| 
									
										
										
										
											2017-02-04 19:58:42 +08:00
										 |  |  | <?php namespace Tests; | 
					
						
							| 
									
										
										
										
											2016-10-23 22:25:04 +08:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2018-09-25 19:30:50 +08:00
										 |  |  | use BookStack\Uploads\Attachment; | 
					
						
							|  |  |  | use BookStack\Entities\Page; | 
					
						
							|  |  |  | use BookStack\Auth\Permissions\PermissionService; | 
					
						
							| 
									
										
										
										
											2018-02-11 20:37:02 +08:00
										 |  |  | 
 | 
					
						
							|  |  |  | class AttachmentTest extends TestCase | 
					
						
							| 
									
										
										
										
											2016-10-23 22:25:04 +08:00
										 |  |  | { | 
					
						
							|  |  |  |     /** | 
					
						
							|  |  |  |      * Get a test file that can be uploaded | 
					
						
							|  |  |  |      * @param $fileName | 
					
						
							|  |  |  |      * @return \Illuminate\Http\UploadedFile | 
					
						
							|  |  |  |      */ | 
					
						
							|  |  |  |     protected function getTestFile($fileName) | 
					
						
							|  |  |  |     { | 
					
						
							|  |  |  |         return new \Illuminate\Http\UploadedFile(base_path('tests/test-data/test-file.txt'), $fileName, 'text/plain', 55, null, true); | 
					
						
							|  |  |  |     } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     /** | 
					
						
							|  |  |  |      * Uploads a file with the given name. | 
					
						
							|  |  |  |      * @param $name | 
					
						
							|  |  |  |      * @param int $uploadedTo | 
					
						
							| 
									
										
										
										
											2018-02-11 20:37:02 +08:00
										 |  |  |      * @return \Illuminate\Foundation\Testing\TestResponse | 
					
						
							| 
									
										
										
										
											2016-10-23 22:25:04 +08:00
										 |  |  |      */ | 
					
						
							|  |  |  |     protected function uploadFile($name, $uploadedTo = 0) | 
					
						
							|  |  |  |     { | 
					
						
							|  |  |  |         $file = $this->getTestFile($name); | 
					
						
							| 
									
										
										
										
											2016-11-12 22:12:26 +08:00
										 |  |  |         return $this->call('POST', '/attachments/upload', ['uploaded_to' => $uploadedTo], [], ['file' => $file], []); | 
					
						
							| 
									
										
										
										
											2016-10-23 22:25:04 +08:00
										 |  |  |     } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     /** | 
					
						
							|  |  |  |      * Delete all uploaded files. | 
					
						
							|  |  |  |      * To assist with cleanup. | 
					
						
							|  |  |  |      */ | 
					
						
							|  |  |  |     protected function deleteUploads() | 
					
						
							|  |  |  |     { | 
					
						
							| 
									
										
										
										
											2018-09-25 19:30:50 +08:00
										 |  |  |         $fileService = $this->app->make(\BookStack\Uploads\AttachmentService::class); | 
					
						
							|  |  |  |         foreach (\BookStack\Uploads\Attachment::all() as $file) { | 
					
						
							| 
									
										
										
										
											2016-10-23 22:25:04 +08:00
										 |  |  |             $fileService->deleteFile($file); | 
					
						
							|  |  |  |         } | 
					
						
							|  |  |  |     } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     public function test_file_upload() | 
					
						
							|  |  |  |     { | 
					
						
							| 
									
										
										
										
											2018-02-11 20:37:02 +08:00
										 |  |  |         $page = Page::first(); | 
					
						
							| 
									
										
										
										
											2016-10-23 22:25:04 +08:00
										 |  |  |         $this->asAdmin(); | 
					
						
							|  |  |  |         $admin = $this->getAdmin(); | 
					
						
							|  |  |  |         $fileName = 'upload_test_file.txt'; | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         $expectedResp = [ | 
					
						
							|  |  |  |             'name' => $fileName, | 
					
						
							|  |  |  |             'uploaded_to'=> $page->id, | 
					
						
							|  |  |  |             'extension' => 'txt', | 
					
						
							|  |  |  |             'order' => 1, | 
					
						
							|  |  |  |             'created_by' => $admin->id, | 
					
						
							|  |  |  |             'updated_by' => $admin->id, | 
					
						
							|  |  |  |         ]; | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2018-02-11 20:37:02 +08:00
										 |  |  |         $upload = $this->uploadFile($fileName, $page->id); | 
					
						
							|  |  |  |         $upload->assertStatus(200); | 
					
						
							| 
									
										
										
