{{ 'email_application_approved_body'|trans({ '%link%': url('app_login'), '%siteName%': kbin_domain(), })|raw }}
{% if user.isVerified is same as false %}{{ 'email_verification_pending'|trans }}
{% endif %} {% endblock %} ================================================ FILE: templates/_email/application_rejected.html.twig ================================================ {% extends '_email/email_base.html.twig' %} {%- block title -%} {{- 'email_application_rejected_title'|trans }} {%- endblock -%} {% block body %}{{ 'email_application_rejected_body'|trans }}
{% endblock %} ================================================ FILE: templates/_email/confirmation_email.html.twig ================================================ {% extends "_email/email_base.html.twig" %} {%- block title -%} {{- 'email_confirm_header'|trans }} {%- endblock -%} {% block body %}{{ 'email_confirm_content'|trans }}
{% if user.getApplicationStatus() is not same as enum('App\\Enums\\EApplicationStatus').Approved %}{{ 'email_application_pending'|trans }}
{% endif %}{{ 'email_confirm_expire'|trans }}
Cheers!
{% endblock %} ================================================ FILE: templates/_email/contact.html.twig ================================================ {% extends "_email/email_base.html.twig" %} {%- block title -%} {{- 'contact'|trans }} {%- endblock -%} {% block body %}Name: {{ name }}
Email: {{ senderEmail }}
Message: {{ message }}
{{'email.delete.description'|trans}}
Username: {{ username }}
Email: {{ mail }}
) }}){kind=logo}
{{ 'email_confirm_expire'|trans }}
{{'email_confirm_button_text'|trans}}
Cheers!
{{'email_confirm_link_help'|trans}}: {{ url('app_reset_password', {token: resetToken.token}) }}
{% endblock %} ================================================ FILE: templates/admin/_options.html.twig ================================================ {%- set TYPE_GENERAL = constant('App\\Repository\\StatsRepository::TYPE_GENERAL') -%} {%- set TYPE_CONTENT = constant('App\\Repository\\StatsRepository::TYPE_CONTENT') -%} {%- set TYPE_VOTES = constant('App\\Repository\\StatsRepository::TYPE_VOTES') -%} {%- set STATUS_PENDING = constant('App\\Entity\\Report::STATUS_PENDING') -%} ================================================ FILE: templates/admin/dashboard.html.twig ================================================ {% extends 'base.html.twig' %} {%- block title -%} {{- 'dashboard'|trans }} - {{ parent() -}} {%- endblock -%} {% block mainClass %}page-admin-dashboard{% endblock %} {% block header_nav %} {% endblock %} {% block sidebar_top %} {% endblock %} {% block body %} {% include 'admin/_options.html.twig' %}{{ users }}
{{ magazines }}
{{ votes }}
{{ entries }}
{{ comments }}
{{ posts }}
| {{ 'name'|trans }} | {{ 'threads'|trans }} | {{ 'comments'|trans }} | {{ 'posts'|trans }} | {{ 'marked_for_deletion'|trans }} |
|---|---|---|---|---|
| {{ component('magazine_inline', { magazine: magazine, stretchedLink: true, showAvatar: true, showNewIcon: true}) }} | {{ magazine.entryCount }} | {{ magazine.entryCommentCount }} | {{ magazine.postCount + magazine.postCommentCount }} | {{ component('date', {date: magazine.markedForDeletionAt}) }} |
| {{ 'username'|trans }} | {{ 'email'|trans }} | {{ 'created_at'|trans }} | {{ 'marked_for_deletion'|trans }} |
|---|---|---|---|
| {{ component('user_inline', {user: user, showNewIcon: true}) }} | {{ user.email }} | {{ component('date', {date: user.createdAt}) }} | {{ component('date', {date: user.markedForDeletionAt}) }} |
| {{ 'magazines'|trans }} | {{ counts['magazines'] }} |
| {{ 'users'|trans }} | {{ counts['users'] }} |
| {{ 'their_user_follows'|trans }} | {{ counts['ourUserFollows'] }} |
| {{ 'our_user_follows'|trans }} | {{ counts['theirUserFollows'] }} |
| {{ 'their_magazine_subscriptions'|trans }} | {{ counts['ourSubscriptions'] }} |
| {{ 'our_magazine_subscriptions'|trans }} | {{ counts['theirSubscriptions'] }} |
| {{ 'magazine'|trans }} | {{ 'user'|trans }} | {{ 'reputation_points'|trans }} | {{ 'action'|trans }} |
|---|---|---|---|
| {{ component('magazine_inline', {magazine: request.magazine, showNewIcon: true}) }} | {{ component('user_inline', {user: request.user, showNewIcon: true}) }} | {{ get_reputation_total(request.user) }} |
| {{ 'monitoring_user_type'|trans }} | {{ context.userType }} |
| {{ 'monitoring_path'|trans }} | {{ context.path }} |
| {{ 'monitoring_handler'|trans }} | {{ context.handler }} |
| {{ 'monitoring_started'|trans }} | {{ component('date', {'date': context.startedAt}) }} |
| {{ 'monitoring_duration'|trans }} | {{ context.duration|round(2) }}ms |
| {{ 'monitoring_queries'|trans({'%count%': 2}) }} | {{ context.queries.count() }} in {{ queryDuration|round(2) }}ms ({{ (100 / context.duration * queryDuration)|round }}%) |
| {{ 'monitoring_twig_renders'|trans() }} | {{ context.twigRenders.count() }} in {{ twigDuration|round(2) }}ms ({{ (100 / context.duration * twigDuration)|round }}%) |
| {{ 'monitoring_curl_requests'|trans() }} | {{ context.curlRequests.count() }} in {{ curlRequestDuration|round(2) }}ms ({{ (100 / context.duration * curlRequestDuration)|round }}%) |
| {{ 'monitoring_duration_sending_response'|trans() }} | {{ context.responseSendingDurationMilliseconds|round(2) }}ms ({{ (100 / context.duration * context.responseSendingDurationMilliseconds)|round }}%) |
| {{ 'monitoring_queries'|trans({'%count%': 1}) }} | {% if groupSimilar is same as false %}{{ 'monitoring_duration'|trans }} | {% else %}{{ 'monitoring_duration_min'|trans }} | {{ 'monitoring_duration_mean'|trans }} | {{ 'monitoring_duration_max'|trans }} | {{ 'monitoring_query_count'|trans }} | {{ 'monitoring_query_total'|trans }} | {% endif %}
|---|---|---|---|---|---|---|
|
{% if formatQuery %}
{% if showParameters %}
{{ query.queryString.query|formatQuery }}
{% else %}
{{ query.queryString.query }}
{% endif %}
{{ 'parameters'|trans }} = {{ query.parameters|json_encode(constant('JSON_PRETTY_PRINT')) }}
|
{{ query.duration|round(2) }}ms | |||||
|
{% if formatQuery %}
{{ query.query|formatQuery }}
{% else %}
{{ query.query }}
{% endif %}
|
{{ query.minExecutionTime|round(2) }}ms | {{ query.maxExecutionTime|round(2) }}ms | {{ query.meanExecutionTime|round(2) }}ms | {{ query.count }} | {{ query.totalExecutionTime|round(2) }}ms |
| {{ 'monitoring_http_method'|trans }} | {{ 'monitoring_url'|trans }} | {{ 'monitoring_request_successful'|trans }} | {{ 'monitoring_duration'|trans }} |
|---|---|---|---|
| {{ request.method }} | {{ request.url }} | {{ request.wasSuccessful ? 'yes'|trans : 'no'|trans }} | {{ request.duration|round(2) }}ms |
{% if configuration['monitoringEnabled'] is not same as true %} {{ 'monitoring_disabled'|trans }} {% else %} {% if configuration['monitoringQueriesEnabled'] is same as true %} {% if configuration['monitoringQueriesPersistingEnabled'] is same as true %} {{ 'monitoring_queries_enabled_persisted'|trans }} {% else %} {{ 'monitoring_queries_enabled_not_persisted'|trans }} {% endif %} {% else %} {{ 'monitoring_queries_disabled'|trans }} {% endif %} {% if configuration['monitoringTwigRendersEnabled'] is same as true %} {% if configuration['monitoringTwigRendersPersistingEnabled'] is same as true %} {{ 'monitoring_twig_renders_enabled_persisted'|trans }} {% else %} {{ 'monitoring_twig_renders_enabled_not_persisted'|trans }} {% endif %} {% else %} {{ 'monitoring_twig_renders_disabled'|trans }} {% endif %} {% if configuration['monitoringCurlRequestsEnabled'] is same as true %} {% if configuration['monitoringCurlRequestPersistingEnabled'] is same as true %} {{ 'monitoring_curl_requests_enabled_persisted'|trans }} {% else %} {{ 'monitoring_curl_requests_enabled_not_persisted'|trans }} {% endif %} {% else %} {{ 'monitoring_curl_requests_disabled'|trans }} {% endif %} {% endif %}
{{ 'monitoring_route_overview_description'|trans }}
{{ render_chart(chart, {'data-chart-unit-value': 'ms'}) }} {% endif %} {{ form_start(form) }}| {{ 'monitoring_user_type'|trans }} | {{ 'monitoring_path'|trans }} | {{ 'monitoring_handler'|trans }} | {{ 'monitoring_started'|trans }} | {{ 'monitoring_duration'|trans }} | ||
|---|---|---|---|---|---|---|
| {{ context.uuid|uuidEnd }} | {% if context.executionType is same as 'messenger' %}messenger | {% else %}{{ context.userType }} | {% endif %}{{ context.path }} | {{ context.handler }} | {{ context.startedAt|date }} | {{ context.duration|round(2) }}ms |
{{ 'signup_requests_paragraph'|trans }}
{{ 'viewing_one_signup_request'|trans({'%username%': username}) }}
| {{ name|trans }} {% if sortField is defined and field is same as sortField %} {% if order is defined and order is same as 'ASC' %} {% elseif order is defined and order is same as 'DESC' %} {% endif %} {% endif %} | {% endfor %} {% if attitudes is defined %}{{ 'attitude'|trans }} | {% endif %}|||
|---|---|---|---|---|
| {{ component('user_inline', {user: user, showNewIcon: true}) }} | {{ user.apId ? '-' : user.email }} | {{ component('date', {date: user.createdAt}) }} | {{ component('date', {date: user.lastActive}) }} | {% if attitudes is defined %}{% if attitudes[user.id] is defined %} {% set attitude = attitudes[user.id] %} {% if attitude < 0 %} - {% else %} {{ attitudes[user.id]|number_format(2) }}% {% endif %} {% else %} - {% endif %} | {% endif %}
| {{ 'name'|trans }} | {{ 'count'|trans }} | ||
|---|---|---|---|
| {% if list.isDefault %} {% endif %} | {{ list.name }} | {{ get_bookmark_list_entry_count(list) }} | {% if not list.isDefault %} {% endif %} |
{{ 'error'|trans }}
{{'errors.server403.title'|trans}}
{{'errors.server404.title'|trans}}
{{'errors.server429.title'|trans}}
{{'errors.server500.title'|trans}}
{{ 'errors.server500.description'|trans({ '%link_start%': '', '%link_end%': '' })|raw }}[{{ 'deleted_by_moderator'|trans }}]
{% elseif(entry.visibility is same as 'soft_deleted') %}[{{ 'deleted_by_author'|trans }}]
{% endif %}{{ get_short_sentence(entry.body|markdown|raw, striptags = true) }}
[{{ 'deleted_by_moderator'|trans }}]
{% elseif(comment.visibility is same as 'soft_deleted') %}[{{ 'deleted_by_author'|trans }}]
{% endif %}| {{ 'domain'|trans }} | {{ 'server_software'|trans }} | {{ 'version'|trans }} | {% if app.user is defined and app.user is not same as null and app.user.admin %}{{ 'last_successful_deliver'|trans }} | {{ 'last_successful_receive'|trans }} | {% if showUnBanButton or showBanButton or showDenyButton or showAllowButton %}{% endif %} {% endif %} |
|---|---|---|---|---|---|
| {{instance.domain}} | {{ instance.software ?? '' }} | {{ instance.version ?? '' }} | {% if app.user is defined and app.user is not same as null and app.user.admin %}{% if instance.lastSuccessfulDeliver is not same as null %} {{ component('date', { date: instance.lastSuccessfulDeliver }) }} {% endif %} | {% if instance.lastSuccessfulReceive is not same as null %} {{ component('date', { date: instance.lastSuccessfulReceive }) }} {% endif %} | {% if showUnBanButton or showBanButton or showDenyButton or showAllowButton %}
{% if showUnBanButton and instance.isBanned %}
{% endif %}
{% if showBanButton and not instance.isBanned %}
{% endif %}
{% if showDenyButton and instance.isExplicitlyAllowed %}
{% endif %}
{% if showAllowButton and not instance.isExplicitlyAllowed %}
{% endif %}
|
{% endif %}
{% endif %}
{{ ('@'~magazine.name)|username(true) }} {% if magazine.isAdult %}18+{% endif %} {% if magazine.apId %} {% endif %}
[{{ 'deleted_by_moderator'|trans }}]
{% elseif(post.visibility is same as 'soft_deleted') %}[{{ 'deleted_by_author'|trans }}]
{% endif %} {% if post.image %} {{ include('components/_figure_image.html.twig', { image: post.image, parent_id: post.id, is_adult: post.isAdult, thumb_filter: 'post_thumb', gallery_name: 'post-%d'|format(post.id), }) }} {% endif %}[{{ 'deleted_by_moderator'|trans }}]
{% elseif isUserDeleted %}[{{ 'deleted_by_author'|trans }}]
{% endif %}{{ get_short_sentence(post.body|markdown|raw, striptags = true, onlyFirstParagraph = false) }}
[{{ 'deleted_by_moderator'|trans }}]
{% elseif(comment.visibility is same as 'soft_deleted') %}[{{ 'deleted_by_author'|trans }}]
{% endif %}[{{ 'deleted_by_moderator'|trans }}]
{% elseif isUserDeleted %}[{{ 'deleted_by_author'|trans }}]
{% endif %}{{ get_short_sentence(comment.body|markdown|raw, striptags = true, onlyFirstParagraph = false) }}
|imagine_filter('post_thumb')) : post.image.sourceUrl }})
{% endif %}
{% if post.body %}
{{ get_short_sentence(post.body)|markdown|raw }}{% endif %} {{ 'show_more'|trans }}
|imagine_filter('avatar_thumb')) : user.avatar.sourceUrl }}){kind=avatar}
{% else %}
{% endif %}
{% if asLink %}
{% endif %}
================================================
FILE: templates/components/user_box.html.twig
================================================
{{ 'user_badge_bot'|trans }}
{% endif %}
{% if user.isNew() %}
{% set days = constant('App\\Entity\\User::NEW_FOR_DAYS') %}
{% endif %}
{% if user.isCakeDay() %}
{% endif %}
{% if user.admin() %}
{{ 'user_badge_admin'|trans }}
{% elseif user.moderator() %}
{{ 'user_badge_global_moderator'|trans }}
{% endif %}
{{ 'user_badge_bot'|trans }}
{% endif %}
{% if user.isNew() %}
{% set days = constant('App\\Entity\\User::NEW_FOR_DAYS') %}
{% endif %}
{% if user.isCakeDay() %}
{% endif %}
{% if user.admin() %}
{{ 'user_badge_admin'|trans }}
{% elseif user.moderator() %}
{{ 'user_badge_global_moderator'|trans }}
{% endif %}
{{ 'already_have_account'|trans }} {{ 'login'|trans }}
{% endif %} {% if kbin_registrations_enabled() %} {% if showRegister %}{{ 'dont_have_account'|trans }} {{ 'register'|trans }}
{% endif %} {% endif %} {% if showPasswordReset %}{{ 'you_cant_login'|trans }} {{ 'reset_password'|trans }}
{% endif %} {# {% if showResendEmail %}#} {#{{ 'resend_account_activation_email_question'|trans }} #} {# {{ 'resend_account_activation_email'|trans }}#} {#
#} {# {% endif %}#}
{% endif %}
================================================
FILE: templates/components/user_inline.html.twig
================================================
{% if user.avatar and showAvatar %}
 | imagine_filter('avatar_thumb')) : user.avatar.sourceUrl }}){kind=avatar}
{% endif %}
{{ user.title ?? user.apPreferredUsername ?? user.username|username -}}
{%- if fullName is defined and fullName is same as true -%}
@{{- user.username|apDomain -}}
{%- endif -%}
{% if user.isNew() and showNewIcon %}
{% set days = constant('App\\Entity\\User::NEW_FOR_DAYS') %}
{% endif %}
{% if user.isCakeDay() %}
{% endif %}
================================================
FILE: templates/components/user_inline_box.html.twig
================================================
{{ 'user_badge_bot'|trans }}
{% endif %}
{% if user.isNew() %}
{% set days = constant('App\\Entity\\User::NEW_FOR_DAYS') %}
{% endif %}
{% if user.isCakeDay() %}
{% endif %}
{% if user.admin() %}
{{ 'user_badge_admin'|trans }}
{% elseif user.moderator() %}
{{ 'user_badge_global_moderator'|trans }}
{% endif %}
| {{ 'name'|trans }} | {{ 'threads'|trans }} | |
| {{ domain.name }} | {{ domain.entries|length }} | {{ component('domain_sub', {domain: domain}) }} |
|imagine_filter('entry_thumb')) : entry.image.sourceUrl }}){kind=small}
{% endif %}
{% endif %}
|imagine_filter('avatar_thumb')) : entry.user.avatar.sourceUrl }}){kind=avatar}
{{ entry.user.username|username(true) }} {% if entry.user.apManuallyApprovesFollowers is same as true %} {% endif %} {% if entry.user.apProfileId %} {% endif %}
|imagine_filter('post_thumb')) : comment.image.sourceUrl }}){kind=small}
{% endif %}
{{ 'browsing_one_thread'|trans }}
{{ 'browsing_one_thread'|trans }}
{{ 'browsing_one_thread'|trans }}
{{ 'back'|trans }} {{ 'comment_not_found'|trans }}
{{ 'comments_locked'|trans }}
 }}){kind=small}
{{ 'kbin_promo_desc'|trans({ '%link_start%': '', '%link_end%': '' })|raw }}
{{ 'federated_magazine_info'|trans }} {{ 'go_to_original_instance'|trans }}
{{ 'disconnected_magazine_info'|trans({'%days%': daysDifference}) }} {% if app.user %} {{ 'subscribe_for_updates'|trans }} {% endif %}
{% else %}{{ 'always_disconnected_magazine_info'|trans }} {% if app.user %} {{ 'subscribe_for_updates'|trans }} {% endif %}
{% endif %}| {{ 'name'|trans }} | {% for column in ['threads', 'comments', 'posts'] %}{% if sortBy is same as column %} {{ column|trans }} {% else %} {{ column|trans }} {% endif %} | {% endfor %}{% if sortBy is same as 'hot' %} {{ 'subscriptions'|trans }} {% else %} {{ 'subscriptions'|trans }} {% endif %} | ||
|---|---|---|---|---|
| {{ component('magazine_inline', { magazine: magazine, stretchedLink: true, showAvatar: true, showNewIcon: true, fullName: SHOW_MAGAZINE_FULLNAME is same as V_TRUE}) }} {% if magazine.isAdult %}18+{% endif %} | {{ magazine.entryCount|abbreviateNumber }} | {{ magazine.entryCommentCount|abbreviateNumber }} | {{ (magazine.postCount + magazine.postCommentCount)|abbreviateNumber }} | {{ component('magazine_sub', {magazine: magazine}) }} |
{{ 'magazine_is_deleted'|trans({ '%link_target%': path('magazine_panel_general', {'name': magazine.name}) })|raw }}
| {{ 'name'|trans }} | {% for column in ['threads', 'comments', 'posts'] %}{{ column|trans }} | {% endfor %}|||
|---|---|---|---|---|
| {{ component('magazine_inline', { magazine: magazine, stretchedLink: true, showAvatar: true, showNewIcon: true, fullName: true}) }} | {{ magazine.entryCount }} | {{ magazine.entryCommentCount }} | {{ magazine.postCount + magazine.postCommentCount }} |
| {{ 'name'|trans }} | {{ 'reason'|trans }} | {{ 'created'|trans }} | {{ 'expires'|trans }} | |
|---|---|---|---|---|
| {{ component('user_inline', {user: ban.user, showNewIcon: true}) }} | {{ ban.reason }} | {{ component('date', {date: ban.createdAt}) }} | {% if ban.expiredAt %} {{ component('date', {date: ban.expiredAt}) }} {% else %} {{ 'perm'|trans }} {% endif %} |
| {{ 'magazine'|trans }} | {{ 'user'|trans }} | {{ 'reputation_points'|trans }} | |
| {{ component('magazine_inline', {magazine: request.magazine, showNewIcon: true}) }} | {{ component('user_inline', {user: request.user, showNewIcon: true}) }} | {{ get_reputation_total(request.user) }} |
{{ 'mod_log_alert'|trans }}
{{ 'federation_page_dead_description'|trans }}
{% if deadInstances is not empty %} {{ component('instance_list', {'instances': deadInstances}) }} {% else %} {% endif %}
{% endif %}
|imagine_filter('avatar_thumb')) : post.user.avatar.sourceUrl }}){kind=avatar}
{{ post.user.username|username(true) }} {% if post.user.apManuallyApprovesFollowers is same as true %} {% endif %} {% if post.user.apProfileId %} {% endif %}
{% endif %}
{{ 'browsing_one_thread'|trans }}
{{ 'browsing_one_thread'|trans }}
{{ 'browsing_one_thread'|trans }}
{{ 'comments_locked'|trans }}
{{ 'resend_account_activation_email_description'|trans }}
{{ form_start(form) }} {% for flash_error in app.flashes('error') %}{{ 'reset_check_email_desc'|trans({'%expire%': resetToken.expirationMessageKey|trans(resetToken.expirationMessageData, 'ResetPasswordBundle')}) }}
{{ 'reset_check_email_desc2'|trans }}
{{ users|abbreviateNumber }}
{{ magazines|abbreviateNumber }}
{{ votes|abbreviateNumber }}
{{ entries|abbreviateNumber }}
{{ comments|abbreviateNumber }}
{{ posts|abbreviateNumber }}
{{ 'federated_user_info'|trans }} {{ 'go_to_original_instance'|trans }}
{{ user.username|username }}{% if not user.apId %}@{{ kbin_domain() }}{% endif %} {% if user.apManuallyApprovesFollowers is same as true %} {% endif %}
| {{ 'name'|trans }} | {{ 'threads'|trans }} | {{ 'comments'|trans }} | {{ 'posts'|trans }} | |
| {{ component('user_inline', { user: u, stretchedLink: true, showAvatar: true, showNewIcon: true, fullName: SHOW_USER_FULLNAME is same as V_TRUE}) }} | {{ u.entries|length }} | {{ u.entryComments|length }} | {{ u.posts|length + u.postComments|length }} | {{ component('user_actions', {user: u}) }} |
{{ user.username|username(true) }} {% if user.apManuallyApprovesFollowers is same as true %} {% endif %} {% if user.apProfileId %} {% endif %}
{{ 'account_is_suspended'|trans }}
{{ app_name }} {{ 'oauth.consent.app_requesting_permissions'|trans }}:
{{ app_name }} {{ 'oauth.consent.app_has_permissions'|trans }}:
{{ 'oauth.consent.to_allow_access'|trans }}
| {{ subject.points }} | {{ subject.day >= date('-2 days') ? subject.day|ago : subject.day|date('Y-m-d') }} |
{{ '2fa.available_apps' | trans({ '%google_authenticator%': 'Google Authenticator', '%aegis%': 'Aegis', '%raivo%': 'Raivo' }) | raw }}
{{ '2fa.manual_code_hint'|trans }}:
{% include 'user/settings/2fa_secret.html.twig' with {'secret': secret} %}
{{ '2fa.backup_codes.help' | trans | raw }}
{{ '2fa.backup_codes.recommendation' | trans }}
================================================ FILE: templates/user/settings/_options.html.twig ================================================ {%- set STATUS_PENDING = constant('App\\Entity\\Report::STATUS_PENDING') -%} ================================================ FILE: templates/user/settings/_stats_pills.html.twig ================================================ {%- set TYPE_CONTENT = constant('App\\Repository\\StatsRepository::TYPE_CONTENT') -%} {%- set TYPE_VOTES = constant('App\\Repository\\StatsRepository::TYPE_VOTES') -%}{{ 'account_deletion_description'|trans }}
{{ form_start(form) }} {{ form_row(form.currentPassword, {label: 'current_password'}) }} {{ form_row(form.instantDelete, {label: 'account_deletion_immediate', row_attr: {class: 'checkbox'}}) }}{{ '2fa.backup-create.help' | trans }}
{{ form_start(regenerateBackupCodes, {action: path('user_settings_2fa_backup'), attr: {'data-action': "confirmation#ask", 'data-confirmation-message-param': 'are_you_sure'|trans}}) }} {{ form_row(regenerateBackupCodes.currentPassword) }} {{ form_row(regenerateBackupCodes.totpCode, {required: has2fa}) }}|imagine_filter('entry_thumb') }}){kind=avatar}
@someOtherUser @someUser @someMagazine
'; $this->createMastodonPostWithMention['object']['contentMap']['en'] = $text; $this->createMastodonPostWithMention['object']['content'] = $text; $this->createMastodonPostWithMention['object']['tag'] = [ [ 'type' => 'Mention', 'href' => 'https://some.instance.tld/u/someOtherUser', 'name' => '@someOtherUser', ], [ 'type' => 'Mention', 'href' => 'https://some.instance.tld/u/someUser', 'name' => '@someUser', ], [ 'type' => 'Mention', 'href' => 'https://some.instance.tld/m/someMagazine', 'name' => '@someMagazine', ], ]; } private function setupMastodonPostWithoutTagArray(): void { $this->createMastodonPostWithMentionWithoutTagArray = $this->createRemotePostInLocalMagazine($this->localMagazine, $this->remoteUser); unset($this->createMastodonPostWithMentionWithoutTagArray['object']['source']); // this is what it would look like if a user created a post in Mastodon with just a single mention and nothing else $text = '@remoteUser'; $this->createMastodonPostWithMentionWithoutTagArray['object']['contentMap']['en'] = $text; $this->createMastodonPostWithMentionWithoutTagArray['object']['content'] = $text; } private function createRemoteEntryWithUrlAndImageInLocalMagazine(Magazine $magazine, User $user): array { $entry = $this->getEntryByTitle('remote entry with URL and image in local', url: 'https://joinmbin.org', magazine: $magazine, user: $user, image: $this->getKibbyImageDto()); $json = $this->pageFactory->create($entry, $this->tagLinkRepository->getTagsOfContent($entry)); $this->testingApHttpClient->activityObjects[$json['id']] = $json; $createActivity = $this->createWrapper->build($entry); $create = $this->activityJsonBuilder->buildActivityJson($createActivity); $this->testingApHttpClient->activityObjects[$create['id']] = $create; $create = $this->RewriteTargetFieldsToLocal($magazine, $create); $this->entitiesToRemoveAfterSetup[] = $createActivity; $this->entitiesToRemoveAfterSetup[] = $entry; return $create; } } ================================================ FILE: tests/Functional/ActivityPub/Inbox/DeleteHandlerTest.php ================================================ createLocalEntryAndCreateDeleteActivity($this->localMagazine, $this->localUser, $this->remoteUser); $activity = $obj['activity']; $entry = $obj['content']; $this->bus->dispatch(new ActivityMessage(json_encode($activity))); $this->entityManager->refresh($entry); self::assertTrue($entry->isTrashed()); $this->assertOneSentAnnouncedActivityOfType('Delete', $activity['id']); } public function testDeleteLocalEntryInRemoteMagazineByRemoteModerator(): void { $obj = $this->createLocalEntryAndCreateDeleteActivity($this->remoteMagazine, $this->localUser, $this->remoteUser); $activity = $obj['activity']; $entry = $obj['content']; $this->bus->dispatch(new ActivityMessage(json_encode($activity))); $this->entityManager->refresh($entry); self::assertTrue($entry->isTrashed()); $this->assertCountOfSentActivitiesOfType(0, 'Delete'); $this->assertOneSentAnnouncedActivityOfType('Delete', $activity['id']); } public function testDeleteRemoteEntryInLocalMagazineByRemoteModerator(): void { $this->bus->dispatch(new ActivityMessage(json_encode($this->createRemoteEntryInLocalMagazine))); $entryApId = $this->createRemoteEntryInLocalMagazine['object']['id']; $entry = $this->entryRepository->findOneBy(['apId' => $entryApId]); self::assertNotNull($entry); $this->bus->dispatch(new ActivityMessage(json_encode($this->deleteRemoteEntryByRemoteModeratorInLocalMagazine))); $entry = $this->entryRepository->findOneBy(['apId' => $entryApId]); self::assertTrue($entry->isTrashed()); $this->assertOneSentAnnouncedActivityOfType('Delete', $this->deleteRemoteEntryByRemoteModeratorInLocalMagazine['id']); } public function testDeleteRemoteEntryInRemoteMagazineByRemoteModerator(): void { $this->bus->dispatch(new ActivityMessage(json_encode($this->createRemoteEntryInRemoteMagazine))); $entryApId = $this->createRemoteEntryInRemoteMagazine['object']['object']['id']; $entry = $this->entryRepository->findOneBy(['apId' => $entryApId]); self::assertNotNull($entry); $this->bus->dispatch(new ActivityMessage(json_encode($this->deleteRemoteEntryByRemoteModeratorInRemoteMagazine))); $entry = $this->entryRepository->findOneBy(['apId' => $entryApId]); self::assertTrue($entry->isTrashed()); $this->assertCountOfSentActivitiesOfType(0, 'Delete'); $this->assertCountOfSentActivitiesOfType(0, 'Announce'); $deleteActivities = $this->activityRepository->findBy(['type' => 'Delete']); self::assertEmpty($deleteActivities); } public function testDeleteLocalEntryCommentInLocalMagazineByRemoteModerator(): void { $obj = $this->createLocalEntryCommentAndCreateDeleteActivity($this->localMagazine, $this->localUser, $this->remoteUser); $activity = $obj['activity']; $entryComment = $obj['content']; $this->bus->dispatch(new ActivityMessage(json_encode($activity))); $this->entityManager->refresh($entryComment); self::assertTrue($entryComment->isTrashed()); $this->assertOneSentAnnouncedActivityOfType('Delete', $activity['id']); } public function testDeleteLocalEntryCommentInRemoteMagazineByRemoteModerator(): void { $obj = $this->createLocalEntryCommentAndCreateDeleteActivity($this->remoteMagazine, $this->localUser, $this->remoteUser); $activity = $obj['activity']; $entryComment = $obj['content']; $this->bus->dispatch(new ActivityMessage(json_encode($activity))); $this->entityManager->refresh($entryComment); self::assertTrue($entryComment->isTrashed()); $this->assertCountOfSentActivitiesOfType(0, 'Delete'); $this->assertOneSentAnnouncedActivityOfType('Delete', $activity['id']); } public function testDeleteRemoteEntryCommentInLocalMagazineByRemoteModerator(): void { $this->bus->dispatch(new ActivityMessage(json_encode($this->createRemoteEntryInLocalMagazine))); $entryApId = $this->createRemoteEntryInLocalMagazine['object']['id']; $entry = $this->entryRepository->findOneBy(['apId' => $entryApId]); assertNotNull($entry); $this->bus->dispatch(new ActivityMessage(json_encode($this->createRemoteEntryCommentInLocalMagazine))); $entryCommentApId = $this->createRemoteEntryCommentInLocalMagazine['object']['id']; $entryComment = $this->entryCommentRepository->findOneBy(['apId' => $entryCommentApId]); self::assertNotNull($entryComment); $this->bus->dispatch(new ActivityMessage(json_encode($this->deleteRemoteEntryCommentByRemoteModeratorInLocalMagazine))); $entryComment = $this->entryCommentRepository->findOneBy(['apId' => $entryCommentApId]); self::assertTrue($entryComment->isTrashed()); $this->assertOneSentAnnouncedActivityOfType('Delete', $this->deleteRemoteEntryCommentByRemoteModeratorInLocalMagazine['id']); } public function testDeleteRemoteEntryCommentInRemoteMagazineByRemoteModerator(): void { $this->bus->dispatch(new ActivityMessage(json_encode($this->createRemoteEntryInRemoteMagazine))); $entryApId = $this->createRemoteEntryInRemoteMagazine['object']['object']['id']; $entry = $this->entryRepository->findOneBy(['apId' => $entryApId]); self::assertNotNull($entry); $this->bus->dispatch(new ActivityMessage(json_encode($this->createRemoteEntryCommentInRemoteMagazine))); $entryCommentApId = $this->createRemoteEntryCommentInRemoteMagazine['object']['object']['id']; $entryComment = $this->entryCommentRepository->findOneBy(['apId' => $entryCommentApId]); self::assertNotNull($entryComment); $this->bus->dispatch(new ActivityMessage(json_encode($this->deleteRemoteEntryCommentByRemoteModeratorInRemoteMagazine))); $entryComment = $this->entryCommentRepository->findOneBy(['apId' => $entryCommentApId]); self::assertTrue($entryComment->isTrashed()); $this->assertCountOfSentActivitiesOfType(0, 'Delete'); $this->assertCountOfSentActivitiesOfType(0, 'Announce'); $deleteActivities = $this->activityRepository->findBy(['type' => 'Delete']); self::assertEmpty($deleteActivities); } public function testDeleteLocalPostInLocalMagazineByRemoteModerator(): void { $obj = $this->createLocalPostAndCreateDeleteActivity($this->localMagazine, $this->localUser, $this->remoteUser); $activity = $obj['activity']; $post = $obj['content']; $this->bus->dispatch(new ActivityMessage(json_encode($activity))); $this->entityManager->refresh($post); self::assertTrue($post->isTrashed()); $this->assertOneSentAnnouncedActivityOfType('Delete', $activity['id']); } public function testDeleteLocalPostInRemoteMagazineByRemoteModerator(): void { $obj = $this->createLocalPostAndCreateDeleteActivity($this->remoteMagazine, $this->localUser, $this->remoteUser); $activity = $obj['activity']; $post = $obj['content']; $this->bus->dispatch(new ActivityMessage(json_encode($activity))); $this->entityManager->refresh($post); self::assertTrue($post->isTrashed()); $this->assertCountOfSentActivitiesOfType(0, 'Delete'); $this->assertOneSentAnnouncedActivityOfType('Delete', $activity['id']); } public function testDeleteRemotePostInLocalMagazineByRemoteModerator(): void { $this->bus->dispatch(new ActivityMessage(json_encode($this->createRemotePostInLocalMagazine))); $postApId = $this->createRemotePostInLocalMagazine['object']['id']; $post = $this->postRepository->findOneBy(['apId' => $postApId]); self::assertNotNull($post); $this->bus->dispatch(new ActivityMessage(json_encode($this->deleteRemotePostByRemoteModeratorInLocalMagazine))); $post = $this->postRepository->findOneBy(['apId' => $postApId]); self::assertTrue($post->isTrashed()); $this->assertOneSentAnnouncedActivityOfType('Delete', $this->deleteRemotePostByRemoteModeratorInLocalMagazine['id']); } public function testDeleteRemotePostInRemoteMagazineByRemoteModerator(): void { $this->bus->dispatch(new ActivityMessage(json_encode($this->createRemotePostInRemoteMagazine))); $postApId = $this->createRemotePostInRemoteMagazine['object']['object']['id']; $post = $this->postRepository->findOneBy(['apId' => $postApId]); self::assertNotNull($post); $this->bus->dispatch(new ActivityMessage(json_encode($this->deleteRemotePostByRemoteModeratorInRemoteMagazine))); $post = $this->postRepository->findOneBy(['apId' => $postApId]); self::assertTrue($post->isTrashed()); $this->assertCountOfSentActivitiesOfType(0, 'Delete'); $this->assertCountOfSentActivitiesOfType(0, 'Announce'); $deleteActivities = $this->activityRepository->findBy(['type' => 'Delete']); self::assertEmpty($deleteActivities); } public function testDeleteLocalPostCommentInLocalMagazineByRemoteModerator(): void { $obj = $this->createLocalPostCommentAndCreateDeleteActivity($this->localMagazine, $this->localUser, $this->remoteUser); $activity = $obj['activity']; $PostComment = $obj['content']; $this->bus->dispatch(new ActivityMessage(json_encode($activity))); $this->entityManager->refresh($PostComment); self::assertTrue($PostComment->isTrashed()); $this->assertOneSentAnnouncedActivityOfType('Delete', $activity['id']); } public function testDeleteLocalPostCommentInRemoteMagazineByRemoteModerator(): void { $obj = $this->createLocalPostCommentAndCreateDeleteActivity($this->remoteMagazine, $this->localUser, $this->remoteUser); $activity = $obj['activity']; $postComment = $obj['content']; $this->bus->dispatch(new ActivityMessage(json_encode($activity))); $this->entityManager->refresh($postComment); self::assertTrue($postComment->isTrashed()); $this->assertCountOfSentActivitiesOfType(0, 'Delete'); $this->assertOneSentAnnouncedActivityOfType('Delete', $activity['id']); } public function testDeleteRemotePostCommentInLocalMagazineByRemoteModerator(): void { $this->bus->dispatch(new ActivityMessage(json_encode($this->createRemotePostInLocalMagazine))); $postApId = $this->createRemotePostInLocalMagazine['object']['id']; $post = $this->postRepository->findOneBy(['apId' => $postApId]); self::assertNotNull($post); $this->bus->dispatch(new ActivityMessage(json_encode($this->createRemotePostCommentInLocalMagazine))); $postCommentApId = $this->createRemotePostCommentInLocalMagazine['object']['id']; $postComment = $this->postCommentRepository->findOneBy(['apId' => $postCommentApId]); self::assertNotNull($postComment); $this->bus->dispatch(new ActivityMessage(json_encode($this->deleteRemotePostCommentByRemoteModeratorInLocalMagazine))); $postComment = $this->postCommentRepository->findOneBy(['apId' => $postCommentApId]); self::assertTrue($postComment->isTrashed()); $this->assertOneSentAnnouncedActivityOfType('Delete', $this->deleteRemotePostCommentByRemoteModeratorInLocalMagazine['id']); } public function testDeleteRemotePostCommentInRemoteMagazineByRemoteModerator(): void { $this->bus->dispatch(new ActivityMessage(json_encode($this->createRemotePostInRemoteMagazine))); $postApId = $this->createRemotePostInRemoteMagazine['object']['object']['id']; $post = $this->postRepository->findOneBy(['apId' => $postApId]); self::assertNotNull($post); $this->bus->dispatch(new ActivityMessage(json_encode($this->createRemotePostCommentInRemoteMagazine))); $postCommentApId = $this->createRemotePostCommentInRemoteMagazine['object']['object']['id']; $postComment = $this->postCommentRepository->findOneBy(['apId' => $postCommentApId]); self::assertNotNull($postComment); $this->bus->dispatch(new ActivityMessage(json_encode($this->deleteRemotePostCommentByRemoteModeratorInRemoteMagazine))); $postComment = $this->postCommentRepository->findOneBy(['apId' => $postCommentApId]); self::assertTrue($postComment->isTrashed()); $this->assertCountOfSentActivitiesOfType(0, 'Delete'); $this->assertCountOfSentActivitiesOfType(0, 'Announce'); $deleteActivities = $this->activityRepository->findBy(['type' => 'Delete']); self::assertEmpty($deleteActivities); } public function setUp(): void { parent::setUp(); $this->magazineManager->addModerator(new ModeratorDto($this->remoteMagazine, $this->remoteUser)); $this->magazineManager->addModerator(new ModeratorDto($this->remoteMagazine, $this->localUser)); $this->magazineManager->addModerator(new ModeratorDto($this->localMagazine, $this->remoteUser, $this->localMagazine->getOwner())); $this->magazineManager->subscribe($this->remoteMagazine, $this->remoteSubscriber); } protected function setUpRemoteActors(): void { parent::setUpRemoteActors(); $username = 'remotePoster'; $domain = $this->remoteDomain; $this->remotePoster = $this->getUserByUsername($username, addImage: false); $this->registerActor($this->remotePoster, $domain, true); } public function setUpRemoteEntities(): void { $this->createRemoteEntryInRemoteMagazine = $this->createRemoteEntryInRemoteMagazine($this->remoteMagazine, $this->remotePoster, fn ($entry) => $this->createDeletesFromRemoteEntryInRemoteMagazine($entry)); $this->createRemoteEntryCommentInRemoteMagazine = $this->createRemoteEntryCommentInRemoteMagazine($this->remoteMagazine, $this->remotePoster, fn ($entryComment) => $this->createDeletesFromRemoteEntryCommentInRemoteMagazine($entryComment)); $this->createRemotePostInRemoteMagazine = $this->createRemotePostInRemoteMagazine($this->remoteMagazine, $this->remotePoster, fn ($post) => $this->createDeletesFromRemotePostInRemoteMagazine($post)); $this->createRemotePostCommentInRemoteMagazine = $this->createRemotePostCommentInRemoteMagazine($this->remoteMagazine, $this->remotePoster, fn ($comment) => $this->createDeletesFromRemotePostCommentInRemoteMagazine($comment)); $this->createRemoteEntryInLocalMagazine = $this->createRemoteEntryInLocalMagazine($this->localMagazine, $this->remotePoster, fn ($entry) => $this->createDeletesFromRemoteEntryInLocalMagazine($entry)); $this->createRemoteEntryCommentInLocalMagazine = $this->createRemoteEntryCommentInLocalMagazine($this->localMagazine, $this->remotePoster, fn ($entryComment) => $this->createDeletesFromRemoteEntryCommentInLocalMagazine($entryComment)); $this->createRemotePostInLocalMagazine = $this->createRemotePostInLocalMagazine($this->localMagazine, $this->remotePoster, fn ($post) => $this->createDeletesFromRemotePostInLocalMagazine($post)); $this->createRemotePostCommentInLocalMagazine = $this->createRemotePostCommentInLocalMagazine($this->localMagazine, $this->remotePoster, fn ($comment) => $this->createDeletesFromRemotePostCommentInLocalMagazine($comment)); } private function createDeletesFromRemoteEntryInRemoteMagazine(Entry $createdEntry): void { $this->deleteRemoteEntryByRemoteModeratorInRemoteMagazine = $this->createDeleteForContent($createdEntry); } private function createDeletesFromRemoteEntryInLocalMagazine(Entry $createdEntry): void { $this->deleteRemoteEntryByRemoteModeratorInLocalMagazine = $this->createDeleteForContent($createdEntry); } private function createDeletesFromRemoteEntryCommentInRemoteMagazine(EntryComment $comment): void { $this->deleteRemoteEntryCommentByRemoteModeratorInRemoteMagazine = $this->createDeleteForContent($comment); } private function createDeletesFromRemoteEntryCommentInLocalMagazine(EntryComment $comment): void { $this->deleteRemoteEntryCommentByRemoteModeratorInLocalMagazine = $this->createDeleteForContent($comment); } private function createDeletesFromRemotePostInRemoteMagazine(Post $post): void { $this->deleteRemotePostByRemoteModeratorInRemoteMagazine = $this->createDeleteForContent($post); } private function createDeletesFromRemotePostInLocalMagazine(Post $ost): void { $this->deleteRemotePostByRemoteModeratorInLocalMagazine = $this->createDeleteForContent($ost); } private function createDeletesFromRemotePostCommentInRemoteMagazine(PostComment $comment): void { $this->deleteRemotePostCommentByRemoteModeratorInRemoteMagazine = $this->createDeleteForContent($comment); } private function createDeletesFromRemotePostCommentInLocalMagazine(PostComment $comment): void { $this->deleteRemotePostCommentByRemoteModeratorInLocalMagazine = $this->createDeleteForContent($comment); } private function createDeleteForContent(Entry|EntryComment|Post|PostComment $content): array { $activity = $this->deleteWrapper->build($content, $this->remoteUser); $json = $this->activityJsonBuilder->buildActivityJson($activity); $json['summary'] = ' '; $this->testingApHttpClient->activityObjects[$json['id']] = $json; $this->entitiesToRemoveAfterSetup[] = $activity; return $json; } /** * @return array{entry:Entry, activity: array} */ private function createLocalEntryAndCreateDeleteActivity(Magazine $magazine, User $author, User $deletingUser): array { $entry = $this->getEntryByTitle('localEntry', magazine: $magazine, user: $author); $entryJson = $this->pageFactory->create($entry, [], false); $this->switchToRemoteDomain($this->remoteDomain); $activity = $this->deleteWrapper->build($entry, $deletingUser); $activityJson = $this->activityJsonBuilder->buildActivityJson($activity); $activityJson['object'] = $entryJson; $this->switchToLocalDomain(); $this->entityManager->remove($activity); return [ 'activity' => $activityJson, 'content' => $entry, ]; } /** * @return array{content:EntryComment, activity: array} */ private function createLocalEntryCommentAndCreateDeleteActivity(Magazine $magazine, User $author, User $deletingUser): array { $parent = $this->getEntryByTitle('localEntry', magazine: $magazine, user: $author); $comment = $this->createEntryComment('localEntryComment', entry: $parent, user: $author); $commentJson = $this->entryCommentNoteFactory->create($comment, []); $this->switchToRemoteDomain($this->remoteDomain); $activity = $this->deleteWrapper->build($comment, $deletingUser); $activityJson = $this->activityJsonBuilder->buildActivityJson($activity); $activityJson['object'] = $commentJson; $this->switchToLocalDomain(); $this->entityManager->remove($activity); return [ 'activity' => $activityJson, 'content' => $comment, ]; } /** * @return array{content:EntryComment, activity: array} */ private function createLocalPostAndCreateDeleteActivity(Magazine $magazine, User $author, User $deletingUser): array { $post = $this->createPost('localPost', magazine: $magazine, user: $author); $postJson = $this->postNoteFactory->create($post, []); $this->switchToRemoteDomain($this->remoteDomain); $activity = $this->deleteWrapper->build($post, $deletingUser); $activityJson = $this->activityJsonBuilder->buildActivityJson($activity); $activityJson['object'] = $postJson; $this->switchToLocalDomain(); $this->entityManager->remove($activity); return [ 'activity' => $activityJson, 'content' => $post, ]; } /** * @return array{content:EntryComment, activity: array} */ private function createLocalPostCommentAndCreateDeleteActivity(Magazine $magazine, User $author, User $deletingUser): array { $parent = $this->createPost('localPost', magazine: $magazine, user: $author); $postComment = $this->createPostComment('localPost', post: $parent, user: $author); $commentJson = $this->postCommentNoteFactory->create($postComment, []); $this->switchToRemoteDomain($this->remoteDomain); $activity = $this->deleteWrapper->build($postComment, $deletingUser); $activityJson = $this->activityJsonBuilder->buildActivityJson($activity); $activityJson['object'] = $commentJson; $this->switchToLocalDomain(); $this->entityManager->remove($activity); return [ 'activity' => $activityJson, 'content' => $postComment, ]; } } ================================================ FILE: tests/Functional/ActivityPub/Inbox/DislikeHandlerTest.php ================================================ bus->dispatch(new ActivityMessage(json_encode($this->announceEntry))); $entry = $this->entryRepository->findOneBy(['apId' => $this->announceEntry['object']['object']['id']]); self::assertSame(0, $entry->countDownVotes()); $this->bus->dispatch(new ActivityMessage(json_encode($this->dislikeAnnounceEntry))); $this->entityManager->refresh($entry); self::assertNotNull($entry); self::assertSame(1, $entry->countDownVotes()); } #[Depends('testDislikeRemoteEntryInRemoteMagazine')] public function testUndoDislikeRemoteEntryInRemoteMagazine(): void { $this->testDislikeRemoteEntryInRemoteMagazine(); $entry = $this->entryRepository->findOneBy(['apId' => $this->announceEntry['object']['object']['id']]); self::assertSame(1, $entry->countDownVotes()); $this->bus->dispatch(new ActivityMessage(json_encode($this->undoDislikeAnnounceEntry))); $this->entityManager->refresh($entry); self::assertNotNull($entry); self::assertSame(0, $entry->countDownVotes()); } public function testDislikeRemoteEntryCommentInRemoteMagazine(): void { $this->bus->dispatch(new ActivityMessage(json_encode($this->announceEntry))); $this->bus->dispatch(new ActivityMessage(json_encode($this->announceEntryComment))); $comment = $this->entryCommentRepository->findOneBy(['apId' => $this->announceEntryComment['object']['object']['id']]); self::assertSame(0, $comment->countDownVotes()); $this->bus->dispatch(new ActivityMessage(json_encode($this->dislikeAnnounceEntryComment))); $this->entityManager->refresh($comment); self::assertNotNull($comment); self::assertSame(1, $comment->countDownVotes()); } #[Depends('testDislikeRemoteEntryCommentInRemoteMagazine')] public function testUndoLikeRemoteEntryCommentInRemoteMagazine(): void { $this->testDislikeRemoteEntryCommentInRemoteMagazine(); $comment = $this->entryCommentRepository->findOneBy(['apId' => $this->announceEntryComment['object']['object']['id']]); self::assertSame(1, $comment->countDownVotes()); $this->bus->dispatch(new ActivityMessage(json_encode($this->undoDislikeAnnounceEntryComment))); $this->entityManager->refresh($comment); self::assertNotNull($comment); self::assertSame(0, $comment->countDownVotes()); } public function testDislikeRemotePostInRemoteMagazine(): void { $this->bus->dispatch(new ActivityMessage(json_encode($this->announcePost))); $post = $this->postRepository->findOneBy(['apId' => $this->announcePost['object']['object']['id']]); self::assertSame(0, $post->countDownVotes()); $this->bus->dispatch(new ActivityMessage(json_encode($this->dislikeAnnouncePost))); $this->entityManager->refresh($post); self::assertNotNull($post); self::assertSame(1, $post->countDownVotes()); } #[Depends('testDislikeRemotePostInRemoteMagazine')] public function testUndoLikeRemotePostInRemoteMagazine(): void { $this->testDislikeRemotePostInRemoteMagazine(); $post = $this->postRepository->findOneBy(['apId' => $this->announcePost['object']['object']['id']]); self::assertSame(1, $post->countDownVotes()); $this->bus->dispatch(new ActivityMessage(json_encode($this->undoDislikeAnnouncePost))); $this->entityManager->refresh($post); self::assertNotNull($post); self::assertSame(0, $post->countDownVotes()); } public function testDislikeRemotePostCommentInRemoteMagazine(): void { $this->bus->dispatch(new ActivityMessage(json_encode($this->announcePost))); $this->bus->dispatch(new ActivityMessage(json_encode($this->announcePostComment))); $postComment = $this->postCommentRepository->findOneBy(['apId' => $this->announcePostComment['object']['object']['id']]); self::assertSame(0, $postComment->countDownVotes()); $this->bus->dispatch(new ActivityMessage(json_encode($this->dislikeAnnouncePostComment))); $this->entityManager->refresh($postComment); self::assertNotNull($postComment); self::assertSame(1, $postComment->countDownVotes()); } #[Depends('testDislikeRemotePostCommentInRemoteMagazine')] public function testUndoLikeRemotePostCommentInRemoteMagazine(): void { $this->testDislikeRemotePostCommentInRemoteMagazine(); $postComment = $this->postCommentRepository->findOneBy(['apId' => $this->announcePostComment['object']['object']['id']]); self::assertSame(1, $postComment->countDownVotes()); $this->bus->dispatch(new ActivityMessage(json_encode($this->undoDislikeAnnouncePostComment))); $this->entityManager->refresh($postComment); self::assertNotNull($postComment); self::assertSame(0, $postComment->countDownVotes()); } public function testDislikeEntryInLocalMagazine(): void { $this->bus->dispatch(new ActivityMessage(json_encode($this->createEntry))); $entry = $this->entryRepository->findOneBy(['apId' => $this->createEntry['object']['id']]); self::assertSame(0, $entry->countDownVotes()); $this->bus->dispatch(new ActivityMessage(json_encode($this->dislikeCreateEntry))); $this->entityManager->refresh($entry); self::assertSame(1, $entry->countDownVotes()); $postedObjects = $this->testingApHttpClient->getPostedObjects(); self::assertNotEmpty($postedObjects); $postedLikeAnnounces = array_filter($postedObjects, fn ($arr) => 'Announce' === $arr['payload']['type'] && 'Dislike' === $arr['payload']['object']['type']); $postedLikeAnnounce = $postedLikeAnnounces[array_key_first($postedLikeAnnounces)]; // the id of the 'Dislike' activity should be wrapped in an 'Announce' activity self::assertEquals($this->dislikeCreateEntry['id'], $postedLikeAnnounce['payload']['object']['id']); // the 'Dislike' activity has the url as the object self::assertEquals($this->dislikeCreateEntry['object'], $postedLikeAnnounce['payload']['object']['object']); self::assertEquals($this->remoteSubscriber->apInboxUrl, $postedLikeAnnounce['inboxUrl']); } #[Depends('testDislikeEntryInLocalMagazine')] public function testUndoLikeEntryInLocalMagazine(): void { $this->testDislikeEntryInLocalMagazine(); $entry = $this->entryRepository->findOneBy(['apId' => $this->createEntry['object']['id']]); self::assertSame(1, $entry->countDownVotes()); $this->bus->dispatch(new ActivityMessage(json_encode($this->undoDislikeCreateEntry))); $this->entityManager->refresh($entry); self::assertSame(0, $entry->countDownVotes()); $postedObjects = $this->testingApHttpClient->getPostedObjects(); self::assertNotEmpty($postedObjects); $postedUndoLikeAnnounces = array_filter($postedObjects, fn ($arr) => 'Announce' === $arr['payload']['type'] && 'Undo' === $arr['payload']['object']['type'] && 'Dislike' === $arr['payload']['object']['object']['type']); $postedUndoLikeAnnounce = $postedUndoLikeAnnounces[array_key_first($postedUndoLikeAnnounces)]; // the id of the 'Undo' activity should be wrapped in an 'Announce' activity self::assertEquals($this->undoDislikeCreateEntry['id'], $postedUndoLikeAnnounce['payload']['object']['id']); // the 'Undo' activity has the 'Dislike' activity as the object self::assertEquals($this->undoDislikeCreateEntry['object'], $postedUndoLikeAnnounce['payload']['object']['object']); // the 'Dislike' activity has the url as the object self::assertEquals($this->undoDislikeCreateEntry['object']['object'], $postedUndoLikeAnnounce['payload']['object']['object']['object']); self::assertEquals($this->remoteSubscriber->apInboxUrl, $postedUndoLikeAnnounce['inboxUrl']); } public function testDislikeEntryCommentInLocalMagazine(): void { $this->bus->dispatch(new ActivityMessage(json_encode($this->createEntry))); $this->bus->dispatch(new ActivityMessage(json_encode($this->createEntryComment))); $entryComment = $this->entryCommentRepository->findOneBy(['apId' => $this->createEntryComment['object']['id']]); self::assertNotNull($entryComment); self::assertSame(0, $entryComment->countDownVotes()); $this->bus->dispatch(new ActivityMessage(json_encode($this->dislikeCreateEntryComment))); $this->entityManager->refresh($entryComment); self::assertSame(1, $entryComment->countDownVotes()); $postedObjects = $this->testingApHttpClient->getPostedObjects(); self::assertNotEmpty($postedObjects); $postedLikeAnnounces = array_filter($postedObjects, fn ($arr) => 'Announce' === $arr['payload']['type'] && 'Dislike' === $arr['payload']['object']['type']); $postedLikeAnnounce = $postedLikeAnnounces[array_key_first($postedLikeAnnounces)]; // the id of the 'Dislike' activity should be wrapped in an 'Announce' activity self::assertEquals($this->dislikeCreateEntryComment['id'], $postedLikeAnnounce['payload']['object']['id']); // the 'Dislike' activity has the url as the object self::assertEquals($this->dislikeCreateEntryComment['object'], $postedLikeAnnounce['payload']['object']['object']); self::assertEquals($this->remoteSubscriber->apInboxUrl, $postedLikeAnnounce['inboxUrl']); } #[Depends('testDislikeEntryCommentInLocalMagazine')] public function testUndoLikeEntryCommentInLocalMagazine(): void { $this->testDislikeEntryCommentInLocalMagazine(); $entryComment = $this->entryCommentRepository->findOneBy(['apId' => $this->createEntryComment['object']['id']]); self::assertNotNull($entryComment); self::assertSame(1, $entryComment->countDownVotes()); $this->bus->dispatch(new ActivityMessage(json_encode($this->undoDislikeCreateEntryComment))); $this->entityManager->refresh($entryComment); self::assertSame(0, $entryComment->countDownVotes()); $postedObjects = $this->testingApHttpClient->getPostedObjects(); $postedUndoLikeAnnounces = array_filter($postedObjects, fn ($arr) => 'Announce' === $arr['payload']['type'] && 'Undo' === $arr['payload']['object']['type'] && 'Dislike' === $arr['payload']['object']['object']['type']); $postedUndoLikeAnnounce = $postedUndoLikeAnnounces[array_key_first($postedUndoLikeAnnounces)]; // the id of the 'Undo' activity should be wrapped in an 'Announce' activity self::assertEquals($this->undoDislikeCreateEntryComment['id'], $postedUndoLikeAnnounce['payload']['object']['id']); // the 'Undo' activity has the 'Dislike' activity as the object self::assertEquals($this->undoDislikeCreateEntryComment['object'], $postedUndoLikeAnnounce['payload']['object']['object']); // the 'Dislike' activity has the url as the object self::assertEquals($this->undoDislikeCreateEntryComment['object']['object'], $postedUndoLikeAnnounce['payload']['object']['object']['object']); self::assertEquals($this->remoteSubscriber->apInboxUrl, $postedUndoLikeAnnounce['inboxUrl']); } public function testDislikePostInLocalMagazine(): void { $this->bus->dispatch(new ActivityMessage(json_encode($this->createPost))); $post = $this->postRepository->findOneBy(['apId' => $this->createPost['object']['id']]); self::assertNotNull($post); self::assertSame(0, $post->countDownVotes()); $this->bus->dispatch(new ActivityMessage(json_encode($this->dislikeCreatePost))); $this->entityManager->refresh($post); self::assertSame(1, $post->countDownVotes()); $postedObjects = $this->testingApHttpClient->getPostedObjects(); self::assertNotEmpty($postedObjects); $postedUpdateAnnounces = array_filter($postedObjects, fn ($arr) => 'Announce' === $arr['payload']['type'] && 'Dislike' === $arr['payload']['object']['type']); $postedUpdateAnnounce = $postedUpdateAnnounces[array_key_first($postedUpdateAnnounces)]; // the id of the 'Dislike' activity should be wrapped in an 'Announce' activity self::assertEquals($this->dislikeCreatePost['id'], $postedUpdateAnnounce['payload']['object']['id']); // the 'Dislike' activity has the url as the object self::assertEquals($this->dislikeCreatePost['object'], $postedUpdateAnnounce['payload']['object']['object']); self::assertEquals($this->remoteSubscriber->apInboxUrl, $postedUpdateAnnounce['inboxUrl']); } #[Depends('testDislikePostInLocalMagazine')] public function testUndoLikePostInLocalMagazine(): void { $this->testDislikePostInLocalMagazine(); $post = $this->postRepository->findOneBy(['apId' => $this->createPost['object']['id']]); self::assertNotNull($post); self::assertSame(1, $post->countDownVotes()); $this->bus->dispatch(new ActivityMessage(json_encode($this->undoDislikeCreatePost))); $this->entityManager->refresh($post); self::assertSame(0, $post->countDownVotes()); $postedObjects = $this->testingApHttpClient->getPostedObjects(); $postedUndoLikeAnnounces = array_filter($postedObjects, fn ($arr) => 'Announce' === $arr['payload']['type'] && 'Undo' === $arr['payload']['object']['type'] && 'Dislike' === $arr['payload']['object']['object']['type']); $postedUndoLikeAnnounce = $postedUndoLikeAnnounces[array_key_first($postedUndoLikeAnnounces)]; // the id of the 'Undo' activity should be wrapped in an 'Announce' activity self::assertEquals($this->undoDislikeCreatePost['id'], $postedUndoLikeAnnounce['payload']['object']['id']); // the 'Undo' activity has the 'Dislike' activity as the object self::assertEquals($this->undoDislikeCreatePost['object'], $postedUndoLikeAnnounce['payload']['object']['object']); // the 'Dislike' activity has the url as the object self::assertEquals($this->undoDislikeCreatePost['object']['object'], $postedUndoLikeAnnounce['payload']['object']['object']['object']); self::assertEquals($this->remoteSubscriber->apInboxUrl, $postedUndoLikeAnnounce['inboxUrl']); } public function testDislikePostCommentInLocalMagazine(): void { $this->bus->dispatch(new ActivityMessage(json_encode($this->createPost))); $this->bus->dispatch(new ActivityMessage(json_encode($this->createPostComment))); $postComment = $this->postCommentRepository->findOneBy(['apId' => $this->createPostComment['object']['id']]); self::assertNotNull($postComment); self::assertSame(0, $postComment->countDownVotes()); $this->bus->dispatch(new ActivityMessage(json_encode($this->dislikeCreatePostComment))); $this->entityManager->refresh($postComment); self::assertSame(1, $postComment->countDownVotes()); $postedObjects = $this->testingApHttpClient->getPostedObjects(); self::assertNotEmpty($postedObjects); $postedLikeAnnounces = array_filter($postedObjects, fn ($arr) => 'Announce' === $arr['payload']['type'] && 'Dislike' === $arr['payload']['object']['type']); $postedLikeAnnounce = $postedLikeAnnounces[array_key_first($postedLikeAnnounces)]; // the id of the 'Dislike' activity should be wrapped in an 'Announce' activity self::assertEquals($this->dislikeCreatePostComment['id'], $postedLikeAnnounce['payload']['object']['id']); // the 'Dislike' activity has the url as the object self::assertEquals($this->dislikeCreatePostComment['object'], $postedLikeAnnounce['payload']['object']['object']); self::assertEquals($this->remoteSubscriber->apInboxUrl, $postedLikeAnnounce['inboxUrl']); } #[Depends('testDislikePostCommentInLocalMagazine')] public function testUndoLikePostCommentInLocalMagazine(): void { $this->testDislikePostCommentInLocalMagazine(); $postComment = $this->postCommentRepository->findOneBy(['apId' => $this->createPostComment['object']['id']]); self::assertNotNull($postComment); self::assertSame(1, $postComment->countDownVotes()); $this->bus->dispatch(new ActivityMessage(json_encode($this->undoDislikeCreatePostComment))); $this->entityManager->refresh($postComment); self::assertSame(0, $postComment->countDownVotes()); $postedObjects = $this->testingApHttpClient->getPostedObjects(); $postedUndoLikeAnnounces = array_filter($postedObjects, fn ($arr) => 'Announce' === $arr['payload']['type'] && 'Undo' === $arr['payload']['object']['type'] && 'Dislike' === $arr['payload']['object']['object']['type']); $postedUndoLikeAnnounce = $postedUndoLikeAnnounces[array_key_first($postedUndoLikeAnnounces)]; // the id of the 'Undo' activity should be wrapped in an 'Announce' activity self::assertEquals($this->undoDislikeCreatePostComment['id'], $postedUndoLikeAnnounce['payload']['object']['id']); // the 'Undo' activity has the 'Dislike' activity as the object self::assertEquals($this->undoDislikeCreatePostComment['object'], $postedUndoLikeAnnounce['payload']['object']['object']); // the 'Dislike' activity has the url as the object self::assertEquals($this->undoDislikeCreatePostComment['object']['object'], $postedUndoLikeAnnounce['payload']['object']['object']['object']); self::assertEquals($this->remoteSubscriber->apInboxUrl, $postedUndoLikeAnnounce['inboxUrl']); } public function setUpRemoteEntities(): void { $this->announceEntry = $this->createRemoteEntryInRemoteMagazine($this->remoteMagazine, $this->remoteUser, fn (Entry $entry) => $this->buildDislikeRemoteEntryInRemoteMagazine($entry)); $this->announceEntryComment = $this->createRemoteEntryCommentInRemoteMagazine($this->remoteMagazine, $this->remoteUser, fn (EntryComment $comment) => $this->buildDislikeRemoteEntryCommentInRemoteMagazine($comment)); $this->announcePost = $this->createRemotePostInRemoteMagazine($this->remoteMagazine, $this->remoteUser, fn (Post $post) => $this->buildDislikeRemotePostInRemoteMagazine($post)); $this->announcePostComment = $this->createRemotePostCommentInRemoteMagazine($this->remoteMagazine, $this->remoteUser, fn (PostComment $comment) => $this->buildDislikeRemotePostCommentInRemoteMagazine($comment)); $this->createEntry = $this->createRemoteEntryInLocalMagazine($this->localMagazine, $this->remoteUser, fn (Entry $entry) => $this->buildDislikeRemoteEntryInLocalMagazine($entry)); $this->createEntryComment = $this->createRemoteEntryCommentInLocalMagazine($this->localMagazine, $this->remoteUser, fn (EntryComment $comment) => $this->buildDislikeRemoteEntryCommentInLocalMagazine($comment)); $this->createPost = $this->createRemotePostInLocalMagazine($this->localMagazine, $this->remoteUser, fn (Post $post) => $this->buildDislikeRemotePostInLocalMagazine($post)); $this->createPostComment = $this->createRemotePostCommentInLocalMagazine($this->localMagazine, $this->remoteUser, fn (PostComment $comment) => $this->buildDislikeRemotePostCommentInLocalMagazine($comment)); } public function buildDislikeRemoteEntryInRemoteMagazine(Entry $entry): void { $likeActivity = $this->likeWrapper->build($this->remoteUser, $entry); $this->dislikeAnnounceEntry = $this->activityJsonBuilder->buildActivityJson($likeActivity); $undoActivity = $this->undoWrapper->build($likeActivity); $this->undoDislikeAnnounceEntry = $this->activityJsonBuilder->buildActivityJson($undoActivity); // since we do not have outgoing federation of dislikes we cheat that here so we can test our inbox federation $this->dislikeAnnounceEntry['type'] = 'Dislike'; $this->undoDislikeAnnounceEntry['object']['type'] = 'Dislike'; $this->testingApHttpClient->activityObjects[$this->dislikeAnnounceEntry['id']] = $this->dislikeAnnounceEntry; $this->entitiesToRemoveAfterSetup[] = $likeActivity; } public function buildDislikeRemoteEntryCommentInRemoteMagazine(EntryComment $comment): void { $likeActivity = $this->likeWrapper->build($this->remoteUser, $comment); $this->dislikeAnnounceEntryComment = $this->activityJsonBuilder->buildActivityJson($likeActivity); $undoActivity = $this->undoWrapper->build($likeActivity); $this->undoDislikeAnnounceEntryComment = $this->activityJsonBuilder->buildActivityJson($undoActivity); // since we do not have outgoing federation of dislikes we cheat that here so we can test our inbox federation $this->dislikeAnnounceEntryComment['type'] = 'Dislike'; $this->undoDislikeAnnounceEntryComment['object']['type'] = 'Dislike'; $this->testingApHttpClient->activityObjects[$this->dislikeAnnounceEntryComment['id']] = $this->dislikeAnnounceEntryComment; $this->entitiesToRemoveAfterSetup[] = $undoActivity; $this->entitiesToRemoveAfterSetup[] = $likeActivity; } public function buildDislikeRemotePostInRemoteMagazine(Post $post): void { $likeActivity = $this->likeWrapper->build($this->remoteUser, $post); $this->dislikeAnnouncePost = $this->activityJsonBuilder->buildActivityJson($likeActivity); $undoActivity = $this->undoWrapper->build($likeActivity); $this->undoDislikeAnnouncePost = $this->activityJsonBuilder->buildActivityJson($undoActivity); // since we do not have outgoing federation of dislikes we cheat that here so we can test our inbox federation $this->dislikeAnnouncePost['type'] = 'Dislike'; $this->undoDislikeAnnouncePost['object']['type'] = 'Dislike'; $this->testingApHttpClient->activityObjects[$this->dislikeAnnouncePost['id']] = $this->dislikeAnnouncePost; $this->entitiesToRemoveAfterSetup[] = $undoActivity; $this->entitiesToRemoveAfterSetup[] = $likeActivity; } public function buildDislikeRemotePostCommentInRemoteMagazine(PostComment $postComment): void { $likeActivity = $this->likeWrapper->build($this->remoteUser, $postComment); $this->dislikeAnnouncePostComment = $this->activityJsonBuilder->buildActivityJson($likeActivity); $undoActivity = $this->undoWrapper->build($likeActivity); $this->undoDislikeAnnouncePostComment = $this->activityJsonBuilder->buildActivityJson($undoActivity); // since we do not have outgoing federation of dislikes we cheat that here so we can test our inbox federation $this->dislikeAnnouncePostComment['type'] = 'Dislike'; $this->undoDislikeAnnouncePostComment['object']['type'] = 'Dislike'; $this->testingApHttpClient->activityObjects[$this->dislikeAnnouncePostComment['id']] = $this->dislikeAnnouncePostComment; $this->entitiesToRemoveAfterSetup[] = $undoActivity; $this->entitiesToRemoveAfterSetup[] = $likeActivity; } public function buildDislikeRemoteEntryInLocalMagazine(Entry $entry): void { $likeActivity = $this->likeWrapper->build($this->remoteUser, $entry); $this->dislikeCreateEntry = $this->RewriteTargetFieldsToLocal($entry->magazine, $this->activityJsonBuilder->buildActivityJson($likeActivity)); $undoActivity = $this->undoWrapper->build($likeActivity); $this->undoDislikeCreateEntry = $this->RewriteTargetFieldsToLocal($entry->magazine, $this->activityJsonBuilder->buildActivityJson($undoActivity)); // since we do not have outgoing federation of dislikes we cheat that here so we can test our inbox federation $this->dislikeCreateEntry['type'] = 'Dislike'; $this->undoDislikeCreateEntry['object']['type'] = 'Dislike'; $this->testingApHttpClient->activityObjects[$this->dislikeCreateEntry['id']] = $this->dislikeCreateEntry; $this->entitiesToRemoveAfterSetup[] = $undoActivity; $this->entitiesToRemoveAfterSetup[] = $likeActivity; } public function buildDislikeRemoteEntryCommentInLocalMagazine(EntryComment $comment): void { $likeActivity = $this->likeWrapper->build($this->remoteUser, $comment); $this->dislikeCreateEntryComment = $this->RewriteTargetFieldsToLocal($comment->magazine, $this->activityJsonBuilder->buildActivityJson($likeActivity)); $undoActivity = $this->undoWrapper->build($likeActivity); $this->undoDislikeCreateEntryComment = $this->RewriteTargetFieldsToLocal($comment->magazine, $this->activityJsonBuilder->buildActivityJson($undoActivity)); // since we do not have outgoing federation of dislikes we cheat that here so we can test our inbox federation $this->dislikeCreateEntryComment['type'] = 'Dislike'; $this->undoDislikeCreateEntryComment['object']['type'] = 'Dislike'; $this->testingApHttpClient->activityObjects[$this->dislikeCreateEntryComment['id']] = $this->dislikeCreateEntryComment; $this->entitiesToRemoveAfterSetup[] = $undoActivity; $this->entitiesToRemoveAfterSetup[] = $likeActivity; } public function buildDislikeRemotePostInLocalMagazine(Post $post): void { $likeActivity = $this->likeWrapper->build($this->remoteUser, $post); $this->dislikeCreatePost = $this->RewriteTargetFieldsToLocal($post->magazine, $this->activityJsonBuilder->buildActivityJson($likeActivity)); $undoActivity = $this->undoWrapper->build($likeActivity); $this->undoDislikeCreatePost = $this->RewriteTargetFieldsToLocal($post->magazine, $this->activityJsonBuilder->buildActivityJson($undoActivity)); // since we do not have outgoing federation of dislikes we cheat that here so we can test our inbox federation $this->dislikeCreatePost['type'] = 'Dislike'; $this->undoDislikeCreatePost['object']['type'] = 'Dislike'; $this->testingApHttpClient->activityObjects[$this->dislikeCreatePost['id']] = $this->dislikeCreatePost; $this->entitiesToRemoveAfterSetup[] = $undoActivity; $this->entitiesToRemoveAfterSetup[] = $likeActivity; } public function buildDislikeRemotePostCommentInLocalMagazine(PostComment $postComment): void { $likeActivity = $this->likeWrapper->build($this->remoteUser, $postComment); $this->dislikeCreatePostComment = $this->RewriteTargetFieldsToLocal($postComment->magazine, $this->activityJsonBuilder->buildActivityJson($likeActivity)); $undoActivity = $this->undoWrapper->build($likeActivity); $this->undoDislikeCreatePostComment = $this->RewriteTargetFieldsToLocal($postComment->magazine, $this->activityJsonBuilder->buildActivityJson($undoActivity)); // since we do not have outgoing federation of dislikes we cheat that here so we can test our inbox federation $this->dislikeCreatePostComment['type'] = 'Dislike'; $this->undoDislikeCreatePostComment['object']['type'] = 'Dislike'; $this->testingApHttpClient->activityObjects[$this->dislikeCreatePostComment['id']] = $this->dislikeCreatePostComment; $this->entitiesToRemoveAfterSetup[] = $undoActivity; $this->entitiesToRemoveAfterSetup[] = $likeActivity; } } ================================================ FILE: tests/Functional/ActivityPub/Inbox/FlagHandlerTest.php ================================================ bus->dispatch(new ActivityMessage(json_encode($this->announceEntry))); $subject = $this->entryRepository->findOneBy(['apId' => $this->announceEntry['object']['object']['id']]); self::assertNotNull($subject); $this->bus->dispatch(new ActivityMessage(json_encode($this->flagAnnounceEntry))); $report = $this->reportRepository->findBySubject($subject); self::assertNotNull($report); self::assertSame($this->remoteSubscriber->username, $report->reporting->username); self::assertSame(self::REASON, $report->reason); } public function testFlagRemoteEntryCommentInRemoteMagazine(): void { $this->bus->dispatch(new ActivityMessage(json_encode($this->announceEntry))); $this->bus->dispatch(new ActivityMessage(json_encode($this->announceEntryComment))); $subject = $this->entryCommentRepository->findOneBy(['apId' => $this->announceEntryComment['object']['object']['id']]); self::assertNotNull($subject); $this->bus->dispatch(new ActivityMessage(json_encode($this->flagAnnounceEntryComment))); $report = $this->reportRepository->findBySubject($subject); self::assertNotNull($report); self::assertSame($this->remoteSubscriber->username, $report->reporting->username); self::assertSame(self::REASON, $report->reason); } public function testFlagRemotePostInRemoteMagazine(): void { $this->bus->dispatch(new ActivityMessage(json_encode($this->announcePost))); $subject = $this->postRepository->findOneBy(['apId' => $this->announcePost['object']['object']['id']]); self::assertNotNull($subject); $this->bus->dispatch(new ActivityMessage(json_encode($this->flagAnnouncePost))); $report = $this->reportRepository->findBySubject($subject); self::assertNotNull($report); self::assertSame($this->remoteSubscriber->username, $report->reporting->username); self::assertSame(self::REASON, $report->reason); } public function testFlagRemotePostCommentInRemoteMagazine(): void { $this->bus->dispatch(new ActivityMessage(json_encode($this->announcePost))); $this->bus->dispatch(new ActivityMessage(json_encode($this->announcePostComment))); $subject = $this->postCommentRepository->findOneBy(['apId' => $this->announcePostComment['object']['object']['id']]); self::assertNotNull($subject); $this->bus->dispatch(new ActivityMessage(json_encode($this->flagAnnouncePostComment))); $report = $this->reportRepository->findBySubject($subject); self::assertNotNull($report); self::assertSame($this->remoteSubscriber->username, $report->reporting->username); self::assertSame(self::REASON, $report->reason); } public function testFlagRemoteEntryInLocalMagazine(): void { $this->bus->dispatch(new ActivityMessage(json_encode($this->createEntry))); $subject = $this->entryRepository->findOneBy(['apId' => $this->createEntry['object']['id']]); self::assertNotNull($subject); $this->bus->dispatch(new ActivityMessage(json_encode($this->flagCreateEntry))); $report = $this->reportRepository->findBySubject($subject); self::assertNotNull($report); self::assertSame($this->remoteSubscriber->username, $report->reporting->username); self::assertSame(self::REASON, $report->reason); } public function testFlagRemoteEntryCommentInLocalMagazine(): void { $this->bus->dispatch(new ActivityMessage(json_encode($this->createEntry))); $this->bus->dispatch(new ActivityMessage(json_encode($this->createEntryComment))); $subject = $this->entryCommentRepository->findOneBy(['apId' => $this->createEntryComment['object']['id']]); self::assertNotNull($subject); $this->bus->dispatch(new ActivityMessage(json_encode($this->flagCreateEntryComment))); $report = $this->reportRepository->findBySubject($subject); self::assertNotNull($report); self::assertSame($this->remoteSubscriber->username, $report->reporting->username); self::assertSame(self::REASON, $report->reason); } public function testFlagRemotePostInLocalMagazine(): void { $this->bus->dispatch(new ActivityMessage(json_encode($this->createPost))); $subject = $this->postRepository->findOneBy(['apId' => $this->createPost['object']['id']]); self::assertNotNull($subject); $this->bus->dispatch(new ActivityMessage(json_encode($this->flagCreatePost))); $report = $this->reportRepository->findBySubject($subject); self::assertNotNull($report); self::assertSame($this->remoteSubscriber->username, $report->reporting->username); self::assertSame(self::REASON, $report->reason); } public function testFlagRemotePostCommentInLocalMagazine(): void { $this->bus->dispatch(new ActivityMessage(json_encode($this->createPost))); $this->bus->dispatch(new ActivityMessage(json_encode($this->createPostComment))); $subject = $this->postCommentRepository->findOneBy(['apId' => $this->createPostComment['object']['id']]); self::assertNotNull($subject); $this->bus->dispatch(new ActivityMessage(json_encode($this->flagCreatePostComment))); $report = $this->reportRepository->findBySubject($subject); self::assertNotNull($report); self::assertSame($this->remoteSubscriber->username, $report->reporting->username); self::assertSame(self::REASON, $report->reason); } public function setUpRemoteEntities(): void { $this->announceEntry = $this->createRemoteEntryInRemoteMagazine($this->remoteMagazine, $this->remoteUser, fn (Entry $entry) => $this->buildFlagRemoteEntryInRemoteMagazine($entry)); $this->announceEntryComment = $this->createRemoteEntryCommentInRemoteMagazine($this->remoteMagazine, $this->remoteUser, fn (EntryComment $comment) => $this->buildFlagRemoteEntryCommentInRemoteMagazine($comment)); $this->announcePost = $this->createRemotePostInRemoteMagazine($this->remoteMagazine, $this->remoteUser, fn (Post $post) => $this->buildFlagRemotePostInRemoteMagazine($post)); $this->announcePostComment = $this->createRemotePostCommentInRemoteMagazine($this->remoteMagazine, $this->remoteUser, fn (PostComment $comment) => $this->buildFlagRemotePostCommentInRemoteMagazine($comment)); $this->createEntry = $this->createRemoteEntryInLocalMagazine($this->localMagazine, $this->remoteUser, fn (Entry $entry) => $this->buildFlagRemoteEntryInLocalMagazine($entry)); $this->createEntryComment = $this->createRemoteEntryCommentInLocalMagazine($this->localMagazine, $this->remoteUser, fn (EntryComment $comment) => $this->buildFlagRemoteEntryCommentInLocalMagazine($comment)); $this->createPost = $this->createRemotePostInLocalMagazine($this->localMagazine, $this->remoteUser, fn (Post $post) => $this->buildFlagRemotePostInLocalMagazine($post)); $this->createPostComment = $this->createRemotePostCommentInLocalMagazine($this->localMagazine, $this->remoteUser, fn (PostComment $comment) => $this->buildFlagRemotePostCommentInLocalMagazine($comment)); } private function buildFlagRemoteEntryInRemoteMagazine(Entry $entry): void { $this->flagAnnounceEntry = $this->createFlagActivity($this->remoteSubscriber, $entry); } private function buildFlagRemoteEntryCommentInRemoteMagazine(EntryComment $comment): void { $this->flagAnnounceEntryComment = $this->createFlagActivity($this->remoteSubscriber, $comment); } private function buildFlagRemotePostInRemoteMagazine(Post $post): void { $this->flagAnnouncePost = $this->createFlagActivity($this->remoteSubscriber, $post); } private function buildFlagRemotePostCommentInRemoteMagazine(PostComment $comment): void { $this->flagAnnouncePostComment = $this->createFlagActivity($this->remoteSubscriber, $comment); } private function buildFlagRemoteEntryInLocalMagazine(Entry $entry): void { $this->flagCreateEntry = $this->createFlagActivity($this->remoteSubscriber, $entry); } private function buildFlagRemoteEntryCommentInLocalMagazine(EntryComment $comment): void { $this->flagCreateEntryComment = $this->createFlagActivity($this->remoteSubscriber, $comment); } private function buildFlagRemotePostInLocalMagazine(Post $post): void { $this->flagCreatePost = $this->createFlagActivity($this->remoteSubscriber, $post); } private function buildFlagRemotePostCommentInLocalMagazine(PostComment $comment): void { $this->flagCreatePostComment = $this->createFlagActivity($this->remoteSubscriber, $comment); } private function createFlagActivity(Magazine|User $user, ReportInterface $subject): array { $dto = new ReportDto(); $dto->subject = $subject; $dto->reason = self::REASON; $report = $this->reportManager->report($dto, $user); $flagActivity = $this->flagFactory->build($report); $flagActivityJson = $this->activityJsonBuilder->buildActivityJson($flagActivity); $flagActivityJson['actor'] = str_replace($this->remoteDomain, $this->remoteSubDomain, $flagActivityJson['actor']); $this->testingApHttpClient->activityObjects[$flagActivityJson['id']] = $flagActivityJson; $this->entitiesToRemoveAfterSetup[] = $flagActivity; return $flagActivityJson; } } ================================================ FILE: tests/Functional/ActivityPub/Inbox/FollowHandlerTest.php ================================================ remoteDomain; $username = 'followUser'; $followUser = $this->getUserByUsername('followUser'); $json = $this->personFactory->create($followUser); $this->testingApHttpClient->actorObjects[$json['id']] = $json; $this->followUserApId = $this->personFactory->getActivityPubId($followUser); $userEvent = new WebfingerResponseEvent(new JsonRd(), "acct:$username@$domain", ['account' => $username]); $this->eventDispatcher->dispatch($userEvent); $realDomain = \sprintf(WebFingerFactory::WEBFINGER_URL, 'https', $domain, '', "$username@$domain"); $this->testingApHttpClient->webfingerObjects[$realDomain] = $userEvent->jsonRd->toArray(); $followActivity = $this->followWrapper->build($followUser, $this->localMagazine); $this->userFollowMagazine = $this->activityJsonBuilder->buildActivityJson($followActivity); $apId = "https://$this->prev/m/{$this->localMagazine->name}"; $this->userFollowMagazine['object'] = $apId; $this->userFollowMagazine['to'] = [$apId]; $this->testingApHttpClient->activityObjects[$this->userFollowMagazine['id']] = $this->userFollowMagazine; $undoFollowActivity = $this->undoWrapper->build($followActivity); $this->undoUserFollowMagazine = $this->activityJsonBuilder->buildActivityJson($undoFollowActivity); $this->undoUserFollowMagazine['to'] = [$apId]; $this->undoUserFollowMagazine['object']['to'] = $apId; $this->undoUserFollowMagazine['object']['object'] = $apId; $this->testingApHttpClient->activityObjects[$this->undoUserFollowMagazine['id']] = $this->undoUserFollowMagazine; $followActivity2 = $this->followWrapper->build($followUser, $this->localUser); $this->userFollowUser = $this->activityJsonBuilder->buildActivityJson($followActivity2); $apId = "https://$this->prev/u/{$this->localUser->username}"; $this->userFollowUser['object'] = $apId; $this->userFollowUser['to'] = [$apId]; $this->testingApHttpClient->activityObjects[$this->userFollowUser['id']] = $this->userFollowUser; $undoFollowActivity2 = $this->undoWrapper->build($followActivity2); $this->undoUserFollowUser = $this->activityJsonBuilder->buildActivityJson($undoFollowActivity2); $this->undoUserFollowUser['to'] = [$apId]; $this->undoUserFollowUser['object']['to'] = $apId; $this->undoUserFollowUser['object']['object'] = $apId; $this->testingApHttpClient->activityObjects[$this->undoUserFollowUser['id']] = $this->undoUserFollowUser; $this->entitiesToRemoveAfterSetup[] = $undoFollowActivity2; $this->entitiesToRemoveAfterSetup[] = $followActivity2; $this->entitiesToRemoveAfterSetup[] = $undoFollowActivity; $this->entitiesToRemoveAfterSetup[] = $followActivity; $this->entitiesToRemoveAfterSetup[] = $followUser; } public function testUserFollowUser(): void { $this->bus->dispatch(new ActivityMessage(json_encode($this->userFollowUser))); $this->entityManager->refresh($this->localUser); $followUser = $this->userRepository->findOneBy(['apProfileId' => $this->followUserApId]); $this->entityManager->refresh($followUser); self::assertNotNull($followUser); self::assertTrue($followUser->isFollower($this->localUser)); self::assertTrue($followUser->isFollowing($this->localUser)); self::assertNotNull($this->userFollowRepository->findOneBy(['follower' => $followUser, 'following' => $this->localUser])); self::assertNull($this->userFollowRepository->findOneBy(['follower' => $this->localUser, 'following' => $followUser])); $postedObjects = $this->testingApHttpClient->getPostedObjects(); self::assertCount(1, $postedObjects); self::assertEquals('Accept', $postedObjects[0]['payload']['type']); self::assertEquals($followUser->apInboxUrl, $postedObjects[0]['inboxUrl']); self::assertEquals($this->userFollowUser['id'], $postedObjects[0]['payload']['object']['id']); } #[Depends('testUserFollowUser')] public function testUndoUserFollowUser(): void { $this->bus->dispatch(new ActivityMessage(json_encode($this->userFollowUser))); $followUser = $this->userRepository->findOneBy(['apProfileId' => $this->followUserApId]); $this->entityManager->refresh($followUser); $this->entityManager->refresh($this->localUser); $prevPostedObjects = $this->testingApHttpClient->getPostedObjects(); $this->bus->dispatch(new ActivityMessage(json_encode($this->undoUserFollowUser))); $this->entityManager->refresh($this->localUser); $this->entityManager->refresh($followUser); self::assertNotNull($followUser); self::assertFalse($followUser->isFollower($this->localUser)); self::assertFalse($followUser->isFollowing($this->localUser)); self::assertNull($this->userFollowRepository->findOneBy(['follower' => $followUser, 'following' => $this->localUser])); $postedObjects = $this->testingApHttpClient->getPostedObjects(); self::assertEquals(0, \sizeof($prevPostedObjects) - \sizeof($postedObjects)); } public function testUserFollowMagazine(): void { $this->bus->dispatch(new ActivityMessage(json_encode($this->userFollowMagazine))); $this->entityManager->refresh($this->localUser); $followUser = $this->userRepository->findOneBy(['apProfileId' => $this->followUserApId]); $this->entityManager->refresh($followUser); self::assertNotNull($followUser); $sub = $this->magazineSubscriptionRepository->findOneBy(['user' => $followUser, 'magazine' => $this->localMagazine]); self::assertNotNull($sub); $postedObjects = $this->testingApHttpClient->getPostedObjects(); self::assertCount(1, $postedObjects); self::assertEquals('Accept', $postedObjects[0]['payload']['type']); self::assertEquals($followUser->apInboxUrl, $postedObjects[0]['inboxUrl']); self::assertEquals($this->userFollowMagazine['id'], $postedObjects[0]['payload']['object']['id']); } #[Depends('testUserFollowMagazine')] public function testUndoUserFollowMagazine(): void { $this->bus->dispatch(new ActivityMessage(json_encode($this->userFollowMagazine))); $followUser = $this->userRepository->findOneBy(['apProfileId' => $this->followUserApId]); $this->entityManager->refresh($followUser); $this->entityManager->refresh($this->localUser); $prevPostedObjects = $this->testingApHttpClient->getPostedObjects(); $this->bus->dispatch(new ActivityMessage(json_encode($this->undoUserFollowMagazine))); $this->entityManager->refresh($this->localUser); $this->entityManager->refresh($followUser); self::assertNotNull($followUser); $sub = $this->magazineSubscriptionRepository->findOneBy(['magazine' => $this->localMagazine, 'user' => $followUser]); self::assertNull($sub); $postedObjects = $this->testingApHttpClient->getPostedObjects(); self::assertEquals(0, \sizeof($prevPostedObjects) - \sizeof($postedObjects)); } } ================================================ FILE: tests/Functional/ActivityPub/Inbox/LikeHandlerTest.php ================================================ bus->dispatch(new ActivityMessage(json_encode($this->announceEntry))); $entry = $this->entryRepository->findOneBy(['apId' => $this->announceEntry['object']['object']['id']]); self::assertSame(0, $entry->favouriteCount); $this->bus->dispatch(new ActivityMessage(json_encode($this->likeAnnounceEntry))); $this->entityManager->refresh($entry); self::assertNotNull($entry); self::assertSame(1, $entry->favouriteCount); } #[Depends('testLikeRemoteEntryInRemoteMagazine')] public function testUndoLikeRemoteEntryInRemoteMagazine(): void { $this->testLikeRemoteEntryInRemoteMagazine(); $entry = $this->entryRepository->findOneBy(['apId' => $this->announceEntry['object']['object']['id']]); self::assertSame(1, $entry->favouriteCount); $this->bus->dispatch(new ActivityMessage(json_encode($this->undoLikeAnnounceEntry))); $this->entityManager->refresh($entry); self::assertNotNull($entry); self::assertSame(0, $entry->favouriteCount); } public function testLikeRemoteEntryCommentInRemoteMagazine(): void { $this->bus->dispatch(new ActivityMessage(json_encode($this->announceEntry))); $this->bus->dispatch(new ActivityMessage(json_encode($this->announceEntryComment))); $comment = $this->entryCommentRepository->findOneBy(['apId' => $this->announceEntryComment['object']['object']['id']]); self::assertSame(0, $comment->favouriteCount); $this->bus->dispatch(new ActivityMessage(json_encode($this->likeAnnounceEntryComment))); $this->entityManager->refresh($comment); self::assertNotNull($comment); self::assertSame(1, $comment->favouriteCount); } #[Depends('testLikeRemoteEntryCommentInRemoteMagazine')] public function testUndoLikeRemoteEntryCommentInRemoteMagazine(): void { $this->testLikeRemoteEntryCommentInRemoteMagazine(); $comment = $this->entryCommentRepository->findOneBy(['apId' => $this->announceEntryComment['object']['object']['id']]); self::assertSame(1, $comment->favouriteCount); $this->bus->dispatch(new ActivityMessage(json_encode($this->undoLikeAnnounceEntryComment))); $this->entityManager->refresh($comment); self::assertNotNull($comment); self::assertSame(0, $comment->favouriteCount); } public function testLikeRemotePostInRemoteMagazine(): void { $this->bus->dispatch(new ActivityMessage(json_encode($this->announcePost))); $post = $this->postRepository->findOneBy(['apId' => $this->announcePost['object']['object']['id']]); self::assertSame(0, $post->favouriteCount); $this->bus->dispatch(new ActivityMessage(json_encode($this->likeAnnouncePost))); $this->entityManager->refresh($post); self::assertNotNull($post); self::assertSame(1, $post->favouriteCount); } #[Depends('testLikeRemotePostInRemoteMagazine')] public function testUndoLikeRemotePostInRemoteMagazine(): void { $this->testLikeRemotePostInRemoteMagazine(); $post = $this->postRepository->findOneBy(['apId' => $this->announcePost['object']['object']['id']]); self::assertSame(1, $post->favouriteCount); $this->bus->dispatch(new ActivityMessage(json_encode($this->undoLikeAnnouncePost))); $this->entityManager->refresh($post); self::assertNotNull($post); self::assertSame(0, $post->favouriteCount); } public function testLikeRemotePostCommentInRemoteMagazine(): void { $this->bus->dispatch(new ActivityMessage(json_encode($this->announcePost))); $this->bus->dispatch(new ActivityMessage(json_encode($this->announcePostComment))); $postComment = $this->postCommentRepository->findOneBy(['apId' => $this->announcePostComment['object']['object']['id']]); self::assertSame(0, $postComment->favouriteCount); $this->bus->dispatch(new ActivityMessage(json_encode($this->likeAnnouncePostComment))); $this->entityManager->refresh($postComment); self::assertNotNull($postComment); self::assertSame(1, $postComment->favouriteCount); } #[Depends('testLikeRemotePostCommentInRemoteMagazine')] public function testUndoLikeRemotePostCommentInRemoteMagazine(): void { $this->testLikeRemotePostCommentInRemoteMagazine(); $postComment = $this->postCommentRepository->findOneBy(['apId' => $this->announcePostComment['object']['object']['id']]); self::assertSame(1, $postComment->favouriteCount); $this->bus->dispatch(new ActivityMessage(json_encode($this->undoLikeAnnouncePostComment))); $this->entityManager->refresh($postComment); self::assertNotNull($postComment); self::assertSame(0, $postComment->favouriteCount); } public function testLikeEntryInLocalMagazine(): void { $this->bus->dispatch(new ActivityMessage(json_encode($this->createEntry))); $entry = $this->entryRepository->findOneBy(['apId' => $this->createEntry['object']['id']]); self::assertSame(0, $entry->favouriteCount); $this->bus->dispatch(new ActivityMessage(json_encode($this->likeCreateEntry))); $this->entityManager->refresh($entry); self::assertSame(1, $entry->favouriteCount); $postedObjects = $this->testingApHttpClient->getPostedObjects(); self::assertNotEmpty($postedObjects); $postedLikeAnnounces = array_filter($postedObjects, fn ($arr) => 'Announce' === $arr['payload']['type'] && 'Like' === $arr['payload']['object']['type']); $postedLikeAnnounce = $postedLikeAnnounces[array_key_first($postedLikeAnnounces)]; // the id of the 'Like' activity should be wrapped in an 'Announce' activity self::assertEquals($this->likeCreateEntry['id'], $postedLikeAnnounce['payload']['object']['id']); // the 'Like' activity has the url as the object self::assertEquals($this->likeCreateEntry['object'], $postedLikeAnnounce['payload']['object']['object']); self::assertEquals($this->remoteSubscriber->apInboxUrl, $postedLikeAnnounce['inboxUrl']); } #[Depends('testLikeEntryInLocalMagazine')] public function testUndoLikeEntryInLocalMagazine(): void { $this->testLikeEntryInLocalMagazine(); $entry = $this->entryRepository->findOneBy(['apId' => $this->createEntry['object']['id']]); self::assertSame(1, $entry->favouriteCount); $this->bus->dispatch(new ActivityMessage(json_encode($this->undoLikeCreateEntry))); $this->entityManager->refresh($entry); self::assertSame(0, $entry->favouriteCount); $postedObjects = $this->testingApHttpClient->getPostedObjects(); self::assertNotEmpty($postedObjects); $postedUndoLikeAnnounces = array_filter($postedObjects, fn ($arr) => 'Announce' === $arr['payload']['type'] && 'Undo' === $arr['payload']['object']['type'] && 'Like' === $arr['payload']['object']['object']['type']); $postedUndoLikeAnnounce = $postedUndoLikeAnnounces[array_key_first($postedUndoLikeAnnounces)]; // the id of the 'Undo' activity should be wrapped in an 'Announce' activity self::assertEquals($this->undoLikeCreateEntry['id'], $postedUndoLikeAnnounce['payload']['object']['id']); // the 'Undo' activity has the 'Like' activity as the object self::assertEquals($this->undoLikeCreateEntry['object'], $postedUndoLikeAnnounce['payload']['object']['object']); // the 'Like' activity has the url as the object self::assertEquals($this->undoLikeCreateEntry['object']['object'], $postedUndoLikeAnnounce['payload']['object']['object']['object']); self::assertEquals($this->remoteSubscriber->apInboxUrl, $postedUndoLikeAnnounce['inboxUrl']); } public function testLikeEntryCommentInLocalMagazine(): void { $this->bus->dispatch(new ActivityMessage(json_encode($this->createEntry))); $this->bus->dispatch(new ActivityMessage(json_encode($this->createEntryComment))); $entryComment = $this->entryCommentRepository->findOneBy(['apId' => $this->createEntryComment['object']['id']]); self::assertNotNull($entryComment); self::assertSame(0, $entryComment->favouriteCount); $this->bus->dispatch(new ActivityMessage(json_encode($this->likeCreateEntryComment))); $this->entityManager->refresh($entryComment); self::assertSame(1, $entryComment->favouriteCount); $postedObjects = $this->testingApHttpClient->getPostedObjects(); self::assertNotEmpty($postedObjects); $postedLikeAnnounces = array_filter($postedObjects, fn ($arr) => 'Announce' === $arr['payload']['type'] && 'Like' === $arr['payload']['object']['type']); $postedLikeAnnounce = $postedLikeAnnounces[array_key_first($postedLikeAnnounces)]; // the id of the 'Like' activity should be wrapped in an 'Announce' activity self::assertEquals($this->likeCreateEntryComment['id'], $postedLikeAnnounce['payload']['object']['id']); // the 'Like' activity has the url as the object self::assertEquals($this->likeCreateEntryComment['object'], $postedLikeAnnounce['payload']['object']['object']); self::assertEquals($this->remoteSubscriber->apInboxUrl, $postedLikeAnnounce['inboxUrl']); } #[Depends('testLikeEntryCommentInLocalMagazine')] public function testUndoLikeEntryCommentInLocalMagazine(): void { $this->testLikeEntryCommentInLocalMagazine(); $entryComment = $this->entryCommentRepository->findOneBy(['apId' => $this->createEntryComment['object']['id']]); self::assertNotNull($entryComment); self::assertSame(1, $entryComment->favouriteCount); $this->bus->dispatch(new ActivityMessage(json_encode($this->undoLikeCreateEntryComment))); $this->entityManager->refresh($entryComment); self::assertSame(0, $entryComment->favouriteCount); $postedObjects = $this->testingApHttpClient->getPostedObjects(); $postedUndoLikeAnnounces = array_filter($postedObjects, fn ($arr) => 'Announce' === $arr['payload']['type'] && 'Undo' === $arr['payload']['object']['type'] && 'Like' === $arr['payload']['object']['object']['type']); $postedUndoLikeAnnounce = $postedUndoLikeAnnounces[array_key_first($postedUndoLikeAnnounces)]; // the id of the 'Undo' activity should be wrapped in an 'Announce' activity self::assertEquals($this->undoLikeCreateEntryComment['id'], $postedUndoLikeAnnounce['payload']['object']['id']); // the 'Undo' activity has the 'Like' activity as the object self::assertEquals($this->undoLikeCreateEntryComment['object'], $postedUndoLikeAnnounce['payload']['object']['object']); // the 'Like' activity has the url as the object self::assertEquals($this->undoLikeCreateEntryComment['object']['object'], $postedUndoLikeAnnounce['payload']['object']['object']['object']); self::assertEquals($this->remoteSubscriber->apInboxUrl, $postedUndoLikeAnnounce['inboxUrl']); } public function testLikePostInLocalMagazine(): void { $this->bus->dispatch(new ActivityMessage(json_encode($this->createPost))); $post = $this->postRepository->findOneBy(['apId' => $this->createPost['object']['id']]); self::assertNotNull($post); self::assertSame(0, $post->favouriteCount); $this->bus->dispatch(new ActivityMessage(json_encode($this->likeCreatePost))); $this->entityManager->refresh($post); self::assertSame(1, $post->favouriteCount); $postedObjects = $this->testingApHttpClient->getPostedObjects(); self::assertNotEmpty($postedObjects); $postedUpdateAnnounces = array_filter($postedObjects, fn ($arr) => 'Announce' === $arr['payload']['type'] && 'Like' === $arr['payload']['object']['type']); $postedUpdateAnnounce = $postedUpdateAnnounces[array_key_first($postedUpdateAnnounces)]; // the id of the 'Like' activity should be wrapped in an 'Announce' activity self::assertEquals($this->likeCreatePost['id'], $postedUpdateAnnounce['payload']['object']['id']); // the 'Like' activity has the url as the object self::assertEquals($this->likeCreatePost['object'], $postedUpdateAnnounce['payload']['object']['object']); self::assertEquals($this->remoteSubscriber->apInboxUrl, $postedUpdateAnnounce['inboxUrl']); } #[Depends('testLikePostInLocalMagazine')] public function testUndoLikePostInLocalMagazine(): void { $this->testLikePostInLocalMagazine(); $post = $this->postRepository->findOneBy(['apId' => $this->createPost['object']['id']]); self::assertNotNull($post); self::assertSame(1, $post->favouriteCount); $this->bus->dispatch(new ActivityMessage(json_encode($this->undoLikeCreatePost))); $this->entityManager->refresh($post); self::assertSame(0, $post->favouriteCount); $postedObjects = $this->testingApHttpClient->getPostedObjects(); $postedUndoLikeAnnounces = array_filter($postedObjects, fn ($arr) => 'Announce' === $arr['payload']['type'] && 'Undo' === $arr['payload']['object']['type'] && 'Like' === $arr['payload']['object']['object']['type']); $postedUndoLikeAnnounce = $postedUndoLikeAnnounces[array_key_first($postedUndoLikeAnnounces)]; // the id of the 'Undo' activity should be wrapped in an 'Announce' activity self::assertEquals($this->undoLikeCreatePost['id'], $postedUndoLikeAnnounce['payload']['object']['id']); // the 'Undo' activity has the 'Like' activity as the object self::assertEquals($this->undoLikeCreatePost['object'], $postedUndoLikeAnnounce['payload']['object']['object']); // the 'Like' activity has the url as the object self::assertEquals($this->undoLikeCreatePost['object']['object'], $postedUndoLikeAnnounce['payload']['object']['object']['object']); self::assertEquals($this->remoteSubscriber->apInboxUrl, $postedUndoLikeAnnounce['inboxUrl']); } public function testLikePostCommentInLocalMagazine(): void { $this->bus->dispatch(new ActivityMessage(json_encode($this->createPost))); $this->bus->dispatch(new ActivityMessage(json_encode($this->createPostComment))); $postComment = $this->postCommentRepository->findOneBy(['apId' => $this->createPostComment['object']['id']]); self::assertNotNull($postComment); self::assertSame(0, $postComment->favouriteCount); $this->bus->dispatch(new ActivityMessage(json_encode($this->likeCreatePostComment))); $this->entityManager->refresh($postComment); self::assertSame(1, $postComment->favouriteCount); $postedObjects = $this->testingApHttpClient->getPostedObjects(); self::assertNotEmpty($postedObjects); $postedLikeAnnounces = array_filter($postedObjects, fn ($arr) => 'Announce' === $arr['payload']['type'] && 'Like' === $arr['payload']['object']['type']); $postedLikeAnnounce = $postedLikeAnnounces[array_key_first($postedLikeAnnounces)]; // the id of the 'Like' activity should be wrapped in an 'Announce' activity self::assertEquals($this->likeCreatePostComment['id'], $postedLikeAnnounce['payload']['object']['id']); // the 'Like' activity has the url as the object self::assertEquals($this->likeCreatePostComment['object'], $postedLikeAnnounce['payload']['object']['object']); self::assertEquals($this->remoteSubscriber->apInboxUrl, $postedLikeAnnounce['inboxUrl']); } #[Depends('testLikePostCommentInLocalMagazine')] public function testUndoLikePostCommentInLocalMagazine(): void { $this->testLikePostCommentInLocalMagazine(); $postComment = $this->postCommentRepository->findOneBy(['apId' => $this->createPostComment['object']['id']]); self::assertNotNull($postComment); self::assertSame(1, $postComment->favouriteCount); $this->bus->dispatch(new ActivityMessage(json_encode($this->undoLikeCreatePostComment))); $this->entityManager->refresh($postComment); self::assertSame(0, $postComment->favouriteCount); $postedObjects = $this->testingApHttpClient->getPostedObjects(); $postedUndoLikeAnnounces = array_filter($postedObjects, fn ($arr) => 'Announce' === $arr['payload']['type'] && 'Undo' === $arr['payload']['object']['type'] && 'Like' === $arr['payload']['object']['object']['type']); $postedUndoLikeAnnounce = $postedUndoLikeAnnounces[array_key_first($postedUndoLikeAnnounces)]; // the id of the 'Undo' activity should be wrapped in an 'Announce' activity self::assertEquals($this->undoLikeCreatePostComment['id'], $postedUndoLikeAnnounce['payload']['object']['id']); // the 'Undo' activity has the 'Like' activity as the object self::assertEquals($this->undoLikeCreatePostComment['object'], $postedUndoLikeAnnounce['payload']['object']['object']); // the 'Like' activity has the url as the object self::assertEquals($this->undoLikeCreatePostComment['object']['object'], $postedUndoLikeAnnounce['payload']['object']['object']['object']); self::assertEquals($this->remoteSubscriber->apInboxUrl, $postedUndoLikeAnnounce['inboxUrl']); } public function setUpRemoteEntities(): void { $this->announceEntry = $this->createRemoteEntryInRemoteMagazine($this->remoteMagazine, $this->remoteUser, fn (Entry $entry) => $this->buildLikeRemoteEntryInRemoteMagazine($entry)); $this->announceEntryComment = $this->createRemoteEntryCommentInRemoteMagazine($this->remoteMagazine, $this->remoteUser, fn (EntryComment $comment) => $this->buildLikeRemoteEntryCommentInRemoteMagazine($comment)); $this->announcePost = $this->createRemotePostInRemoteMagazine($this->remoteMagazine, $this->remoteUser, fn (Post $post) => $this->buildLikeRemotePostInRemoteMagazine($post)); $this->announcePostComment = $this->createRemotePostCommentInRemoteMagazine($this->remoteMagazine, $this->remoteUser, fn (PostComment $comment) => $this->buildLikeRemotePostCommentInRemoteMagazine($comment)); $this->createEntry = $this->createRemoteEntryInLocalMagazine($this->localMagazine, $this->remoteUser, fn (Entry $entry) => $this->buildLikeRemoteEntryInLocalMagazine($entry)); $this->createEntryComment = $this->createRemoteEntryCommentInLocalMagazine($this->localMagazine, $this->remoteUser, fn (EntryComment $comment) => $this->buildLikeRemoteEntryCommentInLocalMagazine($comment)); $this->createPost = $this->createRemotePostInLocalMagazine($this->localMagazine, $this->remoteUser, fn (Post $post) => $this->buildLikeRemotePostInLocalMagazine($post)); $this->createPostComment = $this->createRemotePostCommentInLocalMagazine($this->localMagazine, $this->remoteUser, fn (PostComment $comment) => $this->buildLikeRemotePostCommentInLocalMagazine($comment)); } public function buildLikeRemoteEntryInRemoteMagazine(Entry $entry): void { $likeActivity = $this->likeWrapper->build($this->remoteUser, $entry); $this->likeAnnounceEntry = $this->activityJsonBuilder->buildActivityJson($likeActivity); $undoLikeActivity = $this->undoWrapper->build($likeActivity, $this->remoteUser); $this->undoLikeAnnounceEntry = $this->activityJsonBuilder->buildActivityJson($undoLikeActivity); $this->testingApHttpClient->activityObjects[$this->likeAnnounceEntry['id']] = $this->likeAnnounceEntry; $this->testingApHttpClient->activityObjects[$this->undoLikeAnnounceEntry['id']] = $this->undoLikeAnnounceEntry; $this->entitiesToRemoveAfterSetup[] = $likeActivity; $this->entitiesToRemoveAfterSetup[] = $undoLikeActivity; } public function buildLikeRemoteEntryCommentInRemoteMagazine(EntryComment $comment): void { $likeActivity = $this->likeWrapper->build($this->remoteUser, $comment); $this->likeAnnounceEntryComment = $this->activityJsonBuilder->buildActivityJson($likeActivity); $undoActivity = $this->undoWrapper->build($likeActivity, $this->remoteUser); $this->undoLikeAnnounceEntryComment = $this->activityJsonBuilder->buildActivityJson($undoActivity); $this->testingApHttpClient->activityObjects[$this->likeAnnounceEntryComment['id']] = $this->likeAnnounceEntryComment; $this->testingApHttpClient->activityObjects[$this->undoLikeAnnounceEntryComment['id']] = $this->undoLikeAnnounceEntryComment; $this->entitiesToRemoveAfterSetup[] = $likeActivity; $this->entitiesToRemoveAfterSetup[] = $undoActivity; } public function buildLikeRemotePostInRemoteMagazine(Post $post): void { $likeActivity = $this->likeWrapper->build($this->remoteUser, $post); $this->likeAnnouncePost = $this->activityJsonBuilder->buildActivityJson($likeActivity); $undoActivity = $this->undoWrapper->build($likeActivity, $this->remoteUser); $this->undoLikeAnnouncePost = $this->activityJsonBuilder->buildActivityJson($undoActivity); $this->testingApHttpClient->activityObjects[$this->likeAnnouncePost['id']] = $this->likeAnnouncePost; $this->testingApHttpClient->activityObjects[$this->undoLikeAnnouncePost['id']] = $this->undoLikeAnnouncePost; $this->entitiesToRemoveAfterSetup[] = $likeActivity; $this->entitiesToRemoveAfterSetup[] = $undoActivity; } public function buildLikeRemotePostCommentInRemoteMagazine(PostComment $postComment): void { $likeActivity = $this->likeWrapper->build($this->remoteUser, $postComment); $this->likeAnnouncePostComment = $this->activityJsonBuilder->buildActivityJson($likeActivity); $undoActivity = $this->undoWrapper->build($likeActivity, $this->remoteUser); $this->undoLikeAnnouncePostComment = $this->activityJsonBuilder->buildActivityJson($undoActivity); $this->testingApHttpClient->activityObjects[$this->likeAnnouncePostComment['id']] = $this->likeAnnouncePostComment; $this->testingApHttpClient->activityObjects[$this->undoLikeAnnouncePostComment['id']] = $this->undoLikeAnnouncePostComment; $this->entitiesToRemoveAfterSetup[] = $likeActivity; $this->entitiesToRemoveAfterSetup[] = $undoActivity; } public function buildLikeRemoteEntryInLocalMagazine(Entry $entry): void { $likeActivity = $this->likeWrapper->build($this->remoteUser, $entry); $this->likeCreateEntry = $this->RewriteTargetFieldsToLocal($entry->magazine, $this->activityJsonBuilder->buildActivityJson($likeActivity)); $undoActivity = $this->undoWrapper->build($likeActivity, $this->remoteUser); $this->undoLikeCreateEntry = $this->RewriteTargetFieldsToLocal($entry->magazine, $this->activityJsonBuilder->buildActivityJson($undoActivity)); $this->testingApHttpClient->activityObjects[$this->likeCreateEntry['id']] = $this->likeCreateEntry; $this->testingApHttpClient->activityObjects[$this->undoLikeCreateEntry['id']] = $this->undoLikeCreateEntry; $this->entitiesToRemoveAfterSetup[] = $likeActivity; $this->entitiesToRemoveAfterSetup[] = $undoActivity; } public function buildLikeRemoteEntryCommentInLocalMagazine(EntryComment $comment): void { $likeActivity = $this->likeWrapper->build($this->remoteUser, $comment); $this->likeCreateEntryComment = $this->RewriteTargetFieldsToLocal($comment->magazine, $this->activityJsonBuilder->buildActivityJson($likeActivity)); $undoActivity = $this->undoWrapper->build($likeActivity, $this->remoteUser); $this->undoLikeCreateEntryComment = $this->RewriteTargetFieldsToLocal($comment->magazine, $this->activityJsonBuilder->buildActivityJson($undoActivity)); $this->testingApHttpClient->activityObjects[$this->likeCreateEntryComment['id']] = $this->likeCreateEntryComment; $this->testingApHttpClient->activityObjects[$this->undoLikeCreateEntryComment['id']] = $this->undoLikeCreateEntryComment; $this->entitiesToRemoveAfterSetup[] = $likeActivity; $this->entitiesToRemoveAfterSetup[] = $undoActivity; } public function buildLikeRemotePostInLocalMagazine(Post $post): void { $likeActivity = $this->likeWrapper->build($this->remoteUser, $post); $this->likeCreatePost = $this->RewriteTargetFieldsToLocal($post->magazine, $this->activityJsonBuilder->buildActivityJson($likeActivity)); $undoActivity = $this->undoWrapper->build($likeActivity, $this->remoteUser); $this->undoLikeCreatePost = $this->RewriteTargetFieldsToLocal($post->magazine, $this->activityJsonBuilder->buildActivityJson($undoActivity)); $this->testingApHttpClient->activityObjects[$this->likeCreatePost['id']] = $this->likeCreatePost; $this->testingApHttpClient->activityObjects[$this->undoLikeCreatePost['id']] = $this->undoLikeCreatePost; $this->entitiesToRemoveAfterSetup[] = $likeActivity; $this->entitiesToRemoveAfterSetup[] = $undoActivity; } public function buildLikeRemotePostCommentInLocalMagazine(PostComment $postComment): void { $likeActivity = $this->likeWrapper->build($this->remoteUser, $postComment); $this->likeCreatePostComment = $this->RewriteTargetFieldsToLocal($postComment->magazine, $this->activityJsonBuilder->buildActivityJson($likeActivity)); $undoActivity = $this->undoWrapper->build($likeActivity, $this->remoteUser); $this->undoLikeCreatePostComment = $this->RewriteTargetFieldsToLocal($postComment->magazine, $this->activityJsonBuilder->buildActivityJson($undoActivity)); $this->testingApHttpClient->activityObjects[$this->likeCreatePostComment['id']] = $this->likeCreatePostComment; $this->testingApHttpClient->activityObjects[$this->undoLikeCreatePostComment['id']] = $this->undoLikeCreatePostComment; $this->entitiesToRemoveAfterSetup[] = $likeActivity; $this->entitiesToRemoveAfterSetup[] = $undoActivity; } } ================================================ FILE: tests/Functional/ActivityPub/Inbox/LockHandlerTest.php ================================================ createLocalEntryAndCreateLockActivity($this->localMagazine, $this->localUser, $this->remoteUser); $activity = $obj['activity']; /** @var Entry $entry */ $entry = $obj['content']; $this->bus->dispatch(new ActivityMessage(json_encode($activity))); $this->entityManager->refresh($entry); self::assertTrue($entry->isLocked); $this->assertOneSentAnnouncedActivityOfType('Lock', $activity['id']); $this->bus->dispatch(new ActivityMessage(json_encode($obj['undo']))); $this->entityManager->refresh($entry); self::assertFalse($entry->isLocked); $this->assertOneSentAnnouncedActivityOfType('Undo', $obj['undo']['id']); } public function testLockLocalEntryInRemoteMagazineByRemoteModerator(): void { $obj = $this->createLocalEntryAndCreateLockActivity($this->remoteMagazine, $this->localUser, $this->remoteUser); $activity = $obj['activity']; /** @var Entry $entry */ $entry = $obj['content']; $this->bus->dispatch(new ActivityMessage(json_encode($activity))); $this->entityManager->refresh($entry); self::assertTrue($entry->isLocked); $this->assertCountOfSentActivitiesOfType(0, 'Lock'); $this->assertCountOfSentActivitiesOfType(0, 'Announce'); $this->bus->dispatch(new ActivityMessage(json_encode($obj['undo']))); $this->entityManager->refresh($entry); self::assertFalse($entry->isLocked); $this->assertCountOfSentActivitiesOfType(0, 'Undo'); $this->assertCountOfSentActivitiesOfType(0, 'Announce'); } public function testLockRemoteEntryInLocalMagazineByRemoteModerator(): void { $this->bus->dispatch(new ActivityMessage(json_encode($this->createRemoteEntryInLocalMagazine))); $entryApId = $this->createRemoteEntryInLocalMagazine['object']['id']; $entry = $this->entryRepository->findOneBy(['apId' => $entryApId]); self::assertNotNull($entry); $this->bus->dispatch(new ActivityMessage(json_encode($this->lockRemoteEntryByRemoteModeratorInLocalMagazine))); $entry = $this->entryRepository->findOneBy(['apId' => $entryApId]); self::assertTrue($entry->isLocked); $this->assertOneSentAnnouncedActivityOfType('Lock', $this->lockRemoteEntryByRemoteModeratorInLocalMagazine['id']); $this->bus->dispatch(new ActivityMessage(json_encode($this->undoLockRemoteEntryByRemoteModeratorInLocalMagazine))); $this->entityManager->refresh($entry); self::assertFalse($entry->isLocked); $this->assertOneSentAnnouncedActivityOfType('Undo', $this->undoLockRemoteEntryByRemoteModeratorInLocalMagazine['id']); } public function testLockRemoteEntryInRemoteMagazineByRemoteModerator(): void { $this->bus->dispatch(new ActivityMessage(json_encode($this->createRemoteEntryInRemoteMagazine))); $entryApId = $this->createRemoteEntryInRemoteMagazine['object']['object']['id']; $entry = $this->entryRepository->findOneBy(['apId' => $entryApId]); self::assertNotNull($entry); $this->bus->dispatch(new ActivityMessage(json_encode($this->lockRemoteEntryByRemoteModeratorInRemoteMagazine))); $entry = $this->entryRepository->findOneBy(['apId' => $entryApId]); self::assertTrue($entry->isLocked); $this->assertCountOfSentActivitiesOfType(0, 'Lock'); $this->assertCountOfSentActivitiesOfType(0, 'Announce'); $lockActivities = $this->activityRepository->findBy(['type' => 'Lock']); self::assertEmpty($lockActivities); $this->bus->dispatch(new ActivityMessage(json_encode($this->undoLockRemoteEntryByRemoteModeratorInRemoteMagazine))); $this->entityManager->refresh($entry); self::assertFalse($entry->isLocked); $this->assertCountOfSentActivitiesOfType(0, 'Undo'); $this->assertCountOfSentActivitiesOfType(0, 'Announce'); } public function testLockLocalPostInLocalMagazineByRemoteModerator(): void { $obj = $this->createLocalPostAndCreateLockActivity($this->localMagazine, $this->localUser, $this->remoteUser); $activity = $obj['activity']; $post = $obj['content']; $this->bus->dispatch(new ActivityMessage(json_encode($activity))); $this->entityManager->refresh($post); self::assertTrue($post->isLocked); $this->assertOneSentAnnouncedActivityOfType('Lock', $activity['id']); $this->bus->dispatch(new ActivityMessage(json_encode($obj['undo']))); $this->entityManager->refresh($post); self::assertFalse($post->isLocked); $this->assertOneSentAnnouncedActivityOfType('Undo', $obj['undo']['id']); } public function testLockLocalPostInRemoteMagazineByRemoteModerator(): void { $obj = $this->createLocalPostAndCreateLockActivity($this->remoteMagazine, $this->localUser, $this->remoteUser); $activity = $obj['activity']; $post = $obj['content']; $this->bus->dispatch(new ActivityMessage(json_encode($activity))); $this->entityManager->refresh($post); self::assertTrue($post->isLocked); $this->assertCountOfSentActivitiesOfType(0, 'Lock'); $this->assertCountOfSentActivitiesOfType(0, 'Announce'); $this->bus->dispatch(new ActivityMessage(json_encode($obj['undo']))); $this->entityManager->refresh($post); self::assertFalse($post->isLocked); $this->assertCountOfSentActivitiesOfType(0, 'Undo'); $this->assertCountOfSentActivitiesOfType(0, 'Announce'); } public function testLockRemotePostInLocalMagazineByRemoteModerator(): void { $this->bus->dispatch(new ActivityMessage(json_encode($this->createRemotePostInLocalMagazine))); $postApId = $this->createRemotePostInLocalMagazine['object']['id']; $post = $this->postRepository->findOneBy(['apId' => $postApId]); self::assertNotNull($post); $this->bus->dispatch(new ActivityMessage(json_encode($this->lockRemotePostByRemoteModeratorInLocalMagazine))); $post = $this->postRepository->findOneBy(['apId' => $postApId]); self::assertTrue($post->isLocked); $this->assertOneSentAnnouncedActivityOfType('Lock', $this->lockRemotePostByRemoteModeratorInLocalMagazine['id']); $this->bus->dispatch(new ActivityMessage(json_encode($this->undoLockRemotePostByRemoteModeratorInLocalMagazine))); $this->entityManager->refresh($post); self::assertFalse($post->isLocked); $this->assertOneSentAnnouncedActivityOfType('Undo', $this->undoLockRemotePostByRemoteModeratorInLocalMagazine['id']); } public function testLockRemotePostInRemoteMagazineByRemoteModerator(): void { $this->bus->dispatch(new ActivityMessage(json_encode($this->createRemotePostInRemoteMagazine))); $postApId = $this->createRemotePostInRemoteMagazine['object']['object']['id']; $post = $this->postRepository->findOneBy(['apId' => $postApId]); self::assertNotNull($post); $this->bus->dispatch(new ActivityMessage(json_encode($this->lockRemotePostByRemoteModeratorInRemoteMagazine))); $post = $this->postRepository->findOneBy(['apId' => $postApId]); self::assertTrue($post->isLocked); $this->assertCountOfSentActivitiesOfType(0, 'Lock'); $this->assertCountOfSentActivitiesOfType(0, 'Announce'); $lockActivities = $this->activityRepository->findBy(['type' => 'Lock']); self::assertEmpty($lockActivities); $this->bus->dispatch(new ActivityMessage(json_encode($this->undoLockRemotePostByRemoteModeratorInRemoteMagazine))); $this->entityManager->refresh($post); self::assertFalse($post->isLocked); $this->assertCountOfSentActivitiesOfType(0, 'Undo'); $this->assertCountOfSentActivitiesOfType(0, 'Announce'); } public function setUp(): void { parent::setUp(); $this->magazineManager->addModerator(new ModeratorDto($this->remoteMagazine, $this->remoteUser)); $this->magazineManager->addModerator(new ModeratorDto($this->remoteMagazine, $this->localUser)); $this->magazineManager->addModerator(new ModeratorDto($this->localMagazine, $this->remoteUser, $this->localMagazine->getOwner())); $this->magazineManager->subscribe($this->remoteMagazine, $this->remoteSubscriber); } protected function setUpRemoteActors(): void { parent::setUpRemoteActors(); $username = 'remotePoster'; $domain = $this->remoteDomain; $this->remotePoster = $this->getUserByUsername($username, addImage: false); $this->registerActor($this->remotePoster, $domain, true); } public function setUpRemoteEntities(): void { $this->createRemoteEntryInRemoteMagazine = $this->createRemoteEntryInRemoteMagazine($this->remoteMagazine, $this->remotePoster, fn ($entry) => $this->createLockFromRemoteEntryInRemoteMagazine($entry)); $this->createRemotePostInRemoteMagazine = $this->createRemotePostInRemoteMagazine($this->remoteMagazine, $this->remotePoster, fn ($post) => $this->createLockFromRemotePostInRemoteMagazine($post)); $this->createRemoteEntryInLocalMagazine = $this->createRemoteEntryInLocalMagazine($this->localMagazine, $this->remotePoster, fn ($entry) => $this->createLockFromRemoteEntryInLocalMagazine($entry)); $this->createRemotePostInLocalMagazine = $this->createRemotePostInLocalMagazine($this->localMagazine, $this->remotePoster, fn ($post) => $this->createLockFromRemotePostInLocalMagazine($post)); } private function createLockFromRemoteEntryInRemoteMagazine(Entry $createdEntry): void { $activities = $this->createLockAndUnlockForContent($createdEntry); $this->lockRemoteEntryByRemoteModeratorInRemoteMagazine = $activities['lock']; $this->undoLockRemoteEntryByRemoteModeratorInRemoteMagazine = $activities['unlock']; } private function createLockFromRemoteEntryInLocalMagazine(Entry $createdEntry): void { $activities = $this->createLockAndUnlockForContent($createdEntry); $this->lockRemoteEntryByRemoteModeratorInLocalMagazine = $activities['lock']; $this->undoLockRemoteEntryByRemoteModeratorInLocalMagazine = $activities['unlock']; } private function createLockFromRemotePostInRemoteMagazine(Post $post): void { $activities = $this->createLockAndUnlockForContent($post); $this->lockRemotePostByRemoteModeratorInRemoteMagazine = $activities['lock']; $this->undoLockRemotePostByRemoteModeratorInRemoteMagazine = $activities['unlock']; } private function createLockFromRemotePostInLocalMagazine(Post $ost): void { $activities = $this->createLockAndUnlockForContent($ost); $this->lockRemotePostByRemoteModeratorInLocalMagazine = $activities['lock']; $this->undoLockRemotePostByRemoteModeratorInLocalMagazine = $activities['unlock']; } /** * @return array{lock: array, unlock: array} */ private function createLockAndUnlockForContent(Entry|Post $content): array { $activity = $this->lockFactory->build($this->remoteUser, $content); $lock = $this->activityJsonBuilder->buildActivityJson($activity); $undoActivity = $this->undoWrapper->build($activity); $unlock = $this->activityJsonBuilder->buildActivityJson($undoActivity); $this->testingApHttpClient->activityObjects[$lock['id']] = $lock; $this->testingApHttpClient->activityObjects[$unlock['id']] = $unlock; $this->entitiesToRemoveAfterSetup[] = $activity; $this->entitiesToRemoveAfterSetup[] = $undoActivity; return [ 'lock' => $lock, 'unlock' => $unlock, ]; } /** * @return array{entry: Entry, activity: array, undo: array} */ private function createLocalEntryAndCreateLockActivity(Magazine $magazine, User $author, User $lockingUser): array { $entry = $this->getEntryByTitle('localEntry', magazine: $magazine, user: $author); $entryJson = $this->pageFactory->create($entry, [], false); $this->switchToRemoteDomain($this->remoteDomain); $activity = $this->lockFactory->build($lockingUser, $entry); $activityJson = $this->activityJsonBuilder->buildActivityJson($activity); $activityJson['object'] = $entryJson['id']; $undoActivity = $this->undoWrapper->build($activity); $undoJson = $this->activityJsonBuilder->buildActivityJson($undoActivity); $undoJson['object']['object'] = $entryJson['id']; $this->switchToLocalDomain(); $this->entityManager->remove($activity); $this->entityManager->remove($undoActivity); return [ 'activity' => $activityJson, 'content' => $entry, 'undo' => $undoJson, ]; } /** * @return array{content:Post, activity: array, undo: array} */ private function createLocalPostAndCreateLockActivity(Magazine $magazine, User $author, User $lockingUser): array { $post = $this->createPost('localPost', magazine: $magazine, user: $author); $postJson = $this->postNoteFactory->create($post, []); $this->switchToRemoteDomain($this->remoteDomain); $activity = $this->lockFactory->build($lockingUser, $post); $activityJson = $this->activityJsonBuilder->buildActivityJson($activity); $activityJson['object'] = $postJson['id']; $undoActivity = $this->undoWrapper->build($activity); $undoJson = $this->activityJsonBuilder->buildActivityJson($undoActivity); $undoJson['object']['object'] = $postJson['id']; $this->switchToLocalDomain(); $this->entityManager->remove($activity); $this->entityManager->remove($undoActivity); return [ 'activity' => $activityJson, 'content' => $post, 'undo' => $undoJson, ]; } } ================================================ FILE: tests/Functional/ActivityPub/Inbox/RemoveHandlerTest.php ================================================ remoteMagazine = $this->activityPubManager->findActorOrCreate('!remoteMagazine@remote.mbin'); $this->remoteUser = $this->activityPubManager->findActorOrCreate('@remoteUser@remote.mbin'); // it is important that the moderators are initialized here, as they would be removed from the db if added in `setupRemoteEntries` $this->magazineManager->addModerator(new ModeratorDto($this->remoteMagazine, $this->remoteUser, $this->remoteMagazine->getOwner())); $this->magazineManager->addModerator(new ModeratorDto($this->localMagazine, $this->remoteUser, $this->localUser)); $this->magazineManager->addModerator(new ModeratorDto($this->remoteMagazine, $this->remoteSubscriber, $this->remoteMagazine->getOwner())); $this->magazineManager->addModerator(new ModeratorDto($this->localMagazine, $this->remoteSubscriber, $this->localUser)); } public function testRemoveModeratorInRemoteMagazine(): void { self::assertTrue($this->remoteMagazine->userIsModerator($this->remoteSubscriber)); $this->bus->dispatch(new ActivityMessage(json_encode($this->removeModeratorRemoteMagazine))); self::assertFalse($this->remoteMagazine->userIsModerator($this->remoteSubscriber)); } public function testRemoveModeratorLocalMagazine(): void { self::assertTrue($this->localMagazine->userIsModerator($this->remoteSubscriber)); $this->bus->dispatch(new ActivityMessage(json_encode($this->removeModeratorLocalMagazine))); self::assertFalse($this->localMagazine->userIsModerator($this->remoteSubscriber)); $this->assertRemoveSentToSubscriber($this->removeModeratorLocalMagazine); } public function testRemovePinnedEntryInRemoteMagazine(): void { $this->bus->dispatch(new ActivityMessage(json_encode($this->createRemoteEntryInRemoteMagazine))); $entry = $this->entryRepository->findOneBy(['apId' => $this->createRemoteEntryInRemoteMagazine['object']['object']['id']]); self::assertNotNull($entry); $entry->sticky = true; $this->entityManager->flush(); $this->bus->dispatch(new ActivityMessage(json_encode($this->removePinnedEntryRemoteMagazine))); $this->entityManager->refresh($entry); self::assertFalse($entry->sticky); } public function testRemovePinnedEntryLocalMagazine(): void { $this->bus->dispatch(new ActivityMessage(json_encode($this->createRemoteEntryInLocalMagazine))); $entry = $this->entryRepository->findOneBy(['apId' => $this->createRemoteEntryInLocalMagazine['object']['id']]); self::assertNotNull($entry); $entry->sticky = true; $this->entityManager->flush(); $this->bus->dispatch(new ActivityMessage(json_encode($this->removePinnedEntryLocalMagazine))); $this->entityManager->refresh($entry); self::assertFalse($entry->sticky); $this->assertRemoveSentToSubscriber($this->removePinnedEntryLocalMagazine); } public function setUpRemoteEntities(): void { $this->buildRemoveModeratorInRemoteMagazine(); $this->buildRemoveModeratorInLocalMagazine(); $this->createRemoteEntryInRemoteMagazine = $this->createRemoteEntryInRemoteMagazine($this->remoteMagazine, $this->remoteUser, fn (Entry $entry) => $this->buildRemovePinnedPostInRemoteMagazine($entry)); $this->createRemoteEntryInLocalMagazine = $this->createRemoteEntryInLocalMagazine($this->localMagazine, $this->remoteUser, fn (Entry $entry) => $this->buildRemovePinnedPostInLocalMagazine($entry)); } private function buildRemoveModeratorInRemoteMagazine(): void { $removeActivity = $this->addRemoveFactory->buildRemoveModerator($this->remoteUser, $this->remoteSubscriber, $this->remoteMagazine); $this->removeModeratorRemoteMagazine = $this->activityJsonBuilder->buildActivityJson($removeActivity); $this->removeModeratorRemoteMagazine['object'] = 'https://remote.sub.mbin/u/remoteSubscriber'; $this->testingApHttpClient->activityObjects[$this->removeModeratorRemoteMagazine['id']] = $this->removeModeratorRemoteMagazine; $this->entitiesToRemoveAfterSetup[] = $removeActivity; } private function buildRemoveModeratorInLocalMagazine(): void { $removeActivity = $this->addRemoveFactory->buildRemoveModerator($this->remoteUser, $this->remoteSubscriber, $this->localMagazine); $this->removeModeratorLocalMagazine = $this->activityJsonBuilder->buildActivityJson($removeActivity); $this->removeModeratorLocalMagazine['target'] = 'https://kbin.test/m/magazine/moderators'; $this->removeModeratorLocalMagazine['object'] = 'https://remote.sub.mbin/u/remoteSubscriber'; $this->testingApHttpClient->activityObjects[$this->removeModeratorLocalMagazine['id']] = $this->removeModeratorLocalMagazine; $this->entitiesToRemoveAfterSetup[] = $removeActivity; } private function buildRemovePinnedPostInRemoteMagazine(Entry $entry): void { $removeActivity = $this->addRemoveFactory->buildRemovePinnedPost($this->remoteUser, $entry); $this->removePinnedEntryRemoteMagazine = $this->activityJsonBuilder->buildActivityJson($removeActivity); $this->testingApHttpClient->activityObjects[$this->removePinnedEntryRemoteMagazine['id']] = $this->removePinnedEntryRemoteMagazine; $this->entitiesToRemoveAfterSetup[] = $removeActivity; } private function buildRemovePinnedPostInLocalMagazine(Entry $entry): void { $removeActivity = $this->addRemoveFactory->buildRemovePinnedPost($this->remoteUser, $entry); $this->removePinnedEntryLocalMagazine = $this->activityJsonBuilder->buildActivityJson($removeActivity); $this->removePinnedEntryLocalMagazine['target'] = 'https://kbin.test/m/magazine/pinned'; $this->testingApHttpClient->activityObjects[$this->removePinnedEntryLocalMagazine['id']] = $this->removePinnedEntryLocalMagazine; $this->entitiesToRemoveAfterSetup[] = $removeActivity; } private function assertRemoveSentToSubscriber(array $originalPayload): void { $postedObjects = $this->testingApHttpClient->getPostedObjects(); self::assertNotEmpty($postedObjects); $postedAddAnnounces = array_filter($postedObjects, fn ($arr) => 'Announce' === $arr['payload']['type'] && 'Remove' === $arr['payload']['object']['type']); $postedAddAnnounce = $postedAddAnnounces[array_key_first($postedAddAnnounces)]; // the id of the 'Remove' activity should be wrapped in an 'Announce' activity self::assertEquals($originalPayload['id'], $postedAddAnnounce['payload']['object']['id']); self::assertEquals($originalPayload['object'], $postedAddAnnounce['payload']['object']['object']); self::assertEquals($this->remoteSubscriber->apInboxUrl, $postedAddAnnounce['inboxUrl']); } } ================================================ FILE: tests/Functional/ActivityPub/Inbox/UpdateHandlerTest.php ================================================ bus->dispatch(new ActivityMessage(json_encode($this->announceEntry))); $entry = $this->entryRepository->findOneBy(['apId' => $this->announceEntry['object']['object']['id']]); self::assertStringNotContainsString('update', $entry->title); $this->bus->dispatch(new ActivityMessage(json_encode($this->updateAnnounceEntry))); $this->entityManager->refresh($entry); self::assertNotNull($entry); self::assertStringContainsString('update', $entry->title); self::assertStringContainsString('update', $entry->body); self::assertFalse($entry->isLocked); } public function testUpdateRemoteEntryCommentInRemoteMagazine(): void { $this->bus->dispatch(new ActivityMessage(json_encode($this->announceEntry))); $this->bus->dispatch(new ActivityMessage(json_encode($this->announceEntryComment))); $comment = $this->entryCommentRepository->findOneBy(['apId' => $this->announceEntryComment['object']['object']['id']]); self::assertStringNotContainsString('update', $comment->body); $this->bus->dispatch(new ActivityMessage(json_encode($this->updateAnnounceEntryComment))); $this->entityManager->refresh($comment); self::assertNotNull($comment); self::assertStringContainsString('update', $comment->body); } public function testUpdateRemotePostInRemoteMagazine(): void { $this->bus->dispatch(new ActivityMessage(json_encode($this->announcePost))); $post = $this->postRepository->findOneBy(['apId' => $this->announcePost['object']['object']['id']]); self::assertStringNotContainsString('update', $post->body); $this->bus->dispatch(new ActivityMessage(json_encode($this->updateAnnouncePost))); $this->entityManager->refresh($post); self::assertNotNull($post); self::assertStringContainsString('update', $post->body); self::assertFalse($post->isLocked); } public function testUpdateRemotePostCommentInRemoteMagazine(): void { $this->bus->dispatch(new ActivityMessage(json_encode($this->announcePost))); $this->bus->dispatch(new ActivityMessage(json_encode($this->announcePostComment))); $postComment = $this->postCommentRepository->findOneBy(['apId' => $this->announcePostComment['object']['object']['id']]); self::assertStringNotContainsString('update', $postComment->body); $this->bus->dispatch(new ActivityMessage(json_encode($this->updateAnnouncePostComment))); $this->entityManager->refresh($postComment); self::assertNotNull($postComment); self::assertStringContainsString('update', $postComment->body); } public function testUpdateEntryInLocalMagazine(): void { $this->bus->dispatch(new ActivityMessage(json_encode($this->createEntry))); $entry = $this->entryRepository->findOneBy(['apId' => $this->createEntry['object']['id']]); self::assertStringNotContainsString('update', $entry->title); $this->bus->dispatch(new ActivityMessage(json_encode($this->updateCreateEntry))); self::assertStringContainsString('update', $entry->title); // explicitly set in the build method self::assertTrue($entry->isLocked); $postedObjects = $this->testingApHttpClient->getPostedObjects(); self::assertNotEmpty($postedObjects); $postedUpdateAnnounces = array_filter($postedObjects, fn ($arr) => 'Announce' === $arr['payload']['type'] && 'Update' === $arr['payload']['object']['type']); $postedUpdateAnnounce = $postedUpdateAnnounces[array_key_first($postedUpdateAnnounces)]; // the id of the 'Update' activity should be wrapped in an 'Announce' activity self::assertEquals($this->updateCreateEntry['id'], $postedUpdateAnnounce['payload']['object']['id']); self::assertEquals($this->updateCreateEntry['object']['id'], $postedUpdateAnnounce['payload']['object']['object']['id']); self::assertEquals($this->remoteSubscriber->apInboxUrl, $postedUpdateAnnounce['inboxUrl']); } public function testUpdateEntryCommentInLocalMagazine(): void { $this->bus->dispatch(new ActivityMessage(json_encode($this->createEntry))); $this->bus->dispatch(new ActivityMessage(json_encode($this->createEntryComment))); $entryComment = $this->entryCommentRepository->findOneBy(['apId' => $this->createEntryComment['object']['id']]); self::assertNotNull($entryComment); self::assertStringNotContainsString('update', $entryComment->body); $this->bus->dispatch(new ActivityMessage(json_encode($this->updateCreateEntryComment))); self::assertStringContainsString('update', $entryComment->body); $postedObjects = $this->testingApHttpClient->getPostedObjects(); self::assertNotEmpty($postedObjects); $postedUpdateAnnounces = array_filter($postedObjects, fn ($arr) => 'Announce' === $arr['payload']['type'] && 'Update' === $arr['payload']['object']['type']); $postedUpdateAnnounce = $postedUpdateAnnounces[array_key_first($postedUpdateAnnounces)]; // the id of the 'Update' activity should be wrapped in an 'Announce' activity self::assertEquals($this->updateCreateEntryComment['id'], $postedUpdateAnnounce['payload']['object']['id']); self::assertEquals($this->updateCreateEntryComment['object']['id'], $postedUpdateAnnounce['payload']['object']['object']['id']); self::assertEquals($this->remoteSubscriber->apInboxUrl, $postedUpdateAnnounce['inboxUrl']); } public function testUpdatePostInLocalMagazine(): void { $this->bus->dispatch(new ActivityMessage(json_encode($this->createPost))); $post = $this->postRepository->findOneBy(['apId' => $this->createPost['object']['id']]); self::assertStringNotContainsString('update', $post->body); $this->bus->dispatch(new ActivityMessage(json_encode($this->updateCreatePost))); self::assertStringContainsString('update', $post->body); // explicitly set in the build method self::assertTrue($post->isLocked); $postedObjects = $this->testingApHttpClient->getPostedObjects(); self::assertNotEmpty($postedObjects); $postedUpdateAnnounces = array_filter($postedObjects, fn ($arr) => 'Announce' === $arr['payload']['type'] && 'Update' === $arr['payload']['object']['type']); $postedUpdateAnnounce = $postedUpdateAnnounces[array_key_first($postedUpdateAnnounces)]; // the id of the 'Update' activity should be wrapped in an 'Announce' activity