2015-08-27 17:30:35 -04:00
< ? php
2016-07-21 11:09:48 -04:00
use PrivateBin\data\data ;
use PrivateBin\privatebin ;
use PrivateBin\serversalt ;
use PrivateBin\trafficlimiter ;
2016-07-11 05:58:15 -04:00
class privatebinTest extends PHPUnit_Framework_TestCase
2015-08-27 17:30:35 -04:00
{
2015-10-03 09:52:37 -04:00
protected $_model ;
2015-08-27 17:30:35 -04:00
public function setUp ()
{
/* Setup Routine */
2016-07-21 11:09:48 -04:00
$this -> _model = data :: getInstance ( array ( 'dir' => PATH . 'data' ));
2015-08-27 17:30:35 -04:00
$this -> reset ();
}
public function tearDown ()
{
/* Tear Down Routine */
2015-10-03 09:52:37 -04:00
helper :: confRestore ();
2015-08-27 17:30:35 -04:00
}
public function reset ()
{
$_POST = array ();
$_GET = array ();
$_SERVER = array ();
2016-07-26 02:19:35 -04:00
if ( $this -> _model -> exists ( helper :: getPasteId ())) {
2015-09-21 16:32:52 -04:00
$this -> _model -> delete ( helper :: getPasteId ());
2016-07-26 02:19:35 -04:00
}
2015-09-22 17:21:31 -04:00
helper :: confRestore ();
2015-08-27 17:30:35 -04:00
}
/**
* @ runInSeparateProcess
*/
public function testView ()
{
$this -> reset ();
ob_start ();
2016-07-11 05:58:15 -04:00
new privatebin ;
2015-08-27 17:30:35 -04:00
$content = ob_get_contents ();
2016-08-02 04:29:25 -04:00
ob_end_clean ();
2016-05-22 12:35:07 -04:00
$this -> assertContains (
2016-07-11 05:58:15 -04:00
'<title>PrivateBin</title>' ,
2015-08-27 17:30:35 -04:00
$content ,
'outputs title correctly'
);
2016-05-22 12:35:07 -04:00
$this -> assertNotContains (
'id="shortenbutton"' ,
2016-01-31 03:56:06 -05:00
$content ,
'doesn\'t output shortener button'
);
2015-08-27 17:30:35 -04:00
}
2015-09-19 11:23:10 -04:00
/**
* @ runInSeparateProcess
*/
public function testViewLanguageSelection ()
{
$this -> reset ();
2015-09-22 17:21:31 -04:00
$options = parse_ini_file ( CONF , true );
2015-09-19 11:23:10 -04:00
$options [ 'main' ][ 'languageselection' ] = true ;
2015-09-22 17:21:31 -04:00
helper :: confBackup ();
helper :: createIniFile ( CONF , $options );
2015-09-19 11:23:10 -04:00
$_COOKIE [ 'lang' ] = 'de' ;
ob_start ();
2016-07-11 05:58:15 -04:00
new privatebin ;
2015-09-19 11:23:10 -04:00
$content = ob_get_contents ();
2016-08-02 04:29:25 -04:00
ob_end_clean ();
2016-05-22 12:35:07 -04:00
$this -> assertContains (
2016-07-11 05:58:15 -04:00
'<title>PrivateBin</title>' ,
2015-09-19 11:23:10 -04:00
$content ,
'outputs title correctly'
);
}
2016-01-31 03:56:06 -05:00
/**
* @ runInSeparateProcess
*/
public function testViewForceLanguageDefault ()
{
$this -> reset ();
$options = parse_ini_file ( CONF , true );
$options [ 'main' ][ 'languageselection' ] = false ;
$options [ 'main' ][ 'languagedefault' ] = 'fr' ;
helper :: confBackup ();
helper :: createIniFile ( CONF , $options );
$_COOKIE [ 'lang' ] = 'de' ;
ob_start ();
2016-07-11 05:58:15 -04:00
new privatebin ;
2016-01-31 03:56:06 -05:00
$content = ob_get_contents ();
2016-08-02 04:29:25 -04:00
ob_end_clean ();
2016-05-22 12:35:07 -04:00
$this -> assertContains (
2016-07-11 05:58:15 -04:00
'<title>PrivateBin</title>' ,
2016-01-31 03:56:06 -05:00
$content ,
'outputs title correctly'
);
}
/**
* @ runInSeparateProcess
*/
public function testViewUrlShortener ()
{
$shortener = 'https://shortener.example.com/api?link=' ;
$this -> reset ();
$options = parse_ini_file ( CONF , true );
$options [ 'main' ][ 'urlshortener' ] = $shortener ;
helper :: confBackup ();
helper :: createIniFile ( CONF , $options );
$_COOKIE [ 'lang' ] = 'de' ;
ob_start ();
2016-07-11 05:58:15 -04:00
new privatebin ;
2016-01-31 03:56:06 -05:00
$content = ob_get_contents ();
2016-08-02 04:29:25 -04:00
ob_end_clean ();
2016-05-22 12:35:07 -04:00
$this -> assertRegExp (
'#id="shortenbutton"[^>]*data-shortener="' . preg_quote ( $shortener ) . '"#' ,
2016-01-31 03:56:06 -05:00
$content ,
'outputs configured shortener URL correctly'
);
}
2015-08-29 14:29:14 -04:00
/**
* @ runInSeparateProcess
*/
public function testHtaccess ()
{
$this -> reset ();
$dirs = array ( 'cfg' , 'lib' );
foreach ( $dirs as $dir ) {
$file = PATH . $dir . DIRECTORY_SEPARATOR . '.htaccess' ;
@ unlink ( $file );
}
2016-07-06 03:01:10 -04:00
ob_start ();
2016-07-11 05:58:15 -04:00
new privatebin ;
2016-07-06 03:01:10 -04:00
ob_end_clean ();
2015-08-29 14:29:14 -04:00
foreach ( $dirs as $dir ) {
$file = PATH . $dir . DIRECTORY_SEPARATOR . '.htaccess' ;
$this -> assertFileExists (
$file ,
" $dir htaccess recreated "
);
}
}
/**
* @ expectedException Exception
* @ expectedExceptionCode 2
*/
public function testConf ()
{
$this -> reset ();
2015-09-22 17:21:31 -04:00
helper :: confBackup ();
file_put_contents ( CONF , '' );
2015-08-29 14:29:14 -04:00
ob_start ();
2016-07-11 05:58:15 -04:00
new privatebin ;
2016-07-06 03:01:10 -04:00
ob_end_clean ();
2015-08-29 14:29:14 -04:00
}
2015-08-27 17:30:35 -04:00
/**
* @ runInSeparateProcess
*/
public function testCreate ()
{
$this -> reset ();
2015-10-03 09:52:37 -04:00
$options = parse_ini_file ( CONF , true );
$options [ 'traffic' ][ 'limit' ] = 0 ;
helper :: confBackup ();
helper :: createIniFile ( CONF , $options );
2015-09-21 16:32:52 -04:00
$_POST = helper :: getPaste ();
2015-09-27 14:34:39 -04:00
$_SERVER [ 'HTTP_X_REQUESTED_WITH' ] = 'JSONHttpRequest' ;
$_SERVER [ 'REQUEST_METHOD' ] = 'POST' ;
2015-08-27 17:30:35 -04:00
$_SERVER [ 'REMOTE_ADDR' ] = '::1' ;
ob_start ();
2016-07-11 05:58:15 -04:00
new privatebin ;
2015-08-27 17:30:35 -04:00
$content = ob_get_contents ();
2016-08-02 04:29:25 -04:00
ob_end_clean ();
2015-08-27 17:30:35 -04:00
$response = json_decode ( $content , true );
2015-08-29 14:29:14 -04:00
$this -> assertEquals ( 0 , $response [ 'status' ], 'outputs status' );
2016-07-06 05:37:13 -04:00
$this -> assertTrue ( $this -> _model -> exists ( $response [ 'id' ]), 'paste exists after posting data' );
