2015-08-27 23:30:35 +02:00
< ? php
2016-07-21 17:09:48 +02:00
2016-08-09 11:54:42 +02:00
use PrivateBin\Data\Filesystem ;
use PrivateBin\Persistence\ServerSalt ;
use PrivateBin\Persistence\TrafficLimiter ;
2016-10-29 10:24:08 +02:00
use PrivateBin\PrivateBin ;
2016-07-21 17:09:48 +02:00
2016-08-09 11:54:42 +02:00
class PrivateBinTest extends PHPUnit_Framework_TestCase
2015-08-27 23:30:35 +02:00
{
2015-10-03 15:52:37 +02:00
protected $_model ;
2015-08-27 23:30:35 +02:00
2016-08-09 11:54:42 +02:00
protected $_path ;
2015-08-27 23:30:35 +02:00
public function setUp ()
{
/* Setup Routine */
2016-10-29 10:24:08 +02:00
$this -> _path = sys_get_temp_dir () . DIRECTORY_SEPARATOR . 'privatebin_data' ;
2016-08-09 11:54:42 +02:00
$this -> _model = Filesystem :: getInstance ( array ( 'dir' => $this -> _path ));
2015-08-27 23:30:35 +02:00
$this -> reset ();
}
public function tearDown ()
{
/* Tear Down Routine */
2017-10-08 11:03:17 +02:00
unlink ( CONF );
2016-08-09 11:54:42 +02:00
Helper :: confRestore ();
Helper :: rmDir ( $this -> _path );
2015-08-27 23:30:35 +02:00
}
public function reset ()
{
2016-10-29 10:24:08 +02:00
$_POST = array ();
$_GET = array ();
2015-08-27 23:30:35 +02:00
$_SERVER = array ();
2016-08-09 11:54:42 +02:00
if ( $this -> _model -> exists ( Helper :: getPasteId ())) {
$this -> _model -> delete ( Helper :: getPasteId ());
2016-07-26 08:19:35 +02:00
}
2017-10-08 11:03:17 +02:00
$options = parse_ini_file ( CONF_SAMPLE , true );
2016-10-29 10:24:08 +02:00
$options [ 'purge' ][ 'dir' ] = $this -> _path ;
$options [ 'traffic' ][ 'dir' ] = $this -> _path ;
2016-08-09 11:54:42 +02:00
$options [ 'model_options' ][ 'dir' ] = $this -> _path ;
Helper :: createIniFile ( CONF , $options );
2017-10-08 11:03:17 +02:00
ServerSalt :: setPath ( $this -> _path );
2015-08-27 23:30:35 +02:00
}
/**
* @ runInSeparateProcess
*/
public function testView ()
{
ob_start ();
2016-08-09 11:54:42 +02:00
new PrivateBin ;
2015-08-27 23:30:35 +02:00
$content = ob_get_contents ();
2016-08-02 10:29:25 +02:00
ob_end_clean ();
2016-05-22 18:35:07 +02:00
$this -> assertContains (
2016-07-11 11:58:15 +02:00
'<title>PrivateBin</title>' ,
2015-08-27 23:30:35 +02:00
$content ,
'outputs title correctly'
);
2016-05-22 18:35:07 +02:00
$this -> assertNotContains (
'id="shortenbutton"' ,
2016-01-31 09:56:06 +01:00
$content ,
'doesn\'t output shortener button'
);
2015-08-27 23:30:35 +02:00
}
2015-09-19 17:23:10 +02:00
/**
* @ runInSeparateProcess
*/
public function testViewLanguageSelection ()
{
2016-10-29 10:24:08 +02:00
$options = parse_ini_file ( CONF , true );
2015-09-19 17:23:10 +02:00
$options [ 'main' ][ 'languageselection' ] = true ;
2016-08-09 11:54:42 +02:00
Helper :: createIniFile ( CONF , $options );
2015-09-19 17:23:10 +02:00
$_COOKIE [ 'lang' ] = 'de' ;
ob_start ();
2016-08-09 11:54:42 +02:00
new PrivateBin ;
2015-09-19 17:23:10 +02:00
$content = ob_get_contents ();
2016-08-02 10:29:25 +02:00
ob_end_clean ();
2016-05-22 18:35:07 +02:00
$this -> assertContains (
2016-07-11 11:58:15 +02:00
'<title>PrivateBin</title>' ,
2015-09-19 17:23:10 +02:00
$content ,
'outputs title correctly'
);
}
2016-01-31 09:56:06 +01:00
/**
* @ runInSeparateProcess
*/
public function testViewForceLanguageDefault ()
{
2016-10-29 10:24:08 +02:00
$options = parse_ini_file ( CONF , true );
2016-01-31 09:56:06 +01:00
$options [ 'main' ][ 'languageselection' ] = false ;
2016-10-29 10:24:08 +02:00
$options [ 'main' ][ 'languagedefault' ] = 'fr' ;
2016-08-09 11:54:42 +02:00
Helper :: createIniFile ( CONF , $options );
2016-01-31 09:56:06 +01:00
$_COOKIE [ 'lang' ] = 'de' ;
ob_start ();
2016-08-09 11:54:42 +02:00
new PrivateBin ;
2016-01-31 09:56:06 +01:00
$content = ob_get_contents ();
2016-08-02 10:29:25 +02:00
ob_end_clean ();
2016-05-22 18:35:07 +02:00
$this -> assertContains (
2016-07-11 11:58:15 +02:00
'<title>PrivateBin</title>' ,
2016-01-31 09:56:06 +01:00
$content ,
'outputs title correctly'
);
}
/**
* @ runInSeparateProcess
*/
public function testViewUrlShortener ()
{
2017-10-08 11:31:41 +02:00
$shortener = 'https://shortener.example.com/api?link=' ;
2016-10-29 10:24:08 +02:00
$options = parse_ini_file ( CONF , true );
2016-01-31 09:56:06 +01:00
$options [ 'main' ][ 'urlshortener' ] = $shortener ;
2016-08-09 11:54:42 +02:00
Helper :: createIniFile ( CONF , $options );
2016-01-31 09:56:06 +01:00
$_COOKIE [ 'lang' ] = 'de' ;
ob_start ();
2016-08-09 11:54:42 +02:00
new PrivateBin ;
2016-01-31 09:56:06 +01:00
$content = ob_get_contents ();
2016-08-02 10:29:25 +02:00
ob_end_clean ();
2016-05-22 18:35:07 +02:00
$this -> assertRegExp (
'#id="shortenbutton"[^>]*data-shortener="' . preg_quote ( $shortener ) . '"#' ,
2016-01-31 09:56:06 +01:00
$content ,
'outputs configured shortener URL correctly'
);
}
2015-08-29 20:29:14 +02:00
/**
* @ runInSeparateProcess
*/
public function testHtaccess ()
{
2017-03-24 21:30:08 +01:00
$file = $this -> _path . DIRECTORY_SEPARATOR . '.htaccess' ;
@ unlink ( $file );
$_POST = Helper :: getPaste ();
$_SERVER [ 'HTTP_X_REQUESTED_WITH' ] = 'JSONHttpRequest' ;
$_SERVER [ 'REQUEST_METHOD' ] = 'POST' ;
$_SERVER [ 'REMOTE_ADDR' ] = '::1' ;
2016-07-06 09:01:10 +02:00
ob_start ();
2016-08-09 11:54:42 +02:00
new PrivateBin ;
2016-07-06 09:01:10 +02:00
ob_end_clean ();
2017-03-24 21:30:08 +01:00
$this -> assertFileExists ( $file , 'htaccess recreated' );
2015-08-29 20:29:14 +02:00
}
/**
* @ expectedException Exception
* @ expectedExceptionCode 2
*/
public function testConf ()
{
2015-09-22 23:21:31 +02:00
file_put_contents ( CONF , '' );
2016-08-09 11:54:42 +02:00
new PrivateBin ;
2015-08-29 20:29:14 +02:00
}
2015-08-27 23:30:35 +02:00
/**
* @ runInSeparateProcess
*/
public function testCreate ()
{
2016-10-29 10:24:08 +02:00
$options = parse_ini_file ( CONF , true );
2015-10-03 15:52:37 +02:00
$options [ 'traffic' ][ 'limit' ] = 0 ;
2016-08-09 11:54:42 +02:00
Helper :: createIniFile ( CONF , $options );
2016-10-29 10:24:08 +02:00
$_POST = Helper :: getPaste ();
2015-09-27 20:34:39 +02:00
$_SERVER [ 'HTTP_X_REQUESTED_WITH' ] = 'JSONHttpRequest' ;
2016-10-29 10:24:08 +02:00
$_SERVER [ 'REQUEST_METHOD' ] = 'POST' ;
