mirror of
https://github.com/silverstripe/silverstripe-framework
synced 2024-10-22 14:05:37 +02:00
aa72425e84
Avoid PHPUnit throwing "test didn't run any assertions" notices in PHP. If nothing else, it keeps test output looking less broken by default, making it more likely that actual errors do get noticed.
591 lines
20 KiB
PHP
591 lines
20 KiB
PHP
<?php
|
|
|
|
/**
|
|
* Tests for RequestHandler and SS_HTTPRequest.
|
|
* We've set up a simple URL handling model based on
|
|
*/
|
|
class RequestHandlingTest extends FunctionalTest {
|
|
static $fixture_file = null;
|
|
|
|
// public function testRequestHandlerChainingLatestParams() {
|
|
// $c = new RequestHandlingTest_Controller();
|
|
// $c->init();
|
|
// $response = $c->handleRequest(new SS_HTTPRequest('GET', 'testGoodBase1/TestForm/fields/MyField'));
|
|
// $this->assertEquals(
|
|
// $c->getRequest()->latestParams(),
|
|
// array(
|
|
// 'Action' => 'fields',
|
|
// 'ID' => 'MyField'
|
|
// )
|
|
// );
|
|
// }
|
|
|
|
public function testConstructedWithNullRequest() {
|
|
$r = new RequestHandler();
|
|
$this->assertInstanceOf('NullHTTPRequest', $r->getRequest());
|
|
}
|
|
|
|
public function testRequestHandlerChainingAllParams() {
|
|
$this->markTestIncomplete();
|
|
}
|
|
|
|
public function testMethodCallingOnController() {
|
|
/* Calling a controller works just like it always has */
|
|
$response = Director::test("testGoodBase1");
|
|
$this->assertEquals("This is the controller", $response->getBody());
|
|
|
|
/* ID and OtherID are extracted from the URL and passed in $request->params. */
|
|
$response = Director::test("testGoodBase1/method/1/2");
|
|
$this->assertEquals("This is a method on the controller: 1, 2", $response->getBody());
|
|
|
|
/* In addition, these values are availalbe in $controller->urlParams. This is mainly for backward
|
|
* compatability. */
|
|
$response = Director::test("testGoodBase1/legacymethod/3/4");
|
|
$this->assertEquals("\$this->urlParams can be used, for backward compatibility: 3, 4", $response->getBody());
|
|
}
|
|
|
|
public function testPostRequests() {
|
|
/* The HTTP Request handler can trigger special behaviour for GET and POST. */
|
|
$response = Director::test("testGoodBase1/TestForm", array("MyField" => 3), null, "POST");
|
|
$this->assertEquals("Form posted", $response->getBody());
|
|
|
|
$response = Director::test("testGoodBase1/TestForm");
|
|
$this->assertEquals("Get request on form", $response->getBody());
|
|
}
|
|
|
|
public function testRequestHandlerChaining() {
|
|
/* Request handlers can be chained, from Director to Controller to Form to FormField. Here, we can make a get
|
|
request on a FormField. */
|
|
$response = Director::test("testGoodBase1/TestForm/fields/MyField");
|
|
$this->assertEquals("MyField requested", $response->getBody());
|
|
|
|
/* We can also make a POST request on a form field, which could be used for in-place editing, for example. */
|
|
$response = Director::test("testGoodBase1/TestForm/fields/MyField" ,array("MyField" => 5));
|
|
$this->assertEquals("MyField posted, update to 5", $response->getBody());
|
|
}
|
|
|
|
public function testBadBase() {
|
|
/* Without a double-slash indicator in the URL, the entire URL is popped off the stack. The controller's
|
|
* default action handlers have been designed for this to an extend: simple actions can still be called.
