@@ -7,21 +7,21 @@ |
||
7 | 7 | |
8 | 8 | class SpellProviderStub implements SpellProvider, TestOnly |
9 | 9 | { |
10 | - public function checkWords($locale, $words) |
|
11 | - { |
|
12 | - if ($locale === 'en_NZ') { |
|
13 | - return ['collor', 'color', 'onee']; |
|
14 | - } |
|
10 | + public function checkWords($locale, $words) |
|
11 | + { |
|
12 | + if ($locale === 'en_NZ') { |
|
13 | + return ['collor', 'color', 'onee']; |
|
14 | + } |
|
15 | 15 | |
16 | - return ['collor', 'colour', 'onee']; |
|
17 | - } |
|
16 | + return ['collor', 'colour', 'onee']; |
|
17 | + } |
|
18 | 18 | |
19 | - public function getSuggestions($locale, $word) |
|
20 | - { |
|
21 | - if ($locale === 'en_NZ') { |
|
22 | - return ['collar', 'colour']; |
|
23 | - } |
|
19 | + public function getSuggestions($locale, $word) |
|
20 | + { |
|
21 | + if ($locale === 'en_NZ') { |
|
22 | + return ['collar', 'colour']; |
|
23 | + } |
|
24 | 24 | |
25 | - return ['collar', 'color']; |
|
26 | - } |
|
25 | + return ['collar', 'color']; |
|
26 | + } |
|
27 | 27 | } |
@@ -17,189 +17,189 @@ |
||
17 | 17 | */ |
18 | 18 | class SpellControllerTest extends FunctionalTest |
19 | 19 | { |
20 | - protected $usesDatabase = true; |
|
21 | - |
|
22 | - protected $securityWasEnabled = false; |
|
23 | - |
|
24 | - protected function setUp() |
|
25 | - { |
|
26 | - parent::setUp(); |
|
27 | - |
|
28 | - $this->securityWasEnabled = SecurityToken::is_enabled(); |
|
29 | - |
|
30 | - // Reset config |
|
31 | - Config::modify()->set(SpellController::class, 'required_permission', 'CMS_ACCESS_CMSMain'); |
|
32 | - Config::inst()->remove(SpellController::class, 'locales'); |
|
33 | - Config::modify()->set(SpellController::class, 'locales', array('en_US', 'en_NZ', 'fr_FR')); |
|
34 | - Config::modify()->set(SpellController::class, 'enable_security_token', true); |
|
35 | - SecurityToken::enable(); |
|
36 | - |
|
37 | - // Setup mock for testing provider |
|
38 | - $spellChecker = new SpellProviderStub; |
|
39 | - Injector::inst()->registerService($spellChecker, SpellProvider::class); |
|
40 | - } |
|
41 | - |
|
42 | - protected function tearDown() |
|
43 | - { |
|
44 | - if ($this->securityWasEnabled) { |
|
45 | - SecurityToken::enable(); |
|
46 | - } else { |
|
47 | - SecurityToken::disable(); |
|
48 | - } |
|
49 | - |
|
50 | - parent::tearDown(); |
|
51 | - } |
|
52 | - |
|
53 | - /** |
|
54 | - * Tests security ID check |
|
55 | - */ |
|
56 | - public function testSecurityID() |
|
57 | - { |
|
58 | - // Mock token |
|
59 | - $securityToken = SecurityToken::inst(); |
|
60 | - $generator = new RandomGenerator(); |
|
61 | - $token = $generator->randomToken('sha1'); |
|
62 | - $session = array( |
|
63 | - $securityToken->getName() => $token |
|
64 | - ); |
|
65 | - $tokenError = _t( |
|
66 | - 'SilverStripe\\SpellCheck\\Handling\\SpellController.SecurityMissing', |
|
67 | - 'Your session has expired. Please refresh your browser to continue.' |
|
68 | - ); |
|
69 | - |
|
70 | - // Test request sans token |
|
71 | - $response = $this->get('spellcheck', Injector::inst()->create(Session::class, $session)); |
|
72 | - $this->assertEquals(400, $response->getStatusCode()); |
|
73 | - $jsonBody = json_decode($response->getBody()); |
|
74 | - $this->assertEquals($tokenError, $jsonBody->error->errstr); |
|
75 | - |
|
76 | - // Test request with correct token (will fail with an unrelated error) |
|
77 | - $response = $this->get( |
|
78 | - 'spellcheck/?SecurityID='.urlencode($token), |
|
79 | - Injector::inst()->create(Session::class, $session) |
|
80 | - ); |
|
81 | - $jsonBody = json_decode($response->getBody()); |
|