$_SERVER [ 'REMOTE_ADDR' ] = '::1' ;
2015-08-27 23:30:35 +02:00
ob_start ();
2016-08-09 11:54:42 +02:00
new PrivateBin ;
2015-08-27 23:30:35 +02:00
$content = ob_get_contents ();
2016-08-02 10:29:25 +02:00
ob_end_clean ();
2015-08-27 23:30:35 +02:00
$response = json_decode ( $content , true );
2015-08-29 20:29:14 +02:00
$this -> assertEquals ( 0 , $response [ 'status' ], 'outputs status' );
2016-07-06 11:37:13 +02:00
$this -> assertTrue ( $this -> _model -> exists ( $response [ 'id' ]), 'paste exists after posting data' );
$paste = $this -> _model -> read ( $response [ 'id' ]);
2015-08-27 23:30:35 +02:00
$this -> assertEquals (
2016-07-06 11:37:13 +02:00
hash_hmac ( 'sha256' , $response [ 'id' ], $paste -> meta -> salt ),
2015-08-27 23:30:35 +02:00
$response [ 'deletetoken' ],
2015-08-29 20:29:14 +02:00
'outputs valid delete token'
);
}
2015-09-03 22:55:36 +02:00
/**
* @ runInSeparateProcess
*/
public function testCreateInvalidTimelimit ()
{
2016-10-29 10:24:08 +02:00
$options = parse_ini_file ( CONF , true );
2016-07-15 17:02:59 +02:00
$options [ 'traffic' ][ 'limit' ] = 0 ;
2016-08-09 11:54:42 +02:00
Helper :: createIniFile ( CONF , $options );
2016-10-29 10:24:08 +02:00
$_POST = Helper :: getPaste ( array ( 'expire' => 25 ));
2015-09-27 20:34:39 +02:00
$_SERVER [ 'HTTP_X_REQUESTED_WITH' ] = 'JSONHttpRequest' ;
2016-10-29 10:24:08 +02:00
$_SERVER [ 'REQUEST_METHOD' ] = 'POST' ;
$_SERVER [ 'REMOTE_ADDR' ] = '::1' ;
2016-08-09 11:54:42 +02:00
TrafficLimiter :: canPass ();
2015-09-03 22:55:36 +02:00
ob_start ();
2016-08-09 11:54:42 +02:00
new PrivateBin ;
2015-09-03 22:55:36 +02:00
$content = ob_get_contents ();
2016-08-02 10:29:25 +02:00
ob_end_clean ();
2015-09-03 22:55:36 +02:00
$response = json_decode ( $content , true );
2016-07-15 17:02:59 +02:00
$this -> assertEquals ( 0 , $response [ 'status' ], 'outputs status' );
$this -> assertTrue ( $this -> _model -> exists ( $response [ 'id' ]), 'paste exists after posting data' );
$paste = $this -> _model -> read ( $response [ 'id' ]);
$this -> assertEquals (
hash_hmac ( 'sha256' , $response [ 'id' ], $paste -> meta -> salt ),
$response [ 'deletetoken' ],
'outputs valid delete token'
);
2015-09-03 22:55:36 +02:00
}
/**
* @ runInSeparateProcess
*/
public function testCreateInvalidSize ()
{
2016-10-29 10:24:08 +02:00
$options = parse_ini_file ( CONF , true );
2015-09-03 22:55:36 +02:00
$options [ 'main' ][ 'sizelimit' ] = 10 ;
2016-10-29 10:24:08 +02:00
$options [ 'traffic' ][ 'limit' ] = 0 ;
2016-08-09 11:54:42 +02:00
Helper :: createIniFile ( CONF , $options );
2016-10-29 10:24:08 +02:00
$_POST = Helper :: getPaste ();
2015-09-27 20:34:39 +02:00
$_SERVER [ 'HTTP_X_REQUESTED_WITH' ] = 'JSONHttpRequest' ;
2016-10-29 10:24:08 +02:00
$_SERVER [ 'REQUEST_METHOD' ] = 'POST' ;
$_SERVER [ 'REMOTE_ADDR' ] = '::1' ;
2015-09-03 22:55:36 +02:00
ob_start ();
2016-08-09 11:54:42 +02:00
new PrivateBin ;
2015-09-03 22:55:36 +02:00
$content = ob_get_contents ();
2016-08-02 10:29:25 +02:00
ob_end_clean ();
2015-09-03 22:55:36 +02:00
$response = json_decode ( $content , true );
$this -> assertEquals ( 1 , $response [ 'status' ], 'outputs error status' );
2016-08-09 11:54:42 +02:00
$this -> assertFalse ( $this -> _model -> exists ( Helper :: getPasteId ()), 'paste exists after posting data' );
2015-09-03 22:55:36 +02:00
}
2015-09-19 17:23:10 +02:00
/**
* @ runInSeparateProcess
*/
public function testCreateProxyHeader ()
{
2016-10-29 10:24:08 +02:00
$options = parse_ini_file ( CONF , true );
2015-09-19 17:23:10 +02:00
$options [ 'traffic' ][ 'header' ] = 'X_FORWARDED_FOR' ;
2016-08-09 11:54:42 +02:00
Helper :: createIniFile ( CONF , $options );
2016-10-29 10:24:08 +02:00
$_POST = Helper :: getPaste ();
$_SERVER [ 'HTTP_X_FORWARDED_FOR' ] = '::2' ;
2015-09-27 20:34:39 +02:00
$_SERVER [ 'HTTP_X_REQUESTED_WITH' ] = 'JSONHttpRequest' ;
2016-10-29 10:24:08 +02:00
$_SERVER [ 'REQUEST_METHOD' ] = 'POST' ;
$_SERVER [ 'REMOTE_ADDR' ] = '::1' ;
2015-09-19 17:23:10 +02:00
ob_start ();
2016-08-09 11:54:42 +02:00
new PrivateBin ;
2015-09-19 17:23:10 +02:00
$content = ob_get_contents ();
2016-08-02 10:29:25 +02:00
ob_end_clean ();
2015-09-19 17:23:10 +02:00
$response = json_decode ( $content , true );
2016-07-15 17:02:59 +02:00
$this -> assertEquals ( 0 , $response [ 'status' ], 'outputs status' );
$this -> assertTrue ( $this -> _model -> exists ( $response [ 'id' ]), 'paste exists after posting data' );
$paste = $this -> _model -> read ( $response [ 'id' ]);
$this -> assertEquals (
hash_hmac ( 'sha256' , $response [ 'id' ], $paste -> meta -> salt ),
$response [ 'deletetoken' ],
'outputs valid delete token'
);
2015-09-19 17:23:10 +02:00
}
2015-09-03 22:55:36 +02:00
/**
* @ runInSeparateProcess
*/
public function testCreateDuplicateId ()
{
2016-10-29 10:24:08 +02:00
$options = parse_ini_file ( CONF , true );
2015-09-03 22:55:36 +02:00
$options [ 'traffic' ][ 'limit' ] = 0 ;
2016-08-09 11:54:42 +02:00
Helper :: createIniFile ( CONF , $options );
$this -> _model -> create ( Helper :: getPasteId (), Helper :: getPaste ());
2016-10-29 10:24:08 +02:00
$_POST = Helper :: getPaste ();
2015-09-27 20:34:39 +02:00
$_SERVER [ 'HTTP_X_REQUESTED_WITH' ] = 'JSONHttpRequest' ;
2016-10-29 10:24:08 +02:00
$_SERVER [ 'REQUEST_METHOD' ] = 'POST' ;
$_SERVER [ 'REMOTE_ADDR' ] = '::1' ;
2015-09-03 22:55:36 +02:00
ob_start ();
2016-08-09 11:54:42 +02:00
new PrivateBin ;
2015-09-03 22:55:36 +02:00
$content = ob_get_contents ();
2016-08-02 10:29:25 +02:00
ob_end_clean ();
2015-09-03 22:55:36 +02:00
$response = json_decode ( $content , true );
$this -> assertEquals ( 1 , $response [ 'status' ], 'outputs error status' );
2016-08-09 11:54:42 +02:00
$this -> assertTrue ( $this -> _model -> exists ( Helper :: getPasteId ()), 'paste exists after posting data' );
2015-09-03 22:55:36 +02:00
}
2015-08-29 20:29:14 +02:00
/**
* @ runInSeparateProcess
*/
public function testCreateValidExpire ()
{
2016-10-29 10:24:08 +02:00
$options = parse_ini_file ( CONF , true );
2015-09-03 22:55:36 +02:00
$options [ 'traffic' ][ 'limit' ] = 0 ;
2016-08-09 11:54:42 +02:00
Helper :: createIniFile ( CONF , $options );
2016-10-29 10:24:08 +02:00
