bintzwing/tst/privatebin.php

1044 lines
37 KiB
PHP
Raw Normal View History

<?php
2016-07-11 09:58:15 +00:00
class privatebinTest extends PHPUnit_Framework_TestCase
{
protected $_model;
public function setUp()
{
/* Setup Routine */
2016-07-11 09:58:15 +00:00
$this->_model = privatebin_data::getInstance(array('dir' => PATH . 'data'));
$this->reset();
}
public function tearDown()
{
/* Tear Down Routine */
helper::confRestore();
}
public function reset()
{
$_POST = array();
$_GET = array();
$_SERVER = array();
2015-09-21 20:32:52 +00:00
if ($this->_model->exists(helper::getPasteId()))
$this->_model->delete(helper::getPasteId());
2015-09-22 21:21:31 +00:00
helper::confRestore();
}
/**
* @runInSeparateProcess
*/
public function testView()
{
$this->reset();
ob_start();
2016-07-11 09:58:15 +00:00
new privatebin;
$content = ob_get_contents();
$this->assertContains(
2016-07-11 09:58:15 +00:00
'<title>PrivateBin</title>',
$content,
'outputs title correctly'
);
$this->assertNotContains(
'id="shortenbutton"',
$content,
'doesn\'t output shortener button'
);
}
/**
* @runInSeparateProcess
*/
public function testViewLanguageSelection()
{
$this->reset();
2015-09-22 21:21:31 +00:00
$options = parse_ini_file(CONF, true);
$options['main']['languageselection'] = true;
2015-09-22 21:21:31 +00:00
helper::confBackup();
helper::createIniFile(CONF, $options);
$_COOKIE['lang'] = 'de';
ob_start();
2016-07-11 09:58:15 +00:00
new privatebin;
$content = ob_get_contents();
$this->assertContains(
2016-07-11 09:58:15 +00:00
'<title>PrivateBin</title>',
$content,
'outputs title correctly'
);
}
/**
* @runInSeparateProcess
*/
public function testViewForceLanguageDefault()
{
$this->reset();
$options = parse_ini_file(CONF, true);
$options['main']['languageselection'] = false;
$options['main']['languagedefault'] = 'fr';
helper::confBackup();
helper::createIniFile(CONF, $options);
$_COOKIE['lang'] = 'de';
ob_start();
2016-07-11 09:58:15 +00:00
new privatebin;
$content = ob_get_contents();
$this->assertContains(
2016-07-11 09:58:15 +00:00
'<title>PrivateBin</title>',
$content,
'outputs title correctly'
);
}
/**
* @runInSeparateProcess
*/
public function testViewUrlShortener()
{
$shortener = 'https://shortener.example.com/api?link=';
$this->reset();
$options = parse_ini_file(CONF, true);
$options['main']['urlshortener'] = $shortener;
helper::confBackup();
helper::createIniFile(CONF, $options);
$_COOKIE['lang'] = 'de';
ob_start();
2016-07-11 09:58:15 +00:00
new privatebin;
$content = ob_get_contents();
$this->assertRegExp(
'#id="shortenbutton"[^>]*data-shortener="' . preg_quote($shortener) . '"#',
$content,
'outputs configured shortener URL correctly'
);
}
/**
* @runInSeparateProcess
*/
public function testHtaccess()
{
$this->reset();
$dirs = array('cfg', 'lib');
foreach ($dirs as $dir) {
$file = PATH . $dir . DIRECTORY_SEPARATOR . '.htaccess';
@unlink($file);
}
ob_start();
2016-07-11 09:58:15 +00:00
new privatebin;
ob_end_clean();
foreach ($dirs as $dir) {
$file = PATH . $dir . DIRECTORY_SEPARATOR . '.htaccess';
$this->assertFileExists(
$file,
"$dir htaccess recreated"
);
}
}
/**
* @expectedException Exception
* @expectedExceptionCode 2
*/
public function testConf()
{
$this->reset();
2015-09-22 21:21:31 +00:00
helper::confBackup();
file_put_contents(CONF, '');
ob_start();
2016-07-11 09:58:15 +00:00
new privatebin;
ob_end_clean();
}
/**
* @runInSeparateProcess
*/
public function testCreate()
{
$this->reset();
$options = parse_ini_file(CONF, true);
$options['traffic']['limit'] = 0;
helper::confBackup();
helper::createIniFile(CONF, $options);
2015-09-21 20:32:52 +00:00
$_POST = helper::getPaste();
$_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest';
$_SERVER['REQUEST_METHOD'] = 'POST';
$_SERVER['REMOTE_ADDR'] = '::1';
ob_start();
2016-07-11 09:58:15 +00:00
new privatebin;
$content = ob_get_contents();
$response = json_decode($content, true);
$this->assertEquals(0, $response['status'], 'outputs status');
$this->assertTrue($this->_model->exists($response['id']), 'paste exists after posting data');
$paste = $this->_model->read($response['id']);
$this->assertEquals(
hash_hmac('sha256', $response['id'], $paste->meta->salt),
$response['deletetoken'],