$paste = $this -> _model -> read ( $response [ 'id' ]);
2015-08-27 17:30:35 -04:00
$this -> assertEquals (
2016-07-06 05:37:13 -04:00
hash_hmac ( 'sha256' , $response [ 'id' ], $paste -> meta -> salt ),
2015-08-27 17:30:35 -04:00
$response [ 'deletetoken' ],
2015-08-29 14:29:14 -04:00
'outputs valid delete token'
);
}
2015-09-03 16:55:36 -04:00
/**
* @ runInSeparateProcess
*/
public function testCreateInvalidTimelimit ()
{
$this -> reset ();
2016-07-15 11:02:59 -04:00
$options = parse_ini_file ( CONF , true );
$options [ 'traffic' ][ 'limit' ] = 0 ;
helper :: confBackup ();
helper :: createIniFile ( CONF , $options );
$_POST = helper :: getPaste ( array ( 'expire' => 25 ));
2015-09-27 14:34:39 -04:00
$_SERVER [ 'HTTP_X_REQUESTED_WITH' ] = 'JSONHttpRequest' ;
$_SERVER [ 'REQUEST_METHOD' ] = 'POST' ;
2015-09-03 16:55:36 -04:00
$_SERVER [ 'REMOTE_ADDR' ] = '::1' ;
2015-10-03 09:52:37 -04:00
trafficlimiter :: canPass ();
2015-09-03 16:55:36 -04:00
ob_start ();
2016-07-11 05:58:15 -04:00
new privatebin ;
2015-09-03 16:55:36 -04:00
$content = ob_get_contents ();
2016-08-02 04:29:25 -04:00
ob_end_clean ();
2015-09-03 16:55:36 -04:00
$response = json_decode ( $content , true );
2016-07-15 11:02:59 -04:00
$this -> assertEquals ( 0 , $response [ 'status' ], 'outputs status' );
$this -> assertTrue ( $this -> _model -> exists ( $response [ 'id' ]), 'paste exists after posting data' );
$paste = $this -> _model -> read ( $response [ 'id' ]);
$this -> assertEquals (
hash_hmac ( 'sha256' , $response [ 'id' ], $paste -> meta -> salt ),
$response [ 'deletetoken' ],
'outputs valid delete token'
);
2015-09-03 16:55:36 -04:00
}
/**
* @ runInSeparateProcess
*/
public function testCreateInvalidSize ()
{
$this -> reset ();
2015-09-22 17:21:31 -04:00
$options = parse_ini_file ( CONF , true );
2015-09-03 16:55:36 -04:00
$options [ 'main' ][ 'sizelimit' ] = 10 ;
$options [ 'traffic' ][ 'limit' ] = 0 ;
2015-09-22 17:21:31 -04:00
helper :: confBackup ();
helper :: createIniFile ( CONF , $options );
2015-09-21 16:32:52 -04:00
$_POST = helper :: getPaste ();
2015-09-27 14:34:39 -04:00
$_SERVER [ 'HTTP_X_REQUESTED_WITH' ] = 'JSONHttpRequest' ;
$_SERVER [ 'REQUEST_METHOD' ] = 'POST' ;
2015-09-03 16:55:36 -04:00
$_SERVER [ 'REMOTE_ADDR' ] = '::1' ;
ob_start ();
2016-07-11 05:58:15 -04:00
new privatebin ;
2015-09-03 16:55:36 -04:00
$content = ob_get_contents ();
2016-08-02 04:29:25 -04:00
ob_end_clean ();
2015-09-03 16:55:36 -04:00
$response = json_decode ( $content , true );
$this -> assertEquals ( 1 , $response [ 'status' ], 'outputs error status' );
2015-09-21 16:32:52 -04:00
$this -> assertFalse ( $this -> _model -> exists ( helper :: getPasteId ()), 'paste exists after posting data' );
2015-09-03 16:55:36 -04:00
}
2015-09-19 11:23:10 -04:00
/**
* @ runInSeparateProcess
*/
public function testCreateProxyHeader ()
{
$this -> reset ();
2015-09-22 17:21:31 -04:00
$options = parse_ini_file ( CONF , true );
2015-09-19 11:23:10 -04:00
$options [ 'traffic' ][ 'header' ] = 'X_FORWARDED_FOR' ;
2015-09-22 17:21:31 -04:00
helper :: confBackup ();
helper :: createIniFile ( CONF , $options );
2015-09-21 16:32:52 -04:00
$_POST = helper :: getPaste ();
2016-07-15 11:02:59 -04:00
$_SERVER [ 'HTTP_X_FORWARDED_FOR' ] = '::2' ;
2015-09-27 14:34:39 -04:00
$_SERVER [ 'HTTP_X_REQUESTED_WITH' ] = 'JSONHttpRequest' ;
$_SERVER [ 'REQUEST_METHOD' ] = 'POST' ;
2016-05-22 12:35:07 -04:00
$_SERVER [ 'REMOTE_ADDR' ] = '::1' ;
2015-09-19 11:23:10 -04:00
ob_start ();
2016-07-11 05:58:15 -04:00
new privatebin ;
2015-09-19 11:23:10 -04:00
$content = ob_get_contents ();
2016-08-02 04:29:25 -04:00
ob_end_clean ();
2015-09-19 11:23:10 -04:00
$response = json_decode ( $content , true );
2016-07-15 11:02:59 -04:00
$this -> assertEquals ( 0 , $response [ 'status' ], 'outputs status' );
$this -> assertTrue ( $this -> _model -> exists ( $response [ 'id' ]), 'paste exists after posting data' );
$paste = $this -> _model -> read ( $response [ 'id' ]);
$this -> assertEquals (
hash_hmac ( 'sha256' , $response [ 'id' ], $paste -> meta -> salt ),
$response [ 'deletetoken' ],
'outputs valid delete token'
);
2015-09-19 11:23:10 -04:00
}
2015-09-03 16:55:36 -04:00
/**
* @ runInSeparateProcess
*/
public function testCreateDuplicateId ()
{
$this -> reset ();
2015-09-22 17:21:31 -04:00
$options = parse_ini_file ( CONF , true );
2015-09-03 16:55:36 -04:00
$options [ 'traffic' ][ 'limit' ] = 0 ;
2015-09-22 17:21:31 -04:00
helper :: confBackup ();
helper :: createIniFile ( CONF , $options );
2015-09-21 16:32:52 -04:00
$this -> _model -> create ( helper :: getPasteId (), helper :: getPaste ());
$_POST = helper :: getPaste ();
2015-09-27 14:34:39 -04:00
$_SERVER [ 'HTTP_X_REQUESTED_WITH' ] = 'JSONHttpRequest' ;
$_SERVER [ 'REQUEST_METHOD' ] = 'POST' ;
2015-09-03 16:55:36 -04:00
$_SERVER [ 'REMOTE_ADDR' ] = '::1' ;
ob_start ();
2016-07-11 05:58:15 -04:00
new privatebin ;
2015-09-03 16:55:36 -04:00
$content = ob_get_contents ();
2016-08-02 04:29:25 -04:00
ob_end_clean ();
2015-09-03 16:55:36 -04:00
$response = json_decode ( $content , true );
$this -> assertEquals ( 1 , $response [ 'status' ], 'outputs error status' );
2015-09-21 16:32:52 -04:00
$this -> assertTrue ( $this -> _model -> exists ( helper :: getPasteId ()), 'paste exists after posting data' );
2015-09-03 16:55:36 -04:00
}
2015-08-29 14:29:14 -04:00
/**
* @ runInSeparateProcess
*/
public function testCreateValidExpire ()
{
$this -> reset ();
2015-09-22 17:21:31 -04:00
$options = parse_ini_file ( CONF , true );
2015-09-03 16:55:36 -04:00
$options [ 'traffic' ][ 'limit' ] = 0 ;
2015-09-22 17:21:31 -04:00
helper :: confBackup ();
helper :: createIniFile ( CONF , $options );
2015-09-21 16:32:52 -04:00
$_POST = helper :: getPaste ();
2015-08-29 14:29:14 -04:00
$_POST [ 'expire' ] = '5min' ;
2015-09-12 11:33:16 -04:00
$_POST [ 'formatter' ] = 'foo' ;
