $response['status'], 'outputs error status'); $this->assertEquals(1, $response['status'], 'outputs error status');
$this->assertFalse($this->_model->exists(Helper::getPasteId()), 'paste exists after posting data'); $this->assertFalse($this->_data->exists(Helper::getPasteId()), 'paste exists after posting data');
} }
/** /**
@ -443,7 +443,7 @@ class ControllerTest extends PHPUnit_Framework_TestCase
ob_end_clean(); ob_end_clean();
$response = json_decode($content, true); $response = json_decode($content, true);
$this->assertEquals(1, $response['status'], 'outputs error status'); $this->assertEquals(1, $response['status'], 'outputs error status');
$this->assertFalse($this->_model->exists(Helper::getPasteId()), 'paste exists after posting data'); $this->assertFalse($this->_data->exists(Helper::getPasteId()), 'paste exists after posting data');
} }
/** /**
@ -463,9 +463,9 @@ class ControllerTest extends PHPUnit_Framework_TestCase
$_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest'; $_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest';
$_SERVER['REQUEST_METHOD'] = 'POST'; $_SERVER['REQUEST_METHOD'] = 'POST';
$_SERVER['REMOTE_ADDR'] = '::1'; $_SERVER['REMOTE_ADDR'] = '::1';
$this->assertFalse($this->_model->exists(Helper::getPasteId()), 'paste does not exists before posting data'); $this->assertFalse($this->_data->exists(Helper::getPasteId()), 'paste does not exists before posting data');
new Controller; new Controller;
$this->assertFalse($this->_model->exists(Helper::getPasteId()), 'paste exists after posting data'); $this->assertFalse($this->_data->exists(Helper::getPasteId()), 'paste exists after posting data');
} }
/** /**
@ -483,14 +483,14 @@ class ControllerTest extends PHPUnit_Framework_TestCase
ob_start(); ob_start();
new Controller; new Controller;
ob_end_clean(); ob_end_clean();
$this->_model->delete(Helper::getPasteId()); $this->_data->delete(Helper::getPasteId());
ob_start(); ob_start();
new Controller; new Controller;
$content = ob_get_contents(); $content = ob_get_contents();
ob_end_clean(); ob_end_clean();
$response = json_decode($content, true); $response = json_decode($content, true);
$this->assertEquals(1, $response['status'], 'outputs error status'); $this->assertEquals(1, $response['status'], 'outputs error status');
$this->assertFalse($this->_model->exists(Helper::getPasteId()), 'paste exists after posting data'); $this->assertFalse($this->_data->exists(Helper::getPasteId()), 'paste exists after posting data');
} }
/** /**
@ -508,14 +508,14 @@ class ControllerTest extends PHPUnit_Framework_TestCase
$_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest'; $_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest';
$_SERVER['REQUEST_METHOD'] = 'POST'; $_SERVER['REQUEST_METHOD'] = 'POST';
$_SERVER['REMOTE_ADDR'] = '::1'; $_SERVER['REMOTE_ADDR'] = '::1';
$this->_model->create(Helper::getPasteId(), Helper::getPaste()); $this->_data->create(Helper::getPasteId(), Helper::getPaste());
ob_start(); ob_start();
new Controller; new Controller;
$content = ob_get_contents(); $content = ob_get_contents();
ob_end_clean(); ob_end_clean();
$response = json_decode($content, true); $response = json_decode($content, true);
$this->assertEquals(0, $response['status'], 'outputs status'); $this->assertEquals(0, $response['status'], 'outputs status');
$this->assertTrue($this->_model->existsComment(Helper::getPasteId(), Helper::getPasteId(), $response['id']), 'paste exists after posting data'); $this->assertTrue($this->_data->existsComment(Helper::getPasteId(), Helper::getPasteId(), $response['id']), 'paste exists after posting data');
} }
/** /**
@ -534,14 +534,14 @@ class ControllerTest extends PHPUnit_Framework_TestCase
$_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest'; $_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest';
$_SERVER['REQUEST_METHOD'] = 'POST'; $_SERVER['REQUEST_METHOD'] = 'POST';
$_SERVER['REMOTE_ADDR'] = '::1'; $_SERVER['REMOTE_ADDR'] = '::1';
$this->_model->create(Helper::getPasteId(), Helper::getPaste()); $this->_data->create(Helper::getPasteId(), Helper::getPaste());