self::assertEquals($this->updateCreatePost['id'], $postedUpdateAnnounce['payload']['object']['id']); self::assertEquals($this->updateCreatePost['object']['id'], $postedUpdateAnnounce['payload']['object']['object']['id']); self::assertEquals($this->remoteSubscriber->apInboxUrl, $postedUpdateAnnounce['inboxUrl']); } public function testUpdatePostCommentInLocalMagazine(): void { $this->bus->dispatch(new ActivityMessage(json_encode($this->createPost))); $this->bus->dispatch(new ActivityMessage(json_encode($this->createPostComment))); $postComment = $this->postCommentRepository->findOneBy(['apId' => $this->createPostComment['object']['id']]); self::assertNotNull($postComment); self::assertStringNotContainsString('update', $postComment->body); $this->bus->dispatch(new ActivityMessage(json_encode($this->updateCreatePostComment))); self::assertStringContainsString('update', $postComment->body); $postedObjects = $this->testingApHttpClient->getPostedObjects(); self::assertNotEmpty($postedObjects); $postedUpdateAnnounces = array_filter($postedObjects, fn ($arr) => 'Announce' === $arr['payload']['type'] && 'Update' === $arr['payload']['object']['type']); $postedUpdateAnnounce = $postedUpdateAnnounces[array_key_first($postedUpdateAnnounces)]; // the id of the 'Update' activity should be wrapped in an 'Announce' activity self::assertEquals($this->updateCreatePostComment['id'], $postedUpdateAnnounce['payload']['object']['id']); self::assertEquals($this->updateCreatePostComment['object']['id'], $postedUpdateAnnounce['payload']['object']['object']['id']); self::assertEquals($this->remoteSubscriber->apInboxUrl, $postedUpdateAnnounce['inboxUrl']); } public function testUpdateRemoteUser(): void { // an update activity forces to fetch the remote object again -> rewrite the actor id to the updated object from the activity $this->testingApHttpClient->actorObjects[$this->updateUser['object']['id']] = $this->updateUser['object']; $this->bus->dispatch(new ActivityMessage(json_encode($this->updateUser))); $user = $this->userRepository->findOneBy(['apPublicUrl' => $this->updateUser['object']['id']]); self::assertNotNull($user); self::assertStringContainsString('update', $user->about); self::assertNotNull($user->publicKey); self::assertStringContainsString('new public key', $user->publicKey); self::assertNotNull($user->lastKeyRotationDate); } public function testUpdateRemoteUserTitle(): void { // an update activity forces to fetch the remote object again -> rewrite the actor id to the updated object from the activity $object = $this->updateUser['object']; $object['name'] = 'Test User'; $this->testingApHttpClient->actorObjects[$this->updateUser['object']['id']] = $object; $this->bus->dispatch(new ActivityMessage(json_encode($this->updateUser))); $user = $this->userRepository->findOneBy(['apPublicUrl' => $this->updateUser['object']['id']]); self::assertNotNull($user); self::assertEquals('Test User', $user->title); $object = $this->updateUser['object']; unset($object['name']); $this->testingApHttpClient->actorObjects[$this->updateUser['object']['id']] = $object; $this->bus->dispatch(new ActivityMessage(json_encode($this->updateUser))); $user = $this->userRepository->findOneBy(['apPublicUrl' => $this->updateUser['object']['id']]); self::assertNotNull($user); self::assertNull($user->title); } public function testUpdateRemoteMagazine(): void { // an update activity forces to fetch the remote object again -> rewrite the actor id to the updated object from the activity $this->testingApHttpClient->actorObjects[$this->updateMagazine['object']['id']] = $this->updateMagazine['object']; $this->bus->dispatch(new ActivityMessage(json_encode($this->updateMagazine))); $magazine = $this->magazineRepository->findOneBy(['apPublicUrl' => $this->updateMagazine['object']['id']]); self::assertNotNull($magazine); self::assertStringContainsString('update', $magazine->description); self::assertNotNull($magazine->publicKey); self::assertStringContainsString('new public key', $magazine->publicKey); self::assertNotNull($magazine->lastKeyRotationDate); } public function setUpRemoteEntities(): void { $this->announceEntry = $this->createRemoteEntryInRemoteMagazine($this->remoteMagazine, $this->remoteUser, fn (Entry $entry) => $this->buildUpdateRemoteEntryInRemoteMagazine($entry)); $this->announceEntryComment = $this->createRemoteEntryCommentInRemoteMagazine($this->remoteMagazine, $this->remoteUser, fn (EntryComment $comment) => $this->buildUpdateRemoteEntryCommentInRemoteMagazine($comment)); $this->announcePost = $this->createRemotePostInRemoteMagazine($this->remoteMagazine, $this->remoteUser, fn (Post $post) => $this->buildUpdateRemotePostInRemoteMagazine($post)); $this->announcePostComment = $this->createRemotePostCommentInRemoteMagazine($this->remoteMagazine, $this->remoteUser, fn (PostComment $comment) => $this->buildUpdateRemotePostCommentInRemoteMagazine($comment)); $this->createEntry = $this->createRemoteEntryInLocalMagazine($this->localMagazine, $this->remoteUser, fn (Entry $entry) => $this->buildUpdateRemoteEntryInLocalMagazine($entry)); $this->createEntryComment = $this->createRemoteEntryCommentInLocalMagazine($this->localMagazine, $this->remoteUser, fn (EntryComment $comment) => $this->buildUpdateRemoteEntryCommentInLocalMagazine($comment)); $this->createPost = $this->createRemotePostInLocalMagazine($this->localMagazine, $this->remoteUser, fn (Post $post) => $this->buildUpdateRemotePostInLocalMagazine($post)); $this->createPostComment = $this->createRemotePostCommentInLocalMagazine($this->localMagazine, $this->remoteUser, fn (PostComment $comment) => $this->buildUpdateRemotePostCommentInLocalMagazine($comment)); $this->buildUpdateUser(); $this->buildUpdateMagazine(); } public function buildUpdateRemoteEntryInRemoteMagazine(Entry $entry): void { $updateActivity = $this->updateWrapper->buildForActivity($entry, $this->remoteUser); $entry->title = 'Some updated title'; $entry->body = 'Some updated body'; $this->updateAnnounceEntry = $this->activityJsonBuilder->buildActivityJson($updateActivity); $this->testingApHttpClient->activityObjects[$this->updateAnnounceEntry['id']] = $this->updateAnnounceEntry; $this->entitiesToRemoveAfterSetup[] = $updateActivity; } public function buildUpdateRemoteEntryCommentInRemoteMagazine(EntryComment $comment): void { $updateActivity = $this->updateWrapper->buildForActivity($comment, $this->remoteUser); $comment->body = 'Some updated body'; $this->updateAnnounceEntryComment = $this->activityJsonBuilder->buildActivityJson($updateActivity); $this->testingApHttpClient->activityObjects[$this->updateAnnounceEntryComment['id']] = $this->updateAnnounceEntryComment; $this->entitiesToRemoveAfterSetup[] = $updateActivity; } public function buildUpdateRemotePostInRemoteMagazine(Post $post): void { $updateActivity = $this->updateWrapper->buildForActivity($post, $this->remoteUser); $post->body = 'Some updated body'; $this->updateAnnouncePost = $this->activityJsonBuilder->buildActivityJson($updateActivity); $this->testingApHttpClient->activityObjects[$this->updateAnnouncePost['id']] = $this->updateAnnouncePost; $this->entitiesToRemoveAfterSetup[] = $updateActivity; } public function buildUpdateRemotePostCommentInRemoteMagazine(PostComment $postComment): void { $updateActivity = $this->updateWrapper->buildForActivity($postComment, $this->remoteUser); $postComment->body = 'Some updated body'; $this->updateAnnouncePostComment = $this->activityJsonBuilder->buildActivityJson($updateActivity); $this->testingApHttpClient->activityObjects[$this->updateAnnouncePostComment['id']] = $this->updateAnnouncePostComment; $this->entitiesToRemoveAfterSetup[] = $updateActivity; } public function buildUpdateRemoteEntryInLocalMagazine(Entry $entry): void { $updateActivity = $this->updateWrapper->buildForActivity($entry, $this->remoteUser); $titleBefore = $entry->title; $entry->title = 'Some updated title'; $entry->body = 'Some updated body'; $entry->isLocked = true; $this->updateCreateEntry = $this->RewriteTargetFieldsToLocal($entry->magazine, $this->activityJsonBuilder->buildActivityJson($updateActivity)); $entry->title = $titleBefore; $entry->isLocked = false; $this->testingApHttpClient->activityObjects[$this->updateCreateEntry['id']] = $this->updateCreateEntry; $this->entitiesToRemoveAfterSetup[] = $updateActivity; } public function buildUpdateRemoteEntryCommentInLocalMagazine(EntryComment $comment): void { $updateActivity = $this->updateWrapper->buildForActivity($comment, $this->remoteUser); $comment->body = 'Some updated body'; $this->updateCreateEntryComment = $this->RewriteTargetFieldsToLocal($comment->magazine, $this->activityJsonBuilder->buildActivityJson($updateActivity)); $this->testingApHttpClient->activityObjects[$this->updateCreateEntryComment['id']] = $this->updateCreateEntryComment; $this->entitiesToRemoveAfterSetup[] = $updateActivity; } public function buildUpdateRemotePostInLocalMagazine(Post $post): void { $updateActivity = $this->updateWrapper->buildForActivity($post, $this->remoteUser); $bodyBefore = $post->body; $post->body = 'Some updated body'; $post->isLocked = true; $this->updateCreatePost = $this->RewriteTargetFieldsToLocal($post->magazine, $this->activityJsonBuilder->buildActivityJson($updateActivity)); $post->body = $bodyBefore; $post->isLocked = false; $this->testingApHttpClient->activityObjects[$this->updateCreatePost['id']] = $this->updateCreatePost; $this->entitiesToRemoveAfterSetup[] = $updateActivity; } public function buildUpdateRemotePostCommentInLocalMagazine(PostComment $postComment): void { $updateActivity = $this->updateWrapper->buildForActivity($postComment, $this->remoteUser); $postComment->body = 'Some updated body'; $this->updateCreatePostComment = $this->RewriteTargetFieldsToLocal($postComment->magazine, $this->activityJsonBuilder->buildActivityJson($updateActivity)); $this->testingApHttpClient->activityObjects[$this->updateCreatePostComment['id']] = $this->updateCreatePostComment; $this->entitiesToRemoveAfterSetup[] = $updateActivity; } public function buildUpdateUser(): void { $aboutBefore = $this->remoteUser->about; $this->remoteUser->about = 'Some updated user description'; $this->remoteUser->publicKey = 'Some new public key'; $this->remoteUser->privateKey = 'Some new private key'; $updateActivity = $this->updateWrapper->buildForActor($this->remoteUser, $this->remoteUser); $this->updateUser = $this->activityJsonBuilder->buildActivityJson($updateActivity); $this->remoteUser->about = $aboutBefore; $this->testingApHttpClient->activityObjects[$this->updateUser['id']] = $this->updateUser; $this->entitiesToRemoveAfterSetup[] = $updateActivity; } public function buildUpdateMagazine(): void { $descriptionBefore = $this->remoteMagazine->description; $this->remoteMagazine->description = 'Some updated magazine description'; $this->remoteMagazine->publicKey = 'Some new public key'; $this->remoteMagazine->privateKey = 'Some new private key'; $updateActivity = $this->updateWrapper->buildForActor($this->remoteMagazine, $this->remoteMagazine->getOwner()); $this->updateMagazine = $this->activityJsonBuilder->buildActivityJson($updateActivity); $this->remoteMagazine->description = $descriptionBefore; $this->testingApHttpClient->activityObjects[$this->updateMagazine['id']] = $this->updateMagazine; $this->entitiesToRemoveAfterSetup[] = $updateActivity; } } ================================================ FILE: tests/Functional/ActivityPub/MarkdownConverterTest.php ================================================ switchToRemoteDomain($domain); $this->registerActor($this->getUserByUsername('someUser', email: "someUser@$domain"), $domain, true); $this->registerActor($this->getMagazineByName('someMagazine'), $domain, true); $this->switchToLocalDomain(); } public function setUp(): void { parent::setUp(); // generate the local user 'someUser' $user = $this->getUserByUsername('someUser', email: 'someUser@kbin.test'); $this->getMagazineByName('someMagazine', $user); $mastodonUser = new User('SomeUser@mastodon.tld', 'SomeUser@mastodon.tld', '', 'Person', 'https://mastodon.tld/users/SomeAccount'); $mastodonUser->apPublicUrl = 'https://mastodon.tld/@SomeAccount'; $this->entityManager->persist($mastodonUser); } #[DataProvider('htmlMentionsProvider')] public function testMentions(string $html, array $apTags, array $expectedMentions, string $name): void { $converted = $this->apMarkdownConverter->convert($html, $apTags); $mentions = $this->mentionManager->extract($converted); assertEquals($expectedMentions, $mentions, message: "Mention test '$name'"); } public static function htmlMentionsProvider(): array { return [ [ 'html' => '
', 'apTags' => [ [ 'type' => 'Mention', 'href' => 'https://some.domain.tld/u/someUser', 'name' => '@someUser', ], [ 'type' => 'Mention', 'href' => 'https://kbin.test/u/someUser', 'name' => '@someUser@kbin.test', ], ], 'expectedMentions' => ['@someUser@some.domain.tld', '@someUser@kbin.test'], 'name' => 'Local and remote user', ], [ 'html' => '', 'apTags' => [ [ 'type' => 'Mention', 'href' => 'https://some.domain.tld/m/someMagazine', 'name' => '@someMagazine', ], ], 'expectedMentions' => ['@someMagazine@some.domain.tld'], 'name' => 'Magazine mention', ], [ 'html' => '', 'apTags' => [ [ 'type' => 'Mention', 'href' => 'https://kbin.test/m/someMagazine', 'name' => '@someMagazine', ], ], 'expectedMentions' => ['@someMagazine@kbin.test'], 'name' => 'Local magazine mention', ], [ 'html' => '@SomeAccount', 'apTags' => [ [ 'type' => 'Mention', 'href' => 'https://mastodon.tld/users/SomeAccount', 'name' => '@SomeAccount@mastodon.tld', ], ], 'expectedMentions' => ['@SomeAccount@mastodon.tld'], 'name' => 'Mastodon account mention', ], ]; } } ================================================ FILE: tests/Functional/ActivityPub/Outbox/BlockHandlerTest.php ================================================ localSubscriber = $this->getUserByUsername('localSubscriber', addImage: false); // so localSubscriber has one interaction with another instance $this->magazineManager->subscribe($this->remoteMagazine, $this->localSubscriber); } public function setUpRemoteEntities(): void { } public function testBanLocalUserLocalMagazineLocalModerator(): void { $this->magazineManager->ban($this->localMagazine, $this->localSubscriber, $this->localUser, MagazineBanDto::create(reason: 'test')); $blockActivity = $this->assertOneSentActivityOfType('Block', inboxUrl: $this->remoteSubscriber->apInboxUrl); self::assertEquals('test', $blockActivity['summary']); self::assertEquals($this->personFactory->getActivityPubId($this->localSubscriber), $blockActivity['object']); self::assertEquals($this->groupFactory->getActivityPubId($this->localMagazine), $blockActivity['target']); } public function testUndoBanLocalUserLocalMagazineLocalModerator(): void { $this->magazineManager->ban($this->localMagazine, $this->localSubscriber, $this->localUser, MagazineBanDto::create(reason: 'test')); $blockActivity = $this->assertOneSentActivityOfType('Block', inboxUrl: $this->remoteSubscriber->apInboxUrl); $this->magazineManager->unban($this->localMagazine, $this->localSubscriber); $undoActivity = $this->assertOneSentActivityOfType('Undo', inboxUrl: $this->remoteSubscriber->apInboxUrl); self::assertEquals($blockActivity['id'], $undoActivity['object']['id']); } public function testBanRemoteUserLocalMagazineLocalModerator(): void { $this->magazineManager->ban($this->localMagazine, $this->remoteSubscriber, $this->localUser, MagazineBanDto::create(reason: 'test')); $blockActivity = $this->assertOneSentActivityOfType('Block', inboxUrl: $this->remoteSubscriber->apInboxUrl); self::assertEquals('test', $blockActivity['summary']); self::assertEquals($this->remoteSubscriber->apProfileId, $blockActivity['object']); self::assertEquals($this->groupFactory->getActivityPubId($this->localMagazine), $blockActivity['target']); } public function testUndoBanRemoteUserLocalMagazineLocalModerator(): void { $this->magazineManager->ban($this->localMagazine, $this->remoteSubscriber, $this->localUser, MagazineBanDto::create(reason: 'test')); $blockActivity = $this->assertOneSentActivityOfType('Block', inboxUrl: $this->remoteSubscriber->apInboxUrl); $this->magazineManager->unban($this->localMagazine, $this->remoteSubscriber); $undoActivity = $this->assertOneSentActivityOfType('Undo', inboxUrl: $this->remoteSubscriber->apInboxUrl); self::assertEquals($blockActivity['id'], $undoActivity['object']['id']); } public function testBanLocalUserInstanceLocalModerator(): void { $this->userManager->ban($this->localSubscriber, $this->localUser, 'test'); $blockActivity = $this->assertOneSentActivityOfType('Block', inboxUrl: $this->remoteMagazine->apInboxUrl); self::assertEquals('test', $blockActivity['summary']); self::assertEquals($this->personFactory->getActivityPubId($this->localSubscriber), $blockActivity['object']); self::assertEquals($this->instanceFactory->getTargetUrl(), $blockActivity['target']); } public function testUndoBanLocalUserInstanceLocalModerator(): void { $this->userManager->ban($this->localSubscriber, $this->localUser, 'test'); $blockActivity = $this->assertOneSentActivityOfType('Block', inboxUrl: $this->remoteMagazine->apInboxUrl); $this->userManager->unban($this->localSubscriber, $this->localUser, 'test'); $undoActivity = $this->assertOneSentActivityOfType('Undo', inboxUrl: $this->remoteMagazine->apInboxUrl); self::assertEquals($blockActivity['id'], $undoActivity['object']['id']); } } ================================================ FILE: tests/Functional/ActivityPub/Outbox/DeleteHandlerTest.php ================================================ magazineManager->addModerator(new ModeratorDto($this->remoteMagazine, $this->localUser)); $this->localPoster = $this->getUserByUsername('localPoster', addImage: false); } public function setUpRemoteEntities(): void { $this->createRemoteEntryInRemoteMagazine = $this->createRemoteEntryInRemoteMagazine($this->remoteMagazine, $this->remotePoster); $this->createRemoteEntryCommentInRemoteMagazine = $this->createRemoteEntryCommentInRemoteMagazine($this->remoteMagazine, $this->remotePoster); $this->createRemotePostInRemoteMagazine = $this->createRemotePostInRemoteMagazine($this->remoteMagazine, $this->remotePoster); $this->createRemotePostCommentInRemoteMagazine = $this->createRemotePostCommentInRemoteMagazine($this->remoteMagazine, $this->remotePoster); $this->createRemoteEntryInLocalMagazine = $this->createRemoteEntryInLocalMagazine($this->localMagazine, $this->remotePoster); $this->createRemoteEntryCommentInLocalMagazine = $this->createRemoteEntryCommentInLocalMagazine($this->localMagazine, $this->remotePoster); $this->createRemotePostInLocalMagazine = $this->createRemotePostInLocalMagazine($this->localMagazine, $this->remotePoster); $this->createRemotePostCommentInLocalMagazine = $this->createRemotePostCommentInLocalMagazine($this->localMagazine, $this->remotePoster); } protected function setUpRemoteActors(): void { parent::setUpRemoteActors(); $username = 'remotePoster'; $domain = $this->remoteDomain; $this->remotePoster = $this->getUserByUsername($username, addImage: false); $this->registerActor($this->remotePoster, $domain, true); } public function testDeleteLocalEntryInLocalMagazineByLocalModerator(): void { $entry = $this->getEntryByTitle(title: 'test entry', magazine: $this->localMagazine, user: $this->localUser); $this->entryManager->delete($this->localUser, $entry); $this->assertOneSentActivityOfType('Delete'); } public function testDeleteLocalEntryInRemoteMagazineByLocalModerator(): void { $entry = $this->getEntryByTitle(title: 'test entry', magazine: $this->remoteMagazine, user: $this->localUser); $this->entryManager->delete($this->localUser, $entry); $this->assertOneSentActivityOfType('Delete'); } public function testDeleteRemoteEntryInLocalMagazineByLocalModerator(): void { $this->bus->dispatch(new ActivityMessage(json_encode($this->createRemoteEntryInLocalMagazine))); $entryApId = $this->createRemoteEntryInLocalMagazine['object']['id']; $entry = $this->entryRepository->findOneBy(['apId' => $entryApId]); self::assertNotNull($entry); $this->entryManager->delete($this->localUser, $entry); $entry = $this->entryRepository->findOneBy(['apId' => $entryApId]); self::assertTrue($entry->isTrashed()); $this->assertOneSentActivityOfType('Delete'); } public function testDeleteRemoteEntryInRemoteMagazineByLocalModerator(): void { $this->bus->dispatch(new ActivityMessage(json_encode($this->createRemoteEntryInRemoteMagazine))); $entryApId = $this->createRemoteEntryInRemoteMagazine['object']['object']['id']; $entry = $this->entryRepository->findOneBy(['apId' => $entryApId]); self::assertNotNull($entry); $this->entryManager->purge($this->localUser, $entry); $entry = $this->entryRepository->findOneBy(['apId' => $entryApId]); self::assertNull($entry); self::assertNotEmpty($this->testingApHttpClient->getPostedObjects()); $deleteActivity = $this->activityRepository->findOneBy(['type' => 'Delete']); self::assertNotNull($deleteActivity); $activityId = $this->urlGenerator->generate('ap_object', ['id' => $deleteActivity->uuid], UrlGeneratorInterface::ABSOLUTE_URL); $this->assertOneSentActivityOfType('Delete', $activityId); } public function testDeleteLocalEntryCommentInLocalMagazineByLocalModerator(): void { $entry = $this->getEntryByTitle(title: 'test entry', magazine: $this->localMagazine, user: $this->localUser); $comment = $this->createEntryComment('test entry comment', entry: $entry, user: $this->localUser); $this->removeActivitiesWithObject($comment); $this->entryCommentManager->delete($this->localUser, $comment); $this->assertOneSentActivityOfType('Delete'); } public function testDeleteLocalEntryCommentInRemoteMagazineByLocalModerator(): void { $entry = $this->getEntryByTitle(title: 'test entry', magazine: $this->remoteMagazine, user: $this->localUser); $comment = $this->createEntryComment('test entry comment', entry: $entry, user: $this->localUser); $this->removeActivitiesWithObject($comment); $this->entryCommentManager->delete($this->localUser, $comment); $this->assertOneSentActivityOfType('Delete'); } public function testDeleteRemoteEntryCommentInLocalMagazineByLocalModerator(): void { $this->bus->dispatch(new ActivityMessage(json_encode($this->createRemoteEntryInLocalMagazine))); $entryApId = $this->createRemoteEntryInLocalMagazine['object']['id']; $entry = $this->entryRepository->findOneBy(['apId' => $entryApId]); self::assertNotNull($entry); $this->bus->dispatch(new ActivityMessage(json_encode($this->createRemoteEntryCommentInLocalMagazine))); $entryCommentApId = $this->createRemoteEntryCommentInLocalMagazine['object']['id']; $entryComment = $this->entryCommentRepository->findOneBy(['apId' => $entryCommentApId]); self::assertNotNull($entryComment); $this->entryCommentManager->delete($this->localUser, $entryComment); $entryComment = $this->entryCommentRepository->findOneBy(['apId' => $entryCommentApId]); self::assertTrue($entryComment->isTrashed()); // 2 subs -> 2 delete activities $this->assertCountOfSentActivitiesOfType(2, 'Delete'); } public function testDeleteRemoteEntryCommentInRemoteMagazineByLocalModerator(): void { $this->bus->dispatch(new ActivityMessage(json_encode($this->createRemoteEntryInRemoteMagazine))); $entryApId = $this->createRemoteEntryInRemoteMagazine['object']['object']['id']; $entry = $this->entryRepository->findOneBy(['apId' => $entryApId]); self::assertNotNull($entry); $this->bus->dispatch(new ActivityMessage(json_encode($this->createRemoteEntryCommentInRemoteMagazine))); $entryCommentApId = $this->createRemoteEntryCommentInRemoteMagazine['object']['object']['id']; $entryComment = $this->entryCommentRepository->findOneBy(['apId' => $entryCommentApId]); self::assertNotNull($entryComment); $this->entryCommentManager->purge($this->localUser, $entryComment); $entryComment = $this->entryCommentRepository->findOneBy(['apId' => $entryCommentApId]); self::assertNull($entryComment); self::assertNotEmpty($this->testingApHttpClient->getPostedObjects()); $deleteActivity = $this->activityRepository->findOneBy(['type' => 'Delete']); self::assertNotNull($deleteActivity); $activityId = $this->urlGenerator->generate('ap_object', ['id' => $deleteActivity->uuid], UrlGeneratorInterface::ABSOLUTE_URL); $this->assertOneSentActivityOfType('Delete', $activityId); } public function testDeleteLocalPostInLocalMagazineByLocalModerator(): void { $post = $this->createPost(body: 'test post', magazine: $this->localMagazine, user: $this->localUser); $this->postManager->delete($this->localUser, $post); $this->assertOneSentActivityOfType('Delete'); } public function testDeleteLocalPostInRemoteMagazineByLocalModerator(): void { $post = $this->createPost(body: 'test post', magazine: $this->remoteMagazine, user: $this->localUser); $this->postManager->delete($this->localUser, $post); $this->assertOneSentActivityOfType('Delete'); } public function testDeleteRemotePostInLocalMagazineByLocalModerator(): void { $this->bus->dispatch(new ActivityMessage(json_encode($this->createRemotePostInLocalMagazine))); $postApId = $this->createRemotePostInLocalMagazine['object']['id']; $post = $this->postRepository->findOneBy(['apId' => $postApId]); self::assertNotNull($post); $this->postManager->delete($this->localUser, $post); $post = $this->postRepository->findOneBy(['apId' => $postApId]); self::assertTrue($post->isTrashed()); $this->assertOneSentActivityOfType('Delete'); } public function testDeleteRemotePostInRemoteMagazineByLocalModerator(): void { $this->bus->dispatch(new ActivityMessage(json_encode($this->createRemotePostInRemoteMagazine))); $postApId = $this->createRemotePostInRemoteMagazine['object']['object']['id']; $post = $this->postRepository->findOneBy(['apId' => $postApId]); self::assertNotNull($post); $this->postManager->purge($this->localUser, $post); $post = $this->postRepository->findOneBy(['apId' => $postApId]); self::assertNull($post); self::assertNotEmpty($this->testingApHttpClient->getPostedObjects()); $deleteActivity = $this->activityRepository->findOneBy(['type' => 'Delete']); self::assertNotNull($deleteActivity); $activityId = $this->urlGenerator->generate('ap_object', ['id' => $deleteActivity->uuid], UrlGeneratorInterface::ABSOLUTE_URL); $this->assertOneSentActivityOfType('Delete', $activityId); } public function testDeleteLocalPostCommentInLocalMagazineByLocalModerator(): void { $post = $this->createPost(body: 'test post', magazine: $this->localMagazine, user: $this->localUser); $comment = $this->createPostComment('test post comment', post: $post, user: $this->localUser); $this->removeActivitiesWithObject($comment); $this->postCommentManager->delete($this->localUser, $comment); $this->assertOneSentActivityOfType('Delete'); } public function testDeleteLocalPostCommentInRemoteMagazineByLocalModerator(): void { $post = $this->createPost(body: 'test post', magazine: $this->remoteMagazine, user: $this->localUser); $comment = $this->createPostComment('test post comment', post: $post, user: $this->localUser); $this->removeActivitiesWithObject($comment); $this->postCommentManager->delete($this->localUser, $comment); $this->assertOneSentActivityOfType('Delete'); } public function testDeleteRemotePostCommentInLocalMagazineByLocalModerator(): void { $this->bus->dispatch(new ActivityMessage(json_encode($this->createRemotePostInLocalMagazine))); $postApId = $this->createRemotePostInLocalMagazine['object']['id']; $post = $this->postRepository->findOneBy(['apId' => $postApId]); self::assertNotNull($post); $this->bus->dispatch(new ActivityMessage(json_encode($this->createRemotePostCommentInLocalMagazine))); $postCommentApId = $this->createRemotePostCommentInLocalMagazine['object']['id']; $postComment = $this->postCommentRepository->findOneBy(['apId' => $postCommentApId]); self::assertNotNull($postComment); $this->postCommentManager->delete($this->localUser, $postComment); $postComment = $this->postCommentRepository->findOneBy(['apId' => $postCommentApId]); self::assertTrue($postComment->isTrashed()); // 2 subs -> 2 delete activities $this->assertCountOfSentActivitiesOfType(2, 'Delete'); } public function testDeleteRemotePostCommentInRemoteMagazineByLocalModerator(): void { $this->bus->dispatch(new ActivityMessage(json_encode($this->createRemotePostInRemoteMagazine))); $postApId = $this->createRemotePostInRemoteMagazine['object']['object']['id']; $post = $this->postRepository->findOneBy(['apId' => $postApId]); self::assertNotNull($post); $this->bus->dispatch(new ActivityMessage(json_encode($this->createRemotePostCommentInRemoteMagazine))); $postCommentApId = $this->createRemotePostCommentInRemoteMagazine['object']['object']['id']; $postComment = $this->postCommentRepository->findOneBy(['apId' => $postCommentApId]); self::assertNotNull($postComment); $this->postCommentManager->purge($this->localUser, $postComment); $postComment = $this->postCommentRepository->findOneBy(['apId' => $postCommentApId]); self::assertNull($postComment); self::assertNotEmpty($this->testingApHttpClient->getPostedObjects()); $deleteActivity = $this->activityRepository->findOneBy(['type' => 'Delete']); self::assertNotNull($deleteActivity); $activityId = $this->urlGenerator->generate('ap_object', ['id' => $deleteActivity->uuid], UrlGeneratorInterface::ABSOLUTE_URL); $this->assertOneSentActivityOfType('Delete', $activityId); } public function testDeleteLocalEntryInRemoteMagazineByAuthor(): void { $entry = $this->createEntry('test local entry', $this->remoteMagazine, $this->localPoster); $createEntryActivity = $this->activityRepository->findOneBy(['objectEntry' => $entry]); $this->entityManager->remove($createEntryActivity); $this->entryManager->delete($this->localPoster, $entry); $this->assertOneSentActivityOfType('Delete'); } public function testDeleteLocalEntryCommentInRemoteMagazineByAuthor(): void { $entry = $this->createEntry('test local entry', $this->remoteMagazine, $this->localPoster); $entryComment = $this->createEntryComment('test local entryComment', $entry, $this->localPoster); $createEntryCommentActivity = $this->activityRepository->findOneBy(['objectEntryComment' => $entryComment]); $this->entityManager->remove($createEntryCommentActivity); $this->entryCommentManager->delete($this->localPoster, $entryComment); $this->assertOneSentActivityOfType('Delete'); } public function testDeleteLocalPostInRemoteMagazineByAuthor(): void { $post = $this->createPost('test local post', $this->remoteMagazine, $this->localPoster); $createPostActivity = $this->activityRepository->findOneBy(['objectPost' => $post]); $this->entityManager->remove($createPostActivity); $this->postManager->delete($this->localPoster, $post); $this->assertOneSentActivityOfType('Delete'); } public function testDeleteLocalPostCommentInRemoteMagazineByAuthor(): void { $post = $this->createPost('test local post', $this->remoteMagazine, $this->localPoster); $postComment = $this->createPostComment('test local post comment', $post, $this->localPoster); $createPostCommentActivity = $this->activityRepository->findOneBy(['objectPostComment' => $postComment]); $this->entityManager->remove($createPostCommentActivity); $this->postCommentManager->delete($this->localPoster, $postComment); $this->assertOneSentActivityOfType('Delete'); } public function removeActivitiesWithObject(ActivityPubActivityInterface|ActivityPubActorInterface $object): void { $activities = $this->activityRepository->findAllActivitiesByObject($object); foreach ($activities as $activity) { $this->entityManager->remove($activity); } } } ================================================ FILE: tests/Functional/ActivityPub/Outbox/LockHandlerTest.php ================================================ magazineManager->addModerator(new ModeratorDto($this->remoteMagazine, $this->localUser)); $this->localPoster = $this->getUserByUsername('localPoster', addImage: false); } public function setUpRemoteEntities(): void { $this->createRemoteEntryInRemoteMagazine = $this->createRemoteEntryInRemoteMagazine($this->remoteMagazine, $this->remotePoster); $this->createRemotePostInRemoteMagazine = $this->createRemotePostInRemoteMagazine($this->remoteMagazine, $this->remotePoster); $this->createRemoteEntryInLocalMagazine = $this->createRemoteEntryInLocalMagazine($this->localMagazine, $this->remotePoster); $this->createRemotePostInLocalMagazine = $this->createRemotePostInLocalMagazine($this->localMagazine, $this->remotePoster); } protected function setUpRemoteActors(): void { parent::setUpRemoteActors(); $username = 'remotePoster'; $domain = $this->remoteDomain; $this->remotePoster = $this->getUserByUsername($username, addImage: false); $this->registerActor($this->remotePoster, $domain, true); } public function testLockLocalEntryInLocalMagazineByLocalModerator(): void { $entry = $this->createEntry('Some local entry', $this->localMagazine, $this->localPoster); $this->entryManager->toggleLock($entry, $this->localUser); $this->assertOneSentActivityOfType('Lock'); } public function testLockLocalEntryInRemoteMagazineByLocalModerator(): void { $entry = $this->createEntry('Some local entry', $this->remoteMagazine, $this->localPoster); $this->entryManager->toggleLock($entry, $this->localUser); $this->assertOneSentActivityOfType('Lock'); } public function testLockRemoteEntryInLocalMagazineByLocalModerator(): void { $this->bus->dispatch(new ActivityMessage(json_encode($this->createRemoteEntryInLocalMagazine))); $entry = $this->entryRepository->findOneBy(['apId' => $this->createRemoteEntryInLocalMagazine['object']['id']]); self::assertNotNull($entry); $this->entryManager->toggleLock($entry, $this->localUser); $this->assertOneSentActivityOfType('Lock'); } public function testLockRemoteEntryInRemoteMagazineByLocalModerator(): void { $this->bus->dispatch(new ActivityMessage(json_encode($this->createRemoteEntryInRemoteMagazine))); $entry = $this->entryRepository->findOneBy(['apId' => $this->createRemoteEntryInRemoteMagazine['object']['object']['id']]); self::assertNotNull($entry); $this->entryManager->toggleLock($entry, $this->localUser); $this->assertOneSentActivityOfType('Lock'); } public function testLockLocalPostInLocalMagazineByLocalModerator(): void { $post = $this->createPost('Some post', $this->localMagazine, $this->localPoster); $this->postManager->toggleLock($post, $this->localUser); $this->assertOneSentActivityOfType('Lock'); } public function testLockLocalPostInRemoteMagazineByLocalModerator(): void { $post = $this->createPost('Some post', $this->remoteMagazine, $this->localPoster); $this->postManager->toggleLock($post, $this->localUser); $this->assertOneSentActivityOfType('Lock'); } public function testLockRemotePostInLocalMagazineByLocalModerator(): void { $this->bus->dispatch(new ActivityMessage(json_encode($this->createRemotePostInLocalMagazine))); $post = $this->postRepository->findOneBy(['apId' => $this->createRemotePostInLocalMagazine['object']['id']]); self::assertNotNull($post); $this->postManager->toggleLock($post, $this->localUser); $this->assertOneSentActivityOfType('Lock'); } public function testLockRemotePostInRemoteMagazineByLocalModerator(): void { $this->bus->dispatch(new ActivityMessage(json_encode($this->createRemotePostInRemoteMagazine))); $post = $this->postRepository->findOneBy(['apId' => $this->createRemotePostInRemoteMagazine['object']['object']['id']]); self::assertNotNull($post); $this->postManager->toggleLock($post, $this->localUser); $this->assertOneSentActivityOfType('Lock'); } public function testLockLocalEntryInRemoteMagazineByAuthor(): void { $entry = $this->createEntry('Some local entry', $this->remoteMagazine, $this->localPoster); $this->entryManager->toggleLock($entry, $this->localPoster); $this->assertOneSentActivityOfType('Lock'); } public function testLockLocalPostInRemoteMagazineByAuthor(): void { $post = $this->createPost('Some local post', $this->remoteMagazine, $this->localPoster); $this->postManager->toggleLock($post, $this->localPoster); $this->assertOneSentActivityOfType('Lock'); } } ================================================ FILE: tests/Functional/Command/AdminCommandTest.php ================================================ create('actor', 'contact@example.com'); $dto->plainPassword = 'secret'; $this->getContainer()->get(UserManager::class) ->create($dto, false); $this->assertFalse($this->repository->findOneByUsername('actor')->isAdmin()); $tester = new CommandTester($this->command); $tester->execute(['username' => 'actor']); $this->assertStringContainsString('Administrator privileges have been granted.', $tester->getDisplay()); $this->assertTrue($this->repository->findOneByUsername('actor')->isAdmin()); } protected function setUp(): void { $application = new Application(self::bootKernel()); $this->command = $application->find('mbin:user:admin'); $this->repository = $this->getContainer()->get(UserRepository::class); } } ================================================ FILE: tests/Functional/Command/ModeratorCommandTest.php ================================================ create('actor', 'contact@example.com'); $dto->plainPassword = 'secret'; $this->getContainer()->get(UserManager::class) ->create($dto, false); $this->assertFalse($this->repository->findOneByUsername('actor')->isModerator()); $tester = new CommandTester($this->command); $tester->execute(['username' => 'actor']); $this->assertStringContainsString('Global moderator privileges have been granted.', $tester->getDisplay()); $this->assertTrue($this->repository->findOneByUsername('actor')->isModerator()); } protected function setUp(): void { $application = new Application(self::bootKernel()); $this->command = $application->find('mbin:user:moderator'); $this->repository = $this->getContainer()->get(UserRepository::class); } } ================================================ FILE: tests/Functional/Command/UserCommandTest.php ================================================ command); $tester->execute( [ 'username' => 'actor', 'email' => 'contact@example.com', 'password' => 'secret', ] ); $this->assertStringContainsString('A user has been created.', $tester->getDisplay()); $this->assertInstanceOf(User::class, $this->repository->findOneByUsername('actor')); } public function testCreateAdminUser(): void { $tester = new CommandTester($this->command); $tester->execute( [ 'username' => 'actor', 'email' => 'contact@example.com', 'password' => 'secret', '--admin' => true, ], ); $this->assertStringContainsString('A user has been created.', $tester->getDisplay()); $actor = $this->repository->findOneByUsername('actor'); $this->assertInstanceOf(User::class, $actor); $this->assertTrue($actor->isAdmin()); } protected function setUp(): void { $application = new Application(self::bootKernel()); $this->command = $application->find('mbin:user:create'); $this->repository = $this->getContainer()->get(UserRepository::class); } } ================================================ FILE: tests/Functional/Controller/ActivityPub/GeneralAPTest.php ================================================ getUserByUsername('user'); $this->client->request('GET', '/u/user', [], [], [ 'HTTP_ACCEPT' => $acceptHeader, ]); self::assertResponseHeaderSame('Content-Type', 'application/activity+json'); } public static function provideAcceptHeaders(): array { return [ ['application/ld+json;profile=https://www.w3.org/ns/activitystreams'], ['application/ld+json;profile="https://www.w3.org/ns/activitystreams"'], ['application/ld+json ; profile="https://www.w3.org/ns/activitystreams"'], ['application/ld+json'], ['application/activity+json'], ['application/json'], ]; } } ================================================ FILE: tests/Functional/Controller/ActivityPub/UserOutboxControllerTest.php ================================================ getUserByUsername('apUser', addImage: false); $user2 = $this->getUserByUsername('apUser2', addImage: false); $magazine = $this->getMagazineByName('test-magazine'); // create a message to test that it is not part of the outbox $dto = new MessageDto(); $dto->body = 'this is a message'; $thread = $this->messageManager->toThread($dto, $user, $user2); $entry = $this->createEntry('entry', $magazine, user: $user); $entryComment = $this->createEntryComment('comment', $entry, user: $user); $post = $this->createPost('post', $magazine, user: $user); $postComment = $this->createPostComment('comment', $post, user: $user); // upvote an entry to check that it is not part of the outbox $entryToLike = $this->getEntryByTitle('test entry 2'); $this->favouriteManager->toggle($user, $entryToLike); // downvote an entry to check that it is not part of the outbox $entryToDislike = $this->getEntryByTitle('test entry 3'); $this->voteManager->vote(-1, $entryToDislike, $user); // boost an entry to check that it is part of the outbox $entryToDislike = $this->getEntryByTitle('test entry 4'); $this->voteManager->vote(1, $entryToDislike, $user); } public function testUserOutbox(): void { $this->client->request('GET', '/u/apUser/outbox', server: ['HTTP_ACCEPT' => 'application/activity+json']); self::assertResponseIsSuccessful(); $json = self::getJsonResponse($this->client); self::assertArrayKeysMatch(self::COLLECTION_KEYS, $json); self::assertEquals('OrderedCollection', $json['type']); self::assertEquals(5, $json['totalItems']); $firstPage = $json['first']; $this->client->request('GET', $firstPage, server: ['HTTP_ACCEPT' => 'application/activity+json']); self::assertResponseIsSuccessful(); } public function testUserOutboxPage1(): void { $this->client->request('GET', '/u/apUser/outbox?page=1', server: ['HTTP_ACCEPT' => 'application/activity+json']); self::assertResponseIsSuccessful(); $json = self::getJsonResponse($this->client); self::assertArrayKeysMatch(self::COLLECTION_ITEMS_KEYS, $json); self::assertEquals(5, $json['totalItems']); self::assertCount(5, $json['orderedItems']); $entries = array_filter($json['orderedItems'], fn (array $createActivity) => 'Create' === $createActivity['type'] && 'Page' === $createActivity['object']['type']); self::assertCount(1, $entries); $entryComments = array_filter($json['orderedItems'], fn (array $createActivity) => 'Create' === $createActivity['type'] && 'Note' === $createActivity['object']['type'] && str_contains($createActivity['object']['inReplyTo'] ?? '', '/t/')); self::assertCount(1, $entryComments); $posts = array_filter($json['orderedItems'], fn (array $createActivity) => 'Create' === $createActivity['type'] && 'Note' === $createActivity['object']['type'] && null === $createActivity['object']['inReplyTo']); self::assertCount(1, $posts); $postComments = array_filter($json['orderedItems'], fn (array $createActivity) => 'Create' === $createActivity['type'] && 'Note' === $createActivity['object']['type'] && str_contains($createActivity['object']['inReplyTo'] ?? '', '/p/')); self::assertCount(1, $postComments); $boosts = array_filter($json['orderedItems'], fn (array $createActivity) => 'Announce' === $createActivity['type']); self::assertCount(1, $boosts); // the outbox should not contain ChatMessages, likes or dislikes $likes = array_filter($json['orderedItems'], fn (array $createActivity) => 'Like' === $createActivity['type']); self::assertCount(0, $likes); $dislikes = array_filter($json['orderedItems'], fn (array $createActivity) => 'Dislike' === $createActivity['type']); self::assertCount(0, $dislikes); $chatMessages = array_filter($json['orderedItems'], fn (array $createActivity) => 'Create' === $createActivity['type'] && 'ChatMessage' === $createActivity['object']['type']); self::assertCount(0, $chatMessages); $ids = array_map(fn (array $createActivity) => $createActivity['id'], $json['orderedItems']); $this->client->request('GET', '/u/apUser/outbox?page=1', server: ['HTTP_ACCEPT' => 'application/activity+json']); self::assertResponseIsSuccessful(); $json = self::getJsonResponse($this->client); $ids2 = array_map(fn (array $createActivity) => $createActivity['id'], $json['orderedItems']); // check that the ids of the 'Create' activities are stable self::assertEquals($ids, $ids2); } } ================================================ FILE: tests/Functional/Controller/Admin/AdminFederationControllerTest.php ================================================ instanceRepository->getOrCreateInstance('www.example.com'); $this->instanceManager->banInstance($instance); $this->client->loginUser($this->getUserByUsername('admin', isAdmin: true)); $crawler = $this->client->request('GET', '/admin/federation'); $this->client->submit($crawler->filter('#content tr td button[type=submit]')->form()); $this->assertSame( [], $this->settingsManager->getBannedInstances(), ); } } ================================================ FILE: tests/Functional/Controller/Admin/AdminUserControllerTest.php ================================================ getUserByUsername('inactiveUser', active: false); $admin = $this->getUserByUsername('admin', isAdmin: true); $this->client->loginUser($admin); $this->client->request('GET', '/admin/users/inactive'); self::assertResponseIsSuccessful(); self::assertAnySelectorTextContains('a.user-inline', 'inactiveUser'); } } ================================================ FILE: tests/Functional/Controller/Api/Bookmark/BookmarkApiTest.php ================================================ user = $this->getUserByUsername('user'); $this->client->loginUser($this->user); self::createOAuth2PublicAuthCodeClient(); $codes = self::getPublicAuthorizationCodeTokenResponse($this->client, scopes: 'read bookmark bookmark_list'); $this->token = $codes['token_type'].' '.$codes['access_token']; // it seems that the oauth flow detaches the user object from the entity manager, so fetch it again $this->user = $this->userRepository->findOneByUsername('user'); } public function testBookmarkEntryToDefault(): void { $entry = $this->getEntryByTitle('entry'); $this->client->request('PUT', "/api/bos/{$entry->getId()}/entry", server: ['HTTP_AUTHORIZATION' => $this->token]); self::assertResponseIsSuccessful(); $bookmarks = $this->bookmarkRepository->findByList($this->user, $this->bookmarkListRepository->findOneByUserDefault($this->user)); self::assertIsArray($bookmarks); self::assertCount(1, $bookmarks); } public function testBookmarkEntryCommentToDefault(): void { $entry = $this->getEntryByTitle('entry'); $comment = $this->createEntryComment('comment', $entry); $this->client->request('PUT', "/api/bos/{$comment->getId()}/entry_comment", server: ['HTTP_AUTHORIZATION' => $this->token]); self::assertResponseIsSuccessful(); $bookmarks = $this->bookmarkRepository->findByList($this->user, $this->bookmarkListRepository->findOneByUserDefault($this->user)); self::assertIsArray($bookmarks); self::assertCount(1, $bookmarks); } public function testBookmarkPostToDefault(): void { $post = $this->createPost('post'); $this->client->request('PUT', "/api/bos/{$post->getId()}/post", server: ['HTTP_AUTHORIZATION' => $this->token]); self::assertResponseIsSuccessful(); $bookmarks = $this->bookmarkRepository->findByList($this->user, $this->bookmarkListRepository->findOneByUserDefault($this->user)); self::assertIsArray($bookmarks); self::assertCount(1, $bookmarks); } public function testBookmarkPostCommentToDefault(): void { $post = $this->createPost('entry'); $comment = $this->createPostComment('comment', $post); $this->client->request('PUT', "/api/bos/{$comment->getId()}/post_comment", server: ['HTTP_AUTHORIZATION' => $this->token]); self::assertResponseIsSuccessful(); $bookmarks = $this->bookmarkRepository->findByList($this->user, $this->bookmarkListRepository->findOneByUserDefault($this->user)); self::assertIsArray($bookmarks); self::assertCount(1, $bookmarks); } public function testRemoveBookmarkEntryFromDefault(): void { $entry = $this->getEntryByTitle('entry'); $this->client->request('PUT', "/api/bos/{$entry->getId()}/entry", server: ['HTTP_AUTHORIZATION' => $this->token]); self::assertResponseIsSuccessful(); $list = $this->bookmarkListRepository->findOneByUserDefault($this->user); $bookmarks = $this->bookmarkRepository->findByList($this->user, $list); self::assertIsArray($bookmarks); self::assertCount(1, $bookmarks); $this->client->request('DELETE', "/api/rbo/{$entry->getId()}/entry", server: ['HTTP_AUTHORIZATION' => $this->token]); self::assertResponseIsSuccessful(); $bookmarks = $this->bookmarkRepository->findByList($this->user, $list); self::assertIsArray($bookmarks); self::assertCount(0, $bookmarks); } public function testRemoveBookmarkEntryCommentFromDefault(): void { $entry = $this->getEntryByTitle('entry'); $comment = $this->createEntryComment('comment', $entry); $this->client->request('PUT', "/api/bos/{$comment->getId()}/entry_comment", server: ['HTTP_AUTHORIZATION' => $this->token]); self::assertResponseIsSuccessful(); $list = $this->bookmarkListRepository->findOneByUserDefault($this->user); $bookmarks = $this->bookmarkRepository->findByList($this->user, $list); self::assertIsArray($bookmarks); self::assertCount(1, $bookmarks); $this->client->request('DELETE', "/api/rbo/{$comment->getId()}/entry_comment", server: ['HTTP_AUTHORIZATION' => $this->token]); self::assertResponseIsSuccessful(); $bookmarks = $this->bookmarkRepository->findByList($this->user, $list); self::assertIsArray($bookmarks); self::assertCount(0, $bookmarks); } public function testRemoveBookmarkPostFromDefault(): void { $post = $this->createPost('post'); $this->client->request('PUT', "/api/bos/{$post->getId()}/post", server: ['HTTP_AUTHORIZATION' => $this->token]); self::assertResponseIsSuccessful(); $list = $this->bookmarkListRepository->findOneByUserDefault($this->user); $bookmarks = $this->bookmarkRepository->findByList($this->user, $list); self::assertIsArray($bookmarks); self::assertCount(1, $bookmarks); $this->client->request('DELETE', "/api/rbo/{$post->getId()}/post", server: ['HTTP_AUTHORIZATION' => $this->token]); self::assertResponseIsSuccessful(); $bookmarks = $this->bookmarkRepository->findByList($this->user, $list); self::assertIsArray($bookmarks); self::assertCount(0, $bookmarks); } public function testRemoveBookmarkPostCommentFromDefault(): void { $post = $this->createPost('entry'); $comment = $this->createPostComment('comment', $post); $this->client->request('PUT', "/api/bos/{$comment->getId()}/post_comment", server: ['HTTP_AUTHORIZATION' => $this->token]); self::assertResponseIsSuccessful(); $list = $this->bookmarkListRepository->findOneByUserDefault($this->user); $bookmarks = $this->bookmarkRepository->findByList($this->user, $list); self::assertIsArray($bookmarks); self::assertCount(1, $bookmarks); $this->client->request('DELETE', "/api/rbo/{$comment->getId()}/post_comment", server: ['HTTP_AUTHORIZATION' => $this->token]); self::assertResponseIsSuccessful(); $bookmarks = $this->bookmarkRepository->findByList($this->user, $list); self::assertIsArray($bookmarks); self::assertCount(0, $bookmarks); } public function testBookmarkEntryToList(): void { $this->entityManager->refresh($this->user); $list = $this->bookmarkManager->createList($this->user, 'list'); $entry = $this->getEntryByTitle('entry'); $this->client->request('PUT', "/api/bol/{$entry->getId()}/entry/$list->name", server: ['HTTP_AUTHORIZATION' => $this->token]); self::assertResponseIsSuccessful(); $bookmarks = $this->bookmarkRepository->findByList($this->user, $list); self::assertIsArray($bookmarks); self::assertCount(1, $bookmarks); } public function testBookmarkEntryCommentToList(): void { $list = $this->bookmarkManager->createList($this->user, 'list'); $entry = $this->getEntryByTitle('entry'); $comment = $this->createEntryComment('comment', $entry); $this->client->request('PUT', "/api/bol/{$comment->getId()}/entry_comment/$list->name", server: ['HTTP_AUTHORIZATION' => $this->token]); self::assertResponseIsSuccessful(); $bookmarks = $this->bookmarkRepository->findByList($this->user, $list); self::assertIsArray($bookmarks); self::assertCount(1, $bookmarks); } public function testBookmarkPostToList(): void { $list = $this->bookmarkManager->createList($this->user, 'list'); $post = $this->createPost('post'); $this->client->request('PUT', "/api/bol/{$post->getId()}/post/$list->name", server: ['HTTP_AUTHORIZATION' => $this->token]); self::assertResponseIsSuccessful(); $bookmarks = $this->bookmarkRepository->findByList($this->user, $list); self::assertIsArray($bookmarks); self::assertCount(1, $bookmarks); } public function testBookmarkPostCommentToList(): void { $list = $this->bookmarkManager->createList($this->user, 'list'); $post = $this->createPost('entry'); $comment = $this->createPostComment('comment', $post); $this->client->request('PUT', "/api/bol/{$comment->getId()}/post_comment/$list->name", server: ['HTTP_AUTHORIZATION' => $this->token]); self::assertResponseIsSuccessful(); $bookmarks = $this->bookmarkRepository->findByList($this->user, $list); self::assertIsArray($bookmarks); self::assertCount(1, $bookmarks); } public function testRemoveBookmarkEntryFromList(): void { $list = $this->bookmarkManager->createList($this->user, 'list'); $entry = $this->getEntryByTitle('entry'); $this->client->request('PUT', "/api/bol/{$entry->getId()}/entry/$list->name", server: ['HTTP_AUTHORIZATION' => $this->token]); self::assertResponseIsSuccessful(); $bookmarks = $this->bookmarkRepository->findByList($this->user, $list); self::assertIsArray($bookmarks); self::assertCount(1, $bookmarks); $this->client->request('DELETE', "/api/rbol/{$entry->getId()}/entry/$list->name", server: ['HTTP_AUTHORIZATION' => $this->token]); self::assertResponseIsSuccessful(); $bookmarks = $this->bookmarkRepository->findByList($this->user, $list); self::assertIsArray($bookmarks); self::assertCount(0, $bookmarks); } public function testRemoveBookmarkEntryCommentFromList(): void { $list = $this->bookmarkManager->createList($this->user, 'list'); $entry = $this->getEntryByTitle('entry'); $comment = $this->createEntryComment('comment', $entry); $this->client->request('PUT', "/api/bol/{$comment->getId()}/entry_comment/$list->name", server: ['HTTP_AUTHORIZATION' => $this->token]); self::assertResponseIsSuccessful(); $bookmarks = $this->bookmarkRepository->findByList($this->user, $list); self::assertIsArray($bookmarks); self::assertCount(1, $bookmarks); $this->client->request('DELETE', "/api/rbol/{$comment->getId()}/entry_comment/$list->name", server: ['HTTP_AUTHORIZATION' => $this->token]); self::assertResponseIsSuccessful(); $bookmarks = $this->bookmarkRepository->findByList($this->user, $list); self::assertIsArray($bookmarks); self::assertCount(0, $bookmarks); } public function testRemoveBookmarkPostFromList(): void { $list = $this->bookmarkManager->createList($this->user, 'list'); $post = $this->createPost('post'); $this->client->request('PUT', "/api/bol/{$post->getId()}/post/$list->name", server: ['HTTP_AUTHORIZATION' => $this->token]); self::assertResponseIsSuccessful(); $bookmarks = $this->bookmarkRepository->findByList($this->user, $list); self::assertIsArray($bookmarks); self::assertCount(1, $bookmarks); $this->client->request('DELETE', "/api/rbol/{$post->getId()}/post/$list->name", server: ['HTTP_AUTHORIZATION' => $this->token]); self::assertResponseIsSuccessful(); $bookmarks = $this->bookmarkRepository->findByList($this->user, $list); self::assertIsArray($bookmarks); self::assertCount(0, $bookmarks); } public function testRemoveBookmarkPostCommentFromList(): void { $list = $this->bookmarkManager->createList($this->user, 'list'); $post = $this->createPost('entry'); $comment = $this->createPostComment('comment', $post); $this->client->request('PUT', "/api/bol/{$comment->getId()}/post_comment/$list->name", server: ['HTTP_AUTHORIZATION' => $this->token]); self::assertResponseIsSuccessful(); $bookmarks = $this->bookmarkRepository->findByList($this->user, $list); self::assertIsArray($bookmarks); self::assertCount(1, $bookmarks); $this->client->request('DELETE', "/api/rbol/{$comment->getId()}/post_comment/$list->name", server: ['HTTP_AUTHORIZATION' => $this->token]); self::assertResponseIsSuccessful(); $bookmarks = $this->bookmarkRepository->findByList($this->user, $list); self::assertIsArray($bookmarks); self::assertCount(0, $bookmarks); } public function testBookmarkedEntryJson(): void { $entry = $this->getEntryByTitle('entry'); $list = $this->bookmarkManager->createList($this->user, 'list'); $this->bookmarkManager->addBookmarkToDefaultList($this->user, $entry); $this->bookmarkManager->addBookmark($this->user, $list, $entry); $this->client->request('GET', "/api/entry/{$entry->getId()}", server: ['HTTP_AUTHORIZATION' => $this->token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); assertIsArray($jsonData['bookmarks']); assertCount(2, $jsonData['bookmarks']); self::assertContains('list', $jsonData['bookmarks']); } public function testBookmarkedEntryCommentJson(): void { $entry = $this->getEntryByTitle('entry'); $comment = $this->createEntryComment('comment', $entry); $list = $this->bookmarkManager->createList($this->user, 'list'); $this->bookmarkManager->addBookmarkToDefaultList($this->user, $comment); $this->bookmarkManager->addBookmark($this->user, $list, $comment); $this->client->request('GET', "/api/comments/{$comment->getId()}", server: ['HTTP_AUTHORIZATION' => $this->token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); assertIsArray($jsonData['bookmarks']); assertCount(2, $jsonData['bookmarks']); self::assertContains('list', $jsonData['bookmarks']); } public function testBookmarkedPostJson(): void { $post = $this->createPost('post'); $list = $this->bookmarkManager->createList($this->user, 'list'); $this->bookmarkManager->addBookmarkToDefaultList($this->user, $post); $this->bookmarkManager->addBookmark($this->user, $list, $post); $this->client->request('GET', "/api/post/{$post->getId()}", server: ['HTTP_AUTHORIZATION' => $this->token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); assertIsArray($jsonData['bookmarks']); assertCount(2, $jsonData['bookmarks']); self::assertContains('list', $jsonData['bookmarks']); } public function testBookmarkedPostCommentJson(): void { $post = $this->createPost('post'); $comment = $this->createPostComment('comment', $post); $list = $this->bookmarkManager->createList($this->user, 'list'); $this->bookmarkManager->addBookmarkToDefaultList($this->user, $comment); $this->bookmarkManager->addBookmark($this->user, $list, $comment); $this->client->request('GET', "/api/post-comments/{$comment->getId()}", server: ['HTTP_AUTHORIZATION' => $this->token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); assertIsArray($jsonData['bookmarks']); assertCount(2, $jsonData['bookmarks']); self::assertContains('list', $jsonData['bookmarks']); } public function testBookmarkListFront(): void { $list = $this->bookmarkManager->createList($this->user, 'list'); $entry = $this->getEntryByTitle('entry'); $comment = $this->createEntryComment('comment', $entry); $comment2 = $this->createEntryComment('coment2', $entry, parent: $comment); $post = $this->createPost('post'); $postComment = $this->createPostComment('comment', $post); $postComment2 = $this->createPostComment('comment2', $post, parent: $postComment); $this->bookmarkManager->addBookmark($this->user, $list, $entry); $this->bookmarkManager->addBookmark($this->user, $list, $comment); $this->bookmarkManager->addBookmark($this->user, $list, $comment2); $this->bookmarkManager->addBookmark($this->user, $list, $post); $this->bookmarkManager->addBookmark($this->user, $list, $postComment); $this->bookmarkManager->addBookmark($this->user, $list, $postComment2); $this->client->request('GET', "/api/bookmark-lists/show?list={$list->name}", server: ['HTTP_AUTHORIZATION' => $this->token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); assertIsArray($jsonData['items']); assertCount(6, $jsonData['items']); } } ================================================ FILE: tests/Functional/Controller/Api/Bookmark/BookmarkListApiTest.php ================================================ user = $this->getUserByUsername('user'); $this->client->loginUser($this->user); self::createOAuth2PublicAuthCodeClient(); $codes = self::getPublicAuthorizationCodeTokenResponse($this->client, scopes: 'bookmark_list'); $this->token = $codes['token_type'].' '.$codes['access_token']; } public function testCreateList(): void { $this->client->request('GET', '/api/bookmark-lists', server: ['HTTP_AUTHORIZATION' => $this->token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData['items']); self::assertCount(0, $jsonData['items']); $this->client->request('POST', '/api/bookmark-lists/test-list', server: ['HTTP_AUTHORIZATION' => $this->token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertEquals('test-list', $jsonData['name']); self::assertEquals(0, $jsonData['count']); self::assertFalse($jsonData['isDefault']); $this->client->request('GET', '/api/bookmark-lists', server: ['HTTP_AUTHORIZATION' => $this->token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData['items']); self::assertCount(1, $jsonData['items']); self::assertEquals('test-list', $jsonData['items'][0]['name']); self::assertEquals(0, $jsonData['items'][0]['count']); self::assertFalse($jsonData['items'][0]['isDefault']); } public function testRenameList(): void { $dto = new BookmarkListDto(); $dto->name = 'new-test-list'; $this->client->request('POST', '/api/bookmark-lists/test-list', server: ['HTTP_AUTHORIZATION' => $this->token]); self::assertResponseIsSuccessful(); $this->client->jsonRequest('PUT', '/api/bookmark-lists/test-list', parameters: $dto->jsonSerialize(), server: ['HTTP_AUTHORIZATION' => $this->token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertEquals('new-test-list', $jsonData['name']); self::assertEquals(0, $jsonData['count']); self::assertFalse($jsonData['isDefault']); $dto = new BookmarkListDto(); $dto->name = 'new-test-list2'; $dto->isDefault = true; $this->client->jsonRequest('PUT', '/api/bookmark-lists/new-test-list', parameters: $dto->jsonSerialize(), server: ['HTTP_AUTHORIZATION' => $this->token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertEquals('new-test-list2', $jsonData['name']); self::assertEquals(0, $jsonData['count']); self::assertTrue($jsonData['isDefault']); } public function testDeleteList(): void { $this->client->request('GET', '/api/bookmark-lists', server: ['HTTP_AUTHORIZATION' => $this->token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData['items']); self::assertCount(0, $jsonData['items']); $this->client->request('POST', '/api/bookmark-lists/test-list', server: ['HTTP_AUTHORIZATION' => $this->token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); $this->client->request('GET', '/api/bookmark-lists', server: ['HTTP_AUTHORIZATION' => $this->token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData['items']); self::assertCount(1, $jsonData['items']); $this->client->request('DELETE', '/api/bookmark-lists/test-list', server: ['HTTP_AUTHORIZATION' => $this->token]); self::assertResponseIsSuccessful(); $this->client->request('GET', '/api/bookmark-lists', server: ['HTTP_AUTHORIZATION' => $this->token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData['items']); self::assertCount(0, $jsonData['items']); } public function testMakeListDefault(): void { $this->client->request('POST', '/api/bookmark-lists/test-list', server: ['HTTP_AUTHORIZATION' => $this->token]); self::assertResponseIsSuccessful(); $this->client->jsonRequest('PUT', '/api/bookmark-lists/test-list/makeDefault', server: ['HTTP_AUTHORIZATION' => $this->token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertEquals('test-list', $jsonData['name']); self::assertEquals(0, $jsonData['count']); self::assertTrue($jsonData['isDefault']); $this->client->request('GET', '/api/bookmark-lists', server: ['HTTP_AUTHORIZATION' => $this->token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData['items']); self::assertCount(1, $jsonData['items']); self::assertIsArray($jsonData['items'][0]); self::assertEquals('test-list', $jsonData['items'][0]['name']); self::assertEquals(0, $jsonData['items'][0]['count']); self::assertTrue($jsonData['items'][0]['isDefault']); } } ================================================ FILE: tests/Functional/Controller/Api/Combined/CombinedRetrieveApiCursoredTest.php ================================================ magazine = $this->getMagazineByName('acme'); $this->user = $this->getUserByUsername('user'); $this->magazineManager->subscribe($this->magazine, $this->user); for ($i = 0; $i < 10; ++$i) { $entry = $this->getEntryByTitle("Test Entry $i", magazine: $this->magazine); $entry->createdAt = new \DateTimeImmutable("now - $i minutes"); $this->entityManager->persist($entry); $this->generatedEntries[] = $entry; ++$i; $post = $this->createPost("Test Post $i", magazine: $this->magazine); $post->createdAt = new \DateTimeImmutable("now - $i minutes"); $this->entityManager->persist($post); $this->generatedPosts[] = $post; } $this->entityManager->flush(); } public function testCombinedAnonymous(): void { $this->client->request('GET', '/api/combined?perPage=2&content=all&sort=newest'); self::assertResponseIsSuccessful(); $data = self::getJsonResponse($this->client); self::assertArrayKeysMatch(WebTestCase::PAGINATED_KEYS, $data); self::assertCount(2, $data['items']); self::assertArrayKeysMatch(WebTestCase::PAGINATION_KEYS, $data['pagination']); self::assertEquals(5, $data['pagination']['maxPage']); self::assertArrayKeysMatch(WebTestCase::ENTRY_RESPONSE_KEYS, $data['items'][0]['entry']); self::assertNull($data['items'][0]['post']); assertEquals($this->generatedEntries[0]->getId(), $data['items'][0]['entry']['entryId']); self::assertArrayKeysMatch(WebTestCase::POST_RESPONSE_KEYS, $data['items'][1]['post']); self::assertNull($data['items'][1]['entry']); assertEquals($this->generatedPosts[0]->getId(), $data['items'][1]['post']['postId']); } public function testCombinedCursoredAnonymous(): void { $this->client->request('GET', '/api/combined/v2?perPage=2&sort=newest'); self::assertResponseIsSuccessful(); $data = self::getJsonResponse($this->client); $this->assertCursorDataShape($data); } public function testUserCombinedCursored(): void { $this->client->loginUser($this->user); self::createOAuth2PublicAuthCodeClient(); $codes = self::getPublicAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('GET', '/api/combined/v2/subscribed?perPage=2&sort=newest', server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $data = self::getJsonResponse($this->client); $this->assertCursorDataShape($data); } public function testCombinedCursoredPagination(): void { $this->client->request('GET', '/api/combined/v2?perPage=2&sort=commented'); self::assertResponseIsSuccessful(); $data1 = self::getJsonResponse($this->client); self::assertCount(2, $data1['items']); self::assertArrayKeysMatch(WebTestCase::CURSOR_PAGINATION_KEYS, $data1['pagination']); self::assertNotNull($data1['pagination']['nextCursor']); self::assertNotNull($data1['pagination']['nextCursor2']); self::assertNotNull($data1['pagination']['currentCursor']); self::assertNotNull($data1['pagination']['currentCursor2']); self::assertNull($data1['pagination']['previousCursor']); self::assertNull($data1['pagination']['previousCursor2']); $this->client->request('GET', '/api/combined/v2?perPage=2&sort=commented&cursor='.urlencode($data1['pagination']['nextCursor']).'