2015-09-27 14:34:39 -04:00
$_SERVER [ 'HTTP_X_REQUESTED_WITH' ] = 'JSONHttpRequest' ;
$_SERVER [ 'REQUEST_METHOD' ] = 'POST' ;
2015-08-29 14:29:14 -04:00
$_SERVER [ 'REMOTE_ADDR' ] = '::1' ;
2016-07-04 14:21:14 -04:00
$time = time ();
2015-08-29 14:29:14 -04:00
ob_start ();
2016-07-11 05:58:15 -04:00
new privatebin ;
2015-08-29 14:29:14 -04:00
$content = ob_get_contents ();
2016-08-02 04:29:25 -04:00
ob_end_clean ();
2015-08-29 14:29:14 -04:00
$response = json_decode ( $content , true );
$this -> assertEquals ( 0 , $response [ 'status' ], 'outputs status' );
2016-07-06 05:37:13 -04:00
$this -> assertTrue ( $this -> _model -> exists ( $response [ 'id' ]), 'paste exists after posting data' );
$paste = $this -> _model -> read ( $response [ 'id' ]);
2015-08-29 14:29:14 -04:00
$this -> assertEquals (
2016-07-06 05:37:13 -04:00
hash_hmac ( 'sha256' , $response [ 'id' ], $paste -> meta -> salt ),
2015-08-29 14:29:14 -04:00
$response [ 'deletetoken' ],
2015-08-27 17:30:35 -04:00
'outputs valid delete token'
);
2016-07-06 03:41:07 -04:00
$this -> assertGreaterThanOrEqual ( $time + 300 , $paste -> meta -> expire_date , 'time is set correctly' );
2015-10-03 11:54:18 -04:00
}
/**
* @ runInSeparateProcess
*/
public function testCreateValidExpireWithDiscussion ()
{
$this -> reset ();
$options = parse_ini_file ( CONF , true );
$options [ 'traffic' ][ 'limit' ] = 0 ;
helper :: confBackup ();
helper :: createIniFile ( CONF , $options );
$_POST = helper :: getPaste ();
$_POST [ 'expire' ] = '5min' ;
$_POST [ 'opendiscussion' ] = '1' ;
$_SERVER [ 'HTTP_X_REQUESTED_WITH' ] = 'JSONHttpRequest' ;
$_SERVER [ 'REQUEST_METHOD' ] = 'POST' ;
$_SERVER [ 'REMOTE_ADDR' ] = '::1' ;
2016-07-06 03:01:10 -04:00
$time = time ();
2015-10-03 11:54:18 -04:00
ob_start ();
2016-07-11 05:58:15 -04:00
new privatebin ;
2015-10-03 11:54:18 -04:00
$content = ob_get_contents ();
2016-08-02 04:29:25 -04:00
ob_end_clean ();
2015-10-03 11:54:18 -04:00
$response = json_decode ( $content , true );
$this -> assertEquals ( 0 , $response [ 'status' ], 'outputs status' );
2016-07-06 05:37:13 -04:00
$this -> assertTrue ( $this -> _model -> exists ( $response [ 'id' ]), 'paste exists after posting data' );
$paste = $this -> _model -> read ( $response [ 'id' ]);
2015-10-03 11:54:18 -04:00
$this -> assertEquals (
2016-07-06 05:37:13 -04:00
hash_hmac ( 'sha256' , $response [ 'id' ], $paste -> meta -> salt ),
2015-10-03 11:54:18 -04:00
$response [ 'deletetoken' ],
'outputs valid delete token'
);
2016-07-06 03:41:07 -04:00
$this -> assertGreaterThanOrEqual ( $time + 300 , $paste -> meta -> expire_date , 'time is set correctly' );
$this -> assertEquals ( 1 , $paste -> meta -> opendiscussion , 'discussion is enabled' );
2015-08-27 17:30:35 -04:00
}
2015-08-29 14:29:14 -04:00
/**
* @ runInSeparateProcess
*/
public function testCreateInvalidExpire ()
{
$this -> reset ();
2015-09-22 17:21:31 -04:00
$options = parse_ini_file ( CONF , true );
2015-09-03 16:55:36 -04:00
$options [ 'traffic' ][ 'limit' ] = 0 ;
2015-09-22 17:21:31 -04:00
helper :: confBackup ();
helper :: createIniFile ( CONF , $options );
2015-09-21 16:32:52 -04:00
$_POST = helper :: getPaste ();
2015-08-29 14:29:14 -04:00
$_POST [ 'expire' ] = 'foo' ;
2015-09-27 14:34:39 -04:00
$_SERVER [ 'HTTP_X_REQUESTED_WITH' ] = 'JSONHttpRequest' ;
$_SERVER [ 'REQUEST_METHOD' ] = 'POST' ;
2015-08-29 14:29:14 -04:00
$_SERVER [ 'REMOTE_ADDR' ] = '::1' ;
ob_start ();
2016-07-11 05:58:15 -04:00
new privatebin ;
2015-08-29 14:29:14 -04:00
$content = ob_get_contents ();
2016-08-02 04:29:25 -04:00
ob_end_clean ();
2015-08-29 14:29:14 -04:00
$response = json_decode ( $content , true );
$this -> assertEquals ( 0 , $response [ 'status' ], 'outputs status' );
2016-07-06 05:37:13 -04:00
$this -> assertTrue ( $this -> _model -> exists ( $response [ 'id' ]), 'paste exists after posting data' );
$paste = $this -> _model -> read ( $response [ 'id' ]);
2015-08-29 14:29:14 -04:00
$this -> assertEquals (
2016-07-06 05:37:13 -04:00
hash_hmac ( 'sha256' , $response [ 'id' ], $paste -> meta -> salt ),
2015-08-29 14:29:14 -04:00
$response [ 'deletetoken' ],
'outputs valid delete token'
);
}
/**
* @ runInSeparateProcess
*/
public function testCreateInvalidBurn ()
{
$this -> reset ();
2015-09-22 17:21:31 -04:00
$options = parse_ini_file ( CONF , true );
2015-09-03 16:55:36 -04:00
$options [ 'traffic' ][ 'limit' ] = 0 ;
2015-09-22 17:21:31 -04:00
helper :: confBackup ();
helper :: createIniFile ( CONF , $options );
2015-09-21 16:32:52 -04:00
$_POST = helper :: getPaste ();
2015-08-29 14:29:14 -04:00
$_POST [ 'burnafterreading' ] = 'neither 1 nor 0' ;
2015-09-27 14:34:39 -04:00
$_SERVER [ 'HTTP_X_REQUESTED_WITH' ] = 'JSONHttpRequest' ;
$_SERVER [ 'REQUEST_METHOD' ] = 'POST' ;
2015-08-29 14:29:14 -04:00
$_SERVER [ 'REMOTE_ADDR' ] = '::1' ;
ob_start ();
2016-07-11 05:58:15 -04:00
new privatebin ;
2015-08-29 14:29:14 -04:00
$content = ob_get_contents ();
2016-08-02 04:29:25 -04:00
ob_end_clean ();
2015-08-29 14:29:14 -04:00
$response = json_decode ( $content , true );
$this -> assertEquals ( 1 , $response [ 'status' ], 'outputs error status' );
2015-09-21 16:32:52 -04:00
$this -> assertFalse ( $this -> _model -> exists ( helper :: getPasteId ()), 'paste exists after posting data' );
2015-08-29 14:29:14 -04:00
}
/**
* @ runInSeparateProcess
*/
public function testCreateInvalidOpenDiscussion ()
{
$this -> reset ();
2015-09-22 17:21:31 -04:00
$options = parse_ini_file ( CONF , true );
2015-09-03 16:55:36 -04:00
$options [ 'traffic' ][ 'limit' ] = 0 ;
2015-09-22 17:21:31 -04:00
helper :: confBackup ();
helper :: createIniFile ( CONF , $options );
2015-09-21 16:32:52 -04:00
$_POST = helper :: getPaste ();
2015-08-29 14:29:14 -04:00
$_POST [ 'opendiscussion' ] = 'neither 1 nor 0' ;
2015-09-27 14:34:39 -04:00
$_SERVER [ 'HTTP_X_REQUESTED_WITH' ] = 'JSONHttpRequest' ;
