diff options
| author | Bharat Mediratta <bharat@menalto.com> | 2013-01-20 23:54:01 -0500 |
|---|---|---|
| committer | Bharat Mediratta <bharat@menalto.com> | 2013-01-20 23:54:01 -0500 |
| commit | f1d2a8e871327d250574d2dd7cacbb21ea3ae995 (patch) | |
| tree | 8b2aae9394f7046f6ef054746c9197267110ed9e | |
| parent | 2353c92c1adf42763bede046caaa6abbfba834d8 (diff) | |
Add a long overdue test for File_Proxy_Controller that tests all the various
edge case behaviors. It doesn't cover the various headers, but it does cover
the permission based code paths.
| -rw-r--r-- | modules/gallery/controllers/file_proxy.php | 34 | ||||
| -rw-r--r-- | modules/gallery/tests/File_Proxy_Controller_Test.php | 130 |
2 files changed, 156 insertions, 8 deletions
diff --git a/modules/gallery/controllers/file_proxy.php b/modules/gallery/controllers/file_proxy.php index b2120455..df1f7908 100644 --- a/modules/gallery/controllers/file_proxy.php +++ b/modules/gallery/controllers/file_proxy.php @@ -49,7 +49,9 @@ class File_Proxy_Controller extends Controller { // Make sure that the request is for a file inside var $offset = strpos(rawurldecode($request_uri), $var_uri); if ($offset !== 0) { - throw new Kohana_404_Exception(); + $e = new Kohana_404_Exception(); + $e->test_fail_code = 1; + throw $e; } // file_uri: albums/foo/bar.jpg @@ -59,7 +61,9 @@ class File_Proxy_Controller extends Controller { // path: foo/bar.jpg list ($type, $path) = explode("/", $file_uri, 2); if ($type != "resizes" && $type != "albums" && $type != "thumbs") { - throw new Kohana_404_Exception(); + $e = new Kohana_404_Exception(); + $e->test_fail_code = 2; + throw $e; } // If the last element is .album.jpg, pop that off since it's not a real item @@ -82,22 +86,30 @@ class File_Proxy_Controller extends Controller { } if (!$item->loaded()) { - throw new Kohana_404_Exception(); + $e = new Kohana_404_Exception(); + $e->test_fail_code = 3; + throw $e; } // Make sure we have access to the item if (!access::can("view", $item)) { - throw new Kohana_404_Exception(); + $e = new Kohana_404_Exception(); + $e->test_fail_code = 4; + throw $e; } // Make sure we have view_full access to the original if ($type == "albums" && !access::can("view_full", $item)) { - throw new Kohana_404_Exception(); + $e = new Kohana_404_Exception(); + $e->test_fail_code = 5; + throw $e; } // Don't try to load a directory if ($type == "albums" && $item->is_album()) { - throw new Kohana_404_Exception(); + $e = new Kohana_404_Exception(); + $e->test_fail_code = 6; + throw $e; } // Note: this code is roughly duplicated in data_rest, so if you modify this, please look to @@ -112,7 +124,9 @@ class File_Proxy_Controller extends Controller { } if (!file_exists($file)) { - throw new Kohana_404_Exception(); + $e = new Kohana_404_Exception(); + $e->test_fail_code = 7; + throw $e; } header("Content-Length: " . filesize($file)); @@ -146,6 +160,10 @@ class File_Proxy_Controller extends Controller { } } - readfile($file); + if (TEST_MODE) { + return $file; + } else { + readfile($file); + } } } diff --git a/modules/gallery/tests/File_Proxy_Controller_Test.php b/modules/gallery/tests/File_Proxy_Controller_Test.php new file mode 100644 index 00000000..dab2b8f3 --- /dev/null +++ b/modules/gallery/tests/File_Proxy_Controller_Test.php @@ -0,0 +1,130 @@ +<?php defined("SYSPATH") or die("No direct script access."); +/** + * Gallery - a web based photo album viewer and editor + * Copyright (C) 2000-2012 Bharat Mediratta + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or (at + * your option) any later version. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA 02110-1301, USA. + */ +class File_Proxy_Controller_Test extends Gallery_Unit_Test_Case { + public function setup() { + $this->_save = array($_SERVER); + } + + public function teardown() { + list($_SERVER) = $this->_save; + identity::set_active_user(identity::admin_user()); + } + + public function basic_test() { + $photo = test::random_photo(); + $_SERVER["REQUEST_URI"] = url::file("var/albums/{$photo->name}"); + $controller = new File_Proxy_Controller(); + $this->assert_same($photo->file_path(), $controller->__call("", array())); + } + + public function query_params_are_ignored_test() { + $photo = test::random_photo(); + $_SERVER["REQUEST_URI"] = url::file("var/albums/{$photo->name}?a=1&b=2"); + $controller = new File_Proxy_Controller(); + $this->assert_same($photo->file_path(), $controller->__call("", array())); + } + + public function file_must_be_in_var_test() { + $_SERVER["REQUEST_URI"] = url::file("index.php"); + $controller = new File_Proxy_Controller(); + try { + $controller->__call("", array()); + $this->assert_true(false); + } catch (Kohana_404_Exception $e) { + $this->assert_same(1, $e->test_fail_code); + } + } + + public function file_must_be_in_albums_thumbs_or_resizes_test() { + $_SERVER["REQUEST_URI"] = url::file("var/test/var/uploads/.htaccess"); + $controller = new File_Proxy_Controller(); + try { + $controller->__call("", array()); + $this->assert_true(false); + } catch (Kohana_404_Exception $e) { + $this->assert_same(2, $e->test_fail_code); + } + } + + public function movie_thumbnails_are_jpgs_test() { + $movie = test::random_movie(); + $name = legal_file::change_extension($movie->name, "jpg"); + $_SERVER["REQUEST_URI"] = url::file("var/thumbs/{$movie->name}"); + $controller = new File_Proxy_Controller(); + $this->assert_same($movie->thumb_path(), $controller->__call("", array())); + } + + public function invalid_item_test() { + $photo = test::random_photo(); + $_SERVER["REQUEST_URI"] = url::file("var/albums/x_{$photo->name}"); + $controller = new File_Proxy_Controller(); + try { + $controller->__call("", array()); + $this->assert_true(false); + } catch (Kohana_404_Exception $e) { + $this->assert_same(3, $e->test_fail_code); + } + } + + public function need_view_full_permission_to_view_original_test() { + $album = test::random_album(); + $photo = test::random_photo($album); + $album = $album->reload(); // adding the photo changed the album in the db + $_SERVER["REQUEST_URI"] = url::file("var/albums/{$album->name}/{$photo->name}"); + $controller = new File_Proxy_Controller(); + + access::deny(identity::everybody(), "view_full", $album); + identity::set_active_user(identity::guest()); + + try { + $controller->__call("", array()); + $this->assert_true(false); + } catch (Kohana_404_Exception $e) { + $this->assert_same(5, $e->test_fail_code); + } + } + + public function cant_proxy_an_album_test() { + $album = test::random_album(); + $_SERVER["REQUEST_URI"] = url::file("var/albums/{$album->name}"); + $controller = new File_Proxy_Controller(); + + try { + $controller->__call("", array()); + $this->assert_true(false); + } catch (Kohana_404_Exception $e) { + $this->assert_same(6, $e->test_fail_code); + } + } + + public function missing_file_test() { + $photo = test::random_photo(); + $_SERVER["REQUEST_URI"] = url::file("var/albums/{$photo->name}"); + unlink($photo->file_path()); + $controller = new File_Proxy_Controller(); + + try { + $controller->__call("", array()); + $this->assert_true(false); + } catch (Kohana_404_Exception $e) { + $this->assert_same(7, $e->test_fail_code); + } + } +}
\ No newline at end of file |