private function takeWidgetFromURI(RequestContext $context) { try { return Widget::getByID($context->takeNextPathComponent()); } catch (\Chipin\Widgets\NoSuchWidget $_) { return $this->pageNotFound("No such widget"); } }
function testEndingWidget() { $w = getWidget($this->user); $this->updateEndingDate($w, new DateTime('+7 days')); assertFalse($w->hasEnded()); $this->get('/dashboard/'); $this->clickLink("//a[contains(text(), 'End') and contains(@href, '{$w->id}')]"); $this->submitForm($this->getForm('end-widget-' . $w->id)); $wNow = Widget::getByID($w->id); assertTrue($wNow->hasEnded()); }
function testProgressProperlyCalculated() { $w = getWidget(); $addr = getBitcoinAddr($btcBalance = 2); # Case where widget uses BTC as base currency. $w->bitcoinAddress = $addr; $w->setGoal(4, Currencies\BTC()); $w->save(); $reloaded = Widget::getByID($w->id); assertTrue($reloaded->progressPercent > 49 && $reloaded->progressPercent < 51); # Case where widget uses fiat as base currency. setPriceForBTC(Currencies\USD(), 100); $w->bitcoinAddress = $addr; $w->setGoal(600, Currencies\USD()); $w->save(); $reloaded = Widget::getByID($w->id); $expected = 200 / 600 * 100; assertTrue($reloaded->progressPercent > floor($expected) && $reloaded->progressPercent < ceil($expected)); }
/** * Here we aim to assert we're not vulnerable to "CSRF" attacks. We do this simply by * asserting a "raw" POST request will not be accepted for widget editing, as this should * indicate the server is requiring some sort of "nonce" or "token" for accepting any * form submission. More on CSRF here: * https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF) */ function testResilienceToCrossSiteRequestForgeryAttack() { $w = getWidget($this->user); $this->get("/widget-wiz/step-one?w={$w->id}"); try { $this->post("/widget-wiz/step-one", array('title' => 'Hijacked', 'goal' => '1000', 'currency' => 'USD', 'ending' => "12/15/2020", 'bitcoinAddress' => '1E3FqrQTZSvTUdw7qZ4NnZppqiqnqqNcUN')); } catch (UnexpectedHttpResponseCode $_) { /* That will do... */ } try { $this->post("/widget-wiz/step-two", array('about' => 'Show me the money!', 'color' => Widgets\defaultColor(), 'size' => (string) Widgets\defaultSize())); } catch (UnexpectedHttpResponseCode $_) { /* That's good... */ } $widgetNow = Widget::getByID($w->id); assertNotEqual('Hijacked', $widgetNow->title); assertNotEqual('1E3FqrQTZSvTUdw7qZ4NnZppqiqnqqNcUN', $widgetNow->bitcoinAddress); assertNotEqual('Show me the money!', $widgetNow->about); }