2021-06-26 11:23:15 -04:00
|
|
|
<?php
|
2016-07-01 15:11:49 -04:00
|
|
|
|
2021-06-26 11:23:15 -04:00
|
|
|
namespace Tests\Uploads;
|
|
|
|
|
2018-10-13 06:27:55 -04:00
|
|
|
use BookStack\Entities\Repos\PageRepo;
|
2018-09-25 07:30:50 -04:00
|
|
|
use BookStack\Uploads\Image;
|
|
|
|
use BookStack\Uploads\ImageService;
|
2019-09-13 18:58:40 -04:00
|
|
|
use Illuminate\Support\Str;
|
2018-12-23 10:34:38 -05:00
|
|
|
use Tests\TestCase;
|
2018-01-28 08:18:28 -05:00
|
|
|
|
|
|
|
class ImageTest extends TestCase
|
2016-07-01 15:11:49 -04:00
|
|
|
{
|
|
|
|
public function test_image_upload()
|
|
|
|
{
|
2022-09-29 12:31:38 -04:00
|
|
|
$page = $this->entities->page();
|
2023-01-21 06:08:34 -05:00
|
|
|
$admin = $this->users->admin();
|
2018-01-28 08:27:41 -05:00
|
|
|
$this->actingAs($admin);
|
|
|
|
|
2023-02-08 09:39:13 -05:00
|
|
|
$imgDetails = $this->files->uploadGalleryImageToPage($this, $page);
|
2019-05-04 13:11:00 -04:00
|
|
|
$relPath = $imgDetails['path'];
|
2016-07-01 15:11:49 -04:00
|
|
|
|
2021-06-26 11:23:15 -04:00
|
|
|
$this->assertTrue(file_exists(public_path($relPath)), 'Uploaded image found at path: ' . public_path($relPath));
|
2016-07-01 15:11:49 -04:00
|
|
|
|
2023-02-08 09:39:13 -05:00
|
|
|
$this->files->deleteAtRelativePath($relPath);
|
2016-09-17 13:22:04 -04:00
|
|
|
|
2018-01-28 08:18:28 -05:00
|
|
|
$this->assertDatabaseHas('images', [
|
2021-06-26 11:23:15 -04:00
|
|
|
'url' => $this->baseUrl . $relPath,
|
|
|
|
'type' => 'gallery',
|
2016-07-01 15:11:49 -04:00
|
|
|
'uploaded_to' => $page->id,
|
2021-06-26 11:23:15 -04:00
|
|
|
'path' => $relPath,
|
|
|
|
'created_by' => $admin->id,
|
|
|
|
'updated_by' => $admin->id,
|
|
|
|
'name' => $imgDetails['name'],
|
2019-05-04 13:11:00 -04:00
|
|
|
]);
|
|
|
|
}
|
|
|
|
|
2019-12-22 07:44:49 -05:00
|
|
|
public function test_image_display_thumbnail_generation_does_not_increase_image_size()
|
|
|
|
{
|
2022-09-29 12:31:38 -04:00
|
|
|
$page = $this->entities->page();
|
2023-01-21 06:08:34 -05:00
|
|
|
$admin = $this->users->admin();
|
2019-12-22 07:44:49 -05:00
|
|
|
$this->actingAs($admin);
|
|
|
|
|
2023-02-08 09:39:13 -05:00
|
|
|
$originalFile = $this->files->testFilePath('compressed.png');
|
2019-12-22 07:44:49 -05:00
|
|
|
$originalFileSize = filesize($originalFile);
|
2023-02-08 09:39:13 -05:00
|
|
|
$imgDetails = $this->files->uploadGalleryImageToPage($this, $page, 'compressed.png');
|
2019-12-22 07:44:49 -05:00
|
|
|
$relPath = $imgDetails['path'];
|
|
|
|
|
2021-06-26 11:23:15 -04:00
|
|
|
$this->assertTrue(file_exists(public_path($relPath)), 'Uploaded image found at path: ' . public_path($relPath));
|
2019-12-22 07:44:49 -05:00
|
|
|
$displayImage = $imgDetails['response']->thumbs->display;
|
|
|
|
|
|
|
|
$displayImageRelPath = implode('/', array_slice(explode('/', $displayImage), 3));
|
|
|
|
$displayImagePath = public_path($displayImageRelPath);
|
|
|
|
$displayFileSize = filesize($displayImagePath);
|
|
|
|
|
2023-02-08 09:39:13 -05:00
|
|
|
$this->files->deleteAtRelativePath($relPath);
|
|
|
|
$this->files->deleteAtRelativePath($displayImageRelPath);
|
2019-12-22 07:44:49 -05:00
|
|
|
|
|
|
|
$this->assertEquals($originalFileSize, $displayFileSize, 'Display thumbnail generation should not increase image size');
|
|
|
|
}
|
|
|
|
|
2022-01-04 08:10:35 -05:00
|
|
|
public function test_image_display_thumbnail_generation_for_apng_images_uses_original_file()
|
|
|
|
{
|
2022-09-29 12:31:38 -04:00
|
|
|
$page = $this->entities->page();
|
2023-01-21 06:08:34 -05:00
|
|
|
$admin = $this->users->admin();
|
2022-01-04 08:10:35 -05:00
|
|
|
$this->actingAs($admin);
|
|
|
|
|
2023-02-08 09:39:13 -05:00
|
|
|
$imgDetails = $this->files->uploadGalleryImageToPage($this, $page, 'animated.png');
|
|
|
|
$this->files->deleteAtRelativePath($imgDetails['path']);
|
2022-01-04 08:10:35 -05:00
|
|
|
|
|
|
|
$this->assertStringContainsString('thumbs-', $imgDetails['response']->thumbs->gallery);
|
|
|
|
$this->assertStringNotContainsString('thumbs-', $imgDetails['response']->thumbs->display);
|
|
|
|
}
|
|
|
|
|
2019-05-04 13:11:00 -04:00
|
|
|
public function test_image_edit()
|
|
|
|
{
|
2023-01-21 06:08:34 -05:00
|
|
|
$editor = $this->users->editor();
|
2019-05-04 13:11:00 -04:00
|
|
|
$this->actingAs($editor);
|
|
|
|
|
2023-02-08 09:39:13 -05:00
|
|
|
$imgDetails = $this->files->uploadGalleryImageToPage($this, $this->entities->page());
|
2019-05-04 13:11:00 -04:00