'outputs valid delete token'
);
}
/**
* @runInSeparateProcess
*/
public function testCreateInvalidTimelimit()
{
$this->reset();
$options = parse_ini_file(CONF, true);
$options['traffic']['limit'] = 0;
helper::confBackup();
helper::createIniFile(CONF, $options);
$_POST = helper::getPaste(array('expire' => 25));
$_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest';
$_SERVER['REQUEST_METHOD'] = 'POST';
$_SERVER['REMOTE_ADDR'] = '::1';
trafficlimiter::canPass();
ob_start();
2016-07-11 09:58:15 +00:00
new privatebin;
$content = ob_get_contents();
$response = json_decode($content, true);
$this->assertEquals(0, $response['status'], 'outputs status');
$this->assertTrue($this->_model->exists($response['id']), 'paste exists after posting data');
$paste = $this->_model->read($response['id']);
$this->assertEquals(
hash_hmac('sha256', $response['id'], $paste->meta->salt),
$response['deletetoken'],
'outputs valid delete token'
);
}
/**
* @runInSeparateProcess
*/
public function testCreateInvalidSize()
{
$this->reset();
2015-09-22 21:21:31 +00:00
$options = parse_ini_file(CONF, true);
$options['main']['sizelimit'] = 10;
$options['traffic']['limit'] = 0;
2015-09-22 21:21:31 +00:00
helper::confBackup();
helper::createIniFile(CONF, $options);
2015-09-21 20:32:52 +00:00
$_POST = helper::getPaste();
$_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest';
$_SERVER['REQUEST_METHOD'] = 'POST';
$_SERVER['REMOTE_ADDR'] = '::1';
ob_start();
2016-07-11 09:58:15 +00:00
new privatebin;
$content = ob_get_contents();
$response = json_decode($content, true);
$this->assertEquals(1, $response['status'], 'outputs error status');
2015-09-21 20:32:52 +00:00
$this->assertFalse($this->_model->exists(helper::getPasteId()), 'paste exists after posting data');
}
/**
* @runInSeparateProcess
*/
public function testCreateProxyHeader()
{
$this->reset();
2015-09-22 21:21:31 +00:00
$options = parse_ini_file(CONF, true);
$options['traffic']['header'] = 'X_FORWARDED_FOR';
2015-09-22 21:21:31 +00:00
helper::confBackup();
helper::createIniFile(CONF, $options);
2015-09-21 20:32:52 +00:00
$_POST = helper::getPaste();
$_SERVER['HTTP_X_FORWARDED_FOR'] = '::2';
$_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest';
$_SERVER['REQUEST_METHOD'] = 'POST';
$_SERVER['REMOTE_ADDR'] = '::1';
ob_start();
2016-07-11 09:58:15 +00:00
new privatebin;
$content = ob_get_contents();
$response = json_decode($content, true);
$this->assertEquals(0, $response['status'], 'outputs status');
$this->assertTrue($this->_model->exists($response['id']), 'paste exists after posting data');
$paste = $this->_model->read($response['id']);
$this->assertEquals(
hash_hmac('sha256', $response['id'], $paste->meta->salt),
$response['deletetoken'],
'outputs valid delete token'
);
}
/**
* @runInSeparateProcess
*/
public function testCreateDuplicateId()
{
$this->reset();
2015-09-22 21:21:31 +00:00
$options = parse_ini_file(CONF, true);
$options['traffic']['limit'] = 0;
2015-09-22 21:21:31 +00:00
helper::confBackup();
helper::createIniFile(CONF, $options);
2015-09-21 20:32:52 +00:00
$this->_model->create(helper::getPasteId(), helper::getPaste());
$_POST = helper::getPaste();
$_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest';
$_SERVER['REQUEST_METHOD'] = 'POST';
$_SERVER['REMOTE_ADDR'] = '::1';
ob_start();
2016-07-11 09:58:15 +00:00
new privatebin;
$content = ob_get_contents();
$response = json_decode($content, true);
$this->assertEquals(1, $response['status'], 'outputs error status');
2015-09-21 20:32:52 +00:00
$this->assertTrue($this->_model->exists(helper::getPasteId()), 'paste exists after posting data');
}
/**
* @runInSeparateProcess
*/
public function testCreateValidExpire()
{
$this->reset();
2015-09-22 21:21:31 +00:00
$options = parse_ini_file(CONF, true);
$options['traffic']['limit'] = 0;
2015-09-22 21:21:31 +00:00
helper::confBackup();
helper::createIniFile(CONF, $options);
2015-09-21 20:32:52 +00:00
$_POST = helper::getPaste();
$_POST['expire'] = '5min';
$_POST['formatter'] = 'foo';
$_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest';
$_SERVER['REQUEST_METHOD'] = 'POST';
$_SERVER['REMOTE_ADDR'] = '::1';
$time = time();
ob_start();