&cursor2='.urlencode($data1['pagination']['nextCursor2'])); self::assertResponseIsSuccessful(); $data2 = self::getJsonResponse($this->client); self::assertCount(2, $data2['items']); self::assertArrayKeysMatch(WebTestCase::CURSOR_PAGINATION_KEYS, $data2['pagination']); self::assertNotNull($data2['pagination']['nextCursor']); self::assertNotNull($data2['pagination']['nextCursor2']); self::assertNotNull($data2['pagination']['currentCursor']); self::assertNotNull($data2['pagination']['currentCursor2']); self::assertNotNull($data2['pagination']['previousCursor']); self::assertNotNull($data2['pagination']['previousCursor2']); $this->client->request('GET', '/api/combined/v2?perPage=2&sort=commented&cursor='.urlencode($data2['pagination']['previousCursor']).'&cursor2='.urlencode($data2['pagination']['previousCursor2'])); self::assertResponseIsSuccessful(); $data3 = self::getJsonResponse($this->client); self::assertCount(2, $data3['items']); self::assertArrayKeysMatch(WebTestCase::CURSOR_PAGINATION_KEYS, $data3['pagination']); self::assertNotNull($data3['pagination']['nextCursor']); self::assertNotNull($data3['pagination']['nextCursor2']); self::assertNotNull($data3['pagination']['currentCursor']); self::assertNotNull($data3['pagination']['currentCursor2']); self::assertNull($data3['pagination']['previousCursor']); self::assertNull($data3['pagination']['previousCursor2']); self::assertEquals($data1['items'][0]['entry']['entryId'], $data3['items'][0]['entry']['entryId']); self::assertEquals($data1['items'][1]['post']['postId'], $data3['items'][1]['post']['postId']); } private function assertCursorDataShape(array $data): void { self::assertArrayKeysMatch(WebTestCase::PAGINATED_KEYS, $data); self::assertCount(2, $data['items']); self::assertArrayKeysMatch(WebTestCase::CURSOR_PAGINATION_KEYS, $data['pagination']); self::assertNotNull($data['pagination']['nextCursor']); self::assertNotNull($data['pagination']['nextCursor2']); self::assertNotNull($data['pagination']['currentCursor']); self::assertNotNull($data['pagination']['currentCursor2']); self::assertNull($data['pagination']['previousCursor']); self::assertNull($data['pagination']['previousCursor2']); self::assertArrayKeysMatch(WebTestCase::ENTRY_RESPONSE_KEYS, $data['items'][0]['entry']); self::assertNull($data['items'][0]['post']); assertEquals($this->generatedEntries[0]->getId(), $data['items'][0]['entry']['entryId']); self::assertArrayKeysMatch(WebTestCase::POST_RESPONSE_KEYS, $data['items'][1]['post']); self::assertNull($data['items'][1]['entry']); assertEquals($this->generatedPosts[0]->getId(), $data['items'][1]['post']['postId']); $this->client->request('GET', '/api/combined/v2?perPage=2&sort=newest&cursor='.urlencode($data['pagination']['nextCursor'])); self::assertResponseIsSuccessful(); $data = self::getJsonResponse($this->client); self::assertCount(2, $data['items']); self::assertArrayKeysMatch(WebTestCase::CURSOR_PAGINATION_KEYS, $data['pagination']); self::assertNotNull($data['pagination']['nextCursor']); self::assertNotNull($data['pagination']['nextCursor2']); self::assertNotNull($data['pagination']['currentCursor']); self::assertNotNull($data['pagination']['currentCursor2']); self::assertNotNull($data['pagination']['previousCursor']); self::assertNotNull($data['pagination']['previousCursor2']); self::assertArrayKeysMatch(WebTestCase::ENTRY_RESPONSE_KEYS, $data['items'][0]['entry']); self::assertNull($data['items'][0]['post']); assertEquals($this->generatedEntries[1]->getId(), $data['items'][0]['entry']['entryId']); self::assertArrayKeysMatch(WebTestCase::POST_RESPONSE_KEYS, $data['items'][1]['post']); self::assertNull($data['items'][1]['entry']); assertEquals($this->generatedPosts[1]->getId(), $data['items'][1]['post']['postId']); } } ================================================ FILE: tests/Functional/Controller/Api/Combined/CombinedRetrieveApiTest.php ================================================ getUserByUsername('user'); $userFollowing = $this->getUserByUsername('user2'); $user3 = $this->getUserByUsername('user3'); $magazine = $this->getMagazineByName('abc'); $this->userManager->follow($user, $userFollowing, false); $postFollowed = $this->createPost('a post', user: $userFollowing); $postBoosted = $this->createPost('third user post', user: $user3); $this->createPost('unrelated post', user: $user3); $postCommentFollowed = $this->createPostComment('a comment', $postBoosted, $userFollowing); $postCommentBoosted = $this->createPostComment('a boosted comment', $postBoosted, $user3); $this->createPostComment('unrelated comment', $postBoosted, $user3); $entryFollowed = $this->createEntry('title', $magazine, body: 'an entry', user: $userFollowing); $entryBoosted = $this->createEntry('title', $magazine, body: 'third user post', user: $user3); $this->createEntry('title', $magazine, body: 'unrelated post', user: $user3); $entryCommentFollowed = $this->createEntryComment('a comment', $entryBoosted, $userFollowing); $entryCommentBoosted = $this->createEntryComment('a boosted comment', $entryBoosted, $user3); $this->createEntryComment('unrelated comment', $entryBoosted, $user3); $this->voteManager->upvote($postBoosted, $userFollowing); $this->voteManager->upvote($postCommentBoosted, $userFollowing); $this->voteManager->upvote($entryBoosted, $userFollowing); $this->voteManager->upvote($entryCommentBoosted, $userFollowing); self::createOAuth2AuthCodeClient(); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('GET', '/api/combined/subscribed?includeBoosts=true', server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::PAGINATED_KEYS, $jsonData); self::assertIsArray($jsonData['items']); self::assertCount(8, $jsonData['items']); self::assertIsArray($jsonData['pagination']); self::assertArrayKeysMatch(self::PAGINATION_KEYS, $jsonData['pagination']); self::assertSame(8, $jsonData['pagination']['count']); $retrievedPostIds = array_map(function ($item) { if (null !== $item['post']) { self::assertArrayKeysMatch(self::POST_RESPONSE_KEYS, $item['post']); return $item['post']['postId']; } else { return null; } }, $jsonData['items']); $retrievedPostIds = array_filter($retrievedPostIds, function ($item) { return null !== $item; }); sort($retrievedPostIds); $retrievedPostCommentIds = array_map(function ($item) { if (null !== $item['postComment']) { self::assertArrayKeysMatch(self::POST_COMMENT_RESPONSE_KEYS, $item['postComment']); return $item['postComment']['commentId']; } else { return null; } }, $jsonData['items']); $retrievedPostCommentIds = array_filter($retrievedPostCommentIds, function ($item) { return null !== $item; }); sort($retrievedPostCommentIds); $retrievedEntryIds = array_map(function ($item) { if (null !== $item['entry']) { self::assertArrayKeysMatch(self::ENTRY_RESPONSE_KEYS, $item['entry']); return $item['entry']['entryId']; } else { return null; } }, $jsonData['items']); $retrievedEntryIds = array_filter($retrievedEntryIds, function ($item) { return null !== $item; }); sort($retrievedEntryIds); $retrievedEntryCommentIds = array_map(function ($item) { if (null !== $item['entryComment']) { self::assertArrayKeysMatch(self::ENTRY_COMMENT_RESPONSE_KEYS, $item['entryComment']); return $item['entryComment']['commentId']; } else { return null; } }, $jsonData['items']); $retrievedEntryCommentIds = array_filter($retrievedEntryCommentIds, function ($item) { return null !== $item; }); sort($retrievedEntryCommentIds); $expectedPostIds = [$postFollowed->getId(), $postBoosted->getId()]; sort($expectedPostIds); $expectedPostCommentIds = [$postCommentFollowed->getId(), $postCommentBoosted->getId()]; sort($expectedPostCommentIds); $expectedEntryIds = [$entryFollowed->getId(), $entryBoosted->getId()]; sort($expectedEntryIds); $expectedEntryCommentIds = [$entryCommentFollowed->getId(), $entryCommentBoosted->getId()]; sort($expectedEntryCommentIds); self::assertEquals($retrievedPostIds, $expectedPostIds); self::assertEquals($expectedPostCommentIds, $expectedPostCommentIds); self::assertEquals($expectedEntryIds, $retrievedEntryIds); self::assertEquals($expectedEntryCommentIds, $retrievedEntryCommentIds); } public function testApiHonersIncludeBoostsUserSetting(): void { $user = $this->getUserByUsername('user'); $userFollowing = $this->getUserByUsername('user2'); $user3 = $this->getUserByUsername('user3'); $this->userManager->follow($user, $userFollowing, false); $this->createPost('a post', user: $userFollowing); $postBoosted = $this->createPost('third user post', user: $user3); $this->voteManager->upvote($postBoosted, $userFollowing); self::createOAuth2AuthCodeClient(); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('GET', '/api/combined/subscribed', server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::PAGINATED_KEYS, $jsonData); self::assertIsArray($jsonData['items']); self::assertCount(1, $jsonData['items']); self::assertIsArray($jsonData['pagination']); self::assertArrayKeysMatch(self::PAGINATION_KEYS, $jsonData['pagination']); self::assertSame(1, $jsonData['pagination']['count']); $this->userRepository->find($user->getId())->showBoostsOfFollowing = true; $this->entityManager->flush(); $this->client->request('GET', '/api/combined/subscribed', server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::PAGINATED_KEYS, $jsonData); self::assertIsArray($jsonData['items']); self::assertCount(2, $jsonData['items']); self::assertIsArray($jsonData['pagination']); self::assertArrayKeysMatch(self::PAGINATION_KEYS, $jsonData['pagination']); self::assertSame(2, $jsonData['pagination']['count']); } } ================================================ FILE: tests/Functional/Controller/Api/Domain/DomainBlockApiTest.php ================================================ getEntryByTitle('Test link to a domain', 'https://example.com')->domain; $this->client->request('PUT', "/api/domain/{$domain->getId()}/block"); self::assertResponseStatusCodeSame(401); } public function testApiCannotBlockDomainWithoutScope() { $domain = $this->getEntryByTitle('Test link to a domain', 'https://example.com')->domain; self::createOAuth2AuthCodeClient(); $this->client->loginUser($this->getUserByUsername('JohnDoe')); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('PUT', "/api/domain/{$domain->getId()}/block", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); } #[Group(name: 'NonThreadSafe')] public function testApiCanBlockDomain() { $domain = $this->getEntryByTitle('Test link to a domain', 'https://example.com')->domain; self::createOAuth2AuthCodeClient(); $this->client->loginUser($this->getUserByUsername('JohnDoe')); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read domain:block'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('PUT', "/api/domain/{$domain->getId()}/block", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(DomainRetrieveApiTest::DOMAIN_RESPONSE_KEYS, $jsonData); self::assertEquals('example.com', $jsonData['name']); self::assertSame(1, $jsonData['entryCount']); self::assertSame(0, $jsonData['subscriptionsCount']); self::assertTrue($jsonData['isBlockedByUser']); // Scope not granted so subscribe flag not populated self::assertNull($jsonData['isUserSubscribed']); // Idempotent when called multiple times $this->client->request('PUT', "/api/domain/{$domain->getId()}/block", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(DomainRetrieveApiTest::DOMAIN_RESPONSE_KEYS, $jsonData); self::assertEquals('example.com', $jsonData['name']); self::assertSame(1, $jsonData['entryCount']); self::assertSame(0, $jsonData['subscriptionsCount']); self::assertTrue($jsonData['isBlockedByUser']); // Scope not granted so subscribe flag not populated self::assertNull($jsonData['isUserSubscribed']); } public function testApiCannotUnblockDomainAnonymous() { $domain = $this->getEntryByTitle('Test link to a domain', 'https://example.com')->domain; $this->client->request('PUT', "/api/domain/{$domain->getId()}/unblock"); self::assertResponseStatusCodeSame(401); } public function testApiCannotUnblockDomainWithoutScope() { $domain = $this->getEntryByTitle('Test link to a domain', 'https://example.com')->domain; self::createOAuth2AuthCodeClient(); $this->client->loginUser($this->getUserByUsername('JohnDoe')); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('PUT', "/api/domain/{$domain->getId()}/unblock", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); } #[Group(name: 'NonThreadSafe')] public function testApiCanUnblockDomain() { $user = $this->getUserByUsername('JohnDoe'); $domain = $this->getEntryByTitle('Test link to a domain', 'https://example.com')->domain; $manager = $this->domainManager; $manager->block($domain, $user); self::createOAuth2AuthCodeClient(); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read domain:block'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('PUT', "/api/domain/{$domain->getId()}/unblock", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(DomainRetrieveApiTest::DOMAIN_RESPONSE_KEYS, $jsonData); self::assertEquals('example.com', $jsonData['name']); self::assertSame(1, $jsonData['entryCount']); self::assertSame(0, $jsonData['subscriptionsCount']); self::assertFalse($jsonData['isBlockedByUser']); // Scope not granted so subscribe flag not populated self::assertNull($jsonData['isUserSubscribed']); // Idempotent when called multiple times $this->client->request('PUT', "/api/domain/{$domain->getId()}/unblock", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(DomainRetrieveApiTest::DOMAIN_RESPONSE_KEYS, $jsonData); self::assertEquals('example.com', $jsonData['name']); self::assertSame(1, $jsonData['entryCount']); self::assertSame(0, $jsonData['subscriptionsCount']); self::assertFalse($jsonData['isBlockedByUser']); // Scope not granted so subscribe flag not populated self::assertNull($jsonData['isUserSubscribed']); } } ================================================ FILE: tests/Functional/Controller/Api/Domain/DomainRetrieveApiTest.php ================================================ getEntryByTitle('Test link to a domain', 'https://example.com'); $this->client->request('GET', '/api/domains'); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::PAGINATED_KEYS, $jsonData); self::assertIsArray($jsonData['pagination']); self::assertArrayKeysMatch(self::PAGINATION_KEYS, $jsonData['pagination']); self::assertIsArray($jsonData['items']); self::assertCount(1, $jsonData['items']); self::assertIsArray($jsonData['items'][0]); self::assertArrayKeysMatch(self::DOMAIN_RESPONSE_KEYS, $jsonData['items'][0]); self::assertEquals('example.com', $jsonData['items'][0]['name']); self::assertSame(1, $jsonData['items'][0]['entryCount']); self::assertSame(0, $jsonData['items'][0]['subscriptionsCount']); self::assertNull($jsonData['items'][0]['isUserSubscribed']); self::assertNull($jsonData['items'][0]['isBlockedByUser']); } public function testApiCanRetrieveDomains() { $this->getEntryByTitle('Test link to a domain', 'https://example.com'); self::createOAuth2AuthCodeClient(); $this->client->loginUser($this->getUserByUsername('JohnDoe')); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('GET', '/api/domains', server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::PAGINATED_KEYS, $jsonData); self::assertIsArray($jsonData['pagination']); self::assertArrayKeysMatch(self::PAGINATION_KEYS, $jsonData['pagination']); self::assertIsArray($jsonData['items']); self::assertCount(1, $jsonData['items']); self::assertIsArray($jsonData['items'][0]); self::assertArrayKeysMatch(self::DOMAIN_RESPONSE_KEYS, $jsonData['items'][0]); self::assertEquals('example.com', $jsonData['items'][0]['name']); self::assertSame(1, $jsonData['items'][0]['entryCount']); self::assertSame(0, $jsonData['items'][0]['subscriptionsCount']); // Scope not granted so subscription and block flags not populated self::assertNull($jsonData['items'][0]['isUserSubscribed']); self::assertNull($jsonData['items'][0]['isBlockedByUser']); } public function testApiCanRetrieveDomainsSubscriptionAndBlockStatus() { $domain = $this->getEntryByTitle('Test link to a domain', 'https://example.com')->domain; $user = $this->getUserByUsername('JohnDoe'); $manager = $this->domainManager; $manager->subscribe($domain, $user); self::createOAuth2AuthCodeClient(); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read domain:subscribe domain:block'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('GET', '/api/domains', server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::PAGINATED_KEYS, $jsonData); self::assertIsArray($jsonData['pagination']); self::assertArrayKeysMatch(self::PAGINATION_KEYS, $jsonData['pagination']); self::assertIsArray($jsonData['items']); self::assertCount(1, $jsonData['items']); self::assertIsArray($jsonData['items'][0]); self::assertArrayKeysMatch(self::DOMAIN_RESPONSE_KEYS, $jsonData['items'][0]); self::assertEquals('example.com', $jsonData['items'][0]['name']); self::assertSame(1, $jsonData['items'][0]['entryCount']); self::assertSame(1, $jsonData['items'][0]['subscriptionsCount']); // Scope granted so subscription and block flags populated self::assertTrue($jsonData['items'][0]['isUserSubscribed']); self::assertFalse($jsonData['items'][0]['isBlockedByUser']); } public function testApiCannotRetrieveSubscribedDomainsAnonymous() { $this->client->request('GET', '/api/domains/subscribed'); self::assertResponseStatusCodeSame(401); } public function testApiCannotRetrieveSubscribedDomainsWithoutScope() { $this->getEntryByTitle('Test link to a second domain', 'https://example.org'); $domain = $this->getEntryByTitle('Test link to a domain', 'https://example.com')->domain; $user = $this->getUserByUsername('JohnDoe'); $manager = $this->domainManager; $manager->subscribe($domain, $user); self::createOAuth2AuthCodeClient(); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('GET', '/api/domains/subscribed', server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); } public function testApiCanRetrieveSubscribedDomains() { $this->getEntryByTitle('Test link to a second domain', 'https://example.org'); $domain = $this->getEntryByTitle('Test link to a domain', 'https://example.com')->domain; $user = $this->getUserByUsername('JohnDoe'); $manager = $this->domainManager; $manager->subscribe($domain, $user); self::createOAuth2AuthCodeClient(); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read domain:subscribe'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('GET', '/api/domains/subscribed', server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::PAGINATED_KEYS, $jsonData); self::assertIsArray($jsonData['pagination']); self::assertArrayKeysMatch(self::PAGINATION_KEYS, $jsonData['pagination']); self::assertIsArray($jsonData['items']); self::assertCount(1, $jsonData['items']); self::assertIsArray($jsonData['items'][0]); self::assertArrayKeysMatch(self::DOMAIN_RESPONSE_KEYS, $jsonData['items'][0]); self::assertSame(1, $jsonData['items'][0]['entryCount']); self::assertEquals('example.com', $jsonData['items'][0]['name']); self::assertSame(1, $jsonData['items'][0]['entryCount']); self::assertSame(1, $jsonData['items'][0]['subscriptionsCount']); // Scope granted so subscription flag populated self::assertTrue($jsonData['items'][0]['isUserSubscribed']); self::assertNull($jsonData['items'][0]['isBlockedByUser']); } public function testApiCannotRetrieveBlockedDomainsAnonymous() { $this->client->request('GET', '/api/domains/blocked'); self::assertResponseStatusCodeSame(401); } public function testApiCannotRetrieveBlockedDomainsWithoutScope() { $this->getEntryByTitle('Test link to a second domain', 'https://example.org'); $domain = $this->getEntryByTitle('Test link to a domain', 'https://example.com')->domain; $user = $this->getUserByUsername('JohnDoe'); $manager = $this->domainManager; $manager->block($domain, $user); self::createOAuth2AuthCodeClient(); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('GET', '/api/domains/blocked', server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); } public function testApiCanRetrieveBlockedDomains() { $this->getEntryByTitle('Test link to a second domain', 'https://example.org'); $domain = $this->getEntryByTitle('Test link to a domain', 'https://example.com')->domain; $user = $this->getUserByUsername('JohnDoe'); $manager = $this->domainManager; $manager->block($domain, $user); self::createOAuth2AuthCodeClient(); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read domain:block'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('GET', '/api/domains/blocked', server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::PAGINATED_KEYS, $jsonData); self::assertIsArray($jsonData['pagination']); self::assertArrayKeysMatch(self::PAGINATION_KEYS, $jsonData['pagination']); self::assertIsArray($jsonData['items']); self::assertCount(1, $jsonData['items']); self::assertIsArray($jsonData['items'][0]); self::assertArrayKeysMatch(self::DOMAIN_RESPONSE_KEYS, $jsonData['items'][0]); self::assertSame(1, $jsonData['items'][0]['entryCount']); self::assertEquals('example.com', $jsonData['items'][0]['name']); self::assertSame(1, $jsonData['items'][0]['entryCount']); self::assertSame(0, $jsonData['items'][0]['subscriptionsCount']); // Scope granted so block flag populated self::assertNull($jsonData['items'][0]['isUserSubscribed']); self::assertTrue($jsonData['items'][0]['isBlockedByUser']); } public function testApiCanRetrieveDomainByIdAnonymous() { $domain = $this->getEntryByTitle('Test link to a domain', 'https://example.com')->domain; $this->client->request('GET', "/api/domain/{$domain->getId()}"); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::DOMAIN_RESPONSE_KEYS, $jsonData); self::assertEquals('example.com', $jsonData['name']); self::assertSame(1, $jsonData['entryCount']); self::assertSame(0, $jsonData['subscriptionsCount']); self::assertNull($jsonData['isUserSubscribed']); self::assertNull($jsonData['isBlockedByUser']); } public function testApiCanRetrieveDomainById() { $domain = $this->getEntryByTitle('Test link to a domain', 'https://example.com')->domain; $user = $this->getUserByUsername('JohnDoe'); $manager = $this->domainManager; $manager->subscribe($domain, $user); self::createOAuth2AuthCodeClient(); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('GET', "/api/domain/{$domain->getId()}", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::DOMAIN_RESPONSE_KEYS, $jsonData); self::assertEquals('example.com', $jsonData['name']); self::assertSame(1, $jsonData['entryCount']); self::assertSame(1, $jsonData['subscriptionsCount']); // Scope not granted so subscription and block flags not populated self::assertNull($jsonData['isUserSubscribed']); self::assertNull($jsonData['isBlockedByUser']); } public function testApiCanRetrieveDomainByIdSubscriptionAndBlockStatus() { $domain = $this->getEntryByTitle('Test link to a domain', 'https://example.com')->domain; $user = $this->getUserByUsername('JohnDoe'); $manager = $this->domainManager; $manager->subscribe($domain, $user); self::createOAuth2AuthCodeClient(); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read domain:subscribe domain:block'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('GET', "/api/domain/{$domain->getId()}", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::DOMAIN_RESPONSE_KEYS, $jsonData); self::assertEquals('example.com', $jsonData['name']); self::assertSame(1, $jsonData['entryCount']); self::assertSame(1, $jsonData['subscriptionsCount']); // Scope granted so subscription and block flags populated self::assertTrue($jsonData['isUserSubscribed']); self::assertFalse($jsonData['isBlockedByUser']); } } ================================================ FILE: tests/Functional/Controller/Api/Domain/DomainSubscribeApiTest.php ================================================ getEntryByTitle('Test link to a domain', 'https://example.com')->domain; $this->client->request('PUT', "/api/domain/{$domain->getId()}/subscribe"); self::assertResponseStatusCodeSame(401); } public function testApiCannotSubscribeToDomainWithoutScope() { $domain = $this->getEntryByTitle('Test link to a domain', 'https://example.com')->domain; self::createOAuth2AuthCodeClient(); $this->client->loginUser($this->getUserByUsername('JohnDoe')); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('PUT', "/api/domain/{$domain->getId()}/subscribe", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); } public function testApiCanSubscribeToDomain() { $domain = $this->getEntryByTitle('Test link to a domain', 'https://example.com')->domain; self::createOAuth2AuthCodeClient(); $this->client->loginUser($this->getUserByUsername('JohnDoe')); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read domain:subscribe'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('PUT', "/api/domain/{$domain->getId()}/subscribe", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(DomainRetrieveApiTest::DOMAIN_RESPONSE_KEYS, $jsonData); self::assertEquals('example.com', $jsonData['name']); self::assertSame(1, $jsonData['entryCount']); self::assertSame(1, $jsonData['subscriptionsCount']); self::assertTrue($jsonData['isUserSubscribed']); // Scope not granted so block flag not populated self::assertNull($jsonData['isBlockedByUser']); // Idempotent when called multiple times $this->client->request('PUT', "/api/domain/{$domain->getId()}/subscribe", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(DomainRetrieveApiTest::DOMAIN_RESPONSE_KEYS, $jsonData); self::assertEquals('example.com', $jsonData['name']); self::assertSame(1, $jsonData['entryCount']); self::assertSame(1, $jsonData['subscriptionsCount']); self::assertTrue($jsonData['isUserSubscribed']); // Scope not granted so block flag not populated self::assertNull($jsonData['isBlockedByUser']); } public function testApiCannotUnsubscribeFromDomainAnonymous() { $domain = $this->getEntryByTitle('Test link to a domain', 'https://example.com')->domain; $this->client->request('PUT', "/api/domain/{$domain->getId()}/unsubscribe"); self::assertResponseStatusCodeSame(401); } public function testApiCannotUnsubscribeFromDomainWithoutScope() { $domain = $this->getEntryByTitle('Test link to a domain', 'https://example.com')->domain; self::createOAuth2AuthCodeClient(); $this->client->loginUser($this->getUserByUsername('JohnDoe')); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('PUT', "/api/domain/{$domain->getId()}/unsubscribe", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); } public function testApiCanUnsubscribeFromDomain() { $user = $this->getUserByUsername('JohnDoe'); $domain = $this->getEntryByTitle('Test link to a domain', 'https://example.com')->domain; $manager = $this->domainManager; $manager->subscribe($domain, $user); self::createOAuth2AuthCodeClient(); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read domain:subscribe'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('PUT', "/api/domain/{$domain->getId()}/unsubscribe", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(DomainRetrieveApiTest::DOMAIN_RESPONSE_KEYS, $jsonData); self::assertEquals('example.com', $jsonData['name']); self::assertSame(1, $jsonData['entryCount']); self::assertSame(0, $jsonData['subscriptionsCount']); self::assertFalse($jsonData['isUserSubscribed']); // Scope not granted so block flag not populated self::assertNull($jsonData['isBlockedByUser']); // Idempotent when called multiple times $this->client->request('PUT', "/api/domain/{$domain->getId()}/unsubscribe", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(DomainRetrieveApiTest::DOMAIN_RESPONSE_KEYS, $jsonData); self::assertEquals('example.com', $jsonData['name']); self::assertSame(1, $jsonData['entryCount']); self::assertSame(0, $jsonData['subscriptionsCount']); self::assertFalse($jsonData['isUserSubscribed']); // Scope not granted so block flag not populated self::assertNull($jsonData['isBlockedByUser']); } } ================================================ FILE: tests/Functional/Controller/Api/Entry/Admin/EntryChangeMagazineApiTest.php ================================================ getMagazineByNameNoRSAKey('acme'); $magazine2 = $this->getMagazineByNameNoRSAKey('acme2'); $entry = $this->getEntryByTitle('test article', body: 'test for favourite', magazine: $magazine); $this->client->jsonRequest('PUT', "/api/admin/entry/{$entry->getId()}/change-magazine/{$magazine2->getId()}"); self::assertResponseStatusCodeSame(401); } public function testApiNonAdminCannotChangeEntryMagazine(): void { $user = $this->getUserByUsername('user'); $magazine = $this->getMagazineByNameNoRSAKey('acme'); $magazine2 = $this->getMagazineByNameNoRSAKey('acme2'); $entry = $this->getEntryByTitle('test article', body: 'test for favourite', user: $user, magazine: $magazine); self::createOAuth2AuthCodeClient(); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read admin:magazine:move_entry'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->jsonRequest('PUT', "/api/admin/entry/{$entry->getId()}/change-magazine/{$magazine2->getId()}", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); } public function testApiCannotChangeEntryMagazineWithoutScope(): void { $user = $this->getUserByUsername('user', isAdmin: true); $magazine = $this->getMagazineByNameNoRSAKey('acme'); $magazine2 = $this->getMagazineByNameNoRSAKey('acme2'); $entry = $this->getEntryByTitle('test article', body: 'test for favourite', user: $user, magazine: $magazine); self::createOAuth2AuthCodeClient(); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->jsonRequest('PUT', "/api/admin/entry/{$entry->getId()}/change-magazine/{$magazine2->getId()}", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); } public function testApiCanChangeEntryMagazine(): void { $user = $this->getUserByUsername('user', isAdmin: true); $magazine = $this->getMagazineByNameNoRSAKey('acme'); $magazine2 = $this->getMagazineByNameNoRSAKey('acme2'); $entry = $this->getEntryByTitle('test article', body: 'test for favourite', user: $user, magazine: $magazine); self::createOAuth2AuthCodeClient(); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read admin:magazine:move_entry'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->jsonRequest('PUT', "/api/admin/entry/{$entry->getId()}/change-magazine/{$magazine2->getId()}", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::ENTRY_RESPONSE_KEYS, $jsonData); self::assertSame($entry->getId(), $jsonData['entryId']); self::assertEquals($entry->title, $jsonData['title']); self::assertIsArray($jsonData['magazine']); self::assertArrayKeysMatch(self::MAGAZINE_SMALL_RESPONSE_KEYS, $jsonData['magazine']); self::assertSame($magazine2->getId(), $jsonData['magazine']['magazineId']); self::assertIsArray($jsonData['user']); self::assertArrayKeysMatch(self::USER_SMALL_RESPONSE_KEYS, $jsonData['user']); self::assertSame($user->getId(), $jsonData['user']['userId']); self::assertNull($jsonData['domain']); self::assertNull($jsonData['url']); self::assertEquals($entry->body, $jsonData['body']); self::assertNull($jsonData['image']); self::assertEquals($entry->lang, $jsonData['lang']); self::assertEmpty($jsonData['tags']); self::assertIsArray($jsonData['badges']); self::assertEmpty($jsonData['badges']); self::assertSame(0, $jsonData['numComments']); self::assertSame(0, $jsonData['uv']); self::assertSame(0, $jsonData['dv']); self::assertSame(0, $jsonData['favourites']); // No scope for seeing votes granted self::assertNull($jsonData['isFavourited']); self::assertNull($jsonData['userVote']); self::assertFalse($jsonData['isOc']); self::assertFalse($jsonData['isAdult']); self::assertFalse($jsonData['isPinned']); self::assertStringMatchesFormat('%d-%d-%dT%d:%d:%d%i:00', $jsonData['createdAt'], 'createdAt date format invalid'); self::assertNull($jsonData['editedAt']); self::assertStringMatchesFormat('%d-%d-%dT%d:%d:%d%i:00', $jsonData['lastActive'], 'lastActive date format invalid'); self::assertEquals('article', $jsonData['type']); self::assertEquals('test-article', $jsonData['slug']); self::assertNull($jsonData['apId']); } } ================================================ FILE: tests/Functional/Controller/Api/Entry/Admin/EntryPurgeApiTest.php ================================================ getMagazineByNameNoRSAKey('acme'); $entry = $this->getEntryByTitle('test article', body: 'test for deletion', magazine: $magazine); $this->client->request('DELETE', "/api/admin/entry/{$entry->getId()}/purge"); self::assertResponseStatusCodeSame(401); } public function testApiCannotPurgeArticleEntryWithoutScope(): void { $user = $this->getUserByUsername('user', isAdmin: true); $magazine = $this->getMagazineByNameNoRSAKey('acme'); $entry = $this->getEntryByTitle('test article', body: 'test for deletion', user: $user, magazine: $magazine); self::createOAuth2AuthCodeClient(); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('DELETE', "/api/admin/entry/{$entry->getId()}/purge", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); } public function testApiNonAdminCannotPurgeArticleEntry(): void { $otherUser = $this->getUserByUsername('somebody'); $user = $this->getUserByUsername('user'); $magazine = $this->getMagazineByNameNoRSAKey('acme'); $entry = $this->getEntryByTitle('test article', body: 'test for deletion', user: $otherUser, magazine: $magazine); self::createOAuth2AuthCodeClient(); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read admin:entry:purge'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('DELETE', "/api/admin/entry/{$entry->getId()}/purge", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); } public function testApiCanPurgeArticleEntry(): void { $admin = $this->getUserByUsername('admin', isAdmin: true); $user = $this->getUserByUsername('user'); $magazine = $this->getMagazineByNameNoRSAKey('acme'); $entry = $this->getEntryByTitle('test article', body: 'test for deletion', user: $user, magazine: $magazine); self::createOAuth2AuthCodeClient(); $this->client->loginUser($admin); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read admin:entry:purge'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('DELETE', "/api/admin/entry/{$entry->getId()}/purge", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(204); } public function testApiCannotPurgeLinkEntryAnonymous(): void { $magazine = $this->getMagazineByNameNoRSAKey('acme'); $entry = $this->getEntryByTitle('test link', url: 'https://google.com', magazine: $magazine); $this->client->request('DELETE', "/api/admin/entry/{$entry->getId()}/purge"); self::assertResponseStatusCodeSame(401); } public function testApiCannotPurgeLinkEntryWithoutScope(): void { $user = $this->getUserByUsername('user', isAdmin: true); $magazine = $this->getMagazineByNameNoRSAKey('acme'); $entry = $this->getEntryByTitle('test link', url: 'https://google.com', user: $user, magazine: $magazine); self::createOAuth2AuthCodeClient(); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('DELETE', "/api/admin/entry/{$entry->getId()}/purge", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); } public function testApiNonAdminCannotPurgeLinkEntry(): void { $otherUser = $this->getUserByUsername('somebody'); $user = $this->getUserByUsername('user'); $magazine = $this->getMagazineByNameNoRSAKey('acme'); $entry = $this->getEntryByTitle('test link', url: 'https://google.com', user: $otherUser, magazine: $magazine); self::createOAuth2AuthCodeClient(); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read admin:entry:purge'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('DELETE', "/api/admin/entry/{$entry->getId()}/purge", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); } public function testApiCanPurgeLinkEntry(): void { $admin = $this->getUserByUsername('admin', isAdmin: true); $user = $this->getUserByUsername('user'); $magazine = $this->getMagazineByNameNoRSAKey('acme'); $entry = $this->getEntryByTitle('test link', url: 'https://google.com', user: $user, magazine: $magazine); self::createOAuth2AuthCodeClient(); $this->client->loginUser($admin); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read admin:entry:purge'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('DELETE', "/api/admin/entry/{$entry->getId()}/purge", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(204); } public function testApiCannotPurgeImageEntryAnonymous(): void { $magazine = $this->getMagazineByNameNoRSAKey('acme'); $imageDto = $this->getKibbyImageDto(); $entry = $this->getEntryByTitle('test image', image: $imageDto, magazine: $magazine); $this->client->request('DELETE', "/api/admin/entry/{$entry->getId()}/purge"); self::assertResponseStatusCodeSame(401); } public function testApiCannotPurgeImageEntryWithoutScope(): void { $magazine = $this->getMagazineByNameNoRSAKey('acme'); $user = $this->getUserByUsername('user', isAdmin: true); $imageDto = $this->getKibbyImageDto(); $entry = $this->getEntryByTitle('test image', image: $imageDto, user: $user, magazine: $magazine); self::createOAuth2AuthCodeClient(); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('DELETE', "/api/admin/entry/{$entry->getId()}/purge", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); } public function testApiNonAdminCannotPurgeImageEntry(): void { $otherUser = $this->getUserByUsername('somebody'); $user = $this->getUserByUsername('user'); $magazine = $this->getMagazineByNameNoRSAKey('acme'); $imageDto = $this->getKibbyImageDto(); $entry = $this->getEntryByTitle('test image', image: $imageDto, user: $otherUser, magazine: $magazine); self::createOAuth2AuthCodeClient(); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read admin:entry:purge'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('DELETE', "/api/admin/entry/{$entry->getId()}/purge", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); } public function testApiCanPurgeImageEntry(): void { $admin = $this->getUserByUsername('admin', isAdmin: true); $user = $this->getUserByUsername('user'); $magazine = $this->getMagazineByNameNoRSAKey('acme'); $imageDto = $this->getKibbyImageDto(); $entry = $this->getEntryByTitle('test image', image: $imageDto, user: $user, magazine: $magazine); self::createOAuth2AuthCodeClient(); $this->client->loginUser($admin); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read admin:entry:purge'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('DELETE', "/api/admin/entry/{$entry->getId()}/purge", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(204); } } ================================================ FILE: tests/Functional/Controller/Api/Entry/Comment/Admin/EntryCommentPurgeApiTest.php ================================================ getMagazineByNameNoRSAKey('acme'); $entry = $this->getEntryByTitle('test article', body: 'test for deletion', magazine: $magazine); $comment = $this->createEntryComment('test comment', $entry); $commentRepository = $this->entryCommentRepository; $this->client->request('DELETE', "/api/admin/comment/{$comment->getId()}/purge"); self::assertResponseStatusCodeSame(401); $comment = $commentRepository->find($comment->getId()); self::assertNotNull($comment); } public function testApiCannotPurgeArticleEntryWithoutScope(): void { $user = $this->getUserByUsername('user', isAdmin: true); $magazine = $this->getMagazineByNameNoRSAKey('acme'); $entry = $this->getEntryByTitle('test article', body: 'test for deletion', user: $user, magazine: $magazine); $comment = $this->createEntryComment('test comment', $entry); $commentRepository = $this->entryCommentRepository; self::createOAuth2AuthCodeClient(); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('DELETE', "/api/admin/comment/{$comment->getId()}/purge", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); $comment = $commentRepository->find($comment->getId()); self::assertNotNull($comment); } public function testApiNonAdminCannotPurgeComment(): void { $otherUser = $this->getUserByUsername('somebody'); $user = $this->getUserByUsername('user'); $magazine = $this->getMagazineByNameNoRSAKey('acme'); $entry = $this->getEntryByTitle('test article', body: 'test for deletion', user: $otherUser, magazine: $magazine); $comment = $this->createEntryComment('test comment', $entry); $commentRepository = $this->entryCommentRepository; self::createOAuth2AuthCodeClient(); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read admin:entry_comment:purge'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('DELETE', "/api/admin/comment/{$comment->getId()}/purge", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); $comment = $commentRepository->find($comment->getId()); self::assertNotNull($comment); } public function testApiCanPurgeComment(): void { $admin = $this->getUserByUsername('admin', isAdmin: true); $user = $this->getUserByUsername('user'); $magazine = $this->getMagazineByNameNoRSAKey('acme'); $entry = $this->getEntryByTitle('test article', body: 'test for deletion', user: $user, magazine: $magazine); $comment = $this->createEntryComment('test comment', $entry); $commentRepository = $this->entryCommentRepository; self::createOAuth2AuthCodeClient(); $this->client->loginUser($admin); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read admin:entry_comment:purge'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('DELETE', "/api/admin/comment/{$comment->getId()}/purge", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(204); $comment = $commentRepository->find($comment->getId()); self::assertNull($comment); } public function testApiCannotPurgeImageCommentAnonymous(): void { $magazine = $this->getMagazineByNameNoRSAKey('acme'); $imageDto = $this->getKibbyImageDto(); $entry = $this->getEntryByTitle('test image', body: 'test', magazine: $magazine); $comment = $this->createEntryComment('test comment', $entry, imageDto: $imageDto); $commentRepository = $this->entryCommentRepository; $this->client->request('DELETE', "/api/admin/comment/{$comment->getId()}/purge"); self::assertResponseStatusCodeSame(401); $comment = $commentRepository->find($comment->getId()); self::assertNotNull($comment); } public function testApiCannotPurgeImageCommentWithoutScope(): void { $magazine = $this->getMagazineByNameNoRSAKey('acme'); $user = $this->getUserByUsername('user', isAdmin: true); $imageDto = $this->getKibbyImageDto(); $entry = $this->getEntryByTitle('test image', body: 'test', magazine: $magazine); $comment = $this->createEntryComment('test comment', $entry, imageDto: $imageDto); $commentRepository = $this->entryCommentRepository; self::createOAuth2AuthCodeClient(); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('DELETE', "/api/admin/comment/{$comment->getId()}/purge", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); $comment = $commentRepository->find($comment->getId()); self::assertNotNull($comment); } public function testApiNonAdminCannotPurgeImageComment(): void { $user = $this->getUserByUsername('user'); $magazine = $this->getMagazineByNameNoRSAKey('acme'); $imageDto = $this->getKibbyImageDto(); $entry = $this->getEntryByTitle('test image', body: 'test', magazine: $magazine); $comment = $this->createEntryComment('test comment', $entry, imageDto: $imageDto); $commentRepository = $this->entryCommentRepository; self::createOAuth2AuthCodeClient(); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read admin:entry_comment:purge'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('DELETE', "/api/admin/comment/{$comment->getId()}/purge", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); $comment = $commentRepository->find($comment->getId()); self::assertNotNull($comment); } public function testApiCanPurgeImageComment(): void { $admin = $this->getUserByUsername('admin', isAdmin: true); $magazine = $this->getMagazineByNameNoRSAKey('acme'); $imageDto = $this->getKibbyImageDto(); $entry = $this->getEntryByTitle('test image', body: 'test', magazine: $magazine); $comment = $this->createEntryComment('test comment', $entry, imageDto: $imageDto); $commentRepository = $this->entryCommentRepository; self::createOAuth2AuthCodeClient(); $this->client->loginUser($admin); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read admin:entry_comment:purge'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('DELETE', "/api/admin/comment/{$comment->getId()}/purge", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(204); $comment = $commentRepository->find($comment->getId()); self::assertNull($comment); } } ================================================ FILE: tests/Functional/Controller/Api/Entry/Comment/DomainEntryCommentRetrieveApiTest.php ================================================ getEntryByTitle('an entry', body: 'test'); $magazine = $this->getMagazineByNameNoRSAKey('somemag'); $entry = $this->getEntryByTitle('another entry', url: 'https://google.com', magazine: $magazine); $comment = $this->createEntryComment('test comment', $entry); $domain = $entry->domain; $this->client->request('GET', "/api/domain/{$domain->getId()}/comments"); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::PAGINATED_KEYS, $jsonData); self::assertIsArray($jsonData['items']); self::assertCount(1, $jsonData['items']); self::assertIsArray($jsonData['pagination']); self::assertArrayKeysMatch(self::PAGINATION_KEYS, $jsonData['pagination']); self::assertSame(1, $jsonData['pagination']['count']); self::assertIsArray($jsonData['items'][0]); self::assertArrayKeysMatch(self::ENTRY_COMMENT_RESPONSE_KEYS, $jsonData['items'][0]); self::assertEquals('test comment', $jsonData['items'][0]['body']); self::assertIsArray($jsonData['items'][0]['magazine']); self::assertArrayKeysMatch(self::MAGAZINE_SMALL_RESPONSE_KEYS, $jsonData['items'][0]['magazine']); self::assertSame($magazine->getId(), $jsonData['items'][0]['magazine']['magazineId']); self::assertSame(0, $jsonData['items'][0]['childCount']); self::assertIsArray($jsonData['items'][0]['children']); self::assertEmpty($jsonData['items'][0]['children']); self::assertSame($comment->getId(), $jsonData['items'][0]['commentId']); self::assertSame($entry->getId(), $jsonData['items'][0]['entryId']); } public function testApiCanGetDomainEntryComments(): void { $this->getEntryByTitle('an entry', body: 'test'); $magazine = $this->getMagazineByNameNoRSAKey('somemag'); $entry = $this->getEntryByTitle('another entry', url: 'https://google.com', magazine: $magazine); $comment = $this->createEntryComment('test comment', $entry); $domain = $entry->domain; self::createOAuth2AuthCodeClient(); $this->client->loginUser($this->getUserByUsername('user')); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('GET', "/api/domain/{$domain->getId()}/comments", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::PAGINATED_KEYS, $jsonData); self::assertIsArray($jsonData['items']); self::assertCount(1, $jsonData['items']); self::assertIsArray($jsonData['pagination']); self::assertArrayKeysMatch(self::PAGINATION_KEYS, $jsonData['pagination']); self::assertSame(1, $jsonData['pagination']['count']); self::assertIsArray($jsonData['items'][0]); self::assertArrayKeysMatch(self::ENTRY_COMMENT_RESPONSE_KEYS, $jsonData['items'][0]); self::assertEquals('test comment', $jsonData['items'][0]['body']); self::assertIsArray($jsonData['items'][0]['magazine']); self::assertArrayKeysMatch(self::MAGAZINE_SMALL_RESPONSE_KEYS, $jsonData['items'][0]['magazine']); self::assertSame($magazine->getId(), $jsonData['items'][0]['magazine']['magazineId']); self::assertSame(0, $jsonData['items'][0]['childCount']); self::assertIsArray($jsonData['items'][0]['children']); self::assertEmpty($jsonData['items'][0]['children']); self::assertSame($comment->getId(), $jsonData['items'][0]['commentId']); self::assertSame($entry->getId(), $jsonData['items'][0]['entryId']); } public function testApiCanGetDomainEntryCommentsDepth(): void { $this->getEntryByTitle('an entry', body: 'test'); $magazine = $this->getMagazineByNameNoRSAKey('somemag'); $entry = $this->getEntryByTitle('another entry', url: 'https://google.com', magazine: $magazine); $comment = $this->createEntryComment('test comment', $entry); $nested1 = $this->createEntryComment('test comment nested 1', $entry, parent: $comment); $nested2 = $this->createEntryComment('test comment nested 2', $entry, parent: $nested1); $nested3 = $this->createEntryComment('test comment nested 3', $entry, parent: $nested2); $domain = $entry->domain; self::createOAuth2AuthCodeClient(); $this->client->loginUser($this->getUserByUsername('user')); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('GET', "/api/domain/{$domain->getId()}/comments?d=2", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::PAGINATED_KEYS, $jsonData); self::assertIsArray($jsonData['items']); self::assertCount(1, $jsonData['items']); self::assertIsArray($jsonData['pagination']); self::assertArrayKeysMatch(self::PAGINATION_KEYS, $jsonData['pagination']); self::assertSame(1, $jsonData['pagination']['count']); self::assertIsArray($jsonData['items'][0]); self::assertArrayKeysMatch(self::ENTRY_COMMENT_RESPONSE_KEYS, $jsonData['items'][0]); self::assertEquals('test comment', $jsonData['items'][0]['body']); self::assertIsArray($jsonData['items'][0]['magazine']); self::assertArrayKeysMatch(self::MAGAZINE_SMALL_RESPONSE_KEYS, $jsonData['items'][0]['magazine']); self::assertSame($magazine->getId(), $jsonData['items'][0]['magazine']['magazineId']); self::assertSame(3, $jsonData['items'][0]['childCount']); self::assertIsArray($jsonData['items'][0]['children']); self::assertCount(1, $jsonData['items'][0]['children']); $child = $jsonData['items'][0]['children'][0]; self::assertIsArray($child); self::assertArrayKeysMatch(self::ENTRY_COMMENT_RESPONSE_KEYS, $child); self::assertSame(2, $child['childCount']); self::assertIsArray($child['children']); self::assertCount(1, $child['children']); self::assertIsArray($child['children'][0]); self::assertArrayKeysMatch(self::ENTRY_COMMENT_RESPONSE_KEYS, $child); self::assertSame(1, $child['children'][0]['childCount']); self::assertIsArray($child['children'][0]['children']); self::assertEmpty($child['children'][0]['children']); self::assertSame($comment->getId(), $jsonData['items'][0]['commentId']); self::assertSame($entry->getId(), $jsonData['items'][0]['entryId']); } public function testApiCanGetDomainEntryCommentsNewest(): void { $entry = $this->getEntryByTitle('entry', url: 'https://google.com'); $first = $this->createEntryComment('first', $entry); $second = $this->createEntryComment('second', $entry); $third = $this->createEntryComment('third', $entry); $domain = $entry->domain; $first->createdAt = new \DateTimeImmutable('-1 hour'); $second->createdAt = new \DateTimeImmutable('-1 second'); $third->createdAt = new \DateTimeImmutable(); $entityManager = $this->entityManager; $entityManager->persist($first); $entityManager->persist($second); $entityManager->persist($third); $entityManager->flush(); self::createOAuth2AuthCodeClient(); $this->client->loginUser($this->getUserByUsername('user')); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('GET', "/api/domain/{$domain->getId()}/comments?sort=newest", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::PAGINATED_KEYS, $jsonData); self::assertIsArray($jsonData['items']); self::assertCount(3, $jsonData['items']); self::assertIsArray($jsonData['pagination']); self::assertArrayKeysMatch(self::PAGINATION_KEYS, $jsonData['pagination']); self::assertSame(3, $jsonData['pagination']['count']); self::assertIsArray($jsonData['items'][0]); self::assertArrayKeysMatch(self::ENTRY_COMMENT_RESPONSE_KEYS, $jsonData['items'][0]); self::assertSame($third->getId(), $jsonData['items'][0]['commentId']); self::assertIsArray($jsonData['items'][1]); self::assertArrayKeysMatch(self::ENTRY_COMMENT_RESPONSE_KEYS, $jsonData['items'][1]); self::assertSame($second->getId(), $jsonData['items'][1]['commentId']); self::assertIsArray($jsonData['items'][2]); self::assertArrayKeysMatch(self::ENTRY_COMMENT_RESPONSE_KEYS, $jsonData['items'][2]); self::assertSame($first->getId(), $jsonData['items'][2]['commentId']); } public function testApiCanGetDomainEntryCommentsOldest(): void { $entry = $this->getEntryByTitle('entry', url: 'https://google.com'); $first = $this->createEntryComment('first', $entry); $second = $this->createEntryComment('second', $entry); $third = $this->createEntryComment('third', $entry); $domain = $entry->domain; $first->createdAt = new \DateTimeImmutable('-1 hour'); $second->createdAt = new \DateTimeImmutable('-1 second'); $third->createdAt = new \DateTimeImmutable(); $entityManager = $this->entityManager; $entityManager->persist($first); $entityManager->persist($second); $entityManager->persist($third); $entityManager->flush(); self::createOAuth2AuthCodeClient(); $this->client->loginUser($this->getUserByUsername('user')); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('GET', "/api/domain/{$domain->getId()}/comments?sort=oldest", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::PAGINATED_KEYS, $jsonData); self::assertIsArray($jsonData['items']); self::assertCount(3, $jsonData['items']); self::assertIsArray($jsonData['pagination']); self::assertArrayKeysMatch(self::PAGINATION_KEYS, $jsonData['pagination']); self::assertSame(3, $jsonData['pagination']['count']); self::assertIsArray($jsonData['items'][0]); self::assertArrayKeysMatch(self::ENTRY_COMMENT_RESPONSE_KEYS, $jsonData['items'][0]); self::assertSame($first->getId(), $jsonData['items'][0]['commentId']); self::assertIsArray($jsonData['items'][1]); self::assertArrayKeysMatch(self::ENTRY_COMMENT_RESPONSE_KEYS, $jsonData['items'][1]); self::assertSame($second->getId(), $jsonData['items'][1]['commentId']); self::assertIsArray($jsonData['items'][2]); self::assertArrayKeysMatch(self::ENTRY_COMMENT_RESPONSE_KEYS, $jsonData['items'][2]); self::assertSame($third->getId(), $jsonData['items'][2]['commentId']); } public function testApiCanGetDomainEntryCommentsActive(): void { $entry = $this->getEntryByTitle('entry', url: 'https://google.com'); $first = $this->createEntryComment('first', $entry); $second = $this->createEntryComment('second', $entry); $third = $this->createEntryComment('third', $entry); $domain = $entry->domain; $first->lastActive = new \DateTime('-1 hour'); $second->lastActive = new \DateTime('-1 second'); $third->lastActive = new \DateTime(); $entityManager = $this->entityManager; $entityManager->persist($first); $entityManager->persist($second); $entityManager->persist($third); $entityManager->flush(); self::createOAuth2AuthCodeClient(); $this->client->loginUser($this->getUserByUsername('user')); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('GET', "/api/domain/{$domain->getId()}/comments?sort=active", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::PAGINATED_KEYS, $jsonData); self::assertIsArray($jsonData['items']); self::assertCount(3, $jsonData['items']); self::assertIsArray($jsonData['pagination']); self::assertArrayKeysMatch(self::PAGINATION_KEYS, $jsonData['pagination']); self::assertSame(3, $jsonData['pagination']['count']); self::assertIsArray($jsonData['items'][0]); self::assertArrayKeysMatch(self::ENTRY_COMMENT_RESPONSE_KEYS, $jsonData['items'][0]); self::assertSame($third->getId(), $jsonData['items'][0]['commentId']); self::assertIsArray($jsonData['items'][1]); self::assertArrayKeysMatch(self::ENTRY_COMMENT_RESPONSE_KEYS, $jsonData['items'][1]); self::assertSame($second->getId(), $jsonData['items'][1]['commentId']); self::assertIsArray($jsonData['items'][2]); self::assertArrayKeysMatch(self::ENTRY_COMMENT_RESPONSE_KEYS, $jsonData['items'][2]); self::assertSame($first->getId(), $jsonData['items'][2]['commentId']); } public function testApiCanGetDomainEntryCommentsTop(): void { $entry = $this->getEntryByTitle('entry', url: 'https://google.com'); $first = $this->createEntryComment('first', $entry); $second = $this->createEntryComment('second', $entry); $third = $this->createEntryComment('third', $entry); $domain = $entry->domain; $favouriteManager = $this->favouriteManager; $favouriteManager->toggle($this->getUserByUsername('voter1'), $first); $favouriteManager->toggle($this->getUserByUsername('voter2'), $first); $favouriteManager->toggle($this->getUserByUsername('voter1'), $second); self::createOAuth2AuthCodeClient(); $this->client->loginUser($this->getUserByUsername('user')); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('GET', "/api/domain/{$domain->getId()}/comments?sort=top", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::PAGINATED_KEYS, $jsonData); self::assertIsArray($jsonData['items']); self::assertCount(3, $jsonData['items']); self::assertIsArray($jsonData['pagination']); self::assertArrayKeysMatch(self::PAGINATION_KEYS, $jsonData['pagination']); self::assertSame(3, $jsonData['pagination']['count']); self::assertIsArray($jsonData['items'][0]); self::assertArrayKeysMatch(self::ENTRY_COMMENT_RESPONSE_KEYS, $jsonData['items'][0]); self::assertSame($first->getId(), $jsonData['items'][0]['commentId']); self::assertSame(2, $jsonData['items'][0]['favourites']); self::assertIsArray($jsonData['items'][1]); self::assertArrayKeysMatch(self::ENTRY_COMMENT_RESPONSE_KEYS, $jsonData['items'][1]); self::assertSame($second->getId(), $jsonData['items'][1]['commentId']); self::assertSame(1, $jsonData['items'][1]['favourites']); self::assertIsArray($jsonData['items'][2]); self::assertArrayKeysMatch(self::ENTRY_COMMENT_RESPONSE_KEYS, $jsonData['items'][2]); self::assertSame($third->getId(), $jsonData['items'][2]['commentId']); self::assertSame(0, $jsonData['items'][2]['favourites']); } public function testApiCanGetDomainEntryCommentsHot(): void { $entry = $this->getEntryByTitle('entry', url: 'https://google.com'); $first = $this->createEntryComment('first', $entry); $second = $this->createEntryComment('second', $entry); $third = $this->createEntryComment('third', $entry); $domain = $entry->domain; $voteManager = $this->voteManager; $voteManager->vote(1, $first, $this->getUserByUsername('voter1'), rateLimit: false); $voteManager->vote(1, $first, $this->getUserByUsername('voter2'), rateLimit: false); $voteManager->vote(1, $second, $this->getUserByUsername('voter1'), rateLimit: false); self::createOAuth2AuthCodeClient(); $this->client->loginUser($this->getUserByUsername('user')); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('GET', "/api/domain/{$domain->getId()}/comments?sort=hot", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::PAGINATED_KEYS, $jsonData); self::assertIsArray($jsonData['items']); self::assertCount(3, $jsonData['items']); self::assertIsArray($jsonData['pagination']); self::assertArrayKeysMatch(self::PAGINATION_KEYS, $jsonData['pagination']); self::assertSame(3, $jsonData['pagination']['count']); self::assertIsArray($jsonData['items'][0]); self::assertArrayKeysMatch(self::ENTRY_COMMENT_RESPONSE_KEYS, $jsonData['items'][0]); self::assertSame($first->getId(), $jsonData['items'][0]['commentId']); self::assertSame(2, $jsonData['items'][0]['uv']); self::assertIsArray($jsonData['items'][1]); self::assertArrayKeysMatch(self::ENTRY_COMMENT_RESPONSE_KEYS, $jsonData['items'][1]); self::assertSame($second->getId(), $jsonData['items'][1]['commentId']); self::assertSame(1, $jsonData['items'][1]['uv']); self::assertIsArray($jsonData['items'][2]); self::assertArrayKeysMatch(self::ENTRY_COMMENT_RESPONSE_KEYS, $jsonData['items'][2]); self::assertSame($third->getId(), $jsonData['items'][2]['commentId']); self::assertSame(0, $jsonData['items'][2]['uv']); } public function testApiCanGetDomainEntryCommentsWithUserVoteStatus(): void { $this->getEntryByTitle('an entry', body: 'test'); $magazine = $this->getMagazineByNameNoRSAKey('somemag'); $entry = $this->getEntryByTitle('another entry', url: 'https://google.com', magazine: $magazine); $comment = $this->createEntryComment('test comment', $entry); $domain = $entry->domain; self::createOAuth2AuthCodeClient(); $this->client->loginUser($this->getUserByUsername('user')); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read vote'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('GET', "/api/domain/{$domain->getId()}/comments", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::PAGINATED_KEYS, $jsonData); self::assertIsArray($jsonData['items']); self::assertCount(1, $jsonData['items']); self::assertIsArray($jsonData['pagination']); self::assertArrayKeysMatch(self::PAGINATION_KEYS, $jsonData['pagination']); self::assertSame(1, $jsonData['pagination']['count']); self::assertIsArray($jsonData['items'][0]); self::assertArrayKeysMatch(self::ENTRY_COMMENT_RESPONSE_KEYS, $jsonData['items'][0]); self::assertSame($comment->getId(), $jsonData['items'][0]['commentId']); self::assertSame($entry->getId(), $jsonData['items'][0]['entryId']); self::assertEquals('test comment', $jsonData['items'][0]['body']); self::assertIsArray($jsonData['items'][0]['magazine']); self::assertArrayKeysMatch(self::MAGAZINE_SMALL_RESPONSE_KEYS, $jsonData['items'][0]['magazine']); self::assertSame($magazine->getId(), $jsonData['items'][0]['magazine']['magazineId']); self::assertIsArray($jsonData['items'][0]['user']); self::assertArrayKeysMatch(self::USER_SMALL_RESPONSE_KEYS, $jsonData['items'][0]['user']); if (null !== $jsonData['items'][0]['image']) { self::assertStringContainsString('google.com', parse_url($jsonData['items'][0]['image']['sourceUrl'], PHP_URL_HOST)); } self::assertEquals('en', $jsonData['items'][0]['lang']); self::assertEmpty($jsonData['items'][0]['tags']); self::assertSame(0, $jsonData['items'][0]['childCount']); self::assertIsArray($jsonData['items'][0]['children']); self::assertEmpty($jsonData['items'][0]['children']); self::assertSame(0, $jsonData['items'][0]['uv']); self::assertSame(0, $jsonData['items'][0]['dv']); self::assertSame(0, $jsonData['items'][0]['favourites']); self::assertFalse($jsonData['items'][0]['isFavourited']); self::assertSame(0, $jsonData['items'][0]['userVote']); self::assertFalse($jsonData['items'][0]['isAdult']); self::assertStringMatchesFormat('%d-%d-%dT%d:%d:%d%i:00', $jsonData['items'][0]['createdAt'], 'createdAt date format invalid'); self::assertNull($jsonData['items'][0]['editedAt']); self::assertStringMatchesFormat('%d-%d-%dT%d:%d:%d%i:00', $jsonData['items'][0]['lastActive'], 'lastActive date format invalid'); self::assertNull($jsonData['items'][0]['apId']); } } ================================================ FILE: tests/Functional/Controller/Api/Entry/Comment/EntryCommentCreateApiTest.php ================================================ getEntryByTitle('an entry', body: 'test'); $comment = [ 'body' => 'Test comment', 'lang' => 'en', 'isAdult' => false, ]; $this->client->jsonRequest( 'POST', "/api/entry/{$entry->getId()}/comments", parameters: $comment ); self::assertResponseStatusCodeSame(401); } public function testApiCannotCreateCommentWithoutScope(): void { $entry = $this->getEntryByTitle('an entry', body: 'test'); $comment = [ 'body' => 'Test comment', 'lang' => 'en', 'isAdult' => false, ]; self::createOAuth2AuthCodeClient(); $this->client->loginUser($this->getUserByUsername('user')); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->jsonRequest( 'POST', "/api/entry/{$entry->getId()}/comments", parameters: $comment, server: ['HTTP_AUTHORIZATION' => $token] ); self::assertResponseStatusCodeSame(403); } public function testApiCanCreateComment(): void { $entry = $this->getEntryByTitle('an entry', body: 'test'); $comment = [ 'body' => 'Test comment', 'lang' => 'en', 'isAdult' => false, ]; self::createOAuth2AuthCodeClient(); $user = $this->getUserByUsername('user'); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read entry_comment:create'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->jsonRequest( 'POST', "/api/entry/{$entry->getId()}/comments", parameters: $comment, server: ['HTTP_AUTHORIZATION' => $token] ); self::assertResponseStatusCodeSame(201); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::ENTRY_COMMENT_RESPONSE_KEYS, $jsonData); self::assertSame($comment['body'], $jsonData['body']); self::assertSame($comment['lang'], $jsonData['lang']); self::assertSame($comment['isAdult'], $jsonData['isAdult']); self::assertSame($entry->getId(), $jsonData['entryId']); self::assertIsArray($jsonData['magazine']); self::assertArrayKeysMatch(self::MAGAZINE_SMALL_RESPONSE_KEYS, $jsonData['magazine']); self::assertSame($entry->magazine->getId(), $jsonData['magazine']['magazineId']); self::assertIsArray($jsonData['user']); self::assertArrayKeysMatch(self::USER_SMALL_RESPONSE_KEYS, $jsonData['user']); self::assertSame($user->getId(), $jsonData['user']['userId']); self::assertNull($jsonData['rootId']); self::assertNull($jsonData['parentId']); } public function testApiCannotCreateCommentReplyAnonymous(): void { $entry = $this->getEntryByTitle('an entry', body: 'test'); $entryComment = $this->createEntryComment('a comment', $entry); $comment = [ 'body' => 'Test comment', 'lang' => 'en', 'isAdult' => false, ]; $this->client->jsonRequest( 'POST', "/api/entry/{$entry->getId()}/comments/{$entryComment->getId()}/reply", parameters: $comment ); self::assertResponseStatusCodeSame(401); } public function testApiCannotCreateCommentReplyWithoutScope(): void { $entry = $this->getEntryByTitle('an entry', body: 'test'); $entryComment = $this->createEntryComment('a comment', $entry); $comment = [ 'body' => 'Test comment', 'lang' => 'en', 'isAdult' => false, ]; self::createOAuth2AuthCodeClient(); $this->client->loginUser($this->getUserByUsername('user')); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->jsonRequest( 'POST', "/api/entry/{$entry->getId()}/comments/{$entryComment->getId()}/reply", parameters: $comment, server: ['HTTP_AUTHORIZATION' => $token] ); self::assertResponseStatusCodeSame(403); } public function testApiCanCreateCommentReply(): void { $entry = $this->getEntryByTitle('an entry', body: 'test'); $entryComment = $this->createEntryComment('a comment', $entry); $comment = [ 'body' => 'Test comment', 'lang' => 'en', 'isAdult' => false, ]; self::createOAuth2AuthCodeClient(); $user = $this->getUserByUsername('user'); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read entry_comment:create'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->jsonRequest( 'POST', "/api/entry/{$entry->getId()}/comments/{$entryComment->getId()}/reply", parameters: $comment, server: ['HTTP_AUTHORIZATION' => $token] ); self::assertResponseStatusCodeSame(201); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::ENTRY_COMMENT_RESPONSE_KEYS, $jsonData); self::assertSame($comment['body'], $jsonData['body']); self::assertSame($comment['lang'], $jsonData['lang']); self::assertSame($comment['isAdult'], $jsonData['isAdult']); self::assertSame($entry->getId(), $jsonData['entryId']); self::assertIsArray($jsonData['magazine']); self::assertArrayKeysMatch(self::MAGAZINE_SMALL_RESPONSE_KEYS, $jsonData['magazine']); self::assertSame($entry->magazine->getId(), $jsonData['magazine']['magazineId']); self::assertIsArray($jsonData['user']); self::assertArrayKeysMatch(self::USER_SMALL_RESPONSE_KEYS, $jsonData['user']); self::assertSame($user->getId(), $jsonData['user']['userId']); self::assertSame($entryComment->getId(), $jsonData['rootId']); self::assertSame($entryComment->getId(), $jsonData['parentId']); } public function testApiCannotCreateImageCommentAnonymous(): void { $entry = $this->getEntryByTitle('an entry', body: 'test'); $comment = [ 'body' => 'Test comment', 'lang' => 'en', 'isAdult' => false, 'alt' => 'It\'s Kibby!', ]; // Uploading a file appears to delete the file at the given path, so make a copy before upload $tmpPath = bin2hex(random_bytes(32)); copy($this->kibbyPath, $tmpPath.'