From dcc8d1eda40766c2e5ed122156ab37679676f193 Mon Sep 17 00:00:00 2001 From: nathangray Date: Fri, 11 Sep 2020 09:50:34 -0600 Subject: [PATCH] Add a test for hidden upload sharing --- api/tests/Vfs/SharingACLTest.php | 86 +++++++++++++++++++++++++++++--- api/tests/Vfs/SharingBase.php | 35 ++++++++++++- 2 files changed, 111 insertions(+), 10 deletions(-) diff --git a/api/tests/Vfs/SharingACLTest.php b/api/tests/Vfs/SharingACLTest.php index 699470ef45..d5c01ebf52 100644 --- a/api/tests/Vfs/SharingACLTest.php +++ b/api/tests/Vfs/SharingACLTest.php @@ -62,7 +62,7 @@ class SharingACLTest extends SharingBase } } - public function setupShare(&$dir) + public function setupShare(&$dir, $extra = array(), $create = 'createShare') { // First, create the files to be shared $this->files[] = $dir = Vfs::get_home_dir() . '/share/'; @@ -77,10 +77,9 @@ class SharingACLTest extends SharingBase ); // Create and use link - $extra = array(); $this->getShareExtra($dir, Sharing::READONLY, $extra); - $share = $this->createShare($dir, Sharing::READONLY, $extra); + $share = call_user_func([$this,$create],$dir, Sharing::READONLY, $extra); $link = Vfs\Sharing::share2link($share); // Now log out and log in as someone else @@ -92,6 +91,32 @@ class SharingACLTest extends SharingBase return $link; } + /** + * Create a hidden upload share + * + * @param $path + * @param $mode + * @param array $extra + * @return array + * @throws \EGroupware\Api\Exception\AssertionFailed + */ + protected function createHiddenUploadShare($path, $mode, $extra = array()) + { + // Make sure the path is there + if(!Vfs::is_readable($path)) + { + $this->assertTrue( + Vfs::is_dir($path) ? Vfs::mkdir($path,0750,true) : Vfs::touch($path), + "Share path $path does not exist" + ); + } + + // Create share + $this->shares[] = $share = TestHiddenSharing::create('', $path, $mode, $name, $recipients, $extra); + + return $share; + } + /** * Test that a share of a directory only gives access to that directory, and any other * directories that the sharer has are unavailable @@ -125,7 +150,7 @@ class SharingACLTest extends SharingBase $data = array(); $form = $this->getShare($link, $data, true); $this->assertNotNull($form, "Could not read the share link"); - $rows = $data->data->content->nm->rows; + $rows = array_values($data['data']['content']['nm']['rows']); $post_mount_vfs = Vfs::mount(); //$post_files = Vfs::find('/', $vfs_options); @@ -140,7 +165,7 @@ class SharingACLTest extends SharingBase // Check we can't find the non-shared file in results $result = array_filter($rows, function($v) { - return $v->name == $this->no_access; + return $v['name'] == $this->no_access; }); $this->assertEmpty($result, "Found the file we shouldn't have access to ({$this->no_access})"); @@ -171,7 +196,7 @@ class SharingACLTest extends SharingBase $data = array(); $form = $this->getShare($link, $data, false); $this->assertNotNull($form, "Could not read the share link"); - $rows = $data->data->content->nm->rows; + $rows = $data['data']['content']['nm']['rows']; Vfs::clearstatcache(); Vfs::init_static(); @@ -179,7 +204,7 @@ class SharingACLTest extends SharingBase // Check we can't find the non-shared file $result = array_filter($rows, function($v) { - return $v->name == $this->no_access; + return $v['name'] == $this->no_access; }); $this->assertEmpty($result, "Found the file we shouldn't have access to ({$this->no_access})"); @@ -189,6 +214,51 @@ class SharingACLTest extends SharingBase $this->checkNextmatch($dir, array_diff($this->files, [$this->no_access, $dir."sub_dir/subdir_test_file.txt"]), $rows); } + + /** + * Test that a share of a directory with hidden upload subdirectory only gives access to that directory, + * and the upload directory as well as any other directories that the sharer has are unavailable + * + * This checks from