/**
* Testing the doGET method.
*/
public function testDoGET()
{
$config = ConfigProvider::getInstance();
$sessionProvider = $config->get('session.provider.name');
$session = SessionProviderFactory::getInstance($sessionProvider);
$front = new FrontController();
$request = new Request(array('method' => 'GET', 'URI' => '/sequence'));
$response = $front->process($request);
$this->assertEquals(200, $response->getStatus(), 'Testing the doGET method');
$this->assertEquals('text/html', $response->getHeader('Content-Type'), 'Testing the doGET method');
$request = new Request(array('method' => 'GET', 'URI' => '/sequence/0/1'));
$response = $front->process($request);
$this->assertEquals(200, $response->getStatus(), 'Testing the doGET method');
$this->assertEquals('text/html', $response->getHeader('Content-Type'), 'Testing the doGET method');
}
/**
* Testing the doGET method.
*/
public function testDoGET()
{
$front = new FrontController();
$request = new Request(array('method' => 'GET', 'URI' => '/'));
$response = $front->process($request);
$this->assertEquals(200, $response->getStatus(), 'Testing the doGET method');
$this->assertEquals('text/html', $response->getHeader('Content-Type'), 'Testing the doGET method');
}
/**
* Testing the doGET method.
*/
public function testDoGET()
{
$config = ConfigProvider::getInstance();
$sessionProvider = $config->get('session.provider.name');
$session = SessionProviderFactory::getInstance($sessionProvider);
$front = new FrontController();
$request = new Request(array('method' => 'GET', 'URI' => '/image/' . urlencode($config->get('app.root') . 'public/images/icons/accept.png') . '/16/16/png/0.75/false/false'));
$response = $front->process($request);
$this->assertEquals(200, $response->getStatus(), 'Testing the doGET method');
$this->assertEquals('image/jpeg', $response->getHeader('Content-Type'), 'Testing the doGET method');
$request = new Request(array('method' => 'GET', 'URI' => '/image/' . urlencode($config->get('app.root') . 'public/images/icons/accept.png') . '/16/16/png/0.75/false/true'));
$response = $front->process($request);
$this->assertEquals(200, $response->getStatus(), 'Testing the doGET method');
$this->assertEquals('image/jpeg', $response->getHeader('Content-Type'), 'Testing the doGET method with secure image and no tokens');
$tokens = Controller::generateSecurityFields();
$request = new Request(array('method' => 'GET', 'URI' => '/image/' . urlencode($config->get('app.root') . 'public/images/icons/accept.png') . '/16/16/png/0.75/false/true/' . urlencode($tokens[0]) . '/' . urlencode($tokens[1])));
$response = $front->process($request);
$this->assertEquals(200, $response->getStatus(), 'Testing the doGET method');
$this->assertEquals('image/jpeg', $response->getHeader('Content-Type'), 'Testing the doGET method with secure image and valid tokens');
}
/**
* Testing the doPOST method.
*/
public function testDoPOST()
{
$config = ConfigProvider::getInstance();
$sessionProvider = $config->get('session.provider.name');
$session = SessionProviderFactory::getInstance($sessionProvider);
$front = new FrontController();
$controller = new GenSecureQueryStringController();
$securityParams = $controller->generateSecurityFields();
$params = array('QS' => 'act=ViewArticle&oid=00000000001', 'var1' => $securityParams[0], 'var2' => $securityParams[1]);
$request = new Request(array('method' => 'POST', 'URI' => '/gensecure', 'params' => $params));
$response = $front->process($request);
$this->assertEquals(200, $response->getStatus(), 'Testing the doPOST method');
$this->assertEquals('text/html', $response->getHeader('Content-Type'), 'Testing the doPOST method');
}
/**
* Testing the doDELETE method.
