diff options
| author | cweiske <cweiske@b3834d28-1941-0410-a4f8-b48e95affb8f> | 2010-09-28 22:11:59 +0000 | 
|---|---|---|
| committer | cweiske <cweiske@b3834d28-1941-0410-a4f8-b48e95affb8f> | 2010-09-28 22:11:59 +0000 | 
| commit | b31886b67aaa814dc0ffe48bb7d5c4863de0106e (patch) | |
| tree | 1acebe0e6f7825e889bc7ef77a592305ab4355f4 | |
| parent | 6b3f1d476ea0d1be46b3e4a7df6983320865303b (diff) | |
| download | semanticscuttle-b31886b67aaa814dc0ffe48bb7d5c4863de0106e.tar.gz semanticscuttle-b31886b67aaa814dc0ffe48bb7d5c4863de0106e.tar.bz2 | |
tests for deleting bookmarks via the API. two of them fail currently because of a security issue
git-svn-id: https://semanticscuttle.svn.sourceforge.net/svnroot/semanticscuttle/trunk@767 b3834d28-1941-0410-a4f8-b48e95affb8f
| -rw-r--r-- | tests/Api/PostsDeleteTest.php | 302 | 
1 files changed, 302 insertions, 0 deletions
| diff --git a/tests/Api/PostsDeleteTest.php b/tests/Api/PostsDeleteTest.php new file mode 100644 index 0000000..705f94e --- /dev/null +++ b/tests/Api/PostsDeleteTest.php @@ -0,0 +1,302 @@ +<?php +/** + * SemanticScuttle - your social bookmark manager. + * + * PHP version 5. + * + * @category Bookmarking + * @package  SemanticScuttle + * @author   Benjamin Huynh-Kim-Bang <mensonge@users.sourceforge.net> + * @author   Christian Weiske <cweiske@cweiske.de> + * @author   Eric Dane <ericdane@users.sourceforge.net> + * @license  GPL http://www.gnu.org/licenses/gpl.html + * @link     http://sourceforge.net/projects/semanticscuttle + */ + +require_once dirname(__FILE__) . '/../prepare.php'; +require_once 'HTTP/Request2.php'; + +if (!defined('PHPUnit_MAIN_METHOD')) { +    define('PHPUnit_MAIN_METHOD', 'Api_PostsDeleteTest::main'); +} + +/** + * Unit tests for the SemanticScuttle post deletion API. + * + * @category Bookmarking + * @package  SemanticScuttle + * @author   Benjamin Huynh-Kim-Bang <mensonge@users.sourceforge.net> + * @author   Christian Weiske <cweiske@cweiske.de> + * @author   Eric Dane <ericdane@users.sourceforge.net> + * @license  GPL http://www.gnu.org/licenses/gpl.html + * @link     http://sourceforge.net/projects/semanticscuttle + */ +class Api_PostsDeleteTest extends TestBaseApi +{ +    protected $urlPart = 'api/posts/delete'; + + + +    /** +     * Used to run this test class standalone +     * +     * @return void +     */ +    public static function main() +    { +        require_once 'PHPUnit/TextUI/TestRunner.php'; +        PHPUnit_TextUI_TestRunner::run( +            new PHPUnit_Framework_TestSuite(__CLASS__) +        ); +    } + + + +    /** +     * Test if authentication is required when sending no auth data +     */ +    public function testAuthWithoutAuthData() +    { +        $req = $this->getRequest(null, false); +        $res = $req->send(); +        $this->assertEquals(401, $res->getStatus()); +    } + + + +    /** +     * Test if authentication is required when sending wrong user data + +     */ +    public function testAuthWrongCredentials() +    { +        $req = $this->getRequest(null, false); +        $req->setAuth('user', 'password', HTTP_Request2::AUTH_BASIC); +        $res = $req->send(); +        $this->assertEquals(401, $res->getStatus()); +    } + + + +    /** +     * Test if deleting an own bookmark works. +     */ +    public function testDeleteOwnBookmark() +    { +        $this->bs->deleteAll(); + +        $bookmarkUrl = 'http://example.org/tag-1'; + +        list($req, $uId) = $this->getAuthRequest( +            '?url=' . urlencode($bookmarkUrl) +        ); + +        $bId = $this->addBookmark( +            $uId, $bookmarkUrl, 0, +            array('unittest', 'tag1') +        ); +        //user has one bookmark now +        $data = $this->bs->getBookmarks(0, null, $uId); +        $this->assertEquals(1, $data['total']); + +        //send request +        $res = $req->send(); + +        $this->assertEquals(200, $res->getStatus()); +        //verify MIME content type +        $this->assertEquals( +            'text/xml; charset=utf-8', +            $res->getHeader('content-type') +        ); + +        //verify xml +        $this->assertTag( +            array( +                'tag'        => 'result', +                'attributes' => array('code' => 'done') +            ), +            $res->getBody(), +            null, false +        ); + +        //bookmark should be deleted now +        $data = $this->bs->getBookmarks(0, null, $uId); +        $this->assertEquals(0, $data['total']); +    } + + + +    /** +     * Test if deleting an own bookmark via POST works. +     */ +    public function testDeleteOwnBookmarkPost() +    { +        $this->bs->deleteAll(); + +        $bookmarkUrl = 'http://example.org/tag-1'; + +        list($req, $uId) = $this->getAuthRequest(); + +        $bId = $this->addBookmark( +            $uId, $bookmarkUrl, 0, +            array('unittest', 'tag1') +        ); +        //user has one bookmark now +        $data = $this->bs->getBookmarks(0, null, $uId); +        $this->assertEquals(1, $data['total']); + +        //send request +        $req->setMethod(HTTP_Request2::METHOD_POST); +        $req->addPostParameter('url', $bookmarkUrl); +        $res = $req->send(); + +        $this->assertEquals(200, $res->getStatus()); +        //verify MIME content type +        $this->assertEquals( +            'text/xml; charset=utf-8', +            $res->getHeader('content-type') +        ); + +        //verify xml +        $this->assertTag( +            array( +                'tag'        => 'result', +                'attributes' => array('code' => 'done') +            ), +            $res->getBody(), +            null, false +        ); + +        //bookmark should be deleted now +        $data = $this->bs->getBookmarks(0, null, $uId); +        $this->assertEquals(0, $data['total']); +    } + + + +    /** +     * Verify that deleting a bookmark of a different does not work +     */ +    public function testDeleteOtherBookmark() +    { +        $this->bs->deleteAll(); + +        $bookmarkUrl = 'http://example.org/tag-1'; + +        list($req, $uId) = $this->getAuthRequest( +            '?url=' . urlencode($bookmarkUrl) +        ); +        $uId2 = $this->addUser(); + +        $bId = $this->addBookmark( +            $uId2, $bookmarkUrl, 0, +            array('unittest', 'tag1') +        ); +        //user 1 has no bookmarks +        $data = $this->bs->getBookmarks(0, null, $uId); +        $this->assertEquals(0, $data['total']); +        //user 2 has one bookmark +        $data = $this->bs->getBookmarks(0, null, $uId2); +        $this->assertEquals(1, $data['total']); + +        //send request +        $res = $req->send(); + +        //401 - unauthorized +        $this->assertEquals(401, $res->getStatus()); +        //verify MIME content type +        $this->assertEquals( +            'text/xml; charset=utf-8', +            $res->getHeader('content-type') +        ); + +        //verify xml +        $this->assertNotTag( +            array( +                'tag'        => 'result', +                'attributes' => array('code' => 'done') +            ), +            $res->getBody(), +            '', false +        ); + +        //bookmark should still be there +        $data = $this->bs->getBookmarks(0, null, $uId2); +        $this->assertEquals(1, $data['total']); +    } + + + +    /** +     * Test if deleting a bookmark works that also other users +     * bookmarked. +     */ +    public function testDeleteBookmarkOneOfTwo() +    { +        $this->bs->deleteAll(); + +        $bookmarkUrl = 'http://example.org/tag-1'; + +        list($req, $uId) = $this->getAuthRequest( +            '?url=' . urlencode($bookmarkUrl) +        ); +        $uId2 = $this->addUser(); +        $uId3 = $this->addUser(); + +        //important: the order of addition is crucial here +        $this->addBookmark( +            $uId2, $bookmarkUrl, 0, +            array('unittest', 'tag1') +        ); +        $bId = $this->addBookmark( +            $uId, $bookmarkUrl, 0, +            array('unittest', 'tag1') +        ); +        $this->addBookmark( +            $uId3, $bookmarkUrl, 0, +            array('unittest', 'tag1') +        ); + +        //user one and two have a bookmark now +        $data = $this->bs->getBookmarks(0, null, $uId); +        $this->assertEquals(1, $data['total']); +        $data = $this->bs->getBookmarks(0, null, $uId2); +        $this->assertEquals(1, $data['total']); + +        //send request +        $res = $req->send(); + +        $this->assertEquals(200, $res->getStatus()); +        //verify MIME content type +        $this->assertEquals( +            'text/xml; charset=utf-8', +            $res->getHeader('content-type') +        ); + +        //verify xml +        $this->assertTag( +            array( +                'tag'        => 'result', +                'attributes' => array('code' => 'done') +            ), +            $res->getBody(), +            '', false +        ); + +        //bookmark should be deleted now +        $data = $this->bs->getBookmarks(0, null, $uId); +        $this->assertEquals(0, $data['total']); +        //user 2 should still have his +        $data = $this->bs->getBookmarks(0, null, $uId2); +        $this->assertEquals(1, $data['total']); +        //user 3 should still have his, too +        $data = $this->bs->getBookmarks(0, null, $uId3); +        $this->assertEquals(1, $data['total']); +    } + +} + +if (PHPUnit_MAIN_METHOD == 'Api_PostsDeleteTest::main') { +    Api_PostsDeleteTest::main(); +} +?>
\ No newline at end of file | 