										
											2019-03-25 03:07:18 +08:00
										 |  |  | 
 | 
					
						
							|  |  |  |         $attachment = Attachment::query()->orderBy('id', 'desc')->first(); | 
					
						
							|  |  |  |         $expectedResp['path'] = $attachment->path; | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2018-02-11 20:37:02 +08:00
										 |  |  |         $upload->assertJson($expectedResp); | 
					
						
							|  |  |  |         $this->assertDatabaseHas('attachments', $expectedResp); | 
					
						
							| 
									
										
										
										
											2016-10-23 22:25:04 +08:00
										 |  |  | 
 | 
					
						
							|  |  |  |         $this->deleteUploads(); | 
					
						
							|  |  |  |     } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2019-03-25 03:07:18 +08:00
										 |  |  |     public function test_file_upload_does_not_use_filename() | 
					
						
							|  |  |  |     { | 
					
						
							|  |  |  |         $page = Page::first(); | 
					
						
							|  |  |  |         $fileName = 'upload_test_file.txt'; | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         $upload = $this->asAdmin()->uploadFile($fileName, $page->id); | 
					
						
							|  |  |  |         $upload->assertStatus(200); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         $attachment = Attachment::query()->orderBy('id', 'desc')->first(); | 
					
						
							| 
									
										
										
										
											2019-09-14 21:12:39 +08:00
										 |  |  |         $this->assertStringNotContainsString($fileName, $attachment->path); | 
					
						
							| 
									
										
										
										
											2019-03-25 03:07:18 +08:00
										 |  |  |         $this->assertStringEndsWith('.txt', $attachment->path); | 
					
						
							|  |  |  |     } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2016-10-23 22:25:04 +08:00
										 |  |  |     public function test_file_display_and_access() | 
					
						
							|  |  |  |     { | 
					
						
							| 
									
										
										
										
											2018-02-11 20:37:02 +08:00
										 |  |  |         $page = Page::first(); | 
					
						
							| 
									
										
										
										
											2016-10-23 22:25:04 +08:00
										 |  |  |         $this->asAdmin(); | 
					
						
							|  |  |  |         $fileName = 'upload_test_file.txt'; | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2018-02-11 20:37:02 +08:00
										 |  |  |         $upload = $this->uploadFile($fileName, $page->id); | 
					
						
							|  |  |  |         $upload->assertStatus(200); | 
					
						
							|  |  |  |         $attachment = Attachment::orderBy('id', 'desc')->take(1)->first(); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         $pageGet = $this->get($page->getUrl()); | 
					
						
							|  |  |  |         $pageGet->assertSeeText($fileName); | 
					
						
							|  |  |  |         $pageGet->assertSee($attachment->getUrl()); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         $attachmentGet = $this->get($attachment->getUrl()); | 
					
						
							|  |  |  |         $attachmentGet->assertSee('Hi, This is a test file for testing the upload process.'); | 
					
						
							| 
									
										
										
										
											2016-10-23 22:25:04 +08:00
										 |  |  | 
 | 
					
						
							|  |  |  |         $this->deleteUploads(); | 
					
						
							|  |  |  |     } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     public function test_attaching_link_to_page() | 
					
						
							|  |  |  |     { | 
					
						
							| 
									
										
										
										
											2018-02-11 20:37:02 +08:00
										 |  |  |         $page = Page::first(); | 
					
						
							| 
									
										
										
										
											2016-10-23 22:25:04 +08:00
										 |  |  |         $admin = $this->getAdmin(); | 
					
						
							|  |  |  |         $this->asAdmin(); | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2018-02-11 20:37:02 +08:00
										 |  |  |         $linkReq = $this->call('POST', 'attachments/link', [ | 
					
						
							| 
									
										
										
										
											2016-10-23 22:25:04 +08:00
										 |  |  |             'link' => 'https://example.com', | 
					
						
							|  |  |  |             'name' => 'Example Attachment Link', | 
					
						
							|  |  |  |             'uploaded_to' => $page->id, | 
					
						
							|  |  |  |         ]); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         $expectedResp = [ | 
					
						
							|  |  |  |             'path' => 'https://example.com', | 
					
						
							|  |  |  |             'name' => 'Example Attachment Link', | 
					
						
							|  |  |  |             'uploaded_to' => $page->id, | 
					
						
							|  |  |  |             'created_by' => $admin->id, | 
					
						
							|  |  |  |             'updated_by' => $admin->id, | 
					
						
							|  |  |  |             'external' => true, | 
					
						
							|  |  |  |             'order' => 1, | 
					
						
							|  |  |  |             'extension' => '' | 
					
						
							|  |  |  |         ]; | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2018-02-11 20:37:02 +08:00
										 |  |  |         $linkReq->assertStatus(200); | 
					
						
							|  |  |  |         $linkReq->assertJson($expectedResp); | 
					
						
							|  |  |  |         $this->assertDatabaseHas('attachments', $expectedResp); | 
					
						
							|  |  |  |         $attachment = Attachment::orderBy('id', 'desc')->take(1)->first(); | 
					
						
							| 
									
										
										