.png'); $image = new UploadedFile($tmpPath.'.png', 'kibby_emoji.png', 'image/png'); $this->client->request( 'POST', "/api/entry/{$entry->getId()}/comments/image", parameters: $comment, files: ['uploadImage' => $image] ); self::assertResponseStatusCodeSame(401); } public function testApiCannotCreateImageCommentWithoutScope(): void { $entry = $this->getEntryByTitle('an entry', body: 'test'); $comment = [ 'body' => 'Test comment', 'lang' => 'en', 'isAdult' => false, 'alt' => 'It\'s Kibby!', ]; // Uploading a file appears to delete the file at the given path, so make a copy before upload $tmpPath = bin2hex(random_bytes(32)); copy($this->kibbyPath, $tmpPath.'.png'); $image = new UploadedFile($tmpPath.'.png', 'kibby_emoji.png', 'image/png'); self::createOAuth2AuthCodeClient(); $this->client->loginUser($this->getUserByUsername('user')); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request( 'POST', "/api/entry/{$entry->getId()}/comments/image", parameters: $comment, files: ['uploadImage' => $image], server: ['HTTP_AUTHORIZATION' => $token] ); self::assertResponseStatusCodeSame(403); } public function testApiCanCreateImageComment(): void { $entry = $this->getEntryByTitle('an entry', body: 'test'); $comment = [ 'body' => 'Test comment', 'lang' => 'en', 'isAdult' => false, 'alt' => 'It\'s Kibby!', ]; // Uploading a file appears to delete the file at the given path, so make a copy before upload $tmpPath = bin2hex(random_bytes(32)); copy($this->kibbyPath, $tmpPath.'.png'); $image = new UploadedFile($tmpPath.'.png', 'kibby_emoji.png', 'image/png'); self::createOAuth2AuthCodeClient(); $user = $this->getUserByUsername('user'); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read entry_comment:create'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request( 'POST', "/api/entry/{$entry->getId()}/comments/image", parameters: $comment, files: ['uploadImage' => $image], server: ['HTTP_AUTHORIZATION' => $token] ); self::assertResponseStatusCodeSame(201); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::ENTRY_COMMENT_RESPONSE_KEYS, $jsonData); self::assertSame($comment['body'], $jsonData['body']); self::assertSame($comment['lang'], $jsonData['lang']); self::assertSame($comment['isAdult'], $jsonData['isAdult']); self::assertSame($entry->getId(), $jsonData['entryId']); self::assertIsArray($jsonData['magazine']); self::assertArrayKeysMatch(self::MAGAZINE_SMALL_RESPONSE_KEYS, $jsonData['magazine']); self::assertSame($entry->magazine->getId(), $jsonData['magazine']['magazineId']); self::assertIsArray($jsonData['user']); self::assertArrayKeysMatch(self::USER_SMALL_RESPONSE_KEYS, $jsonData['user']); self::assertSame($user->getId(), $jsonData['user']['userId']); self::assertNull($jsonData['rootId']); self::assertNull($jsonData['parentId']); } public function testApiCannotCreateImageCommentReplyAnonymous(): void { $entry = $this->getEntryByTitle('an entry', body: 'test'); $entryComment = $this->createEntryComment('a comment', $entry); $comment = [ 'body' => 'Test comment', 'lang' => 'en', 'isAdult' => false, 'alt' => 'It\'s Kibby!', ]; // Uploading a file appears to delete the file at the given path, so make a copy before upload $tmpPath = bin2hex(random_bytes(32)); copy($this->kibbyPath, $tmpPath.'.png'); $image = new UploadedFile($tmpPath.'.png', 'kibby_emoji.png', 'image/png'); $this->client->request( 'POST', "/api/entry/{$entry->getId()}/comments/{$entryComment->getId()}/reply/image", parameters: $comment, files: ['uploadImage' => $image] ); self::assertResponseStatusCodeSame(401); } public function testApiCannotCreateImageCommentReplyWithoutScope(): void { $entry = $this->getEntryByTitle('an entry', body: 'test'); $entryComment = $this->createEntryComment('a comment', $entry); $comment = [ 'body' => 'Test comment', 'lang' => 'en', 'isAdult' => false, ]; // Uploading a file appears to delete the file at the given path, so make a copy before upload $tmpPath = bin2hex(random_bytes(32)); copy($this->kibbyPath, $tmpPath.'.png'); $image = new UploadedFile($tmpPath.'.png', 'kibby_emoji.png', 'image/png'); self::createOAuth2AuthCodeClient(); $this->client->loginUser($this->getUserByUsername('user')); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request( 'POST', "/api/entry/{$entry->getId()}/comments/{$entryComment->getId()}/reply/image", parameters: $comment, files: ['uploadImage' => $image], server: ['HTTP_AUTHORIZATION' => $token] ); self::assertResponseStatusCodeSame(403); } public function testApiCanCreateImageCommentReply(): void { $imageManager = $this->imageManager; $entry = $this->getEntryByTitle('an entry', body: 'test'); $entryComment = $this->createEntryComment('a comment', $entry); $comment = [ 'body' => 'Test comment', 'lang' => 'en', 'isAdult' => false, 'alt' => 'It\'s Kibby!', ]; // Uploading a file appears to delete the file at the given path, so make a copy before upload $tmpPath = bin2hex(random_bytes(32)); copy($this->kibbyPath, $tmpPath.'.png'); $image = new UploadedFile($tmpPath.'.png', 'kibby_emoji.png', 'image/png'); $resultingPath = $imageManager->getFilePath($image->getFilename()); self::createOAuth2AuthCodeClient(); $user = $this->getUserByUsername('user'); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read entry_comment:create'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request( 'POST', "/api/entry/{$entry->getId()}/comments/{$entryComment->getId()}/reply/image", parameters: $comment, files: ['uploadImage' => $image], server: ['HTTP_AUTHORIZATION' => $token] ); self::assertResponseStatusCodeSame(201); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::ENTRY_COMMENT_RESPONSE_KEYS, $jsonData); self::assertSame($comment['body'], $jsonData['body']); self::assertSame($comment['lang'], $jsonData['lang']); self::assertSame($comment['isAdult'], $jsonData['isAdult']); self::assertSame($entry->getId(), $jsonData['entryId']); self::assertIsArray($jsonData['magazine']); self::assertArrayKeysMatch(self::MAGAZINE_SMALL_RESPONSE_KEYS, $jsonData['magazine']); self::assertSame($entry->magazine->getId(), $jsonData['magazine']['magazineId']); self::assertIsArray($jsonData['user']); self::assertArrayKeysMatch(self::USER_SMALL_RESPONSE_KEYS, $jsonData['user']); self::assertSame($user->getId(), $jsonData['user']['userId']); self::assertSame($entryComment->getId(), $jsonData['rootId']); self::assertSame($entryComment->getId(), $jsonData['parentId']); self::assertIsArray($jsonData['image']); self::assertArrayKeysMatch(self::IMAGE_KEYS, $jsonData['image']); self::assertEquals($resultingPath, $jsonData['image']['filePath']); } } ================================================ FILE: tests/Functional/Controller/Api/Entry/Comment/EntryCommentDeleteApiTest.php ================================================ getEntryByTitle('an entry', body: 'test'); $comment = $this->createEntryComment('test comment', $entry); $this->client->request('DELETE', "/api/comments/{$comment->getId()}"); self::assertResponseStatusCodeSame(401); } public function testApiCannotDeleteCommentWithoutScope(): void { $user = $this->getUserByUsername('user'); $entry = $this->getEntryByTitle('an entry', body: 'test'); $comment = $this->createEntryComment('test comment', $entry, $user); self::createOAuth2AuthCodeClient(); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('DELETE', "/api/comments/{$comment->getId()}", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); } public function testApiCannotDeleteOtherUsersComment(): void { $user = $this->getUserByUsername('user'); $user2 = $this->getUserByUsername('other'); $entry = $this->getEntryByTitle('an entry', body: 'test'); $comment = $this->createEntryComment('test comment', $entry, $user2); self::createOAuth2AuthCodeClient(); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read entry_comment:delete'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('DELETE', "/api/comments/{$comment->getId()}", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); } public function testApiCanDeleteComment(): void { $user = $this->getUserByUsername('user'); $entry = $this->getEntryByTitle('an entry', body: 'test'); $comment = $this->createEntryComment('test comment', $entry, $user); $commentRepository = $this->entryCommentRepository; self::createOAuth2AuthCodeClient(); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read entry_comment:delete'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('DELETE', "/api/comments/{$comment->getId()}", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(204); $comment = $commentRepository->find($comment->getId()); self::assertNull($comment); } public function testApiCanSoftDeleteComment(): void { $user = $this->getUserByUsername('user'); $entry = $this->getEntryByTitle('an entry', body: 'test'); $comment = $this->createEntryComment('test comment', $entry, $user); $this->createEntryComment('test comment', $entry, $user, $comment); $commentRepository = $this->entryCommentRepository; self::createOAuth2AuthCodeClient(); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read entry_comment:delete'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('DELETE', "/api/comments/{$comment->getId()}", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(204); $comment = $commentRepository->find($comment->getId()); self::assertNotNull($comment); self::assertTrue($comment->isSoftDeleted()); } } ================================================ FILE: tests/Functional/Controller/Api/Entry/Comment/EntryCommentReportApiTest.php ================================================ getEntryByTitle('an entry', body: 'test'); $comment = $this->createEntryComment('test comment', $entry); $report = [ 'reason' => 'This comment breaks the rules!', ]; $this->client->jsonRequest('POST', "/api/comments/{$comment->getId()}/report", $report); self::assertResponseStatusCodeSame(401); } public function testApiCannotReportCommentWithoutScope(): void { $user = $this->getUserByUsername('user'); $entry = $this->getEntryByTitle('an entry', body: 'test'); $comment = $this->createEntryComment('test comment', $entry, $user); $report = [ 'reason' => 'This comment breaks the rules!', ]; self::createOAuth2AuthCodeClient(); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->jsonRequest('POST', "/api/comments/{$comment->getId()}/report", $report, server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); } public function testApiCanReportOtherUsersComment(): void { $user = $this->getUserByUsername('user'); $user2 = $this->getUserByUsername('other'); $entry = $this->getEntryByTitle('an entry', body: 'test'); $comment = $this->createEntryComment('test comment', $entry, $user2); $reportRepository = $this->reportRepository; $report = [ 'reason' => 'This comment breaks the rules!', ]; self::createOAuth2AuthCodeClient(); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read entry_comment:report'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->jsonRequest('POST', "/api/comments/{$comment->getId()}/report", $report, server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(204); $report = $reportRepository->findBySubject($comment); self::assertNotNull($report); self::assertSame('This comment breaks the rules!', $report->reason); self::assertSame($user->getId(), $report->reporting->getId()); } public function testApiCanReportOwnComment(): void { $user = $this->getUserByUsername('user'); $entry = $this->getEntryByTitle('an entry', body: 'test'); $comment = $this->createEntryComment('test comment', $entry, $user); $reportRepository = $this->reportRepository; $report = [ 'reason' => 'This comment breaks the rules!', ]; self::createOAuth2AuthCodeClient(); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read entry_comment:report'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->jsonRequest('POST', "/api/comments/{$comment->getId()}/report", $report, server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(204); $report = $reportRepository->findBySubject($comment); self::assertNotNull($report); self::assertSame('This comment breaks the rules!', $report->reason); self::assertSame($user->getId(), $report->reporting->getId()); } } ================================================ FILE: tests/Functional/Controller/Api/Entry/Comment/EntryCommentRetrieveApiTest.php ================================================ getEntryByTitle('test entry', body: 'test'); for ($i = 0; $i < 5; ++$i) { $this->createEntryComment("test parent comment {$i}", $entry); } $this->client->request('GET', "/api/entry/{$entry->getId()}/comments"); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::PAGINATED_KEYS, $jsonData); self::assertIsArray($jsonData['items']); self::assertCount(5, $jsonData['items']); self::assertIsArray($jsonData['pagination']); self::assertArrayKeysMatch(self::PAGINATION_KEYS, $jsonData['pagination']); self::assertSame(5, $jsonData['pagination']['count']); foreach ($jsonData['items'] as $comment) { self::assertIsArray($comment); self::assertArrayKeysMatch(self::ENTRY_COMMENT_RESPONSE_KEYS, $comment); self::assertIsArray($comment['user']); self::assertArrayKeysMatch(self::USER_SMALL_RESPONSE_KEYS, $comment['user']); self::assertIsArray($comment['magazine']); self::assertArrayKeysMatch(self::MAGAZINE_SMALL_RESPONSE_KEYS, $comment['magazine']); self::assertSame($entry->getId(), $comment['entryId']); self::assertStringContainsString('test parent comment', $comment['body']); self::assertSame('en', $comment['lang']); self::assertSame(0, $comment['uv']); self::assertSame(0, $comment['dv']); self::assertSame(0, $comment['favourites']); self::assertSame(0, $comment['childCount']); self::assertSame('visible', $comment['visibility']); self::assertIsArray($comment['mentions']); self::assertEmpty($comment['mentions']); self::assertIsArray($comment['children']); self::assertEmpty($comment['children']); self::assertFalse($comment['isAdult']); self::assertNull($comment['image']); self::assertNull($comment['parentId']); self::assertNull($comment['rootId']); self::assertNull($comment['isFavourited']); self::assertNull($comment['userVote']); self::assertNull($comment['apId']); self::assertEmpty($comment['tags']); self::assertNull($comment['editedAt']); self::assertStringMatchesFormat('%d-%d-%dT%d:%d:%d%i:00', $comment['createdAt'], 'createdAt date format invalid'); self::assertStringMatchesFormat('%d-%d-%dT%d:%d:%d%i:00', $comment['lastActive'], 'lastActive date format invalid'); self::assertNull($comment['bookmarks']); } } public function testApiCannotGetEntryCommentsByPreferredLangAnonymous(): void { $entry = $this->getEntryByTitle('test entry', body: 'test'); for ($i = 0; $i < 5; ++$i) { $this->createEntryComment("test parent comment {$i}", $entry); } $this->client->request('GET', "/api/entry/{$entry->getId()}/comments?usePreferredLangs=true"); self::assertResponseStatusCodeSame(403); } public function testApiCanGetEntryCommentsByPreferredLang(): void { $entry = $this->getEntryByTitle('test entry', body: 'test'); for ($i = 0; $i < 5; ++$i) { $this->createEntryComment("test parent comment {$i}", $entry); $this->createEntryComment("test german parent comment {$i}", $entry, lang: 'de'); $this->createEntryComment("test dutch parent comment {$i}", $entry, lang: 'nl'); } self::createOAuth2AuthCodeClient(); $user = $this->getUserByUsername('user'); $user->preferredLanguages = ['en', 'de']; $entityManager = $this->entityManager; $entityManager->persist($user); $entityManager->flush(); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('GET', "/api/entry/{$entry->getId()}/comments?usePreferredLangs=true", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::PAGINATED_KEYS, $jsonData); self::assertIsArray($jsonData['items']); self::assertCount(10, $jsonData['items']); self::assertIsArray($jsonData['pagination']); self::assertArrayKeysMatch(self::PAGINATION_KEYS, $jsonData['pagination']); self::assertSame(10, $jsonData['pagination']['count']); foreach ($jsonData['items'] as $comment) { self::assertIsArray($comment); self::assertArrayKeysMatch(self::ENTRY_COMMENT_RESPONSE_KEYS, $comment); self::assertIsArray($comment['user']); self::assertArrayKeysMatch(self::USER_SMALL_RESPONSE_KEYS, $comment['user']); self::assertIsArray($comment['magazine']); self::assertArrayKeysMatch(self::MAGAZINE_SMALL_RESPONSE_KEYS, $comment['magazine']); self::assertSame($entry->getId(), $comment['entryId']); self::assertStringContainsString('parent comment', $comment['body']); self::assertTrue('en' === $comment['lang'] || 'de' === $comment['lang']); self::assertSame(0, $comment['uv']); self::assertSame(0, $comment['dv']); self::assertSame(0, $comment['favourites']); self::assertSame(0, $comment['childCount']); self::assertSame('visible', $comment['visibility']); self::assertIsArray($comment['mentions']); self::assertEmpty($comment['mentions']); self::assertIsArray($comment['children']); self::assertEmpty($comment['children']); self::assertFalse($comment['isAdult']); self::assertNull($comment['image']); self::assertNull($comment['parentId']); self::assertNull($comment['rootId']); // No scope granted so these should be null self::assertNull($comment['isFavourited']); self::assertNull($comment['userVote']); self::assertNull($comment['apId']); self::assertEmpty($comment['tags']); self::assertNull($comment['editedAt']); self::assertStringMatchesFormat('%d-%d-%dT%d:%d:%d%i:00', $comment['createdAt'], 'createdAt date format invalid'); self::assertStringMatchesFormat('%d-%d-%dT%d:%d:%d%i:00', $comment['lastActive'], 'lastActive date format invalid'); self::assertIsArray($comment['bookmarks']); self::assertEmpty($comment['bookmarks']); } } public function testApiCanGetEntryCommentsWithLanguageAnonymous(): void { $entry = $this->getEntryByTitle('test entry', body: 'test'); for ($i = 0; $i < 5; ++$i) { $this->createEntryComment("test parent comment {$i}", $entry); $this->createEntryComment("test german parent comment {$i}", $entry, lang: 'de'); $this->createEntryComment("test dutch comment {$i}", $entry, lang: 'nl'); } $this->client->request('GET', "/api/entry/{$entry->getId()}/comments?lang[]=en&lang[]=de"); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::PAGINATED_KEYS, $jsonData); self::assertIsArray($jsonData['items']); self::assertCount(10, $jsonData['items']); self::assertIsArray($jsonData['pagination']); self::assertArrayKeysMatch(self::PAGINATION_KEYS, $jsonData['pagination']); self::assertSame(10, $jsonData['pagination']['count']); foreach ($jsonData['items'] as $comment) { self::assertIsArray($comment); self::assertArrayKeysMatch(self::ENTRY_COMMENT_RESPONSE_KEYS, $comment); self::assertIsArray($comment['user']); self::assertArrayKeysMatch(self::USER_SMALL_RESPONSE_KEYS, $comment['user']); self::assertIsArray($comment['magazine']); self::assertArrayKeysMatch(self::MAGAZINE_SMALL_RESPONSE_KEYS, $comment['magazine']); self::assertSame($entry->getId(), $comment['entryId']); self::assertStringContainsString('parent comment', $comment['body']); self::assertTrue('en' === $comment['lang'] || 'de' === $comment['lang']); self::assertSame(0, $comment['uv']); self::assertSame(0, $comment['dv']); self::assertSame(0, $comment['favourites']); self::assertSame(0, $comment['childCount']); self::assertSame('visible', $comment['visibility']); self::assertIsArray($comment['mentions']); self::assertEmpty($comment['mentions']); self::assertIsArray($comment['children']); self::assertEmpty($comment['children']); self::assertFalse($comment['isAdult']); self::assertNull($comment['image']); self::assertNull($comment['parentId']); self::assertNull($comment['rootId']); self::assertNull($comment['isFavourited']); self::assertNull($comment['userVote']); self::assertNull($comment['apId']); self::assertEmpty($comment['tags']); self::assertNull($comment['editedAt']); self::assertStringMatchesFormat('%d-%d-%dT%d:%d:%d%i:00', $comment['createdAt'], 'createdAt date format invalid'); self::assertStringMatchesFormat('%d-%d-%dT%d:%d:%d%i:00', $comment['lastActive'], 'lastActive date format invalid'); self::assertNull($comment['bookmarks']); } } public function testApiCanGetEntryCommentsWithLanguage(): void { $entry = $this->getEntryByTitle('test entry', body: 'test'); for ($i = 0; $i < 5; ++$i) { $this->createEntryComment("test parent comment {$i}", $entry); $this->createEntryComment("test german parent comment {$i}", $entry, lang: 'de'); $this->createEntryComment("test dutch parent comment {$i}", $entry, lang: 'nl'); } self::createOAuth2AuthCodeClient(); $this->client->loginUser($this->getUserByUsername('user')); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('GET', "/api/entry/{$entry->getId()}/comments?lang[]=en&lang[]=de", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::PAGINATED_KEYS, $jsonData); self::assertIsArray($jsonData['items']); self::assertCount(10, $jsonData['items']); self::assertIsArray($jsonData['pagination']); self::assertArrayKeysMatch(self::PAGINATION_KEYS, $jsonData['pagination']); self::assertSame(10, $jsonData['pagination']['count']); foreach ($jsonData['items'] as $comment) { self::assertIsArray($comment); self::assertArrayKeysMatch(self::ENTRY_COMMENT_RESPONSE_KEYS, $comment); self::assertIsArray($comment['user']); self::assertArrayKeysMatch(self::USER_SMALL_RESPONSE_KEYS, $comment['user']); self::assertIsArray($comment['magazine']); self::assertArrayKeysMatch(self::MAGAZINE_SMALL_RESPONSE_KEYS, $comment['magazine']); self::assertSame($entry->getId(), $comment['entryId']); self::assertStringContainsString('parent comment', $comment['body']); self::assertTrue('en' === $comment['lang'] || 'de' === $comment['lang']); self::assertSame(0, $comment['uv']); self::assertSame(0, $comment['dv']); self::assertSame(0, $comment['favourites']); self::assertSame(0, $comment['childCount']); self::assertSame('visible', $comment['visibility']); self::assertIsArray($comment['mentions']); self::assertEmpty($comment['mentions']); self::assertIsArray($comment['children']); self::assertEmpty($comment['children']); self::assertFalse($comment['isAdult']); self::assertNull($comment['image']); self::assertNull($comment['parentId']); self::assertNull($comment['rootId']); // No scope granted so these should be null self::assertNull($comment['isFavourited']); self::assertNull($comment['userVote']); self::assertNull($comment['apId']); self::assertEmpty($comment['tags']); self::assertNull($comment['editedAt']); self::assertStringMatchesFormat('%d-%d-%dT%d:%d:%d%i:00', $comment['createdAt'], 'createdAt date format invalid'); self::assertStringMatchesFormat('%d-%d-%dT%d:%d:%d%i:00', $comment['lastActive'], 'lastActive date format invalid'); self::assertIsArray($comment['bookmarks']); self::assertEmpty($comment['bookmarks']); } } public function testApiCanGetEntryComments(): void { $entry = $this->getEntryByTitle('test entry', body: 'test'); for ($i = 0; $i < 5; ++$i) { $this->createEntryComment("test parent comment {$i}", $entry); } self::createOAuth2AuthCodeClient(); $this->client->loginUser($this->getUserByUsername('user')); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('GET', "/api/entry/{$entry->getId()}/comments", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::PAGINATED_KEYS, $jsonData); self::assertIsArray($jsonData['items']); self::assertCount(5, $jsonData['items']); self::assertIsArray($jsonData['pagination']); self::assertArrayKeysMatch(self::PAGINATION_KEYS, $jsonData['pagination']); self::assertSame(5, $jsonData['pagination']['count']); foreach ($jsonData['items'] as $comment) { self::assertIsArray($comment); self::assertArrayKeysMatch(self::ENTRY_COMMENT_RESPONSE_KEYS, $comment); self::assertIsArray($comment['user']); self::assertArrayKeysMatch(self::USER_SMALL_RESPONSE_KEYS, $comment['user']); self::assertIsArray($comment['magazine']); self::assertArrayKeysMatch(self::MAGAZINE_SMALL_RESPONSE_KEYS, $comment['magazine']); self::assertSame($entry->getId(), $comment['entryId']); self::assertStringContainsString('test parent comment', $comment['body']); self::assertSame('en', $comment['lang']); self::assertSame(0, $comment['uv']); self::assertSame(0, $comment['dv']); self::assertSame(0, $comment['favourites']); self::assertSame(0, $comment['childCount']); self::assertSame('visible', $comment['visibility']); self::assertIsArray($comment['mentions']); self::assertEmpty($comment['mentions']); self::assertIsArray($comment['children']); self::assertEmpty($comment['children']); self::assertFalse($comment['isAdult']); self::assertNull($comment['image']); self::assertNull($comment['parentId']); self::assertNull($comment['rootId']); // No scope granted so these should be null self::assertNull($comment['isFavourited']); self::assertNull($comment['userVote']); self::assertNull($comment['apId']); self::assertEmpty($comment['tags']); self::assertNull($comment['editedAt']); self::assertStringMatchesFormat('%d-%d-%dT%d:%d:%d%i:00', $comment['createdAt'], 'createdAt date format invalid'); self::assertStringMatchesFormat('%d-%d-%dT%d:%d:%d%i:00', $comment['lastActive'], 'lastActive date format invalid'); self::assertIsArray($comment['bookmarks']); self::assertEmpty($comment['bookmarks']); } } public function testApiCanGetEntryCommentsWithChildren(): void { $entry = $this->getEntryByTitle('test entry', body: 'test'); for ($i = 0; $i < 5; ++$i) { $comment = $this->createEntryComment("test parent comment {$i}", $entry); $this->createEntryComment("test child comment {$i}", $entry, parent: $comment); } self::createOAuth2AuthCodeClient(); $this->client->loginUser($this->getUserByUsername('user')); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('GET', "/api/entry/{$entry->getId()}/comments", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::PAGINATED_KEYS, $jsonData); self::assertIsArray($jsonData['items']); self::assertCount(5, $jsonData['items']); self::assertIsArray($jsonData['pagination']); self::assertArrayKeysMatch(self::PAGINATION_KEYS, $jsonData['pagination']); self::assertSame(5, $jsonData['pagination']['count']); foreach ($jsonData['items'] as $comment) { self::assertIsArray($comment); self::assertArrayKeysMatch(self::ENTRY_COMMENT_RESPONSE_KEYS, $comment); self::assertIsArray($comment['user']); self::assertArrayKeysMatch(self::USER_SMALL_RESPONSE_KEYS, $comment['user']); self::assertIsArray($comment['magazine']); self::assertArrayKeysMatch(self::MAGAZINE_SMALL_RESPONSE_KEYS, $comment['magazine']); self::assertSame($entry->getId(), $comment['entryId']); self::assertStringContainsString('test parent comment', $comment['body']); self::assertSame('en', $comment['lang']); self::assertSame(0, $comment['uv']); self::assertSame(0, $comment['dv']); self::assertSame(0, $comment['favourites']); self::assertSame(1, $comment['childCount']); self::assertSame('visible', $comment['visibility']); self::assertIsArray($comment['mentions']); self::assertEmpty($comment['mentions']); self::assertIsArray($comment['children']); self::assertCount(1, $comment['children']); self::assertIsArray($comment['children'][0]); self::assertArrayKeysMatch(self::ENTRY_COMMENT_RESPONSE_KEYS, $comment['children'][0]); self::assertStringContainsString('test child comment', $comment['children'][0]['body']); self::assertFalse($comment['isAdult']); self::assertNull($comment['image']); self::assertNull($comment['parentId']); self::assertNull($comment['rootId']); // No scope granted so these should be null self::assertNull($comment['isFavourited']); self::assertNull($comment['userVote']); self::assertNull($comment['apId']); self::assertEmpty($comment['tags']); self::assertNull($comment['editedAt']); self::assertStringMatchesFormat('%d-%d-%dT%d:%d:%d%i:00', $comment['createdAt'], 'createdAt date format invalid'); self::assertStringMatchesFormat('%d-%d-%dT%d:%d:%d%i:00', $comment['lastActive'], 'lastActive date format invalid'); self::assertIsArray($comment['bookmarks']); self::assertEmpty($comment['bookmarks']); } } public function testApiCanGetEntryCommentsLimitedDepth(): void { $entry = $this->getEntryByTitle('test entry', body: 'test'); for ($i = 0; $i < 2; ++$i) { $comment = $this->createEntryComment("test parent comment {$i}", $entry); $parent = $comment; for ($j = 1; $j <= 5; ++$j) { $parent = $this->createEntryComment("test child comment {$i} depth {$j}", $entry, parent: $parent); } } self::createOAuth2AuthCodeClient(); $this->client->loginUser($this->getUserByUsername('user')); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('GET', "/api/entry/{$entry->getId()}/comments?d=3", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::PAGINATED_KEYS, $jsonData); self::assertIsArray($jsonData['items']); self::assertCount(2, $jsonData['items']); self::assertIsArray($jsonData['pagination']); self::assertArrayKeysMatch(self::PAGINATION_KEYS, $jsonData['pagination']); self::assertSame(2, $jsonData['pagination']['count']); foreach ($jsonData['items'] as $comment) { self::assertIsArray($comment); self::assertArrayKeysMatch(self::ENTRY_COMMENT_RESPONSE_KEYS, $comment); self::assertIsArray($comment['user']); self::assertArrayKeysMatch(self::USER_SMALL_RESPONSE_KEYS, $comment['user']); self::assertIsArray($comment['magazine']); self::assertArrayKeysMatch(self::MAGAZINE_SMALL_RESPONSE_KEYS, $comment['magazine']); self::assertSame($entry->getId(), $comment['entryId']); self::assertStringContainsString('test parent comment', $comment['body']); self::assertSame('en', $comment['lang']); self::assertSame(0, $comment['uv']); self::assertSame(0, $comment['dv']); self::assertSame(0, $comment['favourites']); self::assertSame(5, $comment['childCount']); self::assertSame('visible', $comment['visibility']); self::assertIsArray($comment['mentions']); self::assertEmpty($comment['mentions']); self::assertIsArray($comment['children']); self::assertCount(1, $comment['children']); $depth = 0; $current = $comment; while (\count($current['children']) > 0) { self::assertIsArray($current['children'][0]); self::assertArrayKeysMatch(self::ENTRY_COMMENT_RESPONSE_KEYS, $current['children'][0]); self::assertStringContainsString('test child comment', $current['children'][0]['body']); self::assertSame(5 - ($depth + 1), $current['children'][0]['childCount']); $current = $current['children'][0]; ++$depth; } self::assertSame(3, $depth); self::assertFalse($comment['isAdult']); self::assertNull($comment['image']); self::assertNull($comment['parentId']); self::assertNull($comment['rootId']); // No scope granted so these should be null self::assertNull($comment['isFavourited']); self::assertNull($comment['userVote']); self::assertNull($comment['apId']); self::assertEmpty($comment['tags']); self::assertNull($comment['editedAt']); self::assertStringMatchesFormat('%d-%d-%dT%d:%d:%d%i:00', $comment['createdAt'], 'createdAt date format invalid'); self::assertStringMatchesFormat('%d-%d-%dT%d:%d:%d%i:00', $comment['lastActive'], 'lastActive date format invalid'); self::assertIsArray($comment['bookmarks']); self::assertEmpty($comment['bookmarks']); } } public function testApiCanGetEntryCommentByIdAnonymous(): void { $entry = $this->getEntryByTitle('test entry', body: 'test'); $comment = $this->createEntryComment('test parent comment', $entry); $this->client->request('GET', "/api/comments/{$comment->getId()}"); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::ENTRY_COMMENT_RESPONSE_KEYS, $jsonData); self::assertIsArray($jsonData['user']); self::assertArrayKeysMatch(self::USER_SMALL_RESPONSE_KEYS, $jsonData['user']); self::assertIsArray($jsonData['magazine']); self::assertArrayKeysMatch(self::MAGAZINE_SMALL_RESPONSE_KEYS, $jsonData['magazine']); self::assertSame($entry->getId(), $jsonData['entryId']); self::assertStringContainsString('test parent comment', $jsonData['body']); self::assertSame('en', $jsonData['lang']); self::assertSame(0, $jsonData['uv']); self::assertSame(0, $jsonData['dv']); self::assertSame(0, $jsonData['favourites']); self::assertSame(0, $jsonData['childCount']); self::assertSame('visible', $jsonData['visibility']); self::assertIsArray($jsonData['mentions']); self::assertEmpty($jsonData['mentions']); self::assertIsArray($jsonData['children']); self::assertEmpty($jsonData['children']); self::assertFalse($jsonData['isAdult']); self::assertNull($jsonData['image']); self::assertNull($jsonData['parentId']); self::assertNull($jsonData['rootId']); self::assertNull($jsonData['isFavourited']); self::assertNull($jsonData['userVote']); self::assertNull($jsonData['apId']); self::assertEmpty($jsonData['tags']); self::assertNull($jsonData['editedAt']); self::assertStringMatchesFormat('%d-%d-%dT%d:%d:%d%i:00', $jsonData['createdAt'], 'createdAt date format invalid'); self::assertStringMatchesFormat('%d-%d-%dT%d:%d:%d%i:00', $jsonData['lastActive'], 'lastActive date format invalid'); self::assertNull($jsonData['bookmarks']); } public function testApiCanGetEntryCommentById(): void { $entry = $this->getEntryByTitle('test entry', body: 'test'); $comment = $this->createEntryComment('test parent comment', $entry); self::createOAuth2AuthCodeClient(); $this->client->loginUser($this->getUserByUsername('user')); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('GET', "/api/comments/{$comment->getId()}", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::ENTRY_COMMENT_RESPONSE_KEYS, $jsonData); self::assertIsArray($jsonData['user']); self::assertArrayKeysMatch(self::USER_SMALL_RESPONSE_KEYS, $jsonData['user']); self::assertIsArray($jsonData['magazine']); self::assertArrayKeysMatch(self::MAGAZINE_SMALL_RESPONSE_KEYS, $jsonData['magazine']); self::assertSame($entry->getId(), $jsonData['entryId']); self::assertStringContainsString('test parent comment', $jsonData['body']); self::assertSame('en', $jsonData['lang']); self::assertSame(0, $jsonData['uv']); self::assertSame(0, $jsonData['dv']); self::assertSame(0, $jsonData['favourites']); self::assertSame(0, $jsonData['childCount']); self::assertSame('visible', $jsonData['visibility']); self::assertIsArray($jsonData['mentions']); self::assertEmpty($jsonData['mentions']); self::assertIsArray($jsonData['children']); self::assertEmpty($jsonData['children']); self::assertFalse($jsonData['isAdult']); self::assertNull($jsonData['image']); self::assertNull($jsonData['parentId']); self::assertNull($jsonData['rootId']); // No scope granted so these should be null self::assertNull($jsonData['isFavourited']); self::assertNull($jsonData['userVote']); self::assertNull($jsonData['apId']); self::assertEmpty($jsonData['tags']); self::assertNull($jsonData['editedAt']); self::assertStringMatchesFormat('%d-%d-%dT%d:%d:%d%i:00', $jsonData['createdAt'], 'createdAt date format invalid'); self::assertStringMatchesFormat('%d-%d-%dT%d:%d:%d%i:00', $jsonData['lastActive'], 'lastActive date format invalid'); self::assertIsArray($jsonData['bookmarks']); self::assertEmpty($jsonData['bookmarks']); } public function testApiCanGetEntryCommentByIdWithDepth(): void { $entry = $this->getEntryByTitle('test entry', body: 'test'); $comment = $this->createEntryComment('test parent comment', $entry); $parent = $comment; for ($i = 0; $i < 5; ++$i) { $parent = $this->createEntryComment('test nested reply', $entry, parent: $parent); } self::createOAuth2AuthCodeClient(); $this->client->loginUser($this->getUserByUsername('user')); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('GET', "/api/comments/{$comment->getId()}?d=2", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::ENTRY_COMMENT_RESPONSE_KEYS, $jsonData); self::assertIsArray($jsonData['user']); self::assertArrayKeysMatch(self::USER_SMALL_RESPONSE_KEYS, $jsonData['user']); self::assertIsArray($jsonData['magazine']); self::assertArrayKeysMatch(self::MAGAZINE_SMALL_RESPONSE_KEYS, $jsonData['magazine']); self::assertSame($entry->getId(), $jsonData['entryId']); self::assertStringContainsString('test parent comment', $jsonData['body']); self::assertSame('en', $jsonData['lang']); self::assertSame(0, $jsonData['uv']); self::assertSame(0, $jsonData['dv']); self::assertSame(0, $jsonData['favourites']); self::assertSame(5, $jsonData['childCount']); self::assertSame('visible', $jsonData['visibility']); self::assertIsArray($jsonData['mentions']); self::assertEmpty($jsonData['mentions']); self::assertIsArray($jsonData['children']); self::assertCount(1, $jsonData['children']); self::assertFalse($jsonData['isAdult']); self::assertNull($jsonData['image']); self::assertNull($jsonData['parentId']); self::assertNull($jsonData['rootId']); // No scope granted so these should be null self::assertNull($jsonData['isFavourited']); self::assertNull($jsonData['userVote']); self::assertNull($jsonData['apId']); self::assertEmpty($jsonData['tags']); self::assertNull($jsonData['editedAt']); self::assertStringMatchesFormat('%d-%d-%dT%d:%d:%d%i:00', $jsonData['createdAt'], 'createdAt date format invalid'); self::assertStringMatchesFormat('%d-%d-%dT%d:%d:%d%i:00', $jsonData['lastActive'], 'lastActive date format invalid'); self::assertIsArray($jsonData['bookmarks']); self::assertEmpty($jsonData['bookmarks']); $depth = 0; $current = $jsonData; while (\count($current['children']) > 0) { self::assertIsArray($current['children'][0]); self::assertArrayKeysMatch(self::ENTRY_COMMENT_RESPONSE_KEYS, $current['children'][0]); ++$depth; $current = $current['children'][0]; } self::assertSame(2, $depth); } } ================================================ FILE: tests/Functional/Controller/Api/Entry/Comment/EntryCommentUpdateApiTest.php ================================================ getEntryByTitle('an entry', body: 'test'); $comment = $this->createEntryComment('test comment', $entry); $update = [ 'body' => 'updated body', 'lang' => 'de', 'isAdult' => true, ]; $this->client->jsonRequest('PUT', "/api/comments/{$comment->getId()}", $update); self::assertResponseStatusCodeSame(401); } public function testApiCannotUpdateCommentWithoutScope(): void { $user = $this->getUserByUsername('user'); $entry = $this->getEntryByTitle('an entry', body: 'test'); $comment = $this->createEntryComment('test comment', $entry, $user); $update = [ 'body' => 'updated body', 'lang' => 'de', 'isAdult' => true, ]; self::createOAuth2AuthCodeClient(); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->jsonRequest('PUT', "/api/comments/{$comment->getId()}", $update, server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); } public function testApiCannotUpdateOtherUsersComment(): void { $user = $this->getUserByUsername('user'); $user2 = $this->getUserByUsername('other'); $entry = $this->getEntryByTitle('an entry', body: 'test'); $comment = $this->createEntryComment('test comment', $entry, $user2); $update = [ 'body' => 'updated body', 'lang' => 'de', 'isAdult' => true, ]; self::createOAuth2AuthCodeClient(); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read entry_comment:edit'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->jsonRequest('PUT', "/api/comments/{$comment->getId()}", $update, server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); } public function testApiCanUpdateComment(): void { $user = $this->getUserByUsername('user'); $entry = $this->getEntryByTitle('an entry', body: 'test'); $comment = $this->createEntryComment('test comment', $entry, $user); $parent = $comment; for ($i = 0; $i < 5; ++$i) { $parent = $this->createEntryComment('test reply', $entry, $user, $parent); } $update = [ 'body' => 'updated body', 'lang' => 'de', 'isAdult' => true, ]; self::createOAuth2AuthCodeClient(); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read entry_comment:edit'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->jsonRequest('PUT', "/api/comments/{$comment->getId()}?d=2", $update, server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(200); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::ENTRY_COMMENT_RESPONSE_KEYS, $jsonData); self::assertSame($comment->getId(), $jsonData['commentId']); self::assertSame($update['body'], $jsonData['body']); self::assertSame($update['lang'], $jsonData['lang']); self::assertSame($update['isAdult'], $jsonData['isAdult']); self::assertSame(5, $jsonData['childCount']); $depth = 0; $current = $jsonData; while (\count($current['children']) > 0) { self::assertIsArray($current['children'][0]); self::assertArrayKeysMatch(self::ENTRY_COMMENT_RESPONSE_KEYS, $current['children'][0]); ++$depth; $current = $current['children'][0]; } self::assertSame(2, $depth); } } ================================================ FILE: tests/Functional/Controller/Api/Entry/Comment/EntryCommentVoteApiTest.php ================================================ getEntryByTitle('an entry', body: 'test'); $comment = $this->createEntryComment('test comment', $entry); $this->client->request('PUT', "/api/comments/{$comment->getId()}/vote/1"); self::assertResponseStatusCodeSame(401); } public function testApiCannotUpvoteCommentWithoutScope(): void { $user = $this->getUserByUsername('user'); $entry = $this->getEntryByTitle('an entry', body: 'test'); $comment = $this->createEntryComment('test comment', $entry, $user); self::createOAuth2AuthCodeClient(); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('PUT', "/api/comments/{$comment->getId()}/vote/1", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); } public function testApiCanUpvoteComment(): void { $user = $this->getUserByUsername('user'); $entry = $this->getEntryByTitle('an entry', body: 'test'); $comment = $this->createEntryComment('test comment', $entry, $user); self::createOAuth2AuthCodeClient(); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read entry_comment:vote'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('PUT', "/api/comments/{$comment->getId()}/vote/1", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(200); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::ENTRY_COMMENT_RESPONSE_KEYS, $jsonData); self::assertSame(1, $jsonData['uv']); self::assertSame(0, $jsonData['dv']); self::assertSame(0, $jsonData['favourites']); self::assertSame(1, $jsonData['userVote']); self::assertFalse($jsonData['isFavourited']); } public function testApiCannotDownvoteCommentAnonymous(): void { $entry = $this->getEntryByTitle('an entry', body: 'test'); $comment = $this->createEntryComment('test comment', $entry); $this->client->request('PUT', "/api/comments/{$comment->getId()}/vote/-1"); self::assertResponseStatusCodeSame(401); } public function testApiCannotDownvoteCommentWithoutScope(): void { $user = $this->getUserByUsername('user'); $entry = $this->getEntryByTitle('an entry', body: 'test'); $comment = $this->createEntryComment('test comment', $entry, $user); self::createOAuth2AuthCodeClient(); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('PUT', "/api/comments/{$comment->getId()}/vote/-1", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); } public function testApiCanDownvoteComment(): void { $user = $this->getUserByUsername('user'); $entry = $this->getEntryByTitle('an entry', body: 'test'); $comment = $this->createEntryComment('test comment', $entry, $user); self::createOAuth2AuthCodeClient(); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read entry_comment:vote'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('PUT', "/api/comments/{$comment->getId()}/vote/-1", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(200); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::ENTRY_COMMENT_RESPONSE_KEYS, $jsonData); self::assertSame(0, $jsonData['uv']); self::assertSame(1, $jsonData['dv']); self::assertSame(0, $jsonData['favourites']); self::assertSame(-1, $jsonData['userVote']); self::assertFalse($jsonData['isFavourited']); } public function testApiCannotRemoveVoteCommentAnonymous(): void { $entry = $this->getEntryByTitle('an entry', body: 'test'); $comment = $this->createEntryComment('test comment', $entry); $voteManager = $this->voteManager; $voteManager->vote(1, $comment, $this->getUserByUsername('user'), rateLimit: false); $this->client->request('PUT', "/api/comments/{$comment->getId()}/vote/0"); self::assertResponseStatusCodeSame(401); } public function testApiCannotRemoveVoteCommentWithoutScope(): void { $user = $this->getUserByUsername('user'); $entry = $this->getEntryByTitle('an entry', body: 'test'); $comment = $this->createEntryComment('test comment', $entry, $user); $voteManager = $this->voteManager; $voteManager->vote(1, $comment, $user, rateLimit: false); self::createOAuth2AuthCodeClient(); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('PUT', "/api/comments/{$comment->getId()}/vote/0", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); } public function testApiCanRemoveVoteComment(): void { $user = $this->getUserByUsername('user'); $entry = $this->getEntryByTitle('an entry', body: 'test'); $comment = $this->createEntryComment('test comment', $entry, $user); $voteManager = $this->voteManager; $voteManager->vote(1, $comment, $user, rateLimit: false); self::createOAuth2AuthCodeClient(); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read entry_comment:vote'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('PUT', "/api/comments/{$comment->getId()}/vote/0", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(200); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::ENTRY_COMMENT_RESPONSE_KEYS, $jsonData); self::assertSame(0, $jsonData['uv']); self::assertSame(0, $jsonData['dv']); self::assertSame(0, $jsonData['favourites']); self::assertSame(0, $jsonData['userVote']); self::assertFalse($jsonData['isFavourited']); } public function testApiCannotFavouriteCommentAnonymous(): void { $entry = $this->getEntryByTitle('an entry', body: 'test'); $comment = $this->createEntryComment('test comment', $entry); $this->client->request('PUT', "/api/comments/{$comment->getId()}/favourite"); self::assertResponseStatusCodeSame(401); } public function testApiCannotFavouriteCommentWithoutScope(): void { $user = $this->getUserByUsername('user'); $entry = $this->getEntryByTitle('an entry', body: 'test'); $comment = $this->createEntryComment('test comment', $entry, $user); self::createOAuth2AuthCodeClient(); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('PUT', "/api/comments/{$comment->getId()}/favourite", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); } public function testApiCanFavouriteComment(): void { $user = $this->getUserByUsername('user'); $entry = $this->getEntryByTitle('an entry', body: 'test'); $comment = $this->createEntryComment('test comment', $entry, $user); self::createOAuth2AuthCodeClient(); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read entry_comment:vote'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('PUT', "/api/comments/{$comment->getId()}/favourite", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(200); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::ENTRY_COMMENT_RESPONSE_KEYS, $jsonData); self::assertSame(0, $jsonData['uv']); self::assertSame(0, $jsonData['dv']); self::assertSame(1, $jsonData['favourites']); self::assertSame(0, $jsonData['userVote']); self::assertTrue($jsonData['isFavourited']); } public function testApiCannotUnfavouriteCommentWithoutScope(): void { $user = $this->getUserByUsername('user'); $entry = $this->getEntryByTitle('an entry', body: 'test'); $comment = $this->createEntryComment('test comment', $entry, $user); $favouriteManager = $this->favouriteManager; $favouriteManager->toggle($user, $comment); self::createOAuth2AuthCodeClient(); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('PUT', "/api/comments/{$comment->getId()}/favourite", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); } public function testApiCanUnfavouriteComment(): void { $user = $this->getUserByUsername('user'); $entry = $this->getEntryByTitle('an entry', body: 'test'); $comment = $this->createEntryComment('test comment', $entry, $user); $favouriteManager = $this->favouriteManager; $favouriteManager->toggle($user, $comment); self::createOAuth2AuthCodeClient(); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read entry_comment:vote'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('PUT', "/api/comments/{$comment->getId()}/favourite", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(200); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::ENTRY_COMMENT_RESPONSE_KEYS, $jsonData); self::assertSame(0, $jsonData['uv']); self::assertSame(0, $jsonData['dv']); self::assertSame(0, $jsonData['favourites']); self::assertSame(0, $jsonData['userVote']); self::assertFalse($jsonData['isFavourited']); } } ================================================ FILE: tests/Functional/Controller/Api/Entry/Comment/EntryCommentsActivityApiTest.php ================================================ getUserByUsername('user'); $magazine = $this->getMagazineByNameNoRSAKey('acme'); $entry = $this->getEntryByTitle('test article', body: 'test for activites', user: $user, magazine: $magazine); $comment = $this->createEntryComment('test comment', $entry, $user); $this->client->jsonRequest('GET', "/api/comments/{$comment->getId()}/activity"); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(EntriesActivityApiTest::ACTIVITIES_RESPONSE_DTO_KEYS, $jsonData); self::assertSame([], $jsonData['boosts']); self::assertSame([], $jsonData['upvotes']); self::assertSame(null, $jsonData['downvotes']); } public function testUpvotes() { $author = $this->getUserByUsername('userA'); $user1 = $this->getUserByUsername('user1'); $user2 = $this->getUserByUsername('user2'); $this->getUserByUsername('user3'); $magazine = $this->getMagazineByNameNoRSAKey('acme'); $entry = $this->getEntryByTitle('test article', body: 'test for activites', user: $author, magazine: $magazine); $comment = $this->createEntryComment('test comment', $entry, $author); $this->favouriteManager->toggle($user1, $comment); $this->favouriteManager->toggle($user2, $comment); $this->client->jsonRequest('GET', "/api/comments/{$comment->getId()}/activity"); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(EntriesActivityApiTest::ACTIVITIES_RESPONSE_DTO_KEYS, $jsonData); self::assertSame([], $jsonData['boosts']); self::assertSame(null, $jsonData['downvotes']); self::assertCount(2, $jsonData['upvotes']); self::assertTrue(array_all($jsonData['upvotes'], function ($u) use ($user1, $user2) { /* @var UserSmallResponseDto $u */ return $u['userId'] === $user1->getId() || $u['userId'] === $user2->getId(); }), serialize($jsonData['upvotes'])); } public function testBoosts() { $author = $this->getUserByUsername('userA'); $user1 = $this->getUserByUsername('user1'); $user2 = $this->getUserByUsername('user2'); $this->getUserByUsername('user3'); $magazine = $this->getMagazineByNameNoRSAKey('acme'); $entry = $this->getEntryByTitle('test article', body: 'test for activites', user: $author, magazine: $magazine); $comment = $this->createEntryComment('test comment', $entry, $author); $this->voteManager->upvote($comment, $user1); $this->voteManager->upvote($comment, $user2); $this->client->jsonRequest('GET', "/api/comments/{$comment->getId()}/activity"); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(EntriesActivityApiTest::ACTIVITIES_RESPONSE_DTO_KEYS, $jsonData); self::assertSame([], $jsonData['upvotes']); self::assertSame(null, $jsonData['downvotes']); self::assertCount(2, $jsonData['boosts']); self::assertTrue(array_all($jsonData['boosts'], function ($u) use ($user1, $user2) { /* @var UserSmallResponseDto $u */ return $u['userId'] === $user1->getId() || $u['userId'] === $user2->getId(); }), serialize($jsonData['boosts'])); } } ================================================ FILE: tests/Functional/Controller/Api/Entry/Comment/Moderate/EntryCommentSetAdultApiTest.php ================================================ getEntryByTitle('an entry', body: 'test'); $comment = $this->createEntryComment('test comment', $entry); $this->client->jsonRequest('PUT', "/api/moderate/comment/{$comment->getId()}/adult/true"); self::assertResponseStatusCodeSame(401); } public function testApiCannotSetCommentAdultWithoutScope(): void { $user = $this->getUserByUsername('user'); $magazine = $this->getMagazineByName('acme'); $user2 = $this->getUserByUsername('user2'); $admin = $this->getUserByUsername('admin', isAdmin: true); $entry = $this->getEntryByTitle('an entry', body: 'test', magazine: $magazine); $comment = $this->createEntryComment('test comment', $entry, $user2); $magazineManager = $this->magazineManager; $moderator = new ModeratorDto($magazine); $moderator->user = $user; $moderator->addedBy = $admin; $magazineManager->addModerator($moderator); self::createOAuth2AuthCodeClient(); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->jsonRequest('PUT', "/api/moderate/comment/{$comment->getId()}/adult/true", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); } public function testApiNonModCannotSetCommentAdult(): void { $user = $this->getUserByUsername('user'); $user2 = $this->getUserByUsername('user2'); $entry = $this->getEntryByTitle('an entry', body: 'test'); $comment = $this->createEntryComment('test comment', $entry, $user2); self::createOAuth2AuthCodeClient(); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read moderate:entry_comment:set_adult'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->jsonRequest('PUT', "/api/moderate/comment/{$comment->getId()}/adult/true", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); } public function testApiCanSetCommentAdult(): void { $user = $this->getUserByUsername('user'); $magazine = $this->getMagazineByName('acme'); $user2 = $this->getUserByUsername('other'); $admin = $this->getUserByUsername('admin', isAdmin: true); $entry = $this->getEntryByTitle('an entry', body: 'test', magazine: $magazine); $comment = $this->createEntryComment('test comment', $entry, $user2); $magazineManager = $this->magazineManager; $moderator = new ModeratorDto($magazine); $moderator->user = $user; $moderator->addedBy = $admin; $magazineManager->addModerator($moderator); self::createOAuth2AuthCodeClient(); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read moderate:entry_comment:set_adult'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->jsonRequest('PUT', "/api/moderate/comment/{$comment->getId()}/adult/true", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(200); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::ENTRY_COMMENT_RESPONSE_KEYS, $jsonData); self::assertTrue($jsonData['isAdult']); } public function testApiCannotUnsetCommentAdultAnonymous(): void { $entry = $this->getEntryByTitle('an entry', body: 'test'); $comment = $this->createEntryComment('test comment', $entry); $entityManager = $this->entityManager; $comment->isAdult = true; $entityManager->persist($comment); $entityManager->flush(); $this->client->jsonRequest('PUT', "/api/moderate/comment/{$comment->getId()}/adult/false"); self::assertResponseStatusCodeSame(401); } public function testApiCannotUnsetCommentAdultWithoutScope(): void { $user = $this->getUserByUsername('user'); $magazine = $this->getMagazineByName('acme'); $user2 = $this->getUserByUsername('user2'); $admin = $this->getUserByUsername('admin', isAdmin: true); $entry = $this->getEntryByTitle('an entry', body: 'test', magazine: $magazine); $comment = $this->createEntryComment('test comment', $entry, $user2); $magazineManager = $this->magazineManager; $moderator = new ModeratorDto($magazine); $moderator->user = $user; $moderator->addedBy = $admin; $magazineManager->addModerator($moderator); $entityManager = $this->entityManager; $comment->isAdult = true; $entityManager->persist($comment); $entityManager->flush(); self::createOAuth2AuthCodeClient(); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->jsonRequest('PUT', "/api/moderate/comment/{$comment->getId()}/adult/false", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); } public function testApiNonModCannotUnsetCommentAdult(): void { $user = $this->getUserByUsername('user'); $user2 = $this->getUserByUsername('user2'); $entry = $this->getEntryByTitle('an entry', body: 'test'); $comment = $this->createEntryComment('test comment', $entry, $user2); $entityManager = $this->entityManager; $comment->isAdult = true; $entityManager->persist($comment); $entityManager->flush(); self::createOAuth2AuthCodeClient(); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read moderate:entry_comment:set_adult'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->jsonRequest('PUT', "/api/moderate/comment/{$comment->getId()}/adult/false", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); } public function testApiCanUnsetCommentAdult(): void { $user = $this->getUserByUsername('user'); $magazine = $this->getMagazineByName('acme'); $user2 = $this->getUserByUsername('other'); $admin = $this->getUserByUsername('admin', isAdmin: true); $entry = $this->getEntryByTitle('an entry', body: 'test', magazine: $magazine); $comment = $this->createEntryComment('test comment', $entry, $user2); $magazineManager = $this->magazineManager; $moderator = new ModeratorDto($magazine); $moderator->user = $user; $moderator->addedBy = $admin; $magazineManager->addModerator($moderator); $entityManager = $this->entityManager; $comment->isAdult = true; $entityManager->persist($comment); $entityManager->flush(); $commentRepository = $this->entryCommentRepository; self::createOAuth2AuthCodeClient(); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read moderate:entry_comment:set_adult'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->jsonRequest('PUT', "/api/moderate/comment/{$comment->getId()}/adult/false", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(200); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::ENTRY_COMMENT_RESPONSE_KEYS, $jsonData); self::assertFalse($jsonData['isAdult']); $comment = $commentRepository->find($comment->getId()); self::assertFalse($comment->isAdult); } } ================================================ FILE: tests/Functional/Controller/Api/Entry/Comment/Moderate/EntryCommentSetLanguageApiTest.php ================================================ getEntryByTitle('an entry', body: 'test'); $comment = $this->createEntryComment('test comment', $entry); $this->client->jsonRequest('PUT', "/api/moderate/comment/{$comment->getId()}/de"); self::assertResponseStatusCodeSame(401); } public function testApiCannotSetCommentLanguageWithoutScope(): void { $user = $this->getUserByUsername('user'); $magazine = $this->getMagazineByName('acme'); $user2 = $this->getUserByUsername('user2'); $admin = $this->getUserByUsername('admin', isAdmin: true); $entry = $this->getEntryByTitle('an entry', body: 'test', magazine: $magazine); $comment = $this->createEntryComment('test comment', $entry, $user2); $magazineManager = $this->magazineManager; $moderator = new ModeratorDto($magazine); $moderator->user = $user; $moderator->addedBy = $admin; $magazineManager->addModerator($moderator); self::createOAuth2AuthCodeClient(); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->jsonRequest('PUT', "/api/moderate/comment/{$comment->getId()}/de", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); } public function testApiNonModCannotSetCommentLanguage(): void { $user = $this->getUserByUsername('user'); $user2 = $this->getUserByUsername('user2'); $entry = $this->getEntryByTitle('an entry', body: 'test'); $comment = $this->createEntryComment('test comment', $entry, $user2); self::createOAuth2AuthCodeClient(); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read moderate:entry_comment:language'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->jsonRequest('PUT', "/api/moderate/comment/{$comment->getId()}/de", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); } public function testApiCanSetCommentLanguage(): void { $user = $this->getUserByUsername('user'); $magazine = $this->getMagazineByName('acme'); $user2 = $this->getUserByUsername('other'); $admin = $this->getUserByUsername('admin', isAdmin: true); $entry = $this->getEntryByTitle('an entry', body: 'test', magazine: $magazine); $comment = $this->createEntryComment('test comment', $entry, $user2); $magazineManager = $this->magazineManager; $moderator = new ModeratorDto($magazine); $moderator->user = $user; $moderator->addedBy = $admin; $magazineManager->addModerator($moderator); self::createOAuth2AuthCodeClient(); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read moderate:entry_comment:language'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->jsonRequest('PUT', "/api/moderate/comment/{$comment->getId()}/de", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(200); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::ENTRY_COMMENT_RESPONSE_KEYS, $jsonData); self::assertSame($comment->getId(), $jsonData['commentId']); self::assertSame('test comment', $jsonData['body']); self::assertSame('de', $jsonData['lang']); } } ================================================ FILE: tests/Functional/Controller/Api/Entry/Comment/Moderate/EntryCommentTrashApiTest.php ================================================ getEntryByTitle('an entry', body: 'test'); $comment = $this->createEntryComment('test comment', $entry); $this->client->jsonRequest('PUT', "/api/moderate/comment/{$comment->getId()}/trash"); self::assertResponseStatusCodeSame(401); } public function testApiCannotTrashCommentWithoutScope(): void { $user = $this->getUserByUsername('user'); $magazine = $this->getMagazineByName('acme'); $user2 = $this->getUserByUsername('user2'); $admin = $this->getUserByUsername('admin', isAdmin: true); $entry = $this->getEntryByTitle('an entry', body: 'test', magazine: $magazine); $comment = $this->createEntryComment('test comment', $entry, $user2); $magazineManager = $this->magazineManager; $moderator = new ModeratorDto($magazine); $moderator->user = $user; $moderator->addedBy = $admin; $magazineManager->addModerator($moderator); self::createOAuth2AuthCodeClient(); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->jsonRequest('PUT', "/api/moderate/comment/{$comment->getId()}/trash", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); } public function testApiNonModCannotTrashComment(): void { $user = $this->getUserByUsername('user'); $user2 = $this->getUserByUsername('user2'); $entry = $this->getEntryByTitle('an entry', body: 'test'); $comment = $this->createEntryComment('test comment', $entry, $user2); self::createOAuth2AuthCodeClient(); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read moderate:entry_comment:trash'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->jsonRequest('PUT', "/api/moderate/comment/{$comment->getId()}/trash", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); } public function testApiCanTrashComment(): void { $user = $this->getUserByUsername('user'); $magazine = $this->getMagazineByName('acme'); $user2 = $this->getUserByUsername('other'); $admin = $this->getUserByUsername('admin', isAdmin: true); $entry = $this->getEntryByTitle('an entry', body: 'test', magazine: $magazine); $comment = $this->createEntryComment('test comment', $entry, $user2); $magazineManager = $this->magazineManager; $moderator = new ModeratorDto($magazine); $moderator->user = $user; $moderator->addedBy = $admin; $magazineManager->addModerator($moderator); self::createOAuth2AuthCodeClient(); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read