Add a test for hidden upload sharing

This commit is contained in:
nathangray 2020-09-11 09:50:34 -06:00 committed by Ralf Becker
parent c6625425b3
commit dcc8d1eda4
2 changed files with 111 additions and 10 deletions

View File

@ -62,7 +62,7 @@ class SharingACLTest extends SharingBase
} }
} }
public function setupShare(&$dir) public function setupShare(&$dir, $extra = array(), $create = 'createShare')
{ {
// First, create the files to be shared // First, create the files to be shared
$this->files[] = $dir = Vfs::get_home_dir() . '/share/'; $this->files[] = $dir = Vfs::get_home_dir() . '/share/';
@ -77,10 +77,9 @@ class SharingACLTest extends SharingBase
); );
// Create and use link // Create and use link
$extra = array();
$this->getShareExtra($dir, Sharing::READONLY, $extra); $this->getShareExtra($dir, Sharing::READONLY, $extra);
$share = $this->createShare($dir, Sharing::READONLY, $extra); $share = call_user_func([$this,$create],$dir, Sharing::READONLY, $extra);
$link = Vfs\Sharing::share2link($share); $link = Vfs\Sharing::share2link($share);
// Now log out and log in as someone else // Now log out and log in as someone else
@ -92,6 +91,32 @@ class SharingACLTest extends SharingBase
return $link; return $link;
} }
/**
* Create a hidden upload share
*
* @param $path
* @param $mode
* @param array $extra
* @return array
* @throws \EGroupware\Api\Exception\AssertionFailed
*/
protected function createHiddenUploadShare($path, $mode, $extra = array())
{
// Make sure the path is there
if(!Vfs::is_readable($path))
{
$this->assertTrue(
Vfs::is_dir($path) ? Vfs::mkdir($path,0750,true) : Vfs::touch($path),
"Share path $path does not exist"
);
}
// Create share
$this->shares[] = $share = TestHiddenSharing::create('', $path, $mode, $name, $recipients, $extra);
return $share;
}
/** /**
* Test that a share of a directory only gives access to that directory, and any other * Test that a share of a directory only gives access to that directory, and any other
* directories that the sharer has are unavailable * directories that the sharer has are unavailable
@ -125,7 +150,7 @@ class SharingACLTest extends SharingBase
$data = array(); $data = array();
$form = $this->getShare($link, $data, true); $form = $this->getShare($link, $data, true);
$this->assertNotNull($form, "Could not read the share link"); $this->assertNotNull($form, "Could not read the share link");
$rows = $data->data->content->nm->rows; $rows = array_values($data['data']['content']['nm']['rows']);
$post_mount_vfs = Vfs::mount(); $post_mount_vfs = Vfs::mount();
//$post_files = Vfs::find('/', $vfs_options); //$post_files = Vfs::find('/', $vfs_options);
@ -140,7 +165,7 @@ class SharingACLTest extends SharingBase
// Check we can't find the non-shared file in results // Check we can't find the non-shared file in results
$result = array_filter($rows, function($v) { $result = array_filter($rows, function($v) {
return $v->name == $this->no_access; return $v['name'] == $this->no_access;
}); });
$this->assertEmpty($result, "Found the file we shouldn't have access to ({$this->no_access})"); $this->assertEmpty($result, "Found the file we shouldn't have access to ({$this->no_access})");
@ -171,7 +196,7 @@ class SharingACLTest extends SharingBase
$data = array(); $data = array();
$form = $this->getShare($link, $data, false); $form = $this->getShare($link, $data, false);
$this->assertNotNull($form, "Could not read the share link"); $this->assertNotNull($form, "Could not read the share link");
$rows = $data->data->content->nm->rows; $rows = $data['data']['content']['nm']['rows'];
Vfs::clearstatcache(); Vfs::clearstatcache();
Vfs::init_static(); Vfs::init_static();
@ -179,7 +204,7 @@ class SharingACLTest extends SharingBase
// Check we can't find the non-shared file // Check we can't find the non-shared file
$result = array_filter($rows, function($v) { $result = array_filter($rows, function($v) {
return $v->name == $this->no_access; return $v['name'] == $this->no_access;
}); });
$this->assertEmpty($result, "Found the file we shouldn't have access to ({$this->no_access})"); $this->assertEmpty($result, "Found the file we shouldn't have access to ({$this->no_access})");
@ -189,6 +214,51 @@ class SharingACLTest extends SharingBase
$this->checkNextmatch($dir, array_diff($this->files, [$this->no_access, $dir."sub_dir/subdir_test_file.txt"]), $rows); $this->checkNextmatch($dir, array_diff($this->files, [$this->no_access, $dir."sub_dir/subdir_test_file.txt"]), $rows);
} }
/**
* Test that a share of a directory with hidden upload subdirectory only gives access to that directory,
* and the upload directory as well as any other directories that the sharer has are unavailable
*
* This checks from one logged in user to anonymous with a new session
*/
public function testShareHiddenUploadNewSession()
{
$dir = '';
$link = $this->setupShare($dir, [], 'createHiddenUploadShare');
// Now follow the link - this _should_ be enough to get it added
//$mimetype = Vfs::mime_content_type($dir);
//$this->checkSharedFile($link, $mimetype);
// Read the etemplate
$data = array();
$form = $this->getShare($link, $data, false);
$this->assertNotNull($form, "Could not read the share link");
$rows = array_values($data['data']['content']['nm']['rows']);
Vfs::clearstatcache();
Vfs::init_static();
Vfs\StreamWrapper::init_static();
// Check we can't find the non-shared file
$result = array_filter($rows, function($v) {
return $v['name'] == $this->no_access;
});
$this->assertEmpty($result, "Found the file we shouldn't have access to ({$this->no_access})");
// Test that we can't see the hidden upload directory
$result = array_filter($rows, function($v) {
return $v['name'] == 'Upload';
});
$this->assertEmpty($result, "Hidden upload directory is visible");
// Check that we can find the shared file(s) in the form / nm list
// Don't test the no-access one (done above), and no good way to get the sub-dir file either,
// since nm only has top-level files and we can't switch the filter
$this->checkNextmatch($dir, array_diff($this->files, [$this->no_access, $dir."sub_dir/subdir_test_file.txt"]), $rows);
}
/** /**
* Check the nextmatch rows to see if all the expected files (in the given directory) are present * Check the nextmatch rows to see if all the expected files (in the given directory) are present
* *
@ -207,7 +277,7 @@ class SharingACLTest extends SharingBase
$relative_file = substr($relative_file, 0, -1); $relative_file = substr($relative_file, 0, -1);
} }
$result = array_filter($rows, function($v) use ($relative_file) { $result = array_filter($rows, function($v) use ($relative_file) {
return $v->name == $relative_file; return $v['name'] == $relative_file;
}); });
$this->assertNotEmpty($result, "Couldn't find shared file '$file'"); $this->assertNotEmpty($result, "Couldn't find shared file '$file'");
} }

