| 
									
										
										
										
											2021-06-26 23:23:15 +08:00
										 |  |  | <?php | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | namespace Tests\Entity; | 
					
						
							| 
									
										
										
										
											2017-06-13 05:01:17 +08:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2018-09-25 19:30:50 +08:00
										 |  |  | use BookStack\Actions\Comment; | 
					
						
							| 
									
										
										
										
											2021-06-26 23:23:15 +08:00
										 |  |  | use BookStack\Entities\Models\Page; | 
					
						
							| 
									
										
										
										
											2020-04-04 08:16:05 +08:00
										 |  |  | use Tests\TestCase; | 
					
						
							| 
									
										
										
										
											2017-06-13 05:01:17 +08:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2017-09-10 01:41:59 +08:00
										 |  |  | class CommentTest extends TestCase | 
					
						
							| 
									
										
										
										
											2017-06-13 05:01:17 +08:00
										 |  |  | { | 
					
						
							|  |  |  |     public function test_add_comment() | 
					
						
							|  |  |  |     { | 
					
						
							|  |  |  |         $this->asAdmin(); | 
					
						
							| 
									
										
										
										
											2022-09-30 05:11:16 +08:00
										 |  |  |         $page = $this->entities->page(); | 
					
						
							| 
									
										
										
										
											2017-06-13 05:01:17 +08:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2021-10-31 04:29:59 +08:00
										 |  |  |         $comment = Comment::factory()->make(['parent_id' => 2]); | 
					
						
							| 
									
										
										
										
											2020-07-29 01:19:18 +08:00
										 |  |  |         $resp = $this->postJson("/comment/$page->id", $comment->getAttributes()); | 
					
						
							| 
									
										
										
										
											2017-06-13 05:01:17 +08:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2017-09-10 01:41:59 +08:00
										 |  |  |         $resp->assertStatus(200); | 
					
						
							|  |  |  |         $resp->assertSee($comment->text); | 
					
						
							| 
									
										
										
										
											2017-06-13 05:01:17 +08:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2017-09-10 01:41:59 +08:00
										 |  |  |         $pageResp = $this->get($page->getUrl()); | 
					
						
							|  |  |  |         $pageResp->assertSee($comment->text); | 
					
						
							| 
									
										
										
										
											2017-06-13 05:01:17 +08:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2017-09-10 01:41:59 +08:00
										 |  |  |         $this->assertDatabaseHas('comments', [ | 
					
						
							| 
									
										
										
										
											2021-06-26 23:23:15 +08:00
										 |  |  |             'local_id'    => 1, | 
					
						
							|  |  |  |             'entity_id'   => $page->id, | 
					
						
							| 
									
										
										
										
											2018-09-25 19:30:50 +08:00
										 |  |  |             'entity_type' => Page::newModelInstance()->getMorphClass(), | 
					
						
							| 
									
										
										
										
											2021-06-26 23:23:15 +08:00
										 |  |  |             'text'        => $comment->text, | 
					
						
							|  |  |  |             'parent_id'   => 2, | 
					
						
							| 
									
										
										
										
											2017-09-10 01:41:59 +08:00
										 |  |  |         ]); | 
					
						
							| 
									
										
										
										
											2017-06-13 05:01:17 +08:00
										 |  |  |     } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     public function test_comment_edit() | 
					
						
							|  |  |  |     { | 
					
						
							|  |  |  |         $this->asAdmin(); | 
					
						
							| 
									
										
										
										
											2022-09-30 05:11:16 +08:00
										 |  |  |         $page = $this->entities->page(); | 
					
						
							| 
									
										
										
										
											2017-09-10 01:41:59 +08:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2021-10-31 04:29:59 +08:00
										 |  |  |         $comment = Comment::factory()->make(); | 
					
						
							| 
									
										
										
										
											2020-07-29 01:19:18 +08:00
										 |  |  |         $this->postJson("/comment/$page->id", $comment->getAttributes()); | 
					
						
							| 
									
										
										
										
											2017-09-10 01:41:59 +08:00
										 |  |  | 
 | 
					
						
							|  |  |  |         $comment = $page->comments()->first(); | 
					
						
							|  |  |  |         $newText = 'updated text content'; | 
					
						
							| 
									
										
										
										
											2020-07-29 01:19:18 +08:00
										 |  |  |         $resp = $this->putJson("/comment/$comment->id", [ | 
					
						
							| 
									
										
										
										
											2017-09-10 01:41:59 +08:00
										 |  |  |             'text' => $newText, | 
					
						
							|  |  |  |         ]); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         $resp->assertStatus(200); | 
					
						
							|  |  |  |         $resp->assertSee($newText); | 
					
						
							|  |  |  |         $resp->assertDontSee($comment->text); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         $this->assertDatabaseHas('comments', [ | 
					
						
							| 
									
										
										
										
											2021-06-26 23:23:15 +08:00
										 |  |  |             'text'      => $newText, | 
					
						
							|  |  |  |             'entity_id' => $page->id, | 
					
						
							| 
									
										
										
										
											2017-09-10 01:41:59 +08:00
										 |  |  |         ]); | 
					
						
							| 
									
										
										
										
											2017-06-13 05:01:17 +08:00
										 |  |  |     } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     public function test_comment_delete() | 
					
						
							|  |  |  |     { | 
					
						
							|  |  |  |         $this->asAdmin(); | 
					
						
							| 
									
										
										
										
											2022-09-30 05:11:16 +08:00
										 |  |  |         $page = $this->entities->page(); | 
					
						
							| 
									
										
										