										
											2016-10-23 22:25:04 +08:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2018-02-11 20:37:02 +08:00
										 |  |  |         $pageGet = $this->get($page->getUrl()); | 
					
						
							|  |  |  |         $pageGet->assertSeeText('Example Attachment Link'); | 
					
						
							|  |  |  |         $pageGet->assertSee($attachment->getUrl()); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         $attachmentGet = $this->get($attachment->getUrl()); | 
					
						
							|  |  |  |         $attachmentGet->assertRedirect('https://example.com'); | 
					
						
							| 
									
										
										
										
											2016-10-23 22:25:04 +08:00
										 |  |  | 
 | 
					
						
							|  |  |  |         $this->deleteUploads(); | 
					
						
							|  |  |  |     } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     public function test_attachment_updating() | 
					
						
							|  |  |  |     { | 
					
						
							| 
									
										
										
										
											2018-02-11 20:37:02 +08:00
										 |  |  |         $page = Page::first(); | 
					
						
							| 
									
										
										
										
											2016-10-23 22:25:04 +08:00
										 |  |  |         $this->asAdmin(); | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2016-11-12 22:12:26 +08:00
										 |  |  |         $this->call('POST', 'attachments/link', [ | 
					
						
							| 
									
										
										
										
											2016-10-23 22:25:04 +08:00
										 |  |  |             'link' => 'https://example.com', | 
					
						
							|  |  |  |             'name' => 'Example Attachment Link', | 
					
						
							|  |  |  |             'uploaded_to' => $page->id, | 
					
						
							|  |  |  |         ]); | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2018-09-25 19:30:50 +08:00
										 |  |  |         $attachmentId = \BookStack\Uploads\Attachment::first()->id; | 
					
						
							| 
									
										
										
										
											2016-10-23 22:25:04 +08:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2018-02-11 20:37:02 +08:00
										 |  |  |         $update = $this->call('PUT', 'attachments/' . $attachmentId, [ | 
					
						
							| 
									
										
										
										
											2016-10-23 22:25:04 +08:00
										 |  |  |             'uploaded_to' => $page->id, | 
					
						
							|  |  |  |             'name' => 'My new attachment name', | 
					
						
							|  |  |  |             'link' => 'https://test.example.com' | 
					
						
							|  |  |  |         ]); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         $expectedResp = [ | 
					
						
							|  |  |  |             'path' => 'https://test.example.com', | 
					
						
							|  |  |  |             'name' => 'My new attachment name', | 
					
						
							|  |  |  |             'uploaded_to' => $page->id | 
					
						
							|  |  |  |         ]; | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2018-02-11 20:37:02 +08:00
										 |  |  |         $update->assertStatus(200); | 
					
						
							|  |  |  |         $update->assertJson($expectedResp); | 
					
						
							|  |  |  |         $this->assertDatabaseHas('attachments', $expectedResp); | 
					
						
							| 
									
										
										
										
											2016-10-23 22:25:04 +08:00
										 |  |  | 
 | 
					
						
							|  |  |  |         $this->deleteUploads(); | 
					
						
							|  |  |  |     } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     public function test_file_deletion() | 
					
						
							|  |  |  |     { | 
					
						
							| 
									
										
										
										
											2018-02-11 20:37:02 +08:00
										 |  |  |         $page = Page::first(); | 
					
						
							| 
									
										
										
										
											2016-10-23 22:25:04 +08:00
										 |  |  |         $this->asAdmin(); | 
					
						
							|  |  |  |         $fileName = 'deletion_test.txt'; | 
					
						
							|  |  |  |         $this->uploadFile($fileName, $page->id); | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2019-03-25 03:07:18 +08:00
										 |  |  |         $attachment = Attachment::query()->orderBy('id', 'desc')->first(); | 
					
						
							|  |  |  |         $filePath = storage_path($attachment->path); | 
					
						
							| 
									
										
										
