bookstack/tests/Entity/CommentTest.php

<?php namespace Tests\Entity;

use BookStack\Entities\Page;
use BookStack\Actions\Comment;
use Tests\TestCase;

class CommentTest extends TestCase
{

    public function test_add_comment()
    {
        $this->asAdmin();
        $page = Page::first();

        $comment = factory(Comment::class)->make(['parent_id' => 2]);
        $resp = $this->postJson("/comment/$page->id", $comment->getAttributes());

        $resp->assertStatus(200);
        $resp->assertSee($comment->text);

        $pageResp = $this->get($page->getUrl());
        $pageResp->assertSee($comment->text);

        $this->assertDatabaseHas('comments', [
            'local_id' => 1,
            'entity_id' => $page->id,
            'entity_type' => Page::newModelInstance()->getMorphClass(),
            'text' => $comment->text,
            'parent_id' => 2
        ]);
    }

    public function test_comment_edit()
    {
        $this->asAdmin();
        $page = Page::first();

        $comment = factory(Comment::class)->make();
        $this->postJson("/comment/$page->id", $comment->getAttributes());

        $comment = $page->comments()->first();
        $newText = 'updated text content';
        $resp = $this->putJson("/comment/$comment->id", [
            'text' => $newText,
        ]);

        $resp->assertStatus(200);
        $resp->assertSee($newText);
        $resp->assertDontSee($comment->text);

        $this->assertDatabaseHas('comments', [
            'text' => $newText,
            'entity_id' => $page->id
        ]);
    }

    public function test_comment_delete()
    {
        $this->asAdmin();
        $page = Page::first();

        $comment = factory(Comment::class)->make();
        $this->postJson("/comment/$page->id", $comment->getAttributes());

        $comment = $page->comments()->first();

        $resp = $this->delete("/comment/$comment->id");
        $resp->assertStatus(200);

        $this->assertDatabaseMissing('comments', [
            'id' => $comment->id
        ]);
    }

    public function test_comments_converts_markdown_input_to_html()
    {
        $page = Page::first();
        $this->asAdmin()->postJson("/comment/$page->id", [
            'text' => '# My Title',
        ]);

        $this->assertDatabaseHas('comments', [
            'entity_id' => $page->id,
            'entity_type' => $page->getMorphClass(),
            'text' => '# My Title',
            'html' => "<h1>My Title</h1>\n",
        ]);

        $pageView = $this->get($page->getUrl());
        $pageView->assertSee('<h1>My Title</h1>');
    }

    public function test_html_cannot_be_injected_via_comment_content()
    {
        $this->asAdmin();
        $page = Page::first();

        $script = '<script>const a = "script";</script>\n\n# sometextinthecomment';
        $this->postJson("/comment/$page->id", [
            'text' => $script,
        ]);

        $pageView = $this->get($page->getUrl());
        $pageView->assertDontSee($script);
        $pageView->assertSee('sometextinthecomment');

        $comment = $page->comments()->first();
        $this->putJson("/comment/$comment->id", [
            'text' => $script . 'updated',
        ]);

        $pageView = $this->get($page->getUrl());
        $pageView->assertDontSee($script);
        $pageView->assertSee('sometextinthecommentupdated');
    }
}
Updated test files to be PSR-4 compliant Closes #1924 2020-04-04 08:16:05 +08:00			`<?php namespace Tests\Entity;`
#47 - Added more test cases to test the APIs and permission for comments. 2017-06-13 05:01:17 +08:00
Re-structured the app code to be feature based rather than code type based 2018-09-25 19:30:50 +08:00			`use BookStack\Entities\Page;`
			`use BookStack\Actions\Comment;`
Updated test files to be PSR-4 compliant Closes #1924 2020-04-04 08:16:05 +08:00			`use Tests\TestCase;`
#47 - Added more test cases to test the APIs and permission for comments. 2017-06-13 05:01:17 +08:00
Removed outdated translations and updated tests 2017-09-10 01:41:59 +08:00			`class CommentTest extends TestCase`
#47 - Added more test cases to test the APIs and permission for comments. 2017-06-13 05:01:17 +08:00			`{`

