/** * Testing the doGET method. */ public function testDoGET() { $config = ConfigProvider::getInstance(); $sessionProvider = $config->get('session.provider.name'); $session = SessionProviderFactory::getInstance($sessionProvider); $front = new FrontController(); $request = new Request(array('method' => 'GET', 'URI' => '/sequence')); $response = $front->process($request); $this->assertEquals(200, $response->getStatus(), 'Testing the doGET method'); $this->assertEquals('text/html', $response->getHeader('Content-Type'), 'Testing the doGET method'); $request = new Request(array('method' => 'GET', 'URI' => '/sequence/0/1')); $response = $front->process($request); $this->assertEquals(200, $response->getStatus(), 'Testing the doGET method'); $this->assertEquals('text/html', $response->getHeader('Content-Type'), 'Testing the doGET method'); }
/** * Testing the doGET method. */ public function testDoGET() { $front = new FrontController(); $request = new Request(array('method' => 'GET', 'URI' => '/')); $response = $front->process($request); $this->assertEquals(200, $response->getStatus(), 'Testing the doGET method'); $this->assertEquals('text/html', $response->getHeader('Content-Type'), 'Testing the doGET method'); }
/** * Testing the doGET method. */ public function testDoGET() { $config = ConfigProvider::getInstance(); $sessionProvider = $config->get('session.provider.name'); $session = SessionProviderFactory::getInstance($sessionProvider); $front = new FrontController(); $request = new Request(array('method' => 'GET', 'URI' => '/image/' . urlencode($config->get('app.root') . 'public/images/icons/accept.png') . '/16/16/png/0.75/false/false')); $response = $front->process($request); $this->assertEquals(200, $response->getStatus(), 'Testing the doGET method'); $this->assertEquals('image/jpeg', $response->getHeader('Content-Type'), 'Testing the doGET method'); $request = new Request(array('method' => 'GET', 'URI' => '/image/' . urlencode($config->get('app.root') . 'public/images/icons/accept.png') . '/16/16/png/0.75/false/true')); $response = $front->process($request); $this->assertEquals(200, $response->getStatus(), 'Testing the doGET method'); $this->assertEquals('image/jpeg', $response->getHeader('Content-Type'), 'Testing the doGET method with secure image and no tokens'); $tokens = Controller::generateSecurityFields(); $request = new Request(array('method' => 'GET', 'URI' => '/image/' . urlencode($config->get('app.root') . 'public/images/icons/accept.png') . '/16/16/png/0.75/false/true/' . urlencode($tokens[0]) . '/' . urlencode($tokens[1]))); $response = $front->process($request); $this->assertEquals(200, $response->getStatus(), 'Testing the doGET method'); $this->assertEquals('image/jpeg', $response->getHeader('Content-Type'), 'Testing the doGET method with secure image and valid tokens'); }
/** * Testing the doPOST method. */ public function testDoPOST() { $config = ConfigProvider::getInstance(); $sessionProvider = $config->get('session.provider.name'); $session = SessionProviderFactory::getInstance($sessionProvider); $front = new FrontController(); $controller = new GenSecureQueryStringController(); $securityParams = $controller->generateSecurityFields(); $params = array('QS' => 'act=ViewArticle&oid=00000000001', 'var1' => $securityParams[0], 'var2' => $securityParams[1]); $request = new Request(array('method' => 'POST', 'URI' => '/gensecure', 'params' => $params)); $response = $front->process($request); $this->assertEquals(200, $response->getStatus(), 'Testing the doPOST method'); $this->assertEquals('text/html', $response->getHeader('Content-Type'), 'Testing the doPOST method'); }
