forked from extern/egroupware
608 lines
15 KiB
PHP
608 lines
15 KiB
PHP
<?php
|
|
|
|
/**
|
|
* Tests for sharing files and directories
|
|
*
|
|
* This is a bit of a mess, but I think we probably want to automatically test
|
|
* this to make sure we don't expose more than desired.
|
|
*
|
|
* @link http://www.egroupware.org
|
|
* @author Nathan Gray
|
|
* @package
|
|
* @copyright (c) 2018 Nathan Gray
|
|
* @license http://opensource.org/licenses/gpl-license.php GPL - GNU General Public License
|
|
*/
|
|
|
|
namespace EGroupware\Api\Vfs;
|
|
|
|
use EGroupware\Api;
|
|
use EGroupware\Api\Vfs;
|
|
use EGroupware\Api\LoggedInTest as LoggedInTest;
|
|
use EGroupware\Stylite\Vfs\Versioning;
|
|
|
|
|
|
class SharingTest extends LoggedInTest
|
|
{
|
|
/**
|
|
* How much should be logged to the console (stdout)
|
|
*
|
|
* 0 = Nothing
|
|
* 1 = info
|
|
* 2 = debug
|
|
*/
|
|
const LOG_LEVEL = 0;
|
|
|
|
/**
|
|
* Keep track of shares to remove after
|
|
*/
|
|
protected $shares = Array();
|
|
|
|
/**
|
|
* Keep track of files to remove after
|
|
* @var Array
|
|
*/
|
|
protected $files = Array();
|
|
|
|
/**
|
|
* Keep track of mounts to remove after
|
|
*/
|
|
protected $mounts = Array();
|
|
|
|
/**
|
|
* Entries that have to be deleted after
|
|
*/
|
|
protected $entries = Array();
|
|
|
|
/**
|
|
* Options for searching the Vfs (Vfs::find())
|
|
*/
|
|
const VFS_OPTIONS = array(
|
|
'maxdepth' => 5
|
|
);
|
|
|
|
public function setUp()
|
|
{
|
|
|
|
}
|
|
|
|
public function tearDown()
|
|
{
|
|
LoggedInTest::tearDownAfterClass();
|
|
LoggedInTest::setupBeforeClass();
|
|
|
|
// Re-init, since they look at user, fstab, etc.
|
|
// Also, further tests that access the filesystem fail if we don't
|
|
Vfs::clearstatcache();
|
|
Vfs::init_static();
|
|
Vfs\StreamWrapper::init_static();
|
|
|
|
// Need to ask about mounts, or other tests fail
|
|
Vfs::mount();
|
|
|
|
$backup = Vfs::$is_root;
|
|
Vfs::$is_root = true;
|
|
|
|
// Remove any added files (as root to limit versioning issues)
|
|
Vfs::remove($this->files);
|
|
|
|
// Remove any mounts
|
|
foreach($this->mounts as $mount)
|
|
{
|
|
Vfs::umount($mount);
|
|
}
|
|
|
|
// Remove any added shares
|
|
foreach($this->shares as $share)
|
|
{
|
|
Sharing::delete($share);
|
|
}
|
|
|
|
foreach($this->entries as $entry)
|
|
{
|
|
list($callback, $params) = $entry;
|
|
call_user_func_array($callback, $params);
|
|
}
|
|
|
|
|
|
Vfs::$is_root = $backup;
|
|
}
|
|
|
|
|
|
/**
|
|
* Test to make sure a readonly link to home gives just readonly access,
|
|
* and just to user's home
|
|
*/
|
|
public function _testHomeReadonly()
|
|
{
|
|
$dir = Vfs::get_home_dir().'/';
|
|
|
|
$this->checkDirectory($dir, Sharing::READONLY);
|
|
}
|
|
|
|
/**
|
|
* Test to make sure a writable link to home gives write access, but just
|
|
* to user's home
|
|
*/
|
|
public function _testHomeWritable()
|
|
{
|
|
$dir = Vfs::get_home_dir().'/';
|
|
|
|
$this->checkDirectory($dir, Sharing::WRITABLE);
|
|
}
|
|
|
|
/**
|
|
* Test for a readonly share of a path with versioning turned on
|
|
*/
|
|
public function _testVersioningReadonly()
|
|
{
|
|
$this->files[] = $dir = Vfs::get_home_dir().'/versioned/';
|
|
|
|
// Create versioned directory
|
|
if(Vfs::is_dir($dir)) Vfs::remove($dir);
|
|
Vfs::mkdir($dir);
|
|
$this->assertTrue(Vfs::is_writable($dir), "Unable to write to '$dir' as expected");