			`public function test_add_comment()`
			`{`
			`$this->asAdmin();`
Removed outdated translations and updated tests 2017-09-10 01:41:59 +08:00			`$page = Page::first();`
#47 - Added more test cases to test the APIs and permission for comments. 2017-06-13 05:01:17 +08:00
Removed outdated translations and updated tests 2017-09-10 01:41:59 +08:00			`$comment = factory(Comment::class)->make(['parent_id' => 2]);`
Updated some comment elements and standardised more JS - Updated comment routes to be simpler. - Updated comments JS to align better with updated component system. - Documented available global JS functions/services. - Removed redundant controller method. - Added window.$events helpers for validation messages and success/error. - Updated JS events system to not be class based for simplicity. - Added window.trans_plural method to handle pluralisation/replacements where you already have the translation string itself. Fixes #1836 2020-07-29 01:19:18 +08:00			`$resp = $this->postJson("/comment/$page->id", $comment->getAttributes());`
#47 - Added more test cases to test the APIs and permission for comments. 2017-06-13 05:01:17 +08:00
Removed outdated translations and updated tests 2017-09-10 01:41:59 +08:00			`$resp->assertStatus(200);`
			`$resp->assertSee($comment->text);`
#47 - Added more test cases to test the APIs and permission for comments. 2017-06-13 05:01:17 +08:00
Removed outdated translations and updated tests 2017-09-10 01:41:59 +08:00			`$pageResp = $this->get($page->getUrl());`
			`$pageResp->assertSee($comment->text);`
#47 - Added more test cases to test the APIs and permission for comments. 2017-06-13 05:01:17 +08:00
Removed outdated translations and updated tests 2017-09-10 01:41:59 +08:00			`$this->assertDatabaseHas('comments', [`
			`'local_id' => 1,`
			`'entity_id' => $page->id,`
Re-structured the app code to be feature based rather than code type based 2018-09-25 19:30:50 +08:00			`'entity_type' => Page::newModelInstance()->getMorphClass(),`
Removed outdated translations and updated tests 2017-09-10 01:41:59 +08:00			`'text' => $comment->text,`
			`'parent_id' => 2`
			`]);`
#47 - Added more test cases to test the APIs and permission for comments. 2017-06-13 05:01:17 +08:00			`}`

			`public function test_comment_edit()`
			`{`
			`$this->asAdmin();`
Removed outdated translations and updated tests 2017-09-10 01:41:59 +08:00			`$page = Page::first();`

			`$comment = factory(Comment::class)->make();`
Updated some comment elements and standardised more JS - Updated comment routes to be simpler. - Updated comments JS to align better with updated component system. - Documented available global JS functions/services. - Removed redundant controller method. - Added window.$events helpers for validation messages and success/error. - Updated JS events system to not be class based for simplicity. - Added window.trans_plural method to handle pluralisation/replacements where you already have the translation string itself. Fixes #1836 2020-07-29 01:19:18 +08:00			`$this->postJson("/comment/$page->id", $comment->getAttributes());`
Removed outdated translations and updated tests 2017-09-10 01:41:59 +08:00
			`$comment = $page->comments()->first();`
			`$newText = 'updated text content';`
Updated some comment elements and standardised more JS - Updated comment routes to be simpler. - Updated comments JS to align better with updated component system. - Documented available global JS functions/services. - Removed redundant controller method. - Added window.$events helpers for validation messages and success/error. - Updated JS events system to not be class based for simplicity. - Added window.trans_plural method to handle pluralisation/replacements where you already have the translation string itself. Fixes #1836 2020-07-29 01:19:18 +08:00			`$resp = $this->putJson("/comment/$comment->id", [`
Removed outdated translations and updated tests 2017-09-10 01:41:59 +08:00			`'text' => $newText,`
			`]);`

			`$resp->assertStatus(200);`
			`$resp->assertSee($newText);`
			`$resp->assertDontSee($comment->text);`

			`$this->assertDatabaseHas('comments', [`
			`'text' => $newText,`
			`'entity_id' => $page->id`
			`]);`
#47 - Added more test cases to test the APIs and permission for comments. 2017-06-13 05:01:17 +08:00			`}`

			`public function test_comment_delete()`
			`{`
			`$this->asAdmin();`
			`$page = Page::first();`