|
|
|
$image = Image::query()->first();
|
|
|
|
|
2019-09-13 18:58:40 -04:00
|
|
|
$newName = Str::random();
|
2019-05-04 13:11:00 -04:00
|
|
|
$update = $this->put('/images/' . $image->id, ['name' => $newName]);
|
|
|
|
$update->assertSuccessful();
|
2020-07-24 19:20:58 -04:00
|
|
|
$update->assertSee($newName);
|
2019-05-04 13:11:00 -04:00
|
|
|
|
2023-02-08 09:39:13 -05:00
|
|
|
$this->files->deleteAtRelativePath($imgDetails['path']);
|
2019-05-04 13:11:00 -04:00
|
|
|
|
|
|
|
$this->assertDatabaseHas('images', [
|
|
|
|
'type' => 'gallery',
|
2021-06-26 11:23:15 -04:00
|
|
|
'name' => $newName,
|
2016-07-01 15:11:49 -04:00
|
|
|
]);
|
2018-03-25 07:41:52 -04:00
|
|
|
}
|
2016-09-17 13:22:04 -04:00
|
|
|
|
2023-05-28 12:32:22 -04:00
|
|
|
public function test_image_file_update()
|
|
|
|
{
|
|
|
|
$page = $this->entities->page();
|
|
|
|
$this->asEditor();
|
|
|
|
|
|
|
|
$imgDetails = $this->files->uploadGalleryImageToPage($this, $page);
|
|
|
|
$relPath = $imgDetails['path'];
|
|
|
|
|
|
|
|
$newUpload = $this->files->uploadedImage('updated-image.png', 'compressed.png');
|
|
|
|
$this->assertFileEquals($this->files->testFilePath('test-image.png'), public_path($relPath));
|
|
|
|
|
|
|
|
$imageId = $imgDetails['response']->id;
|
|
|
|
$this->call('PUT', "/images/{$imageId}/file", [], [], ['file' => $newUpload])
|
|
|
|
->assertOk();
|
|
|
|
|
|
|
|
$this->assertFileEquals($this->files->testFilePath('compressed.png'), public_path($relPath));
|
|
|
|
|
|
|
|
$this->files->deleteAtRelativePath($relPath);
|
|
|
|
}
|
|
|
|
|
|
|
|
public function test_image_file_update_does_not_allow_change_in_image_extension()
|
|
|
|
{
|
|
|
|
$page = $this->entities->page();
|
|
|
|
$this->asEditor();
|
|
|
|
|
|
|
|
$imgDetails = $this->files->uploadGalleryImageToPage($this, $page);
|
|
|
|
$relPath = $imgDetails['path'];
|
|
|
|
$newUpload = $this->files->uploadedImage('updated-image.jpg', 'compressed.png');
|
|
|
|
|
|
|
|
$imageId = $imgDetails['response']->id;
|
|
|
|
$this->call('PUT', "/images/{$imageId}/file", [], [], ['file' => $newUpload])
|
|
|
|
->assertJson([
|
|
|
|
"message" => "Image file replacements must be of the same type",
|
|
|
|
"status" => "error",
|
|
|
|
]);
|
|
|
|
|
|
|
|
$this->files->deleteAtRelativePath($relPath);
|
|
|
|
}
|
|
|
|
|
2019-05-04 13:11:00 -04:00
|
|
|
public function test_gallery_get_list_format()
|
|
|
|
{
|
|
|
|
$this->asEditor();
|
|
|
|
|
2023-02-08 09:39:13 -05:00
|
|
|
$imgDetails = $this->files->uploadGalleryImageToPage($this, $this->entities->page());
|
2019-05-04 13:11:00 -04:00
|
|
|
$image = Image::query()->first();
|
|
|
|
|
|
|
|
$pageId = $imgDetails['page']->id;
|
|
|
|
$firstPageRequest = $this->get("/images/gallery?page=1&uploaded_to={$pageId}");
|
2022-07-23 10:10:18 -04:00
|
|
|
$firstPageRequest->assertSuccessful();
|
|
|
|
$this->withHtml($firstPageRequest)->assertElementExists('div');
|
2020-07-24 19:20:58 -04:00
|
|
|
$firstPageRequest->assertSuccessful()->assertSeeText($image->name);
|
2019-05-04 13:11:00 -04:00
|
|
|
|
|
|
|
$secondPageRequest = $this->get("/images/gallery?page=2&uploaded_to={$pageId}");
|
2022-07-23 10:10:18 -04:00
|
|
|
$secondPageRequest->assertSuccessful();
|
|
|
|
$this->withHtml($secondPageRequest)->assertElementNotExists('div');
|
2019-05-04 13:11:00 -04:00
|
|
|
|
|
|
|
$namePartial = substr($imgDetails['name'], 0, 3);
|
|
|
|
$searchHitRequest = $this->get("/images/gallery?page=1&uploaded_to={$pageId}&search={$namePartial}");
|
2020-07-24 19:20:58 -04:00
|
|
|
$searchHitRequest->assertSuccessful()->assertSee($imgDetails['name']);
|
2019-05-04 13:11:00 -04:00
|
|
|
|
2019-09-13 18:58:40 -04:00
|
|
|
$namePartial = Str::random(16);
|
2020-07-24 19:20:58 -04:00
|
|
|
$searchFailRequest = $this->get("/images/gallery?page=1&uploaded_to={$pageId}&search={$namePartial}");
|
|
|
|
$searchFailRequest->assertSuccessful()->assertDontSee($imgDetails['name']);
|
2022-07-23 10:10:18 -04:00
|
|
|
$searchFailRequest->assertSuccessful();
|
|
|
|
$this->withHtml($searchFailRequest)->assertElementNotExists('div');
|
2019-05-04 13:11:00 -04:00
|
|
|
}
|
|
|
|
|
2023-02-16 12:57:34 -05:00
|
|
|
public function test_image_gallery_lists_for_draft_page()
|
|
|
|
{
|
|
|
|
$this->actingAs($this->users->editor());
|
|
|
|
$draft = $this->entities->newDraftPage();
|
|
|
|
$this->files->uploadGalleryImageToPage($this, $draft);
|
|
|
|
