These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more
1 | <?php |
||
2 | |||
3 | namespace SilverStripe\Comments\Tests; |
||
4 | |||
5 | use SilverStripe\Comments\Controllers\CommentingController; |
||
6 | use SilverStripe\Comments\Model\Comment; |
||
7 | use SilverStripe\Comments\Model\Comment\SecurityToken as CommentSecurityToken; |
||
8 | use SilverStripe\Comments\Tests\Stubs\CommentableItem; |
||
9 | use SilverStripe\Comments\Tests\CommentTestHelper; |
||
10 | use SilverStripe\Control\Controller; |
||
11 | use SilverStripe\Core\Config\Config; |
||
12 | use SilverStripe\Core\Email\Email; |
||
13 | use SilverStripe\Dev\FunctionalTest; |
||
14 | use SilverStripe\ORM\DataObject; |
||
15 | use SilverStripe\Security\Member; |
||
16 | use SilverStripe\Security\SecurityToken; |
||
17 | |||
18 | class CommentingControllerTest extends FunctionalTest |
||
19 | { |
||
20 | /** |
||
21 | * {@inheritDoc} |
||
22 | */ |
||
23 | protected static $fixture_file = 'CommentsTest.yml'; |
||
24 | |||
25 | /** |
||
26 | * {@inheritDoc} |
||
27 | */ |
||
28 | protected static $extra_dataobjects = [ |
||
29 | CommentableItem::class |
||
30 | ]; |
||
31 | |||
32 | protected $securityEnabled; |
||
33 | |||
34 | protected function tearDown() |
||
35 | { |
||
36 | if ($this->securityEnabled) { |
||
37 | SecurityToken::inst()->enable(); |
||
38 | } else { |
||
39 | SecurityToken::inst()->disable(); |
||
40 | } |
||
41 | parent::tearDown(); |
||
42 | } |
||
43 | |||
44 | protected function setUp() |
||
45 | { |
||
46 | parent::setUp(); |
||
47 | $this->securityEnabled = SecurityToken::inst()->is_enabled(); |
||
48 | |||
49 | // We will assert against explicit responses, unless handed otherwise in a test for redirects |
||
50 | $this->autoFollowRedirection = false; |
||
51 | } |
||
52 | |||
53 | public function testCommentsFormUsePreview() |
||
54 | { |
||
55 | $parent = $this->objFromFixture(CommentableItem::class, 'first'); |
||
56 | $commController = new CommentingController(); |
||
57 | $commController->setOwnerRecord($parent); |
||
58 | $form = $commController->CommentsForm(); |
||
59 | |||
60 | $commentsFields = $form->Fields()->first()->FieldList(); |
||
61 | $expected = array('Name', 'Email', 'URL', 'Comment'); |
||
62 | CommentTestHelper::assertFieldNames($this, $expected, $commentsFields); |
||
63 | |||
64 | // test with preview on |
||
65 | Config::modify()->merge(CommentableItem::class, 'comments', array( |
||
66 | 'use_preview' => true |
||
67 | )); |
||
68 | |||
69 | $parent = $this->objFromFixture(CommentableItem::class, 'first'); |
||
70 | $commController = new CommentingController(); |
||
71 | $commController->setOwnerRecord($parent); |
||
0 ignored issues
–
show
|
|||
72 | |||
73 | $this->objFromFixture(Comment::class, 'firstComAChild1')->delete(); |
||
74 | $this->objFromFixture(Comment::class, 'firstComAChild2')->delete(); |
||
75 | $this->objFromFixture(Comment::class, 'firstComAChild3')->delete(); |
||
76 | |||
77 | SecurityToken::inst()->disable(); |
||
78 | $this->autoFollowRedirection = false; |
||
79 | |||
80 | $form = $commController->CommentsForm(); |
||
81 | $commentsFields = $form->Fields()->first()->FieldList(); |
||
82 | $expected = array('Name', 'Email', 'URL', 'Comment', 'PreviewComment'); |
||
83 | CommentTestHelper::assertFieldNames($this, $expected, $commentsFields); |
||
84 | } |
||
85 | |||
86 | public function testApproveUnmoderatedComment() |
||
87 | { |
||
88 | SecurityToken::inst()->disable(); |
||
89 | |||
90 | // mark a comment as spam then approve it |
||
91 | $this->logInWithPermission('CMS_ACCESS_CommentAdmin'); |