$_POST = Helper :: getPaste ();
$_POST [ 'expire' ] = '5min' ;
$_POST [ 'formatter' ] = 'foo' ;
2015-09-27 20:34:39 +02:00
$_SERVER [ 'HTTP_X_REQUESTED_WITH' ] = 'JSONHttpRequest' ;
2016-10-29 10:24:08 +02:00
$_SERVER [ 'REQUEST_METHOD' ] = 'POST' ;
$_SERVER [ 'REMOTE_ADDR' ] = '::1' ;
$time = time ();
2015-08-29 20:29:14 +02:00
ob_start ();
2016-08-09 11:54:42 +02:00
new PrivateBin ;
2015-08-29 20:29:14 +02:00
$content = ob_get_contents ();
2016-08-02 10:29:25 +02:00
ob_end_clean ();
2015-08-29 20:29:14 +02:00
$response = json_decode ( $content , true );
$this -> assertEquals ( 0 , $response [ 'status' ], 'outputs status' );
2016-07-06 11:37:13 +02:00
$this -> assertTrue ( $this -> _model -> exists ( $response [ 'id' ]), 'paste exists after posting data' );
$paste = $this -> _model -> read ( $response [ 'id' ]);
2015-08-29 20:29:14 +02:00
$this -> assertEquals (
2016-07-06 11:37:13 +02:00
hash_hmac ( 'sha256' , $response [ 'id' ], $paste -> meta -> salt ),
2015-08-29 20:29:14 +02:00
$response [ 'deletetoken' ],
2015-08-27 23:30:35 +02:00
'outputs valid delete token'
);
2016-07-06 09:41:07 +02:00
$this -> assertGreaterThanOrEqual ( $time + 300 , $paste -> meta -> expire_date , 'time is set correctly' );
2015-10-03 17:54:18 +02:00
}
/**
* @ runInSeparateProcess
*/
public function testCreateValidExpireWithDiscussion ()
{
2016-10-29 10:24:08 +02:00
$options = parse_ini_file ( CONF , true );
2015-10-03 17:54:18 +02:00
$options [ 'traffic' ][ 'limit' ] = 0 ;
2016-08-09 11:54:42 +02:00
Helper :: createIniFile ( CONF , $options );
2016-10-29 10:24:08 +02:00
$_POST = Helper :: getPaste ();
$_POST [ 'expire' ] = '5min' ;
$_POST [ 'opendiscussion' ] = '1' ;
2015-10-03 17:54:18 +02:00
$_SERVER [ 'HTTP_X_REQUESTED_WITH' ] = 'JSONHttpRequest' ;
2016-10-29 10:24:08 +02:00
$_SERVER [ 'REQUEST_METHOD' ] = 'POST' ;
$_SERVER [ 'REMOTE_ADDR' ] = '::1' ;
$time = time ();
2015-10-03 17:54:18 +02:00
ob_start ();
2016-08-09 11:54:42 +02:00
new PrivateBin ;
2015-10-03 17:54:18 +02:00
$content = ob_get_contents ();
2016-08-02 10:29:25 +02:00
ob_end_clean ();
2015-10-03 17:54:18 +02:00
$response = json_decode ( $content , true );
$this -> assertEquals ( 0 , $response [ 'status' ], 'outputs status' );
2016-07-06 11:37:13 +02:00
$this -> assertTrue ( $this -> _model -> exists ( $response [ 'id' ]), 'paste exists after posting data' );
$paste = $this -> _model -> read ( $response [ 'id' ]);
2015-10-03 17:54:18 +02:00
$this -> assertEquals (
2016-07-06 11:37:13 +02:00
hash_hmac ( 'sha256' , $response [ 'id' ], $paste -> meta -> salt ),
2015-10-03 17:54:18 +02:00
$response [ 'deletetoken' ],
'outputs valid delete token'
);
2016-07-06 09:41:07 +02:00
$this -> assertGreaterThanOrEqual ( $time + 300 , $paste -> meta -> expire_date , 'time is set correctly' );
$this -> assertEquals ( 1 , $paste -> meta -> opendiscussion , 'discussion is enabled' );
2015-08-27 23:30:35 +02:00
}
2015-08-29 20:29:14 +02:00
/**
* @ runInSeparateProcess
*/
public function testCreateInvalidExpire ()
{
2016-10-29 10:24:08 +02:00
$options = parse_ini_file ( CONF , true );
2015-09-03 22:55:36 +02:00
$options [ 'traffic' ][ 'limit' ] = 0 ;
2016-08-09 11:54:42 +02:00
Helper :: createIniFile ( CONF , $options );
2016-10-29 10:24:08 +02:00
$_POST = Helper :: getPaste ();
$_POST [ 'expire' ] = 'foo' ;
2015-09-27 20:34:39 +02:00
$_SERVER [ 'HTTP_X_REQUESTED_WITH' ] = 'JSONHttpRequest' ;
2016-10-29 10:24:08 +02:00
$_SERVER [ 'REQUEST_METHOD' ] = 'POST' ;
$_SERVER [ 'REMOTE_ADDR' ] = '::1' ;
2015-08-29 20:29:14 +02:00
ob_start ();
2016-08-09 11:54:42 +02:00
new PrivateBin ;
2015-08-29 20:29:14 +02:00
$content = ob_get_contents ();
2016-08-02 10:29:25 +02:00
ob_end_clean ();
2015-08-29 20:29:14 +02:00
$response = json_decode ( $content , true );
$this -> assertEquals ( 0 , $response [ 'status' ], 'outputs status' );
2016-07-06 11:37:13 +02:00
$this -> assertTrue ( $this -> _model -> exists ( $response [ 'id' ]), 'paste exists after posting data' );
$paste = $this -> _model -> read ( $response [ 'id' ]);
2015-08-29 20:29:14 +02:00
$this -> assertEquals (
2016-07-06 11:37:13 +02:00
hash_hmac ( 'sha256' , $response [ 'id' ], $paste -> meta -> salt ),
2015-08-29 20:29:14 +02:00
$response [ 'deletetoken' ],
'outputs valid delete token'
);
}
/**
* @ runInSeparateProcess
*/
public function testCreateInvalidBurn ()
{
2016-10-29 10:24:08 +02:00
$options = parse_ini_file ( CONF , true );
2015-09-03 22:55:36 +02:00
$options [ 'traffic' ][ 'limit' ] = 0 ;
2016-08-09 11:54:42 +02:00
Helper :: createIniFile ( CONF , $options );
2016-10-29 10:24:08 +02:00
$_POST = Helper :: getPaste ();
$_POST [ 'burnafterreading' ] = 'neither 1 nor 0' ;
2015-09-27 20:34:39 +02:00
$_SERVER [ 'HTTP_X_REQUESTED_WITH' ] = 'JSONHttpRequest' ;
2016-10-29 10:24:08 +02:00
$_SERVER [ 'REQUEST_METHOD' ] = 'POST' ;
$_SERVER [ 'REMOTE_ADDR' ] = '::1' ;
2015-08-29 20:29:14 +02:00
ob_start ();
2016-08-09 11:54:42 +02:00
new PrivateBin ;
2015-08-29 20:29:14 +02:00
$content = ob_get_contents ();
2016-08-02 10:29:25 +02:00
ob_end_clean ();
2015-08-29 20:29:14 +02:00
$response = json_decode ( $content , true );
$this -> assertEquals ( 1 , $response [ 'status' ], 'outputs error status' );
2016-08-09 11:54:42 +02:00
$this -> assertFalse ( $this -> _model -> exists ( Helper :: getPasteId ()), 'paste exists after posting data' );
2015-08-29 20:29:14 +02:00
}
/**
* @ runInSeparateProcess
*/
public function testCreateInvalidOpenDiscussion ()
{
2016-10-29 10:24:08 +02:00
$options = parse_ini_file ( CONF , true );
2015-09-03 22:55:36 +02:00
$options [ 'traffic' ][ 'limit' ] = 0 ;
2016-08-09 11:54:42 +02:00
Helper :: createIniFile ( CONF , $options );
2016-10-29 10:24:08 +02:00
$_POST = Helper :: getPaste ();
$_POST [ 'opendiscussion' ] = 'neither 1 nor 0' ;
2015-09-27 20:34:39 +02:00
$_SERVER [ 'HTTP_X_REQUESTED_WITH' ] = 'JSONHttpRequest' ;
2016-10-29 10:24:08 +02:00
$_SERVER [ 'REQUEST_METHOD' ] = 'POST' ;
$_SERVER [ 'REMOTE_ADDR' ] = '::1' ;
2015-08-29 20:29:14 +02:00
ob_start ();
2016-08-09 11:54:42 +02:00
new PrivateBin ;
2015-08-29 20:29:14 +02:00
$content = ob_get_contents ();
2016-08-02 10:29:25 +02:00