$image = Image::query()->where('uploaded_to', '=', $draft->id)->firstOrFail();
|
|
|
|
|
|
|
|
$resp = $this->get("/images/gallery?page=1&uploaded_to={$draft->id}");
|
|
|
|
$resp->assertSee($image->getThumb(150, 150));
|
|
|
|
}
|
|
|
|
|
2019-05-04 13:11:00 -04:00
|
|
|
public function test_image_usage()
|
|
|
|
{
|
2022-09-29 12:31:38 -04:00
|
|
|
$page = $this->entities->page();
|
2023-01-21 06:08:34 -05:00
|
|
|
$editor = $this->users->editor();
|
2019-05-04 13:11:00 -04:00
|
|
|
$this->actingAs($editor);
|
|
|
|
|
2023-02-08 09:39:13 -05:00
|
|
|
$imgDetails = $this->files->uploadGalleryImageToPage($this, $page);
|
2019-05-04 13:11:00 -04:00
|
|
|
|
|
|
|
$image = Image::query()->first();
|
2021-06-26 11:23:15 -04:00
|
|
|
$page->html = '<img src="' . $image->url . '">';
|
2019-05-04 13:11:00 -04:00
|
|
|
$page->save();
|
|
|
|
|
2020-07-24 19:20:58 -04:00
|
|
|
$usage = $this->get('/images/edit/' . $image->id . '?delete=true');
|
2019-05-04 13:11:00 -04:00
|
|
|
$usage->assertSuccessful();
|
2020-07-24 19:20:58 -04:00
|
|
|
$usage->assertSeeText($page->name);
|
|
|
|
$usage->assertSee($page->getUrl());
|
2019-05-04 13:11:00 -04:00
|
|
|
|
2023-02-08 09:39:13 -05:00
|
|
|
$this->files->deleteAtRelativePath($imgDetails['path']);
|
2019-05-04 13:11:00 -04:00
|
|
|
}
|
|
|
|
|
2019-03-20 19:59:55 -04:00
|
|
|
public function test_php_files_cannot_be_uploaded()
|
|
|
|
{
|
2022-09-29 12:31:38 -04:00
|
|
|
$page = $this->entities->page();
|
2023-01-21 06:08:34 -05:00
|
|
|
$admin = $this->users->admin();
|
2019-03-20 19:59:55 -04:00
|
|
|
$this->actingAs($admin);
|
|
|
|
|
|
|
|
$fileName = 'bad.php';
|
2023-02-08 09:39:13 -05:00
|
|
|
$relPath = $this->files->expectedImagePath('gallery', $fileName);
|
|
|
|
$this->files->deleteAtRelativePath($relPath);
|
2019-03-20 19:59:55 -04:00
|
|
|
|
2023-02-08 09:39:13 -05:00
|
|
|
$file = $this->files->imageFromBase64File('bad-php.base64', $fileName);
|
2019-05-04 13:11:00 -04:00
|
|
|
$upload = $this->withHeader('Content-Type', 'image/jpeg')->call('POST', '/images/gallery', ['uploaded_to' => $page->id], [], ['file' => $file], []);
|
2023-04-27 08:31:03 -04:00
|
|
|
$upload->assertStatus(500);
|
|
|
|
$this->assertStringContainsString('The file must have a valid & supported image extension', $upload->json('message'));
|
2019-03-20 19:59:55 -04:00
|
|
|
|
|
|
|
$this->assertFalse(file_exists(public_path($relPath)), 'Uploaded php file was uploaded but should have been stopped');
|
|
|
|
|
|
|
|
$this->assertDatabaseMissing('images', [
|
|
|
|
'type' => 'gallery',
|
2021-06-26 11:23:15 -04:00
|
|
|
'name' => $fileName,
|
2019-03-20 19:59:55 -04:00
|
|
|
]);
|
|
|
|
}
|
|
|
|
|
2019-03-21 15:43:15 -04:00
|
|
|
public function test_php_like_files_cannot_be_uploaded()
|
|
|
|
{
|
2022-09-29 12:31:38 -04:00
|
|
|
$page = $this->entities->page();
|
2023-01-21 06:08:34 -05:00
|
|
|
$admin = $this->users->admin();
|
2019-03-21 15:43:15 -04:00
|
|
|
$this->actingAs($admin);
|
|
|
|
|
|
|
|
$fileName = 'bad.phtml';
|
2023-02-08 09:39:13 -05:00
|
|
|
$relPath = $this->files->expectedImagePath('gallery', $fileName);
|
|
|
|
$this->files->deleteAtRelativePath($relPath);
|
2019-03-21 15:43:15 -04:00
|
|
|
|
2023-02-08 09:39:13 -05:00
|
|
|
$file = $this->files->imageFromBase64File('bad-phtml.base64', $fileName);
|
2019-05-04 13:11:00 -04:00
|
|
|
$upload = $this->withHeader('Content-Type', 'image/jpeg')->call('POST', '/images/gallery', ['uploaded_to' => $page->id], [], ['file' => $file], []);
|
2023-04-27 08:31:03 -04:00
|
|
|
$upload->assertStatus(500);
|
|
|
|
$this->assertStringContainsString('The file must have a valid & supported image extension', $upload->json('message'));
|
2019-03-21 15:43:15 -04:00
|
|
|
|
|
|
|
$this->assertFalse(file_exists(public_path($relPath)), 'Uploaded php file was uploaded but should have been stopped');
|
2019-03-24 15:07:18 -04:00
|
|
|
}
|
2019-03-21 15:43:15 -04:00
|
|
|
|
2021-03-04 15:45:56 -05:00
|
|
|
public function test_files_with_double_extensions_will_get_sanitized()
|
2019-03-24 15:07:18 -04:00
|
|
|
{
|
2022-09-29 12:31:38 -04:00
|
|
|
$page = $this->entities->page();
|
2023-01-21 06:08:34 -05:00
|
|
|
$admin = $this->users->admin();
|
2019-03-24 15:07:18 -04:00
|
|
|
$this->actingAs($admin);
|
|
|
|
|
|
|
|
$fileName = 'bad.phtml.png';
|
2023-02-08 09:39:13 -05:00
|
|
|
$relPath = $this->files->expectedImagePath('gallery', $fileName);
|
2021-03-14 19:20:21 -04:00
|
|
|