$_SERVER [ 'REQUEST_METHOD' ] = 'POST' ;
2015-08-29 14:29:14 -04:00
$_SERVER [ 'REMOTE_ADDR' ] = '::1' ;
ob_start ();
2016-07-11 05:58:15 -04:00
new privatebin ;
2015-08-29 14:29:14 -04:00
$content = ob_get_contents ();
2016-08-02 04:29:25 -04:00
ob_end_clean ();
2015-08-29 14:29:14 -04:00
$response = json_decode ( $content , true );
$this -> assertEquals ( 1 , $response [ 'status' ], 'outputs error status' );
2015-09-21 16:32:52 -04:00
$this -> assertFalse ( $this -> _model -> exists ( helper :: getPasteId ()), 'paste exists after posting data' );
2015-08-29 14:29:14 -04:00
}
2015-09-19 11:23:10 -04:00
/**
* @ runInSeparateProcess
*/
public function testCreateAttachment ()
{
$this -> reset ();
2015-09-22 17:21:31 -04:00
$options = parse_ini_file ( CONF , true );
2015-09-19 11:23:10 -04:00
$options [ 'traffic' ][ 'limit' ] = 0 ;
$options [ 'main' ][ 'fileupload' ] = true ;
2015-09-22 17:21:31 -04:00
helper :: confBackup ();
helper :: createIniFile ( CONF , $options );
2015-09-26 06:29:27 -04:00
$_POST = helper :: getPasteWithAttachment ();
2015-09-27 14:34:39 -04:00
$_SERVER [ 'HTTP_X_REQUESTED_WITH' ] = 'JSONHttpRequest' ;
$_SERVER [ 'REQUEST_METHOD' ] = 'POST' ;
2015-09-19 11:23:10 -04:00
$_SERVER [ 'REMOTE_ADDR' ] = '::1' ;
2015-09-26 06:29:27 -04:00
$this -> assertFalse ( $this -> _model -> exists ( helper :: getPasteId ()), 'paste does not exists before posting data' );
2015-09-19 11:23:10 -04:00
ob_start ();
2016-07-11 05:58:15 -04:00
new privatebin ;
2015-09-19 11:23:10 -04:00
$content = ob_get_contents ();
2016-08-02 04:29:25 -04:00
ob_end_clean ();
2015-09-19 11:23:10 -04:00
$response = json_decode ( $content , true );
$this -> assertEquals ( 0 , $response [ 'status' ], 'outputs status' );
$this -> assertTrue ( $this -> _model -> exists ( $response [ 'id' ]), 'paste exists after posting data' );
2015-09-26 06:29:27 -04:00
$original = json_decode ( json_encode ( $_POST ));
$stored = $this -> _model -> read ( $response [ 'id' ]);
foreach ( array ( 'data' , 'attachment' , 'attachmentname' ) as $key ) {
$this -> assertEquals ( $original -> $key , $stored -> $key );
}
2016-07-06 05:37:13 -04:00
$this -> assertEquals (
hash_hmac ( 'sha256' , $response [ 'id' ], $stored -> meta -> salt ),
$response [ 'deletetoken' ],
'outputs valid delete token'
);
2015-09-19 11:23:10 -04:00
}
2016-07-19 09:26:41 -04:00
/**
* In some webserver setups ( found with Suhosin ) overly long POST params are
* silently removed , check that this case is handled
*
* @ runInSeparateProcess
*/
public function testCreateBrokenAttachmentUpload ()
{
$this -> reset ();
$options = parse_ini_file ( CONF , true );
$options [ 'traffic' ][ 'limit' ] = 0 ;
$options [ 'main' ][ 'fileupload' ] = true ;
helper :: confBackup ();
helper :: createIniFile ( CONF , $options );
$_POST = helper :: getPasteWithAttachment ();
unset ( $_POST [ 'attachment' ]);
$_SERVER [ 'HTTP_X_REQUESTED_WITH' ] = 'JSONHttpRequest' ;
$_SERVER [ 'REQUEST_METHOD' ] = 'POST' ;
$_SERVER [ 'REMOTE_ADDR' ] = '::1' ;
$this -> assertFalse ( $this -> _model -> exists ( helper :: getPasteId ()), 'paste does not exists before posting data' );
ob_start ();
new privatebin ;
$content = ob_get_contents ();
2016-08-02 04:29:25 -04:00
ob_end_clean ();
2016-07-19 09:26:41 -04:00
$response = json_decode ( $content , true );
$this -> assertEquals ( 1 , $response [ 'status' ], 'outputs error status' );
$this -> assertFalse ( $this -> _model -> exists ( helper :: getPasteId ()), 'paste exists after posting data' );
}
2016-07-18 08:47:32 -04:00
/**
* @ runInSeparateProcess
*/
public function testCreateTooSoon ()
{
$this -> reset ();
$_POST = helper :: getPaste ();
$_SERVER [ 'HTTP_X_REQUESTED_WITH' ] = 'JSONHttpRequest' ;
$_SERVER [ 'REQUEST_METHOD' ] = 'POST' ;
$_SERVER [ 'REMOTE_ADDR' ] = '::1' ;
ob_start ();
new privatebin ;
ob_end_clean ();
$this -> _model -> delete ( helper :: getPasteId ());
ob_start ();
new privatebin ;
$content = ob_get_contents ();
2016-08-02 04:29:25 -04:00
ob_end_clean ();
2016-07-18 08:47:32 -04:00
$response = json_decode ( $content , true );
$this -> assertEquals ( 1 , $response [ 'status' ], 'outputs error status' );
$this -> assertFalse ( $this -> _model -> exists ( helper :: getPasteId ()), 'paste exists after posting data' );
}
2015-08-29 14:29:14 -04:00
/**
* @ runInSeparateProcess
*/
public function testCreateValidNick ()
{
$this -> reset ();
2015-09-22 17:21:31 -04:00
$options = parse_ini_file ( CONF , true );
2015-09-03 16:55:36 -04:00
$options [ 'traffic' ][ 'limit' ] = 0 ;
2015-09-22 17:21:31 -04:00
helper :: confBackup ();
helper :: createIniFile ( CONF , $options );
2015-09-21 16:32:52 -04:00
$_POST = helper :: getPaste ();
$_POST [ 'nickname' ] = helper :: getComment ()[ 'meta' ][ 'nickname' ];
2015-09-27 14:34:39 -04:00
$_SERVER [ 'HTTP_X_REQUESTED_WITH' ] = 'JSONHttpRequest' ;
$_SERVER [ 'REQUEST_METHOD' ] = 'POST' ;
2015-08-29 14:29:14 -04:00
$_SERVER [ 'REMOTE_ADDR' ] = '::1' ;
ob_start ();
2016-07-11 05:58:15 -04:00
new privatebin ;
2015-08-29 14:29:14 -04:00
$content = ob_get_contents ();
2016-08-02 04:29:25 -04:00
ob_end_clean ();
2015-08-29 14:29:14 -04:00
$response = json_decode ( $content , true );
$this -> assertEquals ( 0 , $response [ 'status' ], 'outputs status' );
2016-07-06 05:37:13 -04:00
$this -> assertTrue ( $this -> _model -> exists ( $response [ 'id' ]), 'paste exists after posting data' );
$paste = $this -> _model -> read ( $response [ 'id' ]);
2015-08-29 14:29:14 -04:00
$this -> assertEquals (
2016-07-06 05:37:13 -04:00
hash_hmac ( 'sha256' , $response [ 'id' ], $paste -> meta -> salt ),
2015-08-29 14:29:14 -04:00
$response [ 'deletetoken' ],
'outputs valid delete token'
);
}
/**
* @ runInSeparateProcess
*/
public function testCreateInvalidNick ()
{
$this -> reset ();
2015-09-22 17:21:31 -04:00