one logged in user to anonymous with a new session + */ + public function testShareHiddenUploadNewSession() + { + $dir = ''; + $link = $this->setupShare($dir, [], 'createHiddenUploadShare'); + + // Now follow the link - this _should_ be enough to get it added + //$mimetype = Vfs::mime_content_type($dir); + //$this->checkSharedFile($link, $mimetype); + + // Read the etemplate + $data = array(); + $form = $this->getShare($link, $data, false); + $this->assertNotNull($form, "Could not read the share link"); + $rows = array_values($data['data']['content']['nm']['rows']); + + Vfs::clearstatcache(); + Vfs::init_static(); + Vfs\StreamWrapper::init_static(); + + // Check we can't find the non-shared file + $result = array_filter($rows, function($v) { + return $v['name'] == $this->no_access; + }); + $this->assertEmpty($result, "Found the file we shouldn't have access to ({$this->no_access})"); + + // Test that we can't see the hidden upload directory + $result = array_filter($rows, function($v) { + return $v['name'] == 'Upload'; + }); + $this->assertEmpty($result, "Hidden upload directory is visible"); + + + // Check that we can find the shared file(s) in the form / nm list + // Don't test the no-access one (done above), and no good way to get the sub-dir file either, + // since nm only has top-level files and we can't switch the filter + $this->checkNextmatch($dir, array_diff($this->files, [$this->no_access, $dir."sub_dir/subdir_test_file.txt"]), $rows); + } + /** * Check the nextmatch rows to see if all the expected files (in the given directory) are present * @@ -207,7 +277,7 @@ class SharingACLTest extends SharingBase $relative_file = substr($relative_file, 0, -1); } $result = array_filter($rows, function($v) use ($relative_file) { - return $v->name == $relative_file; + return $v['name'] == $relative_file; }); $this->assertNotEmpty($result, "Couldn't find shared file '$file'"); } diff --git a/api/tests/Vfs/SharingBase.php b/api/tests/Vfs/SharingBase.php index 121e4a42e0..fec77ca2f9 100644 --- a/api/tests/Vfs/SharingBase.php +++ b/api/tests/Vfs/SharingBase.php @@ -623,10 +623,14 @@ class SharingBase extends LoggedInTest $curl = curl_init($link); curl_setopt($curl, CURLOPT_RETURNTRANSFER, true); curl_setopt($curl, CURLOPT_FOLLOWLOCATION, true); + + // Setting this lets us debug the request too + $cookie = 'XDEBUG_SESSION=PHPSTORM'; if($keep_session) { - curl_setopt($curl, CURLOPT_COOKIE, "XDEBUG_SESSION=PHPSTORM;".Api\Session::EGW_SESSION_NAME."={$GLOBALS['egw']->session->sessionid};kp3={$GLOBALS['egw']->session->kp3}"); + $cookie .= ';'.Api\Session::EGW_SESSION_NAME."={$GLOBALS['egw']->session->sessionid};kp3={$GLOBALS['egw']->session->kp3}"; } + curl_setopt($curl, CURLOPT_COOKIE, $cookie); $html = curl_exec($curl); curl_close($curl); @@ -652,7 +656,7 @@ class SharingBase extends LoggedInTest } } $this->assertNotNull($form, "Didn't find template in response"); - $data = json_decode($form->getAttribute('data-etemplate')); + $data = json_decode($form->getAttribute('data-etemplate'), true); return $form; } @@ -709,4 +713,31 @@ class TestSharing extends Api\Vfs\Sharing { return __CLASS__; } } +} + +/** + * Use this class for sharing so we can make sure we get a session ID, even + * though we're on the command line + */ +if(!class_exists('TestHiddenSharing')) +{ + class TestHiddenSharing extends Api\Vfs\HiddenUploadSharing { + + public static function create_new_session() + { + if (!($sessionid = $GLOBALS['egw']->session->create('anonymous@'.$GLOBALS['egw_info']['user']['domain'], + '', 'text', false, false))) + { + // Allow for testing + $sessionid = 'CLI_TEST ' . time(); + $GLOBALS['egw']->session->sessionid = $sessionid; + } + return $sessionid; + } + + public static function get_share_class($share) + { + return __CLASS__; + } + } } \ No newline at end of file