예제 #1
1
 private function takeWidgetFromURI(RequestContext $context)
 {
     try {
         return Widget::getByID($context->takeNextPathComponent());
     } catch (\Chipin\Widgets\NoSuchWidget $_) {
         return $this->pageNotFound("No such widget");
     }
 }
예제 #2
0
 function testEndingWidget()
 {
     $w = getWidget($this->user);
     $this->updateEndingDate($w, new DateTime('+7 days'));
     assertFalse($w->hasEnded());
     $this->get('/dashboard/');
     $this->clickLink("//a[contains(text(), 'End') and contains(@href, '{$w->id}')]");
     $this->submitForm($this->getForm('end-widget-' . $w->id));
     $wNow = Widget::getByID($w->id);
     assertTrue($wNow->hasEnded());
 }
예제 #3
0
function testProgressProperlyCalculated()
{
    $w = getWidget();
    $addr = getBitcoinAddr($btcBalance = 2);
    # Case where widget uses BTC as base currency.
    $w->bitcoinAddress = $addr;
    $w->setGoal(4, Currencies\BTC());
    $w->save();
    $reloaded = Widget::getByID($w->id);
    assertTrue($reloaded->progressPercent > 49 && $reloaded->progressPercent < 51);
    # Case where widget uses fiat as base currency.
    setPriceForBTC(Currencies\USD(), 100);
    $w->bitcoinAddress = $addr;
    $w->setGoal(600, Currencies\USD());
    $w->save();
    $reloaded = Widget::getByID($w->id);
    $expected = 200 / 600 * 100;
    assertTrue($reloaded->progressPercent > floor($expected) && $reloaded->progressPercent < ceil($expected));
}
예제 #4
0
 /**
  * Here we aim to assert we're not vulnerable to "CSRF" attacks. We do this simply by
  * asserting a "raw" POST request will not be accepted for widget editing, as this should
  * indicate the server is requiring some sort of "nonce" or "token" for accepting any
  * form submission. More on CSRF here:
  * https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)
  */
 function testResilienceToCrossSiteRequestForgeryAttack()
 {
     $w = getWidget($this->user);
     $this->get("/widget-wiz/step-one?w={$w->id}");
     try {
         $this->post("/widget-wiz/step-one", array('title' => 'Hijacked', 'goal' => '1000', 'currency' => 'USD', 'ending' => "12/15/2020", 'bitcoinAddress' => '1E3FqrQTZSvTUdw7qZ4NnZppqiqnqqNcUN'));
     } catch (UnexpectedHttpResponseCode $_) {
         /* That will do... */
     }
     try {
         $this->post("/widget-wiz/step-two", array('about' => 'Show me the money!', 'color' => Widgets\defaultColor(), 'size' => (string) Widgets\defaultSize()));
     } catch (UnexpectedHttpResponseCode $_) {
         /* That's good... */
     }
     $widgetNow = Widget::getByID($w->id);
     assertNotEqual('Hijacked', $widgetNow->title);
     assertNotEqual('1E3FqrQTZSvTUdw7qZ4NnZppqiqnqqNcUN', $widgetNow->bitcoinAddress);
     assertNotEqual('Show me the money!', $widgetNow->about);
 }