moderate:entry_comment:trash'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->jsonRequest('PUT', "/api/moderate/comment/{$comment->getId()}/trash", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(200); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::ENTRY_COMMENT_RESPONSE_KEYS, $jsonData); self::assertSame($comment->getId(), $jsonData['commentId']); self::assertSame('test comment', $jsonData['body']); self::assertSame('trashed', $jsonData['visibility']); } public function testApiCannotRestoreCommentAnonymous(): void { $entry = $this->getEntryByTitle('an entry', body: 'test'); $comment = $this->createEntryComment('test comment', $entry); $entryCommentManager = $this->entryCommentManager; $entryCommentManager->trash($this->getUserByUsername('user'), $comment); $this->client->jsonRequest('PUT', "/api/moderate/comment/{$comment->getId()}/restore"); self::assertResponseStatusCodeSame(401); } public function testApiCannotRestoreCommentWithoutScope(): void { $user = $this->getUserByUsername('user'); $user2 = $this->getUserByUsername('user2'); $entry = $this->getEntryByTitle('an entry', body: 'test'); $comment = $this->createEntryComment('test comment', $entry, $user2); $entryCommentManager = $this->entryCommentManager; $entryCommentManager->trash($user, $comment); self::createOAuth2AuthCodeClient(); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->jsonRequest('PUT', "/api/moderate/comment/{$comment->getId()}/restore", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); } public function testApiNonModCannotRestoreComment(): void { $user = $this->getUserByUsername('user'); $user2 = $this->getUserByUsername('user2'); $entry = $this->getEntryByTitle('an entry', body: 'test'); $comment = $this->createEntryComment('test comment', $entry, $user2); $entryCommentManager = $this->entryCommentManager; $entryCommentManager->trash($user, $comment); self::createOAuth2AuthCodeClient(); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read moderate:entry_comment:trash'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->jsonRequest('PUT', "/api/moderate/comment/{$comment->getId()}/restore", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); } public function testApiCanRestoreComment(): void { $user = $this->getUserByUsername('user'); $magazine = $this->getMagazineByName('acme'); $user2 = $this->getUserByUsername('other'); $admin = $this->getUserByUsername('admin', isAdmin: true); $entry = $this->getEntryByTitle('an entry', body: 'test', magazine: $magazine); $comment = $this->createEntryComment('test comment', $entry, $user2); $magazineManager = $this->magazineManager; $moderator = new ModeratorDto($magazine); $moderator->user = $user; $moderator->addedBy = $admin; $magazineManager->addModerator($moderator); $entryCommentManager = $this->entryCommentManager; $entryCommentManager->trash($user, $comment); self::createOAuth2AuthCodeClient(); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read moderate:entry_comment:trash'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->jsonRequest('PUT', "/api/moderate/comment/{$comment->getId()}/restore", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(200); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::ENTRY_COMMENT_RESPONSE_KEYS, $jsonData); self::assertSame($comment->getId(), $jsonData['commentId']); self::assertSame('test comment', $jsonData['body']); self::assertSame('visible', $jsonData['visibility']); } } ================================================ FILE: tests/Functional/Controller/Api/Entry/Comment/UserEntryCommentRetrieveApiTest.php ================================================ getEntryByTitle('an entry', body: 'test'); $magazine = $this->getMagazineByNameNoRSAKey('somemag'); $entry = $this->getEntryByTitle('another entry', url: 'https://google.com', magazine: $magazine); $comment = $this->createEntryComment('test comment', $entry); $user = $entry->user; $this->client->request('GET', "/api/users/{$user->getId()}/comments"); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::PAGINATED_KEYS, $jsonData); self::assertIsArray($jsonData['items']); self::assertCount(1, $jsonData['items']); self::assertIsArray($jsonData['pagination']); self::assertArrayKeysMatch(self::PAGINATION_KEYS, $jsonData['pagination']); self::assertSame(1, $jsonData['pagination']['count']); self::assertIsArray($jsonData['items'][0]); self::assertArrayKeysMatch(self::ENTRY_COMMENT_RESPONSE_KEYS, $jsonData['items'][0]); self::assertEquals('test comment', $jsonData['items'][0]['body']); self::assertIsArray($jsonData['items'][0]['magazine']); self::assertArrayKeysMatch(self::MAGAZINE_SMALL_RESPONSE_KEYS, $jsonData['items'][0]['magazine']); self::assertSame($magazine->getId(), $jsonData['items'][0]['magazine']['magazineId']); self::assertSame(0, $jsonData['items'][0]['childCount']); self::assertIsArray($jsonData['items'][0]['children']); self::assertEmpty($jsonData['items'][0]['children']); self::assertSame($comment->getId(), $jsonData['items'][0]['commentId']); self::assertSame($entry->getId(), $jsonData['items'][0]['entryId']); } public function testApiCanGetUserEntryComments(): void { $this->getEntryByTitle('an entry', body: 'test'); $magazine = $this->getMagazineByNameNoRSAKey('somemag'); $entry = $this->getEntryByTitle('another entry', url: 'https://google.com', magazine: $magazine); $comment = $this->createEntryComment('test comment', $entry); $user = $entry->user; self::createOAuth2AuthCodeClient(); $this->client->loginUser($this->getUserByUsername('user')); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('GET', "/api/users/{$user->getId()}/comments", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::PAGINATED_KEYS, $jsonData); self::assertIsArray($jsonData['items']); self::assertCount(1, $jsonData['items']); self::assertIsArray($jsonData['pagination']); self::assertArrayKeysMatch(self::PAGINATION_KEYS, $jsonData['pagination']); self::assertSame(1, $jsonData['pagination']['count']); self::assertIsArray($jsonData['items'][0]); self::assertArrayKeysMatch(self::ENTRY_COMMENT_RESPONSE_KEYS, $jsonData['items'][0]); self::assertEquals('test comment', $jsonData['items'][0]['body']); self::assertIsArray($jsonData['items'][0]['magazine']); self::assertArrayKeysMatch(self::MAGAZINE_SMALL_RESPONSE_KEYS, $jsonData['items'][0]['magazine']); self::assertSame($magazine->getId(), $jsonData['items'][0]['magazine']['magazineId']); self::assertSame(0, $jsonData['items'][0]['childCount']); self::assertIsArray($jsonData['items'][0]['children']); self::assertEmpty($jsonData['items'][0]['children']); self::assertSame($comment->getId(), $jsonData['items'][0]['commentId']); self::assertSame($entry->getId(), $jsonData['items'][0]['entryId']); } public function testApiCanGetUserEntryCommentsDepth(): void { $this->getEntryByTitle('an entry', body: 'test'); $magazine = $this->getMagazineByNameNoRSAKey('somemag'); $entry = $this->getEntryByTitle('another entry', url: 'https://google.com', magazine: $magazine); $comment = $this->createEntryComment('test comment', $entry); $nested1 = $this->createEntryComment('test comment nested 1', $entry, parent: $comment); $nested2 = $this->createEntryComment('test comment nested 2', $entry, parent: $nested1); $nested3 = $this->createEntryComment('test comment nested 3', $entry, parent: $nested2); $user = $entry->user; self::createOAuth2AuthCodeClient(); $this->client->loginUser($this->getUserByUsername('user')); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('GET', "/api/users/{$user->getId()}/comments?d=2", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::PAGINATED_KEYS, $jsonData); self::assertIsArray($jsonData['items']); self::assertCount(4, $jsonData['items']); self::assertIsArray($jsonData['pagination']); self::assertArrayKeysMatch(self::PAGINATION_KEYS, $jsonData['pagination']); self::assertSame(4, $jsonData['pagination']['count']); foreach ($jsonData['items'] as $comment) { self::assertIsArray($comment); self::assertArrayKeysMatch(self::ENTRY_COMMENT_RESPONSE_KEYS, $comment); self::assertTrue(\count($comment['children']) <= 1); $depth = 0; $current = $comment; while (\count($current['children']) > 0) { ++$depth; $current = $current['children'][0]; self::assertIsArray($current); self::assertArrayKeysMatch(self::ENTRY_COMMENT_RESPONSE_KEYS, $current); } self::assertTrue($depth <= 2); } } public function testApiCanGetUserEntryCommentsNewest(): void { $entry = $this->getEntryByTitle('entry', url: 'https://google.com'); $first = $this->createEntryComment('first', $entry); $second = $this->createEntryComment('second', $entry); $third = $this->createEntryComment('third', $entry); $user = $entry->user; $first->createdAt = new \DateTimeImmutable('-1 hour'); $second->createdAt = new \DateTimeImmutable('-1 second'); $third->createdAt = new \DateTimeImmutable(); $entityManager = $this->entityManager; $entityManager->persist($first); $entityManager->persist($second); $entityManager->persist($third); $entityManager->flush(); self::createOAuth2AuthCodeClient(); $this->client->loginUser($this->getUserByUsername('user')); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('GET', "/api/users/{$user->getId()}/comments?sort=newest", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::PAGINATED_KEYS, $jsonData); self::assertIsArray($jsonData['items']); self::assertCount(3, $jsonData['items']); self::assertIsArray($jsonData['pagination']); self::assertArrayKeysMatch(self::PAGINATION_KEYS, $jsonData['pagination']); self::assertSame(3, $jsonData['pagination']['count']); self::assertIsArray($jsonData['items'][0]); self::assertArrayKeysMatch(self::ENTRY_COMMENT_RESPONSE_KEYS, $jsonData['items'][0]); self::assertSame($third->getId(), $jsonData['items'][0]['commentId']); self::assertIsArray($jsonData['items'][1]); self::assertArrayKeysMatch(self::ENTRY_COMMENT_RESPONSE_KEYS, $jsonData['items'][1]); self::assertSame($second->getId(), $jsonData['items'][1]['commentId']); self::assertIsArray($jsonData['items'][2]); self::assertArrayKeysMatch(self::ENTRY_COMMENT_RESPONSE_KEYS, $jsonData['items'][2]); self::assertSame($first->getId(), $jsonData['items'][2]['commentId']); } public function testApiCanGetUserEntryCommentsOldest(): void { $entry = $this->getEntryByTitle('entry', url: 'https://google.com'); $first = $this->createEntryComment('first', $entry); $second = $this->createEntryComment('second', $entry); $third = $this->createEntryComment('third', $entry); $user = $entry->user; $first->createdAt = new \DateTimeImmutable('-1 hour'); $second->createdAt = new \DateTimeImmutable('-1 second'); $third->createdAt = new \DateTimeImmutable(); $entityManager = $this->entityManager; $entityManager->persist($first); $entityManager->persist($second); $entityManager->persist($third); $entityManager->flush(); self::createOAuth2AuthCodeClient(); $this->client->loginUser($this->getUserByUsername('user')); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('GET', "/api/users/{$user->getId()}/comments?sort=oldest", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::PAGINATED_KEYS, $jsonData); self::assertIsArray($jsonData['items']); self::assertCount(3, $jsonData['items']); self::assertIsArray($jsonData['pagination']); self::assertArrayKeysMatch(self::PAGINATION_KEYS, $jsonData['pagination']); self::assertSame(3, $jsonData['pagination']['count']); self::assertIsArray($jsonData['items'][0]); self::assertArrayKeysMatch(self::ENTRY_COMMENT_RESPONSE_KEYS, $jsonData['items'][0]); self::assertSame($first->getId(), $jsonData['items'][0]['commentId']); self::assertIsArray($jsonData['items'][1]); self::assertArrayKeysMatch(self::ENTRY_COMMENT_RESPONSE_KEYS, $jsonData['items'][1]); self::assertSame($second->getId(), $jsonData['items'][1]['commentId']); self::assertIsArray($jsonData['items'][2]); self::assertArrayKeysMatch(self::ENTRY_COMMENT_RESPONSE_KEYS, $jsonData['items'][2]); self::assertSame($third->getId(), $jsonData['items'][2]['commentId']); } public function testApiCanGetUserEntryCommentsActive(): void { $entry = $this->getEntryByTitle('entry', url: 'https://google.com'); $first = $this->createEntryComment('first', $entry); $second = $this->createEntryComment('second', $entry); $third = $this->createEntryComment('third', $entry); $user = $entry->user; $first->lastActive = new \DateTime('-1 hour'); $second->lastActive = new \DateTime('-1 second'); $third->lastActive = new \DateTime(); $entityManager = $this->entityManager; $entityManager->persist($first); $entityManager->persist($second); $entityManager->persist($third); $entityManager->flush(); self::createOAuth2AuthCodeClient(); $this->client->loginUser($this->getUserByUsername('user')); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('GET', "/api/users/{$user->getId()}/comments?sort=active", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::PAGINATED_KEYS, $jsonData); self::assertIsArray($jsonData['items']); self::assertCount(3, $jsonData['items']); self::assertIsArray($jsonData['pagination']); self::assertArrayKeysMatch(self::PAGINATION_KEYS, $jsonData['pagination']); self::assertSame(3, $jsonData['pagination']['count']); self::assertIsArray($jsonData['items'][0]); self::assertArrayKeysMatch(self::ENTRY_COMMENT_RESPONSE_KEYS, $jsonData['items'][0]); self::assertSame($third->getId(), $jsonData['items'][0]['commentId']); self::assertIsArray($jsonData['items'][1]); self::assertArrayKeysMatch(self::ENTRY_COMMENT_RESPONSE_KEYS, $jsonData['items'][1]); self::assertSame($second->getId(), $jsonData['items'][1]['commentId']); self::assertIsArray($jsonData['items'][2]); self::assertArrayKeysMatch(self::ENTRY_COMMENT_RESPONSE_KEYS, $jsonData['items'][2]); self::assertSame($first->getId(), $jsonData['items'][2]['commentId']); } public function testApiCanGetUserEntryCommentsTop(): void { $entry = $this->getEntryByTitle('entry', url: 'https://google.com'); $first = $this->createEntryComment('first', $entry); $second = $this->createEntryComment('second', $entry); $third = $this->createEntryComment('third', $entry); $user = $entry->user; $favouriteManager = $this->favouriteManager; $favouriteManager->toggle($this->getUserByUsername('voter1'), $first); $favouriteManager->toggle($this->getUserByUsername('voter2'), $first); $favouriteManager->toggle($this->getUserByUsername('voter1'), $second); self::createOAuth2AuthCodeClient(); $this->client->loginUser($this->getUserByUsername('user')); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('GET', "/api/users/{$user->getId()}/comments?sort=top", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::PAGINATED_KEYS, $jsonData); self::assertIsArray($jsonData['items']); self::assertCount(3, $jsonData['items']); self::assertIsArray($jsonData['pagination']); self::assertArrayKeysMatch(self::PAGINATION_KEYS, $jsonData['pagination']); self::assertSame(3, $jsonData['pagination']['count']); self::assertIsArray($jsonData['items'][0]); self::assertArrayKeysMatch(self::ENTRY_COMMENT_RESPONSE_KEYS, $jsonData['items'][0]); self::assertSame($first->getId(), $jsonData['items'][0]['commentId']); self::assertSame(2, $jsonData['items'][0]['favourites']); self::assertIsArray($jsonData['items'][1]); self::assertArrayKeysMatch(self::ENTRY_COMMENT_RESPONSE_KEYS, $jsonData['items'][1]); self::assertSame($second->getId(), $jsonData['items'][1]['commentId']); self::assertSame(1, $jsonData['items'][1]['favourites']); self::assertIsArray($jsonData['items'][2]); self::assertArrayKeysMatch(self::ENTRY_COMMENT_RESPONSE_KEYS, $jsonData['items'][2]); self::assertSame($third->getId(), $jsonData['items'][2]['commentId']); self::assertSame(0, $jsonData['items'][2]['favourites']); } public function testApiCanGetUserEntryCommentsHot(): void { $entry = $this->getEntryByTitle('entry', url: 'https://google.com'); $first = $this->createEntryComment('first', $entry); $second = $this->createEntryComment('second', $entry); $third = $this->createEntryComment('third', $entry); $user = $entry->user; $voteManager = $this->voteManager; $voteManager->vote(1, $first, $this->getUserByUsername('voter1'), rateLimit: false); $voteManager->vote(1, $first, $this->getUserByUsername('voter2'), rateLimit: false); $voteManager->vote(1, $second, $this->getUserByUsername('voter1'), rateLimit: false); self::createOAuth2AuthCodeClient(); $this->client->loginUser($this->getUserByUsername('user')); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('GET', "/api/users/{$user->getId()}/comments?sort=hot", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::PAGINATED_KEYS, $jsonData); self::assertIsArray($jsonData['items']); self::assertCount(3, $jsonData['items']); self::assertIsArray($jsonData['pagination']); self::assertArrayKeysMatch(self::PAGINATION_KEYS, $jsonData['pagination']); self::assertSame(3, $jsonData['pagination']['count']); self::assertIsArray($jsonData['items'][0]); self::assertArrayKeysMatch(self::ENTRY_COMMENT_RESPONSE_KEYS, $jsonData['items'][0]); self::assertSame($first->getId(), $jsonData['items'][0]['commentId']); self::assertSame(2, $jsonData['items'][0]['uv']); self::assertIsArray($jsonData['items'][1]); self::assertArrayKeysMatch(self::ENTRY_COMMENT_RESPONSE_KEYS, $jsonData['items'][1]); self::assertSame($second->getId(), $jsonData['items'][1]['commentId']); self::assertSame(1, $jsonData['items'][1]['uv']); self::assertIsArray($jsonData['items'][2]); self::assertArrayKeysMatch(self::ENTRY_COMMENT_RESPONSE_KEYS, $jsonData['items'][2]); self::assertSame($third->getId(), $jsonData['items'][2]['commentId']); self::assertSame(0, $jsonData['items'][2]['uv']); } public function testApiCanGetUserEntryCommentsWithUserVoteStatus(): void { $this->getEntryByTitle('an entry', body: 'test'); $magazine = $this->getMagazineByNameNoRSAKey('somemag'); $entry = $this->getEntryByTitle('another entry', url: 'https://google.com', magazine: $magazine); $comment = $this->createEntryComment('test comment', $entry); $user = $entry->user; self::createOAuth2AuthCodeClient(); $this->client->loginUser($this->getUserByUsername('user')); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read vote'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('GET', "/api/users/{$user->getId()}/comments", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::PAGINATED_KEYS, $jsonData); self::assertIsArray($jsonData['items']); self::assertCount(1, $jsonData['items']); self::assertIsArray($jsonData['pagination']); self::assertArrayKeysMatch(self::PAGINATION_KEYS, $jsonData['pagination']); self::assertSame(1, $jsonData['pagination']['count']); self::assertIsArray($jsonData['items'][0]); self::assertArrayKeysMatch(self::ENTRY_COMMENT_RESPONSE_KEYS, $jsonData['items'][0]); self::assertSame($comment->getId(), $jsonData['items'][0]['commentId']); self::assertSame($entry->getId(), $jsonData['items'][0]['entryId']); self::assertEquals('test comment', $jsonData['items'][0]['body']); self::assertIsArray($jsonData['items'][0]['magazine']); self::assertArrayKeysMatch(self::MAGAZINE_SMALL_RESPONSE_KEYS, $jsonData['items'][0]['magazine']); self::assertSame($magazine->getId(), $jsonData['items'][0]['magazine']['magazineId']); self::assertIsArray($jsonData['items'][0]['user']); self::assertArrayKeysMatch(self::USER_SMALL_RESPONSE_KEYS, $jsonData['items'][0]['user']); if (null !== $jsonData['items'][0]['image']) { self::assertStringContainsString('google.com', parse_url($jsonData['items'][0]['image']['sourceUrl'], PHP_URL_HOST)); } self::assertEquals('en', $jsonData['items'][0]['lang']); self::assertEmpty($jsonData['items'][0]['tags']); self::assertSame(0, $jsonData['items'][0]['childCount']); self::assertIsArray($jsonData['items'][0]['children']); self::assertEmpty($jsonData['items'][0]['children']); self::assertSame(0, $jsonData['items'][0]['uv']); self::assertSame(0, $jsonData['items'][0]['dv']); self::assertSame(0, $jsonData['items'][0]['favourites']); self::assertFalse($jsonData['items'][0]['isFavourited']); self::assertSame(0, $jsonData['items'][0]['userVote']); self::assertFalse($jsonData['items'][0]['isAdult']); self::assertStringMatchesFormat('%d-%d-%dT%d:%d:%d%i:00', $jsonData['items'][0]['createdAt'], 'createdAt date format invalid'); self::assertNull($jsonData['items'][0]['editedAt']); self::assertStringMatchesFormat('%d-%d-%dT%d:%d:%d%i:00', $jsonData['items'][0]['lastActive'], 'lastActive date format invalid'); self::assertNull($jsonData['items'][0]['apId']); } } ================================================ FILE: tests/Functional/Controller/Api/Entry/DomainEntryRetrieveApiTest.php ================================================ getEntryByTitle('an entry', body: 'test'); $magazine = $this->getMagazineByNameNoRSAKey('somemag'); $entry = $this->getEntryByTitle('another entry', url: 'https://google.com', magazine: $magazine); $domain = $entry->domain; $this->client->request('GET', "/api/domain/{$domain->getId()}/entries"); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::PAGINATED_KEYS, $jsonData); self::assertIsArray($jsonData['items']); self::assertCount(1, $jsonData['items']); self::assertIsArray($jsonData['pagination']); self::assertArrayKeysMatch(self::PAGINATION_KEYS, $jsonData['pagination']); self::assertSame(1, $jsonData['pagination']['count']); self::assertIsArray($jsonData['items'][0]); self::assertArrayKeysMatch(self::ENTRY_RESPONSE_KEYS, $jsonData['items'][0]); self::assertEquals('another entry', $jsonData['items'][0]['title']); self::assertIsArray($jsonData['items'][0]['magazine']); self::assertArrayKeysMatch(self::MAGAZINE_SMALL_RESPONSE_KEYS, $jsonData['items'][0]['magazine']); self::assertSame($magazine->getId(), $jsonData['items'][0]['magazine']['magazineId']); self::assertEquals('link', $jsonData['items'][0]['type']); self::assertSame(0, $jsonData['items'][0]['numComments']); self::assertNull($jsonData['items'][0]['crosspostedEntries']); } public function testApiCanGetDomainEntries(): void { $this->getEntryByTitle('an entry', body: 'test'); $magazine = $this->getMagazineByNameNoRSAKey('somemag'); $entry = $this->getEntryByTitle('another entry', url: 'https://google.com', magazine: $magazine); $domain = $entry->domain; self::createOAuth2AuthCodeClient(); $this->client->loginUser($this->getUserByUsername('user')); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('GET', "/api/domain/{$domain->getId()}/entries", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::PAGINATED_KEYS, $jsonData); self::assertIsArray($jsonData['items']); self::assertCount(1, $jsonData['items']); self::assertIsArray($jsonData['pagination']); self::assertArrayKeysMatch(self::PAGINATION_KEYS, $jsonData['pagination']); self::assertSame(1, $jsonData['pagination']['count']); self::assertIsArray($jsonData['items'][0]); self::assertArrayKeysMatch(self::ENTRY_RESPONSE_KEYS, $jsonData['items'][0]); self::assertEquals('another entry', $jsonData['items'][0]['title']); self::assertIsArray($jsonData['items'][0]['magazine']); self::assertArrayKeysMatch(self::MAGAZINE_SMALL_RESPONSE_KEYS, $jsonData['items'][0]['magazine']); self::assertSame($magazine->getId(), $jsonData['items'][0]['magazine']['magazineId']); self::assertEquals('link', $jsonData['items'][0]['type']); self::assertSame(0, $jsonData['items'][0]['numComments']); self::assertNull($jsonData['items'][0]['crosspostedEntries']); } public function testApiCanGetDomainEntriesNewest(): void { $first = $this->getEntryByTitle('first', url: 'https://google.com'); $second = $this->getEntryByTitle('second', url: 'https://google.com'); $third = $this->getEntryByTitle('third', url: 'https://google.com'); $domain = $first->domain; $first->createdAt = new \DateTimeImmutable('-1 hour'); $second->createdAt = new \DateTimeImmutable('-1 second'); $third->createdAt = new \DateTimeImmutable(); $entityManager = $this->entityManager; $entityManager->persist($first); $entityManager->persist($second); $entityManager->persist($third); $entityManager->flush(); self::createOAuth2AuthCodeClient(); $this->client->loginUser($this->getUserByUsername('user')); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('GET', "/api/domain/{$domain->getId()}/entries?sort=newest", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::PAGINATED_KEYS, $jsonData); self::assertIsArray($jsonData['items']); self::assertCount(3, $jsonData['items']); self::assertIsArray($jsonData['pagination']); self::assertArrayKeysMatch(self::PAGINATION_KEYS, $jsonData['pagination']); self::assertSame(3, $jsonData['pagination']['count']); self::assertIsArray($jsonData['items'][0]); self::assertArrayKeysMatch(self::ENTRY_RESPONSE_KEYS, $jsonData['items'][0]); self::assertSame($third->getId(), $jsonData['items'][0]['entryId']); self::assertIsArray($jsonData['items'][1]); self::assertArrayKeysMatch(self::ENTRY_RESPONSE_KEYS, $jsonData['items'][1]); self::assertSame($second->getId(), $jsonData['items'][1]['entryId']); self::assertIsArray($jsonData['items'][2]); self::assertArrayKeysMatch(self::ENTRY_RESPONSE_KEYS, $jsonData['items'][2]); self::assertSame($first->getId(), $jsonData['items'][2]['entryId']); } public function testApiCanGetDomainEntriesOldest(): void { $first = $this->getEntryByTitle('first', url: 'https://google.com'); $second = $this->getEntryByTitle('second', url: 'https://google.com'); $third = $this->getEntryByTitle('third', url: 'https://google.com'); $domain = $first->domain; $first->createdAt = new \DateTimeImmutable('-1 hour'); $second->createdAt = new \DateTimeImmutable('-1 second'); $third->createdAt = new \DateTimeImmutable(); $entityManager = $this->entityManager; $entityManager->persist($first); $entityManager->persist($second); $entityManager->persist($third); $entityManager->flush(); self::createOAuth2AuthCodeClient(); $this->client->loginUser($this->getUserByUsername('user')); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('GET', "/api/domain/{$domain->getId()}/entries?sort=oldest", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::PAGINATED_KEYS, $jsonData); self::assertIsArray($jsonData['items']); self::assertCount(3, $jsonData['items']); self::assertIsArray($jsonData['pagination']); self::assertArrayKeysMatch(self::PAGINATION_KEYS, $jsonData['pagination']); self::assertSame(3, $jsonData['pagination']['count']); self::assertIsArray($jsonData['items'][0]); self::assertArrayKeysMatch(self::ENTRY_RESPONSE_KEYS, $jsonData['items'][0]); self::assertSame($first->getId(), $jsonData['items'][0]['entryId']); self::assertIsArray($jsonData['items'][1]); self::assertArrayKeysMatch(self::ENTRY_RESPONSE_KEYS, $jsonData['items'][1]); self::assertSame($second->getId(), $jsonData['items'][1]['entryId']); self::assertIsArray($jsonData['items'][2]); self::assertArrayKeysMatch(self::ENTRY_RESPONSE_KEYS, $jsonData['items'][2]); self::assertSame($third->getId(), $jsonData['items'][2]['entryId']); } public function testApiCanGetDomainEntriesCommented(): void { $first = $this->getEntryByTitle('first', url: 'https://google.com'); $this->createEntryComment('comment 1', $first); $this->createEntryComment('comment 2', $first); $second = $this->getEntryByTitle('second', url: 'https://google.com'); $this->createEntryComment('comment 1', $second); $third = $this->getEntryByTitle('third', url: 'https://google.com'); $domain = $first->domain; self::createOAuth2AuthCodeClient(); $this->client->loginUser($this->getUserByUsername('user')); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('GET', "/api/domain/{$domain->getId()}/entries?sort=commented", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::PAGINATED_KEYS, $jsonData); self::assertIsArray($jsonData['items']); self::assertCount(3, $jsonData['items']); self::assertIsArray($jsonData['pagination']); self::assertArrayKeysMatch(self::PAGINATION_KEYS, $jsonData['pagination']); self::assertSame(3, $jsonData['pagination']['count']); self::assertIsArray($jsonData['items'][0]); self::assertArrayKeysMatch(self::ENTRY_RESPONSE_KEYS, $jsonData['items'][0]); self::assertSame($first->getId(), $jsonData['items'][0]['entryId']); self::assertSame(2, $jsonData['items'][0]['numComments']); self::assertIsArray($jsonData['items'][1]); self::assertArrayKeysMatch(self::ENTRY_RESPONSE_KEYS, $jsonData['items'][1]); self::assertSame($second->getId(), $jsonData['items'][1]['entryId']); self::assertSame(1, $jsonData['items'][1]['numComments']); self::assertIsArray($jsonData['items'][2]); self::assertArrayKeysMatch(self::ENTRY_RESPONSE_KEYS, $jsonData['items'][2]); self::assertSame($third->getId(), $jsonData['items'][2]['entryId']); self::assertSame(0, $jsonData['items'][2]['numComments']); } public function testApiCanGetDomainEntriesActive(): void { $first = $this->getEntryByTitle('first', url: 'https://google.com'); $second = $this->getEntryByTitle('second', url: 'https://google.com'); $third = $this->getEntryByTitle('third', url: 'https://google.com'); $domain = $first->domain; $first->lastActive = new \DateTime('-1 hour'); $second->lastActive = new \DateTime('-1 second'); $third->lastActive = new \DateTime(); $entityManager = $this->entityManager; $entityManager->persist($first); $entityManager->persist($second); $entityManager->persist($third); $entityManager->flush(); self::createOAuth2AuthCodeClient(); $this->client->loginUser($this->getUserByUsername('user')); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('GET', "/api/domain/{$domain->getId()}/entries?sort=active", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::PAGINATED_KEYS, $jsonData); self::assertIsArray($jsonData['items']); self::assertCount(3, $jsonData['items']); self::assertIsArray($jsonData['pagination']); self::assertArrayKeysMatch(self::PAGINATION_KEYS, $jsonData['pagination']); self::assertSame(3, $jsonData['pagination']['count']); self::assertIsArray($jsonData['items'][0]); self::assertArrayKeysMatch(self::ENTRY_RESPONSE_KEYS, $jsonData['items'][0]); self::assertSame($third->getId(), $jsonData['items'][0]['entryId']); self::assertIsArray($jsonData['items'][1]); self::assertArrayKeysMatch(self::ENTRY_RESPONSE_KEYS, $jsonData['items'][1]); self::assertSame($second->getId(), $jsonData['items'][1]['entryId']); self::assertIsArray($jsonData['items'][2]); self::assertArrayKeysMatch(self::ENTRY_RESPONSE_KEYS, $jsonData['items'][2]); self::assertSame($first->getId(), $jsonData['items'][2]['entryId']); } public function testApiCanGetDomainEntriesTop(): void { $first = $this->getEntryByTitle('first', url: 'https://google.com'); $second = $this->getEntryByTitle('second', url: 'https://google.com'); $third = $this->getEntryByTitle('third', url: 'https://google.com'); $domain = $first->domain; $voteManager = $this->voteManager; $voteManager->vote(1, $first, $this->getUserByUsername('voter1'), rateLimit: false); $voteManager->vote(1, $first, $this->getUserByUsername('voter2'), rateLimit: false); $voteManager->vote(1, $second, $this->getUserByUsername('voter1'), rateLimit: false); self::createOAuth2AuthCodeClient(); $this->client->loginUser($this->getUserByUsername('user')); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('GET', "/api/domain/{$domain->getId()}/entries?sort=top", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::PAGINATED_KEYS, $jsonData); self::assertIsArray($jsonData['items']); self::assertCount(3, $jsonData['items']); self::assertIsArray($jsonData['pagination']); self::assertArrayKeysMatch(self::PAGINATION_KEYS, $jsonData['pagination']); self::assertSame(3, $jsonData['pagination']['count']); self::assertIsArray($jsonData['items'][0]); self::assertArrayKeysMatch(self::ENTRY_RESPONSE_KEYS, $jsonData['items'][0]); self::assertSame($first->getId(), $jsonData['items'][0]['entryId']); self::assertSame(2, $jsonData['items'][0]['uv']); self::assertIsArray($jsonData['items'][1]); self::assertArrayKeysMatch(self::ENTRY_RESPONSE_KEYS, $jsonData['items'][1]); self::assertSame($second->getId(), $jsonData['items'][1]['entryId']); self::assertSame(1, $jsonData['items'][1]['uv']); self::assertIsArray($jsonData['items'][2]); self::assertArrayKeysMatch(self::ENTRY_RESPONSE_KEYS, $jsonData['items'][2]); self::assertSame($third->getId(), $jsonData['items'][2]['entryId']); self::assertSame(0, $jsonData['items'][2]['uv']); } public function testApiCanGetDomainEntriesWithUserVoteStatus(): void { $this->getEntryByTitle('an entry', body: 'test'); $magazine = $this->getMagazineByNameNoRSAKey('somemag'); $entry = $this->getEntryByTitle('another entry', url: 'https://google.com', magazine: $magazine); $domain = $entry->domain; self::createOAuth2AuthCodeClient(); $this->client->loginUser($this->getUserByUsername('user')); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read vote'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('GET', "/api/domain/{$domain->getId()}/entries", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::PAGINATED_KEYS, $jsonData); self::assertIsArray($jsonData['items']); self::assertCount(1, $jsonData['items']); self::assertIsArray($jsonData['pagination']); self::assertArrayKeysMatch(self::PAGINATION_KEYS, $jsonData['pagination']); self::assertSame(1, $jsonData['pagination']['count']); self::assertIsArray($jsonData['items'][0]); self::assertArrayKeysMatch(self::ENTRY_RESPONSE_KEYS, $jsonData['items'][0]); self::assertSame($entry->getId(), $jsonData['items'][0]['entryId']); self::assertEquals('another entry', $jsonData['items'][0]['title']); self::assertIsArray($jsonData['items'][0]['magazine']); self::assertArrayKeysMatch(self::MAGAZINE_SMALL_RESPONSE_KEYS, $jsonData['items'][0]['magazine']); self::assertSame($magazine->getId(), $jsonData['items'][0]['magazine']['magazineId']); self::assertIsArray($jsonData['items'][0]['user']); self::assertArrayKeysMatch(self::USER_SMALL_RESPONSE_KEYS, $jsonData['items'][0]['user']); self::assertIsArray($jsonData['items'][0]['domain']); self::assertArrayKeysMatch(self::DOMAIN_RESPONSE_KEYS, $jsonData['items'][0]['domain']); self::assertEquals('https://google.com', $jsonData['items'][0]['url']); self::assertNull($jsonData['items'][0]['body']); if (null !== $jsonData['items'][0]['image']) { self::assertStringContainsString('google.com', parse_url($jsonData['items'][0]['image']['sourceUrl'], PHP_URL_HOST)); } self::assertEquals('en', $jsonData['items'][0]['lang']); self::assertEmpty($jsonData['items'][0]['tags']); self::assertSame(0, $jsonData['items'][0]['numComments']); self::assertSame(0, $jsonData['items'][0]['uv']); self::assertSame(0, $jsonData['items'][0]['dv']); self::assertSame(0, $jsonData['items'][0]['favourites']); self::assertFalse($jsonData['items'][0]['isFavourited']); self::assertSame(0, $jsonData['items'][0]['userVote']); self::assertFalse($jsonData['items'][0]['isOc']); self::assertFalse($jsonData['items'][0]['isAdult']); self::assertFalse($jsonData['items'][0]['isPinned']); self::assertStringMatchesFormat('%d-%d-%dT%d:%d:%d%i:00', $jsonData['items'][0]['createdAt'], 'createdAt date format invalid'); self::assertNull($jsonData['items'][0]['editedAt']); self::assertStringMatchesFormat('%d-%d-%dT%d:%d:%d%i:00', $jsonData['items'][0]['lastActive'], 'lastActive date format invalid'); self::assertEquals('link', $jsonData['items'][0]['type']); self::assertEquals('another-entry', $jsonData['items'][0]['slug']); self::assertNull($jsonData['items'][0]['apId']); self::assertNull($jsonData['items'][0]['crosspostedEntries']); } } ================================================ FILE: tests/Functional/Controller/Api/Entry/EntriesActivityApiTest.php ================================================ getUserByUsername('user'); $magazine = $this->getMagazineByNameNoRSAKey('acme'); $entry = $this->getEntryByTitle('test article', body: 'test for activites', user: $user, magazine: $magazine); $this->client->jsonRequest('GET', "/api/entry/{$entry->getId()}/activity"); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::ACTIVITIES_RESPONSE_DTO_KEYS, $jsonData); self::assertSame([], $jsonData['boosts']); self::assertSame([], $jsonData['upvotes']); self::assertSame(null, $jsonData['downvotes']); } public function testUpvotes() { $author = $this->getUserByUsername('userA'); $user1 = $this->getUserByUsername('user1'); $user2 = $this->getUserByUsername('user2'); $this->getUserByUsername('user3'); $magazine = $this->getMagazineByNameNoRSAKey('acme'); $entry = $this->getEntryByTitle('test article', body: 'test for activites', user: $author, magazine: $magazine); $this->favouriteManager->toggle($user1, $entry); $this->favouriteManager->toggle($user2, $entry); $this->client->jsonRequest('GET', "/api/entry/{$entry->getId()}/activity"); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::ACTIVITIES_RESPONSE_DTO_KEYS, $jsonData); self::assertSame([], $jsonData['boosts']); self::assertSame(null, $jsonData['downvotes']); self::assertCount(2, $jsonData['upvotes']); self::assertTrue(array_all($jsonData['upvotes'], function ($u) use ($user1, $user2) { /* @var UserSmallResponseDto $u */ return $u['userId'] === $user1->getId() || $u['userId'] === $user2->getId(); }), serialize($jsonData['upvotes'])); } public function testBoosts() { $author = $this->getUserByUsername('userA'); $user1 = $this->getUserByUsername('user1'); $user2 = $this->getUserByUsername('user2'); $this->getUserByUsername('user3'); $magazine = $this->getMagazineByNameNoRSAKey('acme'); $entry = $this->getEntryByTitle('test article', body: 'test for activites', user: $author, magazine: $magazine); $this->voteManager->upvote($entry, $user1); $this->voteManager->upvote($entry, $user2); $this->client->jsonRequest('GET', "/api/entry/{$entry->getId()}/activity"); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::ACTIVITIES_RESPONSE_DTO_KEYS, $jsonData); self::assertSame([], $jsonData['upvotes']); self::assertSame(null, $jsonData['downvotes']); self::assertCount(2, $jsonData['boosts']); self::assertTrue(array_all($jsonData['boosts'], function ($u) use ($user1, $user2) { /* @var UserSmallResponseDto $u */ return $u['userId'] === $user1->getId() || $u['userId'] === $user2->getId(); }), serialize($jsonData['boosts'])); } } ================================================ FILE: tests/Functional/Controller/Api/Entry/EntryCreateApiNewTest.php ================================================ getMagazineByNameNoRSAKey('acme'); $entryRequest = [ 'title' => 'Anonymous Thread', 'body' => 'This is an article', 'tags' => ['test'], 'isOc' => false, 'lang' => 'en', 'isAdult' => false, ]; $this->client->request('POST', "/api/magazine/{$magazine->getId()}/entries", parameters: $entryRequest); self::assertResponseStatusCodeSame(401); } public function testApiCannotCreateArticleEntryWithoutScope(): void { $magazine = $this->getMagazineByNameNoRSAKey('acme'); $entryRequest = [ 'title' => 'No Scope Thread', 'body' => 'This is an article', 'tags' => ['test'], 'isOc' => false, 'lang' => 'en', 'isAdult' => false, ]; self::createOAuth2AuthCodeClient(); $this->client->loginUser($this->getUserByUsername('user')); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('POST', "/api/magazine/{$magazine->getId()}/entries", parameters: $entryRequest, server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); } public function testApiCannotCreateEntryWithoutTitle(): void { $user = $this->getUserByUsername('user'); $magazine = $this->getMagazineByNameNoRSAKey('acme'); $entryRequest = [ 'body' => 'This has no title', 'url' => 'https://google.com', 'tags' => ['test'], 'isOc' => false, 'lang' => 'en', 'isAdult' => false, ]; self::createOAuth2AuthCodeClient(); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read entry:create'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('POST', "/api/magazine/{$magazine->getId()}/entries", parameters: $entryRequest, server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(400); } public function testApiCanCreateArticleEntry(): void { $user = $this->getUserByUsername('user'); $magazine = $this->getMagazineByNameNoRSAKey('acme'); $entryRequest = [ 'title' => 'Test Thread', 'body' => 'This is an article', 'tags' => ['test'], 'isOc' => false, 'lang' => 'en', 'isAdult' => false, ]; self::createOAuth2AuthCodeClient(); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read entry:create'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('POST', "/api/magazine/{$magazine->getId()}/entries", parameters: $entryRequest, server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(201); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::ENTRY_RESPONSE_KEYS, $jsonData); self::assertNotNull($jsonData['entryId']); self::assertEquals('Test Thread', $jsonData['title']); self::assertIsArray($jsonData['magazine']); self::assertArrayKeysMatch(self::MAGAZINE_SMALL_RESPONSE_KEYS, $jsonData['magazine']); self::assertSame($magazine->getId(), $jsonData['magazine']['magazineId']); self::assertIsArray($jsonData['user']); self::assertArrayKeysMatch(self::USER_SMALL_RESPONSE_KEYS, $jsonData['user']); self::assertSame($user->getId(), $jsonData['user']['userId']); self::assertNull($jsonData['domain']); self::assertNull($jsonData['url']); self::assertEquals('This is an article', $jsonData['body']); self::assertNull($jsonData['image']); self::assertEquals('en', $jsonData['lang']); self::assertIsArray($jsonData['tags']); self::assertSame(['test'], $jsonData['tags']); self::assertIsArray($jsonData['badges']); self::assertEmpty($jsonData['badges']); self::assertSame(0, $jsonData['numComments']); self::assertSame(0, $jsonData['uv']); self::assertSame(0, $jsonData['dv']); self::assertSame(0, $jsonData['favourites']); // No scope for seeing votes granted self::assertNull($jsonData['isFavourited']); self::assertNull($jsonData['userVote']); self::assertFalse($jsonData['isOc']); self::assertFalse($jsonData['isAdult']); self::assertFalse($jsonData['isPinned']); self::assertStringMatchesFormat('%d-%d-%dT%d:%d:%d%i:00', $jsonData['createdAt'], 'createdAt date format invalid'); self::assertNull($jsonData['editedAt']); self::assertStringMatchesFormat('%d-%d-%dT%d:%d:%d%i:00', $jsonData['lastActive'], 'lastActive date format invalid'); self::assertEquals('article', $jsonData['type']); self::assertEquals('Test-Thread', $jsonData['slug']); self::assertNull($jsonData['apId']); } public function testApiCannotCreateLinkEntryAnonymous(): void { $magazine = $this->getMagazineByNameNoRSAKey('acme'); $entryRequest = [ 'title' => 'Anonymous Thread', 'url' => 'https://google.com', 'body' => 'google', 'tags' => ['test'], 'isOc' => false, 'lang' => 'en', 'isAdult' => false, ]; $this->client->request('POST', "/api/magazine/{$magazine->getId()}/entries", parameters: $entryRequest); self::assertResponseStatusCodeSame(401); } public function testApiCannotCreateLinkEntryWithoutScope(): void { $magazine = $this->getMagazineByNameNoRSAKey('acme'); $entryRequest = [ 'title' => 'No Scope Thread', 'url' => 'https://google.com', 'body' => 'google', 'tags' => ['test'], 'isOc' => false, 'lang' => 'en', 'isAdult' => false, ]; self::createOAuth2AuthCodeClient(); $this->client->loginUser($this->getUserByUsername('user')); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('POST', "/api/magazine/{$magazine->getId()}/entries", parameters: $entryRequest, server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); } public function testApiCanCreateLinkEntry(): void { $user = $this->getUserByUsername('user'); $magazine = $this->getMagazineByNameNoRSAKey('acme'); $entryRequest = [ 'title' => 'Test Thread', 'url' => 'https://google.com', 'body' => 'This is a link', 'tags' => ['test'], 'isOc' => false, 'lang' => 'en', 'isAdult' => false, ]; self::createOAuth2AuthCodeClient(); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read entry:create'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('POST', "/api/magazine/{$magazine->getId()}/entries", parameters: $entryRequest, server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(201); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::ENTRY_RESPONSE_KEYS, $jsonData); self::assertNotNull($jsonData['entryId']); self::assertEquals('Test Thread', $jsonData['title']); self::assertIsArray($jsonData['magazine']); self::assertArrayKeysMatch(self::MAGAZINE_SMALL_RESPONSE_KEYS, $jsonData['magazine']); self::assertSame($magazine->getId(), $jsonData['magazine']['magazineId']); self::assertIsArray($jsonData['user']); self::assertArrayKeysMatch(self::USER_SMALL_RESPONSE_KEYS, $jsonData['user']); self::assertSame($user->getId(), $jsonData['user']['userId']); self::assertIsArray($jsonData['domain']); self::assertArrayKeysMatch(self::DOMAIN_RESPONSE_KEYS, $jsonData['domain']); self::assertEquals('https://google.com', $jsonData['url']); self::assertEquals('This is a link', $jsonData['body']); if (null !== $jsonData['image']) { self::assertStringContainsString('google.com', parse_url($jsonData['image']['sourceUrl'], PHP_URL_HOST)); } self::assertEquals('en', $jsonData['lang']); self::assertIsArray($jsonData['tags']); self::assertSame(['test'], $jsonData['tags']); self::assertIsArray($jsonData['badges']); self::assertEmpty($jsonData['badges']); self::assertSame(0, $jsonData['numComments']); self::assertSame(0, $jsonData['uv']); self::assertSame(0, $jsonData['dv']); self::assertSame(0, $jsonData['favourites']); // No scope for seeing votes granted self::assertNull($jsonData['isFavourited']); self::assertNull($jsonData['userVote']); self::assertFalse($jsonData['isOc']); self::assertFalse($jsonData['isAdult']); self::assertFalse($jsonData['isPinned']); self::assertStringMatchesFormat('%d-%d-%dT%d:%d:%d%i:00', $jsonData['createdAt'], 'createdAt date format invalid'); self::assertNull($jsonData['editedAt']); self::assertStringMatchesFormat('%d-%d-%dT%d:%d:%d%i:00', $jsonData['lastActive'], 'lastActive date format invalid'); self::assertEquals('link', $jsonData['type']); self::assertEquals('Test-Thread', $jsonData['slug']); self::assertNull($jsonData['apId']); } public function testApiCanCreateLinkWithImageEntry(): void { $user = $this->getUserByUsername('user'); $magazine = $this->getMagazineByNameNoRSAKey('acme'); $entryRequest = [ 'title' => 'Test Thread', 'url' => 'https://google.com', 'body' => 'This is a link', 'tags' => ['test'], 'isOc' => false, 'lang' => 'en', 'isAdult' => false, ]; self::createOAuth2AuthCodeClient(); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read entry:create'); $token = $codes['token_type'].' '.$codes['access_token']; // Uploading a file appears to delete the file at the given path, so make a copy before upload $tmpPath = bin2hex(random_bytes(32)); copy($this->kibbyPath, $tmpPath.'.png'); $image = new UploadedFile($tmpPath.'.png', 'kibby_emoji.png', 'image/png'); $imageManager = $this->imageManager; $expectedPath = $imageManager->getFilePath($image->getFilename()); $this->client->request( 'POST', "/api/magazine/{$magazine->getId()}/entries", parameters: $entryRequest, files: ['uploadImage' => $image], server: ['HTTP_AUTHORIZATION' => $token], ); self::assertResponseStatusCodeSame(201); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::ENTRY_RESPONSE_KEYS, $jsonData); self::assertNotNull($jsonData['entryId']); self::assertEquals('Test Thread', $jsonData['title']); self::assertIsArray($jsonData['magazine']); self::assertArrayKeysMatch(self::MAGAZINE_SMALL_RESPONSE_KEYS, $jsonData['magazine']); self::assertSame($magazine->getId(), $jsonData['magazine']['magazineId']); self::assertIsArray($jsonData['user']); self::assertArrayKeysMatch(self::USER_SMALL_RESPONSE_KEYS, $jsonData['user']); self::assertSame($user->getId(), $jsonData['user']['userId']); self::assertIsArray($jsonData['domain']); self::assertArrayKeysMatch(self::DOMAIN_RESPONSE_KEYS, $jsonData['domain']); self::assertEquals('https://google.com', $jsonData['url']); self::assertEquals('This is a link', $jsonData['body']); self::assertIsArray($jsonData['image']); self::assertArrayKeysMatch(self::IMAGE_KEYS, $jsonData['image']); self::assertStringContainsString($expectedPath, $jsonData['image']['filePath']); self::assertEquals('en', $jsonData['lang']); self::assertIsArray($jsonData['tags']); self::assertSame(['test'], $jsonData['tags']); self::assertIsArray($jsonData['badges']); self::assertEmpty($jsonData['badges']); self::assertSame(0, $jsonData['numComments']); self::assertSame(0, $jsonData['uv']); self::assertSame(0, $jsonData['dv']); self::assertSame(0, $jsonData['favourites']); // No scope for seeing votes granted self::assertNull($jsonData['isFavourited']); self::assertNull($jsonData['userVote']); self::assertFalse($jsonData['isOc']); self::assertFalse($jsonData['isAdult']); self::assertFalse($jsonData['isPinned']); self::assertStringMatchesFormat('%d-%d-%dT%d:%d:%d%i:00', $jsonData['createdAt'], 'createdAt date format invalid'); self::assertNull($jsonData['editedAt']); self::assertStringMatchesFormat('%d-%d-%dT%d:%d:%d%i:00', $jsonData['lastActive'], 'lastActive date format invalid'); self::assertEquals('image', $jsonData['type']); self::assertEquals('Test-Thread', $jsonData['slug']); self::assertNull($jsonData['apId']); } public function testApiCannotCreateImageEntryAnonymous(): void { $magazine = $this->getMagazineByNameNoRSAKey('acme'); $entryRequest = [ 'title' => 'Anonymous Thread', 'alt' => 'It\'s kibby!', 'tags' => ['test'], 'isOc' => false, 'lang' => 'en', 'isAdult' => false, ]; // Uploading a file appears to delete the file at the given path, so make a copy before upload copy($this->kibbyPath, $this->kibbyPath.'.tmp'); $image = new UploadedFile($this->kibbyPath.'.tmp', 'kibby_emoji.png', 'image/png'); $this->client->request( 'POST', "/api/magazine/{$magazine->getId()}/entries", parameters: $entryRequest, files: ['uploadImage' => $image], ); self::assertResponseStatusCodeSame(401); } public function testApiCannotCreateImageEntryWithoutScope(): void { $magazine = $this->getMagazineByNameNoRSAKey('acme'); $entryRequest = [ 'title' => 'No Scope Thread', 'alt' => 'It\'s kibby!', 'tags' => ['test'], 'isOc' => false, 'lang' => 'en', 'isAdult' => false, ]; // Uploading a file appears to delete the file at the given path, so make a copy before upload copy($this->kibbyPath, $this->kibbyPath.'.tmp'); $image = new UploadedFile($this->kibbyPath.'.tmp', 'kibby_emoji.png', 'image/png'); self::createOAuth2AuthCodeClient(); $this->client->loginUser($this->getUserByUsername('user')); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request( 'POST', "/api/magazine/{$magazine->getId()}/entries", parameters: $entryRequest, files: ['uploadImage' => $image], server: ['HTTP_AUTHORIZATION' => $token] ); self::assertResponseStatusCodeSame(403); } public function testApiCanCreateImageEntry(): void { $user = $this->getUserByUsername('user'); $magazine = $this->getMagazineByNameNoRSAKey('acme'); $entryRequest = [ 'title' => 'Test Thread', 'alt' => 'It\'s kibby!', 'tags' => ['test'], 'isOc' => false, 'lang' => 'en', 'isAdult' => false, ]; self::createOAuth2AuthCodeClient(); $this->client->loginUser($user); // Uploading a file appears to delete the file at the given path, so make a copy before upload $tmpPath = bin2hex(random_bytes(32)); copy($this->kibbyPath, $tmpPath.'.png'); $image = new UploadedFile($tmpPath.'.png', 'kibby_emoji.png', 'image/png'); $imageManager = $this->imageManager; $expectedPath = $imageManager->getFilePath($image->getFilename()); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read entry:create'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request( 'POST', "/api/magazine/{$magazine->getId()}/entries", parameters: $entryRequest, files: ['uploadImage' => $image], server: ['HTTP_AUTHORIZATION' => $token] ); self::assertResponseStatusCodeSame(201); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::ENTRY_RESPONSE_KEYS, $jsonData); self::assertNotNull($jsonData['entryId']); self::assertEquals('Test Thread', $jsonData['title']); self::assertIsArray($jsonData['magazine']); self::assertArrayKeysMatch(self::MAGAZINE_SMALL_RESPONSE_KEYS, $jsonData['magazine']); self::assertSame($magazine->getId(), $jsonData['magazine']['magazineId']); self::assertIsArray($jsonData['user']); self::assertArrayKeysMatch(self::USER_SMALL_RESPONSE_KEYS, $jsonData['user']); self::assertSame($user->getId(), $jsonData['user']['userId']); self::assertNull($jsonData['domain']); self::assertNull($jsonData['url']); self::assertNull($jsonData['body']); self::assertIsArray($jsonData['image']); self::assertArrayKeysMatch(self::IMAGE_KEYS, $jsonData['image']); self::assertStringContainsString($expectedPath, $jsonData['image']['filePath']); self::assertEquals('It\'s kibby!', $jsonData['image']['altText']); self::assertEquals('en', $jsonData['lang']); self::assertIsArray($jsonData['tags']); self::assertSame(['test'], $jsonData['tags']); self::assertIsArray($jsonData['badges']); self::assertEmpty($jsonData['badges']); self::assertSame(0, $jsonData['numComments']); self::assertSame(0, $jsonData['uv']); self::assertSame(0, $jsonData['dv']); self::assertSame(0, $jsonData['favourites']); // No scope for seeing votes granted self::assertNull($jsonData['isFavourited']); self::assertNull($jsonData['userVote']); self::assertFalse($jsonData['isOc']); self::assertFalse($jsonData['isAdult']); self::assertFalse($jsonData['isPinned']); self::assertStringMatchesFormat('%d-%d-%dT%d:%d:%d%i:00', $jsonData['createdAt'], 'createdAt date format invalid'); self::assertNull($jsonData['editedAt']); self::assertStringMatchesFormat('%d-%d-%dT%d:%d:%d%i:00', $jsonData['lastActive'], 'lastActive date format invalid'); self::assertEquals('image', $jsonData['type']); self::assertEquals('Test-Thread', $jsonData['slug']); self::assertNull($jsonData['apId']); } public function testApiCanCreateImageWithBodyEntry(): void { $user = $this->getUserByUsername('user'); $magazine = $this->getMagazineByNameNoRSAKey('acme'); $entryRequest = [ 'title' => 'Test Thread', 'body' => 'Isn\'t it a cute picture?', 'alt' => 'It\'s kibby!', 'tags' => ['test'], 'isOc' => false, 'lang' => 'en', 'isAdult' => false, ]; self::createOAuth2AuthCodeClient(); $this->client->loginUser($user); // Uploading a file appears to delete the file at the given path, so make a copy before upload $tmpPath = bin2hex(random_bytes(32)); copy($this->kibbyPath, $tmpPath.'.png'); $image = new UploadedFile($tmpPath.'.png', 'kibby_emoji.png', 'image/png'); $imageManager = $this->imageManager; $expectedPath = $imageManager->getFilePath($image->getFilename()); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read entry:create'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request( 'POST', "/api/magazine/{$magazine->getId()}/entries", parameters: $entryRequest, files: ['uploadImage' => $image], server: ['HTTP_AUTHORIZATION' => $token] ); self::assertResponseStatusCodeSame(201); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::ENTRY_RESPONSE_KEYS, $jsonData); self::assertNotNull($jsonData['entryId']); self::assertEquals('Test Thread', $jsonData['title']); self::assertIsArray($jsonData['magazine']); self::assertArrayKeysMatch(self::MAGAZINE_SMALL_RESPONSE_KEYS, $jsonData['magazine']); self::assertSame($magazine->getId(), $jsonData['magazine']['magazineId']); self::assertIsArray($jsonData['user']); self::assertArrayKeysMatch(self::USER_SMALL_RESPONSE_KEYS, $jsonData['user']); self::assertSame($user->getId(), $jsonData['user']['userId']); self::assertNull($jsonData['domain']); self::assertNull($jsonData['url']); self::assertEquals('Isn\'t it a cute picture?', $jsonData['body']); self::assertIsArray($jsonData['image']); self::assertArrayKeysMatch(self::IMAGE_KEYS, $jsonData['image']); self::assertStringContainsString($expectedPath, $jsonData['image']['filePath']); self::assertEquals('It\'s kibby!', $jsonData['image']['altText']); self::assertEquals('en', $jsonData['lang']); self::assertIsArray($jsonData['tags']); self::assertSame(['test'], $jsonData['tags']); self::assertIsArray($jsonData['badges']); self::assertEmpty($jsonData['badges']); self::assertSame(0, $jsonData['numComments']); self::assertSame(0, $jsonData['uv']); self::assertSame(0, $jsonData['dv']); self::assertSame(0, $jsonData['favourites']); // No scope for seeing votes granted self::assertNull($jsonData['isFavourited']); self::assertNull($jsonData['userVote']); self::assertFalse($jsonData['isOc']); self::assertFalse($jsonData['isAdult']); self::assertFalse($jsonData['isPinned']); self::assertStringMatchesFormat('%d-%d-%dT%d:%d:%d%i:00', $jsonData['createdAt'], 'createdAt date format invalid'); self::assertNull($jsonData['editedAt']); self::assertStringMatchesFormat('%d-%d-%dT%d:%d:%d%i:00', $jsonData['lastActive'], 'lastActive date format invalid'); self::assertEquals('image', $jsonData['type']); self::assertEquals('Test-Thread', $jsonData['slug']); self::assertNull($jsonData['apId']); } public function testApiCannotCreateEntryWithoutMagazine(): void { $magazine = $this->getMagazineByNameNoRSAKey('acme'); $invalidId = $magazine->getId() + 1; $entryRequest = [ 'title' => 'No Url/Body Thread', 'tags' => ['test'], 'isOc' => false, 'lang' => 'en', 'isAdult' => false, ]; self::createOAuth2AuthCodeClient(); $this->client->loginUser($this->getUserByUsername('user')); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read entry:create'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('POST', "/api/magazine/{$invalidId}/entries", parameters: $entryRequest, server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(404); } public function testApiCannotCreateEntryWithoutUrlBodyOrImage(): void { $magazine = $this->getMagazineByNameNoRSAKey('acme'); $entryRequest = [ 'title' => 'No Url/Body Thread', 'tags' => ['test'], 'isOc' => false, 'lang' => 'en', 'isAdult' => false, ]; self::createOAuth2AuthCodeClient(); $this->client->loginUser($this->getUserByUsername('user')); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read entry:create'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('POST', "/api/magazine/{$magazine->getId()}/entries", parameters: $entryRequest, server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(400); } } ================================================ FILE: tests/Functional/Controller/Api/Entry/EntryCreateApiTest.php ================================================ getMagazineByNameNoRSAKey('acme'); $entryRequest = [ 'title' => 'Anonymous Thread', 'body' => 'This is an article', 'tags' => ['test'], 'isOc' => false, 'lang' => 'en', 'isAdult' => false, ]; $this->client->jsonRequest('POST', "/api/magazine/{$magazine->getId()}/article", parameters: $entryRequest); self::assertResponseStatusCodeSame(401); } public function testApiCannotCreateArticleEntryWithoutScope(): void { $magazine = $this->getMagazineByNameNoRSAKey('acme'); $entryRequest = [ 'title' => 'No Scope Thread', 'body' => 'This is an article', 'tags' => ['test'], 'isOc' => false, 'lang' => 'en', 'isAdult' => false, ]; self::createOAuth2AuthCodeClient(); $this->client->loginUser($this->getUserByUsername('user')); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->jsonRequest('POST', "/api/magazine/{$magazine->getId()}/article", parameters: $entryRequest, server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); } public function testApiCanCreateArticleEntry(): void { $user = $this->getUserByUsername('user'); $magazine = $this->getMagazineByNameNoRSAKey('acme'); $entryRequest = [ 'title' => 'Test Thread', 'body' => 'This is an article', 'tags' => ['test'], 'isOc' => false, 'lang' => 'en', 'isAdult' => false, ]; self::createOAuth2AuthCodeClient(); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read entry:create'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->jsonRequest('POST', "/api/magazine/{$magazine->getId()}/article", parameters: $entryRequest, server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(201); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::ENTRY_RESPONSE_KEYS, $jsonData); self::assertNotNull($jsonData['entryId']); self::assertEquals('Test Thread', $jsonData['title']); self::assertIsArray($jsonData['magazine']); self::assertArrayKeysMatch(self::MAGAZINE_SMALL_RESPONSE_KEYS, $jsonData['magazine']); self::assertSame($magazine->getId(), $jsonData['magazine']['magazineId']); self::assertIsArray($jsonData['user']); self::assertArrayKeysMatch(self::USER_SMALL_RESPONSE_KEYS, $jsonData['user']); self::assertSame($user->getId(), $jsonData['user']['userId']); self::assertNull($jsonData['domain']); self::assertNull($jsonData['url']); self::assertEquals('This is an article', $jsonData['body']); self::assertNull($jsonData['image']); self::assertEquals('en', $jsonData['lang']); self::assertIsArray($jsonData['tags']); self::assertSame(['test'], $jsonData['tags']); self::assertIsArray($jsonData['badges']); self::assertEmpty($jsonData['badges']); self::assertSame(0, $jsonData['numComments']); self::assertSame(0, $jsonData['uv']); self::assertSame(0, $jsonData['dv']); self::assertSame(0, $jsonData['favourites']); // No scope for seeing votes granted self::assertNull($jsonData['isFavourited']); self::assertNull($jsonData['userVote']); self::assertFalse($jsonData['isOc']); self::assertFalse($jsonData['isAdult']); self::assertFalse($jsonData['isPinned']); self::assertStringMatchesFormat('%d-%d-%dT%d:%d:%d%i:00', $jsonData['createdAt'], 'createdAt date format invalid'); self::assertNull($jsonData['editedAt']); self::assertStringMatchesFormat('%d-%d-%dT%d:%d:%d%i:00', $jsonData['lastActive'], 'lastActive date format invalid'); self::assertEquals('article', $jsonData['type']); self::assertEquals('Test-Thread', $jsonData['slug']); self::assertNull($jsonData['apId']); } public function testApiCannotCreateLinkEntryAnonymous(): void { $magazine = $this->getMagazineByNameNoRSAKey('acme'); $entryRequest = [ 'title' => 'Anonymous Thread', 'url' => 'https://google.com', 'body' => 'google', 'tags' => ['test'], 'isOc' => false, 'lang' => 'en', 'isAdult' => false, ]; $this->client->jsonRequest('POST', "/api/magazine/{$magazine->getId()}/link", parameters: $entryRequest); self::assertResponseStatusCodeSame(401); } public function testApiCannotCreateLinkEntryWithoutScope(): void { $magazine = $this->getMagazineByNameNoRSAKey('acme'); $entryRequest = [ 'title' => 'No Scope Thread', 'url' => 'https://google.com', 'body' => 'google', 'tags' => ['test'], 'isOc' => false, 'lang' => 'en', 'isAdult' => false, ]; self::createOAuth2AuthCodeClient(); $this->client->loginUser($this->getUserByUsername('user')); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->jsonRequest('POST', "/api/magazine/{$magazine->getId()}/link", parameters: $entryRequest, server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); } public function testApiCanCreateLinkEntry(): void { $user = $this->getUserByUsername('user'); $magazine = $this->getMagazineByNameNoRSAKey('acme'); $entryRequest = [ 'title' => 'Test Thread', 'url' => 'https://google.com', 'body' => 'This is a link', 'tags' => ['test'], 'isOc' => false, 'lang' => 'en', 'isAdult' => false, ]; self::createOAuth2AuthCodeClient(); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read entry:create'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->jsonRequest('POST', "/api/magazine/{$magazine->getId()}/link", parameters: $entryRequest, server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(201); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::ENTRY_RESPONSE_KEYS, $jsonData); self::assertNotNull($jsonData['entryId']); self::assertEquals('Test Thread', $jsonData['title']); self::assertIsArray($jsonData['magazine']); self::assertArrayKeysMatch(self::MAGAZINE_SMALL_RESPONSE_KEYS, $jsonData['magazine']); self::assertSame($magazine->getId(), $jsonData['magazine']['magazineId']); self::assertIsArray($jsonData['user']); self::assertArrayKeysMatch(self::USER_SMALL_RESPONSE_KEYS, $jsonData['user']); self::assertSame($user->getId(), $jsonData['user']['userId']); self::assertIsArray($jsonData['domain']); self::assertArrayKeysMatch(self::DOMAIN_RESPONSE_KEYS, $jsonData['domain']); self::assertEquals('https://google.com', $jsonData['url']); self::assertEquals('This is a link', $jsonData['body']); if (null !== $jsonData['image']) { self::assertStringContainsString('google.com', parse_url($jsonData['image']['sourceUrl'], PHP_URL_HOST)); } self::assertEquals('en', $jsonData['lang']); self::assertIsArray($jsonData['tags']); self::assertSame(['test'], $jsonData['tags']); self::assertIsArray($jsonData['badges']); self::assertEmpty($jsonData['badges']); self::assertSame(0, $jsonData['numComments']); self::assertSame(0, $jsonData['uv']); self::assertSame(0, $jsonData['dv']); self::assertSame(0, $jsonData['favourites']); // No scope for seeing votes granted self::assertNull($jsonData['isFavourited']); self::assertNull($jsonData['userVote']); self::assertFalse($jsonData['isOc']); self::assertFalse($jsonData['isAdult']); self::assertFalse($jsonData['isPinned']); self::assertStringMatchesFormat('%d-%d-%dT%d:%d:%d%i:00', $jsonData['createdAt'], 'createdAt date format invalid'); self::assertNull($jsonData['editedAt']); self::assertStringMatchesFormat('%d-%d-%dT%d:%d:%d%i:00', $jsonData['lastActive'], 'lastActive date format invalid'); self::assertEquals('link', $jsonData['type']); self::assertEquals('Test-Thread', $jsonData['slug']); self::assertNull($jsonData['apId']); } public function testApiCannotCreateImageEntryAnonymous(): void { $magazine = $this->getMagazineByNameNoRSAKey('acme'); $entryRequest = [ 'title' => 'Anonymous Thread', 'alt' => 'It\'s kibby!', 'tags' => ['test'], 'isOc' => false, 'lang' => 'en', 'isAdult' => false, ]; // Uploading a file appears to delete the file at the given path, so make a copy before upload copy($this->kibbyPath, $this->kibbyPath.'.tmp'); $image = new UploadedFile($this->kibbyPath.'.tmp', 'kibby_emoji.png', 'image/png'); $this->client->request( 'POST', "/api/magazine/{$magazine->getId()}/image", parameters: $entryRequest, files: ['uploadImage' => $image], ); self::assertResponseStatusCodeSame(401); } public function testApiCannotCreateImageEntryWithoutScope(): void { $magazine = $this->getMagazineByNameNoRSAKey('acme'); $entryRequest = [ 'title' => 'No Scope Thread', 'alt' => 'It\'s kibby!', 'tags' => ['test'], 'isOc' => false, 'lang' => 'en', 'isAdult' => false, ]; // Uploading a file appears to delete the file at the given path, so make a copy before upload copy($this->kibbyPath, $this->kibbyPath.'.tmp'); $image = new UploadedFile($this->kibbyPath.'