Infra-Mirrors/PrivateBin
1
0
Fork 0
mirror of https://github.com/PrivateBin/PrivateBin.git synced 2025-10-05 09:58:48 -04:00
Code Issues Projects Releases Packages Wiki Activity

Merge branch 'master' into webcrypto

Browse source
This commit is contained in:
El RIDO 2019-01-22 20:11:42 +01:00
commit e418b083e8
No known key found for this signature in database
GPG key ID: 0F5C940A6BD81F92
11 changed files with 173 additions and 35 deletions
Download patch file Download diff file Expand all files Collapse all files

1
tst/ConfigurationTestGenerator.php
View file

@ -507,6 +507,7 @@ EOT;
$code .= PHP_EOL . <<<'EOT'
$this->_model->create(Helper::getPasteId(), Helper::getPaste());
$_SERVER['QUERY_STRING'] = Helper::getPasteId();
$_GET[Helper::getPasteId()] = '';
$_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest';
EOT;
break;

8
tst/ControllerTest.php
View file

@ -680,6 +680,7 @@ class ControllerTest extends PHPUnit_Framework_TestCase
public function testReadInvalidId()
{
$_SERVER['QUERY_STRING'] = 'foo';
$_GET['foo'] = '';
$_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest';
ob_start();
new Controller;
@ -696,6 +697,7 @@ class ControllerTest extends PHPUnit_Framework_TestCase
public function testReadNonexisting()
{
$_SERVER['QUERY_STRING'] = Helper::getPasteId();
$_GET[Helper::getPasteId()] = '';
$_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest';
ob_start();
new Controller;
@ -714,6 +716,7 @@ class ControllerTest extends PHPUnit_Framework_TestCase
$expiredPaste = Helper::getPaste(array('expire_date' => 1344803344));
$this->_model->create(Helper::getPasteId(), $expiredPaste);
$_SERVER['QUERY_STRING'] = Helper::getPasteId();
$_GET[Helper::getPasteId()] = '';
$_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest';
ob_start();
new Controller;
@ -732,6 +735,7 @@ class ControllerTest extends PHPUnit_Framework_TestCase
$paste = Helper::getPaste(array('burnafterreading' => true));
$this->_model->create(Helper::getPasteId(), $paste);
$_SERVER['QUERY_STRING'] = Helper::getPasteId();
$_GET[Helper::getPasteId()] = '';
$_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest';
ob_start();
new Controller;
@ -760,6 +764,7 @@ class ControllerTest extends PHPUnit_Framework_TestCase
$paste = Helper::getPaste();
$this->_model->create(Helper::getPasteId(), $paste);
$_SERVER['QUERY_STRING'] = Helper::getPasteId();
$_GET[Helper::getPasteId()] = '';
$_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest';
ob_start();
new Controller;
@ -790,6 +795,7 @@ class ControllerTest extends PHPUnit_Framework_TestCase
);
$this->_model->create(Helper::getPasteId(), $paste);
$_SERVER['QUERY_STRING'] = Helper::getPasteId();
$_GET[Helper::getPasteId()] = '';
$_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest';
ob_start();
new Controller;
@ -897,6 +903,7 @@ class ControllerTest extends PHPUnit_Framework_TestCase
$this->assertTrue($this->_model->exists(Helper::getPasteId()), 'paste exists before deleting data');
$_POST['deletetoken'] = 'burnafterreading';
$_SERVER['QUERY_STRING'] = Helper::getPasteId();
$_GET[Helper::getPasteId()] = '';
$_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest';
$_SERVER['REQUEST_METHOD'] = 'POST';
ob_start();
@ -917,6 +924,7 @@ class ControllerTest extends PHPUnit_Framework_TestCase
$this->assertTrue($this->_model->exists(Helper::getPasteId()), 'paste exists before deleting data');
$_POST['deletetoken'] = 'burnafterreading';
$_SERVER['QUERY_STRING'] = Helper::getPasteId();
$_GET[Helper::getPasteId()] = '';
$_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest';
$_SERVER['REQUEST_METHOD'] = 'POST';
ob_start();