|
|
* This is the set-up of URL rules written before this new request handler. */
|
|
$response = Director::test("testBadBase/method/1/2");
|
|
$this->assertEquals("This is a method on the controller: 1, 2", $response->getBody());
|
|
|
|
$response = Director::test("testBadBase/TestForm", array("MyField" => 3), null, "POST");
|
|
$this->assertEquals("Form posted", $response->getBody());
|
|
|
|
/* It won't, however, let you chain requests to access methods on forms, or form fields. In order to do that,
|
|
* you need to have a // marker in your URL parsing rule */
|
|
$response = Director::test("testBadBase/TestForm/fields/MyField");
|
|
$this->assertNotEquals("MyField requested", $response->getBody());
|
|
}
|
|
|
|
public function testBaseWithExtension() {
|
|
/* Rules with an extension always default to the index() action */
|
|
$response = Director::test("testBaseWithExtension/virtualfile.xml");
|
|
$this->assertEquals("This is the controller", $response->getBody());
|
|
|
|
/* Without the extension, the methodname should be matched */
|
|
$response = Director::test("testBaseWithExtension/virtualfile");
|
|
$this->assertEquals("This is the virtualfile method", $response->getBody());
|
|
}
|
|
|
|
public function testNestedBase() {
|
|
/* Nested base should leave out the two parts and correctly map arguments */
|
|
$response = Director::test("testParentBase/testChildBase/method/1/2");
|
|
$this->assertEquals("This is a method on the controller: 1, 2", $response->getBody());
|
|
}
|
|
|
|
public function testInheritedUrlHandlers() {
|
|
/* $url_handlers can be defined on any class, and */
|
|
$response = Director::test("testGoodBase1/TestForm/fields/SubclassedField/something");
|
|
$this->assertEquals("customSomething", $response->getBody());
|
|
|
|
/* However, if the subclass' url_handlers don't match, then the parent class' url_handlers will be used */
|
|
$response = Director::test("testGoodBase1/TestForm/fields/SubclassedField");
|
|
$this->assertEquals("SubclassedField requested", $response->getBody());
|
|
}
|
|
|
|
public function testDisallowedExtendedActions() {
|
|
/* Actions on magic methods are only accessible if explicitly allowed on the controller. */
|
|
$response = Director::test("testGoodBase1/extendedMethod");
|
|
$this->assertEquals(404, $response->getStatusCode());
|
|
|
|
/* Actions on an extension are allowed because they specifically provided appropriate allowed_actions items */
|
|
$response = Director::test("testGoodBase1/otherExtendedMethod");
|
|
$this->assertEquals("otherExtendedMethod", $response->getBody());
|
|
|
|
/* The failoverMethod action wasn't explicitly listed and so isnt' allowed */
|
|
$response = Director::test("testGoodBase1/failoverMethod");
|
|
$this->assertEquals(404, $response->getStatusCode());
|
|
|
|
/* However, on RequestHandlingTest_AllowedController it has been explicitly allowed */
|
|
$response = Director::test("RequestHandlingTest_AllowedController/failoverMethod");
|
|
$this->assertEquals("failoverMethod", $response->getBody());
|
|
|
|
/* The action on the extension has also been explicitly allowed even though it wasn't on the extension */
|
|
$response = Director::test("RequestHandlingTest_AllowedController/extendedMethod");
|
|
$this->assertEquals("extendedMethod", $response->getBody());
|
|
|
|
}
|
|
|
|
public function testHTTPException() {
|
|
$exception = Director::test('RequestHandlingTest_Controller/throwexception');
|
|
$this->assertEquals(400, $exception->getStatusCode());
|
|
$this->assertEquals('This request was invalid.', $exception->getBody());
|
|
|
|
$responseException = (Director::test('RequestHandlingTest_Controller/throwresponseexception'));
|
|
$this->assertEquals(500, $responseException->getStatusCode());
|
|
$this->assertEquals('There was an internal server error.', $responseException->getBody());