.tmp', 'kibby_emoji.png', 'image/png'); self::createOAuth2AuthCodeClient(); $this->client->loginUser($this->getUserByUsername('user')); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request( 'POST', "/api/magazine/{$magazine->getId()}/image", parameters: $entryRequest, files: ['uploadImage' => $image], server: ['HTTP_AUTHORIZATION' => $token] ); self::assertResponseStatusCodeSame(403); } public function testApiCanCreateImageEntry(): void { $user = $this->getUserByUsername('user'); $magazine = $this->getMagazineByNameNoRSAKey('acme'); $entryRequest = [ 'title' => 'Test Thread', 'alt' => 'It\'s kibby!', 'tags' => ['test'], 'isOc' => false, 'lang' => 'en', 'isAdult' => false, ]; self::createOAuth2AuthCodeClient(); $this->client->loginUser($user); // Uploading a file appears to delete the file at the given path, so make a copy before upload $tmpPath = bin2hex(random_bytes(32)); copy($this->kibbyPath, $tmpPath.'.png'); $image = new UploadedFile($tmpPath.'.png', 'kibby_emoji.png', 'image/png'); $imageManager = $this->imageManager; $expectedPath = $imageManager->getFilePath($image->getFilename()); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read entry:create'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request( 'POST', "/api/magazine/{$magazine->getId()}/image", parameters: $entryRequest, files: ['uploadImage' => $image], server: ['HTTP_AUTHORIZATION' => $token] ); self::assertResponseStatusCodeSame(201); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::ENTRY_RESPONSE_KEYS, $jsonData); self::assertNotNull($jsonData['entryId']); self::assertEquals('Test Thread', $jsonData['title']); self::assertIsArray($jsonData['magazine']); self::assertArrayKeysMatch(self::MAGAZINE_SMALL_RESPONSE_KEYS, $jsonData['magazine']); self::assertSame($magazine->getId(), $jsonData['magazine']['magazineId']); self::assertIsArray($jsonData['user']); self::assertArrayKeysMatch(self::USER_SMALL_RESPONSE_KEYS, $jsonData['user']); self::assertSame($user->getId(), $jsonData['user']['userId']); self::assertNull($jsonData['domain']); self::assertNull($jsonData['url']); self::assertNull($jsonData['body']); self::assertIsArray($jsonData['image']); self::assertArrayKeysMatch(self::IMAGE_KEYS, $jsonData['image']); self::assertStringContainsString($expectedPath, $jsonData['image']['filePath']); self::assertEquals('It\'s kibby!', $jsonData['image']['altText']); self::assertEquals('en', $jsonData['lang']); self::assertIsArray($jsonData['tags']); self::assertSame(['test'], $jsonData['tags']); self::assertIsArray($jsonData['badges']); self::assertEmpty($jsonData['badges']); self::assertSame(0, $jsonData['numComments']); self::assertSame(0, $jsonData['uv']); self::assertSame(0, $jsonData['dv']); self::assertSame(0, $jsonData['favourites']); // No scope for seeing votes granted self::assertNull($jsonData['isFavourited']); self::assertNull($jsonData['userVote']); self::assertFalse($jsonData['isOc']); self::assertFalse($jsonData['isAdult']); self::assertFalse($jsonData['isPinned']); self::assertStringMatchesFormat('%d-%d-%dT%d:%d:%d%i:00', $jsonData['createdAt'], 'createdAt date format invalid'); self::assertNull($jsonData['editedAt']); self::assertStringMatchesFormat('%d-%d-%dT%d:%d:%d%i:00', $jsonData['lastActive'], 'lastActive date format invalid'); self::assertEquals('image', $jsonData['type']); self::assertEquals('Test-Thread', $jsonData['slug']); self::assertNull($jsonData['apId']); } public function testApiCanCreateImageEntryWithBody(): void { $user = $this->getUserByUsername('user'); $magazine = $this->getMagazineByNameNoRSAKey('acme'); $entryRequest = [ 'title' => 'Test Thread', 'alt' => 'It\'s kibby!', 'tags' => ['test'], 'isOc' => false, 'lang' => 'en', 'isAdult' => false, 'body' => 'body text', ]; self::createOAuth2AuthCodeClient(); $this->client->loginUser($user); // Uploading a file appears to delete the file at the given path, so make a copy before upload $tmpPath = bin2hex(random_bytes(32)); copy($this->kibbyPath, $tmpPath.'.png'); $image = new UploadedFile($tmpPath.'.png', 'kibby_emoji.png', 'image/png'); $imageManager = $this->imageManager; $expectedPath = $imageManager->getFilePath($image->getFilename()); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read entry:create'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request( 'POST', "/api/magazine/{$magazine->getId()}/image", parameters: $entryRequest, files: ['uploadImage' => $image], server: ['HTTP_AUTHORIZATION' => $token] ); self::assertResponseStatusCodeSame(201); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::ENTRY_RESPONSE_KEYS, $jsonData); self::assertNotNull($jsonData['entryId']); self::assertEquals('Test Thread', $jsonData['title']); self::assertIsArray($jsonData['magazine']); self::assertArrayKeysMatch(self::MAGAZINE_SMALL_RESPONSE_KEYS, $jsonData['magazine']); self::assertSame($magazine->getId(), $jsonData['magazine']['magazineId']); self::assertIsArray($jsonData['user']); self::assertArrayKeysMatch(self::USER_SMALL_RESPONSE_KEYS, $jsonData['user']); self::assertSame($user->getId(), $jsonData['user']['userId']); self::assertNull($jsonData['domain']); self::assertNull($jsonData['url']); self::assertEquals('body text', $jsonData['body']); self::assertIsArray($jsonData['image']); self::assertArrayKeysMatch(self::IMAGE_KEYS, $jsonData['image']); self::assertStringContainsString($expectedPath, $jsonData['image']['filePath']); self::assertEquals('It\'s kibby!', $jsonData['image']['altText']); self::assertEquals('en', $jsonData['lang']); self::assertIsArray($jsonData['tags']); self::assertSame(['test'], $jsonData['tags']); self::assertIsArray($jsonData['badges']); self::assertEmpty($jsonData['badges']); self::assertSame(0, $jsonData['numComments']); self::assertSame(0, $jsonData['uv']); self::assertSame(0, $jsonData['dv']); self::assertSame(0, $jsonData['favourites']); // No scope for seeing votes granted self::assertNull($jsonData['isFavourited']); self::assertNull($jsonData['userVote']); self::assertFalse($jsonData['isOc']); self::assertFalse($jsonData['isAdult']); self::assertFalse($jsonData['isPinned']); self::assertStringMatchesFormat('%d-%d-%dT%d:%d:%d%i:00', $jsonData['createdAt'], 'createdAt date format invalid'); self::assertNull($jsonData['editedAt']); self::assertStringMatchesFormat('%d-%d-%dT%d:%d:%d%i:00', $jsonData['lastActive'], 'lastActive date format invalid'); self::assertEquals('image', $jsonData['type']); self::assertEquals('Test-Thread', $jsonData['slug']); self::assertNull($jsonData['apId']); } public function testApiCannotCreateEntryWithoutMagazine(): void { $magazine = $this->getMagazineByNameNoRSAKey('acme'); $invalidId = $magazine->getId() + 1; $entryRequest = [ 'title' => 'No Url/Body Thread', 'tags' => ['test'], 'isOc' => false, 'lang' => 'en', 'isAdult' => false, ]; self::createOAuth2AuthCodeClient(); $this->client->loginUser($this->getUserByUsername('user')); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read entry:create'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->jsonRequest('POST', "/api/magazine/{$invalidId}/article", parameters: $entryRequest, server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(404); $this->client->jsonRequest('POST', "/api/magazine/{$invalidId}/link", parameters: $entryRequest, server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(404); $this->client->request('POST', "/api/magazine/{$invalidId}/image", parameters: $entryRequest, server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(404); } public function testApiCannotCreateEntryWithoutUrlBodyOrImage(): void { $magazine = $this->getMagazineByNameNoRSAKey('acme'); $entryRequest = [ 'title' => 'No Url/Body Thread', 'tags' => ['test'], 'isOc' => false, 'lang' => 'en', 'isAdult' => false, ]; self::createOAuth2AuthCodeClient(); $this->client->loginUser($this->getUserByUsername('user')); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read entry:create'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->jsonRequest('POST', "/api/magazine/{$magazine->getId()}/article", parameters: $entryRequest, server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(400); $this->client->jsonRequest('POST', "/api/magazine/{$magazine->getId()}/link", parameters: $entryRequest, server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(400); $this->client->request('POST', "/api/magazine/{$magazine->getId()}/image", parameters: $entryRequest, server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(400); } } ================================================ FILE: tests/Functional/Controller/Api/Entry/EntryDeleteApiTest.php ================================================ getMagazineByNameNoRSAKey('acme'); $entry = $this->getEntryByTitle('test article', body: 'test for deletion', magazine: $magazine); $this->client->request('DELETE', "/api/entry/{$entry->getId()}"); self::assertResponseStatusCodeSame(401); } public function testApiCannotDeleteArticleEntryWithoutScope(): void { $user = $this->getUserByUsername('user'); $magazine = $this->getMagazineByNameNoRSAKey('acme'); $entry = $this->getEntryByTitle('test article', body: 'test for deletion', user: $user, magazine: $magazine); self::createOAuth2AuthCodeClient(); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('DELETE', "/api/entry/{$entry->getId()}", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); } public function testApiCannotDeleteOtherUsersArticleEntry(): void { $otherUser = $this->getUserByUsername('somebody'); $user = $this->getUserByUsername('user'); $magazine = $this->getMagazineByNameNoRSAKey('acme'); $entry = $this->getEntryByTitle('test article', body: 'test for deletion', user: $otherUser, magazine: $magazine); self::createOAuth2AuthCodeClient(); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read entry:delete'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('DELETE', "/api/entry/{$entry->getId()}", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); } public function testApiCanDeleteArticleEntry(): void { $user = $this->getUserByUsername('user'); $magazine = $this->getMagazineByNameNoRSAKey('acme'); $entry = $this->getEntryByTitle('test article', body: 'test for deletion', user: $user, magazine: $magazine); self::createOAuth2AuthCodeClient(); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read entry:delete'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('DELETE', "/api/entry/{$entry->getId()}", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(204); } public function testApiCannotDeleteLinkEntryAnonymous(): void { $magazine = $this->getMagazineByNameNoRSAKey('acme'); $entry = $this->getEntryByTitle('test link', url: 'https://google.com'); $this->client->request('DELETE', "/api/entry/{$entry->getId()}"); self::assertResponseStatusCodeSame(401); } public function testApiCannotDeleteLinkEntryWithoutScope(): void { $user = $this->getUserByUsername('user'); $magazine = $this->getMagazineByNameNoRSAKey('acme'); $entry = $this->getEntryByTitle('test link', url: 'https://google.com', user: $user, magazine: $magazine); self::createOAuth2AuthCodeClient(); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('DELETE', "/api/entry/{$entry->getId()}", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); } public function testApiCannotDeleteOtherUsersLinkEntry(): void { $otherUser = $this->getUserByUsername('somebody'); $user = $this->getUserByUsername('user'); $magazine = $this->getMagazineByNameNoRSAKey('acme'); $entry = $this->getEntryByTitle('test link', url: 'https://google.com', user: $otherUser, magazine: $magazine); self::createOAuth2AuthCodeClient(); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read entry:delete'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('DELETE', "/api/entry/{$entry->getId()}", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); } public function testApiCanDeleteLinkEntry(): void { $user = $this->getUserByUsername('user'); $magazine = $this->getMagazineByNameNoRSAKey('acme'); $entry = $this->getEntryByTitle('test link', url: 'https://google.com', user: $user, magazine: $magazine); self::createOAuth2AuthCodeClient(); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read entry:delete'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('DELETE', "/api/entry/{$entry->getId()}", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(204); } public function testApiCannotDeleteImageEntryAnonymous(): void { $magazine = $this->getMagazineByNameNoRSAKey('acme'); $imageDto = $this->getKibbyImageDto(); $entry = $this->getEntryByTitle('test image', image: $imageDto, magazine: $magazine); $this->client->request('DELETE', "/api/entry/{$entry->getId()}"); self::assertResponseStatusCodeSame(401); } public function testApiCannotDeleteImageEntryWithoutScope(): void { $magazine = $this->getMagazineByNameNoRSAKey('acme'); $user = $this->getUserByUsername('user'); $imageDto = $this->getKibbyImageDto(); $entry = $this->getEntryByTitle('test image', image: $imageDto, user: $user, magazine: $magazine); self::createOAuth2AuthCodeClient(); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('DELETE', "/api/entry/{$entry->getId()}", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); } public function testApiCanDeleteOtherUsersImageEntry(): void { $otherUser = $this->getUserByUsername('somebody'); $user = $this->getUserByUsername('user'); $magazine = $this->getMagazineByNameNoRSAKey('acme'); $imageDto = $this->getKibbyImageDto(); $entry = $this->getEntryByTitle('test image', image: $imageDto, user: $otherUser, magazine: $magazine); self::createOAuth2AuthCodeClient(); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read entry:delete'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('DELETE', "/api/entry/{$entry->getId()}", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); } public function testApiCanDeleteImageEntry(): void { $user = $this->getUserByUsername('user'); $magazine = $this->getMagazineByNameNoRSAKey('acme'); $imageDto = $this->getKibbyImageDto(); $entry = $this->getEntryByTitle('test image', image: $imageDto, user: $user, magazine: $magazine); self::createOAuth2AuthCodeClient(); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read entry:delete'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('DELETE', "/api/entry/{$entry->getId()}", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(204); } } ================================================ FILE: tests/Functional/Controller/Api/Entry/EntryFavouriteApiTest.php ================================================ getMagazineByNameNoRSAKey('acme'); $entry = $this->getEntryByTitle('test article', body: 'test for favourite', magazine: $magazine); $this->client->jsonRequest('PUT', "/api/entry/{$entry->getId()}/favourite"); self::assertResponseStatusCodeSame(401); } public function testApiCannotFavouriteEntryWithoutScope(): void { $user = $this->getUserByUsername('user'); $magazine = $this->getMagazineByNameNoRSAKey('acme'); $entry = $this->getEntryByTitle('test article', body: 'test for favourite', user: $user, magazine: $magazine); self::createOAuth2AuthCodeClient(); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->jsonRequest('PUT', "/api/entry/{$entry->getId()}/favourite", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); } public function testApiCanFavouriteEntry(): void { $user = $this->getUserByUsername('user'); $magazine = $this->getMagazineByNameNoRSAKey('acme'); $entry = $this->getEntryByTitle('test article', body: 'test for favourite', user: $user, magazine: $magazine); self::createOAuth2AuthCodeClient(); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read entry:vote'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->jsonRequest('PUT', "/api/entry/{$entry->getId()}/favourite", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::ENTRY_RESPONSE_KEYS, $jsonData); self::assertSame($entry->getId(), $jsonData['entryId']); self::assertEquals($entry->title, $jsonData['title']); self::assertIsArray($jsonData['magazine']); self::assertArrayKeysMatch(self::MAGAZINE_SMALL_RESPONSE_KEYS, $jsonData['magazine']); self::assertSame($magazine->getId(), $jsonData['magazine']['magazineId']); self::assertIsArray($jsonData['user']); self::assertArrayKeysMatch(self::USER_SMALL_RESPONSE_KEYS, $jsonData['user']); self::assertSame($user->getId(), $jsonData['user']['userId']); self::assertNull($jsonData['domain']); self::assertNull($jsonData['url']); self::assertEquals($entry->body, $jsonData['body']); self::assertNull($jsonData['image']); self::assertEquals($entry->lang, $jsonData['lang']); self::assertEmpty($jsonData['tags']); self::assertIsArray($jsonData['badges']); self::assertEmpty($jsonData['badges']); self::assertSame(0, $jsonData['numComments']); self::assertSame(0, $jsonData['uv']); self::assertSame(0, $jsonData['dv']); self::assertSame(1, $jsonData['favourites']); // No scope for seeing votes granted self::assertTrue($jsonData['isFavourited']); self::assertSame(0, $jsonData['userVote']); self::assertFalse($jsonData['isOc']); self::assertFalse($jsonData['isAdult']); self::assertFalse($jsonData['isPinned']); self::assertStringMatchesFormat('%d-%d-%dT%d:%d:%d%i:00', $jsonData['createdAt'], 'createdAt date format invalid'); self::assertNull($jsonData['editedAt']); self::assertStringMatchesFormat('%d-%d-%dT%d:%d:%d%i:00', $jsonData['lastActive'], 'lastActive date format invalid'); self::assertEquals('article', $jsonData['type']); self::assertEquals('test-article', $jsonData['slug']); self::assertNull($jsonData['apId']); } } ================================================ FILE: tests/Functional/Controller/Api/Entry/EntryReportApiTest.php ================================================ getMagazineByNameNoRSAKey('acme'); $entry = $this->getEntryByTitle('test article', body: 'test for report', magazine: $magazine); $reportRequest = [ 'reason' => 'Test reporting', ]; $this->client->jsonRequest('POST', "/api/entry/{$entry->getId()}/report", $reportRequest); self::assertResponseStatusCodeSame(401); } public function testApiCannotReportEntryWithoutScope(): void { $user = $this->getUserByUsername('user'); $magazine = $this->getMagazineByNameNoRSAKey('acme'); $entry = $this->getEntryByTitle('test article', body: 'test for report', user: $user, magazine: $magazine); $reportRequest = [ 'reason' => 'Test reporting', ]; self::createOAuth2AuthCodeClient(); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->jsonRequest('POST', "/api/entry/{$entry->getId()}/report", $reportRequest, server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); } public function testApiCanReportEntry(): void { $user = $this->getUserByUsername('user'); $otherUser = $this->getUserByUsername('somebody'); $magazine = $this->getMagazineByNameNoRSAKey('acme'); $entry = $this->getEntryByTitle('test article', body: 'test for report', user: $otherUser, magazine: $magazine); $reportRequest = [ 'reason' => 'Test reporting', ]; $magazineRepository = $this->magazineRepository; self::createOAuth2AuthCodeClient(); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read entry:report'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->jsonRequest('POST', "/api/entry/{$entry->getId()}/report", $reportRequest, server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(204); $magazine = $magazineRepository->find($magazine->getId()); $reports = $magazineRepository->findReports($magazine); self::assertSame(1, $reports->count()); /** @var Report $report */ $report = $reports->getCurrentPageResults()[0]; self::assertEquals('Test reporting', $report->reason); self::assertSame($user->getId(), $report->reporting->getId()); self::assertSame($otherUser->getId(), $report->reported->getId()); self::assertSame($entry->getId(), $report->getSubject()->getId()); } } ================================================ FILE: tests/Functional/Controller/Api/Entry/EntryRetrieveApiTest.php ================================================ client->request('GET', '/api/entries/subscribed'); self::assertResponseStatusCodeSame(401); } public function testApiCannotGetSubscribedEntriesWithoutScope(): void { self::createOAuth2AuthCodeClient(); $this->client->loginUser($this->getUserByUsername('user')); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'write'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('GET', '/api/entries/subscribed', server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); } public function testApiCanGetSubscribedEntries(): void { $user = $this->getUserByUsername('user'); $this->getEntryByTitle('an entry', body: 'test'); $magazine = $this->getMagazineByNameNoRSAKey('somemag', $user); $entry = $this->getEntryByTitle('another entry', url: 'https://google.com', magazine: $magazine); self::createOAuth2AuthCodeClient(); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('GET', '/api/entries/subscribed', server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::PAGINATED_KEYS, $jsonData); self::assertIsArray($jsonData['items']); self::assertCount(1, $jsonData['items']); self::assertIsArray($jsonData['pagination']); self::assertArrayKeysMatch(self::PAGINATION_KEYS, $jsonData['pagination']); self::assertSame(1, $jsonData['pagination']['count']); self::assertIsArray($jsonData['items'][0]); self::assertArrayKeysMatch(self::ENTRY_RESPONSE_KEYS, $jsonData['items'][0]); self::assertSame($entry->getId(), $jsonData['items'][0]['entryId']); self::assertEquals('another entry', $jsonData['items'][0]['title']); self::assertIsArray($jsonData['items'][0]['magazine']); self::assertArrayKeysMatch(self::MAGAZINE_SMALL_RESPONSE_KEYS, $jsonData['items'][0]['magazine']); self::assertSame($magazine->getId(), $jsonData['items'][0]['magazine']['magazineId']); self::assertIsArray($jsonData['items'][0]['user']); self::assertArrayKeysMatch(self::USER_SMALL_RESPONSE_KEYS, $jsonData['items'][0]['user']); self::assertIsArray($jsonData['items'][0]['domain']); self::assertArrayKeysMatch(self::DOMAIN_RESPONSE_KEYS, $jsonData['items'][0]['domain']); self::assertEquals('https://google.com', $jsonData['items'][0]['url']); self::assertNull($jsonData['items'][0]['body']); if (null !== $jsonData['items'][0]['image']) { self::assertStringContainsString('google.com', parse_url($jsonData['items'][0]['image']['sourceUrl'], PHP_URL_HOST)); } self::assertEquals('en', $jsonData['items'][0]['lang']); self::assertEmpty($jsonData['items'][0]['tags']); self::assertIsArray($jsonData['items'][0]['badges']); self::assertEmpty($jsonData['items'][0]['badges']); self::assertSame(0, $jsonData['items'][0]['numComments']); self::assertSame(0, $jsonData['items'][0]['uv']); self::assertSame(0, $jsonData['items'][0]['dv']); self::assertSame(0, $jsonData['items'][0]['favourites']); // No scope for seeing votes granted self::assertNull($jsonData['items'][0]['isFavourited']); self::assertNull($jsonData['items'][0]['userVote']); self::assertFalse($jsonData['items'][0]['isOc']); self::assertFalse($jsonData['items'][0]['isAdult']); self::assertFalse($jsonData['items'][0]['isPinned']); self::assertStringMatchesFormat('%d-%d-%dT%d:%d:%d%i:00', $jsonData['items'][0]['createdAt'], 'createdAt date format invalid'); self::assertNull($jsonData['items'][0]['editedAt']); self::assertStringMatchesFormat('%d-%d-%dT%d:%d:%d%i:00', $jsonData['items'][0]['lastActive'], 'lastActive date format invalid'); self::assertEquals('link', $jsonData['items'][0]['type']); self::assertEquals('another-entry', $jsonData['items'][0]['slug']); self::assertNull($jsonData['items'][0]['apId']); self::assertIsArray($jsonData['items'][0]['bookmarks']); self::assertEmpty($jsonData['items'][0]['bookmarks']); } public function testApiCannotGetModeratedEntriesAnonymous(): void { $this->client->request('GET', '/api/entries/moderated'); self::assertResponseStatusCodeSame(401); } public function testApiCannotGetModeratedEntriesWithoutScope(): void { self::createOAuth2AuthCodeClient(); $this->client->loginUser($this->getUserByUsername('user')); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('GET', '/api/entries/moderated', server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); } public function testApiCanGetModeratedEntries(): void { $user = $this->getUserByUsername('user'); $this->getEntryByTitle('an entry', body: 'test'); $magazine = $this->getMagazineByNameNoRSAKey('somemag', $user); $entry = $this->getEntryByTitle('another entry', url: 'https://google.com', magazine: $magazine); self::createOAuth2AuthCodeClient(); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read moderate:entry'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('GET', '/api/entries/moderated', server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::PAGINATED_KEYS, $jsonData); self::assertIsArray($jsonData['items']); self::assertCount(1, $jsonData['items']); self::assertIsArray($jsonData['pagination']); self::assertArrayKeysMatch(self::PAGINATION_KEYS, $jsonData['pagination']); self::assertSame(1, $jsonData['pagination']['count']); self::assertIsArray($jsonData['items'][0]); self::assertArrayKeysMatch(self::ENTRY_RESPONSE_KEYS, $jsonData['items'][0]); self::assertSame($entry->getId(), $jsonData['items'][0]['entryId']); self::assertEquals('another entry', $jsonData['items'][0]['title']); self::assertIsArray($jsonData['items'][0]['magazine']); self::assertArrayKeysMatch(self::MAGAZINE_SMALL_RESPONSE_KEYS, $jsonData['items'][0]['magazine']); self::assertSame($magazine->getId(), $jsonData['items'][0]['magazine']['magazineId']); self::assertIsArray($jsonData['items'][0]['user']); self::assertArrayKeysMatch(self::USER_SMALL_RESPONSE_KEYS, $jsonData['items'][0]['user']); self::assertIsArray($jsonData['items'][0]['domain']); self::assertArrayKeysMatch(self::DOMAIN_RESPONSE_KEYS, $jsonData['items'][0]['domain']); self::assertEquals('https://google.com', $jsonData['items'][0]['url']); self::assertNull($jsonData['items'][0]['body']); if (null !== $jsonData['items'][0]['image']) { self::assertStringContainsString('google.com', parse_url($jsonData['items'][0]['image']['sourceUrl'], PHP_URL_HOST)); } self::assertEquals('en', $jsonData['items'][0]['lang']); self::assertEmpty($jsonData['items'][0]['tags']); self::assertIsArray($jsonData['items'][0]['badges']); self::assertEmpty($jsonData['items'][0]['badges']); self::assertSame(0, $jsonData['items'][0]['numComments']); self::assertSame(0, $jsonData['items'][0]['uv']); self::assertSame(0, $jsonData['items'][0]['dv']); self::assertSame(0, $jsonData['items'][0]['favourites']); // No scope for seeing votes granted self::assertNull($jsonData['items'][0]['isFavourited']); self::assertNull($jsonData['items'][0]['userVote']); self::assertFalse($jsonData['items'][0]['isOc']); self::assertFalse($jsonData['items'][0]['isAdult']); self::assertFalse($jsonData['items'][0]['isPinned']); self::assertStringMatchesFormat('%d-%d-%dT%d:%d:%d%i:00', $jsonData['items'][0]['createdAt'], 'createdAt date format invalid'); self::assertNull($jsonData['items'][0]['editedAt']); self::assertStringMatchesFormat('%d-%d-%dT%d:%d:%d%i:00', $jsonData['items'][0]['lastActive'], 'lastActive date format invalid'); self::assertEquals('link', $jsonData['items'][0]['type']); self::assertEquals('another-entry', $jsonData['items'][0]['slug']); self::assertNull($jsonData['items'][0]['apId']); self::assertIsArray($jsonData['items'][0]['bookmarks']); self::assertEmpty($jsonData['items'][0]['bookmarks']); } public function testApiCannotGetFavouritedEntriesAnonymous(): void { $this->client->request('GET', '/api/entries/favourited'); self::assertResponseStatusCodeSame(401); } public function testApiCannotGetFavouritedEntriesWithoutScope(): void { self::createOAuth2AuthCodeClient(); $this->client->loginUser($this->getUserByUsername('user')); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('GET', '/api/entries/favourited', server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); } public function testApiCanGetFavouritedEntries(): void { $user = $this->getUserByUsername('user'); $entry = $this->getEntryByTitle('an entry', body: 'test'); $magazine = $this->getMagazineByNameNoRSAKey('somemag'); $this->getEntryByTitle('another entry', url: 'https://google.com', magazine: $magazine); $favouriteManager = $this->favouriteManager; $favouriteManager->toggle($user, $entry); self::createOAuth2AuthCodeClient(); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read entry:vote'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('GET', '/api/entries/favourited', server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::PAGINATED_KEYS, $jsonData); self::assertIsArray($jsonData['items']); self::assertCount(1, $jsonData['items']); self::assertIsArray($jsonData['pagination']); self::assertArrayKeysMatch(self::PAGINATION_KEYS, $jsonData['pagination']); self::assertSame(1, $jsonData['pagination']['count']); self::assertIsArray($jsonData['items'][0]); self::assertArrayKeysMatch(self::ENTRY_RESPONSE_KEYS, $jsonData['items'][0]); self::assertSame($entry->getId(), $jsonData['items'][0]['entryId']); self::assertEquals('an entry', $jsonData['items'][0]['title']); self::assertIsArray($jsonData['items'][0]['magazine']); self::assertArrayKeysMatch(self::MAGAZINE_SMALL_RESPONSE_KEYS, $jsonData['items'][0]['magazine']); self::assertIsArray($jsonData['items'][0]['user']); self::assertArrayKeysMatch(self::USER_SMALL_RESPONSE_KEYS, $jsonData['items'][0]['user']); self::assertNull($jsonData['items'][0]['domain']); self::assertNull($jsonData['items'][0]['url']); self::assertEquals('test', $jsonData['items'][0]['body']); if (null !== $jsonData['items'][0]['image']) { self::assertStringContainsString('google.com', parse_url($jsonData['items'][0]['image']['sourceUrl'], PHP_URL_HOST)); } self::assertEquals('en', $jsonData['items'][0]['lang']); self::assertEmpty($jsonData['items'][0]['tags']); self::assertIsArray($jsonData['items'][0]['badges']); self::assertEmpty($jsonData['items'][0]['badges']); self::assertSame(0, $jsonData['items'][0]['numComments']); self::assertSame(0, $jsonData['items'][0]['uv']); self::assertSame(0, $jsonData['items'][0]['dv']); self::assertSame(1, $jsonData['items'][0]['favourites']); // No scope for seeing votes granted self::assertTrue($jsonData['items'][0]['isFavourited']); self::assertSame(0, $jsonData['items'][0]['userVote']); self::assertFalse($jsonData['items'][0]['isOc']); self::assertFalse($jsonData['items'][0]['isAdult']); self::assertFalse($jsonData['items'][0]['isPinned']); self::assertStringMatchesFormat('%d-%d-%dT%d:%d:%d%i:00', $jsonData['items'][0]['createdAt'], 'createdAt date format invalid'); self::assertNull($jsonData['items'][0]['editedAt']); self::assertStringMatchesFormat('%d-%d-%dT%d:%d:%d%i:00', $jsonData['items'][0]['lastActive'], 'lastActive date format invalid'); self::assertEquals('article', $jsonData['items'][0]['type']); self::assertEquals('an-entry', $jsonData['items'][0]['slug']); self::assertNull($jsonData['items'][0]['apId']); self::assertIsArray($jsonData['items'][0]['bookmarks']); self::assertEmpty($jsonData['items'][0]['bookmarks']); } public function testApiCanGetEntriesAnonymous(): void { $entry = $this->getEntryByTitle('an entry', body: 'test'); $this->createEntryComment('up the ranking', $entry); $magazine = $this->getMagazineByNameNoRSAKey('somemag'); $second = $this->getEntryByTitle('another entry', url: 'https://google.com', magazine: $magazine); // Check that pinned entries don't get pinned to the top of the instance, just the magazine $entryManager = $this->entryManager; $entryManager->pin($second, null); $this->client->request('GET', '/api/entries'); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::PAGINATED_KEYS, $jsonData); self::assertIsArray($jsonData['items']); self::assertCount(2, $jsonData['items']); self::assertIsArray($jsonData['pagination']); self::assertArrayKeysMatch(self::PAGINATION_KEYS, $jsonData['pagination']); self::assertSame(2, $jsonData['pagination']['count']); self::assertIsArray($jsonData['items'][0]); self::assertArrayKeysMatch(self::ENTRY_RESPONSE_KEYS, $jsonData['items'][0]); self::assertSame($entry->getId(), $jsonData['items'][0]['entryId']); self::assertEquals('an entry', $jsonData['items'][0]['title']); self::assertIsArray($jsonData['items'][0]['magazine']); self::assertArrayKeysMatch(self::MAGAZINE_SMALL_RESPONSE_KEYS, $jsonData['items'][0]['magazine']); self::assertIsArray($jsonData['items'][0]['user']); self::assertArrayKeysMatch(self::USER_SMALL_RESPONSE_KEYS, $jsonData['items'][0]['user']); self::assertNull($jsonData['items'][0]['domain']); self::assertNull($jsonData['items'][0]['url']); self::assertEquals('test', $jsonData['items'][0]['body']); if (null !== $jsonData['items'][0]['image']) { self::assertStringContainsString('google.com', parse_url($jsonData['items'][0]['image']['sourceUrl'], PHP_URL_HOST)); } self::assertEquals('en', $jsonData['items'][0]['lang']); self::assertEmpty($jsonData['items'][0]['tags']); self::assertIsArray($jsonData['items'][0]['badges']); self::assertEmpty($jsonData['items'][0]['badges']); self::assertSame(1, $jsonData['items'][0]['numComments']); self::assertSame(0, $jsonData['items'][0]['uv']); self::assertSame(0, $jsonData['items'][0]['dv']); self::assertSame(0, $jsonData['items'][0]['favourites']); self::assertNull($jsonData['items'][0]['isFavourited']); self::assertNull($jsonData['items'][0]['userVote']); self::assertFalse($jsonData['items'][0]['isOc']); self::assertFalse($jsonData['items'][0]['isAdult']); self::assertFalse($jsonData['items'][0]['isPinned']); self::assertStringMatchesFormat('%d-%d-%dT%d:%d:%d%i:00', $jsonData['items'][0]['createdAt'], 'createdAt date format invalid'); self::assertNull($jsonData['items'][0]['editedAt']); self::assertStringMatchesFormat('%d-%d-%dT%d:%d:%d%i:00', $jsonData['items'][0]['lastActive'], 'lastActive date format invalid'); self::assertEquals('article', $jsonData['items'][0]['type']); self::assertEquals('an-entry', $jsonData['items'][0]['slug']); self::assertNull($jsonData['items'][0]['apId']); self::assertNull($jsonData['items'][0]['bookmarks']); self::assertIsArray($jsonData['items'][1]); self::assertArrayKeysMatch(self::ENTRY_RESPONSE_KEYS, $jsonData['items'][1]); self::assertEquals('another entry', $jsonData['items'][1]['title']); self::assertIsArray($jsonData['items'][1]['magazine']); self::assertArrayKeysMatch(self::MAGAZINE_SMALL_RESPONSE_KEYS, $jsonData['items'][1]['magazine']); self::assertSame($magazine->getId(), $jsonData['items'][1]['magazine']['magazineId']); self::assertEquals('link', $jsonData['items'][1]['type']); self::assertSame(0, $jsonData['items'][1]['numComments']); self::assertNull($jsonData['items'][0]['bookmarks']); } public function testApiCanGetEntries(): void { $entry = $this->getEntryByTitle('an entry', body: 'test'); $this->createEntryComment('up the ranking', $entry); $magazine = $this->getMagazineByNameNoRSAKey('somemag'); $this->getEntryByTitle('another entry', url: 'https://google.com', magazine: $magazine); self::createOAuth2AuthCodeClient(); $this->client->loginUser($this->getUserByUsername('user')); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('GET', '/api/entries', server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::PAGINATED_KEYS, $jsonData); self::assertIsArray($jsonData['items']); self::assertCount(2, $jsonData['items']); self::assertIsArray($jsonData['pagination']); self::assertArrayKeysMatch(self::PAGINATION_KEYS, $jsonData['pagination']); self::assertSame(2, $jsonData['pagination']['count']); self::assertIsArray($jsonData['items'][0]); self::assertArrayKeysMatch(self::ENTRY_RESPONSE_KEYS, $jsonData['items'][0]); self::assertSame($entry->getId(), $jsonData['items'][0]['entryId']); self::assertEquals('an entry', $jsonData['items'][0]['title']); self::assertIsArray($jsonData['items'][0]['magazine']); self::assertArrayKeysMatch(self::MAGAZINE_SMALL_RESPONSE_KEYS, $jsonData['items'][0]['magazine']); self::assertIsArray($jsonData['items'][0]['user']); self::assertArrayKeysMatch(self::USER_SMALL_RESPONSE_KEYS, $jsonData['items'][0]['user']); self::assertNull($jsonData['items'][0]['domain']); self::assertNull($jsonData['items'][0]['url']); self::assertEquals('test', $jsonData['items'][0]['body']); if (null !== $jsonData['items'][0]['image']) { self::assertStringContainsString('google.com', parse_url($jsonData['items'][0]['image']['sourceUrl'], PHP_URL_HOST)); } self::assertEquals('en', $jsonData['items'][0]['lang']); self::assertEmpty($jsonData['items'][0]['tags']); self::assertIsArray($jsonData['items'][0]['badges']); self::assertEmpty($jsonData['items'][0]['badges']); self::assertSame(1, $jsonData['items'][0]['numComments']); self::assertSame(0, $jsonData['items'][0]['uv']); self::assertSame(0, $jsonData['items'][0]['dv']); self::assertSame(0, $jsonData['items'][0]['favourites']); // No scope for seeing votes granted self::assertNull($jsonData['items'][0]['isFavourited']); self::assertNull($jsonData['items'][0]['userVote']); self::assertFalse($jsonData['items'][0]['isOc']); self::assertFalse($jsonData['items'][0]['isAdult']); self::assertFalse($jsonData['items'][0]['isPinned']); self::assertStringMatchesFormat('%d-%d-%dT%d:%d:%d%i:00', $jsonData['items'][0]['createdAt'], 'createdAt date format invalid'); self::assertNull($jsonData['items'][0]['editedAt']); self::assertStringMatchesFormat('%d-%d-%dT%d:%d:%d%i:00', $jsonData['items'][0]['lastActive'], 'lastActive date format invalid'); self::assertEquals('article', $jsonData['items'][0]['type']); self::assertEquals('an-entry', $jsonData['items'][0]['slug']); self::assertNull($jsonData['items'][0]['apId']); self::assertIsArray($jsonData['items'][0]['bookmarks']); self::assertEmpty($jsonData['items'][0]['bookmarks']); self::assertIsArray($jsonData['items'][1]); self::assertArrayKeysMatch(self::ENTRY_RESPONSE_KEYS, $jsonData['items'][1]); self::assertEquals('another entry', $jsonData['items'][1]['title']); self::assertIsArray($jsonData['items'][1]['magazine']); self::assertArrayKeysMatch(self::MAGAZINE_SMALL_RESPONSE_KEYS, $jsonData['items'][1]['magazine']); self::assertSame($magazine->getId(), $jsonData['items'][1]['magazine']['magazineId']); self::assertEquals('link', $jsonData['items'][1]['type']); self::assertSame(0, $jsonData['items'][1]['numComments']); } public function testApiCanGetEntriesWithLanguageAnonymous(): void { $entry = $this->getEntryByTitle('an entry', body: 'test'); $this->createEntryComment('up the ranking', $entry); $magazine = $this->getMagazineByNameNoRSAKey('somemag'); $second = $this->getEntryByTitle('another entry', url: 'https://google.com', magazine: $magazine, lang: 'de'); $this->getEntryByTitle('a dutch entry', body: 'some body', magazine: $magazine, lang: 'nl'); // Check that pinned entries don't get pinned to the top of the instance, just the magazine $entryManager = $this->entryManager; $entryManager->pin($second, null); $this->client->request('GET', '/api/entries?lang[]=en&lang[]=de'); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::PAGINATED_KEYS, $jsonData); self::assertIsArray($jsonData['items']); self::assertCount(2, $jsonData['items']); self::assertIsArray($jsonData['pagination']); self::assertArrayKeysMatch(self::PAGINATION_KEYS, $jsonData['pagination']); self::assertSame(2, $jsonData['pagination']['count']); self::assertIsArray($jsonData['items'][0]); self::assertArrayKeysMatch(self::ENTRY_RESPONSE_KEYS, $jsonData['items'][0]); self::assertSame($entry->getId(), $jsonData['items'][0]['entryId']); self::assertEquals('an entry', $jsonData['items'][0]['title']); self::assertIsArray($jsonData['items'][0]['magazine']); self::assertArrayKeysMatch(self::MAGAZINE_SMALL_RESPONSE_KEYS, $jsonData['items'][0]['magazine']); self::assertIsArray($jsonData['items'][0]['user']); self::assertArrayKeysMatch(self::USER_SMALL_RESPONSE_KEYS, $jsonData['items'][0]['user']); self::assertNull($jsonData['items'][0]['domain']); self::assertNull($jsonData['items'][0]['url']); self::assertEquals('test', $jsonData['items'][0]['body']); if (null !== $jsonData['items'][0]['image']) { self::assertStringContainsString('google.com', parse_url($jsonData['items'][0]['image']['sourceUrl'], PHP_URL_HOST)); } self::assertEquals('en', $jsonData['items'][0]['lang']); self::assertEmpty($jsonData['items'][0]['tags']); self::assertIsArray($jsonData['items'][0]['badges']); self::assertEmpty($jsonData['items'][0]['badges']); self::assertSame(1, $jsonData['items'][0]['numComments']); self::assertSame(0, $jsonData['items'][0]['uv']); self::assertSame(0, $jsonData['items'][0]['dv']); self::assertSame(0, $jsonData['items'][0]['favourites']); self::assertNull($jsonData['items'][0]['isFavourited']); self::assertNull($jsonData['items'][0]['userVote']); self::assertFalse($jsonData['items'][0]['isOc']); self::assertFalse($jsonData['items'][0]['isAdult']); self::assertFalse($jsonData['items'][0]['isPinned']); self::assertStringMatchesFormat('%d-%d-%dT%d:%d:%d%i:00', $jsonData['items'][0]['createdAt'], 'createdAt date format invalid'); self::assertNull($jsonData['items'][0]['editedAt']); self::assertStringMatchesFormat('%d-%d-%dT%d:%d:%d%i:00', $jsonData['items'][0]['lastActive'], 'lastActive date format invalid'); self::assertEquals('article', $jsonData['items'][0]['type']); self::assertEquals('an-entry', $jsonData['items'][0]['slug']); self::assertNull($jsonData['items'][0]['apId']); self::assertNull($jsonData['items'][0]['bookmarks']); self::assertIsArray($jsonData['items'][1]); self::assertArrayKeysMatch(self::ENTRY_RESPONSE_KEYS, $jsonData['items'][1]); self::assertEquals('another entry', $jsonData['items'][1]['title']); self::assertIsArray($jsonData['items'][1]['magazine']); self::assertArrayKeysMatch(self::MAGAZINE_SMALL_RESPONSE_KEYS, $jsonData['items'][1]['magazine']); self::assertSame($magazine->getId(), $jsonData['items'][1]['magazine']['magazineId']); self::assertEquals('link', $jsonData['items'][1]['type']); self::assertEquals('de', $jsonData['items'][1]['lang']); self::assertSame(0, $jsonData['items'][1]['numComments']); } public function testApiCanGetEntriesWithLanguage(): void { $entry = $this->getEntryByTitle('an entry', body: 'test'); $this->createEntryComment('up the ranking', $entry); $magazine = $this->getMagazineByNameNoRSAKey('somemag'); $this->getEntryByTitle('another entry', url: 'https://google.com', magazine: $magazine, lang: 'de'); $this->getEntryByTitle('a dutch entry', body: 'some body', magazine: $magazine, lang: 'nl'); self::createOAuth2AuthCodeClient(); $this->client->loginUser($this->getUserByUsername('user')); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('GET', '/api/entries?lang[]=en&lang[]=de', server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::PAGINATED_KEYS, $jsonData); self::assertIsArray($jsonData['items']); self::assertCount(2, $jsonData['items']); self::assertIsArray($jsonData['pagination']); self::assertArrayKeysMatch(self::PAGINATION_KEYS, $jsonData['pagination']); self::assertSame(2, $jsonData['pagination']['count']); self::assertIsArray($jsonData['items'][0]); self::assertArrayKeysMatch(self::ENTRY_RESPONSE_KEYS, $jsonData['items'][0]); self::assertSame($entry->getId(), $jsonData['items'][0]['entryId']); self::assertEquals('an entry', $jsonData['items'][0]['title']); self::assertIsArray($jsonData['items'][0]['magazine']); self::assertArrayKeysMatch(self::MAGAZINE_SMALL_RESPONSE_KEYS, $jsonData['items'][0]['magazine']); self::assertIsArray($jsonData['items'][0]['user']); self::assertArrayKeysMatch(self::USER_SMALL_RESPONSE_KEYS, $jsonData['items'][0]['user']); self::assertNull($jsonData['items'][0]['domain']); self::assertNull($jsonData['items'][0]['url']); self::assertEquals('test', $jsonData['items'][0]['body']); if (null !== $jsonData['items'][0]['image']) { self::assertStringContainsString('google.com', parse_url($jsonData['items'][0]['image']['sourceUrl'], PHP_URL_HOST)); } self::assertEquals('en', $jsonData['items'][0]['lang']); self::assertEmpty($jsonData['items'][0]['tags']); self::assertIsArray($jsonData['items'][0]['badges']); self::assertEmpty($jsonData['items'][0]['badges']); self::assertSame(1, $jsonData['items'][0]['numComments']); self::assertSame(0, $jsonData['items'][0]['uv']); self::assertSame(0, $jsonData['items'][0]['dv']); self::assertSame(0, $jsonData['items'][0]['favourites']); // No scope for seeing votes granted self::assertNull($jsonData['items'][0]['isFavourited']); self::assertNull($jsonData['items'][0]['userVote']); self::assertFalse($jsonData['items'][0]['isOc']); self::assertFalse($jsonData['items'][0]['isAdult']); self::assertFalse($jsonData['items'][0]['isPinned']); self::assertStringMatchesFormat('%d-%d-%dT%d:%d:%d%i:00', $jsonData['items'][0]['createdAt'], 'createdAt date format invalid'); self::assertNull($jsonData['items'][0]['editedAt']); self::assertStringMatchesFormat('%d-%d-%dT%d:%d:%d%i:00', $jsonData['items'][0]['lastActive'], 'lastActive date format invalid'); self::assertEquals('article', $jsonData['items'][0]['type']); self::assertEquals('an-entry', $jsonData['items'][0]['slug']); self::assertNull($jsonData['items'][0]['apId']); self::assertIsArray($jsonData['items'][0]['bookmarks']); self::assertEmpty($jsonData['items'][0]['bookmarks']); self::assertIsArray($jsonData['items'][1]); self::assertArrayKeysMatch(self::ENTRY_RESPONSE_KEYS, $jsonData['items'][1]); self::assertEquals('another entry', $jsonData['items'][1]['title']); self::assertIsArray($jsonData['items'][1]['magazine']); self::assertArrayKeysMatch(self::MAGAZINE_SMALL_RESPONSE_KEYS, $jsonData['items'][1]['magazine']); self::assertSame($magazine->getId(), $jsonData['items'][1]['magazine']['magazineId']); self::assertEquals('link', $jsonData['items'][1]['type']); self::assertEquals('de', $jsonData['items'][1]['lang']); self::assertSame(0, $jsonData['items'][1]['numComments']); } public function testApiCannotGetEntriesByPreferredLangAnonymous(): void { $entry = $this->getEntryByTitle('an entry', body: 'test'); $this->createEntryComment('up the ranking', $entry); $magazine = $this->getMagazineByNameNoRSAKey('somemag'); $second = $this->getEntryByTitle('another entry', url: 'https://google.com', magazine: $magazine); // Check that pinned entries don't get pinned to the top of the instance, just the magazine $entryManager = $this->entryManager; $entryManager->pin($second, null); $this->client->request('GET', '/api/entries?usePreferredLangs=true'); self::assertResponseStatusCodeSame(403); } public function testApiCanGetEntriesByPreferredLang(): void { $entry = $this->getEntryByTitle('an entry', body: 'test'); $this->createEntryComment('up the ranking', $entry); $magazine = $this->getMagazineByNameNoRSAKey('somemag'); $this->getEntryByTitle('another entry', url: 'https://google.com', magazine: $magazine); $this->getEntryByTitle('German entry', body: 'Some body', lang: 'de'); $user = $this->getUserByUsername('user'); $user->preferredLanguages = ['en']; $entityManager = $this->entityManager; $entityManager->persist($user); $entityManager->flush(); self::createOAuth2AuthCodeClient(); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('GET', '/api/entries?usePreferredLangs=true', server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::PAGINATED_KEYS, $jsonData); self::assertIsArray($jsonData['items']); self::assertCount(2, $jsonData['items']); self::assertIsArray($jsonData['pagination']); self::assertArrayKeysMatch(self::PAGINATION_KEYS, $jsonData['pagination']); self::assertSame(2, $jsonData['pagination']['count']); self::assertIsArray($jsonData['items'][0]); self::assertArrayKeysMatch(self::ENTRY_RESPONSE_KEYS, $jsonData['items'][0]); self::assertSame($entry->getId(), $jsonData['items'][0]['entryId']); self::assertEquals('an entry', $jsonData['items'][0]['title']); self::assertIsArray($jsonData['items'][0]['magazine']); self::assertArrayKeysMatch(self::MAGAZINE_SMALL_RESPONSE_KEYS, $jsonData['items'][0]['magazine']); self::assertIsArray($jsonData['items'][0]['user']); self::assertArrayKeysMatch(self::USER_SMALL_RESPONSE_KEYS, $jsonData['items'][0]['user']); self::assertNull($jsonData['items'][0]['domain']); self::assertNull($jsonData['items'][0]['url']); self::assertEquals('test', $jsonData['items'][0]['body']); if (null !== $jsonData['items'][0]['image']) { self::assertStringContainsString('google.com', parse_url($jsonData['items'][0]['image']['sourceUrl'], PHP_URL_HOST)); } self::assertEquals('en', $jsonData['items'][0]['lang']); self::assertEmpty($jsonData['items'][0]['tags']); self::assertIsArray($jsonData['items'][0]['badges']); self::assertEmpty($jsonData['items'][0]['badges']); self::assertSame(1, $jsonData['items'][0]['numComments']); self::assertSame(0, $jsonData['items'][0]['uv']); self::assertSame(0, $jsonData['items'][0]['dv']); self::assertSame(0, $jsonData['items'][0]['favourites']); // No scope for seeing votes granted self::assertNull($jsonData['items'][0]['isFavourited']); self::assertNull($jsonData['items'][0]['userVote']); self::assertFalse($jsonData['items'][0]['isOc']); self::assertFalse($jsonData['items'][0]['isAdult']); self::assertFalse($jsonData['items'][0]['isPinned']); self::assertStringMatchesFormat('%d-%d-%dT%d:%d:%d%i:00', $jsonData['items'][0]['createdAt'], 'createdAt date format invalid'); self::assertNull($jsonData['items'][0]['editedAt']); self::assertStringMatchesFormat('%d-%d-%dT%d:%d:%d%i:00', $jsonData['items'][0]['lastActive'], 'lastActive date format invalid'); self::assertEquals('article', $jsonData['items'][0]['type']); self::assertEquals('an-entry', $jsonData['items'][0]['slug']); self::assertNull($jsonData['items'][0]['apId']); self::assertIsArray($jsonData['items'][0]['bookmarks']); self::assertEmpty($jsonData['items'][0]['bookmarks']); self::assertIsArray($jsonData['items'][1]); self::assertArrayKeysMatch(self::ENTRY_RESPONSE_KEYS, $jsonData['items'][1]); self::assertEquals('another entry', $jsonData['items'][1]['title']); self::assertIsArray($jsonData['items'][1]['magazine']); self::assertArrayKeysMatch(self::MAGAZINE_SMALL_RESPONSE_KEYS, $jsonData['items'][1]['magazine']); self::assertSame($magazine->getId(), $jsonData['items'][1]['magazine']['magazineId']); self::assertEquals('link', $jsonData['items'][1]['type']); self::assertEquals('en', $jsonData['items'][1]['lang']); self::assertSame(0, $jsonData['items'][1]['numComments']); } public function testApiCanGetEntriesNewest(): void { $first = $this->getEntryByTitle('first', body: 'test'); $second = $this->getEntryByTitle('second', url: 'https://google.com'); $third = $this->getEntryByTitle('third', url: 'https://google.com'); $first->createdAt = new \DateTimeImmutable('-1 hour'); $second->createdAt = new \DateTimeImmutable('-1 second'); $third->createdAt = new \DateTimeImmutable(); $entityManager = $this->entityManager; $entityManager->persist($first); $entityManager->persist($second); $entityManager->persist($third); $entityManager->flush(); self::createOAuth2AuthCodeClient(); $this->client->loginUser($this->getUserByUsername('user')); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('GET', '/api/entries?sort=newest', server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::PAGINATED_KEYS, $jsonData); self::assertIsArray($jsonData['items']); self::assertCount(3, $jsonData['items']); self::assertIsArray($jsonData['pagination']); self::assertArrayKeysMatch(self::PAGINATION_KEYS, $jsonData['pagination']); self::assertSame(3, $jsonData['pagination']['count']); self::assertIsArray($jsonData['items'][0]); self::assertArrayKeysMatch(self::ENTRY_RESPONSE_KEYS, $jsonData['items'][0]); self::assertSame($third->getId(), $jsonData['items'][0]['entryId']); self::assertIsArray($jsonData['items'][1]); self::assertArrayKeysMatch(self::ENTRY_RESPONSE_KEYS, $jsonData['items'][1]); self::assertSame($second->getId(), $jsonData['items'][1]['entryId']); self::assertIsArray($jsonData['items'][2]); self::assertArrayKeysMatch(self::ENTRY_RESPONSE_KEYS, $jsonData['items'][2]); self::assertSame($first->getId(), $jsonData['items'][2]['entryId']); } public function testApiCanGetEntriesOldest(): void { $first = $this->getEntryByTitle('first', body: 'test'); $second = $this->getEntryByTitle('second', url: 'https://google.com'); $third = $this->getEntryByTitle('third', url: 'https://google.com'); $first->createdAt = new \DateTimeImmutable('-1 hour'); $second->createdAt = new \DateTimeImmutable('-1 second'); $third->createdAt = new \DateTimeImmutable(); $entityManager = $this->entityManager; $entityManager->persist($first); $entityManager->persist($second); $entityManager->persist($third); $entityManager->flush(); self::createOAuth2AuthCodeClient(); $this->client->loginUser($this->getUserByUsername('user')); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('GET', '/api/entries?sort=oldest', server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::PAGINATED_KEYS, $jsonData); self::assertIsArray($jsonData['items']); self::assertCount(3, $jsonData['items']); self::assertIsArray($jsonData['pagination']); self::assertArrayKeysMatch(self::PAGINATION_KEYS, $jsonData['pagination']); self::assertSame(3, $jsonData['pagination']['count']); self::assertIsArray($jsonData['items'][0]); self::assertArrayKeysMatch(self::ENTRY_RESPONSE_KEYS, $jsonData['items'][0]); self::assertSame($first->getId(), $jsonData['items'][0]['entryId']); self::assertIsArray($jsonData['items'][1]); self::assertArrayKeysMatch(self::ENTRY_RESPONSE_KEYS, $jsonData['items'][1]); self::assertSame($second->getId(), $jsonData['items'][1]['entryId']); self::assertIsArray($jsonData['items'][2]); self::assertArrayKeysMatch(self::ENTRY_RESPONSE_KEYS, $jsonData['items'][2]); self::assertSame($third->getId(), $jsonData['items'][2]['entryId']); } public function testApiCanGetEntriesCommented(): void { $first = $this->getEntryByTitle('first', body: 'test'); $this->createEntryComment('comment 1', $first); $this->createEntryComment('comment 2', $first); $second = $this->getEntryByTitle('second', url: 'https://google.com'); $this->createEntryComment('comment 1', $second); $third = $this->getEntryByTitle('third', url: 'https://google.com'); self::createOAuth2AuthCodeClient(); $this->client->loginUser($this->getUserByUsername('user')); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('GET', '/api/entries?sort=commented', server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::PAGINATED_KEYS, $jsonData); self::assertIsArray($jsonData['items']); self::assertCount(3, $jsonData['items']); self::assertIsArray($jsonData['pagination']); self::assertArrayKeysMatch(self::PAGINATION_KEYS, $jsonData['pagination']); self::assertSame(3, $jsonData['pagination']['count']); self::assertIsArray($jsonData['items'][0]); self::assertArrayKeysMatch(self::ENTRY_RESPONSE_KEYS, $jsonData['items'][0]); self::assertSame($first->getId(), $jsonData['items'][0]['entryId']); self::assertSame(2, $jsonData['items'][0]['numComments']); self::assertIsArray($jsonData['items'][1]); self::assertArrayKeysMatch(self::ENTRY_RESPONSE_KEYS, $jsonData['items'][1]); self::assertSame($second->getId(), $jsonData['items'][1]['entryId']); self::assertSame(1, $jsonData['items'][1]['numComments']); self::assertIsArray($jsonData['items'][2]); self::assertArrayKeysMatch(self::ENTRY_RESPONSE_KEYS, $jsonData['items'][2]); self::assertSame($third->getId(), $jsonData['items'][2]['entryId']); self::assertSame(0, $jsonData['items'][2]['numComments']); } public function testApiCanGetEntriesActive(): void { $first = $this->getEntryByTitle('first', body: 'test'); $second = $this->getEntryByTitle('second', url: 'https://google.com'); $third = $this->getEntryByTitle('third', url: 'https://google.com'); $first->lastActive = new \DateTime('-1 hour'); $second->lastActive = new \DateTime('-1 second'); $third->lastActive = new \DateTime(); $entityManager = $this->entityManager; $entityManager->persist($first); $entityManager->persist($second); $entityManager->persist($third); $entityManager->flush(); self::createOAuth2AuthCodeClient(); $this->client->loginUser($this->getUserByUsername('user')); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('GET', '/api/entries?sort=active', server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::PAGINATED_KEYS, $jsonData); self::assertIsArray($jsonData['items']); self::assertCount(3, $jsonData['items']); self::assertIsArray($jsonData['pagination']); self::assertArrayKeysMatch(self::PAGINATION_KEYS, $jsonData['pagination']); self::assertSame(3, $jsonData['pagination']['count']); self::assertIsArray($jsonData['items'][0]); self::assertArrayKeysMatch(self::ENTRY_RESPONSE_KEYS, $jsonData['items'][0]); self::assertSame($third->getId(), $jsonData['items'][0]['entryId']); self::assertIsArray($jsonData['items'][1]); self::assertArrayKeysMatch(self::ENTRY_RESPONSE_KEYS, $jsonData['items'][1]); self::assertSame($second->getId(), $jsonData['items'][1]['entryId']); self::assertIsArray($jsonData['items'][2]); self::assertArrayKeysMatch(self::ENTRY_RESPONSE_KEYS, $jsonData['items'][2]); self::assertSame($first->getId(), $jsonData['items'][2]['entryId']); } public function testApiCanGetEntriesTop(): void { $first = $this->getEntryByTitle('first', body: 'test'); $second = $this->getEntryByTitle('second', url: 'https://google.com'); $third = $this->getEntryByTitle('third', url: 'https://google.com'); $voteManager = $this->voteManager; $voteManager->vote(1, $first, $this->getUserByUsername('voter1'), rateLimit: false); $voteManager->vote(1, $first, $this->getUserByUsername('voter2'), rateLimit: false); $voteManager->vote(1, $second, $this->getUserByUsername('voter1'), rateLimit: false); self::createOAuth2AuthCodeClient(); $this->client->loginUser($this->getUserByUsername('user')); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('GET', '/api/entries?sort=top', server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::PAGINATED_KEYS, $jsonData); self::assertIsArray($jsonData['items']); self::assertCount(3, $jsonData['items']); self::assertIsArray($jsonData['pagination']); self::assertArrayKeysMatch(self::PAGINATION_KEYS, $jsonData['pagination']); self::assertSame(3, $jsonData['pagination']['count']); self::assertIsArray($jsonData['items'][0]); self::assertArrayKeysMatch(self::ENTRY_RESPONSE_KEYS, $jsonData['items'][0]); self::assertSame($first->getId(), $jsonData['items'][0]['entryId']); self::assertSame(2, $jsonData['items'][0]['uv']); self::assertIsArray($jsonData['items'][1]); self::assertArrayKeysMatch(self::ENTRY_RESPONSE_KEYS, $jsonData['items'][1]); self::assertSame($second->getId(), $jsonData['items'][1]['entryId']); self::assertSame(1, $jsonData['items'][1]['uv']); self::assertIsArray($jsonData['items'][2]); self::assertArrayKeysMatch(self::ENTRY_RESPONSE_KEYS, $jsonData['items'][2]); self::assertSame($third->getId(), $jsonData['items'][2]['entryId']); self::assertSame(0, $jsonData['items'][2]['uv']); } public function testApiCanGetEntriesWithUserVoteStatus(): void { $entry = $this->getEntryByTitle('an entry', body: 'test'); $this->createEntryComment('up the ranking', $entry); $magazine = $this->getMagazineByNameNoRSAKey('somemag'); $this->getEntryByTitle('another entry', url: 'https://google.com', magazine: $magazine); self::createOAuth2AuthCodeClient(); $this->client->loginUser($this->getUserByUsername('user')); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read vote'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('GET', '/api/entries', server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::PAGINATED_KEYS, $jsonData); self::assertIsArray($jsonData['items']); self::assertCount(2, $jsonData['items']); self::assertIsArray($jsonData['pagination']); self::assertArrayKeysMatch(self::PAGINATION_KEYS, $jsonData['pagination']); self::assertSame(2, $jsonData['pagination']['count']); self::assertIsArray($jsonData['items'][0]); self::assertArrayKeysMatch(self::ENTRY_RESPONSE_KEYS, $jsonData['items'][0]); self::assertSame($entry->getId(), $jsonData['items'][0]['entryId']); self::assertEquals('an entry', $jsonData['items'][0]['title']); self::assertIsArray($jsonData['items'][0]['magazine']); self::assertArrayKeysMatch(self::MAGAZINE_SMALL_RESPONSE_KEYS, $jsonData['items'][0]['magazine']); self::assertIsArray($jsonData['items'][0]['user']); self::assertArrayKeysMatch(self::USER_SMALL_RESPONSE_KEYS, $jsonData['items'][0]['user']); self::assertNull($jsonData['items'][0]['domain']); self::assertNull($jsonData['items'][0]['url']); self::assertEquals('test', $jsonData['items'][0]['body']); if (null !