2024-06-04 07:13:55 +02:00
|
|
|
<?php declare(strict_types=1);
|
2016-07-21 17:09:48 +02:00
|
|
|
|
2020-10-10 12:08:58 +02:00
|
|
|
use PHPUnit\Framework\TestCase;
|
2016-08-09 11:54:42 +02:00
|
|
|
use PrivateBin\Request;
|
2016-07-21 17:09:48 +02:00
|
|
|
|
2020-10-10 12:08:58 +02:00
|
|
|
class RequestTest extends TestCase
|
2015-09-27 15:37:17 +02:00
|
|
|
{
|
|
|
|
public function reset()
|
|
|
|
{
|
|
|
|
$_SERVER = array();
|
2016-10-29 10:24:08 +02:00
|
|
|
$_GET = array();
|
|
|
|
$_POST = array();
|
2015-09-27 15:37:17 +02:00
|
|
|
}
|
|
|
|
|
2019-01-20 11:05:34 +01:00
|
|
|
/**
|
|
|
|
* Returns random query safe characters.
|
|
|
|
*
|
|
|
|
* @access public
|
|
|
|
* @return string
|
|
|
|
*/
|
|
|
|
public function getRandomQueryChars()
|
|
|
|
{
|
2019-01-20 12:28:03 +01:00
|
|
|
$queryChars = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ=';
|
2019-01-20 11:05:34 +01:00
|
|
|
$queryCharCount = strlen($queryChars) - 1;
|
2019-01-20 12:28:03 +01:00
|
|
|
$resultLength = random_int(1, 10);
|
2019-01-20 12:29:27 +01:00
|
|
|
$result = '';
|
2019-01-20 11:05:34 +01:00
|
|
|
for ($i = 0; $i < $resultLength; ++$i) {
|
|
|
|
$result .= $queryChars[random_int(0, $queryCharCount)];
|
|
|
|
}
|
|
|
|
return $result;
|
|
|
|
}
|
|
|
|
|
2015-09-27 15:37:17 +02:00
|
|
|
public function testView()
|
|
|
|
{
|
|
|
|
$this->reset();
|
|
|
|
$_SERVER['REQUEST_METHOD'] = 'GET';
|
2016-10-29 10:24:08 +02:00
|
|
|
$request = new Request;
|
2015-09-27 15:37:17 +02:00
|
|
|
$this->assertFalse($request->isJsonApiCall(), 'is HTML call');
|
|
|
|
$this->assertEquals('view', $request->getOperation());
|
|
|
|
}
|
|
|
|
|
|
|
|
public function testRead()
|
|
|
|
{
|
|
|
|
$this->reset();
|
2024-10-23 08:17:13 +02:00
|
|
|
$id = Helper::getRandomId();
|
|
|
|
$_SERVER['REQUEST_METHOD'] = 'GET';
|
|
|
|
$_SERVER['QUERY_STRING'] = $id;
|
|
|
|
$_GET[$id] = '';
|
|
|
|
$request = new Request;
|
|
|
|
$this->assertFalse($request->isJsonApiCall(), 'is HTML call');
|
|
|
|
$this->assertEquals($id, $request->getParam('pasteid'));
|
|
|
|
$this->assertEquals('read', $request->getOperation());
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* paste IDs are 8 bytes hex encoded strings, if unlucky, this turns into
|
|
|
|
* a numeric string that PHP will cast to an int, for example in array keys
|
|
|
|
* @see https://www.php.net/manual/en/language.types.array.php
|
|
|
|
*/
|
|
|
|
public function testReadNumeric()
|
|
|
|
{
|
|
|
|
$this->reset();
|
|
|
|
$id = '1234567812345678';
|
2015-09-27 15:37:17 +02:00
|
|
|
$_SERVER['REQUEST_METHOD'] = 'GET';
|
2019-01-20 11:05:34 +01:00
|
|
|
$_SERVER['QUERY_STRING'] = $id;
|
2019-01-21 23:49:33 +01:00
|
|
|
$_GET[$id] = '';
|
2016-10-29 10:24:08 +02:00
|
|
|
$request = new Request;
|
2015-09-27 15:37:17 +02:00
|
|
|
$this->assertFalse($request->isJsonApiCall(), 'is HTML call');
|
2019-01-20 11:05:34 +01:00
|
|
|
$this->assertEquals($id, $request->getParam('pasteid'));
|
2015-09-27 15:37:17 +02:00
|
|
|
$this->assertEquals('read', $request->getOperation());