$options = parse_ini_file ( CONF , true );
2015-09-03 16:55:36 -04:00
$options [ 'traffic' ][ 'limit' ] = 0 ;
2015-09-22 17:21:31 -04:00
helper :: confBackup ();
helper :: createIniFile ( CONF , $options );
2015-10-03 09:52:37 -04:00
$_POST = helper :: getCommentPost ();
2015-09-26 21:03:55 -04:00
$_POST [ 'pasteid' ] = helper :: getPasteId ();
$_POST [ 'parentid' ] = helper :: getPasteId ();
2015-08-29 14:29:14 -04:00
$_POST [ 'nickname' ] = 'foo' ;
2015-09-27 14:34:39 -04:00
$_SERVER [ 'HTTP_X_REQUESTED_WITH' ] = 'JSONHttpRequest' ;
$_SERVER [ 'REQUEST_METHOD' ] = 'POST' ;
2015-08-29 14:29:14 -04:00
$_SERVER [ 'REMOTE_ADDR' ] = '::1' ;
2015-09-26 21:03:55 -04:00
$this -> _model -> create ( helper :: getPasteId (), helper :: getPaste ());
2015-08-29 14:29:14 -04:00
ob_start ();
2016-07-11 05:58:15 -04:00
new privatebin ;
2015-08-29 14:29:14 -04:00
$content = ob_get_contents ();
2016-08-02 04:29:25 -04:00
ob_end_clean ();
2015-08-29 14:29:14 -04:00
$response = json_decode ( $content , true );
$this -> assertEquals ( 1 , $response [ 'status' ], 'outputs error status' );
2015-09-26 21:03:55 -04:00
$this -> assertTrue ( $this -> _model -> exists ( helper :: getPasteId ()), 'paste exists after posting data' );
2015-08-29 14:29:14 -04:00
}
/**
* @ runInSeparateProcess
*/
public function testCreateComment ()
{
$this -> reset ();
2015-09-22 17:21:31 -04:00
$options = parse_ini_file ( CONF , true );
2015-09-03 16:55:36 -04:00
$options [ 'traffic' ][ 'limit' ] = 0 ;
2015-09-22 17:21:31 -04:00
helper :: confBackup ();
helper :: createIniFile ( CONF , $options );
2015-10-03 09:52:37 -04:00
$_POST = helper :: getCommentPost ();
2015-09-21 16:32:52 -04:00
$_POST [ 'pasteid' ] = helper :: getPasteId ();
$_POST [ 'parentid' ] = helper :: getPasteId ();
2015-09-27 14:34:39 -04:00
$_SERVER [ 'HTTP_X_REQUESTED_WITH' ] = 'JSONHttpRequest' ;
$_SERVER [ 'REQUEST_METHOD' ] = 'POST' ;
2015-08-29 14:29:14 -04:00
$_SERVER [ 'REMOTE_ADDR' ] = '::1' ;
2015-09-21 16:32:52 -04:00
$this -> _model -> create ( helper :: getPasteId (), helper :: getPaste ());
2015-08-29 14:29:14 -04:00
ob_start ();
2016-07-11 05:58:15 -04:00
new privatebin ;
2015-08-29 14:29:14 -04:00
$content = ob_get_contents ();
2016-08-02 04:29:25 -04:00
ob_end_clean ();
2015-08-29 14:29:14 -04:00
$response = json_decode ( $content , true );
$this -> assertEquals ( 0 , $response [ 'status' ], 'outputs status' );
2015-09-21 16:32:52 -04:00
$this -> assertTrue ( $this -> _model -> existsComment ( helper :: getPasteId (), helper :: getPasteId (), $response [ 'id' ]), 'paste exists after posting data' );
2015-08-29 14:29:14 -04:00
}
2015-09-03 16:55:36 -04:00
/**
* @ runInSeparateProcess
*/
public function testCreateInvalidComment ()
{
$this -> reset ();
2015-09-22 17:21:31 -04:00
$options = parse_ini_file ( CONF , true );
2015-09-03 16:55:36 -04:00
$options [ 'traffic' ][ 'limit' ] = 0 ;
2015-09-22 17:21:31 -04:00
helper :: confBackup ();
helper :: createIniFile ( CONF , $options );
2015-10-03 09:52:37 -04:00
$_POST = helper :: getCommentPost ();
2015-09-21 16:32:52 -04:00
$_POST [ 'pasteid' ] = helper :: getPasteId ();
2015-09-03 16:55:36 -04:00
$_POST [ 'parentid' ] = 'foo' ;
2015-09-27 14:34:39 -04:00
$_SERVER [ 'HTTP_X_REQUESTED_WITH' ] = 'JSONHttpRequest' ;
$_SERVER [ 'REQUEST_METHOD' ] = 'POST' ;
2015-09-03 16:55:36 -04:00
$_SERVER [ 'REMOTE_ADDR' ] = '::1' ;
2015-09-21 16:32:52 -04:00
$this -> _model -> create ( helper :: getPasteId (), helper :: getPaste ());
2015-09-03 16:55:36 -04:00
ob_start ();
2016-07-11 05:58:15 -04:00
new privatebin ;
2015-09-03 16:55:36 -04:00
$content = ob_get_contents ();
2016-08-02 04:29:25 -04:00
ob_end_clean ();
2015-09-03 16:55:36 -04:00
$response = json_decode ( $content , true );
$this -> assertEquals ( 1 , $response [ 'status' ], 'outputs error status' );
2015-09-21 16:32:52 -04:00
$this -> assertFalse ( $this -> _model -> existsComment ( helper :: getPasteId (), helper :: getPasteId (), helper :: getCommentId ()), 'paste exists after posting data' );
2015-09-03 16:55:36 -04:00
}
2015-08-29 14:29:14 -04:00
/**
* @ runInSeparateProcess
*/
public function testCreateCommentDiscussionDisabled ()
{
$this -> reset ();
2015-09-22 17:21:31 -04:00
$options = parse_ini_file ( CONF , true );
2015-09-03 16:55:36 -04:00
$options [ 'traffic' ][ 'limit' ] = 0 ;
2015-09-22 17:21:31 -04:00
helper :: confBackup ();
helper :: createIniFile ( CONF , $options );
2015-10-03 09:52:37 -04:00
$_POST = helper :: getCommentPost ();
2015-09-21 16:32:52 -04:00
$_POST [ 'pasteid' ] = helper :: getPasteId ();
$_POST [ 'parentid' ] = helper :: getPasteId ();
2015-09-27 14:34:39 -04:00
$_SERVER [ 'HTTP_X_REQUESTED_WITH' ] = 'JSONHttpRequest' ;
$_SERVER [ 'REQUEST_METHOD' ] = 'POST' ;
2015-08-29 14:29:14 -04:00
$_SERVER [ 'REMOTE_ADDR' ] = '::1' ;
2015-09-21 16:32:52 -04:00
$paste = helper :: getPaste ( array ( 'opendiscussion' => false ));
$this -> _model -> create ( helper :: getPasteId (), $paste );
2015-08-29 14:29:14 -04:00
ob_start ();
2016-07-11 05:58:15 -04:00
new privatebin ;
2015-08-29 14:29:14 -04:00
$content = ob_get_contents ();
2016-08-02 04:29:25 -04:00
ob_end_clean ();
2015-08-29 14:29:14 -04:00
$response = json_decode ( $content , true );
$this -> assertEquals ( 1 , $response [ 'status' ], 'outputs error status' );
2015-09-21 16:32:52 -04:00
$this -> assertFalse ( $this -> _model -> existsComment ( helper :: getPasteId (), helper :: getPasteId (), helper :: getCommentId ()), 'paste exists after posting data' );
2015-08-29 14:29:14 -04:00
}
/**
* @ runInSeparateProcess
*/
public function testCreateCommentInvalidPaste ()
{
$this -> reset ();
2015-09-22 17:21:31 -04:00
$options = parse_ini_file ( CONF , true );
2015-09-03 16:55:36 -04:00
$options [ 'traffic' ][ 'limit' ] = 0 ;
2015-09-22 17:21:31 -04:00
helper :: confBackup ();
helper :: createIniFile ( CONF , $options );