/** * Testing the doDELETE method. */ public function testDoDELETE() { $config = ConfigProvider::getInstance(); $sessionProvider = $config->get('session.provider.name'); $session = SessionProviderFactory::getInstance($sessionProvider); $front = new FrontController(); $controller = new ActiveRecordController(); $securityParams = $controller->generateSecurityFields(); $person = $this->createPersonObject('test'); $person->save(); $params = array('var1' => $securityParams[0], 'var2' => $securityParams[1]); $request = new Request(array('method' => 'DELETE', 'URI' => '/record/' . urlencode('Alpha\\Model\\Person') . '/' . $person->getOID(), 'params' => $params)); $response = $front->process($request); $this->assertEquals(301, $response->getStatus(), 'Testing the doDELETE method'); $this->assertTrue(strpos($response->getHeader('Location'), '/records/' . urlencode('Alpha\\Model\\Person')) !== false, 'Testing the doDELETE method'); $person = $this->createPersonObject('test'); $person->save(); $params = array('var1' => $securityParams[0], 'var2' => $securityParams[1]); $request = new Request(array('method' => 'DELETE', 'URI' => '/tk/' . FrontController::encodeQuery('act=Alpha\\Controller\\ActiveRecordController&ActiveRecordType=Alpha\\Model\\Person&ActiveRecordOID=' . $person->getOID()), 'params' => $params)); $response = $front->process($request); $this->assertEquals(301, $response->getStatus(), 'Testing the doDELETE method'); $this->assertTrue(strpos($response->getHeader('Location'), '/tk/') !== false, 'Testing the doDELETE method'); $person = $this->createPersonObject('test'); $person->save(); $request = new Request(array('method' => 'DELETE', 'URI' => '/record/' . urlencode('Alpha\\Model\\Person') . '/' . $person->getOID(), 'params' => $params, 'headers' => array('Accept' => 'application/json'))); $response = $front->process($request); $this->assertEquals(200, $response->getStatus(), 'Testing the doDELETE method'); $this->assertEquals('application/json', $response->getHeader('Content-Type'), 'Testing the doDELETE method'); $this->assertEquals('deleted', json_decode($response->getBody())->message, 'Testing the doDELETE method'); }
/** * Testing default param values are handled correctly. */ public function testDefaultParamValues() { $_SERVER['REQUEST_URI'] = '/'; $front = new FrontController(); $front->addRoute('/one/{param}', function ($request) { return new Response(200, $request->getParam('param')); })->value('param', 'blah'); $request = new Request(array('method' => 'GET', 'URI' => '/one')); $response = $front->process($request); $this->assertEquals('blah', $response->getBody(), 'Testing default param values are handled correctly'); $front->addRoute('/two/{param1}/{param2}', function ($request) { return new Response(200, $request->getParam('param1') . ' ' . $request->getParam('param2')); })->value('param1', 'two')->value('param2', 'params'); $request = new Request(array('method' => 'GET', 'URI' => '/two')); $response = $front->process($request); $this->assertEquals('two params', $response->getBody(), 'Testing default param values are handled correctly'); $request = new Request(array('method' => 'GET', 'URI' => '/two/two')); $response = $front->process($request); $this->assertEquals('two params', $response->getBody(), 'Testing default param values are handled correctly'); $front->addRoute('/three/{param1}/params/{param2}/{param3}', function ($request) { return new Response(200, $request->getParam('param1') . ' ' . $request->getParam('param2')); })->value('param1', 'has')->value('param2', 'three')->value('param3', 'params'); $request = new Request(array('method' => 'GET', 'URI' => '/three/has/params')); $response = $front->process($request); $this->assertEquals('has three', $response->getBody(), 'Testing default param values are handled correctly'); }
public function testDoPUT() { $config = ConfigProvider::getInstance(); $sessionProvider = $config->get('session.provider.name'); $session = SessionProviderFactory::getInstance($sessionProvider); $front = new FrontController(); $controller = new ArticleController(); $article = $this->createArticleObject('test article'); $article->save(); if (!file_exists($article->getAttachmentsLocation())) { mkdir($article->getAttachmentsLocation(), 0774); } $person = $this->createPersonObject('test'); $person->save(); $session->set('currentUser', $person); $securityParams = $controller->generateSecurityFields(); $attachment = array('name' => 'logo.png', 'type' => 'image/png', 'tmp_name' => $config->get('app.root') . 