2016-07-11 09:58:15 +00:00
new privatebin;
$content = ob_get_contents();
$response = json_decode($content, true);
$this->assertEquals(0, $response['status'], 'outputs status');
$this->assertTrue($this->_model->exists($response['id']), 'paste exists after posting data');
$paste = $this->_model->read($response['id']);
$this->assertEquals(
hash_hmac('sha256', $response['id'], $paste->meta->salt),
$response['deletetoken'],
'outputs valid delete token'
);
$this->assertGreaterThanOrEqual($time + 300, $paste->meta->expire_date, 'time is set correctly');
}
/**
* @runInSeparateProcess
*/
public function testCreateValidExpireWithDiscussion()
{
$this->reset();
$options = parse_ini_file(CONF, true);
$options['traffic']['limit'] = 0;
helper::confBackup();
helper::createIniFile(CONF, $options);
$_POST = helper::getPaste();
$_POST['expire'] = '5min';
$_POST['opendiscussion'] = '1';
$_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest';
$_SERVER['REQUEST_METHOD'] = 'POST';
$_SERVER['REMOTE_ADDR'] = '::1';
$time = time();
ob_start();
2016-07-11 09:58:15 +00:00
new privatebin;
$content = ob_get_contents();
$response = json_decode($content, true);
$this->assertEquals(0, $response['status'], 'outputs status');
$this->assertTrue($this->_model->exists($response['id']), 'paste exists after posting data');
$paste = $this->_model->read($response['id']);
$this->assertEquals(
hash_hmac('sha256', $response['id'], $paste->meta->salt),
$response['deletetoken'],
'outputs valid delete token'
);
$this->assertGreaterThanOrEqual($time + 300, $paste->meta->expire_date, 'time is set correctly');
$this->assertEquals(1, $paste->meta->opendiscussion, 'discussion is enabled');
}
/**
* @runInSeparateProcess
*/
public function testCreateInvalidExpire()
{
$this->reset();
2015-09-22 21:21:31 +00:00
$options = parse_ini_file(CONF, true);
$options['traffic']['limit'] = 0;
2015-09-22 21:21:31 +00:00
helper::confBackup();
helper::createIniFile(CONF, $options);
2015-09-21 20:32:52 +00:00
$_POST = helper::getPaste();
$_POST['expire'] = 'foo';
$_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest';
$_SERVER['REQUEST_METHOD'] = 'POST';
$_SERVER['REMOTE_ADDR'] = '::1';
ob_start();
2016-07-11 09:58:15 +00:00
new privatebin;
$content = ob_get_contents();
$response = json_decode($content, true);
$this->assertEquals(0, $response['status'], 'outputs status');
$this->assertTrue($this->_model->exists($response['id']), 'paste exists after posting data');
$paste = $this->_model->read($response['id']);
$this->assertEquals(
hash_hmac('sha256', $response['id'], $paste->meta->salt),
$response['deletetoken'],
'outputs valid delete token'
);
}
/**
* @runInSeparateProcess
*/
public function testCreateInvalidBurn()
{
$this->reset();
2015-09-22 21:21:31 +00:00
$options = parse_ini_file(CONF, true);
$options['traffic']['limit'] = 0;
2015-09-22 21:21:31 +00:00
helper::confBackup();
helper::createIniFile(CONF, $options);
2015-09-21 20:32:52 +00:00
$_POST = helper::getPaste();
$_POST['burnafterreading'] = 'neither 1 nor 0';
$_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest';
$_SERVER['REQUEST_METHOD'] = 'POST';
$_SERVER['REMOTE_ADDR'] = '::1';
ob_start();
2016-07-11 09:58:15 +00:00
new privatebin;
$content = ob_get_contents();
$response = json_decode($content, true);
$this->assertEquals(1, $response['status'], 'outputs error status');
2015-09-21 20:32:52 +00:00
$this->assertFalse($this->_model->exists(helper::getPasteId()), 'paste exists after posting data');
}
/**
* @runInSeparateProcess
*/
public function testCreateInvalidOpenDiscussion()
{
$this->reset();
2015-09-22 21:21:31 +00:00
$options = parse_ini_file(CONF, true);
$options['traffic']['limit'] = 0;
2015-09-22 21:21:31 +00:00
helper::confBackup();
helper::createIniFile(CONF, $options);
2015-09-21 20:32:52 +00:00
$_POST = helper::getPaste();
$_POST['opendiscussion'] = 'neither 1 nor 0';
$_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest';
$_SERVER['REQUEST_METHOD'] = 'POST';
$_SERVER['REMOTE_ADDR'] = '::1';
ob_start();
2016-07-11 09:58:15 +00:00
new privatebin;
$content = ob_get_contents();
$response = json_decode($content, true);
$this->assertEquals(1, $response['status'], 'outputs error status');