|
|
$this->mountVersioned($dir);
|
|
|
|
$this->checkDirectory($dir, Sharing::READONLY);
|
|
}
|
|
|
|
/**
|
|
* Test for a writable share of a path with versioning turned on
|
|
*/
|
|
public function _testVersioningWritable()
|
|
{
|
|
$this->files[] = $dir = Vfs::get_home_dir().'/versioned/';
|
|
|
|
// Create versioned directory
|
|
if(Vfs::is_dir($dir)) Vfs::remove($dir);
|
|
Vfs::mkdir($dir);
|
|
$this->assertTrue(Vfs::is_writable($dir), "Unable to write to '$dir' as expected");
|
|
$this->mountVersioned($dir);
|
|
|
|
$this->checkDirectory($dir, Sharing::WRITABLE);
|
|
}
|
|
|
|
/**
|
|
* Test for a readonly share of a path from the filesystem
|
|
*/
|
|
public function _testFilesystemReadonly()
|
|
{
|
|
// Don't add to files list or it deletes the folder from filesystem
|
|
$dir = '/filesystem/';
|
|
|
|
// Mount filesystem directory
|
|
if(Vfs::is_dir($dir)) Vfs::remove($dir);
|
|
$this->mountFilesystem($dir);
|
|
$this->assertTrue(Vfs::is_writable($dir), "Unable to write to '$dir' as expected");
|
|
|
|
$this->checkDirectory($dir, Sharing::READONLY);
|
|
|
|
// Test folder in filesystem already has this file in it
|
|
// It should be picked up normally, but an explicit check can't hurt
|
|
$this->checkOneFile('/filesystem_test.txt', Sharing::READONLY);
|
|
}
|
|
|
|
/**
|
|
* Test for a readonly share of a path from the filesystem
|
|
*/
|
|
public function _testFilesystemWritable()
|
|
{
|
|
// Don't add to files list or it deletes the folder from filesystem
|
|
$dir = '/filesystem/';
|
|
|
|
// Mount filesystem directory
|
|
if(Vfs::is_dir($dir)) Vfs::remove($dir);
|
|
$this->mountFilesystem($dir);
|
|
$this->assertTrue(Vfs::is_writable($dir), "Unable to write to '$dir' as expected");
|
|
|
|
$this->checkDirectory($dir, Sharing::WRITABLE);
|
|
|
|
// Test folder in filesystem already has this file in it
|
|
// It should be picked up normally, but an explicit check can't hurt
|
|
$this->checkOneFile('/filesystem_test.txt', Sharing::WRITABLE);
|
|
}
|
|
|
|
/**
|
|
* Test for a readonly share of an application entry's filesystem (/apps)
|
|
*/
|
|
public function testLinksReadonly()
|
|
{
|
|
// Create an infolog entry for testing purposes
|
|
$info_id = $this->make_infolog();
|
|
$bo = new \infolog_bo();
|
|
$dir = "/apps/infolog/$info_id/";
|
|
|
|
$this->assertTrue(Vfs::is_writable($dir), "Unable to write to '$dir' as expected");
|
|
|
|
$this->checkDirectory($dir, Sharing::READONLY);
|
|
|
|
// Can't delete it here, we're still the anonymous user until after
|
|
$this->entries[] = Array(Array($bo, 'delete'), Array($info_id, false, false, true));
|
|
}
|
|
|
|
/**
|
|
* Test for a writable share of an application entry's filesystem (/apps)
|
|
*/
|
|
public function testLinksWritable()
|
|
{
|
|
// Create an infolog entry for testing purposes
|
|
$bo = new \infolog_bo();
|
|
$info_id = $this->make_infolog();
|
|
$dir = "/apps/infolog/$info_id/";
|
|
|
|
$this->assertTrue(Vfs::is_writable($dir), "Unable to write to '$dir' as expected");
|
|
|
|
$this->checkDirectory($dir, Sharing::WRITABLE);
|
|
|
|
// Can't delete it here, we're still the anonymous user until after
|
|
$this->entries[] = Array(Array($bo, 'delete'), Array($info_id, false, false, true));
|
|
}
|
|
|
|
/**
|
|
* Check a given directory to see that a link to it works.