||
92 | $comment = $this->objFromFixture(Comment::class, 'testModeratedComment1'); |
||
93 | $st = new CommentSecurityToken($comment); |
||
94 | $url = 'comments/approve/' . $comment->ID; |
||
95 | $url = $st->addToUrl($url, Member::currentUser()); |
||
96 | $response = $this->get($url, null, ['Referer' => '/']); |
||
97 | $this->assertEquals(302, $response->getStatusCode()); |
||
98 | $comment = DataObject::get_by_id(Comment::class, $comment->ID); |
||
99 | |||
100 | // Need to use 0,1 here instead of false, true for SQLite |
||
101 | $this->assertEquals(0, $comment->IsSpam); |
||
102 | $this->assertEquals(1, $comment->Moderated); |
||
103 | |||
104 | // try and approve a non existent comment |
||
105 | $response = $this->get('comments/approve/100000'); |
||
106 | $this->assertEquals(404, $response->getStatusCode()); |
||
107 | } |
||
108 | |||
109 | public function testSetGetOwnerController() |
||
110 | { |
||
111 | $commController = new CommentingController(); |
||
112 | $commController->setOwnerController(Controller::curr()); |
||
113 | $this->assertEquals(Controller::curr(), $commController->getOwnerController()); |
||
114 | $commController->setOwnerController(null); |
||
115 | $this->assertNull($commController->getOwnerController()); |
||
116 | } |
||
117 | |||
118 | View Code Duplication | public function testHam() |
|
119 | { |
||
120 | SecurityToken::inst()->disable(); |
||
121 | |||
122 | // mark a comment as spam then ham it |
||
123 | $this->logInWithPermission('CMS_ACCESS_CommentAdmin'); |
||
124 | $comment = $this->objFromFixture(Comment::class, 'firstComA'); |
||
125 | $comment->markSpam(); |
||
126 | $st = new CommentSecurityToken($comment); |
||
127 | $url = 'comments/ham/' . $comment->ID; |
||
128 | $url = $st->addToUrl($url, Member::currentUser()); |
||
129 | $response = $this->get($url); |
||
130 | $this->assertEquals(302, $response->getStatusCode()); |
||
131 | $comment = DataObject::get_by_id(Comment::class, $comment->ID); |
||
132 | |||
133 | // Need to use 0,1 here instead of false, true for SQLite |
||
134 | $this->assertEquals(0, $comment->IsSpam); |
||
135 | $this->assertEquals(1, $comment->Moderated); |
||
136 | |||
137 | // try and ham a non existent comment |
||
138 | $response = $this->get('comments/ham/100000'); |
||
139 | $this->assertEquals(404, $response->getStatusCode()); |
||
140 | } |
||
141 | |||
142 | View Code Duplication | public function testSpam() |
|
143 | { |
||
144 | // mark a comment as approved then spam it |
||
145 | $this->logInWithPermission('CMS_ACCESS_CommentAdmin'); |
||
146 | $comment = $this->objFromFixture(Comment::class, 'firstComA'); |
||
147 | $comment->markApproved(); |
||
148 | $st = new CommentSecurityToken($comment); |
||
149 | $url = 'comments/spam/' . $comment->ID; |
||
150 | $url = $st->addToUrl($url, Member::currentUser()); |
||
151 | $response = $this->get($url); |
||
152 | $this->assertEquals(302, $response->getStatusCode()); |
||
153 | $comment = DataObject::get_by_id(Comment::class, $comment->ID); |
||
154 | |||
155 | // Need to use 0,1 here instead of false, true for SQLite |
||
156 | $this->assertEquals(1, $comment->IsSpam); |
||
157 | $this->assertEquals(1, $comment->Moderated); |
||
158 | |||
159 | // try and spam a non existent comment |
||
160 | $response = $this->get('comments/spam/100000'); |
||
161 | $this->assertEquals(404, $response->getStatusCode()); |
||
162 | } |
||
163 | |||
164 | public function testRSS() |
||
165 | { |
||
166 | // Delete the newly added children of firstComA so as not to have to recalculate values below |
||