$expectedRelPath = dirname($relPath) . '/bad-phtml.png';
|
2023-02-08 09:39:13 -05:00
|
|
|
$this->files->deleteAtRelativePath($expectedRelPath);
|
2019-03-24 15:07:18 -04:00
|
|
|
|
2023-02-08 09:39:13 -05:00
|
|
|
$file = $this->files->imageFromBase64File('bad-phtml-png.base64', $fileName);
|
2019-05-04 13:11:00 -04:00
|
|
|
$upload = $this->withHeader('Content-Type', 'image/png')->call('POST', '/images/gallery', ['uploaded_to' => $page->id], [], ['file' => $file], []);
|
2021-03-04 15:45:56 -05:00
|
|
|
$upload->assertStatus(200);
|
|
|
|
|
|
|
|
$lastImage = Image::query()->latest('id')->first();
|
|
|
|
|
2021-03-14 19:20:21 -04:00
|
|
|
$this->assertEquals('bad.phtml.png', $lastImage->name);
|
|
|
|
$this->assertEquals('bad-phtml.png', basename($lastImage->path));
|
2021-03-20 11:35:39 -04:00
|
|
|
$this->assertFileDoesNotExist(public_path($relPath), 'Uploaded image file name was not stripped of dots');
|
2021-03-14 19:20:21 -04:00
|
|
|
$this->assertFileExists(public_path($expectedRelPath));
|
2019-03-24 15:07:18 -04:00
|
|
|
|
2023-02-08 09:39:13 -05:00
|
|
|
$this->files->deleteAtRelativePath($lastImage->path);
|
2019-03-21 15:43:15 -04:00
|
|
|
}
|
|
|
|
|
2020-07-25 06:18:40 -04:00
|
|
|
public function test_url_entities_removed_from_filenames()
|
|
|
|
{
|
|
|
|
$this->asEditor();
|
|
|
|
$badNames = [
|
2021-06-26 11:23:15 -04:00
|
|
|
'bad-char-#-image.png',
|
|
|
|
'bad-char-?-image.png',
|
|
|
|
'?#.png',
|
|
|
|
'?.png',
|
|
|
|
'#.png',
|
2020-07-25 06:18:40 -04:00
|
|
|
];
|
|
|
|
foreach ($badNames as $name) {
|
2023-02-08 09:39:13 -05:00
|
|
|
$galleryFile = $this->files->uploadedImage($name);
|
2022-09-29 12:31:38 -04:00
|
|
|
$page = $this->entities->page();
|
2023-02-08 09:39:13 -05:00
|
|
|
$badPath = $this->files->expectedImagePath('gallery', $name);
|
|
|
|
$this->files->deleteAtRelativePath($badPath);
|
2020-07-25 06:18:40 -04:00
|
|
|
|
|
|
|
$upload = $this->call('POST', '/images/gallery', ['uploaded_to' => $page->id], [], ['file' => $galleryFile], []);
|
|
|
|
$upload->assertStatus(200);
|
|
|
|
|
|
|
|
$lastImage = Image::query()->latest('id')->first();
|
|
|
|
$newFileName = explode('.', basename($lastImage->path))[0];
|
|
|
|
|
|
|
|
$this->assertEquals($lastImage->name, $name);
|
|
|
|
$this->assertFalse(strpos($lastImage->path, $name), 'Path contains original image name');
|
|
|
|
$this->assertFalse(file_exists(public_path($badPath)), 'Uploaded image file name was not stripped of url entities');
|
|
|
|
|
|
|
|
$this->assertTrue(strlen($newFileName) > 0, 'File name was reduced to nothing');
|
|
|
|
|
2023-02-08 09:39:13 -05:00
|
|
|
$this->files->deleteAtRelativePath($lastImage->path);
|
2020-07-25 06:18:40 -04:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2018-03-25 07:41:52 -04:00
|
|
|
public function test_secure_images_uploads_to_correct_place()
|
|
|
|
{
|
2019-06-23 11:01:15 -04:00
|
|
|
config()->set('filesystems.images', 'local_secure');
|
2018-03-25 07:41:52 -04:00
|
|
|
$this->asEditor();
|
2023-02-08 09:39:13 -05:00
|
|
|
$galleryFile = $this->files->uploadedImage('my-secure-test-upload.png');
|
2022-09-29 12:31:38 -04:00
|
|
|
$page = $this->entities->page();
|
2021-06-26 11:23:15 -04:00
|
|
|
$expectedPath = storage_path('uploads/images/gallery/' . date('Y-m') . '/my-secure-test-upload.png');
|
2018-03-25 07:41:52 -04:00
|
|
|
|
2019-05-04 13:11:00 -04:00
|
|
|
$upload = $this->call('POST', '/images/gallery', ['uploaded_to' => $page->id], [], ['file' => $galleryFile], []);
|
2018-03-25 07:41:52 -04:00
|
|
|
$upload->assertStatus(200);
|
|
|
|
|
2021-06-26 11:23:15 -04:00
|
|
|
$this->assertTrue(file_exists($expectedPath), 'Uploaded image not found at path: ' . $expectedPath);
|
2018-03-25 07:41:52 -04:00
|
|
|
|
|
|
|
if (file_exists($expectedPath)) {
|
|
|
|
unlink($expectedPath);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2021-10-31 19:53:17 -04:00
|
|
|
public function test_secure_image_paths_traversal_causes_500()
|
|
|
|
{
|
|
|
|
config()->set('filesystems.images', 'local_secure');
|
|
|
|
$this->asEditor();
|
|
|
|
|
|
|
|
$resp = $this->get('/uploads/images/../../logs/laravel.log');
|
|
|
|
$resp->assertStatus(500);
|
|
|
|
}
|
|
|
|
|
|
|
|
public function test_secure_image_paths_traversal_on_non_secure_images_causes_404()
|
|
|
|
{
|
|
|
|
config()->set('filesystems.images', 'local');
|
|
|
|
$this->asEditor();
|
|
|
|
|
|
|
|