82 | - $this->assertNotEquals($tokenError, $jsonBody->error->errstr); |
|
83 | - |
|
84 | - // Test request with check disabled |
|
85 | - Config::modify()->set(SpellController::class, 'enable_security_token', false); |
|
86 | - $response = $this->get('spellcheck', Injector::inst()->create(Session::class, $session)); |
|
87 | - $jsonBody = json_decode($response->getBody()); |
|
88 | - $this->assertNotEquals($tokenError, $jsonBody->error->errstr); |
|
89 | - } |
|
90 | - |
|
91 | - /** |
|
92 | - * Tests permission check |
|
93 | - */ |
|
94 | - public function testPermissions() |
|
95 | - { |
|
96 | - // Disable security ID for this test |
|
97 | - Config::modify()->set(SpellController::class, 'enable_security_token', false); |
|
98 | - $securityError = _t('SilverStripe\\SpellCheck\\Handling\\SpellController.SecurityDenied', 'Permission Denied'); |
|
99 | - |
|
100 | - // Test admin permissions |
|
101 | - Config::modify()->set(SpellController::class, 'required_permission', 'ADMIN'); |
|
102 | - $this->logInWithPermission('ADMIN'); |
|
103 | - $response = $this->get('spellcheck'); |
|
104 | - $jsonBody = json_decode($response->getBody()); |
|
105 | - $this->assertNotEquals($securityError, $jsonBody->error->errstr); |
|
106 | - |
|
107 | - // Test insufficient permissions |
|
108 | - $this->logInWithPermission('CMS_ACCESS_CMSMain'); |
|
109 | - $response = $this->get('spellcheck'); |
|
110 | - $this->assertEquals(403, $response->getStatusCode()); |
|
111 | - $jsonBody = json_decode($response->getBody()); |
|
112 | - $this->assertEquals($securityError, $jsonBody->error->errstr); |
|
113 | - |
|
114 | - // Test disabled permissions |
|
115 | - Config::modify()->set(SpellController::class, 'required_permission', false); |
|
116 | - $response = $this->get('spellcheck'); |
|
117 | - $jsonBody = json_decode($response->getBody()); |
|
118 | - $this->assertNotEquals($securityError, $jsonBody->error->errstr); |
|
119 | - } |
|
120 | - |
|
121 | - /** |
|
122 | - * Ensure that invalid input is correctly rejected |
|
123 | - */ |
|
124 | - public function testInputRejection() |
|
125 | - { |
|
126 | - // Disable security ID and permissions for this test |
|
127 | - Config::modify()->set(SpellController::class, 'enable_security_token', false); |
|
128 | - Config::modify()->set(SpellController::class, 'required_permission', false); |
|
129 | - $invalidRequest = _t('SilverStripe\\SpellCheck\\Handling\\SpellController.InvalidRequest', 'Invalid request'); |
|
130 | - |
|
131 | - // Test checkWords acceptance |
|
132 | - $dataCheckWords = array( |
|
133 | - 'id' => 'c0', |
|
134 | - 'method' => 'checkWords', |
|
135 | - 'params' => array( |
|
136 | - 'en_NZ', |
|
137 | - array('collor', 'colour', 'color', 'onee', 'correct') |
|
138 | - ) |
|
139 | - ); |
|
140 | - $response = $this->post('spellcheck', array('ajax' => 1, 'json_data' => json_encode($dataCheckWords))); |
|
141 | - $this->assertEquals(200, $response->getStatusCode()); |
|
142 | - $jsonBody = json_decode($response->getBody()); |
|
143 | - $this->assertEquals('c0', $jsonBody->id); |
|
144 | - $this->assertEquals(array("collor", "color", "onee"), $jsonBody->result); |
|
145 | - |
|
146 | - // Test getSuggestions acceptance |
|
147 | - $dataGetSuggestions = array( |
|
148 | - 'id' => '//c1//', // Should be reduced to only alphanumeric characters |
|
149 | - 'method' => 'getSuggestions', |
|
150 | - 'params' => array( |
|
151 | - 'en_NZ', |
|
152 | - 'collor' |
|
153 | - |
|
154 | - ) |
|
155 | - ); |
|
156 | - $response = $this->post('spellcheck', array('ajax' => 1, 'json_data' => json_encode($dataGetSuggestions))); |
|