|
|
}
|
|
|
|
public function testHTTPError() {
|
|
$response = Director::test('RequestHandlingTest_Controller/throwhttperror');
|
|
$this->assertEquals(404, $response->getStatusCode());
|
|
$this->assertEquals('This page does not exist.', $response->getBody());
|
|
}
|
|
|
|
public function testMethodsOnParentClassesOfRequestHandlerDeclined() {
|
|
$response = Director::test('testGoodBase1/getIterator');
|
|
$this->assertEquals(403, $response->getStatusCode());
|
|
}
|
|
|
|
public function testFormActionsCanBypassAllowedActions() {
|
|
SecurityToken::enable();
|
|
|
|
$response = $this->get('RequestHandlingTest_FormActionController');
|
|
$this->assertEquals(200, $response->getStatusCode());
|
|
$tokenEls = $this->cssParser()->getBySelector('#Form_Form_SecurityID');
|
|
$securityId = (string)$tokenEls[0]['value'];
|
|
|
|
$data = array('action_formaction' => 1);
|
|
$response = $this->post('RequestHandlingTest_FormActionController/Form', $data);
|
|
$this->assertEquals(400, $response->getStatusCode(),
|
|
'Should fail: Invocation through POST form handler, not contained in $allowed_actions, without CSRF token'
|
|
);
|
|
|
|
$data = array('action_disallowedcontrollermethod' => 1, 'SecurityID' => $securityId);
|
|
$response = $this->post('RequestHandlingTest_FormActionController/Form', $data);
|
|
$this->assertEquals(403, $response->getStatusCode(),
|
|
'Should fail: Invocation through POST form handler, controller action instead of form action,'
|
|
.' not contained in $allowed_actions, with CSRF token'
|
|
);
|
|
|
|
$data = array('action_formaction' => 1, 'SecurityID' => $securityId);
|
|
$response = $this->post('RequestHandlingTest_FormActionController/Form', $data);
|
|
$this->assertEquals(200, $response->getStatusCode());
|
|
$this->assertEquals('formaction', $response->getBody(),
|
|
'Should pass: Invocation through POST form handler, not contained in $allowed_actions, with CSRF token'
|
|
);
|
|
|
|
$data = array('action_controlleraction' => 1, 'SecurityID' => $securityId);
|
|
$response = $this->post('RequestHandlingTest_FormActionController/Form', $data);
|
|
$this->assertEquals(200, $response->getStatusCode(),
|
|
'Should pass: Invocation through POST form handler, controller action instead of form action, contained in'
|
|
. ' $allowed_actions, with CSRF token'
|
|
);
|
|
|
|
$data = array('action_formactionInAllowedActions' => 1);
|
|
$response = $this->post('RequestHandlingTest_FormActionController/Form', $data);
|
|
$this->assertEquals(400, $response->getStatusCode(),
|
|
'Should fail: Invocation through POST form handler, contained in $allowed_actions, without CSRF token'
|
|
);
|
|
|
|
$data = array('action_formactionInAllowedActions' => 1, 'SecurityID' => $securityId);
|
|
$response = $this->post('RequestHandlingTest_FormActionController/Form', $data);
|
|
$this->assertEquals(200, $response->getStatusCode(),
|
|
'Should pass: Invocation through POST form handler, contained in $allowed_actions, with CSRF token'
|
|
);
|
|
|
|
$data = array();
|
|
$response = $this->post('RequestHandlingTest_FormActionController/formaction', $data);
|
|
$this->assertEquals(404, $response->getStatusCode(),
|
|
'Should fail: Invocation through POST URL, not contained in $allowed_actions, without CSRF token'
|
|
);
|
|
|
|
$data = array();
|
|
$response = $this->post('RequestHandlingTest_FormActionController/formactionInAllowedActions', $data);
|
|
$this->assertEquals(200, $response->getStatusCode(),
|
|
'Should pass: Invocation of form action through POST URL, contained in $allowed_actions, without CSRF token'
|
|
);
|
|
|
|
$data = array('SecurityID' => $securityId);
|
|
$response = $this->post('RequestHandlingTest_FormActionController/formactionInAllowedActions', $data);
|
|
$this->assertEquals(200, $response->getStatusCode(),