$resp = $this->get('/uploads/images/../../logs/laravel.log');
|
|
|
|
$resp->assertStatus(404);
|
|
|
|
}
|
|
|
|
|
|
|
|
public function test_secure_image_paths_dont_serve_non_images()
|
|
|
|
{
|
|
|
|
config()->set('filesystems.images', 'local_secure');
|
|
|
|
$this->asEditor();
|
|
|
|
|
|
|
|
$testFilePath = storage_path('/uploads/images/testing.txt');
|
|
|
|
file_put_contents($testFilePath, 'hello from test_secure_image_paths_dont_serve_non_images');
|
|
|
|
|
|
|
|
$resp = $this->get('/uploads/images/testing.txt');
|
|
|
|
$resp->assertStatus(404);
|
|
|
|
}
|
|
|
|
|
2018-04-22 07:23:43 -04:00
|
|
|
public function test_secure_images_included_in_exports()
|
|
|
|
{
|
2019-06-23 11:01:15 -04:00
|
|
|
config()->set('filesystems.images', 'local_secure');
|
2018-04-22 07:23:43 -04:00
|
|
|
$this->asEditor();
|
2023-02-08 09:39:13 -05:00
|
|
|
$galleryFile = $this->files->uploadedImage('my-secure-test-upload.png');
|
2022-09-29 12:31:38 -04:00
|
|
|
$page = $this->entities->page();
|
2021-06-26 11:23:15 -04:00
|
|
|
$expectedPath = storage_path('uploads/images/gallery/' . date('Y-m') . '/my-secure-test-upload.png');
|
2018-04-22 07:23:43 -04:00
|
|
|
|
2019-05-04 13:11:00 -04:00
|
|
|
$upload = $this->call('POST', '/images/gallery', ['uploaded_to' => $page->id], [], ['file' => $galleryFile], []);
|
2018-04-22 07:23:43 -04:00
|
|
|
$imageUrl = json_decode($upload->getContent(), true)['url'];
|
|
|
|
$page->html .= "<img src=\"{$imageUrl}\">";
|
|
|
|
$page->save();
|
|
|
|
$upload->assertStatus(200);
|
|
|
|
|
|
|
|
$encodedImageContent = base64_encode(file_get_contents($expectedPath));
|
|
|
|
$export = $this->get($page->getUrl('/export/html'));
|
2019-09-13 18:58:40 -04:00
|
|
|
$this->assertTrue(strpos($export->getContent(), $encodedImageContent) !== false, 'Uploaded image in export content');
|
2018-04-22 07:23:43 -04:00
|
|
|
|
|
|
|
if (file_exists($expectedPath)) {
|
|
|
|
unlink($expectedPath);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2022-11-10 09:15:59 -05:00
|
|
|
public function test_system_images_remain_public_with_local_secure()
|
2018-03-25 07:41:52 -04:00
|
|
|
{
|
2019-06-23 11:01:15 -04:00
|
|
|
config()->set('filesystems.images', 'local_secure');
|
2019-05-04 13:11:00 -04:00
|
|
|
$this->asAdmin();
|
2023-02-08 09:39:13 -05:00
|
|
|
$galleryFile = $this->files->uploadedImage('my-system-test-upload.png');
|
2021-06-26 11:23:15 -04:00
|
|
|
$expectedPath = public_path('uploads/images/system/' . date('Y-m') . '/my-system-test-upload.png');
|
2018-03-25 07:41:52 -04:00
|
|
|
|
2022-03-28 06:09:55 -04:00
|
|
|
$upload = $this->call('POST', '/settings/customization', [], [], ['app_logo' => $galleryFile], []);
|
|
|
|
$upload->assertRedirect('/settings/customization');
|
2022-11-10 09:15:59 -05:00
|
|
|
|
|
|
|
$this->assertTrue(file_exists($expectedPath), 'Uploaded image not found at path: ' . $expectedPath);
|
|
|
|
|
|
|
|
if (file_exists($expectedPath)) {
|
|
|
|
unlink($expectedPath);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
public function test_system_images_remain_public_with_local_secure_restricted()
|
|
|
|
{
|
|
|
|
config()->set('filesystems.images', 'local_secure_restricted');
|
|
|
|
$this->asAdmin();
|
2023-02-08 09:39:13 -05:00
|
|
|
$galleryFile = $this->files->uploadedImage('my-system-test-restricted-upload.png');
|
2022-11-10 09:15:59 -05:00
|
|
|
$expectedPath = public_path('uploads/images/system/' . date('Y-m') . '/my-system-test-restricted-upload.png');
|
|
|
|
|
|
|
|
$upload = $this->call('POST', '/settings/customization', [], [], ['app_logo' => $galleryFile], []);
|
|
|
|
$upload->assertRedirect('/settings/customization');
|
2018-03-25 07:41:52 -04:00
|
|
|
|
2021-06-26 11:23:15 -04:00
|
|
|
$this->assertTrue(file_exists($expectedPath), 'Uploaded image not found at path: ' . $expectedPath);
|
2018-03-25 07:41:52 -04:00
|
|
|
|
|
|
|
if (file_exists($expectedPath)) {
|
|
|
|
unlink($expectedPath);
|
|
|
|
}
|
2016-07-01 15:11:49 -04:00
|
|
|
}
|
|
|
|
|
2022-09-02 09:03:23 -04:00
|
|
|
public function test_secure_restricted_images_inaccessible_without_relation_permission()
|
|
|
|
{
|
|
|
|
config()->set('filesystems.images', 'local_secure_restricted');
|
|
|
|
$this->asEditor();
|
2023-02-08 09:39:13 -05:00
|
|
|
$galleryFile = $this->files->uploadedImage('my-secure-restricted-test-upload.png');
|
2022-09-29 12:31:38 -04:00
|
|
|
$page = $this->entities->page();
|
2022-09-02 09:03:23 -04:00