'public/images/logo-small.png'); $params = array('uploadBut' => true, 'var1' => $securityParams[0], 'var2' => $securityParams[1]); $params = array_merge($params, $article->toArray()); $request = new Request(array('method' => 'PUT', 'URI' => '/a/test-article', 'params' => $params, 'files' => array('userfile' => $attachment))); $response = $front->process($request); $this->assertEquals(301, $response->getStatus(), 'Testing the doPUT method'); $this->assertTrue(strpos($response->getHeader('Location'), '/a/test-article/edit') !== false, 'Testing the doPUT method'); $this->assertTrue(file_exists($article->getAttachmentsLocation() . '/logo.png')); $params = array('deletefile' => 'logo.png', 'var1' => $securityParams[0], 'var2' => $securityParams[1]); $params = array_merge($params, $article->toArray()); $request = new Request(array('method' => 'PUT', 'URI' => '/a/test-article', 'params' => $params)); $response = $front->process($request); $this->assertEquals(301, $response->getStatus(), 'Testing the doPUT method'); $this->assertTrue(strpos($response->getHeader('Location'), '/a/test-article/edit') !== false, 'Testing the doPUT method'); $this->assertFalse(file_exists($article->getAttachmentsLocation() . '/logo.png')); }
/** * Testing the doGET method. */ public function testDoGET() { $config = ConfigProvider::getInstance(); $sessionProvider = $config->get('session.provider.name'); $session = SessionProviderFactory::getInstance($sessionProvider); $front = new FrontController(); $article = $this->createArticleObject('test article'); $article->save(); $request = new Request(array('method' => 'GET', 'URI' => '/feed/' . urlencode('Alpha\\Model\\Article'))); $response = $front->process($request); $this->assertEquals(200, $response->getStatus(), 'Testing the doGET method'); $this->assertEquals('application/atom+xml', $response->getHeader('Content-Type'), 'Testing the doGET method'); $request = new Request(array('method' => 'GET', 'URI' => '/feed/' . urlencode('Alpha\\Model\\Article') . '/RSS')); $response = $front->process($request); $this->assertEquals(200, $response->getStatus(), 'Testing the doGET method'); $this->assertEquals('application/rss+xml', $response->getHeader('Content-Type'), 'Testing the doGET method'); $request = new Request(array('method' => 'GET', 'URI' => '/feed/' . urlencode('Alpha\\Model\\Article') . '/RSS2')); $response = $front->process($request); $this->assertEquals(200, $response->getStatus(), 'Testing the doGET method'); $this->assertEquals('application/rss+xml', $response->getHeader('Content-Type'), 'Testing the doGET method'); }
/** * Testing the doPOST method. */ public function testDoPOST() { $config = ConfigProvider::getInstance(); $sessionProvider = $config->get('session.provider.name'); $session = SessionProviderFactory::getInstance($sessionProvider); $front = new FrontController(); $controller = new DEnumController(); $securityParams = $controller->generateSecurityFields(); $item = new DEnumItem(); $denumItems = $item->loadItems($this->denum->getOID()); $item = $denumItems[0]; $params = array('saveBut' => true, 'var1' => $securityParams[0], 'var2' => $securityParams[1], 'value_' . $item->getOID() => 'updated'); $params = array_merge($params, $item->toArray()); $request = new Request(array('method' => 'POST', 'URI' => '/denum/' . $this->denum->getOID(), 'params' => $params)); $response = $front->process($request); $this->assertEquals(200, $response->getStatus(), 'Testing the doPOST method'); $this->assertEquals('text/html', $response->getHeader('Content-Type'), 'Testing the doPOST method'); }