2015-09-21 20:32:52 +00:00
$this->assertFalse($this->_model->exists(helper::getPasteId()), 'paste exists after posting data');
}
/**
* @runInSeparateProcess
*/
public function testCreateAttachment()
{
$this->reset();
2015-09-22 21:21:31 +00:00
$options = parse_ini_file(CONF, true);
$options['traffic']['limit'] = 0;
$options['main']['fileupload'] = true;
2015-09-22 21:21:31 +00:00
helper::confBackup();
helper::createIniFile(CONF, $options);
2015-09-26 10:29:27 +00:00
$_POST = helper::getPasteWithAttachment();
$_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest';
$_SERVER['REQUEST_METHOD'] = 'POST';
$_SERVER['REMOTE_ADDR'] = '::1';
2015-09-26 10:29:27 +00:00
$this->assertFalse($this->_model->exists(helper::getPasteId()), 'paste does not exists before posting data');
ob_start();
2016-07-11 09:58:15 +00:00
new privatebin;
$content = ob_get_contents();
$response = json_decode($content, true);
$this->assertEquals(0, $response['status'], 'outputs status');
$this->assertTrue($this->_model->exists($response['id']), 'paste exists after posting data');
2015-09-26 10:29:27 +00:00
$original = json_decode(json_encode($_POST));
$stored = $this->_model->read($response['id']);
foreach (array('data', 'attachment', 'attachmentname') as $key) {
$this->assertEquals($original->$key, $stored->$key);
}
$this->assertEquals(
hash_hmac('sha256', $response['id'], $stored->meta->salt),
$response['deletetoken'],
'outputs valid delete token'
);
}
/**
* In some webserver setups (found with Suhosin) overly long POST params are
* silently removed, check that this case is handled
*
* @runInSeparateProcess
*/
public function testCreateBrokenAttachmentUpload()
{
$this->reset();
$options = parse_ini_file(CONF, true);
$options['traffic']['limit'] = 0;
$options['main']['fileupload'] = true;
helper::confBackup();
helper::createIniFile(CONF, $options);
$_POST = helper::getPasteWithAttachment();
unset($_POST['attachment']);
$_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest';
$_SERVER['REQUEST_METHOD'] = 'POST';
$_SERVER['REMOTE_ADDR'] = '::1';
$this->assertFalse($this->_model->exists(helper::getPasteId()), 'paste does not exists before posting data');
ob_start();
new privatebin;
$content = ob_get_contents();
$response = json_decode($content, true);
$this->assertEquals(1, $response['status'], 'outputs error status');
$this->assertFalse($this->_model->exists(helper::getPasteId()), 'paste exists after posting data');
}
/**
* @runInSeparateProcess
*/
public function testCreateTooSoon()
{
$this->reset();
$_POST = helper::getPaste();
$_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest';
$_SERVER['REQUEST_METHOD'] = 'POST';
$_SERVER['REMOTE_ADDR'] = '::1';
ob_start();
new privatebin;
ob_end_clean();
$this->_model->delete(helper::getPasteId());
ob_start();
new privatebin;
$content = ob_get_contents();
$response = json_decode($content, true);
$this->assertEquals(1, $response['status'], 'outputs error status');
$this->assertFalse($this->_model->exists(helper::getPasteId()), 'paste exists after posting data');
}
/**
* @runInSeparateProcess
*/
public function testCreateValidNick()
{
$this->reset();
2015-09-22 21:21:31 +00:00
$options = parse_ini_file(CONF, true);
$options['traffic']['limit'] = 0;
2015-09-22 21:21:31 +00:00
helper::confBackup();
helper::createIniFile(CONF, $options);
2015-09-21 20:32:52 +00:00
$_POST = helper::getPaste();
$_POST['nickname'] = helper::getComment()['meta']['nickname'];
$_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest';
$_SERVER['REQUEST_METHOD'] = 'POST';
$_SERVER['REMOTE_ADDR'] = '::1';
ob_start();
2016-07-11 09:58:15 +00:00
new privatebin;
$content = ob_get_contents();
$response = json_decode($content, true);
$this->assertEquals(0, $response['status'], 'outputs status');
$this->assertTrue($this->_model->exists($response['id']), 'paste exists after posting data');
$paste = $this->_model->read($response['id']);
$this->assertEquals(
hash_hmac('sha256', $response['id'], $paste->meta->salt),
$response['deletetoken'],
'outputs valid delete token'
);
}
/**
* @runInSeparateProcess
*/
public function testCreateInvalidNick()
{
$this->reset();
2015-09-22 21:21:31 +00:00
$options = parse_ini_file(CONF, true);