			`$comment = factory(Comment::class)->make();`
Updated some comment elements and standardised more JS - Updated comment routes to be simpler. - Updated comments JS to align better with updated component system. - Documented available global JS functions/services. - Removed redundant controller method. - Added window.$events helpers for validation messages and success/error. - Updated JS events system to not be class based for simplicity. - Added window.trans_plural method to handle pluralisation/replacements where you already have the translation string itself. Fixes #1836 2020-07-29 01:19:18 +08:00			`$this->postJson("/comment/$page->id", $comment->getAttributes());`
#47 - Added more test cases to test the APIs and permission for comments. 2017-06-13 05:01:17 +08:00
Removed outdated translations and updated tests 2017-09-10 01:41:59 +08:00			`$comment = $page->comments()->first();`
#47 - Added more test cases to test the APIs and permission for comments. 2017-06-13 05:01:17 +08:00
Updated some comment elements and standardised more JS - Updated comment routes to be simpler. - Updated comments JS to align better with updated component system. - Documented available global JS functions/services. - Removed redundant controller method. - Added window.$events helpers for validation messages and success/error. - Updated JS events system to not be class based for simplicity. - Added window.trans_plural method to handle pluralisation/replacements where you already have the translation string itself. Fixes #1836 2020-07-29 01:19:18 +08:00			`$resp = $this->delete("/comment/$comment->id");`
Removed outdated translations and updated tests 2017-09-10 01:41:59 +08:00			`$resp->assertStatus(200);`
#47 - Added more test cases to test the APIs and permission for comments. 2017-06-13 05:01:17 +08:00
Removed outdated translations and updated tests 2017-09-10 01:41:59 +08:00			`$this->assertDatabaseMissing('comments', [`
			`'id' => $comment->id`
			`]);`
#47 - Added more test cases to test the APIs and permission for comments. 2017-06-13 05:01:17 +08:00			`}`
Updated comment md rendering to be server-side 2020-05-02 06:24:11 +08:00
			`public function test_comments_converts_markdown_input_to_html()`
			`{`
			`$page = Page::first();`
Updated some comment elements and standardised more JS - Updated comment routes to be simpler. - Updated comments JS to align better with updated component system. - Documented available global JS functions/services. - Removed redundant controller method. - Added window.$events helpers for validation messages and success/error. - Updated JS events system to not be class based for simplicity. - Added window.trans_plural method to handle pluralisation/replacements where you already have the translation string itself. Fixes #1836 2020-07-29 01:19:18 +08:00			`$this->asAdmin()->postJson("/comment/$page->id", [`
Updated comment md rendering to be server-side 2020-05-02 06:24:11 +08:00			`'text' => '# My Title',`
			`]);`

			`$this->assertDatabaseHas('comments', [`
			`'entity_id' => $page->id,`
			`'entity_type' => $page->getMorphClass(),`
			`'text' => '# My Title',`
			`'html' => "<h1>My Title</h1>\n",`
			`]);`

			`$pageView = $this->get($page->getUrl());`
			`$pageView->assertSee('<h1>My Title</h1>');`
			`}`

			`public function test_html_cannot_be_injected_via_comment_content()`
			`{`
			`$this->asAdmin();`
			`$page = Page::first();`

			`$script = '<script>const a = "script";</script>\n\n# sometextinthecomment';`
Updated some comment elements and standardised more JS - Updated comment routes to be simpler. - Updated comments JS to align better with updated component system. - Documented available global JS functions/services. - Removed redundant controller method. - Added window.$events helpers for validation messages and success/error. - Updated JS events system to not be class based for simplicity. - Added window.trans_plural method to handle pluralisation/replacements where you already have the translation string itself. Fixes #1836 2020-07-29 01:19:18 +08:00			`$this->postJson("/comment/$page->id", [`
Updated comment md rendering to be server-side 2020-05-02 06:24:11 +08:00			`'text' => $script,`
			`]);`

			`$pageView = $this->get($page->getUrl());`
			`$pageView->assertDontSee($script);`
			`$pageView->assertSee('sometextinthecomment');`

			`$comment = $page->comments()->first();`
Updated some comment elements and standardised more JS - Updated comment routes to be simpler. - Updated comments JS to align better with updated component system. - Documented available global JS functions/services. - Removed redundant controller method. - Added window.$events helpers for validation messages and success/error. - Updated JS events system to not be class based for simplicity. - Added window.trans_plural method to handle pluralisation/replacements where you already have the translation string itself. Fixes #1836 2020-07-29 01:19:18 +08:00			`$this->putJson("/comment/$comment->id", [`
Updated comment md rendering to be server-side 2020-05-02 06:24:11 +08:00			`'text' => $script . 'updated',`
			`]);`

			`$pageView = $this->get($page->getUrl());`
			`$pageView->assertDontSee($script);`
			`$pageView->assertSee('sometextinthecommentupdated');`
			`}`
#47 - Added more test cases to test the APIs and permission for comments. 2017-06-13 05:01:17 +08:00			`}`