*/
public function testDoDELETE()
{
$config = ConfigProvider::getInstance();
$sessionProvider = $config->get('session.provider.name');
$session = SessionProviderFactory::getInstance($sessionProvider);
$front = new FrontController();
$controller = new ActiveRecordController();
$securityParams = $controller->generateSecurityFields();
$person = $this->createPersonObject('test');
$person->save();
$params = array('var1' => $securityParams[0], 'var2' => $securityParams[1]);
$request = new Request(array('method' => 'DELETE', 'URI' => '/record/' . urlencode('Alpha\\Model\\Person') . '/' . $person->getOID(), 'params' => $params));
$response = $front->process($request);
$this->assertEquals(301, $response->getStatus(), 'Testing the doDELETE method');
$this->assertTrue(strpos($response->getHeader('Location'), '/records/' . urlencode('Alpha\\Model\\Person')) !== false, 'Testing the doDELETE method');
$person = $this->createPersonObject('test');
$person->save();
$params = array('var1' => $securityParams[0], 'var2' => $securityParams[1]);
$request = new Request(array('method' => 'DELETE', 'URI' => '/tk/' . FrontController::encodeQuery('act=Alpha\\Controller\\ActiveRecordController&ActiveRecordType=Alpha\\Model\\Person&ActiveRecordOID=' . $person->getOID()), 'params' => $params));
$response = $front->process($request);
$this->assertEquals(301, $response->getStatus(), 'Testing the doDELETE method');
$this->assertTrue(strpos($response->getHeader('Location'), '/tk/') !== false, 'Testing the doDELETE method');
$person = $this->createPersonObject('test');
$person->save();
$request = new Request(array('method' => 'DELETE', 'URI' => '/record/' . urlencode('Alpha\\Model\\Person') . '/' . $person->getOID(), 'params' => $params, 'headers' => array('Accept' => 'application/json')));
$response = $front->process($request);
$this->assertEquals(200, $response->getStatus(), 'Testing the doDELETE method');
$this->assertEquals('application/json', $response->getHeader('Content-Type'), 'Testing the doDELETE method');
$this->assertEquals('deleted', json_decode($response->getBody())->message, 'Testing the doDELETE method');
}
/**
* Testing default param values are handled correctly.
*/
public function testDefaultParamValues()
{
$_SERVER['REQUEST_URI'] = '/';
$front = new FrontController();
$front->addRoute('/one/{param}', function ($request) {
return new Response(200, $request->getParam('param'));
})->value('param', 'blah');
$request = new Request(array('method' => 'GET', 'URI' => '/one'));
$response = $front->process($request);
$this->assertEquals('blah', $response->getBody(), 'Testing default param values are handled correctly');
$front->addRoute('/two/{param1}/{param2}', function ($request) {
return new Response(200, $request->getParam('param1') . ' ' . $request->getParam('param2'));
})->value('param1', 'two')->value('param2', 'params');
$request = new Request(array('method' => 'GET', 'URI' => '/two'));
$response = $front->process($request);
$this->assertEquals('two params', $response->getBody(), 'Testing default param values are handled correctly');
$request = new Request(array('method' => 'GET', 'URI' => '/two/two'));
$response = $front->process($request);
$this->assertEquals('two params', $response->getBody(), 'Testing default param values are handled correctly');
$front->addRoute('/three/{param1}/params/{param2}/{param3}', function ($request) {
return new Response(200, $request->getParam('param1') . ' ' . $request->getParam('param2'));
})->value('param1', 'has')->value('param2', 'three')->value('param3', 'params');
$request = new Request(array('method' => 'GET', 'URI' => '/three/has/params'));
$response = $front->process($request);
$this->assertEquals('has three', $response->getBody(), 'Testing default param values are handled correctly');
}
public function testDoPUT()
{
$config = ConfigProvider::getInstance();
$sessionProvider = $config->get('session.provider.name');
$session = SessionProviderFactory::getInstance($sessionProvider);
$front = new FrontController();
$controller = new ArticleController();
$article = $this->createArticleObject('test article');
$article->save();
if (!file_exists($article->getAttachmentsLocation())) {
mkdir($article->getAttachmentsLocation(), 0774);
}
$person = $this->createPersonObject('test');
$person->save();
$session->set('currentUser', $person);
$securityParams = $controller->generateSecurityFields();
$attachment = array('name' => 'logo.png', 'type' => 'image/png', 'tmp_name' => $config->get('app.root') . 'public/images/logo-small.png');
$params = array('uploadBut' => true, 'var1' => $securityParams[0], 'var2' => $securityParams[1]);
$params = array_merge($params, $article->toArray());
$request = new Request(array('method' => 'PUT', 'URI' => '/a/test-article', 'params' => $params, 'files' => array('userfile' => $attachment)));
$response = $front->process($request);
$this->assertEquals(301, $response->getStatus(), 'Testing the doPUT method');
$this->assertTrue(strpos($response->getHeader('Location'), '/a/test-article/edit') !== false, 'Testing the doPUT method');
$this->assertTrue(file_exists($article->getAttachmentsLocation() . '/logo.png'));
$params = array('deletefile' => 'logo.png', 'var1' => $securityParams[0], 'var2' => $securityParams[1]);
$params = array_merge($params, $article->toArray());
$request = new Request(array('method' => 'PUT', 'URI' => '/a/test-article', 'params' => $params));
$response = $front->process($request);
$this->assertEquals(301, $response->getStatus(), 'Testing the doPUT method');
$this->assertTrue(strpos($response->getHeader('Location'), '/a/test-article/edit') !== false, 'Testing the doPUT method');
$this->assertFalse(file_exists($article->getAttachmentsLocation() . '/logo.png'));
}
/**
* Testing the doGET method.