/** * Testing the doGET method. */ public function testDoGET() { $config = ConfigProvider::getInstance(); $front = new FrontController(); $article = $this->createArticle('testing'); $article->save(); $request = new Request(array('method' => 'GET', 'URI' => '/search/blah')); $response = $front->process($request); $this->assertEquals(200, $response->getStatus(), 'Testing the doGET method'); $this->assertEquals('text/html', $response->getHeader('Content-Type'), 'Testing the doGET method'); $request = new Request(array('method' => 'GET', 'URI' => '/search/blah/0/1')); $response = $front->process($request); $this->assertEquals(200, $response->getStatus(), 'Testing the doGET method with pagination params'); $this->assertEquals('text/html', $response->getHeader('Content-Type'), 'Testing the doGET method'); }
/** * Testing the doGET method. */ public function testDoGET() { $config = ConfigProvider::getInstance(); $sessionProvider = $config->get('session.provider.name'); $session = SessionProviderFactory::getInstance($sessionProvider); $front = new FrontController(); $person = $this->createPersonObject('test'); $person->save(); $request = new Request(array('method' => 'GET', 'URI' => '/excel/Person/' . $person->getOID())); $response = $front->process($request); $this->assertEquals(200, $response->getStatus(), 'Testing the doGET method'); $this->assertEquals('application/vnd.ms-excel', $response->getHeader('Content-Type'), 'Testing the doGET method'); $this->assertEquals('attachment; filename=Person-00000000001.xls', $response->getHeader('Content-Disposition'), 'Testing the doGET method'); }
/** * Testing updating a table via doPOST method */ public function testDoPOSTUpdateTable() { $config = ConfigProvider::getInstance(); $sessionProvider = $config->get('session.provider.name'); $session = SessionProviderFactory::getInstance($sessionProvider); $front = new FrontController(); $controller = new ListActiveRecordsController(); $article = new Article(); $securityParams = $controller->generateSecurityFields(); $params = array('var1' => $securityParams[0], 'var2' => $securityParams[1], 'admin_AlphaModelArticle_button_pressed' => 'updateTableBut', 'updateTableClass' => 'Alpha\\Model\\Article'); $request = new Request(array('method' => 'POST', 'URI' => '/listactiverecords', 'params' => $params)); $response = $front->process($request); $this->assertEquals(0, count($article->findMissingFields()), 'Testing updating a table via doPOST method'); }
/** * Testing the doPOST method. */ public function testDoPOST() { $config = ConfigProvider::getInstance(); $sessionProvider = $config->get('session.provider.name'); $session = SessionProviderFactory::getInstance($sessionProvider); $person = new Person(); $person->dropTable(); $front = new FrontController(); $controller = new LoginController(); $securityParams = $controller->generateSecurityFields(); $params = array('loginBut' => true, 'var1' => $securityParams[0], 'var2' => $securityParams[1], 'email' => $config->get('app.install.username'), 'password' => $config->get('app.install.password')); $request = new Request(array('method' => 'POST', 'URI' => '/login', 'params' => $params)); $response = $front->process($request); $this->assertEquals(301, $response->getStatus(), 'Testing the doPOST method during install'); $person->makeTable(); $person = $this->createPersonObject('logintest'); $person->save(); $params = array('loginBut' => true, 'var1' => $securityParams[0], 'var2' => $securityParams[1], 'email' => '*****@*****.**', 'password' => 'passwordTest'); $request = new Request(array('method' => 'POST', 'URI' => '/login', 'params' => $params)); $response = $front->process($request); $this->assertEquals(301, $response->getStatus(), 'Testing the doPOST with correct password'); $params['password'] = '******'; $request = new Request(array('method' => 'POST', 'URI' => '/login', 'params' => $params)); $response = $front->process($request); $this->assertEquals(200, $response->getStatus(), 'Testing the doPOST with incorrect password'); $params = array('resetBut' => true, 'var1' => $securityParams[0], 'var2' => $securityParams[1], 'email' => '*****@*****.**'); $request = new Request(array('method' => 'POST', 'URI' => '/login', 'params' => $params)); $response = $front->process($request); $this->assertEquals(200, $response->getStatus(), 'Testing the doPOST during password reset'); $person->reload(); $this->assertNotEquals($person->get('password'), password_hash('passwordTest', PASSWORD_DEFAULT, ['cost' => 12]), 'Checking that the password has changed in the database'); }