157 | - $this->assertEquals(200, $response->getStatusCode()); |
|
158 | - $jsonBody = json_decode($response->getBody()); |
|
159 | - $this->assertEquals('c1', $jsonBody->id); |
|
160 | - $this->assertEquals(array('collar', 'colour'), $jsonBody->result); |
|
161 | - |
|
162 | - // Test non-ajax rejection |
|
163 | - $response = $this->post('spellcheck', array('json_data' => json_encode($dataCheckWords))); |
|
164 | - $this->assertEquals(400, $response->getStatusCode()); |
|
165 | - $jsonBody = json_decode($response->getBody()); |
|
166 | - $this->assertEquals($invalidRequest, $jsonBody->error->errstr); |
|
167 | - |
|
168 | - // Test incorrect method |
|
169 | - $dataInvalidMethod = $dataCheckWords; |
|
170 | - $dataInvalidMethod['method'] = 'validate'; |
|
171 | - $response = $this->post('spellcheck', array('ajax' => 1, 'json_data' => json_encode($dataInvalidMethod))); |
|
172 | - $this->assertEquals(400, $response->getStatusCode()); |
|
173 | - $jsonBody = json_decode($response->getBody()); |
|
174 | - $this->assertEquals( |
|
175 | - _t( |
|
176 | - 'SilverStripe\\SpellCheck\\Handling\\.UnsupportedMethod', |
|
177 | - "Unsupported method '{method}'", |
|
178 | - array('method' => 'validate') |
|
179 | - ), |
|
180 | - $jsonBody->error->errstr |
|
181 | - ); |
|
182 | - |
|
183 | - // Test missing method |
|
184 | - $dataNoMethod = $dataCheckWords; |
|
185 | - unset($dataNoMethod['method']); |
|
186 | - $response = $this->post('spellcheck', array('ajax' => 1, 'json_data' => json_encode($dataNoMethod))); |
|
187 | - $this->assertEquals(400, $response->getStatusCode()); |
|
188 | - $jsonBody = json_decode($response->getBody()); |
|
189 | - $this->assertEquals($invalidRequest, $jsonBody->error->errstr); |
|
190 | - |
|
191 | - // Test unsupported locale |
|
192 | - $dataWrongLocale = $dataCheckWords; |
|
193 | - $dataWrongLocale['params'] = array( |
|
194 | - 'de_DE', |
|
195 | - array('collor', 'colour', 'color', 'onee', 'correct') |
|
196 | - ); |
|
197 | - $response = $this->post('spellcheck', array('ajax' => 1, 'json_data' => json_encode($dataWrongLocale))); |
|
198 | - $this->assertEquals(400, $response->getStatusCode()); |
|
199 | - $jsonBody = json_decode($response->getBody()); |
|
200 | - $this->assertEquals(_t( |
|
201 | - 'SilverStripe\\SpellCheck\\Handling\\.InvalidLocale', |
|
202 | - 'Not supported locale' |
|
203 | - ), $jsonBody->error->errstr); |
|
204 | - } |
|
20 | + protected $usesDatabase = true; |
|
21 | + |
|
22 | + protected $securityWasEnabled = false; |
|
23 | + |
|
24 | + protected function setUp() |
|
25 | + { |
|
26 | + parent::setUp(); |
|
27 | + |
|
28 | + $this->securityWasEnabled = SecurityToken::is_enabled(); |
|
29 | + |
|
30 | + // Reset config |
|
31 | + Config::modify()->set(SpellController::class, 'required_permission', 'CMS_ACCESS_CMSMain'); |
|
32 | + Config::inst()->remove(SpellController::class, 'locales'); |
|
33 | + Config::modify()->set(SpellController::class, 'locales', array('en_US', 'en_NZ', 'fr_FR')); |
|
34 | + Config::modify()->set(SpellController::class, 'enable_security_token', true); |
|
35 | + SecurityToken::enable(); |
|
36 | + |
|
37 | + // Setup mock for testing provider |
|
38 | + $spellChecker = new SpellProviderStub; |
|
39 | + Injector::inst()->registerService($spellChecker, SpellProvider::class); |
|
40 | + } |
|
41 | + |
|
42 | + protected function tearDown() |
|
43 | + { |
|
44 | + if ($this->securityWasEnabled) { |
|
45 | + SecurityToken::enable(); |
|
46 | + } else { |
|
47 | + SecurityToken::disable(); |
|
48 | + } |
|
49 | + |
|
50 | + parent::tearDown(); |
|
51 | + } |
|
52 | + |
|
53 | + /** |
|
54 | + * Tests security ID check |