*/
public function testDoGET()
{
$config = ConfigProvider::getInstance();
$sessionProvider = $config->get('session.provider.name');
$session = SessionProviderFactory::getInstance($sessionProvider);
$front = new FrontController();
$article = $this->createArticleObject('test article');
$article->save();
$request = new Request(array('method' => 'GET', 'URI' => '/feed/' . urlencode('Alpha\\Model\\Article')));
$response = $front->process($request);
$this->assertEquals(200, $response->getStatus(), 'Testing the doGET method');
$this->assertEquals('application/atom+xml', $response->getHeader('Content-Type'), 'Testing the doGET method');
$request = new Request(array('method' => 'GET', 'URI' => '/feed/' . urlencode('Alpha\\Model\\Article') . '/RSS'));
$response = $front->process($request);
$this->assertEquals(200, $response->getStatus(), 'Testing the doGET method');
$this->assertEquals('application/rss+xml', $response->getHeader('Content-Type'), 'Testing the doGET method');
$request = new Request(array('method' => 'GET', 'URI' => '/feed/' . urlencode('Alpha\\Model\\Article') . '/RSS2'));
$response = $front->process($request);
$this->assertEquals(200, $response->getStatus(), 'Testing the doGET method');
$this->assertEquals('application/rss+xml', $response->getHeader('Content-Type'), 'Testing the doGET method');
}
/**
* Testing the doPOST method.
*/
public function testDoPOST()
{
$config = ConfigProvider::getInstance();
$sessionProvider = $config->get('session.provider.name');
$session = SessionProviderFactory::getInstance($sessionProvider);
$front = new FrontController();
$controller = new DEnumController();
$securityParams = $controller->generateSecurityFields();
$item = new DEnumItem();
$denumItems = $item->loadItems($this->denum->getOID());
$item = $denumItems[0];
$params = array('saveBut' => true, 'var1' => $securityParams[0], 'var2' => $securityParams[1], 'value_' . $item->getOID() => 'updated');
$params = array_merge($params, $item->toArray());
$request = new Request(array('method' => 'POST', 'URI' => '/denum/' . $this->denum->getOID(), 'params' => $params));
$response = $front->process($request);
$this->assertEquals(200, $response->getStatus(), 'Testing the doPOST method');
$this->assertEquals('text/html', $response->getHeader('Content-Type'), 'Testing the doPOST method');
}
/**
* Testing the doGET method.
*/
public function testDoGET()
{
$config = ConfigProvider::getInstance();
$front = new FrontController();
$article = $this->createArticle('testing');
$article->save();
$request = new Request(array('method' => 'GET', 'URI' => '/search/blah'));
$response = $front->process($request);
$this->assertEquals(200, $response->getStatus(), 'Testing the doGET method');
$this->assertEquals('text/html', $response->getHeader('Content-Type'), 'Testing the doGET method');
$request = new Request(array('method' => 'GET', 'URI' => '/search/blah/0/1'));
$response = $front->process($request);
$this->assertEquals(200, $response->getStatus(), 'Testing the doGET method with pagination params');
$this->assertEquals('text/html', $response->getHeader('Content-Type'), 'Testing the doGET method');
}
/**
* Testing the doGET method.