|
|
*
|
|
* We check
|
|
* - Files/directories available to original user are available through share
|
|
* - Permissions match share (Read / Write)
|
|
* - Files are not empty
|
|
*
|
|
* @param string $dir
|
|
* @param string $mode
|
|
*/
|
|
protected function checkDirectory($dir, $mode)
|
|
{
|
|
if(static::LOG_LEVEL)
|
|
{
|
|
echo "\n".__METHOD__ . "($dir, $mode)\n";
|
|
}
|
|
$this->files += $this->addFiles($dir);
|
|
|
|
$logged_in_files = array_map(
|
|
function($path) use ($dir) {return str_replace($dir, '/', $path);},
|
|
Vfs::find($dir, static::VFS_OPTIONS)
|
|
);
|
|
|
|
if(static::LOG_LEVEL > 1)
|
|
{
|
|
echo "\n".$this->getName();
|
|
echo "\nLogged in files:\n".implode("\n", $logged_in_files)."\n";
|
|
}
|
|
|
|
// Create and use link
|
|
$extra = array();
|
|
switch($mode)
|
|
{
|
|
case Sharing::WRITABLE:
|
|
$extra['share_writable'] = TRUE;
|
|
break;
|
|
}
|
|
$this->shareLink($dir, $mode, $extra);
|
|
|
|
$files = Vfs::find('/', static::VFS_OPTIONS);
|
|
|
|
if(static::LOG_LEVEL > 1)
|
|
{
|
|
echo "\nLinked files:\n".implode("\n", $files)."\n";
|
|
}
|
|
|
|
// Make sure files are the same
|
|
$this->assertEquals($logged_in_files, $files);
|
|
|
|
// Make sure all are readonly
|
|
foreach($files as $file)
|
|
{
|
|
$this->checkOneFile($file, $mode);
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Check the access permissions for one file/directory
|
|
*
|
|
* @param string $file
|
|
* @param string $mode
|
|
*/
|
|
protected function checkOneFile($file, $mode)
|
|
{
|
|
if(static::LOG_LEVEL > 1)
|
|
{
|
|
$stat = Vfs::stat($file);
|
|
echo "\t".Vfs::int2mode($stat['mode'])."\t$file\n";
|
|
}
|
|
|
|
// All the test files have something in them
|
|
if(!Vfs::is_dir($file))
|
|
{
|
|
$this->assertNotEmpty(file_get_contents(Vfs::PREFIX.$file), "$file was empty");
|
|
}
|
|
|
|
// Check permissions
|
|
switch($mode)
|
|
{
|
|
case Sharing::READONLY:
|
|
$this->assertFalse(Vfs::is_writable($file));
|
|
if(!Vfs::is_dir($file))
|
|
{
|
|
// We expect this to fail
|
|
$this->assertFalse(@file_put_contents(Vfs::PREFIX.$file, 'Writable check'));
|
|
}
|
|
break;
|
|
case Sharing::WRITABLE:
|
|
// Root is not writable
|
|
if($file == '/') continue;
|
|
|
|
$this->assertTrue(Vfs::is_writable($file), $file . ' was not writable');
|
|
if(!Vfs::is_dir($file))
|
|
{
|
|
$this->assertNotFalse(file_put_contents(Vfs::PREFIX.$file, 'Writable check'));
|
|
}
|
|
break;
|
|
}
|
|
|
|
}
|
|
|
|
/**
|
|
* Start versioning for the given path
|
|
*
|
|
* @param string $path
|
|
*/
|
|
protected function mountVersioned($path)
|
|
{
|
|
if (!class_exists('EGroupware\Stylite\Vfs\Versioning\StreamWrapper'))
|
|
{
|
|
$this->markTestSkipped("No versioning available");
|
|
}
|
|
if(substr($path, -1) == '/') $path = substr($path, 0, -1);
|
|
$backup = Vfs::$is_root;
|
|
Vfs::$is_root = true;
|
|
$url = Versioning\StreamWrapper::PREFIX.$path;
|
|
$this->assertTrue(Vfs::mount($url,$path), "Unable to mount $path as versioned");
|
|
Vfs::$is_root = $backup;
|
|
|
|
$this->mounts[] = $path;
|
|
Vfs::clearstatcache();
|
|
Vfs::init_static();
|
|
Vfs\StreamWrapper::init_static();
|
|
}
|
|
|
|
protected function mountFilesystem($path)
|
|
{
|
|
// Vfs breaks if path has trailing /
|
|
if(substr($path, -1) == '/') $path = substr($path, 0, -1);
|
|
|
|
$backup = Vfs::$is_root;
|
|
Vfs::$is_root = true;
|
|
$url = Filesystem\StreamWrapper::SCHEME.'://default'. realpath(__DIR__ . '/../fixtures/Vfs/filesystem_mount'). '?group=Default&mode=775';
|
|
$this->assertTrue(Vfs::mount($url,$path), "Unable to mount $fs to $path");
|
|
Vfs::$is_root = $backup;
|
|
|
|
$this->mounts[] = $path;
|
|
Vfs::clearstatcache();
|
|
Vfs::init_static();
|
|
Vfs\StreamWrapper::init_static();
|
|
}
|
|
|
|
/**
|
|
* Add some files to the given path so there's something to find.