|
|
|
|
}
|
|
|
|
|
|
|
|
public function testDelete()
|
|
|
|
{
|
|
|
|
$this->reset();
|
2024-10-23 08:17:13 +02:00
|
|
|
$id = Helper::getRandomId();
|
2015-09-27 15:37:17 +02:00
|
|
|
$_SERVER['REQUEST_METHOD'] = 'GET';
|
2019-01-20 11:05:34 +01:00
|
|
|
$_GET['pasteid'] = $id;
|
2016-10-29 10:24:08 +02:00
|
|
|
$_GET['deletetoken'] = 'bar';
|
|
|
|
$request = new Request;
|
2015-09-27 15:37:17 +02:00
|
|
|
$this->assertFalse($request->isJsonApiCall(), 'is HTML call');
|
|
|
|
$this->assertEquals('delete', $request->getOperation());
|
2019-01-20 11:05:34 +01:00
|
|
|
$this->assertEquals($id, $request->getParam('pasteid'));
|
2015-09-27 15:37:17 +02:00
|
|
|
$this->assertEquals('bar', $request->getParam('deletetoken'));
|
|
|
|
}
|
|
|
|
|
|
|
|
public function testApiCreate()
|
|
|
|
{
|
|
|
|
$this->reset();
|
2016-10-29 10:24:08 +02:00
|
|
|
$_SERVER['REQUEST_METHOD'] = 'PUT';
|
2015-09-27 15:37:17 +02:00
|
|
|
$_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest';
|
2016-10-29 10:24:08 +02:00
|
|
|
$file = tempnam(sys_get_temp_dir(), 'FOO');
|
2019-05-13 22:31:52 +02:00
|
|
|
file_put_contents($file, '{"ct":"foo"}');
|
2016-08-09 11:54:42 +02:00
|
|
|
Request::setInputStream($file);
|
|
|
|
$request = new Request;
|
2017-03-24 23:42:11 +01:00
|
|
|
unlink($file);
|
2022-12-12 20:46:47 +01:00
|
|
|
$this->assertTrue($request->isJsonApiCall(), 'is JSON API call');
|
2015-09-27 15:37:17 +02:00
|
|
|
$this->assertEquals('create', $request->getOperation());
|
2019-05-10 07:55:39 +02:00
|
|
|
$this->assertEquals('foo', $request->getParam('ct'));
|
2015-09-27 15:37:17 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
public function testApiCreateAlternative()
|
|
|
|
{
|
|
|
|
$this->reset();
|
|
|
|
$_SERVER['REQUEST_METHOD'] = 'POST';
|
2016-10-29 10:24:08 +02:00
|
|
|
$_SERVER['HTTP_ACCEPT'] = 'application/json, text/javascript, */*; q=0.01';
|
2019-05-13 22:31:52 +02:00
|
|
|
$file = tempnam(sys_get_temp_dir(), 'FOO');
|
|
|
|
file_put_contents($file, '{"ct":"foo"}');
|
|
|
|
Request::setInputStream($file);
|
|
|
|
$request = new Request;
|
2022-12-12 20:46:47 +01:00
|
|
|
$this->assertTrue($request->isJsonApiCall(), 'is JSON API call');
|
2015-09-27 15:37:17 +02:00
|
|
|
$this->assertEquals('create', $request->getOperation());
|
2019-05-10 07:55:39 +02:00
|
|
|
$this->assertEquals('foo', $request->getParam('ct'));
|
2015-09-27 15:37:17 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
public function testApiRead()
|
|
|
|
{
|
|
|
|
$this->reset();
|
2024-10-23 08:17:13 +02:00
|
|
|
$id = Helper::getRandomId();
|
2015-09-27 15:37:17 +02:00
|
|
|
$_SERVER['REQUEST_METHOD'] = 'GET';
|
2016-10-29 10:24:08 +02:00
|
|
|
$_SERVER['HTTP_ACCEPT'] = 'application/json, text/javascript, */*; q=0.01';
|
2019-01-20 11:05:34 +01:00
|
|
|
$_SERVER['QUERY_STRING'] = $id;
|
2019-01-21 23:49:33 +01:00
|
|
|
$_GET[$id] = '';
|
2016-10-29 10:24:08 +02:00
|
|
|
$request = new Request;
|
2022-12-12 20:46:47 +01:00
|
|
|
$this->assertTrue($request->isJsonApiCall(), 'is JSON API call');