*/
public function testDoGET()
{
$config = ConfigProvider::getInstance();
$sessionProvider = $config->get('session.provider.name');
$session = SessionProviderFactory::getInstance($sessionProvider);
$front = new FrontController();
$person = $this->createPersonObject('test');
$person->save();
$request = new Request(array('method' => 'GET', 'URI' => '/excel/Person/' . $person->getOID()));
$response = $front->process($request);
$this->assertEquals(200, $response->getStatus(), 'Testing the doGET method');
$this->assertEquals('application/vnd.ms-excel', $response->getHeader('Content-Type'), 'Testing the doGET method');
$this->assertEquals('attachment; filename=Person-00000000001.xls', $response->getHeader('Content-Disposition'), 'Testing the doGET method');
}
/**
* Testing updating a table via doPOST method
*/
public function testDoPOSTUpdateTable()
{
$config = ConfigProvider::getInstance();
$sessionProvider = $config->get('session.provider.name');
$session = SessionProviderFactory::getInstance($sessionProvider);
$front = new FrontController();
$controller = new ListActiveRecordsController();
$article = new Article();
$securityParams = $controller->generateSecurityFields();
$params = array('var1' => $securityParams[0], 'var2' => $securityParams[1], 'admin_AlphaModelArticle_button_pressed' => 'updateTableBut', 'updateTableClass' => 'Alpha\\Model\\Article');
$request = new Request(array('method' => 'POST', 'URI' => '/listactiverecords', 'params' => $params));
$response = $front->process($request);
$this->assertEquals(0, count($article->findMissingFields()), 'Testing updating a table via doPOST method');
}
/**
* Testing the doPOST method.
*/
public function testDoPOST()
{
$config = ConfigProvider::getInstance();
$sessionProvider = $config->get('session.provider.name');
$session = SessionProviderFactory::getInstance($sessionProvider);
$person = new Person();
$person->dropTable();
$front = new FrontController();
$controller = new LoginController();
$securityParams = $controller->generateSecurityFields();
$params = array('loginBut' => true, 'var1' => $securityParams[0], 'var2' => $securityParams[1], 'email' => $config->get('app.install.username'), 'password' => $config->get('app.install.password'));
$request = new Request(array('method' => 'POST', 'URI' => '/login', 'params' => $params));
$response = $front->process($request);
$this->assertEquals(301, $response->getStatus(), 'Testing the doPOST method during install');
$person->makeTable();
$person = $this->createPersonObject('logintest');
$person->save();
$params = array('loginBut' => true, 'var1' => $securityParams[0], 'var2' => $securityParams[1], 'email' => '*****@*****.**', 'password' => 'passwordTest');
$request = new Request(array('method' => 'POST', 'URI' => '/login', 'params' => $params));
$response = $front->process($request);
$this->assertEquals(301, $response->getStatus(), 'Testing the doPOST with correct password');
$params['password'] = '******';
$request = new Request(array('method' => 'POST', 'URI' => '/login', 'params' => $params));
$response = $front->process($request);
$this->assertEquals(200, $response->getStatus(), 'Testing the doPOST with incorrect password');
$params = array('resetBut' => true, 'var1' => $securityParams[0], 'var2' => $securityParams[1], 'email' => '*****@*****.**');
$request = new Request(array('method' => 'POST', 'URI' => '/login', 'params' => $params));
$response = $front->process($request);
$this->assertEquals(200, $response->getStatus(), 'Testing the doPOST during password reset');
$person->reload();
$this->assertNotEquals($person->get('password'), password_hash('passwordTest', PASSWORD_DEFAULT, ['cost' => 12]), 'Checking that the password has changed in the database');
}
/**
* Testing the doDELETE method.