|
|
*
|
|
* @param string $path
|
|
*
|
|
* @return array of paths
|
|
*/
|
|
protected function addFiles($path)
|
|
{
|
|
$files = array();
|
|
|
|
// Plain file
|
|
$files[] = $file = $path.'test_file.txt';
|
|
$this->assertTrue(
|
|
file_put_contents(Vfs::PREFIX.$file, 'Test for ' . $this->getName() ."\n". Api\DateTime::to()) !== FALSE,
|
|
'Unable to write test file - check file permissions for CLI user'
|
|
);
|
|
|
|
// Subdirectory
|
|
$files[] = $dir = $path.'sub_dir/';
|
|
if(Vfs::is_dir($dir))
|
|
{
|
|
Vfs::remove($dir);
|
|
}
|
|
$this->assertTrue(
|
|
Vfs::mkdir($dir),
|
|
'Unable to create subdirectory ' . $dir
|
|
);
|
|
|
|
// File in a subdirectory
|
|
$files[] = $file = $dir.'subdir_test_file.txt';
|
|
$this->assertTrue(
|
|
file_put_contents(Vfs::PREFIX.$file, 'Test for ' . $this->getName() ."\n". Api\DateTime::to()) !== FALSE,
|
|
'Unable to write test file - check file permissions for CLI user'
|
|
);
|
|
|
|
// Symlinked file
|
|
/* Always says its empty
|
|
$files[] = $symlink = $path.'symlink.txt';
|
|
if(Vfs::file_exists($symlink)) Vfs::remove($symlink);
|
|
$this->assertTrue(
|
|
Vfs::symlink($file, $symlink),
|
|
'Unable to create symlink'
|
|
);
|
|
|
|
// Symlinked dir
|
|
$files[] = $symlinked_dir = $path.'sym_dir/';
|
|
$this->assertTrue(
|
|
Vfs::symlink($dir, $symlinked_dir),
|
|
'Unable to create symlinked directory ' . $symlinked_dir
|
|
);
|
|
*/
|
|
return $files;
|
|
}
|
|
|
|
/**
|
|
* Test that readable shares are actually readable
|
|
*
|
|
* @param string $path
|
|
*/
|
|
public function createShare($path, $mode, $extra = array())
|
|
{
|
|
// Make sure the path is there
|
|
if(!Vfs::is_readable($path))
|
|
{
|
|
$this->assertTrue(Vfs::is_dir($path) ? Vfs::mkdir($path,0750,true) : Vfs::touch($path));
|
|
}
|
|
|
|
// Create share
|
|
$this->shares[] = $share = Sharing::create($path, $mode, $name, $recipients, $extra);
|
|
|
|
return $share;
|
|
}
|
|
|
|
/**
|
|
* Make an infolog entry
|
|
*/
|
|
protected function make_infolog()
|
|
{
|
|
$bo = new \infolog_bo();
|
|
$element = array(
|
|
'info_subject' => "Test infolog for #{$this->getName()}",
|
|
'info_des' => 'Test element for ' . $this->getName() ."\n". Api\DateTime::to(),
|
|
'info_status' => 'open'
|
|
);
|
|
|
|
$element_id = $bo->write($element, true, true, true, true);
|
|
return $element_id;
|
|
}
|
|
|
|
/**
|
|
* Test that a share link can be made, and that only that path is available
|
|
*
|
|
* @param string $path
|
|
*/
|
|
public function shareLink($path, $mode, $extra = array())
|
|
{
|
|
if(static::LOG_LEVEL > 1)
|
|
{
|
|
echo __METHOD__ . "('$path',$mode)\n";
|
|
}
|
|
// Setup - create path and share
|
|
$share = $this->createShare($path, $mode, $extra);
|
|
$link = Vfs\Sharing::share2link($share);
|
|
//echo __METHOD__ . " link: $link\n";
|
|
|
|
if(static::LOG_LEVEL)
|
|
{
|
|
echo __METHOD__ . " share: " . array2string($share)."\n";
|
|
}
|
|
|
|
// Setup for share to load
|
|
$_SERVER['REQUEST_URI'] = $link;
|
|
preg_match('|^https?://[^/]+(/.*)share.php/'.$share['share_token'].'$|', $path_info=$_SERVER['REQUEST_URI'], $matches);
|
|
$_SERVER['SCRIPT_NAME'] = $matches[1];
|
|
|
|
// Log out & clear cache
|
|
LoggedInTest::tearDownAfterClass();
|
|
|
|
// Re-init, since they look at user, fstab, etc.