|
|
'Should pass: Invocation of form action through POST URL, contained in $allowed_actions, with CSRF token'
|
|
);
|
|
|
|
$data = array(); // CSRF protection doesnt kick in for direct requests
|
|
$response = $this->post('RequestHandlingTest_FormActionController/formactionInAllowedActions', $data);
|
|
$this->assertEquals(200, $response->getStatusCode(),
|
|
'Should pass: Invocation of form action through POST URL, contained in $allowed_actions, without CSRF token'
|
|
);
|
|
|
|
SecurityToken::disable();
|
|
}
|
|
|
|
public function testAllowedActionsEnforcedOnForm() {
|
|
$data = array('action_allowedformaction' => 1);
|
|
$response = $this->post('RequestHandlingTest_ControllerFormWithAllowedActions/Form', $data);
|
|
$this->assertEquals(200, $response->getStatusCode());
|
|
$this->assertEquals('allowedformaction', $response->getBody());
|
|
|
|
$data = array('action_disallowedformaction' => 1);
|
|
$response = $this->post('RequestHandlingTest_ControllerFormWithAllowedActions/Form', $data);
|
|
$this->assertEquals(403, $response->getStatusCode());
|
|
// Note: Looks for a specific 403 thrown by Form->httpSubmission(), not RequestHandler->handleRequest()
|
|
$this->assertContains('not allowed on form', $response->getBody());
|
|
}
|
|
|
|
public function testActionHandlingOnField() {
|
|
$data = array('action_actionOnField' => 1);
|
|
$response = $this->post('RequestHandlingFieldTest_Controller/TestForm', $data);
|
|
$this->assertEquals(200, $response->getStatusCode());
|
|
$this->assertEquals('Test method on MyField', $response->getBody());
|
|
|
|
$data = array('action_actionNotAllowedOnField' => 1);
|
|
$response = $this->post('RequestHandlingFieldTest_Controller/TestForm', $data);
|
|
$this->assertEquals(404, $response->getStatusCode());
|
|
}
|
|
|
|
}
|
|
|
|
/**
|
|
* Director rules for the test
|
|
*/
|
|
Config::inst()->update('Director', 'rules', array(
|
|
// If we don't request any variables, then the whole URL will get shifted off. This is fine, but it means that the
|
|
// controller will have to parse the Action from the URL itself.
|
|
'testGoodBase1' => "RequestHandlingTest_Controller",
|
|
|
|
// The double-slash indicates how much of the URL should be shifted off the stack. This is important for dealing
|
|
// with nested request handlers appropriately.
|
|
'testGoodBase2//$Action/$ID/$OtherID' => "RequestHandlingTest_Controller",
|
|
|
|
// By default, the entire URL will be shifted off. This creates a bit of backward-incompatability, but makes the
|
|
// URL rules much more explicit.
|
|
'testBadBase/$Action/$ID/$OtherID' => "RequestHandlingTest_Controller",
|
|
|
|
// Rules with an extension always default to the index() action
|
|
'testBaseWithExtension/virtualfile.xml' => "RequestHandlingTest_Controller",
|
|
|
|
// Without the extension, the methodname should be matched
|
|
'testBaseWithExtension//$Action/$ID/$OtherID' => "RequestHandlingTest_Controller",
|
|
|
|
// Test nested base
|
|
'testParentBase/testChildBase//$Action/$ID/$OtherID' => "RequestHandlingTest_Controller",
|
|
));
|
|
|
|
/**
|
|
* Controller for the test
|
|
*/
|
|
class RequestHandlingTest_Controller extends Controller implements TestOnly {
|
|
static $url_handlers = array(
|
|
// The double-slash is need here to ensure that
|
|
'$Action//$ID/$OtherID' => "handleAction",
|
|
);
|
|
|
|
static $extensions = array(
|
|
'RequestHandlingTest_ControllerExtension',
|
|
'RequestHandlingTest_AllowedControllerExtension',
|
|
);
|
|
|
|
public function __construct() {
|
|
$this->failover = new RequestHandlingTest_ControllerFailover();
|
|
parent::__construct();
|
|
}
|
|
|
|
public function index($request) {
|
|
return "This is the controller";
|
|
}
|
|
|
|
public function method($request) {
|
|
