From: Timo Tijhof Date: Fri, 19 Jul 2019 21:33:31 +0000 (+0100) Subject: API: Add test case for ApiCSPReportTest X-Git-Tag: 1.34.0-rc.0~939^2 X-Git-Url: https://git.cyclocoop.org/%27.WWW_URL.%27admin/?a=commitdiff_plain;h=4b01004a1f1557fa7d533a10cf3d45f1f5a84856;p=lhc%2Fweb%2Fwiklou.git API: Add test case for ApiCSPReportTest Covers the basic functioning of the class, as well as the specific behaviours introduced or changed by 5f34361759 and 0ca1b8a0e621c9. Also includes a (bad) expectation for 'user_id' (bool instead of string), which is a bug caused by 5f34361759 that the next commit will fix. Change-Id: I2c57c813b8a31e51a61778951227ccbd1217a547 --- diff --git a/tests/phpunit/includes/api/ApiCSPReportTest.php b/tests/phpunit/includes/api/ApiCSPReportTest.php new file mode 100644 index 0000000000..dab9d3f0f7 --- /dev/null +++ b/tests/phpunit/includes/api/ApiCSPReportTest.php @@ -0,0 +1,121 @@ +setMwGlobals( [ + 'CSPFalsePositiveUrls' => [], + ] ); + } + + public function testInternalReportonly() { + $params = [ + 'reportonly' => '1', + 'source' => 'internal', + ]; + $cspReport = [ + 'document-uri' => 'https://doc.test/path', + 'referrer' => 'https://referrer.test/path', + 'violated-directive' => 'connet-src', + 'disposition' => 'report', + 'blocked-uri' => 'https://blocked.test/path?query', + 'line-number' => 4, + 'column-number' => 2, + 'source-file' => 'https://source.test/path?query', + ]; + + $log = $this->doExecute( $params, $cspReport ); + + $this->assertEquals( + [ + [ + '[report-only] Received CSP report: ' . + ' blocked from being loaded on :4', + [ + 'method' => 'ApiCSPReport::execute', + // FIXME + 'user_id' => true, + 'user-agent' => 'Test/0.0', + 'source' => 'internal' + ] + ], + ], + $log, + 'logged messages' + ); + } + + public function testFalsePositiveOriginMatch() { + $params = [ + 'reportonly' => '1', + 'source' => 'internal', + ]; + $cspReport = [ + 'document-uri' => 'https://doc.test/path', + 'referrer' => 'https://referrer.test/path', + 'violated-directive' => 'connet-src', + 'disposition' => 'report', + 'blocked-uri' => 'https://blocked.test/path/file?query', + 'line-number' => 4, + 'column-number' => 2, + 'source-file' => 'https://source.test/path/file?query', + ]; + + $this->setMwGlobals( [ + 'wgCSPFalsePositiveUrls' => [ + 'https://blocked.test/path/' => true, + ], + ] ); + $log = $this->doExecute( $params, $cspReport ); + + $this->assertSame( + [], + $log, + 'logged messages' + ); + } + + private function doExecute( array $params, array $cspReport ) { + $log = []; + $logger = $this->createMock( Psr\Log\AbstractLogger::class ); + $logger->method( 'warning' )->will( $this->returnCallback( + function ( $msg, $ctx ) use ( &$log ) { + unset( $ctx['csp-report'] ); + $log[] = [ $msg, $ctx ]; + } + ) ); + $this->setLogger( 'csp-report-only', $logger ); + + $postBody = json_encode( [ 'csp-report' => $cspReport ] ); + $req = $this->getMockBuilder( FauxRequest::class ) + ->setMethods( [ 'getRawInput' ] ) + ->setConstructorArgs( [ $params, /* $wasPosted */ true ] ) + ->getMock(); + $req->method( 'getRawInput' )->willReturn( $postBody ); + $req->setHeaders( [ + 'Content-Type' => 'application/csp-report', + 'User-Agent' => 'Test/0.0' + ] ); + + $api = $this->getMockBuilder( ApiCSPReport::class ) + ->disableOriginalConstructor() + ->setMethods( [ 'getParameter', 'getRequest', 'getResult' ] ) + ->getMock(); + $api->method( 'getParameter' )->will( $this->returnCallback( + function ( $key ) use ( $req ) { + return $req->getRawVal( $key ); + } + ) ); + $api->method( 'getRequest' )->willReturn( $req ); + $api->method( 'getResult' )->willReturn( new ApiResult( false ) ); + + $api->execute(); + return $log; + } +}