$options['traffic']['limit'] = 0;
2015-09-22 21:21:31 +00:00
helper::confBackup();
helper::createIniFile(CONF, $options);
$_POST = helper::getCommentPost();
$_POST['pasteid'] = helper::getPasteId();
$_POST['parentid'] = helper::getPasteId();
$_POST['nickname'] = 'foo';
$_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest';
$_SERVER['REQUEST_METHOD'] = 'POST';
$_SERVER['REMOTE_ADDR'] = '::1';
$this->_model->create(helper::getPasteId(), helper::getPaste());
ob_start();
2016-07-11 09:58:15 +00:00
new privatebin;
$content = ob_get_contents();
$response = json_decode($content, true);
$this->assertEquals(1, $response['status'], 'outputs error status');
$this->assertTrue($this->_model->exists(helper::getPasteId()), 'paste exists after posting data');
}
/**
* @runInSeparateProcess
*/
public function testCreateComment()
{
$this->reset();
2015-09-22 21:21:31 +00:00
$options = parse_ini_file(CONF, true);
$options['traffic']['limit'] = 0;
2015-09-22 21:21:31 +00:00
helper::confBackup();
helper::createIniFile(CONF, $options);
$_POST = helper::getCommentPost();
2015-09-21 20:32:52 +00:00
$_POST['pasteid'] = helper::getPasteId();
$_POST['parentid'] = helper::getPasteId();
$_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest';
$_SERVER['REQUEST_METHOD'] = 'POST';
$_SERVER['REMOTE_ADDR'] = '::1';
2015-09-21 20:32:52 +00:00
$this->_model->create(helper::getPasteId(), helper::getPaste());
ob_start();
2016-07-11 09:58:15 +00:00
new privatebin;
$content = ob_get_contents();
$response = json_decode($content, true);
$this->assertEquals(0, $response['status'], 'outputs status');
2015-09-21 20:32:52 +00:00
$this->assertTrue($this->_model->existsComment(helper::getPasteId(), helper::getPasteId(), $response['id']), 'paste exists after posting data');
}
/**
* @runInSeparateProcess
*/
public function testCreateInvalidComment()
{
$this->reset();
2015-09-22 21:21:31 +00:00
$options = parse_ini_file(CONF, true);
$options['traffic']['limit'] = 0;
2015-09-22 21:21:31 +00:00
helper::confBackup();
helper::createIniFile(CONF, $options);
$_POST = helper::getCommentPost();
2015-09-21 20:32:52 +00:00
$_POST['pasteid'] = helper::getPasteId();
$_POST['parentid'] = 'foo';
$_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest';
$_SERVER['REQUEST_METHOD'] = 'POST';
$_SERVER['REMOTE_ADDR'] = '::1';
2015-09-21 20:32:52 +00:00
$this->_model->create(helper::getPasteId(), helper::getPaste());
ob_start();
2016-07-11 09:58:15 +00:00
new privatebin;
$content = ob_get_contents();
$response = json_decode($content, true);
$this->assertEquals(1, $response['status'], 'outputs error status');
2015-09-21 20:32:52 +00:00
$this->assertFalse($this->_model->existsComment(helper::getPasteId(), helper::getPasteId(), helper::getCommentId()), 'paste exists after posting data');
}
/**
* @runInSeparateProcess
*/
public function testCreateCommentDiscussionDisabled()
{
$this->reset();
2015-09-22 21:21:31 +00:00
$options = parse_ini_file(CONF, true);
$options['traffic']['limit'] = 0;
2015-09-22 21:21:31 +00:00
helper::confBackup();
helper::createIniFile(CONF, $options);
$_POST = helper::getCommentPost();
2015-09-21 20:32:52 +00:00
$_POST['pasteid'] = helper::getPasteId();
$_POST['parentid'] = helper::getPasteId();
$_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest';
$_SERVER['REQUEST_METHOD'] = 'POST';
$_SERVER['REMOTE_ADDR'] = '::1';
2015-09-21 20:32:52 +00:00
$paste = helper::getPaste(array('opendiscussion' => false));
$this->_model->create(helper::getPasteId(), $paste);
ob_start();
2016-07-11 09:58:15 +00:00
new privatebin;
$content = ob_get_contents();
$response = json_decode($content, true);
$this->assertEquals(1, $response['status'], 'outputs error status');
2015-09-21 20:32:52 +00:00
$this->assertFalse($this->_model->existsComment(helper::getPasteId(), helper::getPasteId(), helper::getCommentId()), 'paste exists after posting data');
}
/**
* @runInSeparateProcess
*/
public function testCreateCommentInvalidPaste()
{
$this->reset();
2015-09-22 21:21:31 +00:00
$options = parse_ini_file(CONF, true);
$options['traffic']['limit'] = 0;
2015-09-22 21:21:31 +00:00
helper::confBackup();
helper::createIniFile(CONF, $options);
$_POST = helper::getCommentPost();
2015-09-21 20:32:52 +00:00
$_POST['pasteid'] = helper::getPasteId();
$_POST['parentid'] = helper::getPasteId();
$_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest';
$_SERVER['REQUEST_METHOD'] = 'POST';
$_SERVER['REMOTE_ADDR'] = '::1';
ob_start();
2016-07-11 09:58:15 +00:00
new privatebin;
$content = ob_get_contents();
$response = json_decode($content, true);
$this->assertEquals(1, $response['status'], 'outputs error status');
2015-09-21 20:32:52 +00:00
$this->assertFalse($this->_model->existsComment(helper::getPasteId(), helper::getPasteId(), helper::getCommentId()), 'paste exists after posting data');
}
/**
* @runInSeparateProcess
*/
public function testCreateDuplicateComment()
{
$this->reset();
2015-09-22 21:21:31 +00:00
$options = parse_ini_file(CONF, true);
$options['traffic']['limit'] = 0;
2015-09-22 21:21:31 +00:00
helper::confBackup();
helper::createIniFile(CONF, $options);
2015-09-21 20:32:52 +00:00
$this->_model->create(helper::getPasteId(), helper::getPaste());
$this->_model->createComment(helper::getPasteId(), helper::getPasteId(), helper::getCommentId(), helper::getComment());
$this->assertTrue($this->_model->existsComment(helper::getPasteId(), helper::getPasteId(), helper::getCommentId()), 'comment exists before posting data');
$_POST = helper::getCommentPost();
2015-09-21 20:32:52 +00:00
$_POST['pasteid'] = helper::getPasteId();
$_POST['parentid'] = helper::getPasteId();
$_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest';
$_SERVER['REQUEST_METHOD'] = 'POST';
$_SERVER['REMOTE_ADDR'] = '::1';
ob_start();
2016-07-11 09:58:15 +00:00
new privatebin;
$content = ob_get_contents();
$response = json_decode($content, true);
$this->assertEquals(1, $response['status'], 'outputs error status');
2015-09-21 20:32:52 +00:00
$this->assertTrue($this->_model->existsComment(helper::getPasteId(), helper::getPasteId(), helper::getCommentId()), 'paste exists after posting data');
}
/**
* @runInSeparateProcess
*/
public function testRead()
{
$this->reset();
2015-09-21 20:32:52 +00:00
$this->_model->create(helper::getPasteId(), helper::getPaste());
$_SERVER['QUERY_STRING'] = helper::getPasteId();
ob_start();
2016-07-11 09:58:15 +00:00
new privatebin;
$content = ob_get_contents();
$this->assertContains(
'<div id="cipherdata" class="hidden">' .
htmlspecialchars(helper::getPasteAsJson(), ENT_NOQUOTES) .
'</div>',
$content,
'outputs data correctly'
);
}
/**
* @runInSeparateProcess
*/
public function testReadInvalidId()
{
$this->reset();
$_SERVER['QUERY_STRING'] = 'foo';
ob_start();
2016-07-11 09:58:15 +00:00
new privatebin;
$content = ob_get_contents();
$this->assertRegExp(
'#<div[^>]*id="errormessage"[^>]*>.*Invalid paste ID\.</div>#',
$content,
'outputs error correctly'
);
}
/**
* @runInSeparateProcess
*/
public function testReadNonexisting()
{
$this->reset();
2015-09-21 20:32:52 +00:00
$_SERVER['QUERY_STRING'] = helper::getPasteId();
ob_start();
2016-07-11 09:58:15 +00:00
new privatebin;
$content = ob_get_contents();
$this->assertRegExp(
'#<div[^>]*id="errormessage"[^>]*>.*Paste does not exist[^<]*</div>#',
$content,
'outputs error correctly'
);
}
/**
* @runInSeparateProcess
*/
public function testReadExpired()
{
$this->reset();
2015-09-21 20:32:52 +00:00
$expiredPaste = helper::getPaste(array('expire_date' => 1344803344));
$this->_model->create(helper::getPasteId(), $expiredPaste);
$_SERVER['QUERY_STRING'] = helper::getPasteId();
ob_start();
2016-07-11 09:58:15 +00:00
new privatebin;
$content = ob_get_contents();
$this->assertRegExp(
'#<div[^>]*id="errormessage"[^>]*>.*Paste does not exist[^<]*</div>#',
$content,
'outputs error correctly'
);
}
/**
* @runInSeparateProcess
*/
public function testReadBurn()
{
$this->reset();
2015-09-21 20:32:52 +00:00
$burnPaste = helper::getPaste(array('burnafterreading' => true));
$this->_model->create(helper::getPasteId(), $burnPaste);
$_SERVER['QUERY_STRING'] = helper::getPasteId();
ob_start();
2016-07-11 09:58:15 +00:00
new privatebin;
$content = ob_get_contents();
unset($burnPaste['meta']['salt']);
$this->assertContains(
'<div id="cipherdata" class="hidden">' .
htmlspecialchars(helper::getPasteAsJson($burnPaste['meta']), ENT_NOQUOTES) .