3
tst/JsonApiTest.php
View file

@ -82,6 +82,7 @@ class JsonApiTest extends PHPUnit_Framework_TestCase
file_put_contents($file, http_build_query($paste));
Request::setInputStream($file);
$_SERVER['QUERY_STRING'] = Helper::getPasteId();
$_GET[Helper::getPasteId()] = '';
$_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest';
$_SERVER['REQUEST_METHOD'] = 'PUT';
$_SERVER['REMOTE_ADDR'] = '::1';
@ -117,6 +118,7 @@ class JsonApiTest extends PHPUnit_Framework_TestCase
)));
Request::setInputStream($file);
$_SERVER['QUERY_STRING'] = Helper::getPasteId();
$_GET[Helper::getPasteId()] = '';
$_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest';
$_SERVER['REQUEST_METHOD'] = 'DELETE';
ob_start();
@ -164,6 +166,7 @@ class JsonApiTest extends PHPUnit_Framework_TestCase
unset($paste['attachmentname']);
$this->_model->create(Helper::getPasteId(), $paste);
$_SERVER['QUERY_STRING'] = Helper::getPasteId();
$_GET[Helper::getPasteId()] = '';
$_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest';
ob_start();
new Controller;

94
tst/RequestTest.php
View file

@ -21,6 +21,36 @@ class RequestTest extends PHPUnit_Framework_TestCase
$_POST = array();
}
/**
* Returns 16 random hexadecimal characters.
*
* @access public
* @return string
*/
public function getRandomId()
{
// 8 binary bytes are 16 characters long in hex
return bin2hex(random_bytes(8));
}
/**
* Returns random query safe characters.
*
* @access public
* @return string
*/
public function getRandomQueryChars()
{
$queryChars = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ=';
$queryCharCount = strlen($queryChars) - 1;
$resultLength = random_int(1, 10);
$result = '';
for ($i = 0; $i < $resultLength; ++$i) {
$result .= $queryChars[random_int(0, $queryCharCount)];
}
return $result;
}
public function testView()
{
$this->reset();
@ -33,24 +63,27 @@ class RequestTest extends PHPUnit_Framework_TestCase
public function testRead()
{
$this->reset();
$id = $this->getRandomId();
$_SERVER['REQUEST_METHOD'] = 'GET';
$_SERVER['QUERY_STRING'] = 'foo';
$_SERVER['QUERY_STRING'] = $id;
$_GET[$id] = '';
$request = new Request;
$this->assertFalse($request->isJsonApiCall(), 'is HTML call');
$this->assertEquals('foo', $request->getParam('pasteid'));
$this->assertEquals($id, $request->getParam('pasteid'));
$this->assertEquals('read', $request->getOperation());
}
public function testDelete()
{
$this->reset();
$id = $this->getRandomId();
$_SERVER['REQUEST_METHOD'] = 'GET';
$_GET['pasteid'] = 'foo';
$_GET['pasteid'] = $id;
$_GET['deletetoken'] = 'bar';
$request = new Request;
$this->assertFalse($request->isJsonApiCall(), 'is HTML call');
$this->assertEquals('delete', $request->getOperation());
$this->assertEquals('foo', $request->getParam('pasteid'));
$this->assertEquals($id, $request->getParam('pasteid'));
$this->assertEquals('bar', $request->getParam('deletetoken'));
}
@ -84,74 +117,103 @@ class RequestTest extends PHPUnit_Framework_TestCase
public function testApiRead()
{
$this->reset();
$id = $this->getRandomId();
$_SERVER['REQUEST_METHOD'] = 'GET';
$_SERVER['HTTP_ACCEPT'] = 'application/json, text/javascript, */*; q=0.01';
$_SERVER['QUERY_STRING'] = 'foo';
$_SERVER['QUERY_STRING'] = $id;
$_GET[$id] = '';
$request = new Request;
$this->assertTrue($request->isJsonApiCall(), 'is JSON Api call');
$this->assertEquals('foo', $request->getParam('pasteid'));
$this->assertEquals($id, $request->getParam('pasteid'));
$this->assertEquals('read', $request->getOperation());
}
public function testApiDelete()