ob_start(); ob_start();
new Controller; new Controller;
$content = ob_get_contents(); $content = ob_get_contents();
ob_end_clean(); ob_end_clean();
$response = json_decode($content, true); $response = json_decode($content, true);
$this->assertEquals(1, $response['status'], 'outputs error status'); $this->assertEquals(1, $response['status'], 'outputs error status');
$this->assertFalse($this->_model->existsComment(Helper::getPasteId(), Helper::getPasteId(), Helper::getCommentId()), 'paste exists after posting data'); $this->assertFalse($this->_data->existsComment(Helper::getPasteId(), Helper::getPasteId(), Helper::getCommentId()), 'paste exists after posting data');
} }
/** /**
@ -561,14 +561,14 @@ class ControllerTest extends PHPUnit_Framework_TestCase
$_SERVER['REMOTE_ADDR'] = '::1'; $_SERVER['REMOTE_ADDR'] = '::1';
$paste = Helper::getPaste(); $paste = Helper::getPaste();
$paste['adata'][2] = 0; $paste['adata'][2] = 0;
$this->_model->create(Helper::getPasteId(), $paste); $this->_data->create(Helper::getPasteId(), $paste);
ob_start(); ob_start();
new Controller; new Controller;
$content = ob_get_contents(); $content = ob_get_contents();
ob_end_clean(); ob_end_clean();
$response = json_decode($content, true); $response = json_decode($content, true);
$this->assertEquals(1, $response['status'], 'outputs error status'); $this->assertEquals(1, $response['status'], 'outputs error status');
$this->assertFalse($this->_model->existsComment(Helper::getPasteId(), Helper::getPasteId(), Helper::getCommentId()), 'paste exists after posting data'); $this->assertFalse($this->_data->existsComment(Helper::getPasteId(), Helper::getPasteId(), Helper::getCommentId()), 'paste exists after posting data');
} }
/** /**
@ -592,7 +592,7 @@ class ControllerTest extends PHPUnit_Framework_TestCase
ob_end_clean(); ob_end_clean();
$response = json_decode($content, true); $response = json_decode($content, true);
$this->assertEquals(1, $response['status'], 'outputs error status'); $this->assertEquals(1, $response['status'], 'outputs error status');
$this->assertFalse($this->_model->existsComment(Helper::getPasteId(), Helper::getPasteId(), Helper::getCommentId()), 'paste exists after posting data'); $this->assertFalse($this->_data->existsComment(Helper::getPasteId(), Helper::getPasteId(), Helper::getCommentId()), 'paste exists after posting data');
} }
/** /**
@ -603,9 +603,9 @@ class ControllerTest extends PHPUnit_Framework_TestCase
$options = parse_ini_file(CONF, true); $options = parse_ini_file(CONF, true);
$options['traffic']['limit'] = 0; $options['traffic']['limit'] = 0;
Helper::createIniFile(CONF, $options); Helper::createIniFile(CONF, $options);
$this->_model->create(Helper::getPasteId(), Helper::getPaste()); $this->_data->create(Helper::getPasteId(), Helper::getPaste());
$this->_model->createComment(Helper::getPasteId(), Helper::getPasteId(), Helper::getPasteId(), Helper::getComment()); $this->_data->createComment(Helper::getPasteId(), Helper::getPasteId(), Helper::getPasteId(), Helper::getComment());
$this->assertTrue($this->_model->existsComment(Helper::getPasteId(), Helper::getPasteId(), Helper::getPasteId()), 'comment exists before posting data'); $this->assertTrue($this->_data->existsComment(Helper::getPasteId(), Helper::getPasteId(), Helper::getPasteId()), 'comment exists before posting data');
$comment = Helper::getCommentJson(); $comment = Helper::getCommentJson();
$file = tempnam(sys_get_temp_dir(), 'FOO'); $file = tempnam(sys_get_temp_dir(), 'FOO');
file_put_contents($file, $comment); file_put_contents($file, $comment);
@ -619,7 +619,7 @@ class ControllerTest extends PHPUnit_Framework_TestCase
ob_end_clean(); ob_end_clean();
$response = json_decode($content, true); $response = json_decode($content, true);
$this->assertEquals(1, $response['status'], 'outputs error status'); $this->assertEquals(1, $response['status'], 'outputs error status');