2015-10-03 09:52:37 -04:00
$_POST = helper :: getCommentPost ();
2015-09-21 16:32:52 -04:00
$_POST [ 'pasteid' ] = helper :: getPasteId ();
$_POST [ 'parentid' ] = helper :: getPasteId ();
2015-09-27 14:34:39 -04:00
$_SERVER [ 'HTTP_X_REQUESTED_WITH' ] = 'JSONHttpRequest' ;
$_SERVER [ 'REQUEST_METHOD' ] = 'POST' ;
2015-08-29 14:29:14 -04:00
$_SERVER [ 'REMOTE_ADDR' ] = '::1' ;
ob_start ();
2016-07-11 05:58:15 -04:00
new privatebin ;
2015-08-29 14:29:14 -04:00
$content = ob_get_contents ();
2016-08-02 04:29:25 -04:00
ob_end_clean ();
2015-08-29 14:29:14 -04:00
$response = json_decode ( $content , true );
$this -> assertEquals ( 1 , $response [ 'status' ], 'outputs error status' );
2015-09-21 16:32:52 -04:00
$this -> assertFalse ( $this -> _model -> existsComment ( helper :: getPasteId (), helper :: getPasteId (), helper :: getCommentId ()), 'paste exists after posting data' );
2015-08-29 14:29:14 -04:00
}
2015-09-03 16:55:36 -04:00
/**
* @ runInSeparateProcess
*/
public function testCreateDuplicateComment ()
{
$this -> reset ();
2015-09-22 17:21:31 -04:00
$options = parse_ini_file ( CONF , true );
2015-09-03 16:55:36 -04:00
$options [ 'traffic' ][ 'limit' ] = 0 ;
2015-09-22 17:21:31 -04:00
helper :: confBackup ();
helper :: createIniFile ( CONF , $options );
2015-09-21 16:32:52 -04:00
$this -> _model -> create ( helper :: getPasteId (), helper :: getPaste ());
$this -> _model -> createComment ( helper :: getPasteId (), helper :: getPasteId (), helper :: getCommentId (), helper :: getComment ());
$this -> assertTrue ( $this -> _model -> existsComment ( helper :: getPasteId (), helper :: getPasteId (), helper :: getCommentId ()), 'comment exists before posting data' );
2015-10-03 09:52:37 -04:00
$_POST = helper :: getCommentPost ();
2015-09-21 16:32:52 -04:00
$_POST [ 'pasteid' ] = helper :: getPasteId ();
$_POST [ 'parentid' ] = helper :: getPasteId ();
2015-09-27 14:34:39 -04:00
$_SERVER [ 'HTTP_X_REQUESTED_WITH' ] = 'JSONHttpRequest' ;
$_SERVER [ 'REQUEST_METHOD' ] = 'POST' ;
2015-09-03 16:55:36 -04:00
$_SERVER [ 'REMOTE_ADDR' ] = '::1' ;
ob_start ();
2016-07-11 05:58:15 -04:00
new privatebin ;
2015-09-03 16:55:36 -04:00
$content = ob_get_contents ();
2016-08-02 04:29:25 -04:00
ob_end_clean ();
2015-09-03 16:55:36 -04:00
$response = json_decode ( $content , true );
$this -> assertEquals ( 1 , $response [ 'status' ], 'outputs error status' );
2015-09-21 16:32:52 -04:00
$this -> assertTrue ( $this -> _model -> existsComment ( helper :: getPasteId (), helper :: getPasteId (), helper :: getCommentId ()), 'paste exists after posting data' );
2015-09-03 16:55:36 -04:00
}
2015-08-27 17:30:35 -04:00
/**
* @ runInSeparateProcess
*/
public function testRead ()
{
$this -> reset ();
2015-09-21 16:32:52 -04:00
$this -> _model -> create ( helper :: getPasteId (), helper :: getPaste ());
$_SERVER [ 'QUERY_STRING' ] = helper :: getPasteId ();
2015-08-27 17:30:35 -04:00
ob_start ();
2016-07-11 05:58:15 -04:00
new privatebin ;
2015-08-27 17:30:35 -04:00
$content = ob_get_contents ();
2016-08-02 04:29:25 -04:00
ob_end_clean ();
2016-05-22 12:35:07 -04:00
$this -> assertContains (
'<div id="cipherdata" class="hidden">' .
htmlspecialchars ( helper :: getPasteAsJson (), ENT_NOQUOTES ) .
'</div>' ,
2015-08-27 17:30:35 -04:00
$content ,
'outputs data correctly'
);
}
2015-08-29 14:29:14 -04:00
/**
* @ runInSeparateProcess
*/
public function testReadInvalidId ()
{
$this -> reset ();
$_SERVER [ 'QUERY_STRING' ] = 'foo' ;
ob_start ();
2016-07-11 05:58:15 -04:00
new privatebin ;
2015-08-29 14:29:14 -04:00
$content = ob_get_contents ();
2016-08-02 04:29:25 -04:00
ob_end_clean ();
2016-05-22 12:35:07 -04:00
$this -> assertRegExp (
'#<div[^>]*id="errormessage"[^>]*>.*Invalid paste ID\.</div>#' ,
2015-08-29 14:29:14 -04:00
$content ,
'outputs error correctly'
);
}
/**
* @ runInSeparateProcess
*/
public function testReadNonexisting ()
{
$this -> reset ();
2015-09-21 16:32:52 -04:00
$_SERVER [ 'QUERY_STRING' ] = helper :: getPasteId ();
2015-08-29 14:29:14 -04:00
ob_start ();
2016-07-11 05:58:15 -04:00
new privatebin ;
2015-08-29 14:29:14 -04:00
$content = ob_get_contents ();
2016-08-02 04:29:25 -04:00
ob_end_clean ();
2016-05-22 12:35:07 -04:00
$this -> assertRegExp (
'#<div[^>]*id="errormessage"[^>]*>.*Paste does not exist[^<]*</div>#' ,
2015-08-29 14:29:14 -04:00
$content ,
'outputs error correctly'
);
}
/**
* @ runInSeparateProcess
*/
public function testReadExpired ()
{
$this -> reset ();
2015-09-21 16:32:52 -04:00
$expiredPaste = helper :: getPaste ( array ( 'expire_date' => 1344803344 ));
$this -> _model -> create ( helper :: getPasteId (), $expiredPaste );
$_SERVER [ 'QUERY_STRING' ] = helper :: getPasteId ();
2015-08-29 14:29:14 -04:00
ob_start ();
2016-07-11 05:58:15 -04:00
new privatebin ;
2015-08-29 14:29:14 -04:00
$content = ob_get_contents ();
2016-08-02 04:29:25 -04:00
ob_end_clean ();
2016-05-22 12:35:07 -04:00
$this -> assertRegExp (
'#<div[^>]*id="errormessage"[^>]*>.*Paste does not exist[^<]*</div>#' ,
2015-08-29 14:29:14 -04:00
$content ,
'outputs error correctly'
);
}
/**
* @ runInSeparateProcess
*/
public function testReadBurn ()
{
$this -> reset ();
2015-09-21 16:32:52 -04:00
$burnPaste = helper :: getPaste ( array ( 'burnafterreading' => true ));
$this -> _model -> create ( helper :: getPasteId (), $burnPaste );
$_SERVER [ 'QUERY_STRING' ] = helper :: getPasteId ();
2015-08-29 14:29:14 -04:00
ob_start ();
2016-07-11 05:58:15 -04:00
new privatebin ;
2015-08-29 14:29:14 -04:00
$content = ob_get_contents ();
2016-08-02 04:29:25 -04:00
ob_end_clean ();
2016-07-06 05:37:13 -04:00
unset ( $burnPaste [ 'meta' ][ 'salt' ]);
2016-05-22 12:35:07 -04:00
$this -> assertContains (
'<div id="cipherdata" class="hidden">' .
htmlspecialchars ( helper :: getPasteAsJson ( $burnPaste [ 'meta' ]), ENT_NOQUOTES ) .