167 | $this->objFromFixture(Comment::class, 'firstComAChild1')->delete(); |
||
168 | $this->objFromFixture(Comment::class, 'firstComAChild2')->delete(); |
||
169 | $this->objFromFixture(Comment::class, 'firstComAChild3')->delete(); |
||
170 | |||
171 | $item = $this->objFromFixture(CommentableItem::class, 'first'); |
||
172 | |||
173 | // comments sitewide |
||
174 | $response = $this->get('comments/rss'); |
||
175 | $comment = "10 approved, non spam comments on page 1"; |
||
176 | $this->assertEquals(10, substr_count($response->getBody(), "<item>"), $comment); |
||
177 | |||
178 | $response = $this->get('comments/rss?start=10'); |
||
179 | $this->assertEquals(4, substr_count($response->getBody(), "<item>"), "3 approved, non spam comments on page 2"); |
||
180 | |||
181 | // all comments on a type |
||
182 | $response = $this->get('comments/rss/SilverStripe-Comments-Tests-Stubs-CommentableItem'); |
||
183 | $this->assertEquals(10, substr_count($response->getBody(), "<item>")); |
||
184 | |||
185 | $response = $this->get('comments/rss/SilverStripe-Comments-Tests-Stubs-CommentableItem?start=10'); |
||
186 | $this->assertEquals(4, substr_count($response->getBody(), "<item>"), "3 approved, non spam comments on page 2"); |
||
187 | |||
188 | // specific page |
||
189 | $response = $this->get('comments/rss/SilverStripe-Comments-Tests-Stubs-CommentableItem/'.$item->ID); |
||
190 | $this->assertEquals(1, substr_count($response->getBody(), "<item>")); |
||
191 | $this->assertContains('<dc:creator>FA</dc:creator>', $response->getBody()); |
||
192 | |||
193 | // test accessing comments on a type that doesn't exist |
||
194 | $response = $this->get('comments/rss/Fake'); |
||
195 | $this->assertEquals(404, $response->getStatusCode()); |
||
196 | } |
||
197 | |||
198 | // This is returning a 404 which looks logical code wise but also a bit weird. |
||
199 | // Test module on a clean install and check what the actual URL is first |
||
200 | /* public function testReply() { |
||
201 | $this->logInWithPermission('CMS_ACCESS_CommentAdmin'); |
||
202 | $comment = $this->objFromFixture('Comment', 'firstComA'); |
||
203 | $item = $this->objFromFixture('CommentableItem', 'first'); |
||
204 | |||
205 | $st = new CommentSecurityToken($comment); |
||
206 | $url = 'comments/reply/' . $item->ID.'?ParentCommentID=' . $comment->ID; |
||
207 | error_log($url); |
||
208 | $response = $this->get($url); |
||
209 | error_log(print_r($response,1)); |
||
210 | |||
211 | $this->assertEquals(200, $response->getStatusCode()); |
||
212 | |||
213 | } |
||
214 | */ |
||
215 | /* |
||
216 | public function testCommentsFormLoadMemberData() { |
||
217 | Config::modify()->set('CommentableItem', 'comments', array( |
||
218 | 'use_preview' => false |
||
219 | )); |
||
220 | $this->logInAs('visitor'); |
||
221 | SecurityToken::inst()->disable(); |
||
222 | $parent = $this->objFromFixture('CommentableItem', 'first'); |
||
223 | $parent->CommentsRequireLogin = true; |
||
224 | $parent->PostingRequiredPermission = true; |
||
225 | //$parent->write(); |
||
226 | $commController = new CommentingController(); |
||
227 | $commController->setOwnerRecord($parent); |
||
228 | |||
229 | $form = $commController->CommentsForm(); |
||
230 | $commentsFields = $form->Fields()->first()->FieldList(); |
||
231 | $expected = array('Name', 'Email', 'URL', 'Comment', 'PreviewComment'); |
||
232 | CommentTestHelper::assertFieldNames($this, $expected, $commentsFields); |
||
233 | } |
||
234 | */ |
||
235 | |||
236 | public function testCommentsForm() |
||
237 | { |
||
238 | $this->autoFollowRedirection = true; |
||
239 | |||