ob_end_clean ();
2015-08-29 20:29:14 +02:00
$response = json_decode ( $content , true );
$this -> assertEquals ( 1 , $response [ 'status' ], 'outputs error status' );
2016-08-09 11:54:42 +02:00
$this -> assertFalse ( $this -> _model -> exists ( Helper :: getPasteId ()), 'paste exists after posting data' );
2015-08-29 20:29:14 +02:00
}
2015-09-19 17:23:10 +02:00
/**
* @ runInSeparateProcess
*/
public function testCreateAttachment ()
{
2016-10-29 10:24:08 +02:00
$options = parse_ini_file ( CONF , true );
$options [ 'traffic' ][ 'limit' ] = 0 ;
2015-09-19 17:23:10 +02:00
$options [ 'main' ][ 'fileupload' ] = true ;
2016-08-09 11:54:42 +02:00
Helper :: createIniFile ( CONF , $options );
2016-10-29 10:24:08 +02:00
$_POST = Helper :: getPasteWithAttachment ();
2015-09-27 20:34:39 +02:00
$_SERVER [ 'HTTP_X_REQUESTED_WITH' ] = 'JSONHttpRequest' ;
2016-10-29 10:24:08 +02:00
$_SERVER [ 'REQUEST_METHOD' ] = 'POST' ;
$_SERVER [ 'REMOTE_ADDR' ] = '::1' ;
2016-08-09 11:54:42 +02:00
$this -> assertFalse ( $this -> _model -> exists ( Helper :: getPasteId ()), 'paste does not exists before posting data' );
2015-09-19 17:23:10 +02:00
ob_start ();
2016-08-09 11:54:42 +02:00
new PrivateBin ;
2015-09-19 17:23:10 +02:00
$content = ob_get_contents ();
2016-08-02 10:29:25 +02:00
ob_end_clean ();
2015-09-19 17:23:10 +02:00
$response = json_decode ( $content , true );
$this -> assertEquals ( 0 , $response [ 'status' ], 'outputs status' );
$this -> assertTrue ( $this -> _model -> exists ( $response [ 'id' ]), 'paste exists after posting data' );
2015-09-26 12:29:27 +02:00
$original = json_decode ( json_encode ( $_POST ));
2016-10-29 10:24:08 +02:00
$stored = $this -> _model -> read ( $response [ 'id' ]);
2015-09-26 12:29:27 +02:00
foreach ( array ( 'data' , 'attachment' , 'attachmentname' ) as $key ) {
$this -> assertEquals ( $original -> $key , $stored -> $key );
}
2016-07-06 11:37:13 +02:00
$this -> assertEquals (
hash_hmac ( 'sha256' , $response [ 'id' ], $stored -> meta -> salt ),
$response [ 'deletetoken' ],
'outputs valid delete token'
);
2015-09-19 17:23:10 +02:00
}
2016-07-19 15:26:41 +02:00
/**
* In some webserver setups ( found with Suhosin ) overly long POST params are
* silently removed , check that this case is handled
*
* @ runInSeparateProcess
*/
public function testCreateBrokenAttachmentUpload ()
{
2016-10-29 10:24:08 +02:00
$options = parse_ini_file ( CONF , true );
$options [ 'traffic' ][ 'limit' ] = 0 ;
2016-07-19 15:26:41 +02:00
$options [ 'main' ][ 'fileupload' ] = true ;
2016-08-09 11:54:42 +02:00
Helper :: createIniFile ( CONF , $options );
$_POST = Helper :: getPasteWithAttachment ();
2016-07-19 15:26:41 +02:00
unset ( $_POST [ 'attachment' ]);
$_SERVER [ 'HTTP_X_REQUESTED_WITH' ] = 'JSONHttpRequest' ;
2016-10-29 10:24:08 +02:00
$_SERVER [ 'REQUEST_METHOD' ] = 'POST' ;
$_SERVER [ 'REMOTE_ADDR' ] = '::1' ;
2016-08-09 11:54:42 +02:00
$this -> assertFalse ( $this -> _model -> exists ( Helper :: getPasteId ()), 'paste does not exists before posting data' );
2016-07-19 15:26:41 +02:00
ob_start ();
2016-08-09 11:54:42 +02:00
new PrivateBin ;
2016-07-19 15:26:41 +02:00
$content = ob_get_contents ();
2016-08-02 10:29:25 +02:00
ob_end_clean ();
2016-07-19 15:26:41 +02:00
$response = json_decode ( $content , true );
$this -> assertEquals ( 1 , $response [ 'status' ], 'outputs error status' );
2016-08-09 11:54:42 +02:00
$this -> assertFalse ( $this -> _model -> exists ( Helper :: getPasteId ()), 'paste exists after posting data' );
2016-07-19 15:26:41 +02:00
}
2016-07-18 14:47:32 +02:00
/**
* @ runInSeparateProcess
*/
public function testCreateTooSoon ()
{
2016-10-29 10:24:08 +02:00
$_POST = Helper :: getPaste ();
2016-07-18 14:47:32 +02:00
$_SERVER [ 'HTTP_X_REQUESTED_WITH' ] = 'JSONHttpRequest' ;
2016-10-29 10:24:08 +02:00
$_SERVER [ 'REQUEST_METHOD' ] = 'POST' ;
$_SERVER [ 'REMOTE_ADDR' ] = '::1' ;
2016-07-18 14:47:32 +02:00
ob_start ();
2016-08-09 11:54:42 +02:00
new PrivateBin ;
2016-07-18 14:47:32 +02:00
ob_end_clean ();
2016-08-09 11:54:42 +02:00
$this -> _model -> delete ( Helper :: getPasteId ());
2016-07-18 14:47:32 +02:00
ob_start ();
2016-08-09 11:54:42 +02:00
new PrivateBin ;
2016-07-18 14:47:32 +02:00
$content = ob_get_contents ();
2016-08-02 10:29:25 +02:00
ob_end_clean ();
2016-07-18 14:47:32 +02:00
$response = json_decode ( $content , true );
$this -> assertEquals ( 1 , $response [ 'status' ], 'outputs error status' );
2016-08-09 11:54:42 +02:00
$this -> assertFalse ( $this -> _model -> exists ( Helper :: getPasteId ()), 'paste exists after posting data' );
2016-07-18 14:47:32 +02:00
}
2015-08-29 20:29:14 +02:00
/**
* @ runInSeparateProcess
*/
public function testCreateValidNick ()
{
2016-10-29 10:24:08 +02:00
$options = parse_ini_file ( CONF , true );
2015-09-03 22:55:36 +02:00
$options [ 'traffic' ][ 'limit' ] = 0 ;
2016-08-09 11:54:42 +02:00
Helper :: createIniFile ( CONF , $options );
2016-10-29 10:24:08 +02:00
$_POST = Helper :: getPaste ();
$_POST [ 'nickname' ] = Helper :: getComment ()[ 'meta' ][ 'nickname' ];
2015-09-27 20:34:39 +02:00
$_SERVER [ 'HTTP_X_REQUESTED_WITH' ] = 'JSONHttpRequest' ;
2016-10-29 10:24:08 +02:00
$_SERVER [ 'REQUEST_METHOD' ] = 'POST' ;
$_SERVER [ 'REMOTE_ADDR' ] = '::1' ;
2015-08-29 20:29:14 +02:00
ob_start ();
2016-08-09 11:54:42 +02:00
new PrivateBin ;
2015-08-29 20:29:14 +02:00
$content = ob_get_contents ();
2016-08-02 10:29:25 +02:00
ob_end_clean ();
2015-08-29 20:29:14 +02:00
$response = json_decode ( $content , true );
$this -> assertEquals ( 0 , $response [ 'status' ], 'outputs status' );
2016-07-06 11:37:13 +02:00
$this -> assertTrue ( $this -> _model -> exists ( $response [ 'id' ]), 'paste exists after posting data' );
$paste = $this -> _model -> read ( $response [ 'id' ]);
2015-08-29 20:29:14 +02:00
$this -> assertEquals (
2016-07-06 11:37:13 +02:00
hash_hmac ( 'sha256' , $response [ 'id' ], $paste -> meta -> salt ),
2015-08-29 20:29:14 +02:00
$response [ 'deletetoken' ],
'outputs valid delete token'
);
}
/**
* @ runInSeparateProcess
*/
public function testCreateInvalidNick ()
{
2016-10-29 10:24:08 +02:00
$options = parse_ini_file ( CONF , true );