'</div>' ,
2015-08-29 14:29:14 -04:00
$content ,
'outputs data correctly'
);
}
2015-09-01 16:33:07 -04:00
/**
* @ runInSeparateProcess
*/
public function testReadJson ()
{
$this -> reset ();
2015-10-18 05:08:28 -04:00
$paste = helper :: getPaste ();
$this -> _model -> create ( helper :: getPasteId (), $paste );
2015-09-27 14:34:39 -04:00
$_SERVER [ 'QUERY_STRING' ] = helper :: getPasteId ();
$_SERVER [ 'HTTP_X_REQUESTED_WITH' ] = 'JSONHttpRequest' ;
2015-09-01 16:33:07 -04:00
ob_start ();
2016-07-11 05:58:15 -04:00
new privatebin ;
2015-09-01 16:33:07 -04:00
$content = ob_get_contents ();
2016-08-02 04:29:25 -04:00
ob_end_clean ();
2015-09-01 16:33:07 -04:00
$response = json_decode ( $content , true );
$this -> assertEquals ( 0 , $response [ 'status' ], 'outputs success status' );
2015-10-18 05:08:28 -04:00
$this -> assertEquals ( helper :: getPasteId (), $response [ 'id' ], 'outputs data correctly' );
$this -> assertStringEndsWith ( '?' . $response [ 'id' ], $response [ 'url' ], 'returned URL points to new paste' );
$this -> assertEquals ( $paste [ 'data' ], $response [ 'data' ], 'outputs data correctly' );
$this -> assertEquals ( $paste [ 'meta' ][ 'formatter' ], $response [ 'meta' ][ 'formatter' ], 'outputs format correctly' );
$this -> assertEquals ( $paste [ 'meta' ][ 'postdate' ], $response [ 'meta' ][ 'postdate' ], 'outputs postdate correctly' );
$this -> assertEquals ( $paste [ 'meta' ][ 'opendiscussion' ], $response [ 'meta' ][ 'opendiscussion' ], 'outputs opendiscussion correctly' );
$this -> assertEquals ( 0 , $response [ 'comment_count' ], 'outputs comment_count correctly' );
$this -> assertEquals ( 0 , $response [ 'comment_offset' ], 'outputs comment_offset correctly' );
2015-09-01 16:33:07 -04:00
}
2015-09-03 16:55:36 -04:00
/**
* @ runInSeparateProcess
*/
public function testReadInvalidJson ()
{
$this -> reset ();
2015-09-27 14:34:39 -04:00
$_SERVER [ 'QUERY_STRING' ] = helper :: getPasteId ();
$_SERVER [ 'HTTP_X_REQUESTED_WITH' ] = 'JSONHttpRequest' ;
2015-09-03 16:55:36 -04:00
ob_start ();
2016-07-11 05:58:15 -04:00
new privatebin ;
2015-09-03 16:55:36 -04:00
$content = ob_get_contents ();
2016-08-02 04:29:25 -04:00
ob_end_clean ();
2015-09-03 16:55:36 -04:00
$response = json_decode ( $content , true );
$this -> assertEquals ( 1 , $response [ 'status' ], 'outputs error status' );
}
2015-09-19 11:23:10 -04:00
/**
* @ runInSeparateProcess
*/
public function testReadOldSyntax ()
{
$this -> reset ();
2015-10-03 09:52:37 -04:00
$oldPaste = helper :: getPaste ();
2015-10-18 05:08:28 -04:00
$meta = array (
2015-10-03 09:52:37 -04:00
'syntaxcoloring' => true ,
'postdate' => $oldPaste [ 'meta' ][ 'postdate' ],
'opendiscussion' => $oldPaste [ 'meta' ][ 'opendiscussion' ],
);
2015-10-18 05:08:28 -04:00
$oldPaste [ 'meta' ] = $meta ;
2015-09-21 16:32:52 -04:00
$this -> _model -> create ( helper :: getPasteId (), $oldPaste );
$_SERVER [ 'QUERY_STRING' ] = helper :: getPasteId ();
2015-09-19 11:23:10 -04:00
ob_start ();
2016-07-11 05:58:15 -04:00
new privatebin ;
2015-09-19 11:23:10 -04:00
$content = ob_get_contents ();
2016-08-02 04:29:25 -04:00
ob_end_clean ();
2015-10-18 05:08:28 -04:00
$meta [ 'formatter' ] = 'syntaxhighlighting' ;
2016-05-22 12:35:07 -04:00
$this -> assertContains (
'<div id="cipherdata" class="hidden">' .
htmlspecialchars ( helper :: getPasteAsJson ( $meta ), ENT_NOQUOTES ) .
'</div>' ,
2015-09-19 11:23:10 -04:00
$content ,
'outputs data correctly'
);
}
/**
* @ runInSeparateProcess
*/
public function testReadOldFormat ()
{
$this -> reset ();
2015-09-21 16:32:52 -04:00
$oldPaste = helper :: getPaste ();
2015-09-19 11:23:10 -04:00
unset ( $oldPaste [ 'meta' ][ 'formatter' ]);
2015-09-21 16:32:52 -04:00
$this -> _model -> create ( helper :: getPasteId (), $oldPaste );
$_SERVER [ 'QUERY_STRING' ] = helper :: getPasteId ();
2015-09-19 11:23:10 -04:00
ob_start ();
2016-07-11 05:58:15 -04:00
new privatebin ;
2015-09-19 11:23:10 -04:00
$content = ob_get_contents ();
2016-08-02 04:29:25 -04:00
ob_end_clean ();
2015-09-19 11:23:10 -04:00
$oldPaste [ 'meta' ][ 'formatter' ] = 'plaintext' ;
2016-07-06 05:37:13 -04:00
unset ( $oldPaste [ 'meta' ][ 'salt' ]);
2016-05-22 12:35:07 -04:00
$this -> assertContains (
'<div id="cipherdata" class="hidden">' .
htmlspecialchars ( helper :: getPasteAsJson ( $oldPaste [ 'meta' ]), ENT_NOQUOTES ) .
'</div>' ,
2015-09-19 11:23:10 -04:00
$content ,
'outputs data correctly'
);
}
2015-08-27 17:30:35 -04:00
/**
* @ runInSeparateProcess
*/
public function testDelete ()
{
$this -> reset ();
2015-09-21 16:32:52 -04:00
$this -> _model -> create ( helper :: getPasteId (), helper :: getPaste ());
$this -> assertTrue ( $this -> _model -> exists ( helper :: getPasteId ()), 'paste exists before deleting data' );
2016-07-06 05:37:13 -04:00
$paste = $this -> _model -> read ( helper :: getPasteId ());
2015-09-21 16:32:52 -04:00
$_GET [ 'pasteid' ] = helper :: getPasteId ();
2016-07-06 05:37:13 -04:00
$_GET [ 'deletetoken' ] = hash_hmac ( 'sha256' , helper :: getPasteId (), $paste -> meta -> salt );
2015-08-27 17:30:35 -04:00
ob_start ();
2016-07-11 05:58:15 -04:00
new privatebin ;
2015-08-27 17:30:35 -04:00
$content = ob_get_contents ();
2016-08-02 04:29:25 -04:00
ob_end_clean ();
2016-05-22 12:35:07 -04:00
$this -> assertRegExp (
'#<div[^>]*id="status"[^>]*>.*Paste was properly deleted[^<]*</div>#s' ,
2015-08-27 17:30:35 -04:00
$content ,
'outputs deleted status correctly'
);
2015-09-21 16:32:52 -04:00
$this -> assertFalse ( $this -> _model -> exists ( helper :: getPasteId ()), 'paste successfully deleted' );
2015-08-27 17:30:35 -04:00
}
2015-08-29 14:29:14 -04:00
/**
* @ runInSeparateProcess
*/
public function testDeleteInvalidId ()
{
$this -> reset ();
2015-09-21 16:32:52 -04:00
$this -> _model -> create ( helper :: getPasteId (), helper :: getPaste ());
2015-08-29 14:29:14 -04:00
$_GET [ 'pasteid' ] = 'foo' ;
$_GET [ 'deletetoken' ] = 'bar' ;
ob_start ();
2016-07-11 05:58:15 -04:00
new privatebin ;
2015-08-29 14:29:14 -04:00
$content = ob_get_contents ();
2016-08-02 04:29:25 -04:00
ob_end_clean ();
2016-05-22 12:35:07 -04:00
$this -> assertRegExp (
'#<div[^>]*id="errormessage"[^>]*>.*Invalid paste ID\.</div>#' ,