240 | // Delete the newly added children of firstComA so as not to change this test |
||
241 | $this->objFromFixture(Comment::class, 'firstComAChild1')->delete(); |
||
242 | $this->objFromFixture(Comment::class, 'firstComAChild2')->delete(); |
||
243 | $this->objFromFixture(Comment::class, 'firstComAChild3')->delete(); |
||
244 | |||
245 | SecurityToken::inst()->disable(); |
||
246 | $this->autoFollowRedirection = false; |
||
247 | $parent = $this->objFromFixture(CommentableItem::class, 'first'); |
||
248 | |||
249 | // Test posting to base comment |
||
250 | $response = $this->post( |
||
251 | 'comments/CommentsForm', |
||
252 | array( |
||
253 | 'Name' => 'Poster', |
||
254 | 'Email' => '[email protected]', |
||
255 | 'Comment' => 'My Comment', |
||
256 | 'ParentID' => $parent->ID, |
||
257 | 'ParentClassName' => CommentableItem::class, |
||
258 | 'action_doPostComment' => 'Post' |
||
259 | ) |
||
260 | ); |
||
261 | $this->assertEquals(302, $response->getStatusCode()); |
||
262 | // $this->assertStringStartsWith('CommentableItemController#comment-', $response->getHeader('Location')); |
||
263 | $this->assertDOSEquals( |
||
264 | array( |
||
265 | array( |
||
266 | 'Name' => 'Poster', |
||
267 | 'Email' => '[email protected]', |
||
268 | 'Comment' => 'My Comment', |
||
269 | 'ParentID' => $parent->ID, |
||
270 | 'ParentClass' => CommentableItem::class, |
||
271 | ) |
||
272 | ), |
||
273 | Comment::get()->filter('Email', '[email protected]') |
||
274 | ); |
||
275 | |||
276 | // Test posting to parent comment |
||
277 | $parentComment = $this->objFromFixture(Comment::class, 'firstComA'); |
||
278 | $this->assertEquals(0, $parentComment->ChildComments()->count()); |
||
279 | |||
280 | $response = $this->post( |
||
281 | 'comments/reply/' . $parentComment->ID, |
||
282 | array( |
||
283 | 'Name' => 'Test Author', |
||
284 | 'Email' => '[email protected]', |
||
285 | 'Comment' => 'Making a reply to firstComA', |
||
286 | 'ParentID' => $parent->ID, |
||
287 | 'ParentClassName' => CommentableItem::class, |
||
288 | 'ParentCommentID' => $parentComment->ID, |
||
289 | 'action_doPostComment' => 'Post' |
||
290 | ) |
||
291 | ); |
||
292 | $this->assertEquals(302, $response->getStatusCode()); |
||
293 | // $this->assertStringStartsWith('CommentableItemController#comment-', $response->getHeader('Location')); |
||
294 | $this->assertDOSEquals( |
||
295 | array( |
||
296 | array( |
||
297 | 'Name' => 'Test Author', |
||
298 | 'Email' => '[email protected]', |
||
299 | 'Comment' => 'Making a reply to firstComA', |
||
300 | 'ParentID' => $parent->ID, |
||
301 | 'ParentClass' => CommentableItem::class, |
||
302 | 'ParentCommentID' => $parentComment->ID |
||
303 | ) |
||
304 | ), |
||
305 | $parentComment->ChildComments() |
||
306 | ); |
||
307 | } |
||
308 | |||
309 | /** |
||
310 | * SS4 introduces namespaces. They don't work in URLs, so we encode and decode them here. |
||
311 | */ |
||
312 | public function testEncodeClassName() |
||
313 | { |
||
314 | $controller = new CommentingController; |
||
315 | $this->assertSame('SilverStripe-Comments-Model-Comment', $controller->encodeClassName(Comment::class)); |
||
316 | } |
||
317 | |||
318 | public function testDecodeClassName() |
||
319 | { |
||
320 | $controller = new CommentingController; |
||
321 | $this->assertSame(Comment::class, $controller->decodeClassName('SilverStripe-Comments-Model-Comment')); |
||
322 | } |
||
323 | } |
||
324 |
Unless you are absolutely sure that the expression can never be null because of other conditions, we strongly recommend to add an additional type check to your code: