From 830e2115a39f2e717773a94a58f66a4999757ff9 Mon Sep 17 00:00:00 2001 From: ivan Date: Thu, 4 Aug 2016 15:18:29 -0300 Subject: [PATCH] Ivan - Add ruby api testing for comment/create --- server/controllers/ticket/comment.php | 41 ++++--- server/data/ERRORS.php | 1 + server/index.php | 2 +- server/libs/Controller.php | 18 ++++ server/libs/Validator.php | 23 +--- .../{dataStoreExists.php => dataStoreId.php} | 0 server/models/Session.php | 12 +-- tests/scripts.rb | 18 +++- tests/ticket/comment.rb | 102 ++++++++++++++---- tests/ticket/create.rb | 35 ++++++ tests/user/signup.rb | 7 +- 11 files changed, 192 insertions(+), 67 deletions(-) rename server/libs/validations/{dataStoreExists.php => dataStoreId.php} (100%) diff --git a/server/controllers/ticket/comment.php b/server/controllers/ticket/comment.php index 1e1d632a..6331fdf0 100644 --- a/server/controllers/ticket/comment.php +++ b/server/controllers/ticket/comment.php @@ -1,40 +1,57 @@ 'any', - 'requestData' => [] + 'permission' => 'user', + 'requestData' => [ + 'content' => [ + 'validation' => DataValidator::length(20, 500), + 'error' => ERRORS::INVALID_CONTENT + ], + 'ticketId' => [ + 'validation' => DataValidator::dataStoreId('ticket'), + 'error' => ERRORS::INVALID_TICKET + ] + ] ]; } public function handler() { + $session = Session::getInstance(); $this->requestData(); - $this->storeComment(); - Response::respondSuccess(); + if ($session->isLoggedWithId($this->ticket->author->id) || Controller::isStaffLogged()) { + $this->storeComment(); + Response::respondSuccess(); + } else { + Response::respondError(ERRORS::NO_PERMISSION); + } } private function requestData() { - $this->ticketId = Controller::request('ticketId'); + $ticketId = Controller::request('ticketId'); + + $this->ticket = Ticket::getTicket($ticketId); $this->content = Controller::request('content'); } private function storeComment() { $comment = new Comment(); $comment->setProperties(array( - 'content' => $this->content + 'content' => $this->content, + 'author' => Controller::getLoggedUser(), + 'date' => Date::getCurrentDate() )); - $ticket = Ticket::getTicket($this->ticketId); - $ticket->ownCommentList->add($comment); - //$comment->store(); - $ticket->store(); + $this->ticket->ownCommentList->add($comment); + $this->ticket->store(); } } \ No newline at end of file diff --git a/server/data/ERRORS.php b/server/data/ERRORS.php index cd02d7c4..ec446f90 100644 --- a/server/data/ERRORS.php +++ b/server/data/ERRORS.php @@ -10,5 +10,6 @@ class ERRORS { const INVALID_NAME = 'Invalid name'; const INVALID_SETTING = 'Invalid setting'; const INVALID_DEPARTMENT = 'Invalid department'; + const INVALID_TICKET = 'Invalid ticket'; const INIT_SETTINGS_DONE = 'Settings already initialized'; } diff --git a/server/index.php b/server/index.php index 5f9c18ee..e6c6d5a9 100644 --- a/server/index.php +++ b/server/index.php @@ -38,7 +38,7 @@ spl_autoload_register(function ($class) { }); //Load custom validations -include_once 'libs/validations/dataStoreExists.php'; +include_once 'libs/validations/dataStoreId.php'; // LOAD CONTROLLERS foreach (glob('controllers/*.php') as $controller) { diff --git a/server/libs/Controller.php b/server/libs/Controller.php index 6f809351..73a642b2 100644 --- a/server/libs/Controller.php +++ b/server/libs/Controller.php @@ -1,5 +1,6 @@ checkAuthentication(array( + 'userId' => Controller::request('csrf_userid'), + 'token' => Controller::request('csrf_token') + )); + } + + public static function isStaffLogged() { + return Controller::isUserLogged() && (Controller::getLoggedUser()->admin === 1); + } + + public static function isAdminLogged() { + return Controller::isUserLogged() && (Controller::getLoggedUser()->admin === 2); + } + public static function getAppInstance() { return \Slim\Slim::getInstance(); } diff --git a/server/libs/Validator.php b/server/libs/Validator.php index 3ab52485..7bf85acc 100644 --- a/server/libs/Validator.php +++ b/server/libs/Validator.php @@ -15,9 +15,9 @@ class Validator { private function validatePermissions($permission) { $permissions = [ 'any' => true, - 'user' => $this->isUserLogged(), - 'staff' => $this->isStaffLogged(), - 'admin' => $this->isAdminLogged() + 'user' => Controller::isUserLogged(), + 'staff' => Controller::isStaffLogged(), + 'admin' => Controller::isAdminLogged() ]; if (!$permissions[$permission]) { @@ -41,21 +41,4 @@ class Validator { } } - private function isUserLogged() { - $session = Session::getInstance(); - - return $session->checkAuthentication(array( - 'userId' => Controller::request('csrf_userid'), - 'token' => Controller::request('csrf_token') - )); - } - - private function isStaffLogged() { - return $this->isUserLogged() && (Controller::getLoggedUser()->admin === 1); - } - - private function isAdminLogged() { - return $this->isUserLogged() && (Controller::getLoggedUser()->admin === 2); - } - } \ No newline at end of file diff --git a/server/libs/validations/dataStoreExists.php b/server/libs/validations/dataStoreId.php similarity index 100% rename from server/libs/validations/dataStoreExists.php rename to server/libs/validations/dataStoreId.php diff --git a/server/models/Session.php b/server/models/Session.php index 87339adc..9bb54dd6 100644 --- a/server/models/Session.php +++ b/server/models/Session.php @@ -26,7 +26,7 @@ class Session { public function createSession($userId) { $this->store('userId', $userId); - $this->store('token', $this->generateToken()); + $this->store('token', Hashing::generateRandomToken()); } public function getToken() { @@ -46,10 +46,6 @@ class Session { $token === $data['token']; } - public function isLoggedWithId($userId) { - return ($this->getStoredData('userId') === $userId); - } - private function store($key, $value) { $_SESSION[$key] = $value; } @@ -63,8 +59,8 @@ class Session { return $storedValue; } - - private function generateToken() { - return Hashing::generateRandomToken(); + + public function isLoggedWithId($userId) { + return ($this->getStoredData('userId') === $userId); } } \ No newline at end of file diff --git a/tests/scripts.rb b/tests/scripts.rb index f248029b..1c7fc804 100644 --- a/tests/scripts.rb +++ b/tests/scripts.rb @@ -1,13 +1,23 @@ class Scripts def self.createUser(email = 'steve@jobs.com', password = 'custompassword', name = 'steve jobs') response = request('/user/signup', { - 'name' => name, - 'email' => email, - 'password' => password + :name => name, + :email => email, + :password => password }) if response['status'] === 'fail' - raise "Could not create user" + raise 'Could not create user' end end + + def self.login(email = 'steve@jobs.com', password = 'custompassword') + request('/user/logout') + response = request('/user/login', { + :email => email, + :password => password + }) + + response['data'] + end end diff --git a/tests/ticket/comment.rb b/tests/ticket/comment.rb index f6364be2..fe0cb07c 100644 --- a/tests/ticket/comment.rb +++ b/tests/ticket/comment.rb @@ -1,23 +1,87 @@ describe 'ticket/comment/' do - #it 'should fail if not logged' do + it 'should fail if invalid token is passed' do + result = request('/ticket/comment', { + content: 'some comment content', + ticketId: 1, + csrf_userid: $csrf_userid, + csrf_token: 'INVALID_TOKEN' + }) + + (result['status']).should.equal('fail') + (result['message']).should.equal('You have no permission to access') + end + + it 'should fail if content is too short' do + result = request('/ticket/comment', { + content: 'Test', + ticketId: 1, + csrf_userid: $csrf_userid, + csrf_token: $csrf_token + }) + + (result['status']).should.equal('fail') + (result['message']).should.equal('Invalid content') + end + + it 'should fail if content is very long' do + long_text = '' + 600.times {long_text << 'a'} + + result = request('/ticket/comment', { + content: long_text, + ticketId: 1, + csrf_userid: $csrf_userid, + csrf_token: $csrf_token + }) + + (result['status']).should.equal('fail') + (result['message']).should.equal('Invalid content') + end + + it 'should fail if ticket does not exist' do + result = request('/ticket/comment', { + content: 'some comment content', + ticketId: 30, + csrf_userid: $csrf_userid, + csrf_token: $csrf_token + }) + + (result['status']).should.equal('fail') + (result['message']).should.equal('Invalid ticket') + end + + it 'should add comment to ticket' do + result = request('/ticket/comment', { + content: 'some comment content', + ticketId: 1, + csrf_userid: $csrf_userid, + csrf_token: $csrf_token + }) + + (result['status']).should.equal('success') + + comment = $database.getRow('comment', '1', 'id') + (comment['content']).should.equal('some comment content') + (comment['ticket_id']).should.equal('1') + (comment['author_id']).should.equal('1') + end + + it 'should fail if user is not the author nor owner' do + Scripts.createUser('commenter@comment.com', 'commenter', 'Commenter') + data = Scripts.login('commenter@comment.com', 'commenter') + + result = request('/ticket/comment', { + content: 'some comment content', + ticketId: 1, + csrf_userid: data['userId'], + csrf_token: data['token'] + }) + + (result['status']).should.equal('fail') + (result['message']).should.equal('You have no permission to access') + end + + #it 'should add comment if logged as ticket owner' do #end - - describe 'on successful request' do - - it 'should add comment to current ticket' do - result = request('/ticket/comment', { - content: 'some commment content', - ticketId: 1, - csrf_userid: $csrf_userid, - csrf_token: $csrf_token - }) - - (result['status']).should.equal('success') - end - - # it 'should link the comment to author' do - - # end - end end \ No newline at end of file diff --git a/tests/ticket/create.rb b/tests/ticket/create.rb index 54fd5039..79c52032 100644 --- a/tests/ticket/create.rb +++ b/tests/ticket/create.rb @@ -8,6 +8,19 @@ describe '/ticket/create' do $csrf_userid = result['data']['userId'] $csrf_token = result['data']['token'] + it 'should fail if invalid token is passed' do + result = request('/ticket/create', { + title: 'GG', + departmentId: 1, + csrf_userid: $csrf_userid, + csrf_token: 'INVALID_TOKEN' + }) + + (result['status']).should.equal('fail') + (result['message']).should.equal('You have no permission to access') + + end + it 'should fail if title is too short' do result = request('/ticket/create', { title: 'GG', @@ -62,6 +75,20 @@ describe '/ticket/create' do end + it 'should fail if departmentId is invalid' do + result = request('/ticket/create',{ + title: 'Winter is coming', + content: 'The north remembers', + departmentId: 30, + csrf_userid: $csrf_userid, + csrf_token: $csrf_token + }) + + (result['status']).should.equal('fail') + (result['message']).should.equal('Invalid department') + + end + it 'should create ticket if pass data is valid' do result = request('/ticket/create',{ title: 'Winter is coming', @@ -73,7 +100,15 @@ describe '/ticket/create' do puts result['message'] (result['status']).should.equal('success') + ticket = $database.getRow('ticket','Winter is coming','title') (ticket['content']).should.equal('The north remembers') + (ticket['unread']).should.equal('0') + (ticket['closed']).should.equal('0') + (ticket['department_id']).should.equal('1') + (ticket['author_id']).should.equal('1') + + ticket_user_relation = $database.getRow('ticket_user','1','ticket_id') + (ticket_user_relation['user_id']).should.equal('1') end end \ No newline at end of file diff --git a/tests/user/signup.rb b/tests/user/signup.rb index 33e1ceed..f1309ddc 100644 --- a/tests/user/signup.rb +++ b/tests/user/signup.rb @@ -1,15 +1,16 @@ describe '/user/signup' do it 'should create user in database' do response = request('/user/signup', { - 'name' => 'Steve Jobs', - 'email' => 'steve@jobs.com', - 'password' => 'custom' + :name => 'Steve Jobs', + :email => 'steve@jobs.com', + :password => 'custom' }) userRow = $database.getRow('user', response['data']['userId']) (userRow['email']).should.equal('steve@jobs.com') (userRow['name']).should.equal('Steve Jobs') + (userRow['admin']).should.equal('0') end it 'should fail if name is invalid' do