mirror of
https://github.com/wallabag/wallabag.git
synced 2024-11-10 11:09:31 +00:00
TagRestController: add tests to ensure that other user's tags are unreachable
Signed-off-by: Kevin Decherf <kevin@kdecherf.com>
This commit is contained in:
parent
6708bf238d
commit
0ee9848231
1 changed files with 32 additions and 0 deletions
|
@ -7,6 +7,8 @@ use Wallabag\CoreBundle\Entity\Tag;
|
|||
|
||||
class TagRestControllerTest extends WallabagApiTestCase
|
||||
{
|
||||
private $otherUserTagLabel = 'bob';
|
||||
|
||||
public function testGetUserTags()
|
||||
{
|
||||
$this->client->request('GET', '/api/tags.json');
|
||||
|
@ -19,6 +21,12 @@ class TagRestControllerTest extends WallabagApiTestCase
|
|||
$this->assertArrayHasKey('id', $content[0]);
|
||||
$this->assertArrayHasKey('label', $content[0]);
|
||||
|
||||
$tagLabels = array_map(function ($i) {
|
||||
return $i['label'];
|
||||
}, $content);
|
||||
|
||||
$this->assertNotContains($this->otherUserTagLabel, $tagLabels, 'There is a possible tag leak');
|
||||
|
||||
return end($content);
|
||||
}
|
||||
|
||||
|
@ -53,6 +61,16 @@ class TagRestControllerTest extends WallabagApiTestCase
|
|||
$this->assertNull($tag, $tagLabel . ' was removed because it begun an orphan tag');
|
||||
}
|
||||
|
||||
public function testDeleteOtherUserTag()
|
||||
{
|
||||
$em = $this->client->getContainer()->get('doctrine.orm.entity_manager');
|
||||
$tag = $em->getRepository('WallabagCoreBundle:Tag')->findOneByLabel($this->otherUserTagLabel);
|
||||
|
||||
$this->client->request('DELETE', '/api/tags/' . $tag->getId() . '.json');
|
||||
|
||||
$this->assertSame(404, $this->client->getResponse()->getStatusCode());
|
||||
}
|
||||
|
||||
public function dataForDeletingTagByLabel()
|
||||
{
|
||||
return [
|
||||
|
@ -112,6 +130,13 @@ class TagRestControllerTest extends WallabagApiTestCase
|
|||
$this->assertSame(404, $this->client->getResponse()->getStatusCode());
|
||||
}
|
||||
|
||||
public function testDeleteTagByLabelOtherUser()
|
||||
{
|
||||
$this->client->request('DELETE', '/api/tag/label.json', ['tag' => $this->otherUserTagLabel]);
|
||||
|
||||
$this->assertSame(404, $this->client->getResponse()->getStatusCode());
|
||||
}
|
||||
|
||||
/**
|
||||
* @dataProvider dataForDeletingTagByLabel
|
||||
*/
|
||||
|
@ -180,4 +205,11 @@ class TagRestControllerTest extends WallabagApiTestCase
|
|||
|
||||
$this->assertSame(404, $this->client->getResponse()->getStatusCode());
|
||||
}
|
||||
|
||||
public function testDeleteTagsByLabelOtherUser()
|
||||
{
|
||||
$this->client->request('DELETE', '/api/tags/label.json', ['tags' => $this->otherUserTagLabel]);
|
||||
|
||||
$this->assertSame(404, $this->client->getResponse()->getStatusCode());
|
||||
}
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue