Add a test for hidden upload sharing

This commit is contained in:
nathangray 2020-09-11 09:50:34 -06:00 committed by Ralf Becker
parent c6625425b3
commit dcc8d1eda4
2 changed files with 111 additions and 10 deletions

View File

@ -62,7 +62,7 @@ class SharingACLTest extends SharingBase
}
}
public function setupShare(&$dir)
public function setupShare(&$dir, $extra = array(), $create = 'createShare')
{
// First, create the files to be shared
$this->files[] = $dir = Vfs::get_home_dir() . '/share/';
@ -77,10 +77,9 @@ class SharingACLTest extends SharingBase
);
// Create and use link
$extra = array();
$this->getShareExtra($dir, Sharing::READONLY, $extra);
$share = $this->createShare($dir, Sharing::READONLY, $extra);
$share = call_user_func([$this,$create],$dir, Sharing::READONLY, $extra);
$link = Vfs\Sharing::share2link($share);
// Now log out and log in as someone else
@ -92,6 +91,32 @@ class SharingACLTest extends SharingBase
return $link;
}
/**
* Create a hidden upload share
*
* @param $path
* @param $mode
* @param array $extra
* @return array
* @throws \EGroupware\Api\Exception\AssertionFailed
*/
protected function createHiddenUploadShare($path, $mode, $extra = array())
{
// Make sure the path is there
if(!Vfs::is_readable($path))
{
$this->assertTrue(
Vfs::is_dir($path) ? Vfs::mkdir($path,0750,true) : Vfs::touch($path),
"Share path $path does not exist"
);
}
// Create share
$this->shares[] = $share = TestHiddenSharing::create('', $path, $mode, $name, $recipients, $extra);
return $share;
}
/**
* Test that a share of a directory only gives access to that directory, and any other
* directories that the sharer has are unavailable
@ -125,7 +150,7 @@ class SharingACLTest extends SharingBase
$data = array();
$form = $this->getShare($link, $data, true);
$this->assertNotNull($form, "Could not read the share link");
$rows = $data->data->content->nm->rows;
$rows = array_values($data['data']['content']['nm']['rows']);
$post_mount_vfs = Vfs::mount();
//$post_files = Vfs::find('/', $vfs_options);
@ -140,7 +165,7 @@ class SharingACLTest extends SharingBase
// Check we can't find the non-shared file in results
$result = array_filter($rows, function($v) {
return $v->name == $this->no_access;
return $v['name'] == $this->no_access;
});
$this->assertEmpty($result, "Found the file we shouldn't have access to ({$this->no_access})");
@ -171,7 +196,7 @@ class SharingACLTest extends SharingBase
$data = array();
$form = $this->getShare($link, $data, false);
$this->assertNotNull($form, "Could not read the share link");
$rows = $data->data->content->nm->rows;
$rows = $data['data']['content']['nm']['rows'];
Vfs::clearstatcache();
Vfs::init_static();
@ -179,7 +204,7 @@ class SharingACLTest extends SharingBase
// Check we can't find the non-shared file
$result = array_filter($rows, function($v) {
return $v->name == $this->no_access;
return $v['name'] == $this->no_access;
});
$this->assertEmpty($result, "Found the file we shouldn't have access to ({$this->no_access})");
@ -189,6 +214,51 @@ class SharingACLTest extends SharingBase
$this->checkNextmatch($dir, array_diff($this->files, [$this->no_access, $dir."sub_dir/subdir_test_file.txt"]), $rows);
}
/**
* Test that a share of a directory with hidden upload subdirectory only gives access to that directory,
* and the upload directory as well as any other directories that the sharer has are unavailable
*
* This checks from one logged in user to anonymous with a new session
*/
public function testShareHiddenUploadNewSession()
{
$dir = '';
$link = $this->setupShare($dir, [], 'createHiddenUploadShare');
// Now follow the link - this _should_ be enough to get it added
//$mimetype = Vfs::mime_content_type($dir);
//$this->checkSharedFile($link, $mimetype);
// Read the etemplate
$data = array();
$form = $this->getShare($link, $data, false);
$this->assertNotNull($form, "Could not read the share link");
$rows = array_values($data['data']['content']['nm']['rows']);
Vfs::clearstatcache();
Vfs::init_static();
Vfs\StreamWrapper::init_static();
// Check we can't find the non-shared file
$result = array_filter($rows, function($v) {
return $v['name'] == $this->no_access;
});
$this->assertEmpty($result, "Found the file we shouldn't have access to ({$this->no_access})");
// Test that we can't see the hidden upload directory
$result = array_filter($rows, function($v) {
return $v['name'] == 'Upload';
});
$this->assertEmpty($result, "Hidden upload directory is visible");
// Check that we can find the shared file(s) in the form / nm list
// Don't test the no-access one (done above), and no good way to get the sub-dir file either,
// since nm only has top-level files and we can't switch the filter
$this->checkNextmatch($dir, array_diff($this->files, [$this->no_access, $dir."sub_dir/subdir_test_file.txt"]), $rows);
}
/**
* Check the nextmatch rows to see if all the expected files (in the given directory) are present
*
@ -207,7 +277,7 @@ class SharingACLTest extends SharingBase
$relative_file = substr($relative_file, 0, -1);
}
$result = array_filter($rows, function($v) use ($relative_file) {
return $v->name == $relative_file;
return $v['name'] == $relative_file;
});
$this->assertNotEmpty($result, "Couldn't find shared file '$file'");
}

View File

@ -623,10 +623,14 @@ class SharingBase extends LoggedInTest
$curl = curl_init($link);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
curl_setopt($curl, CURLOPT_FOLLOWLOCATION, true);
// Setting this lets us debug the request too
$cookie = 'XDEBUG_SESSION=PHPSTORM';
if($keep_session)
{
curl_setopt($curl, CURLOPT_COOKIE, "XDEBUG_SESSION=PHPSTORM;".Api\Session::EGW_SESSION_NAME."={$GLOBALS['egw']->session->sessionid};kp3={$GLOBALS['egw']->session->kp3}");
$cookie .= ';'.Api\Session::EGW_SESSION_NAME."={$GLOBALS['egw']->session->sessionid};kp3={$GLOBALS['egw']->session->kp3}";
}
curl_setopt($curl, CURLOPT_COOKIE, $cookie);
$html = curl_exec($curl);
curl_close($curl);
@ -652,7 +656,7 @@ class SharingBase extends LoggedInTest
}
}
$this->assertNotNull($form, "Didn't find template in response");
$data = json_decode($form->getAttribute('data-etemplate'));
$data = json_decode($form->getAttribute('data-etemplate'), true);
return $form;
}
@ -709,4 +713,31 @@ class TestSharing extends Api\Vfs\Sharing {
return __CLASS__;
}
}
}
/**
* Use this class for sharing so we can make sure we get a session ID, even
* though we're on the command line
*/
if(!class_exists('TestHiddenSharing'))
{
class TestHiddenSharing extends Api\Vfs\HiddenUploadSharing {
public static function create_new_session()
{
if (!($sessionid = $GLOBALS['egw']->session->create('anonymous@'.$GLOBALS['egw_info']['user']['domain'],
'', 'text', false, false)))
{
// Allow for testing
$sessionid = 'CLI_TEST ' . time();
$GLOBALS['egw']->session->sessionid = $sessionid;
}
return $sessionid;
}
public static function get_share_class($share)
{
return __CLASS__;
}
}
}