|
55 | + */ |
|
56 | + public function testSecurityID() |
|
57 | + { |
|
58 | + // Mock token |
|
59 | + $securityToken = SecurityToken::inst(); |
|
60 | + $generator = new RandomGenerator(); |
|
61 | + $token = $generator->randomToken('sha1'); |
|
62 | + $session = array( |
|
63 | + $securityToken->getName() => $token |
|
64 | + ); |
|
65 | + $tokenError = _t( |
|
66 | + 'SilverStripe\\SpellCheck\\Handling\\SpellController.SecurityMissing', |
|
67 | + 'Your session has expired. Please refresh your browser to continue.' |
|
68 | + ); |
|
69 | + |
|
70 | + // Test request sans token |
|
71 | + $response = $this->get('spellcheck', Injector::inst()->create(Session::class, $session)); |
|
72 | + $this->assertEquals(400, $response->getStatusCode()); |
|
73 | + $jsonBody = json_decode($response->getBody()); |
|
74 | + $this->assertEquals($tokenError, $jsonBody->error->errstr); |
|
75 | + |
|
76 | + // Test request with correct token (will fail with an unrelated error) |
|
77 | + $response = $this->get( |
|
78 | + 'spellcheck/?SecurityID='.urlencode($token), |
|
79 | + Injector::inst()->create(Session::class, $session) |
|
80 | + ); |
|
81 | + $jsonBody = json_decode($response->getBody()); |
|
82 | + $this->assertNotEquals($tokenError, $jsonBody->error->errstr); |
|
83 | + |
|
84 | + // Test request with check disabled |
|
85 | + Config::modify()->set(SpellController::class, 'enable_security_token', false); |
|
86 | + $response = $this->get('spellcheck', Injector::inst()->create(Session::class, $session)); |
|
87 | + $jsonBody = json_decode($response->getBody()); |
|
88 | + $this->assertNotEquals($tokenError, $jsonBody->error->errstr); |
|
89 | + } |
|
90 | + |
|
91 | + /** |
|
92 | + * Tests permission check |
|
93 | + */ |
|
94 | + public function testPermissions() |
|
95 | + { |
|
96 | + // Disable security ID for this test |
|
97 | + Config::modify()->set(SpellController::class, 'enable_security_token', false); |
|
98 | + $securityError = _t('SilverStripe\\SpellCheck\\Handling\\SpellController.SecurityDenied', 'Permission Denied'); |
|
99 | + |
|
100 | + // Test admin permissions |
|
101 | + Config::modify()->set(SpellController::class, 'required_permission', 'ADMIN'); |
|
102 | + $this->logInWithPermission('ADMIN'); |
|
103 | + $response = $this->get('spellcheck'); |
|
104 | + $jsonBody = json_decode($response->getBody()); |
|
105 | + $this->assertNotEquals($securityError, $jsonBody->error->errstr); |
|
106 | + |
|
107 | + // Test insufficient permissions |
|
108 | + $this->logInWithPermission('CMS_ACCESS_CMSMain'); |
|
109 | + $response = $this->get('spellcheck'); |
|
110 | + $this->assertEquals(403, $response->getStatusCode()); |
|
111 | + $jsonBody = json_decode($response->getBody()); |
|
112 | + $this->assertEquals($securityError, $jsonBody->error->errstr); |
|
113 | + |
|
114 | + // Test disabled permissions |
|
115 | + Config::modify()->set(SpellController::class, 'required_permission', false); |
|
116 | + $response = $this->get('spellcheck'); |
|
117 | + $jsonBody = json_decode($response->getBody()); |
|
118 | + $this->assertNotEquals($securityError, $jsonBody->error->errstr); |
|
119 | + } |
|
120 | + |
|
121 | + /** |
|
122 | + * Ensure that invalid input is correctly rejected |
|
123 | + */ |
|
124 | + public function testInputRejection() |
|
125 | + { |
|
126 | + // Disable security ID and permissions for this test |
|
127 | + Config::modify()->set(SpellController::class, 'enable_security_token', false); |
|
128 | + Config::modify()->set(SpellController::class, 'required_permission', false); |
|
129 | + $invalidRequest = _t('SilverStripe\\SpellCheck\\Handling\\SpellController.InvalidRequest', 'Invalid request'); |