2015-09-03 22:55:36 +02:00
$options [ 'traffic' ][ 'limit' ] = 0 ;
2016-08-09 11:54:42 +02:00
Helper :: createIniFile ( CONF , $options );
2016-10-29 10:24:08 +02:00
$_POST = Helper :: getCommentPost ();
$_POST [ 'pasteid' ] = Helper :: getPasteId ();
$_POST [ 'parentid' ] = Helper :: getPasteId ();
$_POST [ 'nickname' ] = 'foo' ;
2015-09-27 20:34:39 +02:00
$_SERVER [ 'HTTP_X_REQUESTED_WITH' ] = 'JSONHttpRequest' ;
2016-10-29 10:24:08 +02:00
$_SERVER [ 'REQUEST_METHOD' ] = 'POST' ;
$_SERVER [ 'REMOTE_ADDR' ] = '::1' ;
2016-08-09 11:54:42 +02:00
$this -> _model -> create ( Helper :: getPasteId (), Helper :: getPaste ());
2015-08-29 20:29:14 +02:00
ob_start ();
2016-08-09 11:54:42 +02:00
new PrivateBin ;
2015-08-29 20:29:14 +02:00
$content = ob_get_contents ();
2016-08-02 10:29:25 +02:00
ob_end_clean ();
2015-08-29 20:29:14 +02:00
$response = json_decode ( $content , true );
$this -> assertEquals ( 1 , $response [ 'status' ], 'outputs error status' );
2016-08-09 11:54:42 +02:00
$this -> assertTrue ( $this -> _model -> exists ( Helper :: getPasteId ()), 'paste exists after posting data' );
2015-08-29 20:29:14 +02:00
}
/**
* @ runInSeparateProcess
*/
public function testCreateComment ()
{
2016-10-29 10:24:08 +02:00
$options = parse_ini_file ( CONF , true );
2015-09-03 22:55:36 +02:00
$options [ 'traffic' ][ 'limit' ] = 0 ;
2016-08-09 11:54:42 +02:00
Helper :: createIniFile ( CONF , $options );
2016-10-29 10:24:08 +02:00
$_POST = Helper :: getCommentPost ();
$_POST [ 'pasteid' ] = Helper :: getPasteId ();
$_POST [ 'parentid' ] = Helper :: getPasteId ();
2015-09-27 20:34:39 +02:00
$_SERVER [ 'HTTP_X_REQUESTED_WITH' ] = 'JSONHttpRequest' ;
2016-10-29 10:24:08 +02:00
$_SERVER [ 'REQUEST_METHOD' ] = 'POST' ;
$_SERVER [ 'REMOTE_ADDR' ] = '::1' ;
2016-08-09 11:54:42 +02:00
$this -> _model -> create ( Helper :: getPasteId (), Helper :: getPaste ());
2015-08-29 20:29:14 +02:00
ob_start ();
2016-08-09 11:54:42 +02:00
new PrivateBin ;
2015-08-29 20:29:14 +02:00
$content = ob_get_contents ();
2016-08-02 10:29:25 +02:00
ob_end_clean ();
2015-08-29 20:29:14 +02:00
$response = json_decode ( $content , true );
$this -> assertEquals ( 0 , $response [ 'status' ], 'outputs status' );
2016-08-09 11:54:42 +02:00
$this -> assertTrue ( $this -> _model -> existsComment ( Helper :: getPasteId (), Helper :: getPasteId (), $response [ 'id' ]), 'paste exists after posting data' );
2015-08-29 20:29:14 +02:00
}
2015-09-03 22:55:36 +02:00
/**
* @ runInSeparateProcess
*/
public function testCreateInvalidComment ()
{
2016-10-29 10:24:08 +02:00
$options = parse_ini_file ( CONF , true );
2015-09-03 22:55:36 +02:00
$options [ 'traffic' ][ 'limit' ] = 0 ;
2016-08-09 11:54:42 +02:00
Helper :: createIniFile ( CONF , $options );
2016-10-29 10:24:08 +02:00
$_POST = Helper :: getCommentPost ();
$_POST [ 'pasteid' ] = Helper :: getPasteId ();
$_POST [ 'parentid' ] = 'foo' ;
2015-09-27 20:34:39 +02:00
$_SERVER [ 'HTTP_X_REQUESTED_WITH' ] = 'JSONHttpRequest' ;
2016-10-29 10:24:08 +02:00
$_SERVER [ 'REQUEST_METHOD' ] = 'POST' ;
$_SERVER [ 'REMOTE_ADDR' ] = '::1' ;
2016-08-09 11:54:42 +02:00
$this -> _model -> create ( Helper :: getPasteId (), Helper :: getPaste ());
2015-09-03 22:55:36 +02:00
ob_start ();
2016-08-09 11:54:42 +02:00
new PrivateBin ;
2015-09-03 22:55:36 +02:00
$content = ob_get_contents ();
2016-08-02 10:29:25 +02:00
ob_end_clean ();
2015-09-03 22:55:36 +02:00
$response = json_decode ( $content , true );
$this -> assertEquals ( 1 , $response [ 'status' ], 'outputs error status' );
2016-08-09 11:54:42 +02:00
$this -> assertFalse ( $this -> _model -> existsComment ( Helper :: getPasteId (), Helper :: getPasteId (), Helper :: getCommentId ()), 'paste exists after posting data' );
2015-09-03 22:55:36 +02:00
}
2015-08-29 20:29:14 +02:00
/**
* @ runInSeparateProcess
*/
public function testCreateCommentDiscussionDisabled ()
{
2016-10-29 10:24:08 +02:00
$options = parse_ini_file ( CONF , true );
2015-09-03 22:55:36 +02:00
$options [ 'traffic' ][ 'limit' ] = 0 ;
2016-08-09 11:54:42 +02:00
Helper :: createIniFile ( CONF , $options );
2016-10-29 10:24:08 +02:00
$_POST = Helper :: getCommentPost ();
$_POST [ 'pasteid' ] = Helper :: getPasteId ();
$_POST [ 'parentid' ] = Helper :: getPasteId ();
2015-09-27 20:34:39 +02:00
$_SERVER [ 'HTTP_X_REQUESTED_WITH' ] = 'JSONHttpRequest' ;
2016-10-29 10:24:08 +02:00
$_SERVER [ 'REQUEST_METHOD' ] = 'POST' ;
$_SERVER [ 'REMOTE_ADDR' ] = '::1' ;
$paste = Helper :: getPaste ( array ( 'opendiscussion' => false ));
2016-08-09 11:54:42 +02:00
$this -> _model -> create ( Helper :: getPasteId (), $paste );
2015-08-29 20:29:14 +02:00
ob_start ();
2016-08-09 11:54:42 +02:00
new PrivateBin ;
2015-08-29 20:29:14 +02:00
$content = ob_get_contents ();
2016-08-02 10:29:25 +02:00
ob_end_clean ();
2015-08-29 20:29:14 +02:00
$response = json_decode ( $content , true );
$this -> assertEquals ( 1 , $response [ 'status' ], 'outputs error status' );
2016-08-09 11:54:42 +02:00
$this -> assertFalse ( $this -> _model -> existsComment ( Helper :: getPasteId (), Helper :: getPasteId (), Helper :: getCommentId ()), 'paste exists after posting data' );
2015-08-29 20:29:14 +02:00
}
/**
* @ runInSeparateProcess
*/
public function testCreateCommentInvalidPaste ()
{
2016-10-29 10:24:08 +02:00
$options = parse_ini_file ( CONF , true );
2015-09-03 22:55:36 +02:00
$options [ 'traffic' ][ 'limit' ] = 0 ;
2016-08-09 11:54:42 +02:00
Helper :: createIniFile ( CONF , $options );
2016-10-29 10:24:08 +02:00
$_POST = Helper :: getCommentPost ();
$_POST [ 'pasteid' ] = Helper :: getPasteId ();
$_POST [ 'parentid' ] = Helper :: getPasteId ();
2015-09-27 20:34:39 +02:00
$_SERVER [ 'HTTP_X_REQUESTED_WITH' ] = 'JSONHttpRequest' ;
2016-10-29 10:24:08 +02:00
$_SERVER [ 'REQUEST_METHOD' ] = 'POST' ;
$_SERVER [ 'REMOTE_ADDR' ] = '::1' ;
2015-08-29 20:29:14 +02:00
ob_start ();
2016-08-09 11:54:42 +02:00
new PrivateBin ;
2015-08-29 20:29:14 +02:00
$content = ob_get_contents ();
2016-08-02 10:29:25 +02:00
ob_end_clean ();
2015-08-29 20:29:14 +02:00
$response = json_decode ( $content , true );
$this -> assertEquals ( 1 , $response [ 'status' ], 'outputs error status' );
