asAdmin(); $page = $this->entities->page(); $comment = Comment::factory()->make(['parent_id' => 2]); $resp = $this->postJson("/comment/$page->id", $comment->getAttributes()); $resp->assertStatus(200); $resp->assertSee($comment->text); $pageResp = $this->get($page->getUrl()); $pageResp->assertSee($comment->text); $this->assertDatabaseHas('comments', [ 'local_id' => 1, 'entity_id' => $page->id, 'entity_type' => Page::newModelInstance()->getMorphClass(), 'text' => $comment->text, 'parent_id' => 2, ]); } public function test_comment_edit() { $this->asAdmin(); $page = $this->entities->page(); $comment = Comment::factory()->make(); $this->postJson("/comment/$page->id", $comment->getAttributes()); $comment = $page->comments()->first(); $newText = 'updated text content'; $resp = $this->putJson("/comment/$comment->id", [ 'text' => $newText, ]); $resp->assertStatus(200); $resp->assertSee($newText); $resp->assertDontSee($comment->text); $this->assertDatabaseHas('comments', [ 'text' => $newText, 'entity_id' => $page->id, ]); } public function test_comment_delete() { $this->asAdmin(); $page = $this->entities->page(); $comment = Comment::factory()->make(); $this->postJson("/comment/$page->id", $comment->getAttributes()); $comment = $page->comments()->first(); $resp = $this->delete("/comment/$comment->id"); $resp->assertStatus(200); $this->assertDatabaseMissing('comments', [ 'id' => $comment->id, ]); } public function test_comments_converts_markdown_input_to_html() { $page = $this->entities->page(); $this->asAdmin()->postJson("/comment/$page->id", [ 'text' => '# My Title', ]); $this->assertDatabaseHas('comments', [ 'entity_id' => $page->id, 'entity_type' => $page->getMorphClass(), 'text' => '# My Title', 'html' => "

My Title

\n", ]); $pageView = $this->get($page->getUrl()); $pageView->assertSee('

My Title

', false); } public function test_html_cannot_be_injected_via_comment_content() { $this->asAdmin(); $page = $this->entities->page(); $script = '\n\n# sometextinthecomment'; $this->postJson("/comment/$page->id", [ 'text' => $script, ]); $pageView = $this->get($page->getUrl()); $pageView->assertDontSee($script, false); $pageView->assertSee('sometextinthecomment'); $comment = $page->comments()->first(); $this->putJson("/comment/$comment->id", [ 'text' => $script . 'updated', ]); $pageView = $this->get($page->getUrl()); $pageView->assertDontSee($script, false); $pageView->assertSee('sometextinthecommentupdated'); } }