*/
public function testDoDELETE()
{
$config = ConfigProvider::getInstance();
$sessionProvider = $config->get('session.provider.name');
$session = SessionProviderFactory::getInstance($sessionProvider);
$front = new FrontController();
$controller = new TagController();
$securityParams = $controller->generateSecurityFields();
$article = $this->createArticle('testing');
$article->save();
$tags = $article->getPropObject('tags')->getRelatedObjects();
$existingTags = array();
foreach ($tags as $tag) {
$existingTags['content_' . $tag->getOID()] = $tag->get('content');
}
$params = array('saveBut' => true, 'NewTagValue' => 'somenewtag', 'var1' => $securityParams[0], 'var2' => $securityParams[1]);
$params = array_merge($params, $existingTags);
$request = new Request(array('method' => 'POST', 'URI' => '/tag/' . urlencode('Alpha\\Model\\Article') . '/' . $article->getOID(), 'params' => $params));
$response = $front->process($request);
$tags = $article->getPropObject('tags')->getRelatedObjects();
$found = false;
$tagOID = '';
foreach ($tags as $tag) {
if ($tag->get('content') == 'somenewtag') {
$found = true;
$tagOID = $tag->getOID();
break;
}
}
$this->assertTrue($found, 'Checking that the new tag added was actually saved');
$params = array('ActiveRecordOID' => $tagOID, 'var1' => $securityParams[0], 'var2' => $securityParams[1]);
$request = new Request(array('method' => 'DELETE', 'URI' => '/tag/' . urlencode('Alpha\\Model\\Article') . '/' . $article->getOID(), 'params' => $params));
$response = $front->process($request);
$this->assertEquals(301, $response->getStatus(), 'Testing the doDELETE method');
$this->assertTrue(strpos($response->getHeader('Location'), '/tag/' . urlencode('Alpha\\Model\\Article') . '/' . $article->getOID()) !== false, 'Testing the doDELETE method');
$tags = $article->getPropObject('tags')->getRelatedObjects();
$notFound = true;
foreach ($tags as $tag) {
if ($tag->get('content') == 'somenewtag') {
$notFound = false;
break;
}
}
$this->assertTrue($notFound, 'Checking that a deleted tag was actually removed');
}
/**
* Testing that a blacklisted IP cannot pass the IPBlacklistFilter filter.
*
* @since 1.2.3
*/
public function testIPBlacklistFilter()
{
$_SERVER['REMOTE_ADDR'] = $this->badIP;
$_SERVER['REQUEST_URI'] = '/';
$request = new Request(array('method' => 'GET'));
try {
$front = new FrontController();
$front->registerFilter(new IPBlacklistFilter());
$front->process($request);
$this->fail('Testing that a blacklisted IP cannot pass the IPBlacklistFilter filter');
} catch (ResourceNotAllowedException $e) {
$this->assertEquals('Not allowed!', $e->getMessage(), 'Testing that a blacklisted IP cannot pass the IPBlacklistFilter filter');
}
}
use Alpha\Util\Http\Filter\ClientTempBlacklistFilter;
use Alpha\Util\Http\Request;
use Alpha\Util\Http\Response;
use Alpha\Exception\ResourceNotFoundException;
use Alpha\Exception\ResourceNotAllowedException;
use Alpha\View\View;
try {
$config = ConfigProvider::getInstance();
set_exception_handler('Alpha\\Util\\ErrorHandlers::catchException');
set_error_handler('Alpha\\Util\\ErrorHandlers::catchError', $config->get('php.error.log.level'));
$front = new FrontController();
if ($config->get('security.client.blacklist.filter.enabled')) {
$front->registerFilter(new ClientBlacklistFilter());
}
if ($config->get('security.ip.blacklist.filter.enabled')) {
$front->registerFilter(new IPBlacklistFilter());
}
if ($config->get('security.client.temp.blacklist.filter.enabled')) {
$front->registerFilter(new ClientTempBlacklistFilter());
}
$request = new Request();
$response = $front->process($request);
} catch (ResourceNotFoundException $rnfe) {
$response = new Response(404, View::renderErrorPage(404, $rnfe->getMessage(), array('Content-Type' => 'text/html')));
} catch (ResourceNotAllowedException $rnae) {
$response = new Response(403, View::renderErrorPage(403, $rnae->getMessage(), array('Content-Type' => 'text/html')));
}
if ($config->get('security.http.header.x.frame.options') != '' && $response->getHeader('X-Frame-Options') == null) {
$response->setHeader('X-Frame-Options', $config->get('security.http.header.x.frame.options'));
}
echo $response->send();
/**
* Testing the doGET method.