/** * Testing the doDELETE method. */ public function testDoDELETE() { $config = ConfigProvider::getInstance(); $sessionProvider = $config->get('session.provider.name'); $session = SessionProviderFactory::getInstance($sessionProvider); $front = new FrontController(); $controller = new TagController(); $securityParams = $controller->generateSecurityFields(); $article = $this->createArticle('testing'); $article->save(); $tags = $article->getPropObject('tags')->getRelatedObjects(); $existingTags = array(); foreach ($tags as $tag) { $existingTags['content_' . $tag->getOID()] = $tag->get('content'); } $params = array('saveBut' => true, 'NewTagValue' => 'somenewtag', 'var1' => $securityParams[0], 'var2' => $securityParams[1]); $params = array_merge($params, $existingTags); $request = new Request(array('method' => 'POST', 'URI' => '/tag/' . urlencode('Alpha\\Model\\Article') . '/' . $article->getOID(), 'params' => $params)); $response = $front->process($request); $tags = $article->getPropObject('tags')->getRelatedObjects(); $found = false; $tagOID = ''; foreach ($tags as $tag) { if ($tag->get('content') == 'somenewtag') { $found = true; $tagOID = $tag->getOID(); break; } } $this->assertTrue($found, 'Checking that the new tag added was actually saved'); $params = array('ActiveRecordOID' => $tagOID, 'var1' => $securityParams[0], 'var2' => $securityParams[1]); $request = new Request(array('method' => 'DELETE', 'URI' => '/tag/' . urlencode('Alpha\\Model\\Article') . '/' . $article->getOID(), 'params' => $params)); $response = $front->process($request); $this->assertEquals(301, $response->getStatus(), 'Testing the doDELETE method'); $this->assertTrue(strpos($response->getHeader('Location'), '/tag/' . urlencode('Alpha\\Model\\Article') . '/' . $article->getOID()) !== false, 'Testing the doDELETE method'); $tags = $article->getPropObject('tags')->getRelatedObjects(); $notFound = true; foreach ($tags as $tag) { if ($tag->get('content') == 'somenewtag') { $notFound = false; break; } } $this->assertTrue($notFound, 'Checking that a deleted tag was actually removed'); }
/** * Testing that a blacklisted IP cannot pass the IPBlacklistFilter filter. * * @since 1.2.3 */ public function testIPBlacklistFilter() { $_SERVER['REMOTE_ADDR'] = $this->badIP; $_SERVER['REQUEST_URI'] = '/'; $request = new Request(array('method' => 'GET')); try { $front = new FrontController(); $front->registerFilter(new IPBlacklistFilter()); $front->process($request); $this->fail('Testing that a blacklisted IP cannot pass the IPBlacklistFilter filter'); } catch (ResourceNotAllowedException $e) { $this->assertEquals('Not allowed!', $e->getMessage(), 'Testing that a blacklisted IP cannot pass the IPBlacklistFilter filter'); } }
use Alpha\Util\Http\Filter\ClientTempBlacklistFilter; use Alpha\Util\Http\Request; use Alpha\Util\Http\Response; use Alpha\Exception\ResourceNotFoundException; use Alpha\Exception\ResourceNotAllowedException; use Alpha\View\View; try { $config = ConfigProvider::getInstance(); set_exception_handler('Alpha\\Util\\ErrorHandlers::catchException'); set_error_handler('Alpha\\Util\\ErrorHandlers::catchError', $config->get('php.error.log.level')); $front = new FrontController(); if ($config->get('security.client.blacklist.filter.enabled')) { $front->registerFilter(new ClientBlacklistFilter()); } if ($config->get('security.ip.blacklist.filter.enabled')) { $front->registerFilter(new IPBlacklistFilter()); } if ($config->get('security.client.temp.blacklist.filter.enabled')) { $front->registerFilter(new ClientTempBlacklistFilter()); } $request = new Request(); $response = $front->process($request); } catch (ResourceNotFoundException $rnfe) { $response = new Response(404, View::renderErrorPage(404, $rnfe->getMessage(), array('Content-Type' => 'text/html'))); } catch (ResourceNotAllowedException $rnae) { $response = new Response(403, View::renderErrorPage(403, $rnae->getMessage(), array('Content-Type' => 'text/html'))); } if ($config->get('security.http.header.x.frame.options') != '' && $response->getHeader('X-Frame-Options') == null) { $response->setHeader('X-Frame-Options', $config->get('security.http.header.x.frame.options')); } echo $response->send();