2016-08-09 11:54:42 +02:00
$this -> assertFalse ( $this -> _model -> existsComment ( Helper :: getPasteId (), Helper :: getPasteId (), Helper :: getCommentId ()), 'paste exists after posting data' );
2015-08-29 20:29:14 +02:00
}
2015-09-03 22:55:36 +02:00
/**
* @ runInSeparateProcess
*/
public function testCreateDuplicateComment ()
{
2016-10-29 10:24:08 +02:00
$options = parse_ini_file ( CONF , true );
2015-09-03 22:55:36 +02:00
$options [ 'traffic' ][ 'limit' ] = 0 ;
2016-08-09 11:54:42 +02:00
Helper :: createIniFile ( CONF , $options );
$this -> _model -> create ( Helper :: getPasteId (), Helper :: getPaste ());
$this -> _model -> createComment ( Helper :: getPasteId (), Helper :: getPasteId (), Helper :: getCommentId (), Helper :: getComment ());
$this -> assertTrue ( $this -> _model -> existsComment ( Helper :: getPasteId (), Helper :: getPasteId (), Helper :: getCommentId ()), 'comment exists before posting data' );
2016-10-29 10:24:08 +02:00
$_POST = Helper :: getCommentPost ();
$_POST [ 'pasteid' ] = Helper :: getPasteId ();
$_POST [ 'parentid' ] = Helper :: getPasteId ();
2015-09-27 20:34:39 +02:00
$_SERVER [ 'HTTP_X_REQUESTED_WITH' ] = 'JSONHttpRequest' ;
2016-10-29 10:24:08 +02:00
$_SERVER [ 'REQUEST_METHOD' ] = 'POST' ;
$_SERVER [ 'REMOTE_ADDR' ] = '::1' ;
2015-09-03 22:55:36 +02:00
ob_start ();
2016-08-09 11:54:42 +02:00
new PrivateBin ;
2015-09-03 22:55:36 +02:00
$content = ob_get_contents ();
2016-08-02 10:29:25 +02:00
ob_end_clean ();
2015-09-03 22:55:36 +02:00
$response = json_decode ( $content , true );
$this -> assertEquals ( 1 , $response [ 'status' ], 'outputs error status' );
2016-08-09 11:54:42 +02:00
$this -> assertTrue ( $this -> _model -> existsComment ( Helper :: getPasteId (), Helper :: getPasteId (), Helper :: getCommentId ()), 'paste exists after posting data' );
2015-09-03 22:55:36 +02:00
}
2015-08-27 23:30:35 +02:00
/**
* @ runInSeparateProcess
*/
public function testRead ()
{
2016-08-09 11:54:42 +02:00
$this -> _model -> create ( Helper :: getPasteId (), Helper :: getPaste ());
$_SERVER [ 'QUERY_STRING' ] = Helper :: getPasteId ();
2015-08-27 23:30:35 +02:00
ob_start ();
2016-08-09 11:54:42 +02:00
new PrivateBin ;
2015-08-27 23:30:35 +02:00
$content = ob_get_contents ();
2016-08-02 10:29:25 +02:00
ob_end_clean ();
2017-02-25 09:35:55 +01:00
$this -> assertRegExp (
'#<div id="cipherdata"[^>]*>' .
preg_quote ( htmlspecialchars ( Helper :: getPasteAsJson (), ENT_NOQUOTES )) .
'</div>#' ,
2015-08-27 23:30:35 +02:00
$content ,
'outputs data correctly'
);
}
2015-08-29 20:29:14 +02:00
/**
* @ runInSeparateProcess
*/
public function testReadInvalidId ()
{
$_SERVER [ 'QUERY_STRING' ] = 'foo' ;
ob_start ();
2016-08-09 11:54:42 +02:00
new PrivateBin ;
2015-08-29 20:29:14 +02:00
$content = ob_get_contents ();
2016-08-02 10:29:25 +02:00
ob_end_clean ();
2016-05-22 18:35:07 +02:00
$this -> assertRegExp (
2017-03-12 14:16:08 +01:00
'#<div[^>]*id="errormessage"[^>]*>.*Invalid paste ID\.#s' ,
2015-08-29 20:29:14 +02:00
$content ,
'outputs error correctly'
);
}
/**
* @ runInSeparateProcess
*/
public function testReadNonexisting ()
{
2016-08-09 11:54:42 +02:00
$_SERVER [ 'QUERY_STRING' ] = Helper :: getPasteId ();
2015-08-29 20:29:14 +02:00
ob_start ();
2016-08-09 11:54:42 +02:00
new PrivateBin ;
2015-08-29 20:29:14 +02:00
$content = ob_get_contents ();
2016-08-02 10:29:25 +02:00
ob_end_clean ();
2016-05-22 18:35:07 +02:00
$this -> assertRegExp (
2017-03-12 14:16:08 +01:00
'#<div[^>]*id="errormessage"[^>]*>.*Paste does not exist, has expired or has been deleted\.#s' ,
2015-08-29 20:29:14 +02:00
$content ,
'outputs error correctly'
);
}
/**
* @ runInSeparateProcess
*/
public function testReadExpired ()
{
2016-08-09 11:54:42 +02:00
$expiredPaste = Helper :: getPaste ( array ( 'expire_date' => 1344803344 ));
$this -> _model -> create ( Helper :: getPasteId (), $expiredPaste );
$_SERVER [ 'QUERY_STRING' ] = Helper :: getPasteId ();
2015-08-29 20:29:14 +02:00
ob_start ();
2016-08-09 11:54:42 +02:00
new PrivateBin ;
2015-08-29 20:29:14 +02:00
$content = ob_get_contents ();
2016-08-02 10:29:25 +02:00
ob_end_clean ();
2016-05-22 18:35:07 +02:00
$this -> assertRegExp (
2017-03-12 14:16:08 +01:00
'#<div[^>]*id="errormessage"[^>]*>.*Paste does not exist, has expired or has been deleted\.#s' ,
2015-08-29 20:29:14 +02:00
$content ,
'outputs error correctly'
);
}
/**
* @ runInSeparateProcess
*/
public function testReadBurn ()
{
2016-08-09 11:54:42 +02:00
$burnPaste = Helper :: getPaste ( array ( 'burnafterreading' => true ));
$this -> _model -> create ( Helper :: getPasteId (), $burnPaste );
$_SERVER [ 'QUERY_STRING' ] = Helper :: getPasteId ();
2015-08-29 20:29:14 +02:00
ob_start ();
2016-08-09 11:54:42 +02:00
new PrivateBin ;
2015-08-29 20:29:14 +02:00
$content = ob_get_contents ();
2016-08-02 10:29:25 +02:00
ob_end_clean ();
2016-07-06 11:37:13 +02:00
unset ( $burnPaste [ 'meta' ][ 'salt' ]);
2017-02-25 09:35:55 +01:00
$this -> assertRegExp (
'#<div id="cipherdata"[^>]*>' .
preg_quote ( htmlspecialchars ( Helper :: getPasteAsJson ( $burnPaste [ 'meta' ]), ENT_NOQUOTES )) .
'</div>#' ,
2015-08-29 20:29:14 +02:00
$content ,
'outputs data correctly'
);
2017-04-11 17:23:26 +02:00
// by default it will be deleted after encryption by the JS
$this -> assertTrue ( $this -> _model -> exists ( Helper :: getPasteId ()), 'paste exists after reading' );
}
/**
* @ runInSeparateProcess
*/
public function testReadInstantBurn ()
{
$this -> reset ();
$options = parse_ini_file ( CONF , true );
$options [ 'main' ][ 'instantburnafterreading' ] = 1 ;
Helper :: confBackup ();
Helper :: createIniFile ( CONF , $options );
$burnPaste = Helper :: getPaste ( array ( 'burnafterreading' => true ));
$this -> _model -> create ( Helper :: getPasteId (), $burnPaste );
$_SERVER [ 'QUERY_STRING' ] = Helper :: getPasteId ();
ob_start ();
new PrivateBin ;
$content = ob_get_contents ();
ob_end_clean ();
unset ( $burnPaste [ 'meta' ][ 'salt' ]);
$this -> assertRegExp (
'#<div id="cipherdata"[^>]*>' .
preg_quote ( htmlspecialchars ( Helper :: getPasteAsJson ( $burnPaste [ 'meta' ]), ENT_NOQUOTES )) .
