mirror of
https://github.com/BookStackApp/BookStack.git
synced 2024-07-02 17:41:45 +00:00
118 lines
3.4 KiB
PHP
118 lines
3.4 KiB
PHP
<?php
|
|
|
|
namespace Tests\Entity;
|
|
|
|
use BookStack\Activity\Models\Comment;
|
|
use BookStack\Entities\Models\Page;
|
|
use Tests\TestCase;
|
|
|
|
class CommentTest extends TestCase
|
|
{
|
|
public function test_add_comment()
|
|
{
|
|
$this->asAdmin();
|
|
$page = $this->entities->page();
|
|
|
|
$comment = Comment::factory()->make(['parent_id' => 2]);
|
|
$resp = $this->postJson("/comment/$page->id", $comment->getAttributes());
|
|
|
|
$resp->assertStatus(200);
|
|
$resp->assertSee($comment->text);
|
|
|
|
$pageResp = $this->get($page->getUrl());
|
|
$pageResp->assertSee($comment->text);
|
|
|
|
$this->assertDatabaseHas('comments', [
|
|
'local_id' => 1,
|
|
'entity_id' => $page->id,
|
|
'entity_type' => Page::newModelInstance()->getMorphClass(),
|
|
'text' => $comment->text,
|
|
'parent_id' => 2,
|
|
]);
|
|
}
|
|
|
|
public function test_comment_edit()
|
|
{
|
|
$this->asAdmin();
|
|
$page = $this->entities->page();
|
|
|
|
$comment = Comment::factory()->make();
|
|
$this->postJson("/comment/$page->id", $comment->getAttributes());
|
|
|
|
$comment = $page->comments()->first();
|
|
$newText = 'updated text content';
|
|
$resp = $this->putJson("/comment/$comment->id", [
|
|
'text' => $newText,
|
|
]);
|
|
|
|
$resp->assertStatus(200);
|
|
$resp->assertSee($newText);
|
|
$resp->assertDontSee($comment->text);
|
|
|
|
$this->assertDatabaseHas('comments', [
|
|
'text' => $newText,
|
|
'entity_id' => $page->id,
|
|
]);
|
|
}
|
|
|
|
public function test_comment_delete()
|
|
{
|
|
$this->asAdmin();
|
|
$page = $this->entities->page();
|
|
|
|
$comment = Comment::factory()->make();
|
|
$this->postJson("/comment/$page->id", $comment->getAttributes());
|
|
|
|
$comment = $page->comments()->first();
|
|
|
|
$resp = $this->delete("/comment/$comment->id");
|
|
$resp->assertStatus(200);
|
|
|
|
$this->assertDatabaseMissing('comments', [
|
|
'id' => $comment->id,
|
|
]);
|
|
}
|
|
|
|
public function test_comments_converts_markdown_input_to_html()
|
|
{
|
|
$page = $this->entities->page();
|
|
$this->asAdmin()->postJson("/comment/$page->id", [
|
|
'text' => '# My Title',
|
|
]);
|
|
|
|
$this->assertDatabaseHas('comments', [
|
|
'entity_id' => $page->id,
|
|
'entity_type' => $page->getMorphClass(),
|
|
'text' => '# My Title',
|
|
'html' => "<h1>My Title</h1>\n",
|
|
]);
|
|
|
|
$pageView = $this->get($page->getUrl());
|
|
$pageView->assertSee('<h1>My Title</h1>', false);
|
|
}
|
|
|
|
public function test_html_cannot_be_injected_via_comment_content()
|
|
{
|
|
$this->asAdmin();
|
|
$page = $this->entities->page();
|
|
|
|
$script = '<script>const a = "script";</script>\n\n# sometextinthecomment';
|
|
$this->postJson("/comment/$page->id", [
|
|
'text' => $script,
|
|
]);
|
|
|
|
$pageView = $this->get($page->getUrl());
|
|
$pageView->assertDontSee($script, false);
|
|
$pageView->assertSee('sometextinthecomment');
|
|
|
|
$comment = $page->comments()->first();
|
|
$this->putJson("/comment/$comment->id", [
|
|
'text' => $script . 'updated',
|
|
]);
|
|
|
|
$pageView = $this->get($page->getUrl());
|
|
$pageView->assertDontSee($script, false);
|
|
$pageView->assertSee('sometextinthecommentupdated');
|
|
}
|
|
}
|