|
|
|
|
|
|
|
$upload = $this->call('POST', '/images/gallery', ['uploaded_to' => $page->id], [], ['file' => $galleryFile], []);
|
|
|
|
$upload->assertStatus(200);
|
|
|
|
$expectedUrl = url('uploads/images/gallery/' . date('Y-m') . '/my-secure-restricted-test-upload.png');
|
|
|
|
$expectedPath = storage_path('uploads/images/gallery/' . date('Y-m') . '/my-secure-restricted-test-upload.png');
|
|
|
|
|
|
|
|
$this->get($expectedUrl)->assertOk();
|
|
|
|
|
2023-01-21 06:08:34 -05:00
|
|
|
$this->permissions->setEntityPermissions($page, [], []);
|
2022-09-02 09:03:23 -04:00
|
|
|
|
|
|
|
$resp = $this->get($expectedUrl);
|
|
|
|
$resp->assertNotFound();
|
|
|
|
|
|
|
|
if (file_exists($expectedPath)) {
|
|
|
|
unlink($expectedPath);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
public function test_thumbnail_path_handled_by_secure_restricted_images()
|
|
|
|
{
|
|
|
|
config()->set('filesystems.images', 'local_secure_restricted');
|
|
|
|
$this->asEditor();
|
2023-02-08 09:39:13 -05:00
|
|
|
$galleryFile = $this->files->uploadedImage('my-secure-restricted-thumb-test-test.png');
|
2022-09-29 12:31:38 -04:00
|
|
|
$page = $this->entities->page();
|
2022-09-02 09:03:23 -04:00
|
|
|
|
|
|
|
$upload = $this->call('POST', '/images/gallery', ['uploaded_to' => $page->id], [], ['file' => $galleryFile], []);
|
|
|
|
$upload->assertStatus(200);
|
|
|
|
$expectedUrl = url('uploads/images/gallery/' . date('Y-m') . '/thumbs-150-150/my-secure-restricted-thumb-test-test.png');
|
|
|
|
$expectedPath = storage_path('uploads/images/gallery/' . date('Y-m') . '/my-secure-restricted-thumb-test-test.png');
|
|
|
|
|
|
|
|
$this->get($expectedUrl)->assertOk();
|
|
|
|
|
2023-01-21 06:08:34 -05:00
|
|
|
$this->permissions->setEntityPermissions($page, [], []);
|
2022-09-02 09:03:23 -04:00
|
|
|
|
|
|
|
$resp = $this->get($expectedUrl);
|
|
|
|
$resp->assertNotFound();
|
|
|
|
|
|
|
|
if (file_exists($expectedPath)) {
|
|
|
|
unlink($expectedPath);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2022-09-02 09:21:43 -04:00
|
|
|
public function test_secure_restricted_image_access_controlled_in_exports()
|
|
|
|
{
|
|
|
|
config()->set('filesystems.images', 'local_secure_restricted');
|
|
|
|
$this->asEditor();
|
2023-02-08 09:39:13 -05:00
|
|
|
$galleryFile = $this->files->uploadedImage('my-secure-restricted-export-test.png');
|
2022-09-02 09:21:43 -04:00
|
|
|
|
2023-02-08 09:39:13 -05:00
|
|
|
$pageA = $this->entities->page();
|
|
|
|
$pageB = $this->entities->page();
|
2022-09-02 09:21:43 -04:00
|
|
|
$expectedPath = storage_path('uploads/images/gallery/' . date('Y-m') . '/my-secure-restricted-export-test.png');
|
|
|
|
|
|
|
|
$upload = $this->asEditor()->call('POST', '/images/gallery', ['uploaded_to' => $pageA->id], [], ['file' => $galleryFile], []);
|
|
|
|
$upload->assertOk();
|
|
|
|
|
|
|
|
$imageUrl = json_decode($upload->getContent(), true)['url'];
|
|
|
|
$pageB->html .= "<img src=\"{$imageUrl}\">";
|
|
|
|
$pageB->save();
|
|
|
|
|
|
|
|
$encodedImageContent = base64_encode(file_get_contents($expectedPath));
|
|
|
|
$export = $this->get($pageB->getUrl('/export/html'));
|
|
|
|
$this->assertStringContainsString($encodedImageContent, $export->getContent());
|
|
|
|
|
2023-01-21 06:08:34 -05:00
|
|
|
$this->permissions->setEntityPermissions($pageA, [], []);
|
2022-09-02 09:21:43 -04:00
|
|
|
|
|
|
|
$export = $this->get($pageB->getUrl('/export/html'));
|
|
|
|
$this->assertStringNotContainsString($encodedImageContent, $export->getContent());
|
|
|
|
|
|
|
|
if (file_exists($expectedPath)) {
|
|
|
|
unlink($expectedPath);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2016-07-01 15:11:49 -04:00
|
|
|
public function test_image_delete()
|
|
|
|
{
|
2022-09-29 12:31:38 -04:00
|
|
|
$page = $this->entities->page();
|
2016-07-01 15:11:49 -04:00
|
|
|
$this->asAdmin();
|
2018-01-28 08:18:28 -05:00
|
|
|
$imageName = 'first-image.png';
|
2023-02-08 09:39:13 -05:00
|
|
|
$relPath = $this->files->expectedImagePath('gallery', $imageName);
|
|
|
|
$this->files->deleteAtRelativePath($relPath);
|
2016-07-01 15:11:49 -04:00
|
|
|
|
2023-02-08 09:39:13 -05:00
|
|
|
$this->files->uploadGalleryImage($this, $imageName, $page->id);
|
2018-01-28 08:18:28 -05:00
|
|
|
$image = Image::first();
|
2016-07-01 15:11:49 -04:00
|
|
|
|
2021-06-26 11:23:15 -04:00
|
|
|
$delete = $this->delete('/images/' . $image->id);
|
2018-01-28 08:18:28 -05:00
|
|
|