'</div>#' ,
$content ,
'outputs data correctly'
);
// in this case the changed configuration deletes it instantly
$this -> assertFalse ( $this -> _model -> exists ( Helper :: getPasteId ()), 'paste exists after reading' );
2015-08-29 20:29:14 +02:00
}
2015-09-01 22:33:07 +02:00
/**
* @ runInSeparateProcess
*/
public function testReadJson ()
{
2016-08-09 11:54:42 +02:00
$paste = Helper :: getPaste ();
$this -> _model -> create ( Helper :: getPasteId (), $paste );
2016-10-29 10:24:08 +02:00
$_SERVER [ 'QUERY_STRING' ] = Helper :: getPasteId ();
2015-09-27 20:34:39 +02:00
$_SERVER [ 'HTTP_X_REQUESTED_WITH' ] = 'JSONHttpRequest' ;
2015-09-01 22:33:07 +02:00
ob_start ();
2016-08-09 11:54:42 +02:00
new PrivateBin ;
2015-09-01 22:33:07 +02:00
$content = ob_get_contents ();
2016-08-02 10:29:25 +02:00
ob_end_clean ();
2015-09-01 22:33:07 +02:00
$response = json_decode ( $content , true );
$this -> assertEquals ( 0 , $response [ 'status' ], 'outputs success status' );
2016-08-09 11:54:42 +02:00
$this -> assertEquals ( Helper :: getPasteId (), $response [ 'id' ], 'outputs data correctly' );
2015-10-18 11:08:28 +02:00
$this -> assertStringEndsWith ( '?' . $response [ 'id' ], $response [ 'url' ], 'returned URL points to new paste' );
$this -> assertEquals ( $paste [ 'data' ], $response [ 'data' ], 'outputs data correctly' );
$this -> assertEquals ( $paste [ 'meta' ][ 'formatter' ], $response [ 'meta' ][ 'formatter' ], 'outputs format correctly' );
$this -> assertEquals ( $paste [ 'meta' ][ 'postdate' ], $response [ 'meta' ][ 'postdate' ], 'outputs postdate correctly' );
$this -> assertEquals ( $paste [ 'meta' ][ 'opendiscussion' ], $response [ 'meta' ][ 'opendiscussion' ], 'outputs opendiscussion correctly' );
$this -> assertEquals ( 0 , $response [ 'comment_count' ], 'outputs comment_count correctly' );
$this -> assertEquals ( 0 , $response [ 'comment_offset' ], 'outputs comment_offset correctly' );
2015-09-01 22:33:07 +02:00
}
2015-09-03 22:55:36 +02:00
/**
* @ runInSeparateProcess
*/
public function testReadInvalidJson ()
{
2016-10-29 10:24:08 +02:00
$_SERVER [ 'QUERY_STRING' ] = Helper :: getPasteId ();
2015-09-27 20:34:39 +02:00
$_SERVER [ 'HTTP_X_REQUESTED_WITH' ] = 'JSONHttpRequest' ;
2015-09-03 22:55:36 +02:00
ob_start ();
2016-08-09 11:54:42 +02:00
new PrivateBin ;
2015-09-03 22:55:36 +02:00
$content = ob_get_contents ();
2016-08-02 10:29:25 +02:00
ob_end_clean ();
2015-09-03 22:55:36 +02:00
$response = json_decode ( $content , true );
$this -> assertEquals ( 1 , $response [ 'status' ], 'outputs error status' );
}
2015-09-19 17:23:10 +02:00
/**
* @ runInSeparateProcess
*/
public function testReadOldSyntax ()
{
2016-08-09 11:54:42 +02:00
$oldPaste = Helper :: getPaste ();
2016-10-29 10:24:08 +02:00
$meta = array (
2015-10-03 15:52:37 +02:00
'syntaxcoloring' => true ,
2016-10-29 10:24:08 +02:00
'postdate' => $oldPaste [ 'meta' ][ 'postdate' ],
2015-10-03 15:52:37 +02:00
'opendiscussion' => $oldPaste [ 'meta' ][ 'opendiscussion' ],
);
2015-10-18 11:08:28 +02:00
$oldPaste [ 'meta' ] = $meta ;
2016-08-09 11:54:42 +02:00
$this -> _model -> create ( Helper :: getPasteId (), $oldPaste );
$_SERVER [ 'QUERY_STRING' ] = Helper :: getPasteId ();
2015-09-19 17:23:10 +02:00
ob_start ();
2016-08-09 11:54:42 +02:00
new PrivateBin ;
2015-09-19 17:23:10 +02:00
$content = ob_get_contents ();
2016-08-02 10:29:25 +02:00
ob_end_clean ();
2015-10-18 11:08:28 +02:00
$meta [ 'formatter' ] = 'syntaxhighlighting' ;
2017-02-25 09:35:55 +01:00
$this -> assertRegExp (
'#<div id="cipherdata"[^>]*>' .
preg_quote ( htmlspecialchars ( Helper :: getPasteAsJson ( $meta ), ENT_NOQUOTES )) .
'</div>#' ,
2015-09-19 17:23:10 +02:00
$content ,
'outputs data correctly'
);
}
/**
* @ runInSeparateProcess
*/
public function testReadOldFormat ()
{
2016-08-09 11:54:42 +02:00
$oldPaste = Helper :: getPaste ();
2015-09-19 17:23:10 +02:00
unset ( $oldPaste [ 'meta' ][ 'formatter' ]);
2016-08-09 11:54:42 +02:00
$this -> _model -> create ( Helper :: getPasteId (), $oldPaste );
$_SERVER [ 'QUERY_STRING' ] = Helper :: getPasteId ();
2015-09-19 17:23:10 +02:00
ob_start ();
2016-08-09 11:54:42 +02:00
new PrivateBin ;
2015-09-19 17:23:10 +02:00
$content = ob_get_contents ();
2016-08-02 10:29:25 +02:00
ob_end_clean ();
2015-09-19 17:23:10 +02:00
$oldPaste [ 'meta' ][ 'formatter' ] = 'plaintext' ;
2016-07-06 11:37:13 +02:00
unset ( $oldPaste [ 'meta' ][ 'salt' ]);
2017-02-25 09:35:55 +01:00
$this -> assertRegExp (
'#<div id="cipherdata"[^>]*>' .
preg_quote ( htmlspecialchars ( Helper :: getPasteAsJson ( $oldPaste [ 'meta' ]), ENT_NOQUOTES )) .
'</div>#' ,
2015-09-19 17:23:10 +02:00
$content ,
'outputs data correctly'
);
}
2015-08-27 23:30:35 +02:00
/**
* @ runInSeparateProcess
*/
public function testDelete ()
{
2016-08-09 11:54:42 +02:00
$this -> _model -> create ( Helper :: getPasteId (), Helper :: getPaste ());
$this -> assertTrue ( $this -> _model -> exists ( Helper :: getPasteId ()), 'paste exists before deleting data' );
2016-10-29 10:24:08 +02:00
$paste = $this -> _model -> read ( Helper :: getPasteId ());
$_GET [ 'pasteid' ] = Helper :: getPasteId ();
2016-08-09 11:54:42 +02:00
$_GET [ 'deletetoken' ] = hash_hmac ( 'sha256' , Helper :: getPasteId (), $paste -> meta -> salt );
2015-08-27 23:30:35 +02:00
ob_start ();
2016-08-09 11:54:42 +02:00
new PrivateBin ;
2015-08-27 23:30:35 +02:00
$content = ob_get_contents ();
2016-08-02 10:29:25 +02:00
ob_end_clean ();
2016-05-22 18:35:07 +02:00
$this -> assertRegExp (
2017-03-12 14:16:08 +01:00
'#<div[^>]*id="status"[^>]*>.*Paste was properly deleted\.#s' ,
2015-08-27 23:30:35 +02:00
$content ,
'outputs deleted status correctly'
);
2016-08-09 11:54:42 +02:00
$this -> assertFalse ( $this -> _model -> exists ( Helper :: getPasteId ()), 'paste successfully deleted' );
2015-08-27 23:30:35 +02:00
}
2015-08-29 20:29:14 +02:00
/**
* @ runInSeparateProcess
*/
public function testDeleteInvalidId ()
{
2016-08-09 11:54:42 +02:00
$this -> _model -> create ( Helper :: getPasteId (), Helper :: getPaste ());
2016-10-29 10:24:08 +02:00
$_GET [ 'pasteid' ] = 'foo' ;
2015-08-29 20:29:14 +02:00
$_GET [ 'deletetoken' ] = 'bar' ;
ob_start ();
2016-08-09 11:54:42 +02:00
new PrivateBin ;
2015-08-29 20:29:14 +02:00
$content = ob_get_contents ();
2016-08-02 10:29:25 +02:00
ob_end_clean ();
2016-05-22 18:35:07 +02:00
$this -> assertRegExp (
2017-03-12 14:16:08 +01:00
'#<div[^>]*id="errormessage"[^>]*>.*Invalid paste ID\.#s' ,
2015-08-29 20:29:14 +02:00
$content ,
'outputs delete error correctly'