'</div>',
$content,
'outputs data correctly'
);
}
/**
* @runInSeparateProcess
*/
public function testReadJson()
{
$this->reset();
$paste = helper::getPaste();
$this->_model->create(helper::getPasteId(), $paste);
$_SERVER['QUERY_STRING'] = helper::getPasteId();
$_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest';
ob_start();
2016-07-11 09:58:15 +00:00
new privatebin;
$content = ob_get_contents();
$response = json_decode($content, true);
$this->assertEquals(0, $response['status'], 'outputs success status');
$this->assertEquals(helper::getPasteId(), $response['id'], 'outputs data correctly');
$this->assertStringEndsWith('?' . $response['id'], $response['url'], 'returned URL points to new paste');
$this->assertEquals($paste['data'], $response['data'], 'outputs data correctly');
$this->assertEquals($paste['meta']['formatter'], $response['meta']['formatter'], 'outputs format correctly');
$this->assertEquals($paste['meta']['postdate'], $response['meta']['postdate'], 'outputs postdate correctly');
$this->assertEquals($paste['meta']['opendiscussion'], $response['meta']['opendiscussion'], 'outputs opendiscussion correctly');
$this->assertEquals(0, $response['comment_count'], 'outputs comment_count correctly');
$this->assertEquals(0, $response['comment_offset'], 'outputs comment_offset correctly');
}
/**
* @runInSeparateProcess
*/
public function testReadInvalidJson()
{
$this->reset();
$_SERVER['QUERY_STRING'] = helper::getPasteId();
$_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest';
ob_start();
2016-07-11 09:58:15 +00:00
new privatebin;
$content = ob_get_contents();
$response = json_decode($content, true);
$this->assertEquals(1, $response['status'], 'outputs error status');
}
/**
* @runInSeparateProcess
*/
public function testReadOldSyntax()
{
$this->reset();
$oldPaste = helper::getPaste();
$meta = array(
'syntaxcoloring' => true,
'postdate' => $oldPaste['meta']['postdate'],
'opendiscussion' => $oldPaste['meta']['opendiscussion'],
);
$oldPaste['meta'] = $meta;
2015-09-21 20:32:52 +00:00
$this->_model->create(helper::getPasteId(), $oldPaste);
$_SERVER['QUERY_STRING'] = helper::getPasteId();
ob_start();
2016-07-11 09:58:15 +00:00
new privatebin;
$content = ob_get_contents();
$meta['formatter'] = 'syntaxhighlighting';
$this->assertContains(
'<div id="cipherdata" class="hidden">' .
htmlspecialchars(helper::getPasteAsJson($meta), ENT_NOQUOTES) .
'</div>',
$content,
'outputs data correctly'
);
}
/**
* @runInSeparateProcess
*/
public function testReadOldFormat()
{
$this->reset();
2015-09-21 20:32:52 +00:00
$oldPaste = helper::getPaste();
unset($oldPaste['meta']['formatter']);
2015-09-21 20:32:52 +00:00
$this->_model->create(helper::getPasteId(), $oldPaste);
$_SERVER['QUERY_STRING'] = helper::getPasteId();
ob_start();
2016-07-11 09:58:15 +00:00
new privatebin;
$content = ob_get_contents();
$oldPaste['meta']['formatter'] = 'plaintext';
unset($oldPaste['meta']['salt']);
$this->assertContains(
'<div id="cipherdata" class="hidden">' .
htmlspecialchars(helper::getPasteAsJson($oldPaste['meta']), ENT_NOQUOTES) .
'</div>',
$content,
'outputs data correctly'
);
}
/**
* @runInSeparateProcess
*/
public function testDelete()
{
$this->reset();
2015-09-21 20:32:52 +00:00
$this->_model->create(helper::getPasteId(), helper::getPaste());
$this->assertTrue($this->_model->exists(helper::getPasteId()), 'paste exists before deleting data');
$paste = $this->_model->read(helper::getPasteId());
2015-09-21 20:32:52 +00:00
$_GET['pasteid'] = helper::getPasteId();
$_GET['deletetoken'] = hash_hmac('sha256', helper::getPasteId(), $paste->meta->salt);
ob_start();
2016-07-11 09:58:15 +00:00
new privatebin;
$content = ob_get_contents();
$this->assertRegExp(
'#<div[^>]*id="status"[^>]*>.*Paste was properly deleted[^<]*</div>#s',
$content,
'outputs deleted status correctly'
);
2015-09-21 20:32:52 +00:00
$this->assertFalse($this->_model->exists(helper::getPasteId()), 'paste successfully deleted');
}
/**
* @runInSeparateProcess
*/
public function testDeleteInvalidId()
{
$this->reset();
2015-09-21 20:32:52 +00:00
$this->_model->create(helper::getPasteId(), helper::getPaste());
$_GET['pasteid'] = 'foo';
$_GET['deletetoken'] = 'bar';
ob_start();
2016-07-11 09:58:15 +00:00
new privatebin;
$content = ob_get_contents();
$this->assertRegExp(
'#<div[^>]*id="errormessage"[^>]*>.*Invalid paste ID\.</div>#',
$content,
'outputs delete error correctly'
);
2015-09-21 20:32:52 +00:00