$delete->assertStatus(200);
|
2016-07-01 15:11:49 -04:00
|
|
|
|
2018-01-28 08:18:28 -05:00
|
|
|
$this->assertDatabaseMissing('images', [
|
2021-06-26 11:23:15 -04:00
|
|
|
'url' => $this->baseUrl . $relPath,
|
|
|
|
'type' => 'gallery',
|
2016-07-01 15:11:49 -04:00
|
|
|
]);
|
|
|
|
|
2017-01-02 06:07:27 -05:00
|
|
|
$this->assertFalse(file_exists(public_path($relPath)), 'Uploaded image has not been deleted as expected');
|
2016-07-01 15:11:49 -04:00
|
|
|
}
|
|
|
|
|
2020-07-24 18:41:59 -04:00
|
|
|
public function test_image_delete_does_not_delete_similar_images()
|
|
|
|
{
|
2022-09-29 12:31:38 -04:00
|
|
|
$page = $this->entities->page();
|
2020-07-24 18:41:59 -04:00
|
|
|
$this->asAdmin();
|
|
|
|
$imageName = 'first-image.png';
|
|
|
|
|
2023-02-08 09:39:13 -05:00
|
|
|
$relPath = $this->files->expectedImagePath('gallery', $imageName);
|
|
|
|
$this->files->deleteAtRelativePath($relPath);
|
2020-07-24 18:41:59 -04:00
|
|
|
|
2023-02-08 09:39:13 -05:00
|
|
|
$this->files->uploadGalleryImage($this, $imageName, $page->id);
|
|
|
|
$this->files->uploadGalleryImage($this, $imageName, $page->id);
|
|
|
|
$this->files->uploadGalleryImage($this, $imageName, $page->id);
|
2020-07-24 18:41:59 -04:00
|
|
|
|
|
|
|
$image = Image::first();
|
|
|
|
$folder = public_path(dirname($relPath));
|
|
|
|
$imageCount = count(glob($folder . '/*'));
|
|
|
|
|
2021-06-26 11:23:15 -04:00
|
|
|
$delete = $this->delete('/images/' . $image->id);
|
2020-07-24 18:41:59 -04:00
|
|
|
$delete->assertStatus(200);
|
|
|
|
|
|
|
|
$newCount = count(glob($folder . '/*'));
|
|
|
|
$this->assertEquals($imageCount - 1, $newCount, 'More files than expected have been deleted');
|
|
|
|
$this->assertFalse(file_exists(public_path($relPath)), 'Uploaded image has not been deleted as expected');
|
|
|
|
}
|
|
|
|
|
2022-09-05 10:52:12 -04:00
|
|
|
public function test_image_manager_delete_button_only_shows_with_permission()
|
|
|
|
{
|
2022-09-29 12:31:38 -04:00
|
|
|
$page = $this->entities->page();
|
2022-09-05 10:52:12 -04:00
|
|
|
$this->asAdmin();
|
|
|
|
$imageName = 'first-image.png';
|
2023-02-08 09:39:13 -05:00
|
|
|
$relPath = $this->files->expectedImagePath('gallery', $imageName);
|
|
|
|
$this->files->deleteAtRelativePath($relPath);
|
2023-01-21 06:08:34 -05:00
|
|
|
$viewer = $this->users->viewer();
|
2022-09-05 10:52:12 -04:00
|
|
|
|
2023-02-08 09:39:13 -05:00
|
|
|
$this->files->uploadGalleryImage($this, $imageName, $page->id);
|
2022-09-05 10:52:12 -04:00
|
|
|
$image = Image::first();
|
|
|
|
|
|
|
|
$resp = $this->get("/images/edit/{$image->id}");
|
2023-05-29 10:16:16 -04:00
|
|
|
$this->withHtml($resp)->assertElementExists('button#image-manager-delete');
|
2022-09-05 10:52:12 -04:00
|
|
|
|
|
|
|
$resp = $this->actingAs($viewer)->get("/images/edit/{$image->id}");
|
2023-05-29 10:16:16 -04:00
|
|
|
$this->withHtml($resp)->assertElementNotExists('button#image-manager-delete');
|
2022-09-05 10:52:12 -04:00
|
|
|
|
2023-01-21 06:08:34 -05:00
|
|
|
$this->permissions->grantUserRolePermissions($viewer, ['image-delete-all']);
|
2022-09-05 10:52:12 -04:00
|
|
|
|
|
|
|
$resp = $this->actingAs($viewer)->get("/images/edit/{$image->id}");
|
2023-05-29 10:16:16 -04:00
|
|
|
$this->withHtml($resp)->assertElementExists('button#image-manager-delete');
|
2022-09-05 10:52:12 -04:00
|
|
|
|
2023-02-08 09:39:13 -05:00
|
|
|
$this->files->deleteAtRelativePath($relPath);
|
2022-09-05 10:52:12 -04:00
|
|
|
}
|
|
|
|
|
2019-04-21 10:52:29 -04:00
|
|
|
protected function getTestProfileImage()
|
|
|
|
{
|
|
|
|
$imageName = 'profile.png';
|
2023-02-08 09:39:13 -05:00
|
|
|
$relPath = $this->files->expectedImagePath('user', $imageName);
|
|
|
|
$this->files->deleteAtRelativePath($relPath);
|
2019-04-21 10:52:29 -04:00
|
|
|
|
2023-02-08 09:39:13 -05:00
|
|
|
return $this->files->uploadedImage($imageName);
|
2019-04-21 10:52:29 -04:00
|
|
|
}
|
|
|
|
|
|
|
|
public function test_user_image_upload()
|
|
|
|
{
|
2023-01-21 06:08:34 -05:00
|
|
|
$editor = $this->users->editor();
|
|
|
|
$admin = $this->users->admin();
|
2019-04-21 10:52:29 -04:00
|
|
|
$this->actingAs($admin);
|
|
|
|
|
|
|
|
$file = $this->getTestProfileImage();
|
2019-05-04 13:11:00 -04:00
|
|
|
$this->call('PUT', '/settings/users/' . $editor->id, [], [], ['profile_image' => $file], []);
|
2019-04-21 10:52:29 -04:00
|
|
|
|
|
|
|
$this->assertDatabaseHas('images', [
|
2021-06-26 11:23:15 -04:00
|
|
|