return "This is a method on the controller: " . $request->param('ID') . ', ' . $request->param('OtherID');
|
|
}
|
|
|
|
public function legacymethod($request) {
|
|
return "\$this->urlParams can be used, for backward compatibility: " . $this->urlParams['ID'] . ', '
|
|
. $this->urlParams['OtherID'];
|
|
}
|
|
|
|
public function virtualfile($request) {
|
|
return "This is the virtualfile method";
|
|
}
|
|
|
|
public function TestForm() {
|
|
return new RequestHandlingTest_Form($this, "TestForm", new FieldList(
|
|
new RequestHandlingTest_FormField("MyField"),
|
|
new RequestHandlingTest_SubclassedFormField("SubclassedField")
|
|
), new FieldList(
|
|
new FormAction("myAction")
|
|
));
|
|
}
|
|
|
|
public function throwexception() {
|
|
throw new SS_HTTPResponse_Exception('This request was invalid.', 400);
|
|
}
|
|
|
|
public function throwresponseexception() {
|
|
throw new SS_HTTPResponse_Exception(new SS_HTTPResponse('There was an internal server error.', 500));
|
|
}
|
|
|
|
public function throwhttperror() {
|
|
$this->httpError(404, 'This page does not exist.');
|
|
}
|
|
|
|
public function getViewer($action) {
|
|
return new SSViewer('BlankPage');
|
|
}
|
|
}
|
|
|
|
class RequestHandlingTest_FormActionController extends Controller {
|
|
|
|
protected $template = 'BlankPage';
|
|
|
|
static $allowed_actions = array(
|
|
'controlleraction',
|
|
'Form',
|
|
'formactionInAllowedActions'
|
|
//'formaction', // left out, implicitly allowed through form action
|
|
);
|
|
|
|
public function Link($action = null) {
|
|
return Controller::join_links('RequestHandlingTest_FormActionController', $action);
|
|
}
|
|
|
|
public function controlleraction($request) {
|
|
return 'controlleraction';
|
|
}
|
|
|
|
public function disallowedcontrollermethod() {
|
|
return 'disallowedcontrollermethod';
|
|
}
|
|
|
|
public function Form() {
|
|
return new Form(
|
|
$this,
|
|
"Form",
|
|
new FieldList(
|
|
new TextField("MyField")
|
|
),
|
|
new FieldList(
|
|
new FormAction("formaction"),
|
|
new FormAction('formactionInAllowedActions')
|
|
)
|
|
);
|
|
}
|
|
|
|
/**
|
|
* @param $data
|
|
* @param $form Made optional to simulate error behaviour in "live" environment
|
|
* (missing arguments don't throw a fatal error there)
|
|
*/
|
|
public function formaction($data, $form = null) {
|
|
return 'formaction';
|
|
}
|
|
|
|
public function formactionInAllowedActions($data, $form = null) {
|
|
return 'formactionInAllowedActions';
|
|
}
|
|
|
|
public function getViewer($action = null) {
|
|
return new SSViewer('BlankPage');
|
|
}
|
|
|
|
}
|
|
|
|
/**
|
|
* Simple extension for the test controller
|
|
*/
|
|
class RequestHandlingTest_ControllerExtension extends Extension {
|
|
public function extendedMethod() {
|
|
return "extendedMethod";
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Controller for the test
|
|
*/
|
|
class RequestHandlingTest_AllowedController extends Controller implements TestOnly {
|
|
static $url_handlers = array(
|
|
// The double-slash is need here to ensure that
|
|
'$Action//$ID/$OtherID' => "handleAction",
|
|
);
|
|
|
|
static $allowed_actions = array(
|
|
'failoverMethod', // part of the failover object
|
|
'extendedMethod', // part of the RequestHandlingTest_ControllerExtension object
|
|
);
|
|
|
|
static $extensions = array(
|
|
'RequestHandlingTest_ControllerExtension',
|
|
'RequestHandlingTest_AllowedControllerExtension',
|
|
);
|
|
|
|
public function __construct() {
|
|
$this->failover = new RequestHandlingTest_ControllerFailover();
|
|
parent::__construct();
|
|
}
|
|
|
|
public function index($request) {
|
|
return "This is the controller";
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Simple extension for the test controller - with allowed_actions define
|
|
*/
|
|
class RequestHandlingTest_AllowedControllerExtension extends Extension {
