Sign upLogin

denny/ShinyCMS

View on GitHub
Star
t/controllers/controller_FileServer.t

Summary

Maintainability
Test Coverage
# ===================================================================
# File:        t/controllers/controller_FileServer.t
# Project:    ShinyCMS
# Purpose:    Tests for fileserver user-facing features
#
# Author:    Denny de la Haye <2019@denny.me>
# Copyright (c) 2009-2019 Denny de la Haye
#
# ShinyCMS is free software; you can redistribute it and/or modify it
# under the terms of either the GPL 2.0 or the Artistic License 2.0
# ===================================================================

use strict;
use warnings;

use Test::More;
use Test::WWW::Mechanize::Catalyst::WithContext;

use lib 't/support';
require 'login_helpers.pl';  ## no critic


# Get a mech object
my $t = Test::WWW::Mechanize::Catalyst::WithContext->new( catalyst_app => 'ShinyCMS' );


# Try hitting the controller root
$t->get_ok(
    '/fileserver',
    'Fetch /fileserver with no params'
);
$t->title_is(
    'Home - ShinySite',
    '/filesever with no params redirects to homepage'
);

# Attempt to fetch a restricted file without logging in first
$t->get( '/fileserver/auth/Eternal/dir-one/empty-file.txt' );
ok(
    $t->status == 403,
    'User is forbidden to access restricted files without logging in first'
);

# Log in as a user from demo data, with permission to view restricted files
$t = login_test_user( 'viewer', 'changeme' ) or die 'Failed to log in as test user';
# Check login was successful
my $c = $t->ctx;
ok(
    $c->user_exists && $c->user->username eq 'viewer',
    'Logged in as user with restricted file access'
);

# Attempt to fetch the file again
$t->get( '/fileserver/auth/Eternal/dir-one/empty-file.txt' );
ok(
    $t->status == 200,
    'User is allowed to access restricted files after logging in'
);

# Attempt to fetch a non-existent file
$t->get( '/fileserver/auth/Eternal/dir-one/no-such-file.txt' );
ok(
    $t->status == 404,
    'Attempting to fetch a non-existent file results in a 404 page'
);

# Attempt to fetch restricted files from some other access groups
$t->get( '/fileserver/auth/Expired/dir-two/also-empty.txt' );
ok(
    $t->status == 403,
    'User cannot reach files if their access expired last year'
);
$t->get( '/fileserver/auth/Unexpired/sub/sub/sub/dir/empty-too.txt' );
ok(
    $t->status == 200,
    'User can reach files if their access expires next year'
);
$t->get( '/fileserver/auth/Exclusive/and-empty.txt' );
ok(
    $t->status == 403,
    'User cannot reach files from access groups they are not in'
);

# Attempt to fetch a third time, to hit rate limit
$t->get( '/fileserver/auth/Eternal/dir-one/empty-file.txt' );
ok(
    $t->status == 429,
    'User cannot download more files if they have hit the rate limit'
);


# Tidy up
my $schema = get_schema();
my $test_data = $schema->resultset( 'FileAccess' )->search({
    ip_address => { -not_like => '10.%' },
});
$test_data->delete;

done_testing();