										
											2016-10-23 22:25:04 +08:00
										 |  |  |         $this->assertTrue(file_exists($filePath), 'File at path ' . $filePath . ' does not exist'); | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2018-09-25 19:30:50 +08:00
										 |  |  |         $attachment = \BookStack\Uploads\Attachment::first(); | 
					
						
							| 
									
										
										
										
											2018-02-11 20:37:02 +08:00
										 |  |  |         $this->delete($attachment->getUrl()); | 
					
						
							| 
									
										
										
										
											2016-10-23 22:25:04 +08:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2018-02-11 20:37:02 +08:00
										 |  |  |         $this->assertDatabaseMissing('attachments', [ | 
					
						
							| 
									
										
										
										
											2016-10-23 22:25:04 +08:00
										 |  |  |             'name' => $fileName | 
					
						
							|  |  |  |         ]); | 
					
						
							|  |  |  |         $this->assertFalse(file_exists($filePath), 'File at path ' . $filePath . ' was not deleted as expected'); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         $this->deleteUploads(); | 
					
						
							|  |  |  |     } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     public function test_attachment_deletion_on_page_deletion() | 
					
						
							|  |  |  |     { | 
					
						
							| 
									
										
										
										
											2018-02-11 20:37:02 +08:00
										 |  |  |         $page = Page::first(); | 
					
						
							| 
									
										
										
										
											2016-10-23 22:25:04 +08:00
										 |  |  |         $this->asAdmin(); | 
					
						
							|  |  |  |         $fileName = 'deletion_test.txt'; | 
					
						
							|  |  |  |         $this->uploadFile($fileName, $page->id); | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2019-03-25 03:07:18 +08:00
										 |  |  |         $attachment = Attachment::query()->orderBy('id', 'desc')->first(); | 
					
						
							|  |  |  |         $filePath = storage_path($attachment->path); | 
					
						
							| 
									
										
										
										
											2016-10-23 22:25:04 +08:00
										 |  |  | 
 | 
					
						
							|  |  |  |         $this->assertTrue(file_exists($filePath), 'File at path ' . $filePath . ' does not exist'); | 
					
						
							| 
									
										
										
										
											2018-02-11 20:37:02 +08:00
										 |  |  |         $this->assertDatabaseHas('attachments', [ | 
					
						
							| 
									
										
										
										
											2016-10-23 22:25:04 +08:00
										 |  |  |             'name' => $fileName | 
					
						
							|  |  |  |         ]); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         $this->call('DELETE', $page->getUrl()); | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2018-02-11 20:37:02 +08:00
										 |  |  |         $this->assertDatabaseMissing('attachments', [ | 
					
						
							| 
									
										
										
										
											2016-10-23 22:25:04 +08:00
										 |  |  |             'name' => $fileName | 
					
						
							|  |  |  |         ]); | 
					
						
							|  |  |  |         $this->assertFalse(file_exists($filePath), 'File at path ' . $filePath . ' was not deleted as expected'); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         $this->deleteUploads(); | 
					
						
							|  |  |  |     } | 
					
						
							| 
									
										
										
										
											2018-02-11 20:37:02 +08:00
										 |  |  | 
 | 
					
						
							|  |  |  |     public function test_attachment_access_without_permission_shows_404() | 
					
						
							|  |  |  |     { | 
					
						
							|  |  |  |         $admin = $this->getAdmin(); | 
					
						
							|  |  |  |         $viewer = $this->getViewer(); | 
					
						
							|  |  |  |         $page = Page::first(); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         $this->actingAs($admin); | 
					
						
							|  |  |  |         $fileName = 'permission_test.txt'; | 
					
						
							|  |  |  |         $this->uploadFile($fileName, $page->id); | 
					
						
							|  |  |  |         $attachment = Attachment::orderBy('id', 'desc')->take(1)->first(); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         $page->restricted = true; | 
					
						
							|  |  |  |         $page->permissions()->delete(); | 
					
						
							|  |  |  |         $page->save(); | 
					
						
							|  |  |  |         $this->app[PermissionService::class]->buildJointPermissionsForEntity($page); | 
					
						
							|  |  |  |         $page->load('jointPermissions'); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         $this->actingAs($viewer); | 
					
						
							|  |  |  |         $attachmentGet = $this->get($attachment->getUrl()); | 
					
						
							|  |  |  |         $attachmentGet->assertStatus(404); | 
					
						
							|  |  |  |         $attachmentGet->assertSee("Attachment not found"); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         $this->deleteUploads(); | 
					
						
							|  |  |  |     } | 
					
						
							| 
									
										
										
										
											2016-10-23 22:25:04 +08:00
										 |  |  | } |