Mirrors/shlink
1
0
Fork 0
mirror of https://github.com/shlinkio/shlink.git synced 2026-03-06 23:33:13 +08:00
Code Issues Packages Projects Releases Wiki Activity

Ensured delete/rename tags cannot be done with non-admin API keys

Browse Source
This commit is contained in:
Alejandro Celaya
2021-01-06 17:31:49 +01:00
parent b5710f87e2
commit a8b68f07b5
9 changed files with 177 additions and 29 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
module/Rest/test/Action/Tag/DeleteTagsActionTest.php
View File

@@ -6,10 +6,12 @@ namespace ShlinkioTest\Shlink\Rest\Action\Tag;
use Laminas\Diactoros\ServerRequest;
use PHPUnit\Framework\TestCase;
use Prophecy\Argument;
use Prophecy\PhpUnit\ProphecyTrait;
use Prophecy\Prophecy\ObjectProphecy;
use Shlinkio\Shlink\Core\Tag\TagServiceInterface;
use Shlinkio\Shlink\Rest\Action\Tag\DeleteTagsAction;
use Shlinkio\Shlink\Rest\Entity\ApiKey;
class DeleteTagsActionTest extends TestCase
{
@@ -30,8 +32,10 @@ class DeleteTagsActionTest extends TestCase
*/
public function processDelegatesIntoService(?array $tags): void
{
$request = (new ServerRequest())->withQueryParams(['tags' => $tags]);
$deleteTags = $this->tagService->deleteTags($tags ?: []);
$request = (new ServerRequest())
->withQueryParams(['tags' => $tags])
->withAttribute(ApiKey::class, new ApiKey());
$deleteTags = $this->tagService->deleteTags($tags ?: [], Argument::type(ApiKey::class));
$response = $this->action->handle($request);

19
module/Rest/test/Action/Tag/UpdateTagActionTest.php
View File

@@ -4,15 +4,18 @@ declare(strict_types=1);
namespace ShlinkioTest\Shlink\Rest\Action\Tag;
use Laminas\Diactoros\ServerRequest;
use Laminas\Diactoros\ServerRequestFactory;
use PHPUnit\Framework\TestCase;
use Prophecy\Argument;
use Prophecy\PhpUnit\ProphecyTrait;
use Prophecy\Prophecy\ObjectProphecy;
use Psr\Http\Message\ServerRequestInterface;
use Shlinkio\Shlink\Core\Entity\Tag;
use Shlinkio\Shlink\Core\Exception\ValidationException;
use Shlinkio\Shlink\Core\Tag\Model\TagRenaming;
use Shlinkio\Shlink\Core\Tag\TagServiceInterface;
use Shlinkio\Shlink\Rest\Action\Tag\UpdateTagAction;
use Shlinkio\Shlink\Rest\Entity\ApiKey;
class UpdateTagActionTest extends TestCase
{
@@ -33,7 +36,7 @@ class UpdateTagActionTest extends TestCase
*/
public function whenInvalidParamsAreProvidedAnErrorIsReturned(array $bodyParams): void
{
$request = (new ServerRequest())->withParsedBody($bodyParams);
$request = $this->requestWithApiKey()->withParsedBody($bodyParams);
$this->expectException(ValidationException::class);
@@ -50,15 +53,23 @@ class UpdateTagActionTest extends TestCase
/** @test */
public function correctInvocationRenamesTag(): void
{
$request = (new ServerRequest())->withParsedBody([
$request = $this->requestWithApiKey()->withParsedBody([
'oldName' => 'foo',
'newName' => 'bar',
]);
$rename = $this->tagService->renameTag(TagRenaming::fromNames('foo', 'bar'))->willReturn(new Tag('bar'));
$rename = $this->tagService->renameTag(
TagRenaming::fromNames('foo', 'bar'),
Argument::type(ApiKey::class),
)->willReturn(new Tag('bar'));
$resp = $this->action->handle($request);
self::assertEquals(204, $resp->getStatusCode());
$rename->shouldHaveBeenCalled();
}
private function requestWithApiKey(): ServerRequestInterface
{
return ServerRequestFactory::fromGlobals()->withAttribute(ApiKey::class, new ApiKey());
}
}