|
2019-01-20 11:05:34 +01:00
|
|
|
$this->assertEquals($id, $request->getParam('pasteid'));
|
2015-09-27 15:37:17 +02:00
|
|
|
$this->assertEquals('read', $request->getOperation());
|
|
|
|
}
|
|
|
|
|
|
|
|
public function testApiDelete()
|
|
|
|
{
|
|
|
|
$this->reset();
|
2024-10-23 08:17:13 +02:00
|
|
|
$id = Helper::getRandomId();
|
2016-10-29 10:24:08 +02:00
|
|
|
$_SERVER['REQUEST_METHOD'] = 'POST';
|
2015-09-27 15:37:17 +02:00
|
|
|
$_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest';
|
2019-01-20 11:05:34 +01:00
|
|
|
$_SERVER['QUERY_STRING'] = $id;
|
2019-01-22 00:12:02 +01:00
|
|
|
$_GET = array($id => '');
|
2019-05-13 22:31:52 +02:00
|
|
|
$file = tempnam(sys_get_temp_dir(), 'FOO');
|
|
|
|
file_put_contents($file, '{"deletetoken":"bar"}');
|
|
|
|
Request::setInputStream($file);
|
|
|
|
$request = new Request;
|
2022-12-12 20:46:47 +01:00
|
|
|
$this->assertTrue($request->isJsonApiCall(), 'is JSON API call');
|
2015-09-27 15:37:17 +02:00
|
|
|
$this->assertEquals('delete', $request->getOperation());
|
2019-01-20 11:05:34 +01:00
|
|
|
$this->assertEquals($id, $request->getParam('pasteid'));
|
2015-09-27 15:37:17 +02:00
|
|
|
$this->assertEquals('bar', $request->getParam('deletetoken'));
|
|
|
|
}
|
2016-04-08 23:29:44 +02:00
|
|
|
|
2022-12-12 20:46:47 +01:00
|
|
|
public function testPostGarbage()
|
|
|
|
{
|
|
|
|
$this->reset();
|
|
|
|
$_SERVER['REQUEST_METHOD'] = 'POST';
|
|
|
|
$file = tempnam(sys_get_temp_dir(), 'FOO');
|
|
|
|
file_put_contents($file, random_bytes(256));
|
|
|
|
Request::setInputStream($file);
|
|
|
|
$request = new Request;
|
|
|
|
unlink($file);
|
|
|
|
$this->assertFalse($request->isJsonApiCall(), 'is HTML call');
|
|
|
|
$this->assertEquals('create', $request->getOperation());
|
|
|
|
}
|
|
|
|
|
2016-04-08 23:29:44 +02:00
|
|
|
public function testReadWithNegotiation()
|
|
|
|
{
|
|
|
|
$this->reset();
|
2024-10-23 08:17:13 +02:00
|
|
|
$id = Helper::getRandomId();
|
2016-04-08 23:29:44 +02:00
|
|
|
$_SERVER['REQUEST_METHOD'] = 'GET';
|
2016-10-29 10:24:08 +02:00
|
|
|
$_SERVER['HTTP_ACCEPT'] = 'text/html,text/html; charset=UTF-8,application/xhtml+xml, application/xml;q=0.9,*/*;q=0.8, text/csv,application/json';
|
2019-01-20 11:05:34 +01:00
|
|
|
$_SERVER['QUERY_STRING'] = $id;
|
2019-01-21 23:49:33 +01:00
|
|
|
$_GET[$id] = '';
|
2016-10-29 10:24:08 +02:00
|
|
|
$request = new Request;
|
2016-04-08 23:29:44 +02:00
|
|
|
$this->assertFalse($request->isJsonApiCall(), 'is HTML call');
|
2019-01-20 11:05:34 +01:00
|
|
|
$this->assertEquals($id, $request->getParam('pasteid'));
|
2016-04-08 23:29:44 +02:00
|
|
|
$this->assertEquals('read', $request->getOperation());
|
|
|
|
}
|
|
|
|
|
|
|
|
public function testReadWithXhtmlNegotiation()
|
|
|
|
{
|
|
|
|
$this->reset();
|
2024-10-23 08:17:13 +02:00
|
|
|
$id = Helper::getRandomId();
|
2016-04-08 23:29:44 +02:00
|
|
|
$_SERVER['REQUEST_METHOD'] = 'GET';
|
2016-10-29 10:24:08 +02:00
|
|
|
$_SERVER['HTTP_ACCEPT'] = 'application/xhtml+xml,text/html,text/html; charset=UTF-8, application/xml;q=0.9,*/*;q=0.8, text/csv,application/json';