2015-08-29 14:29:14 -04:00
$content ,
'outputs delete error correctly'
);
2015-09-21 16:32:52 -04:00
$this -> assertTrue ( $this -> _model -> exists ( helper :: getPasteId ()), 'paste exists after failing to delete data' );
2015-08-29 14:29:14 -04:00
}
/**
* @ runInSeparateProcess
*/
public function testDeleteInexistantId ()
{
$this -> reset ();
2015-09-21 16:32:52 -04:00
$_GET [ 'pasteid' ] = helper :: getPasteId ();
2015-08-29 14:29:14 -04:00
$_GET [ 'deletetoken' ] = 'bar' ;
ob_start ();
2016-07-11 05:58:15 -04:00
new privatebin ;
2015-08-29 14:29:14 -04:00
$content = ob_get_contents ();
2016-08-02 04:29:25 -04:00
ob_end_clean ();
2016-05-22 12:35:07 -04:00
$this -> assertRegExp (
'#<div[^>]*id="errormessage"[^>]*>.*Paste does not exist[^<]*</div>#' ,
2015-08-29 14:29:14 -04:00
$content ,
'outputs delete error correctly'
);
}
/**
* @ runInSeparateProcess
*/
public function testDeleteInvalidToken ()
{
$this -> reset ();
2015-09-21 16:32:52 -04:00
$this -> _model -> create ( helper :: getPasteId (), helper :: getPaste ());
$_GET [ 'pasteid' ] = helper :: getPasteId ();
2015-08-29 14:29:14 -04:00
$_GET [ 'deletetoken' ] = 'bar' ;
ob_start ();
2016-07-11 05:58:15 -04:00
new privatebin ;
2015-08-29 14:29:14 -04:00
$content = ob_get_contents ();
2016-08-02 04:29:25 -04:00
ob_end_clean ();
2016-05-22 12:35:07 -04:00
$this -> assertRegExp (
'#<div[^>]*id="errormessage"[^>]*>.*Wrong deletion token[^<]*</div>#' ,
2015-08-29 14:29:14 -04:00
$content ,
'outputs delete error correctly'
);
2015-09-21 16:32:52 -04:00
$this -> assertTrue ( $this -> _model -> exists ( helper :: getPasteId ()), 'paste exists after failing to delete data' );
2015-08-29 14:29:14 -04:00
}
2015-08-31 16:10:41 -04:00
/**
* @ runInSeparateProcess
*/
public function testDeleteBurnAfterReading ()
{
$this -> reset ();
2015-09-21 16:32:52 -04:00
$burnPaste = helper :: getPaste ( array ( 'burnafterreading' => true ));
$this -> _model -> create ( helper :: getPasteId (), $burnPaste );
$this -> assertTrue ( $this -> _model -> exists ( helper :: getPasteId ()), 'paste exists before deleting data' );
2015-10-11 15:22:00 -04:00
$_POST [ 'deletetoken' ] = 'burnafterreading' ;
$_SERVER [ 'QUERY_STRING' ] = helper :: getPasteId ();
2015-09-27 14:34:39 -04:00
$_SERVER [ 'HTTP_X_REQUESTED_WITH' ] = 'JSONHttpRequest' ;
2015-10-11 15:22:00 -04:00
$_SERVER [ 'REQUEST_METHOD' ] = 'POST' ;
2015-08-31 16:10:41 -04:00
ob_start ();
2016-07-11 05:58:15 -04:00
new privatebin ;
2015-08-31 16:10:41 -04:00
$content = ob_get_contents ();
2016-08-02 04:29:25 -04:00
ob_end_clean ();
2015-08-31 16:10:41 -04:00
$response = json_decode ( $content , true );
$this -> assertEquals ( 0 , $response [ 'status' ], 'outputs status' );
2015-09-21 16:32:52 -04:00
$this -> assertFalse ( $this -> _model -> exists ( helper :: getPasteId ()), 'paste successfully deleted' );
2015-08-31 16:10:41 -04:00
}
/**
* @ runInSeparateProcess
*/
public function testDeleteInvalidBurnAfterReading ()
{
$this -> reset ();
2015-09-21 16:32:52 -04:00
$this -> _model -> create ( helper :: getPasteId (), helper :: getPaste ());
$this -> assertTrue ( $this -> _model -> exists ( helper :: getPasteId ()), 'paste exists before deleting data' );
2015-10-11 15:22:00 -04:00
$_POST [ 'deletetoken' ] = 'burnafterreading' ;
$_SERVER [ 'QUERY_STRING' ] = helper :: getPasteId ();
2015-09-27 14:34:39 -04:00
$_SERVER [ 'HTTP_X_REQUESTED_WITH' ] = 'JSONHttpRequest' ;
2015-10-11 15:22:00 -04:00
$_SERVER [ 'REQUEST_METHOD' ] = 'POST' ;
2015-08-31 16:10:41 -04:00
ob_start ();
2016-07-11 05:58:15 -04:00
new privatebin ;
2015-08-31 16:10:41 -04:00
$content = ob_get_contents ();
2016-08-02 04:29:25 -04:00
ob_end_clean ();
2015-08-31 16:10:41 -04:00
$response = json_decode ( $content , true );
$this -> assertEquals ( 1 , $response [ 'status' ], 'outputs status' );
2015-09-21 16:32:52 -04:00
$this -> assertTrue ( $this -> _model -> exists ( helper :: getPasteId ()), 'paste successfully deleted' );
2015-08-31 16:10:41 -04:00
}
2015-09-03 16:55:36 -04:00
/**
* @ runInSeparateProcess
*/
public function testDeleteExpired ()
{
$this -> reset ();
2015-09-21 16:32:52 -04:00
$expiredPaste = helper :: getPaste ( array ( 'expire_date' => 1000 ));
$this -> assertFalse ( $this -> _model -> exists ( helper :: getPasteId ()), 'paste does not exist before being created' );
$this -> _model -> create ( helper :: getPasteId (), $expiredPaste );
$this -> assertTrue ( $this -> _model -> exists ( helper :: getPasteId ()), 'paste exists before deleting data' );
$_GET [ 'pasteid' ] = helper :: getPasteId ();
2015-09-06 13:21:17 -04:00
$_GET [ 'deletetoken' ] = 'does not matter in this context, but has to be set' ;
2015-09-03 16:55:36 -04:00
ob_start ();
2016-07-11 05:58:15 -04:00
new privatebin ;
2015-09-03 16:55:36 -04:00
$content = ob_get_contents ();
2016-08-02 04:29:25 -04:00
ob_end_clean ();
2016-05-22 12:35:07 -04:00
$this -> assertRegExp (
'#<div[^>]*id="errormessage"[^>]*>.*Paste does not exist[^<]*</div>#' ,
2015-09-03 16:55:36 -04:00
$content ,
'outputs error correctly'
);
2015-09-21 16:32:52 -04:00
$this -> assertFalse ( $this -> _model -> exists ( helper :: getPasteId ()), 'paste successfully deleted' );
2015-09-03 16:55:36 -04:00
}
2016-07-06 05:37:13 -04:00
/**
* @ runInSeparateProcess
*/
public function testDeleteMissingPerPasteSalt ()
{
$this -> reset ();
$paste = helper :: getPaste ();
unset ( $paste [ 'meta' ][ 'salt' ]);
$this -> _model -> create ( helper :: getPasteId (), $paste );
$this -> assertTrue ( $this -> _model -> exists ( helper :: getPasteId ()), 'paste exists before deleting data' );
$_GET [ 'pasteid' ] = helper :: getPasteId ();
$_GET [ 'deletetoken' ] = hash_hmac ( 'sha256' , helper :: getPasteId (), serversalt :: get ());
ob_start ();
2016-07-11 05:58:15 -04:00
new privatebin ;
2016-07-06 05:37:13 -04:00
$content = ob_get_contents ();
2016-08-02 04:29:25 -04:00
ob_end_clean ();
2016-07-06 05:37:13 -04:00
$this -> assertRegExp (
'#<div[^>]*id="status"[^>]*>.*Paste was properly deleted[^<]*</div>#s' ,
$content ,
'outputs deleted status correctly'
);
$this -> assertFalse ( $this -> _model -> exists ( helper :: getPasteId ()), 'paste successfully deleted' );
}
2016-07-05 11:23:25 -04:00
}