|
|
static $allowed_actions = array(
|
|
'otherExtendedMethod'
|
|
);
|
|
|
|
public function otherExtendedMethod() {
|
|
return "otherExtendedMethod";
|
|
}
|
|
}
|
|
|
|
class RequestHandlingTest_ControllerFailover extends ViewableData {
|
|
public function failoverMethod() {
|
|
return "failoverMethod";
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Form for the test
|
|
*/
|
|
class RequestHandlingTest_Form extends Form {
|
|
static $url_handlers = array(
|
|
'fields/$FieldName' => 'handleField',
|
|
"POST " => "handleSubmission",
|
|
"GET " => "handleGet",
|
|
);
|
|
|
|
// These are a different case from those in url_handlers to confirm that it's all case-insensitive
|
|
static $allowed_actions = array(
|
|
'handlesubmission',
|
|
'handlefield',
|
|
'handleget',
|
|
);
|
|
|
|
public function handleField($request) {
|
|
return $this->Fields()->dataFieldByName($request->param('FieldName'));
|
|
}
|
|
|
|
public function handleSubmission($request) {
|
|
return "Form posted";
|
|
}
|
|
|
|
public function handleGet($request) {
|
|
return "Get request on form";
|
|
}
|
|
}
|
|
|
|
class RequestHandlingTest_ControllerFormWithAllowedActions extends Controller implements TestOnly {
|
|
|
|
public function Form() {
|
|
return new RequestHandlingTest_FormWithAllowedActions(
|
|
$this,
|
|
'Form',
|
|
new FieldList(),
|
|
new FieldList(
|
|
new FormAction('allowedformaction'),
|
|
new FormAction('disallowedformaction') // disallowed through $allowed_actions in form
|
|
)
|
|
);
|
|
}
|
|
}
|
|
|
|
class RequestHandlingTest_FormWithAllowedActions extends Form {
|
|
|
|
static $allowed_actions = array(
|
|
'allowedformaction' => 1,
|
|
'httpSubmission' => 1, // TODO This should be an exception on the parent class
|
|
);
|
|
|
|
public function allowedformaction() {
|
|
return 'allowedformaction';
|
|
}
|
|
|
|
public function disallowedformaction() {
|
|
return 'disallowedformaction';
|
|
}
|
|
}
|
|
|
|
|
|
/**
|
|
* Form field for the test
|
|
*/
|
|
class RequestHandlingTest_FormField extends FormField {
|
|
static $url_handlers = array(
|
|
"POST " => "handleInPlaceEdit",
|
|
'' => 'handleField',
|
|
'$Action' => '$Action',
|
|
);
|
|
|
|
// These contain uppercase letters to test that allowed_actions doesn't need to be all lowercase
|
|
static $allowed_actions = array(
|
|
'TEST',
|
|
'handleField',
|
|
'handleInPLACEEDIT',
|
|
);
|
|
|
|
public function test() {
|
|
return "Test method on $this->name";
|
|
}
|
|
|
|
public function handleField() {
|
|
return "$this->name requested";
|
|
}
|
|
|
|
public function handleInPlaceEdit($request) {
|
|
return "$this->name posted, update to " . $request->postVar($this->name);
|
|
}
|
|
}
|
|
|
|
|
|
/**
|
|
* Form field for the test
|
|
*/
|
|
class RequestHandlingTest_SubclassedFormField extends RequestHandlingTest_FormField {
|
|
// We have some url_handlers defined that override RequestHandlingTest_FormField handlers.
|
|
// We will confirm that the url_handlers inherit.
|
|
static $url_handlers = array(
|
|
'something' => 'customSomething',
|
|
);
|
|
|
|
|
|
public function customSomething() {
|
|
return "customSomething";
|
|
}
|
|
}
|
|
|
|
|
|
/**
|
|
* Controller for the test
|
|
*/
|
|
class RequestHandlingFieldTest_Controller extends Controller implements TestOnly {
|
|
|
|
public function TestForm() {
|
|
return new Form($this, "TestForm", new FieldList(
|
|
new RequestHandlingTest_HandlingField("MyField")
|
|
), new FieldList(
|
|
new FormAction("myAction")
|
|
));
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Form field for the test
|
|
*/
|
|
class RequestHandlingTest_HandlingField extends FormField {
|
|
|
|
static $allowed_actions = array(
|
|
'actionOnField'
|
|
);
|
|
|
|
public function actionOnField() {
|
|
return "Test method on $this->name";
|
|
}
|
|
}
|