/** * Testing the doGET method. */ public function testDoGET() { $config = ConfigProvider::getInstance(); $sessionProvider = $config->get('session.provider.name'); $session = SessionProviderFactory::getInstance($sessionProvider); $front = new FrontController(); $controller = new LogoutController(); $securityParams = $controller->generateSecurityFields(); $person = $this->createPersonObject('logintest'); $person->save(); $params = array('loginBut' => true, 'var1' => $securityParams[0], 'var2' => $securityParams[1], 'email' => '*****@*****.**', 'password' => 'passwordTest'); $request = new Request(array('method' => 'POST', 'URI' => '/login', 'params' => $params)); $response = $front->process($request); $this->assertEquals(301, $response->getStatus(), 'Testing the doPOST with correct password'); $this->assertTrue($session->get('currentUser') instanceof Person, 'Testing that the user is logged in'); $request = new Request(array('method' => 'GET', 'URI' => '/logout')); $response = $front->process($request); $this->assertEquals(200, $response->getStatus(), 'Testing the doGET method'); $this->assertEquals('text/html', $response->getHeader('Content-Type'), 'Testing the doGET method'); $this->assertFalse($session->get('currentUser'), 'Testing that the user is no longer logged in'); }
/** * Testing the doGET method. */ public function testDoGET() { $config = ConfigProvider::getInstance(); $sessionProvider = $config->get('session.provider.name'); $session = SessionProviderFactory::getInstance($sessionProvider); $front = new FrontController(); $uri = '/recordselector/m2m/1/hiddenformfield/' . urlencode('Alpha\\Model\\Person') . '/email/' . urlencode('Alpha\\Model\\Rights') . '/name/' . urlencode('Alpha\\Model\\Person') . '/1'; $request = new Request(array('method' => 'GET', 'URI' => $uri)); $response = $front->process($request); $this->assertEquals(200, $response->getStatus(), 'Testing the doGET method for MANY-TO-MANY relation'); $this->assertEquals('text/html', $response->getHeader('Content-Type'), 'Testing the doGET method'); $uri = '/recordselector/12m/1/hiddenformfield/' . urlencode('Alpha\\Model\\ArticleComment') . '/articleOID/content'; $request = new Request(array('method' => 'GET', 'URI' => $uri)); $response = $front->process($request); $this->assertEquals(200, $response->getStatus(), 'Testing the doGET method for ONE-TO-MANY relation'); $this->assertEquals('text/html', $response->getHeader('Content-Type'), 'Testing the doGET method'); }
/** * Testing that we can override the HTTP method via X-HTTP-Method-Override or _METHOD. */ public function testHTTPMethodOverride() { $front = new FrontController(); $front->addRoute('/image', function ($request) { $controller = new ImageController(); return $controller->process($request); }); $request = new Request(array('method' => 'DELETE', 'URI' => '/image')); try { $response = $front->process($request); $this->fail('Testing that we can override the HTTP method via X-HTTP-Method-Override or _METHOD'); } catch (\Exception $e) { $this->assertEquals('The DELETE method is not supported by this controller', $e->getMessage(), 'Testing that we can override the HTTP method via X-HTTP-Method-Override or _METHOD'); } $_POST['_METHOD'] = 'OPTIONS'; $request = new Request(array('method' => 'DELETE', 'URI' => '/image')); $response = $front->process($request); $this->assertEquals(200, $response->getStatus(), 'Testing that we can override the HTTP method via X-HTTP-Method-Override or _METHOD'); $_SERVER['HTTP_X_HTTP_METHOD_OVERRIDE'] = 'OPTIONS'; $request = new Request(array('method' => 'DELETE', 'URI' => '/image')); $response = $front->process($request); $this->assertEquals(200, $response->getStatus(), 'Testing that we can override the HTTP method via X-HTTP-Method-Override or _METHOD'); }