|
130 | + |
|
131 | + // Test checkWords acceptance |
|
132 | + $dataCheckWords = array( |
|
133 | + 'id' => 'c0', |
|
134 | + 'method' => 'checkWords', |
|
135 | + 'params' => array( |
|
136 | + 'en_NZ', |
|
137 | + array('collor', 'colour', 'color', 'onee', 'correct') |
|
138 | + ) |
|
139 | + ); |
|
140 | + $response = $this->post('spellcheck', array('ajax' => 1, 'json_data' => json_encode($dataCheckWords))); |
|
141 | + $this->assertEquals(200, $response->getStatusCode()); |
|
142 | + $jsonBody = json_decode($response->getBody()); |
|
143 | + $this->assertEquals('c0', $jsonBody->id); |
|
144 | + $this->assertEquals(array("collor", "color", "onee"), $jsonBody->result); |
|
145 | + |
|
146 | + // Test getSuggestions acceptance |
|
147 | + $dataGetSuggestions = array( |
|
148 | + 'id' => '//c1//', // Should be reduced to only alphanumeric characters |
|
149 | + 'method' => 'getSuggestions', |
|
150 | + 'params' => array( |
|
151 | + 'en_NZ', |
|
152 | + 'collor' |
|
153 | + |
|
154 | + ) |
|
155 | + ); |
|
156 | + $response = $this->post('spellcheck', array('ajax' => 1, 'json_data' => json_encode($dataGetSuggestions))); |
|
157 | + $this->assertEquals(200, $response->getStatusCode()); |
|
158 | + $jsonBody = json_decode($response->getBody()); |
|
159 | + $this->assertEquals('c1', $jsonBody->id); |
|
160 | + $this->assertEquals(array('collar', 'colour'), $jsonBody->result); |
|
161 | + |
|
162 | + // Test non-ajax rejection |
|
163 | + $response = $this->post('spellcheck', array('json_data' => json_encode($dataCheckWords))); |
|
164 | + $this->assertEquals(400, $response->getStatusCode()); |
|
165 | + $jsonBody = json_decode($response->getBody()); |
|
166 | + $this->assertEquals($invalidRequest, $jsonBody->error->errstr); |
|
167 | + |
|
168 | + // Test incorrect method |
|
169 | + $dataInvalidMethod = $dataCheckWords; |
|
170 | + $dataInvalidMethod['method'] = 'validate'; |
|
171 | + $response = $this->post('spellcheck', array('ajax' => 1, 'json_data' => json_encode($dataInvalidMethod))); |
|
172 | + $this->assertEquals(400, $response->getStatusCode()); |
|
173 | + $jsonBody = json_decode($response->getBody()); |
|
174 | + $this->assertEquals( |
|
175 | + _t( |
|
176 | + 'SilverStripe\\SpellCheck\\Handling\\.UnsupportedMethod', |
|
177 | + "Unsupported method '{method}'", |
|
178 | + array('method' => 'validate') |
|
179 | + ), |
|
180 | + $jsonBody->error->errstr |
|
181 | + ); |
|
182 | + |
|
183 | + // Test missing method |
|
184 | + $dataNoMethod = $dataCheckWords; |
|
185 | + unset($dataNoMethod['method']); |
|
186 | + $response = $this->post('spellcheck', array('ajax' => 1, 'json_data' => json_encode($dataNoMethod))); |
|
187 | + $this->assertEquals(400, $response->getStatusCode()); |
|
188 | + $jsonBody = json_decode($response->getBody()); |
|
189 | + $this->assertEquals($invalidRequest, $jsonBody->error->errstr); |
|
190 | + |
|
191 | + // Test unsupported locale |
|
192 | + $dataWrongLocale = $dataCheckWords; |
|
193 | + $dataWrongLocale['params'] = array( |
|
194 | + 'de_DE', |
|
195 | + array('collor', 'colour', 'color', 'onee', 'correct') |
|
196 | + ); |
|
197 | + $response = $this->post('spellcheck', array('ajax' => 1, 'json_data' => json_encode($dataWrongLocale))); |
|
198 | + $this->assertEquals(400, $response->getStatusCode()); |
|
199 | + $jsonBody = json_decode($response->getBody()); |
|
200 | + $this->assertEquals(_t( |
|
201 | + 'SilverStripe\\SpellCheck\\Handling\\.InvalidLocale', |
|
202 | + 'Not supported locale' |
|
203 | + ), $jsonBody->error->errstr); |
|
204 | + } |
|
205 | 205 | } |