$this->assertTrue($this->_model->existsComment(Helper::getPasteId(), Helper::getPasteId(), Helper::getPasteId()), 'paste exists after posting data'); $this->assertTrue($this->_data->existsComment(Helper::getPasteId(), Helper::getPasteId(), Helper::getPasteId()), 'paste exists after posting data');
} }
/** /**
@ -662,7 +662,7 @@ class ControllerTest extends PHPUnit_Framework_TestCase
public function testReadExpired() public function testReadExpired()
{ {
$expiredPaste = Helper::getPaste(2, array('expire_date' => 1344803344)); $expiredPaste = Helper::getPaste(2, array('expire_date' => 1344803344));
$this->_model->create(Helper::getPasteId(), $expiredPaste); $this->_data->create(Helper::getPasteId(), $expiredPaste);
$_SERVER['QUERY_STRING'] = Helper::getPasteId(); $_SERVER['QUERY_STRING'] = Helper::getPasteId();
$_GET[Helper::getPasteId()] = ''; $_GET[Helper::getPasteId()] = '';
$_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest'; $_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest';
@ -682,7 +682,7 @@ class ControllerTest extends PHPUnit_Framework_TestCase
{ {
$paste = Helper::getPaste(); $paste = Helper::getPaste();
$paste['adata'][3] = 1; $paste['adata'][3] = 1;
$this->_model->create(Helper::getPasteId(), $paste); $this->_data->create(Helper::getPasteId(), $paste);
$_SERVER['QUERY_STRING'] = Helper::getPasteId(); $_SERVER['QUERY_STRING'] = Helper::getPasteId();
$_GET[Helper::getPasteId()] = ''; $_GET[Helper::getPasteId()] = '';
$_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest'; $_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest';
@ -702,7 +702,7 @@ class ControllerTest extends PHPUnit_Framework_TestCase
$this->assertEquals(0, $response['comment_count'], 'outputs comment_count correctly'); $this->assertEquals(0, $response['comment_count'], 'outputs comment_count correctly');
$this->assertEquals(0, $response['comment_offset'], 'outputs comment_offset correctly'); $this->assertEquals(0, $response['comment_offset'], 'outputs comment_offset correctly');
// by default it will be deleted instantly after it is read // by default it will be deleted instantly after it is read
$this->assertFalse($this->_model->exists(Helper::getPasteId()), 'paste exists after reading'); $this->assertFalse($this->_data->exists(Helper::getPasteId()), 'paste exists after reading');
} }
/** /**
@ -711,7 +711,7 @@ class ControllerTest extends PHPUnit_Framework_TestCase
public function testReadJson() public function testReadJson()
{ {
$paste = Helper::getPaste(); $paste = Helper::getPaste();
$this->_model->create(Helper::getPasteId(), $paste); $this->_data->create(Helper::getPasteId(), $paste);
$_SERVER['QUERY_STRING'] = Helper::getPasteId(); $_SERVER['QUERY_STRING'] = Helper::getPasteId();
$_GET[Helper::getPasteId()] = ''; $_GET[Helper::getPasteId()] = '';
$_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest'; $_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest';
@ -743,7 +743,7 @@ class ControllerTest extends PHPUnit_Framework_TestCase
'postdate' => $paste['meta']['postdate'], 'postdate' => $paste['meta']['postdate'],
'opendiscussion' => $paste['meta']['opendiscussion'], 'opendiscussion' => $paste['meta']['opendiscussion'],
); );
$this->_model->create(Helper::getPasteId(), $paste); $this->_data->create(Helper::getPasteId(), $paste);
$_SERVER['QUERY_STRING'] = Helper::getPasteId(); $_SERVER['QUERY_STRING'] = Helper::getPasteId();
$_GET[Helper::getPasteId()] = ''; $_GET[Helper::getPasteId()] = '';
$_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest'; $_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest';
@ -770,8 +770,8 @@ class ControllerTest extends PHPUnit_Framework_TestCase
{ {
$burnPaste = Helper::getPaste(); $burnPaste = Helper::getPaste();
$burnPaste['adata'][3] = 1; $burnPaste['adata'][3] = 1;
$this->_model->create(Helper::getPasteId(), $burnPaste); $this->_data->create(Helper::getPasteId(), $burnPaste);
$this->assertTrue($this->_model->exists(Helper::getPasteId()), 'paste exists before deleting data'); $this->assertTrue($this->_data->exists(Helper::getPasteId()), 'paste exists before deleting data');
$_SERVER['QUERY_STRING'] = Helper::getPasteId(); $_SERVER['QUERY_STRING'] = Helper::getPasteId();
$_GET[Helper::getPasteId()] = ''; $_GET[Helper::getPasteId()] = '';
$_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest'; $_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest';
@ -781,7 +781,7 @@ class ControllerTest extends PHPUnit_Framework_TestCase
ob_end_clean(); ob_end_clean();
$response = json_decode($content, true); $response = json_decode($content, true);
$this->assertEquals(0, $response['status'], 'outputs status'); $this->assertEquals(0, $response['status'], 'outputs status');
$this->assertFalse($this->_model->exists(Helper::getPasteId()), 'paste successfully deleted'); $this->assertFalse($this->_data->exists(Helper::getPasteId()), 'paste successfully deleted');
} }
/** /**
@ -789,9 +789,9 @@ class ControllerTest extends PHPUnit_Framework_TestCase
*/ */
public function testDelete() public function testDelete()
{ {
$this->_model->create(Helper::getPasteId(), Helper::getPaste()); $this->_data->create(Helper::getPasteId(), Helper::getPaste());
$this->assertTrue($this->_model->exists(Helper::getPasteId()), 'paste exists before deleting data'); $this->assertTrue($this->_data->exists(Helper::getPasteId()), 'paste exists before deleting data');
$paste = $this->_model->read(Helper::getPasteId()); $paste = $this->_data->read(Helper::getPasteId());
$_GET['pasteid'] = Helper::getPasteId(); $_GET['pasteid'] = Helper::getPasteId();
$_GET['deletetoken'] = hash_hmac('sha256', Helper::getPasteId(), $paste['meta']['salt']); $_GET['deletetoken'] = hash_hmac('sha256', Helper::getPasteId(), $paste['meta']['salt']);
ob_start(); ob_start();
@ -803,7 +803,7 @@ class ControllerTest extends PHPUnit_Framework_TestCase
$content, $content,
'outputs deleted status correctly' 'outputs deleted status correctly'
); );
$this->assertFalse($this->_model->exists(Helper::getPasteId()), 'paste successfully deleted'); $this->assertFalse($this->_data->exists(Helper::getPasteId()), 'paste successfully deleted');
} }
/** /**
@ -811,7 +811,7 @@ class ControllerTest extends PHPUnit_Framework_TestCase
*/ */
public function testDeleteInvalidId() public function testDeleteInvalidId()
{ {
$this->_model->create(Helper::getPasteId(), Helper::getPaste()); $this->_data->create(Helper::getPasteId(), Helper::getPaste());
$_GET['pasteid'] = 'foo'; $_GET['pasteid'] = 'foo';
$_GET['deletetoken'] = 'bar'; $_GET['deletetoken'] = 'bar';
ob_start(); ob_start();
@ -823,7 +823,7 @@ class ControllerTest extends PHPUnit_Framework_TestCase
$content, $content,
'outputs delete error correctly' 'outputs delete error correctly'
); );
$this->assertTrue($this->_model->exists(Helper::getPasteId()), 'paste exists after failing to delete data'); $this->assertTrue($this->_data->exists(Helper::getPasteId()), 'paste exists after failing to delete data');
} }
/** /**
@ -849,7 +849,7 @@ class ControllerTest extends PHPUnit_Framework_TestCase
*/ */
public function testDeleteInvalidToken() public function testDeleteInvalidToken()
{ {
$this->_model->create(Helper::getPasteId(), Helper::getPaste()); $this->_data->create(Helper::getPasteId(), Helper::getPaste());
$_GET['pasteid'] = Helper::getPasteId(); $_GET['pasteid'] = Helper::getPasteId();
$_GET['deletetoken'] = 'bar'; $_GET['deletetoken'] = 'bar';
ob_start(); ob_start();
@ -861,7 +861,7 @@ class ControllerTest extends PHPUnit_Framework_TestCase
$content, $content,
'outputs delete error correctly' 'outputs delete error correctly'
); );
$this->assertTrue($this->_model->exists(Helper::getPasteId()), 'paste exists after failing to delete data'); $this->assertTrue($this->_data->exists(Helper::getPasteId()), 'paste exists after failing to delete data');
} }
/** /**
@ -869,8 +869,8 @@ class ControllerTest extends PHPUnit_Framework_TestCase
*/ */
public function testDeleteInvalidBurnAfterReading() public function testDeleteInvalidBurnAfterReading()
{ {
$this->_model->create(Helper::getPasteId(), Helper::getPaste()); $this->_data->create(Helper::getPasteId(), Helper::getPaste());