										
											2017-06-13 05:01:17 +08:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2021-10-31 04:29:59 +08:00
										 |  |  |         $comment = Comment::factory()->make(); | 
					
						
							| 
									
										
										
										
											2020-07-29 01:19:18 +08:00
										 |  |  |         $this->postJson("/comment/$page->id", $comment->getAttributes()); | 
					
						
							| 
									
										
										
										
											2017-06-13 05:01:17 +08:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2017-09-10 01:41:59 +08:00
										 |  |  |         $comment = $page->comments()->first(); | 
					
						
							| 
									
										
										
										
											2017-06-13 05:01:17 +08:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2020-07-29 01:19:18 +08:00
										 |  |  |         $resp = $this->delete("/comment/$comment->id"); | 
					
						
							| 
									
										
										
										
											2017-09-10 01:41:59 +08:00
										 |  |  |         $resp->assertStatus(200); | 
					
						
							| 
									
										
										
										
											2017-06-13 05:01:17 +08:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2017-09-10 01:41:59 +08:00
										 |  |  |         $this->assertDatabaseMissing('comments', [ | 
					
						
							| 
									
										
										
										
											2021-06-26 23:23:15 +08:00
										 |  |  |             'id' => $comment->id, | 
					
						
							| 
									
										
										
										
											2017-09-10 01:41:59 +08:00
										 |  |  |         ]); | 
					
						
							| 
									
										
										
										
											2017-06-13 05:01:17 +08:00
										 |  |  |     } | 
					
						
							| 
									
										
										
										
											2020-05-02 06:24:11 +08:00
										 |  |  | 
 | 
					
						
							|  |  |  |     public function test_comments_converts_markdown_input_to_html() | 
					
						
							|  |  |  |     { | 
					
						
							| 
									
										
										
										
											2022-09-30 05:11:16 +08:00
										 |  |  |         $page = $this->entities->page(); | 
					
						
							| 
									
										
										
										
											2020-07-29 01:19:18 +08:00
										 |  |  |         $this->asAdmin()->postJson("/comment/$page->id", [ | 
					
						
							| 
									
										
										
										
											2020-05-02 06:24:11 +08:00
										 |  |  |             'text' => '# My Title', | 
					
						
							|  |  |  |         ]); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         $this->assertDatabaseHas('comments', [ | 
					
						
							| 
									
										
										
										
											2021-06-26 23:23:15 +08:00
										 |  |  |             'entity_id'   => $page->id, | 
					
						
							| 
									
										
										
										
											2020-05-02 06:24:11 +08:00
										 |  |  |             'entity_type' => $page->getMorphClass(), | 
					
						
							| 
									
										
										
										
											2021-06-26 23:23:15 +08:00
										 |  |  |             'text'        => '# My Title', | 
					
						
							|  |  |  |             'html'        => "<h1>My Title</h1>\n", | 
					
						
							| 
									
										
										
										
											2020-05-02 06:24:11 +08:00
										 |  |  |         ]); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         $pageView = $this->get($page->getUrl()); | 
					
						
							| 
									
										
										
										
											2021-10-27 05:04:18 +08:00
										 |  |  |         $pageView->assertSee('<h1>My Title</h1>', false); | 
					
						
							| 
									
										
										
										
											2020-05-02 06:24:11 +08:00
										 |  |  |     } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     public function test_html_cannot_be_injected_via_comment_content() | 
					
						
							|  |  |  |     { | 
					
						
							|  |  |  |         $this->asAdmin(); | 
					
						
							| 
									
										
										
										
											2022-09-30 05:11:16 +08:00
										 |  |  |         $page = $this->entities->page(); | 
					
						
							| 
									
										
										
										
											2020-05-02 06:24:11 +08:00
										 |  |  | 
 | 
					
						
							|  |  |  |         $script = '<script>const a = "script";</script>\n\n# sometextinthecomment'; | 
					
						
							| 
									
										
										
										
											2020-07-29 01:19:18 +08:00
										 |  |  |         $this->postJson("/comment/$page->id", [ | 
					
						
							| 
									
										
										
										
											2020-05-02 06:24:11 +08:00
										 |  |  |             'text' => $script, | 
					
						
							|  |  |  |         ]); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         $pageView = $this->get($page->getUrl()); | 
					
						
							| 
									
										
										
										
											2021-10-27 05:04:18 +08:00
										 |  |  |         $pageView->assertDontSee($script, false); | 
					
						
							| 
									
										
										
										
											2020-05-02 06:24:11 +08:00
										 |  |  |         $pageView->assertSee('sometextinthecomment'); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         $comment = $page->comments()->first(); | 
					
						
							| 
									
										
										
										
											2020-07-29 01:19:18 +08:00
										 |  |  |         $this->putJson("/comment/$comment->id", [ | 
					
						
							| 
									
										
										
										
											2020-05-02 06:24:11 +08:00
										 |  |  |             'text' => $script . 'updated', | 
					
						
							|  |  |  |         ]); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         $pageView = $this->get($page->getUrl()); | 
					
						
							| 
									
										
										
										
											2021-10-27 05:04:18 +08:00
										 |  |  |         $pageView->assertDontSee($script, false); | 
					
						
							| 
									
										
										
										
											2020-05-02 06:24:11 +08:00
										 |  |  |         $pageView->assertSee('sometextinthecommentupdated'); | 
					
						
							|  |  |  |     } | 
					
						
							| 
									
										
										
										
											2017-06-13 05:01:17 +08:00
										 |  |  | } |