|
|
// Also, further tests that access the filesystem fail if we don't
|
|
Vfs::clearstatcache();
|
|
Vfs::init_static();
|
|
Vfs\StreamWrapper::init_static();
|
|
|
|
|
|
// If it's a directory, check to make sure it gives the filemanager UI
|
|
if(Vfs::is_dir($path))
|
|
{
|
|
$this->checkDirectoryLink($link, $share);
|
|
}
|
|
|
|
// Load share
|
|
$this->setup_info();
|
|
|
|
|
|
if(static::LOG_LEVEL > 1)
|
|
{
|
|
echo "Sharing mounts:\n";
|
|
var_dump(Vfs::mount());
|
|
}
|
|
|
|
// Our path should be mounted to root
|
|
$this->assertTrue(Vfs::is_readable('/'), 'Could not read root (/) from link');
|
|
|
|
// Check other paths
|
|
$this->assertFalse(Vfs::is_readable($path));
|
|
$this->assertFalse(Vfs::is_readable($path . '../'));
|
|
}
|
|
|
|
/**
|
|
* Test to make sure that a directory link leads to a limited filemanager
|
|
* interface (not a file or 404).
|
|
*
|
|
* @param type $link
|
|
* @param type $share
|
|
*/
|
|
public function checkDirectoryLink($link, $share)
|
|
{
|
|
// Set up curl
|
|
$curl = curl_init($link);
|
|
curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
|
|
curl_setopt($curl, CURLOPT_FOLLOWLOCATION, true);
|
|
$html = curl_exec($curl);
|
|
curl_close($curl);
|
|
|
|
if(!$html)
|
|
{
|
|
// No response - could mean something is terribly wrong, or it could
|
|
// mean we're running on Travis with no webserver to answer the
|
|
// request
|
|
return;
|
|
}
|
|
|
|
// Parse & check for nextmatch
|
|
$dom = new \DOMDocument();
|
|
@$dom->loadHTML($html);
|
|
$xpath = new \DOMXPath($dom);
|
|
$form = $xpath->query ('//form')->item(0);
|
|
if(!$form && static::LOG_LEVEL)
|
|
{
|
|
echo "Didn't find filemanager interface\n";
|
|
if(static::LOG_LEVEL > 1)
|
|
{
|
|
echo $form."\n\n";
|
|
}
|
|
}
|
|
$data = json_decode($form->getAttribute('data-etemplate'));
|
|
|
|
$this->assertEquals('filemanager.index', $data->name);
|
|
|
|
// Make sure we start at root, not somewhere else like the token mounted
|
|
// as a sub-directory
|
|
$this->assertEquals('/', $data->data->content->nm->path);
|
|
|
|
unset($data->data->content->nm->actions);
|
|
//var_dump($data->data->content->nm);
|
|
}
|
|
protected function setup_info()
|
|
{
|
|
// Copied from share.php
|
|
$GLOBALS['egw_info'] = array(
|
|
'flags' => array(
|
|
'disable_Template_class' => true,
|
|
'noheader' => true,
|
|
'nonavbar' => 'always', // true would cause eTemplate to reset it to false for non-popups!
|
|
'currentapp' => 'filemanager',
|
|
'autocreate_session_callback' => 'EGroupware\\Api\\Vfs\\Sharing::create_session',
|
|
'no_exception_handler' => 'basic_auth', // we use a basic auth exception handler (sends exception message as basic auth realm)
|
|
)
|
|
);
|
|
|
|
ob_start();
|
|
static::load_egw('anonymous','','',$GLOBALS['egw_info']);
|
|
if(static::LOG_LEVEL > 1)
|
|
{
|
|
ob_end_flush();
|
|
}
|
|
else
|
|
{
|
|
ob_end_clean();
|
|
}
|
|
}
|
|
}
|