$this->assertTrue($this->_model->exists(Helper::getPasteId()), 'paste exists before deleting data'); $this->assertTrue($this->_data->exists(Helper::getPasteId()), 'paste exists before deleting data');
$file = tempnam(sys_get_temp_dir(), 'FOO'); $file = tempnam(sys_get_temp_dir(), 'FOO');
file_put_contents($file, json_encode(array( file_put_contents($file, json_encode(array(
'deletetoken' => 'burnafterreading', 'deletetoken' => 'burnafterreading',
@ -886,7 +886,7 @@ class ControllerTest extends PHPUnit_Framework_TestCase
ob_end_clean(); ob_end_clean();
$response = json_decode($content, true); $response = json_decode($content, true);
$this->assertEquals(1, $response['status'], 'outputs status'); $this->assertEquals(1, $response['status'], 'outputs status');
$this->assertTrue($this->_model->exists(Helper::getPasteId()), 'paste exists after failing to delete data'); $this->assertTrue($this->_data->exists(Helper::getPasteId()), 'paste exists after failing to delete data');
} }
/** /**
@ -895,9 +895,9 @@ class ControllerTest extends PHPUnit_Framework_TestCase
public function testDeleteExpired() public function testDeleteExpired()
{ {
$expiredPaste = Helper::getPaste(2, array('expire_date' => 1000)); $expiredPaste = Helper::getPaste(2, array('expire_date' => 1000));
$this->assertFalse($this->_model->exists(Helper::getPasteId()), 'paste does not exist before being created'); $this->assertFalse($this->_data->exists(Helper::getPasteId()), 'paste does not exist before being created');
$this->_model->create(Helper::getPasteId(), $expiredPaste); $this->_data->create(Helper::getPasteId(), $expiredPaste);
$this->assertTrue($this->_model->exists(Helper::getPasteId()), 'paste exists before deleting data'); $this->assertTrue($this->_data->exists(Helper::getPasteId()), 'paste exists before deleting data');
$_GET['pasteid'] = Helper::getPasteId(); $_GET['pasteid'] = Helper::getPasteId();
$_GET['deletetoken'] = 'does not matter in this context, but has to be set'; $_GET['deletetoken'] = 'does not matter in this context, but has to be set';
ob_start(); ob_start();
@ -909,7 +909,7 @@ class ControllerTest extends PHPUnit_Framework_TestCase
$content, $content,
'outputs error correctly' 'outputs error correctly'
); );
$this->assertFalse($this->_model->exists(Helper::getPasteId()), 'paste successfully deleted'); $this->assertFalse($this->_data->exists(Helper::getPasteId()), 'paste successfully deleted');
} }
/** /**
@ -919,8 +919,8 @@ class ControllerTest extends PHPUnit_Framework_TestCase
{ {
$paste = Helper::getPaste(); $paste = Helper::getPaste();
unset($paste['meta']['salt']); unset($paste['meta']['salt']);
$this->_model->create(Helper::getPasteId(), $paste); $this->_data->create(Helper::getPasteId(), $paste);
$this->assertTrue($this->_model->exists(Helper::getPasteId()), 'paste exists before deleting data'); $this->assertTrue($this->_data->exists(Helper::getPasteId()), 'paste exists before deleting data');
$_GET['pasteid'] = Helper::getPasteId(); $_GET['pasteid'] = Helper::getPasteId();
$_GET['deletetoken'] = hash_hmac('sha256', Helper::getPasteId(), ServerSalt::get()); $_GET['deletetoken'] = hash_hmac('sha256', Helper::getPasteId(), ServerSalt::get());
ob_start(); ob_start();
@ -932,6 +932,6 @@ class ControllerTest extends PHPUnit_Framework_TestCase
$content, $content,
'outputs deleted status correctly' 'outputs deleted status correctly'
); );
$this->assertFalse($this->_model->exists(Helper::getPasteId()), 'paste successfully deleted'); $this->assertFalse($this->_data->exists(Helper::getPasteId()), 'paste successfully deleted');
} }
} }

View File

@ -23,7 +23,7 @@ class ControllerWithDbTest extends ControllerTest
mkdir($this->_path); mkdir($this->_path);
} }
$this->_options['dsn'] = 'sqlite:' . $this->_path . DIRECTORY_SEPARATOR . 'tst.sq3'; $this->_options['dsn'] = 'sqlite:' . $this->_path . DIRECTORY_SEPARATOR . 'tst.sq3';
$this->_model = Database::getInstance($this->_options); $this->_data = Database::getInstance($this->_options);
$this->reset(); $this->reset();
} }