$this->assertTrue($this->_model->exists(helper::getPasteId()), 'paste exists after failing to delete data');
}
/**
* @runInSeparateProcess
*/
public function testDeleteInexistantId()
{
$this->reset();
2015-09-21 20:32:52 +00:00
$_GET['pasteid'] = helper::getPasteId();
$_GET['deletetoken'] = 'bar';
ob_start();
2016-07-11 09:58:15 +00:00
new privatebin;
$content = ob_get_contents();
$this->assertRegExp(
'#<div[^>]*id="errormessage"[^>]*>.*Paste does not exist[^<]*</div>#',
$content,
'outputs delete error correctly'
);
}
/**
* @runInSeparateProcess
*/
public function testDeleteInvalidToken()
{
$this->reset();
2015-09-21 20:32:52 +00:00
$this->_model->create(helper::getPasteId(), helper::getPaste());
$_GET['pasteid'] = helper::getPasteId();
$_GET['deletetoken'] = 'bar';
ob_start();
2016-07-11 09:58:15 +00:00
new privatebin;
$content = ob_get_contents();
$this->assertRegExp(
'#<div[^>]*id="errormessage"[^>]*>.*Wrong deletion token[^<]*</div>#',
$content,
'outputs delete error correctly'
);
2015-09-21 20:32:52 +00:00
$this->assertTrue($this->_model->exists(helper::getPasteId()), 'paste exists after failing to delete data');
}
/**
* @runInSeparateProcess
*/
public function testDeleteBurnAfterReading()
{
$this->reset();
2015-09-21 20:32:52 +00:00
$burnPaste = helper::getPaste(array('burnafterreading' => true));
$this->_model->create(helper::getPasteId(), $burnPaste);
$this->assertTrue($this->_model->exists(helper::getPasteId()), 'paste exists before deleting data');
$_POST['deletetoken'] = 'burnafterreading';
$_SERVER['QUERY_STRING'] = helper::getPasteId();
$_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest';
$_SERVER['REQUEST_METHOD'] = 'POST';
ob_start();
2016-07-11 09:58:15 +00:00
new privatebin;
$content = ob_get_contents();
$response = json_decode($content, true);
$this->assertEquals(0, $response['status'], 'outputs status');
2015-09-21 20:32:52 +00:00
$this->assertFalse($this->_model->exists(helper::getPasteId()), 'paste successfully deleted');
}
/**
* @runInSeparateProcess
*/
public function testDeleteInvalidBurnAfterReading()
{
$this->reset();
2015-09-21 20:32:52 +00:00
$this->_model->create(helper::getPasteId(), helper::getPaste());
$this->assertTrue($this->_model->exists(helper::getPasteId()), 'paste exists before deleting data');
$_POST['deletetoken'] = 'burnafterreading';
$_SERVER['QUERY_STRING'] = helper::getPasteId();
$_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest';
$_SERVER['REQUEST_METHOD'] = 'POST';
ob_start();
2016-07-11 09:58:15 +00:00
new privatebin;
$content = ob_get_contents();
$response = json_decode($content, true);
$this->assertEquals(1, $response['status'], 'outputs status');
2015-09-21 20:32:52 +00:00
$this->assertTrue($this->_model->exists(helper::getPasteId()), 'paste successfully deleted');
}
/**
* @runInSeparateProcess
*/
public function testDeleteExpired()
{
$this->reset();
2015-09-21 20:32:52 +00:00
$expiredPaste = helper::getPaste(array('expire_date' => 1000));
$this->assertFalse($this->_model->exists(helper::getPasteId()), 'paste does not exist before being created');
$this->_model->create(helper::getPasteId(), $expiredPaste);
$this->assertTrue($this->_model->exists(helper::getPasteId()), 'paste exists before deleting data');
$_GET['pasteid'] = helper::getPasteId();
$_GET['deletetoken'] = 'does not matter in this context, but has to be set';
ob_start();
2016-07-11 09:58:15 +00:00
new privatebin;
$content = ob_get_contents();
$this->assertRegExp(
'#<div[^>]*id="errormessage"[^>]*>.*Paste does not exist[^<]*</div>#',
$content,
'outputs error correctly'
);
2015-09-21 20:32:52 +00:00
$this->assertFalse($this->_model->exists(helper::getPasteId()), 'paste successfully deleted');
}
/**
* @runInSeparateProcess
*/
public function testDeleteMissingPerPasteSalt()
{
$this->reset();
$paste = helper::getPaste();
unset($paste['meta']['salt']);
$this->_model->create(helper::getPasteId(), $paste);
$this->assertTrue($this->_model->exists(helper::getPasteId()), 'paste exists before deleting data');
$_GET['pasteid'] = helper::getPasteId();
$_GET['deletetoken'] = hash_hmac('sha256', helper::getPasteId(), serversalt::get());
ob_start();
2016-07-11 09:58:15 +00:00
new privatebin;
$content = ob_get_contents();
$this->assertRegExp(
'#<div[^>]*id="status"[^>]*>.*Paste was properly deleted[^<]*</div>#s',
$content,
'outputs deleted status correctly'
);
$this->assertFalse($this->_model->exists(helper::getPasteId()), 'paste successfully deleted');
}
}