|
2019-01-20 11:05:34 +01:00
|
|
|
$_SERVER['QUERY_STRING'] = $id;
|
2019-01-21 23:49:33 +01:00
|
|
|
$_GET[$id] = '';
|
2016-10-29 10:24:08 +02:00
|
|
|
$request = new Request;
|
2016-04-08 23:29:44 +02:00
|
|
|
$this->assertFalse($request->isJsonApiCall(), 'is HTML call');
|
2019-01-20 11:05:34 +01:00
|
|
|
$this->assertEquals($id, $request->getParam('pasteid'));
|
2016-04-08 23:29:44 +02:00
|
|
|
$this->assertEquals('read', $request->getOperation());
|
|
|
|
}
|
|
|
|
|
|
|
|
public function testApiReadWithNegotiation()
|
|
|
|
{
|
|
|
|
$this->reset();
|
2024-10-23 08:17:13 +02:00
|
|
|
$id = Helper::getRandomId();
|
2016-04-08 23:29:44 +02:00
|
|
|
$_SERVER['REQUEST_METHOD'] = 'GET';
|
2016-10-29 10:24:08 +02:00
|
|
|
$_SERVER['HTTP_ACCEPT'] = 'text/plain,text/csv, application/xml;q=0.9, application/json, text/html,text/html; charset=UTF-8,application/xhtml+xml, */*;q=0.8';
|
2019-01-20 11:05:34 +01:00
|
|
|
$_SERVER['QUERY_STRING'] = $id;
|
2019-01-21 23:49:33 +01:00
|
|
|
$_GET[$id] = '';
|
2016-10-29 10:24:08 +02:00
|
|
|
$request = new Request;
|
2016-04-08 23:29:44 +02:00
|
|
|
$this->assertTrue($request->isJsonApiCall(), 'is JSON Api call');
|
2019-01-20 11:05:34 +01:00
|
|
|
$this->assertEquals($id, $request->getParam('pasteid'));
|
2016-04-08 23:29:44 +02:00
|
|
|
$this->assertEquals('read', $request->getOperation());
|
|
|
|
}
|
|
|
|
|
|
|
|
public function testReadWithFailedNegotiation()
|
|
|
|
{
|
|
|
|
$this->reset();
|
2024-10-23 08:17:13 +02:00
|
|
|
$id = Helper::getRandomId();
|
2016-04-08 23:29:44 +02:00
|
|
|
$_SERVER['REQUEST_METHOD'] = 'GET';
|
2016-10-29 10:24:08 +02:00
|
|
|
$_SERVER['HTTP_ACCEPT'] = 'text/plain,text/csv, application/xml;q=0.9, */*;q=0.8';
|
2019-01-20 11:05:34 +01:00
|
|
|
$_SERVER['QUERY_STRING'] = $id;
|
2019-01-21 23:49:33 +01:00
|
|
|
$_GET[$id] = '';
|
2016-10-29 10:24:08 +02:00
|
|
|
$request = new Request;
|
2016-04-08 23:29:44 +02:00
|
|
|
$this->assertFalse($request->isJsonApiCall(), 'is HTML call');
|
2019-01-20 11:05:34 +01:00
|
|
|
$this->assertEquals($id, $request->getParam('pasteid'));
|
2016-04-08 23:29:44 +02:00
|
|
|
$this->assertEquals('read', $request->getOperation());
|
|
|
|
}
|
2019-01-20 11:05:34 +01:00
|
|
|
|
|
|
|
public function testPasteIdExtraction()
|
|
|
|
{
|
|
|
|
$this->reset();
|
2024-10-23 08:17:13 +02:00
|
|
|
$id = Helper::getRandomId();
|
2019-01-20 12:28:03 +01:00
|
|
|
$queryParams = array($id);
|
2019-01-20 11:05:34 +01:00
|
|
|
$queryParamCount = random_int(1, 5);
|
|
|
|
for ($i = 0; $i < $queryParamCount; ++$i) {
|
|
|
|
array_push($queryParams, $this->getRandomQueryChars());
|
|
|
|
}
|
|
|
|
shuffle($queryParams);
|
|
|
|
$_SERVER['REQUEST_METHOD'] = 'GET';
|
|
|
|
$_SERVER['QUERY_STRING'] = implode('&', $queryParams);
|
2019-01-21 23:49:33 +01:00
|
|
|
$_GET[$id] = '';
|
2019-01-20 11:05:34 +01:00
|
|
|
$request = new Request;
|
|
|
|
$this->assertEquals($id, $request->getParam('pasteid'));
|
|
|
|
}
|
2016-07-11 14:15:20 +02:00
|
|
|
}
|