View File

@ -623,10 +623,14 @@ class SharingBase extends LoggedInTest
$curl = curl_init($link); $curl = curl_init($link);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, true); curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
curl_setopt($curl, CURLOPT_FOLLOWLOCATION, true); curl_setopt($curl, CURLOPT_FOLLOWLOCATION, true);
// Setting this lets us debug the request too
$cookie = 'XDEBUG_SESSION=PHPSTORM';
if($keep_session) if($keep_session)
{ {
curl_setopt($curl, CURLOPT_COOKIE, "XDEBUG_SESSION=PHPSTORM;".Api\Session::EGW_SESSION_NAME."={$GLOBALS['egw']->session->sessionid};kp3={$GLOBALS['egw']->session->kp3}"); $cookie .= ';'.Api\Session::EGW_SESSION_NAME."={$GLOBALS['egw']->session->sessionid};kp3={$GLOBALS['egw']->session->kp3}";
} }
curl_setopt($curl, CURLOPT_COOKIE, $cookie);
$html = curl_exec($curl); $html = curl_exec($curl);
curl_close($curl); curl_close($curl);
@ -652,7 +656,7 @@ class SharingBase extends LoggedInTest
} }
} }
$this->assertNotNull($form, "Didn't find template in response"); $this->assertNotNull($form, "Didn't find template in response");
$data = json_decode($form->getAttribute('data-etemplate')); $data = json_decode($form->getAttribute('data-etemplate'), true);
return $form; return $form;
} }
@ -709,4 +713,31 @@ class TestSharing extends Api\Vfs\Sharing {
return __CLASS__; return __CLASS__;
} }
} }
}
/**
* Use this class for sharing so we can make sure we get a session ID, even
* though we're on the command line
*/
if(!class_exists('TestHiddenSharing'))
{
class TestHiddenSharing extends Api\Vfs\HiddenUploadSharing {
public static function create_new_session()
{
if (!($sessionid = $GLOBALS['egw']->session->create('anonymous@'.$GLOBALS['egw_info']['user']['domain'],
'', 'text', false, false)))
{
// Allow for testing
$sessionid = 'CLI_TEST ' . time();
$GLOBALS['egw']->session->sessionid = $sessionid;
}
return $sessionid;
}
public static function get_share_class($share)
{
return __CLASS__;
}
}
} }