);
2016-08-09 11:54:42 +02:00
$this -> assertTrue ( $this -> _model -> exists ( Helper :: getPasteId ()), 'paste exists after failing to delete data' );
2015-08-29 20:29:14 +02:00
}
/**
* @ runInSeparateProcess
*/
public function testDeleteInexistantId ()
{
2016-10-29 10:24:08 +02:00
$_GET [ 'pasteid' ] = Helper :: getPasteId ();
2015-08-29 20:29:14 +02:00
$_GET [ 'deletetoken' ] = 'bar' ;
ob_start ();
2016-08-09 11:54:42 +02:00
new PrivateBin ;
2015-08-29 20:29:14 +02:00
$content = ob_get_contents ();
2016-08-02 10:29:25 +02:00
ob_end_clean ();
2016-05-22 18:35:07 +02:00
$this -> assertRegExp (
2017-03-12 14:16:08 +01:00
'#<div[^>]*id="errormessage"[^>]*>.*Paste does not exist, has expired or has been deleted\.#s' ,
2015-08-29 20:29:14 +02:00
$content ,
'outputs delete error correctly'
);
}
/**
* @ runInSeparateProcess
*/
public function testDeleteInvalidToken ()
{
2016-08-09 11:54:42 +02:00
$this -> _model -> create ( Helper :: getPasteId (), Helper :: getPaste ());
2016-10-29 10:24:08 +02:00
$_GET [ 'pasteid' ] = Helper :: getPasteId ();
2015-08-29 20:29:14 +02:00
$_GET [ 'deletetoken' ] = 'bar' ;
ob_start ();
2016-08-09 11:54:42 +02:00
new PrivateBin ;
2015-08-29 20:29:14 +02:00
$content = ob_get_contents ();
2016-08-02 10:29:25 +02:00
ob_end_clean ();
2016-05-22 18:35:07 +02:00
$this -> assertRegExp (
2017-03-12 14:16:08 +01:00
'#<div[^>]*id="errormessage"[^>]*>.*Wrong deletion token\. Paste was not deleted\.#s' ,
2015-08-29 20:29:14 +02:00
$content ,
'outputs delete error correctly'
);
2016-08-09 11:54:42 +02:00
$this -> assertTrue ( $this -> _model -> exists ( Helper :: getPasteId ()), 'paste exists after failing to delete data' );
2015-08-29 20:29:14 +02:00
}
2015-08-31 22:10:41 +02:00
/**
* @ runInSeparateProcess
*/
public function testDeleteBurnAfterReading ()
{
2016-08-09 11:54:42 +02:00
$burnPaste = Helper :: getPaste ( array ( 'burnafterreading' => true ));
$this -> _model -> create ( Helper :: getPasteId (), $burnPaste );
$this -> assertTrue ( $this -> _model -> exists ( Helper :: getPasteId ()), 'paste exists before deleting data' );
2016-10-29 10:24:08 +02:00
$_POST [ 'deletetoken' ] = 'burnafterreading' ;
$_SERVER [ 'QUERY_STRING' ] = Helper :: getPasteId ();
2015-09-27 20:34:39 +02:00
$_SERVER [ 'HTTP_X_REQUESTED_WITH' ] = 'JSONHttpRequest' ;
2016-10-29 10:24:08 +02:00
$_SERVER [ 'REQUEST_METHOD' ] = 'POST' ;
2015-08-31 22:10:41 +02:00
ob_start ();
2016-08-09 11:54:42 +02:00
new PrivateBin ;
2015-08-31 22:10:41 +02:00
$content = ob_get_contents ();
2016-08-02 10:29:25 +02:00
ob_end_clean ();
2015-08-31 22:10:41 +02:00
$response = json_decode ( $content , true );
$this -> assertEquals ( 0 , $response [ 'status' ], 'outputs status' );
2016-08-09 11:54:42 +02:00
$this -> assertFalse ( $this -> _model -> exists ( Helper :: getPasteId ()), 'paste successfully deleted' );
2015-08-31 22:10:41 +02:00
}
/**
* @ runInSeparateProcess
*/
public function testDeleteInvalidBurnAfterReading ()
{
2016-08-09 11:54:42 +02:00
$this -> _model -> create ( Helper :: getPasteId (), Helper :: getPaste ());
$this -> assertTrue ( $this -> _model -> exists ( Helper :: getPasteId ()), 'paste exists before deleting data' );
2016-10-29 10:24:08 +02:00
$_POST [ 'deletetoken' ] = 'burnafterreading' ;
$_SERVER [ 'QUERY_STRING' ] = Helper :: getPasteId ();
2015-09-27 20:34:39 +02:00
$_SERVER [ 'HTTP_X_REQUESTED_WITH' ] = 'JSONHttpRequest' ;
2016-10-29 10:24:08 +02:00
$_SERVER [ 'REQUEST_METHOD' ] = 'POST' ;
2015-08-31 22:10:41 +02:00
ob_start ();
2016-08-09 11:54:42 +02:00
new PrivateBin ;
2015-08-31 22:10:41 +02:00
$content = ob_get_contents ();
2016-08-02 10:29:25 +02:00
ob_end_clean ();
2015-08-31 22:10:41 +02:00
$response = json_decode ( $content , true );
$this -> assertEquals ( 1 , $response [ 'status' ], 'outputs status' );
2017-02-22 21:42:14 +01:00
$this -> assertTrue ( $this -> _model -> exists ( Helper :: getPasteId ()), 'paste exists after failing to delete data' );
2015-08-31 22:10:41 +02:00
}
2015-09-03 22:55:36 +02:00
/**
* @ runInSeparateProcess
*/
public function testDeleteExpired ()
{
2016-08-09 11:54:42 +02:00
$expiredPaste = Helper :: getPaste ( array ( 'expire_date' => 1000 ));
$this -> assertFalse ( $this -> _model -> exists ( Helper :: getPasteId ()), 'paste does not exist before being created' );
$this -> _model -> create ( Helper :: getPasteId (), $expiredPaste );
$this -> assertTrue ( $this -> _model -> exists ( Helper :: getPasteId ()), 'paste exists before deleting data' );
2016-10-29 10:24:08 +02:00
$_GET [ 'pasteid' ] = Helper :: getPasteId ();
2015-09-06 19:21:17 +02:00
$_GET [ 'deletetoken' ] = 'does not matter in this context, but has to be set' ;
2015-09-03 22:55:36 +02:00
ob_start ();
2016-08-09 11:54:42 +02:00
new PrivateBin ;
2015-09-03 22:55:36 +02:00
$content = ob_get_contents ();
2016-08-02 10:29:25 +02:00
ob_end_clean ();
2016-05-22 18:35:07 +02:00
$this -> assertRegExp (
2017-03-12 14:16:08 +01:00
'#<div[^>]*id="errormessage"[^>]*>.*Paste does not exist, has expired or has been deleted\.#s' ,
2015-09-03 22:55:36 +02:00
$content ,
'outputs error correctly'
);
2016-08-09 11:54:42 +02:00
$this -> assertFalse ( $this -> _model -> exists ( Helper :: getPasteId ()), 'paste successfully deleted' );
2015-09-03 22:55:36 +02:00
}
2016-07-06 11:37:13 +02:00
/**
* @ runInSeparateProcess
*/
public function testDeleteMissingPerPasteSalt ()
{
2016-08-09 11:54:42 +02:00
$paste = Helper :: getPaste ();
2016-07-06 11:37:13 +02:00
unset ( $paste [ 'meta' ][ 'salt' ]);
2016-08-09 11:54:42 +02:00
$this -> _model -> create ( Helper :: getPasteId (), $paste );
$this -> assertTrue ( $this -> _model -> exists ( Helper :: getPasteId ()), 'paste exists before deleting data' );
2016-10-29 10:24:08 +02:00
$_GET [ 'pasteid' ] = Helper :: getPasteId ();
2016-08-09 11:54:42 +02:00
$_GET [ 'deletetoken' ] = hash_hmac ( 'sha256' , Helper :: getPasteId (), ServerSalt :: get ());
2016-07-06 11:37:13 +02:00
ob_start ();
2016-08-09 11:54:42 +02:00
new PrivateBin ;
2016-07-06 11:37:13 +02:00
$content = ob_get_contents ();
2016-08-02 10:29:25 +02:00
ob_end_clean ();
2016-07-06 11:37:13 +02:00
$this -> assertRegExp (
2017-03-12 14:16:08 +01:00
'#<div[^>]*id="status"[^>]*>.*Paste was properly deleted\.#s' ,
2016-07-06 11:37:13 +02:00
$content ,
'outputs deleted status correctly'
);
2016-08-09 11:54:42 +02:00
$this -> assertFalse ( $this -> _model -> exists ( Helper :: getPasteId ()), 'paste successfully deleted' );
2016-07-06 11:37:13 +02:00
}
2016-07-05 17:23:25 +02:00
}