*/
public function testDoGET()
{
$config = ConfigProvider::getInstance();
$sessionProvider = $config->get('session.provider.name');
$session = SessionProviderFactory::getInstance($sessionProvider);
$front = new FrontController();
$controller = new LogoutController();
$securityParams = $controller->generateSecurityFields();
$person = $this->createPersonObject('logintest');
$person->save();
$params = array('loginBut' => true, 'var1' => $securityParams[0], 'var2' => $securityParams[1], 'email' => '*****@*****.**', 'password' => 'passwordTest');
$request = new Request(array('method' => 'POST', 'URI' => '/login', 'params' => $params));
$response = $front->process($request);
$this->assertEquals(301, $response->getStatus(), 'Testing the doPOST with correct password');
$this->assertTrue($session->get('currentUser') instanceof Person, 'Testing that the user is logged in');
$request = new Request(array('method' => 'GET', 'URI' => '/logout'));
$response = $front->process($request);
$this->assertEquals(200, $response->getStatus(), 'Testing the doGET method');
$this->assertEquals('text/html', $response->getHeader('Content-Type'), 'Testing the doGET method');
$this->assertFalse($session->get('currentUser'), 'Testing that the user is no longer logged in');
}
/**
* Testing the doGET method.
*/
public function testDoGET()
{
$config = ConfigProvider::getInstance();
$sessionProvider = $config->get('session.provider.name');
$session = SessionProviderFactory::getInstance($sessionProvider);
$front = new FrontController();
$uri = '/recordselector/m2m/1/hiddenformfield/' . urlencode('Alpha\\Model\\Person') . '/email/' . urlencode('Alpha\\Model\\Rights') . '/name/' . urlencode('Alpha\\Model\\Person') . '/1';
$request = new Request(array('method' => 'GET', 'URI' => $uri));
$response = $front->process($request);
$this->assertEquals(200, $response->getStatus(), 'Testing the doGET method for MANY-TO-MANY relation');
$this->assertEquals('text/html', $response->getHeader('Content-Type'), 'Testing the doGET method');
$uri = '/recordselector/12m/1/hiddenformfield/' . urlencode('Alpha\\Model\\ArticleComment') . '/articleOID/content';
$request = new Request(array('method' => 'GET', 'URI' => $uri));
$response = $front->process($request);
$this->assertEquals(200, $response->getStatus(), 'Testing the doGET method for ONE-TO-MANY relation');
$this->assertEquals('text/html', $response->getHeader('Content-Type'), 'Testing the doGET method');
}
/**
* Testing that we can override the HTTP method via X-HTTP-Method-Override or _METHOD.
*/
public function testHTTPMethodOverride()
{
$front = new FrontController();
$front->addRoute('/image', function ($request) {
$controller = new ImageController();
return $controller->process($request);
});
$request = new Request(array('method' => 'DELETE', 'URI' => '/image'));
try {
$response = $front->process($request);
$this->fail('Testing that we can override the HTTP method via X-HTTP-Method-Override or _METHOD');
} catch (\Exception $e) {
$this->assertEquals('The DELETE method is not supported by this controller', $e->getMessage(), 'Testing that we can override the HTTP method via X-HTTP-Method-Override or _METHOD');
}
$_POST['_METHOD'] = 'OPTIONS';
$request = new Request(array('method' => 'DELETE', 'URI' => '/image'));
$response = $front->process($request);
$this->assertEquals(200, $response->getStatus(), 'Testing that we can override the HTTP method via X-HTTP-Method-Override or _METHOD');
$_SERVER['HTTP_X_HTTP_METHOD_OVERRIDE'] = 'OPTIONS';
$request = new Request(array('method' => 'DELETE', 'URI' => '/image'));
$response = $front->process($request);
$this->assertEquals(200, $response->getStatus(), 'Testing that we can override the HTTP method via X-HTTP-Method-Override or _METHOD');
}