{
$this->reset();
$id = $this->getRandomId();
$_SERVER['REQUEST_METHOD'] = 'POST';
$_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest';
$_SERVER['QUERY_STRING'] = 'foo';
$_SERVER['QUERY_STRING'] = $id;
$_GET = array($id => '');
$_POST['deletetoken'] = 'bar';
$request = new Request;
$this->assertTrue($request->isJsonApiCall(), 'is JSON Api call');
$this->assertEquals('delete', $request->getOperation());
$this->assertEquals('foo', $request->getParam('pasteid'));
$this->assertEquals($id, $request->getParam('pasteid'));
$this->assertEquals('bar', $request->getParam('deletetoken'));
}
public function testReadWithNegotiation()
{
$this->reset();
$id = $this->getRandomId();
$_SERVER['REQUEST_METHOD'] = 'GET';
$_SERVER['HTTP_ACCEPT'] = 'text/html,text/html; charset=UTF-8,application/xhtml+xml, application/xml;q=0.9,*/*;q=0.8, text/csv,application/json';
$_SERVER['QUERY_STRING'] = 'foo';
$_SERVER['QUERY_STRING'] = $id;
$_GET[$id] = '';
$request = new Request;
$this->assertFalse($request->isJsonApiCall(), 'is HTML call');
$this->assertEquals('foo', $request->getParam('pasteid'));
$this->assertEquals($id, $request->getParam('pasteid'));
$this->assertEquals('read', $request->getOperation());
}
public function testReadWithXhtmlNegotiation()
{
$this->reset();
$id = $this->getRandomId();
$_SERVER['REQUEST_METHOD'] = 'GET';
$_SERVER['HTTP_ACCEPT'] = 'application/xhtml+xml,text/html,text/html; charset=UTF-8, application/xml;q=0.9,*/*;q=0.8, text/csv,application/json';
$_SERVER['QUERY_STRING'] = 'foo';
$_SERVER['QUERY_STRING'] = $id;
$_GET[$id] = '';
$request = new Request;
$this->assertFalse($request->isJsonApiCall(), 'is HTML call');
$this->assertEquals('foo', $request->getParam('pasteid'));
$this->assertEquals($id, $request->getParam('pasteid'));
$this->assertEquals('read', $request->getOperation());
}
public function testApiReadWithNegotiation()
{
$this->reset();
$id = $this->getRandomId();
$_SERVER['REQUEST_METHOD'] = 'GET';
$_SERVER['HTTP_ACCEPT'] = 'text/plain,text/csv, application/xml;q=0.9, application/json, text/html,text/html; charset=UTF-8,application/xhtml+xml, */*;q=0.8';
$_SERVER['QUERY_STRING'] = 'foo';
$_SERVER['QUERY_STRING'] = $id;
$_GET[$id] = '';
$request = new Request;
$this->assertTrue($request->isJsonApiCall(), 'is JSON Api call');
$this->assertEquals('foo', $request->getParam('pasteid'));
$this->assertEquals($id, $request->getParam('pasteid'));
$this->assertEquals('read', $request->getOperation());
}
public function testReadWithFailedNegotiation()
{
$this->reset();
$id = $this->getRandomId();
$_SERVER['REQUEST_METHOD'] = 'GET';
$_SERVER['HTTP_ACCEPT'] = 'text/plain,text/csv, application/xml;q=0.9, */*;q=0.8';
$_SERVER['QUERY_STRING'] = 'foo';
$_SERVER['QUERY_STRING'] = $id;
$_GET[$id] = '';
$request = new Request;
$this->assertFalse($request->isJsonApiCall(), 'is HTML call');
$this->assertEquals('foo', $request->getParam('pasteid'));
$this->assertEquals($id, $request->getParam('pasteid'));
$this->assertEquals('read', $request->getOperation());
}
public function testPasteIdExtraction()
{
$this->reset();
$id = $this->getRandomId();
$queryParams = array($id);
$queryParamCount = random_int(1, 5);
for ($i = 0; $i < $queryParamCount; ++$i) {
array_push($queryParams, $this->getRandomQueryChars());
}
shuffle($queryParams);
$_SERVER['REQUEST_METHOD'] = 'GET';
$_SERVER['QUERY_STRING'] = implode('&', $queryParams);
$_GET[$id] = '';
$request = new Request;
$this->assertEquals($id, $request->getParam('pasteid'));
}
}