'type' => 'user',
|
2019-04-21 10:52:29 -04:00
|
|
|
'uploaded_to' => $editor->id,
|
2021-06-26 11:23:15 -04:00
|
|
|
'created_by' => $admin->id,
|
2019-04-21 10:52:29 -04:00
|
|
|
]);
|
|
|
|
}
|
|
|
|
|
|
|
|
public function test_user_images_deleted_on_user_deletion()
|
|
|
|
{
|
2023-01-21 06:08:34 -05:00
|
|
|
$editor = $this->users->editor();
|
2019-04-21 10:52:29 -04:00
|
|
|
$this->actingAs($editor);
|
|
|
|
|
|
|
|
$file = $this->getTestProfileImage();
|
2019-05-04 13:11:00 -04:00
|
|
|
$this->call('PUT', '/settings/users/' . $editor->id, [], [], ['profile_image' => $file], []);
|
2018-01-28 09:08:14 -05:00
|
|
|
|
|
|
|
$profileImages = Image::where('type', '=', 'user')->where('created_by', '=', $editor->id)->get();
|
2021-06-26 11:23:15 -04:00
|
|
|
$this->assertTrue($profileImages->count() === 1, 'Found profile images does not match upload count');
|
2019-05-04 13:11:00 -04:00
|
|
|
|
|
|
|
$imagePath = public_path($profileImages->first()->path);
|
|
|
|
$this->assertTrue(file_exists($imagePath));
|
2018-01-28 09:08:14 -05:00
|
|
|
|
|
|
|
$userDelete = $this->asAdmin()->delete("/settings/users/{$editor->id}");
|
|
|
|
$userDelete->assertStatus(302);
|
2019-05-04 13:11:00 -04:00
|
|
|
|
2018-01-28 09:08:14 -05:00
|
|
|
$this->assertDatabaseMissing('images', [
|
2021-06-26 11:23:15 -04:00
|
|
|
'type' => 'user',
|
|
|
|
'created_by' => $editor->id,
|
2018-01-28 09:08:14 -05:00
|
|
|
]);
|
2019-04-21 10:52:29 -04:00
|
|
|
$this->assertDatabaseMissing('images', [
|
2021-06-26 11:23:15 -04:00
|
|
|
'type' => 'user',
|
|
|
|
'uploaded_to' => $editor->id,
|
2019-04-21 10:52:29 -04:00
|
|
|
]);
|
2019-05-04 13:11:00 -04:00
|
|
|
|
|
|
|
$this->assertFalse(file_exists($imagePath));
|
2018-01-28 09:08:14 -05:00
|
|
|
}
|
|
|
|
|
2018-05-27 14:40:07 -04:00
|
|
|
public function test_deleted_unused_images()
|
|
|
|
{
|
2022-09-29 12:31:38 -04:00
|
|
|
$page = $this->entities->page();
|
2023-01-21 06:08:34 -05:00
|
|
|
$admin = $this->users->admin();
|
2018-05-27 14:40:07 -04:00
|
|
|
$this->actingAs($admin);
|
|
|
|
|
|
|
|
$imageName = 'unused-image.png';
|
2023-02-08 09:39:13 -05:00
|
|
|
$relPath = $this->files->expectedImagePath('gallery', $imageName);
|
|
|
|
$this->files->deleteAtRelativePath($relPath);
|
2018-05-27 14:40:07 -04:00
|
|
|
|
2023-02-08 09:39:13 -05:00
|
|
|
$upload = $this->files->uploadGalleryImage($this, $imageName, $page->id);
|
2018-05-27 14:40:07 -04:00
|
|
|
$upload->assertStatus(200);
|
|
|
|
$image = Image::where('type', '=', 'gallery')->first();
|
|
|
|
|
2018-10-13 06:27:55 -04:00
|
|
|
$pageRepo = app(PageRepo::class);
|
2019-10-05 07:55:01 -04:00
|
|
|
$pageRepo->update($page, [
|
2021-06-26 11:23:15 -04:00
|
|
|
'name' => $page->name,
|
|
|
|
'html' => $page->html . "<img src=\"{$image->url}\">",
|
|
|
|
'summary' => '',
|
2018-05-27 14:40:07 -04:00
|
|
|
]);
|
|
|
|
|
|
|
|
// Ensure no images are reported as deletable
|
|
|
|
$imageService = app(ImageService::class);
|
|
|
|
$toDelete = $imageService->deleteUnusedImages(true, true);
|
|
|
|
$this->assertCount(0, $toDelete);
|
|
|
|
|
|
|
|
// Save a revision of our page without the image;
|
2019-10-05 07:55:01 -04:00
|
|
|
$pageRepo->update($page, [
|
2021-06-26 11:23:15 -04:00
|
|
|
'name' => $page->name,
|
|
|
|
'html' => '<p>Hello</p>',
|
|
|
|
'summary' => '',
|
2018-05-27 14:40:07 -04:00
|
|
|
]);
|
|
|
|
|
|
|
|
// Ensure revision images are picked up okay
|
|
|
|
$imageService = app(ImageService::class);
|
|
|
|
$toDelete = $imageService->deleteUnusedImages(true, true);
|
|
|
|
$this->assertCount(0, $toDelete);
|
|
|
|
$toDelete = $imageService->deleteUnusedImages(false, true);
|
|
|
|
$this->assertCount(1, $toDelete);
|
|
|
|
|
|
|
|
// Check image is found when revisions are destroyed
|
|
|
|
$page->revisions()->delete();
|
|
|
|
$toDelete = $imageService->deleteUnusedImages(true, true);
|
|
|
|
$this->assertCount(1, $toDelete);
|
|
|
|
|
|
|
|
// Check the image is deleted
|
|
|
|
$absPath = public_path($relPath);
|
|
|
|
$this->assertTrue(file_exists($absPath), "Existing uploaded file at path {$absPath} exists");
|
|
|
|
$toDelete = $imageService->deleteUnusedImages(true, false);
|
|
|
|
$this->assertCount(1, $toDelete);
|
|
|
|
$this->assertFalse(file_exists($absPath));
|
|
|
|
|
2023-02-08 09:39:13 -05:00
|
|
|
$this->files->deleteAtRelativePath($relPath);
|
2018-05-27 14:40:07 -04:00
|
|
|
}
|
2021-03-04 15:45:56 -05:00
|
|
|
}
|