== $jsonData['items'][0]['image']) { self::assertStringContainsString('google.com', parse_url($jsonData['items'][0]['image']['sourceUrl'], PHP_URL_HOST)); } self::assertEquals('en', $jsonData['items'][0]['lang']); self::assertEmpty($jsonData['items'][0]['tags']); self::assertSame(1, $jsonData['items'][0]['numComments']); self::assertSame(0, $jsonData['items'][0]['uv']); self::assertSame(0, $jsonData['items'][0]['dv']); self::assertSame(0, $jsonData['items'][0]['favourites']); self::assertFalse($jsonData['items'][0]['isFavourited']); self::assertSame(0, $jsonData['items'][0]['userVote']); self::assertFalse($jsonData['items'][0]['isOc']); self::assertFalse($jsonData['items'][0]['isAdult']); self::assertFalse($jsonData['items'][0]['isPinned']); self::assertStringMatchesFormat('%d-%d-%dT%d:%d:%d%i:00', $jsonData['items'][0]['createdAt'], 'createdAt date format invalid'); self::assertNull($jsonData['items'][0]['editedAt']); self::assertStringMatchesFormat('%d-%d-%dT%d:%d:%d%i:00', $jsonData['items'][0]['lastActive'], 'lastActive date format invalid'); self::assertEquals('article', $jsonData['items'][0]['type']); self::assertEquals('an-entry', $jsonData['items'][0]['slug']); self::assertNull($jsonData['items'][0]['apId']); self::assertIsArray($jsonData['items'][0]['bookmarks']); self::assertEmpty($jsonData['items'][0]['bookmarks']); self::assertIsArray($jsonData['items'][1]); self::assertArrayKeysMatch(self::ENTRY_RESPONSE_KEYS, $jsonData['items'][1]); self::assertEquals('another entry', $jsonData['items'][1]['title']); self::assertIsArray($jsonData['items'][1]['magazine']); self::assertArrayKeysMatch(self::MAGAZINE_SMALL_RESPONSE_KEYS, $jsonData['items'][1]['magazine']); self::assertSame($magazine->getId(), $jsonData['items'][1]['magazine']['magazineId']); self::assertEquals('link', $jsonData['items'][1]['type']); self::assertSame(0, $jsonData['items'][1]['numComments']); } public function testApiCanGetEntryByIdAnonymous(): void { $entry = $this->getEntryByTitle('an entry', body: 'test'); $this->client->request('GET', "/api/entry/{$entry->getId()}"); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::ENTRY_RESPONSE_KEYS, $jsonData); self::assertSame($entry->getId(), $jsonData['entryId']); self::assertEquals('an entry', $jsonData['title']); self::assertIsArray($jsonData['magazine']); self::assertArrayKeysMatch(self::MAGAZINE_SMALL_RESPONSE_KEYS, $jsonData['magazine']); self::assertIsArray($jsonData['user']); self::assertArrayKeysMatch(self::USER_SMALL_RESPONSE_KEYS, $jsonData['user']); self::assertNull($jsonData['domain']); self::assertNull($jsonData['url']); self::assertEquals('test', $jsonData['body']); self::assertNull($jsonData['image']); self::assertEquals('en', $jsonData['lang']); self::assertEmpty($jsonData['tags']); self::assertIsArray($jsonData['badges']); self::assertEmpty($jsonData['badges']); self::assertSame(0, $jsonData['numComments']); self::assertSame(0, $jsonData['uv']); self::assertSame(0, $jsonData['dv']); self::assertSame(0, $jsonData['favourites']); self::assertNull($jsonData['isFavourited']); self::assertNull($jsonData['userVote']); self::assertFalse($jsonData['isOc']); self::assertFalse($jsonData['isAdult']); self::assertFalse($jsonData['isPinned']); self::assertStringMatchesFormat('%d-%d-%dT%d:%d:%d%i:00', $jsonData['createdAt'], 'createdAt date format invalid'); self::assertNull($jsonData['editedAt']); self::assertStringMatchesFormat('%d-%d-%dT%d:%d:%d%i:00', $jsonData['lastActive'], 'lastActive date format invalid'); self::assertEquals('article', $jsonData['type']); self::assertEquals('an-entry', $jsonData['slug']); self::assertNull($jsonData['apId']); self::assertNull($jsonData['bookmarks']); } public function testApiCanGetEntryById(): void { $entry = $this->getEntryByTitle('an entry', body: 'test'); self::createOAuth2AuthCodeClient(); $this->client->loginUser($this->getUserByUsername('user')); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('GET', "/api/entry/{$entry->getId()}", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::ENTRY_RESPONSE_KEYS, $jsonData); self::assertSame($entry->getId(), $jsonData['entryId']); self::assertEquals('an entry', $jsonData['title']); self::assertIsArray($jsonData['magazine']); self::assertArrayKeysMatch(self::MAGAZINE_SMALL_RESPONSE_KEYS, $jsonData['magazine']); self::assertIsArray($jsonData['user']); self::assertArrayKeysMatch(self::USER_SMALL_RESPONSE_KEYS, $jsonData['user']); self::assertNull($jsonData['domain']); self::assertNull($jsonData['url']); self::assertEquals('test', $jsonData['body']); self::assertNull($jsonData['image']); self::assertEquals('en', $jsonData['lang']); self::assertEmpty($jsonData['tags']); self::assertSame(0, $jsonData['numComments']); self::assertSame(0, $jsonData['uv']); self::assertSame(0, $jsonData['dv']); self::assertSame(0, $jsonData['favourites']); // No scope for seeing votes granted self::assertNull($jsonData['isFavourited']); self::assertNull($jsonData['userVote']); self::assertFalse($jsonData['isOc']); self::assertFalse($jsonData['isAdult']); self::assertFalse($jsonData['isPinned']); self::assertStringMatchesFormat('%d-%d-%dT%d:%d:%d%i:00', $jsonData['createdAt'], 'createdAt date format invalid'); self::assertNull($jsonData['editedAt']); self::assertStringMatchesFormat('%d-%d-%dT%d:%d:%d%i:00', $jsonData['lastActive'], 'lastActive date format invalid'); self::assertEquals('article', $jsonData['type']); self::assertEquals('an-entry', $jsonData['slug']); self::assertNull($jsonData['apId']); self::assertIsArray($jsonData['bookmarks']); self::assertEmpty($jsonData['bookmarks']); } public function testApiCanGetEntryByIdWithUserVoteStatus(): void { $entry = $this->getEntryByTitle('an entry', body: 'test'); self::createOAuth2AuthCodeClient(); $this->client->loginUser($this->getUserByUsername('user')); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read vote'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('GET', "/api/entry/{$entry->getId()}", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::ENTRY_RESPONSE_KEYS, $jsonData); self::assertSame($entry->getId(), $jsonData['entryId']); self::assertEquals('an entry', $jsonData['title']); self::assertIsArray($jsonData['magazine']); self::assertArrayKeysMatch(self::MAGAZINE_SMALL_RESPONSE_KEYS, $jsonData['magazine']); self::assertIsArray($jsonData['user']); self::assertArrayKeysMatch(self::USER_SMALL_RESPONSE_KEYS, $jsonData['user']); self::assertNull($jsonData['domain']); self::assertNull($jsonData['url']); self::assertEquals('test', $jsonData['body']); self::assertNull($jsonData['image']); self::assertEquals('en', $jsonData['lang']); self::assertEmpty($jsonData['tags']); self::assertSame(0, $jsonData['numComments']); self::assertSame(0, $jsonData['uv']); self::assertSame(0, $jsonData['dv']); self::assertSame(0, $jsonData['favourites']); self::assertFalse($jsonData['isFavourited']); self::assertSame(0, $jsonData['userVote']); self::assertFalse($jsonData['isOc']); self::assertFalse($jsonData['isAdult']); self::assertFalse($jsonData['isPinned']); self::assertStringMatchesFormat('%d-%d-%dT%d:%d:%d%i:00', $jsonData['createdAt'], 'createdAt date format invalid'); self::assertNull($jsonData['editedAt']); self::assertStringMatchesFormat('%d-%d-%dT%d:%d:%d%i:00', $jsonData['lastActive'], 'lastActive date format invalid'); self::assertEquals('article', $jsonData['type']); self::assertEquals('an-entry', $jsonData['slug']); self::assertNull($jsonData['apId']); self::assertIsArray($jsonData['bookmarks']); self::assertEmpty($jsonData['bookmarks']); } public function testApiCanGetEntriesLocal(): void { $first = $this->getEntryByTitle('first', body: 'test'); $second = $this->getEntryByTitle('second', body: 'test2'); $second->apId = 'https://some.url'; $entityManager = $this->entityManager; $entityManager->persist($first); $entityManager->persist($second); $entityManager->flush(); self::createOAuth2AuthCodeClient(); $this->client->loginUser($this->getUserByUsername('user')); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('GET', '/api/entries?federation=local', server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::PAGINATED_KEYS, $jsonData); self::assertIsArray($jsonData['items']); self::assertCount(1, $jsonData['items']); self::assertIsArray($jsonData['pagination']); self::assertArrayKeysMatch(self::PAGINATION_KEYS, $jsonData['pagination']); self::assertSame(1, $jsonData['pagination']['count']); self::assertIsArray($jsonData['items'][0]); self::assertArrayKeysMatch(self::ENTRY_RESPONSE_KEYS, $jsonData['items'][0]); self::assertSame($first->getId(), $jsonData['items'][0]['entryId']); self::assertTrue($jsonData['items'][0]['isAuthorModeratorInMagazine']); } public function testApiCanGetEntriesFederated(): void { $first = $this->getEntryByTitle('first', body: 'test'); $second = $this->getEntryByTitle('second', body: 'test2'); $second->apId = 'https://some.url'; $entityManager = $this->entityManager; $entityManager->persist($first); $entityManager->persist($second); $entityManager->flush(); self::createOAuth2AuthCodeClient(); $this->client->loginUser($this->getUserByUsername('user')); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('GET', '/api/entries?federation=federated', server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::PAGINATED_KEYS, $jsonData); self::assertIsArray($jsonData['items']); self::assertCount(1, $jsonData['items']); self::assertIsArray($jsonData['pagination']); self::assertArrayKeysMatch(self::PAGINATION_KEYS, $jsonData['pagination']); self::assertSame(1, $jsonData['pagination']['count']); self::assertIsArray($jsonData['items'][0]); self::assertArrayKeysMatch(self::ENTRY_RESPONSE_KEYS, $jsonData['items'][0]); self::assertSame($second->getId(), $jsonData['items'][0]['entryId']); self::assertTrue($jsonData['items'][0]['isAuthorModeratorInMagazine']); } public function testApiGetAuthorNotModerator(): void { $first = $this->getEntryByTitle('first', body: 'test'); sleep(1); $second = $this->getEntryByTitle('second', body: 'test2', user: $this->getUserByUsername('Jane Doe')); $entityManager = $this->entityManager; $entityManager->persist($first); $entityManager->persist($second); $entityManager->flush(); self::createOAuth2AuthCodeClient(); $this->client->loginUser($this->getUserByUsername('user')); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('GET', '/api/entries?sort=oldest', server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::PAGINATED_KEYS, $jsonData); self::assertIsArray($jsonData['items']); self::assertCount(2, $jsonData['items']); self::assertIsArray($jsonData['pagination']); self::assertArrayKeysMatch(self::PAGINATION_KEYS, $jsonData['pagination']); self::assertSame(2, $jsonData['pagination']['count']); self::assertIsArray($jsonData['items'][0]); self::assertArrayKeysMatch(self::ENTRY_RESPONSE_KEYS, $jsonData['items'][0]); self::assertSame($first->getId(), $jsonData['items'][0]['entryId']); self::assertTrue($jsonData['items'][0]['isAuthorModeratorInMagazine']); self::assertIsArray($jsonData['items'][1]); self::assertArrayKeysMatch(self::ENTRY_RESPONSE_KEYS, $jsonData['items'][1]); self::assertSame($second->getId(), $jsonData['items'][1]['entryId']); self::assertFalse($jsonData['items'][1]['isAuthorModeratorInMagazine']); } /** * This function tests that the collection endpoint does not contain crosspost information, * but fetching a single entry does. */ public function testApiContainsCrosspostInformation(): void { $magazine1 = $this->getMagazineByName('acme'); $entry1 = $this->getEntryByTitle('first URL', url: 'https://joinmbin.org', magazine: $magazine1); sleep(1); $magazine2 = $this->getMagazineByName('acme2'); $entry2 = $this->getEntryByTitle('second URL', url: 'https://joinmbin.org', magazine: $magazine2); $this->entityManager->persist($entry1); $this->entityManager->persist($entry2); $this->entityManager->flush(); $this->client->request('GET', '/api/entries?sort=oldest'); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertArrayKeysMatch(self::PAGINATED_KEYS, $jsonData); self::assertIsArray($jsonData['items']); self::assertCount(2, $jsonData['items']); self::assertIsArray($jsonData['pagination']); self::assertArrayKeysMatch(self::PAGINATION_KEYS, $jsonData['pagination']); self::assertSame(2, $jsonData['pagination']['count']); self::assertIsArray($jsonData['items'][0]); self::assertArrayKeysMatch(self::ENTRY_RESPONSE_KEYS, $jsonData['items'][0]); self::assertSame($entry1->getId(), $jsonData['items'][0]['entryId']); self::assertNull($jsonData['items'][0]['crosspostedEntries']); self::assertIsArray($jsonData['items'][1]); self::assertArrayKeysMatch(self::ENTRY_RESPONSE_KEYS, $jsonData['items'][1]); self::assertSame($entry2->getId(), $jsonData['items'][1]['entryId']); self::assertNull($jsonData['items'][1]['crosspostedEntries']); $this->client->request('GET', '/api/entry/'.$entry1->getId()); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData['crosspostedEntries']); self::assertCount(1, $jsonData['crosspostedEntries']); self::assertArrayKeysMatch(self::ENTRY_RESPONSE_KEYS, $jsonData['crosspostedEntries'][0]); self::assertSame($entry2->getId(), $jsonData['crosspostedEntries'][0]['entryId']); $this->client->request('GET', '/api/entry/'.$entry2->getId()); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData['crosspostedEntries']); self::assertCount(1, $jsonData['crosspostedEntries']); self::assertArrayKeysMatch(self::ENTRY_RESPONSE_KEYS, $jsonData['crosspostedEntries'][0]); self::assertSame($entry1->getId(), $jsonData['crosspostedEntries'][0]['entryId']); } } ================================================ FILE: tests/Functional/Controller/Api/Entry/EntryUpdateApiTest.php ================================================ getMagazineByNameNoRSAKey('acme'); $entry = $this->getEntryByTitle('test article', body: 'test for update', magazine: $magazine); $updateRequest = [ 'title' => 'Updated title', 'tags' => [ 'edit', ], 'isOc' => true, 'body' => 'Updated body', 'lang' => 'nl', 'isAdult' => true, ]; $this->client->jsonRequest('PUT', "/api/entry/{$entry->getId()}", $updateRequest); self::assertResponseStatusCodeSame(401); } public function testApiCannotUpdateArticleEntryWithoutScope(): void { $user = $this->getUserByUsername('user'); $magazine = $this->getMagazineByNameNoRSAKey('acme'); $entry = $this->getEntryByTitle('test article', body: 'test for update', user: $user, magazine: $magazine); $updateRequest = [ 'title' => 'Updated title', 'tags' => [ 'edit', ], 'isOc' => true, 'body' => 'Updated body', 'lang' => 'nl', 'isAdult' => true, ]; self::createOAuth2AuthCodeClient(); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->jsonRequest('PUT', "/api/entry/{$entry->getId()}", $updateRequest, server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); } public function testApiCannotUpdateOtherUsersArticleEntry(): void { $otherUser = $this->getUserByUsername('somebody'); $user = $this->getUserByUsername('user'); $magazine = $this->getMagazineByNameNoRSAKey('acme'); $entry = $this->getEntryByTitle('test article', body: 'test for update', user: $otherUser, magazine: $magazine); $updateRequest = [ 'title' => 'Updated title', 'tags' => [ 'edit', ], 'isOc' => true, 'body' => 'Updated body', 'lang' => 'nl', 'isAdult' => true, ]; self::createOAuth2AuthCodeClient(); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read entry:edit'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->jsonRequest('PUT', "/api/entry/{$entry->getId()}", $updateRequest, server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); } public function testApiCanUpdateArticleEntry(): void { $user = $this->getUserByUsername('user'); $magazine = $this->getMagazineByNameNoRSAKey('acme'); $entry = $this->getEntryByTitle('test article', body: 'test for update', user: $user, magazine: $magazine); $updateRequest = [ 'title' => 'Updated title', 'tags' => [ 'edit', ], 'isOc' => true, 'body' => 'Updated body', 'lang' => 'nl', 'isAdult' => true, ]; self::createOAuth2AuthCodeClient(); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read entry:edit'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->jsonRequest('PUT', "/api/entry/{$entry->getId()}", $updateRequest, server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::ENTRY_RESPONSE_KEYS, $jsonData); self::assertSame($entry->getId(), $jsonData['entryId']); self::assertEquals($updateRequest['title'], $jsonData['title']); self::assertIsArray($jsonData['magazine']); self::assertArrayKeysMatch(self::MAGAZINE_SMALL_RESPONSE_KEYS, $jsonData['magazine']); self::assertSame($magazine->getId(), $jsonData['magazine']['magazineId']); self::assertIsArray($jsonData['user']); self::assertArrayKeysMatch(self::USER_SMALL_RESPONSE_KEYS, $jsonData['user']); self::assertSame($user->getId(), $jsonData['user']['userId']); self::assertNull($jsonData['domain']); self::assertNull($jsonData['url']); self::assertEquals($updateRequest['body'], $jsonData['body']); self::assertNull($jsonData['image']); self::assertEquals($updateRequest['lang'], $jsonData['lang']); self::assertIsArray($jsonData['tags']); self::assertSame($updateRequest['tags'], $jsonData['tags']); self::assertIsArray($jsonData['badges']); self::assertEmpty($jsonData['badges']); self::assertSame(0, $jsonData['numComments']); self::assertSame(0, $jsonData['uv']); self::assertSame(0, $jsonData['dv']); self::assertSame(0, $jsonData['favourites']); // No scope for seeing votes granted self::assertNull($jsonData['isFavourited']); self::assertNull($jsonData['userVote']); self::assertTrue($jsonData['isOc']); self::assertTrue($jsonData['isAdult']); self::assertFalse($jsonData['isPinned']); self::assertStringMatchesFormat('%d-%d-%dT%d:%d:%d%i:00', $jsonData['createdAt'], 'createdAt date format invalid'); self::assertStringMatchesFormat('%d-%d-%dT%d:%d:%d%i:00', $jsonData['editedAt'], 'editedAt date format invalid'); self::assertStringMatchesFormat('%d-%d-%dT%d:%d:%d%i:00', $jsonData['lastActive'], 'lastActive date format invalid'); self::assertEquals('article', $jsonData['type']); self::assertEquals('Updated-title', $jsonData['slug']); self::assertNull($jsonData['apId']); } public function testApiCannotUpdateLinkEntryAnonymous(): void { $magazine = $this->getMagazineByNameNoRSAKey('acme'); $entry = $this->getEntryByTitle('test link', url: 'https://google.com', magazine: $magazine); $updateRequest = [ 'title' => 'Updated title', 'tags' => [ 'edit', ], 'isOc' => true, 'body' => 'Updated body', 'lang' => 'nl', 'isAdult' => true, ]; $this->client->jsonRequest('PUT', "/api/entry/{$entry->getId()}"); self::assertResponseStatusCodeSame(401); } public function testApiCannotUpdateLinkEntryWithoutScope(): void { $user = $this->getUserByUsername('user'); $magazine = $this->getMagazineByNameNoRSAKey('acme'); $entry = $this->getEntryByTitle('test link', url: 'https://google.com', user: $user, magazine: $magazine); $updateRequest = [ 'title' => 'Updated title', 'tags' => [ 'edit', ], 'isOc' => true, 'body' => 'Updated body', 'lang' => 'nl', 'isAdult' => true, ]; self::createOAuth2AuthCodeClient(); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->jsonRequest('PUT', "/api/entry/{$entry->getId()}", $updateRequest, server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); } public function testApiCannotUpdateOtherUsersLinkEntry(): void { $otherUser = $this->getUserByUsername('somebody'); $user = $this->getUserByUsername('user'); $magazine = $this->getMagazineByNameNoRSAKey('acme'); $entry = $this->getEntryByTitle('test link', url: 'https://google.com', user: $otherUser, magazine: $magazine); $updateRequest = [ 'title' => 'Updated title', 'tags' => [ 'edit', ], 'isOc' => true, 'body' => 'Updated body', 'lang' => 'nl', 'isAdult' => true, ]; self::createOAuth2AuthCodeClient(); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read entry:edit'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->jsonRequest('PUT', "/api/entry/{$entry->getId()}", $updateRequest, server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); } public function testApiCanUpdateLinkEntry(): void { $user = $this->getUserByUsername('user'); $magazine = $this->getMagazineByNameNoRSAKey('acme'); $entry = $this->getEntryByTitle('test link', url: 'https://google.com', user: $user, magazine: $magazine); $updateRequest = [ 'title' => 'Updated title', 'tags' => [ 'edit', ], 'isOc' => true, 'body' => 'Updated body', 'lang' => 'nl', 'isAdult' => true, ]; self::createOAuth2AuthCodeClient(); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read entry:edit'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->jsonRequest('PUT', "/api/entry/{$entry->getId()}", $updateRequest, server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::ENTRY_RESPONSE_KEYS, $jsonData); self::assertSame($entry->getId(), $jsonData['entryId']); self::assertEquals($updateRequest['title'], $jsonData['title']); self::assertIsArray($jsonData['magazine']); self::assertArrayKeysMatch(self::MAGAZINE_SMALL_RESPONSE_KEYS, $jsonData['magazine']); self::assertSame($magazine->getId(), $jsonData['magazine']['magazineId']); self::assertIsArray($jsonData['user']); self::assertArrayKeysMatch(self::USER_SMALL_RESPONSE_KEYS, $jsonData['user']); self::assertSame($user->getId(), $jsonData['user']['userId']); self::assertIsArray($jsonData['domain']); self::assertArrayKeysMatch(self::DOMAIN_RESPONSE_KEYS, $jsonData['domain']); self::assertEquals('https://google.com', $jsonData['url']); self::assertEquals($updateRequest['body'], $jsonData['body']); if (null !== $jsonData['image']) { self::assertStringContainsString('google.com', parse_url($jsonData['image']['sourceUrl'], PHP_URL_HOST)); } self::assertEquals($updateRequest['lang'], $jsonData['lang']); self::assertIsArray($jsonData['tags']); self::assertSame($updateRequest['tags'], $jsonData['tags']); self::assertIsArray($jsonData['badges']); self::assertEmpty($jsonData['badges']); self::assertSame(0, $jsonData['numComments']); self::assertSame(0, $jsonData['uv']); self::assertSame(0, $jsonData['dv']); self::assertSame(0, $jsonData['favourites']); // No scope for seeing votes granted self::assertNull($jsonData['isFavourited']); self::assertNull($jsonData['userVote']); self::assertTrue($jsonData['isOc']); self::assertTrue($jsonData['isAdult']); self::assertFalse($jsonData['isPinned']); self::assertStringMatchesFormat('%d-%d-%dT%d:%d:%d%i:00', $jsonData['createdAt'], 'createdAt date format invalid'); self::assertStringMatchesFormat('%d-%d-%dT%d:%d:%d%i:00', $jsonData['editedAt'], 'editedAt date format invalid'); self::assertStringMatchesFormat('%d-%d-%dT%d:%d:%d%i:00', $jsonData['lastActive'], 'lastActive date format invalid'); self::assertEquals('link', $jsonData['type']); self::assertEquals('Updated-title', $jsonData['slug']); self::assertNull($jsonData['apId']); } public function testApiCannotUpdateImageEntryAnonymous(): void { $magazine = $this->getMagazineByNameNoRSAKey('acme'); $imageDto = $this->getKibbyImageDto(); $entry = $this->getEntryByTitle('test image', image: $imageDto, magazine: $magazine); $updateRequest = [ 'title' => 'Updated title', 'tags' => [ 'edit', ], 'isOc' => true, 'body' => 'Updated body', 'lang' => 'nl', 'isAdult' => true, ]; $this->client->jsonRequest('PUT', "/api/entry/{$entry->getId()}", $updateRequest); self::assertResponseStatusCodeSame(401); } public function testApiCannotUpdateImageEntryWithoutScope(): void { $magazine = $this->getMagazineByNameNoRSAKey('acme'); $user = $this->getUserByUsername('user'); $imageDto = $this->getKibbyImageDto(); $entry = $this->getEntryByTitle('test image', image: $imageDto, user: $user, magazine: $magazine); $updateRequest = [ 'title' => 'Updated title', 'tags' => [ 'edit', ], 'isOc' => true, 'body' => 'Updated body', 'lang' => 'nl', 'isAdult' => true, ]; self::createOAuth2AuthCodeClient(); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->jsonRequest('PUT', "/api/entry/{$entry->getId()}", $updateRequest, server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); } public function testApiCanUpdateOtherUsersImageEntry(): void { $otherUser = $this->getUserByUsername('somebody'); $user = $this->getUserByUsername('user'); $magazine = $this->getMagazineByNameNoRSAKey('acme'); $imageDto = $this->getKibbyImageDto(); $entry = $this->getEntryByTitle('test image', image: $imageDto, user: $otherUser, magazine: $magazine); $updateRequest = [ 'title' => 'Updated title', 'tags' => [ 'edit', ], 'isOc' => true, 'body' => 'Updated body', 'lang' => 'nl', 'isAdult' => true, ]; self::createOAuth2AuthCodeClient(); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read entry:edit'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->jsonRequest('PUT', "/api/entry/{$entry->getId()}", $updateRequest, server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); } #[Group(name: 'NonThreadSafe')] public function testApiCanUpdateImageEntry(): void { $user = $this->getUserByUsername('user'); $magazine = $this->getMagazineByNameNoRSAKey('acme'); $imageDto = $this->getKibbyImageDto(); $entry = $this->getEntryByTitle('test image', image: $imageDto, user: $user, magazine: $magazine); self::assertNotNull($imageDto->id); self::assertNotNull($entry->image); self::assertNotNull($entry->image->getId()); self::assertSame($imageDto->id, $entry->image->getId()); self::assertSame($imageDto->filePath, $entry->image->filePath); $updateRequest = [ 'title' => 'Updated title', 'tags' => [ 'edit', ], 'isOc' => true, 'body' => 'Updated body', 'lang' => 'nl', 'isAdult' => true, ]; self::createOAuth2AuthCodeClient(); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read entry:edit'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->jsonRequest('PUT', "/api/entry/{$entry->getId()}", $updateRequest, server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::ENTRY_RESPONSE_KEYS, $jsonData); self::assertSame($entry->getId(), $jsonData['entryId']); self::assertEquals($updateRequest['title'], $jsonData['title']); self::assertIsArray($jsonData['magazine']); self::assertArrayKeysMatch(self::MAGAZINE_SMALL_RESPONSE_KEYS, $jsonData['magazine']); self::assertSame($magazine->getId(), $jsonData['magazine']['magazineId']); self::assertIsArray($jsonData['user']); self::assertArrayKeysMatch(self::USER_SMALL_RESPONSE_KEYS, $jsonData['user']); self::assertSame($user->getId(), $jsonData['user']['userId']); self::assertNull($jsonData['domain']); self::assertNull($jsonData['url']); self::assertEquals($updateRequest['body'], $jsonData['body']); self::assertIsArray($jsonData['image']); self::assertArrayKeysMatch(self::IMAGE_KEYS, $jsonData['image']); self::assertStringContainsString($imageDto->filePath, $jsonData['image']['filePath']); self::assertEquals($updateRequest['lang'], $jsonData['lang']); self::assertIsArray($jsonData['tags']); self::assertSame($updateRequest['tags'], $jsonData['tags']); self::assertIsArray($jsonData['badges']); self::assertEmpty($jsonData['badges']); self::assertSame(0, $jsonData['numComments']); self::assertSame(0, $jsonData['uv']); self::assertSame(0, $jsonData['dv']); self::assertSame(0, $jsonData['favourites']); // No scope for seeing votes granted self::assertNull($jsonData['isFavourited']); self::assertNull($jsonData['userVote']); self::assertTrue($jsonData['isOc']); self::assertTrue($jsonData['isAdult']); self::assertFalse($jsonData['isPinned']); self::assertStringMatchesFormat('%d-%d-%dT%d:%d:%d%i:00', $jsonData['createdAt'], 'createdAt date format invalid'); self::assertStringMatchesFormat('%d-%d-%dT%d:%d:%d%i:00', $jsonData['editedAt'], 'editedAt date format invalid'); self::assertStringMatchesFormat('%d-%d-%dT%d:%d:%d%i:00', $jsonData['lastActive'], 'lastActive date format invalid'); self::assertEquals('image', $jsonData['type']); self::assertEquals('Updated-title', $jsonData['slug']); self::assertNull($jsonData['apId']); } } ================================================ FILE: tests/Functional/Controller/Api/Entry/EntryVoteApiTest.php ================================================ getMagazineByNameNoRSAKey('acme'); $entry = $this->getEntryByTitle('test article', body: 'test for upvote', magazine: $magazine); $this->client->jsonRequest('PUT', "/api/entry/{$entry->getId()}/vote/1"); self::assertResponseStatusCodeSame(401); } public function testApiCannotUpvoteEntryWithoutScope(): void { $user = $this->getUserByUsername('user'); $magazine = $this->getMagazineByNameNoRSAKey('acme'); $entry = $this->getEntryByTitle('test article', body: 'test for upvote', user: $user, magazine: $magazine); self::createOAuth2AuthCodeClient(); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->jsonRequest('PUT', "/api/entry/{$entry->getId()}/vote/1", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); } public function testApiCanUpvoteEntry(): void { $user = $this->getUserByUsername('user'); $magazine = $this->getMagazineByNameNoRSAKey('acme'); $entry = $this->getEntryByTitle('test article', body: 'test for upvote', user: $user, magazine: $magazine); self::createOAuth2AuthCodeClient(); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read entry:vote'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->jsonRequest('PUT', "/api/entry/{$entry->getId()}/vote/1", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::ENTRY_RESPONSE_KEYS, $jsonData); self::assertSame($entry->getId(), $jsonData['entryId']); self::assertEquals($entry->title, $jsonData['title']); self::assertIsArray($jsonData['magazine']); self::assertArrayKeysMatch(self::MAGAZINE_SMALL_RESPONSE_KEYS, $jsonData['magazine']); self::assertSame($magazine->getId(), $jsonData['magazine']['magazineId']); self::assertIsArray($jsonData['user']); self::assertArrayKeysMatch(self::USER_SMALL_RESPONSE_KEYS, $jsonData['user']); self::assertSame($user->getId(), $jsonData['user']['userId']); self::assertNull($jsonData['domain']); self::assertNull($jsonData['url']); self::assertEquals($entry->body, $jsonData['body']); self::assertNull($jsonData['image']); self::assertEquals($entry->lang, $jsonData['lang']); self::assertEmpty($jsonData['tags']); self::assertIsArray($jsonData['badges']); self::assertEmpty($jsonData['badges']); self::assertSame(0, $jsonData['numComments']); self::assertSame(1, $jsonData['uv']); self::assertSame(0, $jsonData['dv']); self::assertSame(0, $jsonData['favourites']); // No scope for seeing votes granted self::assertFalse($jsonData['isFavourited']); self::assertSame(1, $jsonData['userVote']); self::assertFalse($jsonData['isOc']); self::assertFalse($jsonData['isAdult']); self::assertFalse($jsonData['isPinned']); self::assertStringMatchesFormat('%d-%d-%dT%d:%d:%d%i:00', $jsonData['createdAt'], 'createdAt date format invalid'); self::assertNull($jsonData['editedAt']); self::assertStringMatchesFormat('%d-%d-%dT%d:%d:%d%i:00', $jsonData['lastActive'], 'lastActive date format invalid'); self::assertEquals('article', $jsonData['type']); self::assertEquals('test-article', $jsonData['slug']); self::assertNull($jsonData['apId']); } public function testApiCannotDownvoteEntryAnonymous(): void { $magazine = $this->getMagazineByNameNoRSAKey('acme'); $entry = $this->getEntryByTitle('test article', body: 'test for upvote', magazine: $magazine); $this->client->jsonRequest('PUT', "/api/entry/{$entry->getId()}/vote/-1"); self::assertResponseStatusCodeSame(401); } public function testApiCannotDownvoteEntryWithoutScope(): void { $user = $this->getUserByUsername('user'); $magazine = $this->getMagazineByNameNoRSAKey('acme'); $entry = $this->getEntryByTitle('test article', body: 'test for upvote', user: $user, magazine: $magazine); self::createOAuth2AuthCodeClient(); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->jsonRequest('PUT', "/api/entry/{$entry->getId()}/vote/-1", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); } public function testApiCanDownvoteEntry(): void { $user = $this->getUserByUsername('user'); $magazine = $this->getMagazineByNameNoRSAKey('acme'); $entry = $this->getEntryByTitle('test article', body: 'test for upvote', user: $user, magazine: $magazine); self::createOAuth2AuthCodeClient(); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read entry:vote'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->jsonRequest('PUT', "/api/entry/{$entry->getId()}/vote/-1", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::ENTRY_RESPONSE_KEYS, $jsonData); self::assertSame($entry->getId(), $jsonData['entryId']); self::assertEquals($entry->title, $jsonData['title']); self::assertIsArray($jsonData['magazine']); self::assertArrayKeysMatch(self::MAGAZINE_SMALL_RESPONSE_KEYS, $jsonData['magazine']); self::assertSame($magazine->getId(), $jsonData['magazine']['magazineId']); self::assertIsArray($jsonData['user']); self::assertArrayKeysMatch(self::USER_SMALL_RESPONSE_KEYS, $jsonData['user']); self::assertSame($user->getId(), $jsonData['user']['userId']); self::assertNull($jsonData['domain']); self::assertNull($jsonData['url']); self::assertEquals($entry->body, $jsonData['body']); self::assertNull($jsonData['image']); self::assertEquals($entry->lang, $jsonData['lang']); self::assertEmpty($jsonData['tags']); self::assertIsArray($jsonData['badges']); self::assertEmpty($jsonData['badges']); self::assertSame(0, $jsonData['numComments']); self::assertSame(0, $jsonData['uv']); self::assertSame(1, $jsonData['dv']); self::assertSame(0, $jsonData['favourites']); // No scope for seeing votes granted self::assertFalse($jsonData['isFavourited']); self::assertSame(-1, $jsonData['userVote']); self::assertFalse($jsonData['isOc']); self::assertFalse($jsonData['isAdult']); self::assertFalse($jsonData['isPinned']); self::assertStringMatchesFormat('%d-%d-%dT%d:%d:%d%i:00', $jsonData['createdAt'], 'createdAt date format invalid'); self::assertNull($jsonData['editedAt']); self::assertStringMatchesFormat('%d-%d-%dT%d:%d:%d%i:00', $jsonData['lastActive'], 'lastActive date format invalid'); self::assertEquals('article', $jsonData['type']); self::assertEquals('test-article', $jsonData['slug']); self::assertNull($jsonData['apId']); } public function testApiCannotClearVoteEntryAnonymous(): void { $magazine = $this->getMagazineByNameNoRSAKey('acme'); $entry = $this->getEntryByTitle('test article', body: 'test for upvote', magazine: $magazine); $this->client->jsonRequest('PUT', "/api/entry/{$entry->getId()}/vote/0"); self::assertResponseStatusCodeSame(401); } public function testApiCannotClearVoteEntryWithoutScope(): void { $user = $this->getUserByUsername('user'); $magazine = $this->getMagazineByNameNoRSAKey('acme'); $entry = $this->getEntryByTitle('test article', body: 'test for upvote', user: $user, magazine: $magazine); $voteManager = $this->voteManager; $voteManager->vote(1, $entry, $user, rateLimit: false); self::createOAuth2AuthCodeClient(); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->jsonRequest('PUT', "/api/entry/{$entry->getId()}/vote/0", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); } public function testApiCanClearVoteEntry(): void { $user = $this->getUserByUsername('user'); $magazine = $this->getMagazineByNameNoRSAKey('acme'); $entry = $this->getEntryByTitle('test article', body: 'test for upvote', user: $user, magazine: $magazine); $voteManager = $this->voteManager; $voteManager->vote(1, $entry, $user, rateLimit: false); self::createOAuth2AuthCodeClient(); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read entry:vote'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->jsonRequest('PUT', "/api/entry/{$entry->getId()}/vote/0", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::ENTRY_RESPONSE_KEYS, $jsonData); self::assertSame($entry->getId(), $jsonData['entryId']); self::assertEquals($entry->title, $jsonData['title']); self::assertIsArray($jsonData['magazine']); self::assertArrayKeysMatch(self::MAGAZINE_SMALL_RESPONSE_KEYS, $jsonData['magazine']); self::assertSame($magazine->getId(), $jsonData['magazine']['magazineId']); self::assertIsArray($jsonData['user']); self::assertArrayKeysMatch(self::USER_SMALL_RESPONSE_KEYS, $jsonData['user']); self::assertSame($user->getId(), $jsonData['user']['userId']); self::assertNull($jsonData['domain']); self::assertNull($jsonData['url']); self::assertEquals($entry->body, $jsonData['body']); self::assertNull($jsonData['image']); self::assertEquals($entry->lang, $jsonData['lang']); self::assertEmpty($jsonData['tags']); self::assertIsArray($jsonData['badges']); self::assertEmpty($jsonData['badges']); self::assertSame(0, $jsonData['numComments']); self::assertSame(0, $jsonData['uv']); self::assertSame(0, $jsonData['dv']); self::assertSame(0, $jsonData['favourites']); // No scope for seeing votes granted self::assertFalse($jsonData['isFavourited']); self::assertSame(0, $jsonData['userVote']); self::assertFalse($jsonData['isOc']); self::assertFalse($jsonData['isAdult']); self::assertFalse($jsonData['isPinned']); self::assertStringMatchesFormat('%d-%d-%dT%d:%d:%d%i:00', $jsonData['createdAt'], 'createdAt date format invalid'); self::assertNull($jsonData['editedAt']); self::assertStringMatchesFormat('%d-%d-%dT%d:%d:%d%i:00', $jsonData['lastActive'], 'lastActive date format invalid'); self::assertEquals('article', $jsonData['type']); self::assertEquals('test-article', $jsonData['slug']); self::assertNull($jsonData['apId']); } } ================================================ FILE: tests/Functional/Controller/Api/Entry/MagazineEntryRetrieveApiTest.php ================================================ getEntryByTitle('an entry', body: 'test'); $this->createEntryComment('up the ranking', $entry); $magazine = $this->getMagazineByNameNoRSAKey('somemag'); $this->getEntryByTitle('another entry', url: 'https://google.com', magazine: $magazine); $this->client->request('GET', "/api/magazine/{$magazine->getId()}/entries"); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::PAGINATED_KEYS, $jsonData); self::assertIsArray($jsonData['items']); self::assertCount(1, $jsonData['items']); self::assertIsArray($jsonData['pagination']); self::assertArrayKeysMatch(self::PAGINATION_KEYS, $jsonData['pagination']); self::assertSame(1, $jsonData['pagination']['count']); self::assertIsArray($jsonData['items'][0]); self::assertArrayKeysMatch(self::ENTRY_RESPONSE_KEYS, $jsonData['items'][0]); self::assertEquals('another entry', $jsonData['items'][0]['title']); self::assertIsArray($jsonData['items'][0]['magazine']); self::assertArrayKeysMatch(self::MAGAZINE_SMALL_RESPONSE_KEYS, $jsonData['items'][0]['magazine']); self::assertSame($magazine->getId(), $jsonData['items'][0]['magazine']['magazineId']); self::assertEquals('link', $jsonData['items'][0]['type']); self::assertSame(0, $jsonData['items'][0]['numComments']); self::assertNull($jsonData['items'][0]['crosspostedEntries']); } public function testApiCanGetMagazineEntries(): void { $entry = $this->getEntryByTitle('an entry', body: 'test'); $this->createEntryComment('up the ranking', $entry); $magazine = $this->getMagazineByNameNoRSAKey('somemag'); $this->getEntryByTitle('another entry', url: 'https://google.com', magazine: $magazine); self::createOAuth2AuthCodeClient(); $this->client->loginUser($this->getUserByUsername('user')); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('GET', "/api/magazine/{$magazine->getId()}/entries", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::PAGINATED_KEYS, $jsonData); self::assertIsArray($jsonData['items']); self::assertCount(1, $jsonData['items']); self::assertIsArray($jsonData['pagination']); self::assertArrayKeysMatch(self::PAGINATION_KEYS, $jsonData['pagination']); self::assertSame(1, $jsonData['pagination']['count']); self::assertIsArray($jsonData['items'][0]); self::assertArrayKeysMatch(self::ENTRY_RESPONSE_KEYS, $jsonData['items'][0]); self::assertEquals('another entry', $jsonData['items'][0]['title']); self::assertIsArray($jsonData['items'][0]['magazine']); self::assertArrayKeysMatch(self::MAGAZINE_SMALL_RESPONSE_KEYS, $jsonData['items'][0]['magazine']); self::assertSame($magazine->getId(), $jsonData['items'][0]['magazine']['magazineId']); self::assertEquals('link', $jsonData['items'][0]['type']); self::assertSame(0, $jsonData['items'][0]['numComments']); self::assertNull($jsonData['items'][0]['crosspostedEntries']); } public function testApiCanGetMagazineEntriesPinnedFirst(): void { $voteManager = $this->voteManager; $entryManager = $this->entryManager; $voter = $this->getUserByUsername('voter'); $first = $this->getEntryByTitle('an entry', body: 'test'); $this->createEntryComment('up the ranking', $first); $magazine = $this->getMagazineByNameNoRSAKey('somemag'); $second = $this->getEntryByTitle('another entry', url: 'https://google.com', magazine: $magazine); // Upvote and comment on $second so it should come first, but then pin $third so it actually comes first $voteManager->vote(1, $second, $voter, rateLimit: false); $this->createEntryComment('test', $second, $voter); $third = $this->getEntryByTitle('a pinned entry', url: 'https://google.com', magazine: $magazine); $entryManager->pin($third, null); self::createOAuth2AuthCodeClient(); $this->client->loginUser($this->getUserByUsername('user')); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('GET', "/api/magazine/{$magazine->getId()}/entries", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::PAGINATED_KEYS, $jsonData); self::assertIsArray($jsonData['items']); self::assertCount(2, $jsonData['items']); self::assertIsArray($jsonData['pagination']); self::assertArrayKeysMatch(self::PAGINATION_KEYS, $jsonData['pagination']); self::assertSame(2, $jsonData['pagination']['count']); self::assertIsArray($jsonData['items'][0]); self::assertArrayKeysMatch(self::ENTRY_RESPONSE_KEYS, $jsonData['items'][0]); self::assertEquals('a pinned entry', $jsonData['items'][0]['title']); self::assertIsArray($jsonData['items'][0]['magazine']); self::assertArrayKeysMatch(self::MAGAZINE_SMALL_RESPONSE_KEYS, $jsonData['items'][0]['magazine']); self::assertSame($magazine->getId(), $jsonData['items'][0]['magazine']['magazineId']); self::assertEquals('link', $jsonData['items'][0]['type']); self::assertSame(0, $jsonData['items'][0]['numComments']); self::assertSame(0, $jsonData['items'][0]['uv']); self::assertTrue($jsonData['items'][0]['isPinned']); self::assertNull($jsonData['items'][0]['crosspostedEntries']); self::assertIsArray($jsonData['items'][1]); self::assertArrayKeysMatch(self::ENTRY_RESPONSE_KEYS, $jsonData['items'][1]); self::assertEquals('another entry', $jsonData['items'][1]['title']); self::assertIsArray($jsonData['items'][1]['magazine']); self::assertArrayKeysMatch(self::MAGAZINE_SMALL_RESPONSE_KEYS, $jsonData['items'][1]['magazine']); self::assertSame($magazine->getId(), $jsonData['items'][1]['magazine']['magazineId']); self::assertEquals('link', $jsonData['items'][1]['type']); self::assertSame(1, $jsonData['items'][1]['numComments']); self::assertSame(1, $jsonData['items'][1]['uv']); self::assertFalse($jsonData['items'][1]['isPinned']); self::assertNull($jsonData['items'][1]['crosspostedEntries']); } public function testApiCanGetMagazineEntriesNewest(): void { $first = $this->getEntryByTitle('first', body: 'test'); $second = $this->getEntryByTitle('second', url: 'https://google.com'); $third = $this->getEntryByTitle('third', url: 'https://google.com'); $magazine = $first->magazine; $first->createdAt = new \DateTimeImmutable('-1 hour'); $second->createdAt = new \DateTimeImmutable('-1 second'); $third->createdAt = new \DateTimeImmutable(); $entityManager = $this->entityManager; $entityManager->persist($first); $entityManager->persist($second); $entityManager->persist($third); $entityManager->flush(); self::createOAuth2AuthCodeClient(); $this->client->loginUser($this->getUserByUsername('user')); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('GET', "/api/magazine/{$magazine->getId()}/entries?sort=newest", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::PAGINATED_KEYS, $jsonData); self::assertIsArray($jsonData['items']); self::assertCount(3, $jsonData['items']); self::assertIsArray($jsonData['pagination']); self::assertArrayKeysMatch(self::PAGINATION_KEYS, $jsonData['pagination']); self::assertSame(3, $jsonData['pagination']['count']); self::assertIsArray($jsonData['items'][0]); self::assertArrayKeysMatch(self::ENTRY_RESPONSE_KEYS, $jsonData['items'][0]); self::assertSame($third->getId(), $jsonData['items'][0]['entryId']); self::assertIsArray($jsonData['items'][1]); self::assertArrayKeysMatch(self::ENTRY_RESPONSE_KEYS, $jsonData['items'][1]); self::assertSame($second->getId(), $jsonData['items'][1]['entryId']); self::assertIsArray($jsonData['items'][2]); self::assertArrayKeysMatch(self::ENTRY_RESPONSE_KEYS, $jsonData['items'][2]); self::assertSame($first->getId(), $jsonData['items'][2]['entryId']); } public function testApiCanGetMagazineEntriesOldest(): void { $first = $this->getEntryByTitle('first', body: 'test'); $second = $this->getEntryByTitle('second', url: 'https://google.com'); $third = $this->getEntryByTitle('third', url: 'https://google.com'); $magazine = $first->magazine; $first->createdAt = new \DateTimeImmutable('-1 hour'); $second->createdAt = new \DateTimeImmutable('-1 second'); $third->createdAt = new \DateTimeImmutable(); $entityManager = $this->entityManager; $entityManager->persist($first); $entityManager->persist($second); $entityManager->persist($third); $entityManager->flush(); self::createOAuth2AuthCodeClient(); $this->client->loginUser($this->getUserByUsername('user')); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('GET', "/api/magazine/{$magazine->getId()}/entries?sort=oldest", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::PAGINATED_KEYS, $jsonData); self::assertIsArray($jsonData['items']); self::assertCount(3, $jsonData['items']); self::assertIsArray($jsonData['pagination']); self::assertArrayKeysMatch(self::PAGINATION_KEYS, $jsonData['pagination']); self::assertSame(3, $jsonData['pagination']['count']); self::assertIsArray($jsonData['items'][0]); self::assertArrayKeysMatch(self::ENTRY_RESPONSE_KEYS, $jsonData['items'][0]); self::assertSame($first->getId(), $jsonData['items'][0]['entryId']); self::assertIsArray($jsonData['items'][1]); self::assertArrayKeysMatch(self::ENTRY_RESPONSE_KEYS, $jsonData['items'][1]); self::assertSame($second->getId(), $jsonData['items'][1]['entryId']); self::assertIsArray($jsonData['items'][2]); self::assertArrayKeysMatch(self::ENTRY_RESPONSE_KEYS, $jsonData['items'][2]); self::assertSame($third->getId(), $jsonData['items'][2]['entryId']); } public function testApiCanGetMagazineEntriesCommented(): void { $first = $this->getEntryByTitle('first', body: 'test'); $this->createEntryComment('comment 1', $first); $this->createEntryComment('comment 2', $first); $second = $this->getEntryByTitle('second', url: 'https://google.com'); $this->createEntryComment('comment 1', $second); $third = $this->getEntryByTitle('third', url: 'https://google.com'); $magazine = $first->magazine; self::createOAuth2AuthCodeClient(); $this->client->loginUser($this->getUserByUsername('user')); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('GET', "/api/magazine/{$magazine->getId()}/entries?sort=commented", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::PAGINATED_KEYS, $jsonData); self::assertIsArray($jsonData['items']); self::assertCount(3, $jsonData['items']); self::assertIsArray($jsonData['pagination']); self::assertArrayKeysMatch(self::PAGINATION_KEYS, $jsonData['pagination']); self::assertSame(3, $jsonData['pagination']['count']); self::assertIsArray($jsonData['items'][0]); self::assertArrayKeysMatch(self::ENTRY_RESPONSE_KEYS, $jsonData['items'][0]); self::assertSame($first->getId(), $jsonData['items'][0]['entryId']); self::assertSame(2, $jsonData['items'][0]['numComments']); self::assertIsArray($jsonData['items'][1]); self::assertArrayKeysMatch(self::ENTRY_RESPONSE_KEYS, $jsonData['items'][1]); self::assertSame($second->getId(), $jsonData['items'][1]['entryId']); self::assertSame(1, $jsonData['items'][1]['numComments']); self::assertIsArray($jsonData['items'][2]); self::assertArrayKeysMatch(self::ENTRY_RESPONSE_KEYS, $jsonData['items'][2]); self::assertSame($third->getId(), $jsonData['items'][2]['entryId']); self::assertSame(0, $jsonData['items'][2]['numComments']); } public function testApiCanGetMagazineEntriesActive(): void { $first = $this->getEntryByTitle('first', body: 'test'); $second = $this->getEntryByTitle('second', url: 'https://google.com'); $third = $this->getEntryByTitle('third', url: 'https://google.com'); $magazine = $first->magazine; $first->lastActive = new \DateTime('-1 hour'); $second->lastActive = new \DateTime('-1 second'); $third->lastActive = new \DateTime(); $entityManager = $this->entityManager; $entityManager->persist($first); $entityManager->persist($second); $entityManager->persist($third); $entityManager->flush(); self::createOAuth2AuthCodeClient(); $this->client->loginUser($this->getUserByUsername('user')); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('GET', "/api/magazine/{$magazine->getId()}/entries?sort=active", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::PAGINATED_KEYS, $jsonData); self::assertIsArray($jsonData['items']); self::assertCount(3, $jsonData['items']); self::assertIsArray($jsonData['pagination']); self::assertArrayKeysMatch(self::PAGINATION_KEYS, $jsonData['pagination']); self::assertSame(3, $jsonData['pagination']['count']); self::assertIsArray($jsonData['items'][0]); self::assertArrayKeysMatch(self::ENTRY_RESPONSE_KEYS, $jsonData['items'][0]); self::assertSame($third->getId(), $jsonData['items'][0]['entryId']); self::assertIsArray($jsonData['items'][1]); self::assertArrayKeysMatch(self::ENTRY_RESPONSE_KEYS, $jsonData['items'][1]); self::assertSame($second->getId(), $jsonData['items'][1]['entryId']); self::assertIsArray($jsonData['items'][2]); self::assertArrayKeysMatch(self::ENTRY_RESPONSE_KEYS, $jsonData['items'][2]); self::assertSame($first->getId(), $jsonData['items'][2]['entryId']); } public function testApiCanGetMagazineEntriesTop(): void { $first = $this->getEntryByTitle('first', body: 'test'); $second = $this->getEntryByTitle('second', url: 'https://google.com'); $third = $this->getEntryByTitle('third', url: 'https://google.com'); $magazine = $first->magazine; $voteManager = $this->voteManager; $voteManager->vote(1, $first, $this->getUserByUsername('voter1'), rateLimit: false); $voteManager->vote(1, $first, $this->getUserByUsername('voter2'), rateLimit: false); $voteManager->vote(1, $second, $this->getUserByUsername('voter1'), rateLimit: false); self::createOAuth2AuthCodeClient(); $this->client->loginUser($this->getUserByUsername('user')); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('GET', "/api/magazine/{$magazine->getId()}/entries?sort=top", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::PAGINATED_KEYS, $jsonData); self::assertIsArray($jsonData['items']); self::assertCount(3, $jsonData['items']); self::assertIsArray($jsonData['pagination']); self::assertArrayKeysMatch(self::PAGINATION_KEYS, $jsonData['pagination']); self::assertSame(3, $jsonData['pagination']['count']); self::assertIsArray($jsonData['items'][0]); self::assertArrayKeysMatch(self::ENTRY_RESPONSE_KEYS, $jsonData['items'][0]); self::assertSame($first->getId(), $jsonData['items'][0]['entryId']); self::assertSame(2, $jsonData['items'][0]['uv']); self::assertIsArray($jsonData['items'][1]); self::assertArrayKeysMatch(self::ENTRY_RESPONSE_KEYS, $jsonData['items'][1]); self::assertSame($second->getId(), $jsonData['items'][1]['entryId']); self::assertSame(1, $jsonData['items'][1]['uv']); self::assertIsArray($jsonData['items'][2]); self::assertArrayKeysMatch(self::ENTRY_RESPONSE_KEYS, $jsonData['items'][2]); self::assertSame($third->getId(), $jsonData['items'][2]['entryId']); self::assertSame(0, $jsonData['items'][2]['uv']); } public function testApiCanGetMagazineEntriesWithUserVoteStatus(): void { $first = $this->getEntryByTitle('an entry', body: 'test'); $this->createEntryComment('up the ranking', $first); $magazine = $this->getMagazineByNameNoRSAKey('somemag'); $entry = $this->getEntryByTitle('another entry', url: 'https://google.com', magazine: $magazine); self::createOAuth2AuthCodeClient(); $this->client->loginUser($this->getUserByUsername('user')); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read vote'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('GET', "/api/magazine/{$magazine->getId()}/entries", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::PAGINATED_KEYS, $jsonData); self::assertIsArray($jsonData['items']); self::assertCount(1, $jsonData['items']); self::assertIsArray($jsonData['pagination']); self::assertArrayKeysMatch(self::PAGINATION_KEYS, $jsonData['pagination']); self::assertSame(1, $jsonData['pagination']['count']); self::assertIsArray($jsonData['items'][0]); self::assertArrayKeysMatch(self::ENTRY_RESPONSE_KEYS, $jsonData['items'][0]); self::assertSame($entry->getId(), $jsonData['items'][0]['entryId']); self::assertEquals('another entry', $jsonData['items'][0]['title']); self::assertIsArray($jsonData['items'][0]['magazine']); self::assertArrayKeysMatch(self::MAGAZINE_SMALL_RESPONSE_KEYS, $jsonData['items'][0]['magazine']); self::assertSame($magazine->getId(), $jsonData['items'][0]['magazine']['magazineId']); self::assertIsArray($jsonData['items'][0]['user']); self::assertArrayKeysMatch(self::USER_SMALL_RESPONSE_KEYS, $jsonData['items'][0]['user']); self::assertIsArray($jsonData['items'][0]['domain']); self::assertArrayKeysMatch(self::DOMAIN_RESPONSE_KEYS, $jsonData['items'][0]['domain']); self::assertEquals('https://google.com', $jsonData['items'][0]['url']); self::assertNull($jsonData['items'][0]['body']); if (null !== $jsonData['items'][0]['image']) { self::assertStringContainsString('google.com', parse_url($jsonData['items'][0]['image']['sourceUrl'], PHP_URL_HOST)); } self::assertEquals('en', $jsonData['items'][0]['lang']); self::assertEmpty($jsonData['items'][0]['tags']); self::assertSame(0, $jsonData['items'][0]['numComments']); self::assertSame(0, $jsonData['items'][0]['uv']); self::assertSame(0, $jsonData['items'][0]['dv']); self::assertSame(0, $jsonData['items'][0]['favourites']); self::assertFalse($jsonData['items'][0]['isFavourited']); self::assertSame(0, $jsonData['items'][0]['userVote']); self::assertFalse($jsonData['items'][0]['isOc']); self::assertFalse($jsonData['items'][0]['isAdult']); self::assertFalse($jsonData['items'][0]['isPinned']); self::assertStringMatchesFormat('%d-%d-%dT%d:%d:%d%i:00', $jsonData['items'][0]['createdAt'], 'createdAt date format invalid'); self::assertNull($jsonData['items'][0]['editedAt']); self::assertStringMatchesFormat('%d-%d-%dT%d:%d:%d%i:00', $jsonData['items'][0]['lastActive'], 'lastActive date format invalid'); self::assertEquals('link', $jsonData['items'][0]['type']); self::assertEquals('another-entry', $jsonData['items'][0]['slug']); self::assertNull($jsonData['items'][0]['apId']); } } ================================================ FILE: tests/Functional/Controller/Api/Entry/Moderate/EntryLockApiTest.php ================================================ getMagazineByNameNoRSAKey('acme'); $entry = $this->getEntryByTitle('test article', body: 'test for favourite', magazine: $magazine); $this->client->jsonRequest('PUT', "/api/moderate/entry/{$entry->getId()}/lock"); self::assertResponseStatusCodeSame(401); } public function testApiNonModeratorNonAuthorCannotLockEntry(): void { $user = $this->getUserByUsername('user'); $user2 = $this->getUserByUsername('user2'); $magazine = $this->getMagazineByNameNoRSAKey('acme'); $entry = $this->getEntryByTitle('test article', body: 'test for favourite', user: $user2, magazine: $magazine); self::createOAuth2AuthCodeClient(); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read moderate:entry:lock'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->jsonRequest('PUT', "/api/moderate/entry/{$entry->getId()}/lock", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); } public function testApiCannotLockEntryWithoutScope(): void { $user = $this->getUserByUsername('user'); $magazine = $this->getMagazineByNameNoRSAKey('acme', $user); $entry = $this->getEntryByTitle('test article', body: 'test for favourite', user: $user, magazine: $magazine); self::createOAuth2AuthCodeClient(); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->jsonRequest('PUT', "/api/moderate/entry/{$entry->getId()}/lock", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); } public function testApiCanLockEntry(): void { $user = $this->getUserByUsername('user'); $magazine = $this->getMagazineByNameNoRSAKey('acme', $user); $entry = $this->getEntryByTitle('test article', body: 'test for favourite', user: $user, magazine: $magazine); self::createOAuth2AuthCodeClient(); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read moderate:entry:lock'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->jsonRequest('PUT', "/api/moderate/entry/{$entry->getId()}/lock", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::ENTRY_RESPONSE_KEYS, $jsonData); self::assertSame($entry->getId(), $jsonData['entryId']); self::assertEquals($entry->title, $jsonData['title']); self::assertIsArray($jsonData['magazine']); self::assertArrayKeysMatch(self::MAGAZINE_SMALL_RESPONSE_KEYS, $jsonData['magazine']); self::assertSame($magazine->getId(), $jsonData['magazine']['magazineId']); self::assertIsArray($jsonData['user']); self::assertArrayKeysMatch(self::USER_SMALL_RESPONSE_KEYS, $jsonData['user']); self::assertSame($user->getId(), $jsonData['user']['userId']); self::assertNull($jsonData['domain']); self::assertNull($jsonData['url']); self::assertEquals($entry->body, $jsonData['body']); self::assertNull($jsonData['image']); self::assertEquals($entry->lang, $jsonData['lang']); self::assertEmpty($jsonData['tags']); self::assertIsArray($jsonData['badges']); self::assertEmpty($jsonData['badges']); self::assertSame(0, $jsonData['numComments']); self::assertSame(0, $jsonData['uv']); self::assertSame(0, $jsonData['dv']); self::assertSame(0, $jsonData['favourites']); // No scope for seeing votes granted self::assertNull($jsonData['isFavourited']); self::assertNull($jsonData['userVote']); self::assertFalse($jsonData['isOc']); self::assertFalse($jsonData['isAdult']); self::assertFalse($jsonData['isPinned']); self::assertTrue($jsonData['isLocked']); self::assertStringMatchesFormat('%d-%d-%dT%d:%d:%d%i:00', $jsonData['createdAt'], 'createdAt date format invalid'); self::assertNull($jsonData['editedAt']); self::assertStringMatchesFormat('%d-%d-%dT%d:%d:%d%i:00', $jsonData['lastActive'], 'lastActive date format invalid'); self::assertEquals('article', $jsonData['type']); self::assertEquals('test-article', $jsonData['slug']); self::assertNull($jsonData['apId']); } public function testApiAuthorNonModeratorCanLockEntry(): void { $user = $this->getUserByUsername('user'); $magazine = $this->getMagazineByNameNoRSAKey('acme'); $entry = $this->getEntryByTitle('test article', body: 'test for favourite', user: $user, magazine: $magazine); self::createOAuth2AuthCodeClient(); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read moderate:entry:lock'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->jsonRequest('PUT', "/api/moderate/entry/{$entry->getId()}/lock", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::ENTRY_RESPONSE_KEYS, $jsonData); self::assertSame($entry->getId(), $jsonData['entryId']); self::assertEquals($entry->title, $jsonData['title']); self::assertIsArray($jsonData['magazine']); self::assertArrayKeysMatch(self::MAGAZINE_SMALL_RESPONSE_KEYS, $jsonData['magazine']); self::assertSame($magazine->getId(), $jsonData['magazine']['magazineId']); self::assertIsArray($jsonData['user']); self::assertArrayKeysMatch(self::USER_SMALL_RESPONSE_KEYS, $jsonData['user']); self::assertSame($user->getId(), $jsonData['user']['userId']); self::assertNull($jsonData['domain']); self::assertNull($jsonData['url']); self::assertEquals($entry->body, $jsonData['body']); self::assertNull($jsonData['image']); self::assertEquals($entry->lang, $jsonData['lang']); self::assertEmpty($jsonData['tags']); self::assertIsArray($jsonData['badges']); self::assertEmpty($jsonData['badges']); self::assertSame(0, $jsonData['numComments']); self::assertSame(0, $jsonData['uv']); self::assertSame(0, $jsonData['dv']); self::assertSame(0, $jsonData['favourites']); // No scope for seeing votes granted self::assertNull($jsonData['isFavourited']); self::assertNull($jsonData['userVote']); self::assertFalse($jsonData['isOc']); self::assertFalse($jsonData['isAdult']); self::assertFalse($jsonData['isPinned']); self::assertTrue($jsonData['isLocked']); self::assertStringMatchesFormat('%d-%d-%dT%d:%d:%d%i:00', $jsonData['createdAt'], 'createdAt date format invalid'); self::assertNull($jsonData['editedAt']); self::assertStringMatchesFormat('%d-%d-%dT%d:%d:%d%i:00', $jsonData['lastActive'], 'lastActive date format invalid'); self::assertEquals('article', $jsonData['type']); self::assertEquals('test-article', $jsonData['slug']); self::assertNull($jsonData['apId']); } public function testApiCannotUnlockEntryAnonymous(): void { $user = $this->getUserByUsername('user'); $magazine = $this->getMagazineByNameNoRSAKey('acme'); $entry = $this->getEntryByTitle('test article', body: 'test for favourite', magazine: $magazine); $entryManager = $this->entryManager; $entryManager->toggleLock($entry, $user); $this->client->jsonRequest('PUT', "/api/moderate/entry/{$entry->getId()}/lock"); self::assertResponseStatusCodeSame(401); } public function testApiNonModeratorNonAuthorCannotUnlockEntry(): void { $user = $this->getUserByUsername('user'); $user2 = $this->getUserByUsername('user2'); $magazine = $this->getMagazineByNameNoRSAKey('acme'); $entry = $this->getEntryByTitle('test article', body: 'test for favourite', user: $user2, magazine: $magazine); $entryManager = $this->entryManager; $entryManager->pin($entry, null); self::createOAuth2AuthCodeClient(); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read moderate:entry:lock'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->jsonRequest('PUT', "/api/moderate/entry/{$entry->getId()}/lock", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); } public function testApiCannotUnlockEntryWithoutScope(): void { $user = $this->getUserByUsername('user'); $magazine = $this->getMagazineByNameNoRSAKey('acme', $user); $entry = $this->getEntryByTitle('test article', body: 'test for favourite', user: $user, magazine: $magazine); $entryManager = $this->entryManager; $entryManager->toggleLock($entry, $user); self::createOAuth2AuthCodeClient(); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->jsonRequest('PUT', "/api/moderate/entry/{$entry->getId()}/lock", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); } public function testApiCanUnlockEntry(): void { $user = $this->getUserByUsername('user'); $magazine = $this->getMagazineByNameNoRSAKey('acme', $user); $entry = $this->getEntryByTitle('test article', body: 'test for favourite', user: $user, magazine: $magazine); $entryManager = $this->entryManager; $entryManager->toggleLock($entry, $user); self::createOAuth2AuthCodeClient(); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read moderate:entry:lock'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->jsonRequest('PUT', "/api/moderate/entry/{$entry->getId()}/lock", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::ENTRY_RESPONSE_KEYS, $jsonData); self::assertSame($entry->getId(), $jsonData['entryId']); self::assertEquals($entry->title, $jsonData['title']); self::assertIsArray($jsonData['magazine']); self::assertArrayKeysMatch(self::MAGAZINE_SMALL_RESPONSE_KEYS, $jsonData['magazine']); self::assertSame($magazine->getId(), $jsonData['magazine']['magazineId']); self::assertIsArray($jsonData['user']); self::assertArrayKeysMatch(self::USER_SMALL_RESPONSE_KEYS, $jsonData['user']); self::assertSame($user->getId(), $jsonData['user']['userId']); self::assertNull($jsonData['domain']); self::assertNull($jsonData['url']); self::assertEquals($entry->body, $jsonData['body']); self::assertNull($jsonData['image']); self::assertEquals($entry->lang, $jsonData['lang']); self::assertEmpty($jsonData['tags']); self::assertIsArray($jsonData['badges']); self::assertEmpty($jsonData['badges']); self::assertSame(0, $jsonData['numComments']); self::assertSame(0, $jsonData['uv']); self::assertSame(0, $jsonData['dv']); self::assertSame(0, $jsonData['favourites']); // No scope for seeing votes granted self::assertNull($jsonData['isFavourited']); self::assertNull($jsonData['userVote']); self::assertFalse($jsonData['isOc']); self::assertFalse($jsonData['isAdult']); self::assertFalse($jsonData['isPinned']); self::assertFalse($jsonData['isLocked']); self::assertStringMatchesFormat('%d-%d-%dT%d:%d:%d%i:00', $jsonData['createdAt'], 'createdAt date format invalid'); self::assertNull($jsonData['editedAt']); self::assertStringMatchesFormat('%d-%d-%dT%d:%d:%d%i:00', $jsonData['lastActive'], 'lastActive date format invalid'); self::assertEquals('article', $jsonData['type']); self::assertEquals('test-article', $jsonData['slug']); self::assertNull($jsonData['apId']); } public function testApiAuthorNonModeratorCanUnlockEntry(): void { $user = $this->getUserByUsername('user'); $magazine = $this->getMagazineByNameNoRSAKey('acme'); $entry = $this->getEntryByTitle('test article', body: 'test for favourite', user: $user, magazine: $magazine); $entryManager = $this->entryManager; $entryManager->toggleLock($entry, $user); self::createOAuth2AuthCodeClient(); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read moderate:entry:lock'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->jsonRequest('PUT', "/api/moderate/entry/{$entry->getId()}/lock", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::ENTRY_RESPONSE_KEYS, $jsonData); self::assertSame($entry->getId(), $jsonData['entryId']); self::assertEquals($entry->title, $jsonData['title']); self::assertIsArray($jsonData['magazine']); self::assertArrayKeysMatch(self::MAGAZINE_SMALL_RESPONSE_KEYS, $jsonData['magazine']); self::assertSame($magazine->getId(), $jsonData['magazine']['magazineId']); self::assertIsArray($jsonData['user']); self::assertArrayKeysMatch(self::USER_SMALL_RESPONSE_KEYS, $jsonData['user']); self::assertSame($user->getId(), $jsonData['user']['userId']); self::assertNull($jsonData['domain']); self::assertNull($jsonData['url']); self::assertEquals($entry->body, $jsonData['body']); self::assertNull($jsonData['image']); self::assertEquals($entry->lang, $jsonData['lang']); self::assertEmpty($jsonData['tags']); self::assertIsArray($jsonData['badges']); self::assertEmpty($jsonData['badges']); self::assertSame(0, $jsonData['numComments']); self::assertSame(0, $jsonData['uv']); self::assertSame(0, $jsonData['dv']); self::assertSame(0, $jsonData['favourites']); // No scope for seeing votes granted self::assertNull($jsonData['isFavourited']); self::assertNull($jsonData['userVote']); self::assertFalse($jsonData['isOc']); self::assertFalse($jsonData['isAdult']); self::assertFalse($jsonData['isPinned']); self::assertFalse($jsonData['isLocked']); self::assertStringMatchesFormat('%d-%d-%dT%d:%d:%d%i:00', $jsonData['createdAt'], 'createdAt date format invalid'); self::assertNull($jsonData['editedAt']); self::assertStringMatchesFormat('%d-%d-%dT%d:%d:%d%i:00', $jsonData['lastActive'], 'lastActive date format invalid'); self::assertEquals('article', $jsonData['type']); self::assertEquals('test-article', $jsonData['slug']); self::assertNull($jsonData['apId']); } } ================================================ FILE: tests/Functional/Controller/Api/Entry/Moderate/EntryPinApiTest.php ================================================ getMagazineByNameNoRSAKey('acme'); $entry = $this->getEntryByTitle('test article', body: 'test for favourite', magazine: $magazine); $this->client->jsonRequest('PUT', "/api/moderate/entry/{$entry->getId()}/pin"); self::assertResponseStatusCodeSame(401); } public function testApiNonModeratorCannotPinEntry(): void { $user = $this->getUserByUsername('user'); $magazine = $this->getMagazineByNameNoRSAKey('acme'); $entry = $this->getEntryByTitle('test article', body: 'test for favourite', user: $user, magazine: $magazine); self::createOAuth2AuthCodeClient(); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read moderate:entry:pin'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->jsonRequest('PUT', "/api/moderate/entry/{$entry->getId()}/pin", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); } public function testApiCannotPinEntryWithoutScope(): void { $user = $this->getUserByUsername('user'); $magazine = $this->getMagazineByNameNoRSAKey('acme', $user); $entry = $this->getEntryByTitle('test article', body: 'test for favourite', user: $user, magazine: $magazine); self::createOAuth2AuthCodeClient(); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->jsonRequest('PUT', "/api/moderate/entry/{$entry->getId()}/pin", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); } public function testApiCanPinEntry(): void { $user = $this->getUserByUsername('user'); $magazine = $this->getMagazineByNameNoRSAKey('acme', $user); $entry = $this->getEntryByTitle('test article', body: 'test for favourite', user: $user, magazine: $magazine); self::createOAuth2AuthCodeClient(); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read moderate:entry:pin'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->jsonRequest('PUT', "/api/moderate/entry/{$entry->getId()}/pin", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::ENTRY_RESPONSE_KEYS, $jsonData); self::assertSame($entry->getId(), $jsonData['entryId']); self::assertEquals($entry->title, $jsonData['title']); self::assertIsArray($jsonData['magazine']); self::assertArrayKeysMatch(self::MAGAZINE_SMALL_RESPONSE_KEYS, $jsonData['magazine']); self::assertSame($magazine->getId(), $jsonData['magazine']['magazineId']); self::assertIsArray($jsonData['user']); self::assertArrayKeysMatch(self::USER_SMALL_RESPONSE_KEYS, $jsonData['user']); self::assertSame($user->getId(), $jsonData['user']['userId']); self::assertNull($jsonData['domain']); self::assertNull($jsonData['url']); self::assertEquals($entry->body, $jsonData['body']); self::assertNull($jsonData['image']); self::assertEquals($entry->lang, $jsonData['lang']); self::assertEmpty($jsonData['tags']); self::assertIsArray($jsonData['badges']); self::assertEmpty($jsonData['badges']); self::assertSame(0, $jsonData['numComments']); self::assertSame(0, $jsonData['uv']); self::assertSame(0, $jsonData['dv']); self::assertSame(0, $jsonData['favourites']); // No scope for seeing votes granted self::assertNull($jsonData['isFavourited']); self::assertNull($jsonData['userVote']); self::assertFalse($jsonData['isOc']); self::assertFalse($jsonData['isAdult']); self::assertTrue($jsonData['isPinned']); self::assertStringMatchesFormat('%d-%d-%dT%d:%d:%d%i:00', $jsonData['createdAt'], 'createdAt date format invalid'); self::assertNull($jsonData['editedAt']); self::assertStringMatchesFormat('%d-%d-%dT%d:%d:%d%i:00', $jsonData['lastActive'], 'lastActive date format invalid'); self::assertEquals('article', $jsonData['type']); self::assertEquals('test-article', $jsonData['slug']); self::assertNull($jsonData['apId']); } public function testApiCannotUnpinEntryAnonymous(): void { $magazine = $this->getMagazineByNameNoRSAKey('acme'); $entry = $this->getEntryByTitle('test article', body: 'test for favourite', magazine: $magazine); $entryManager = $this->entryManager; $entryManager->pin($entry, null); $this->client->jsonRequest('PUT', "/api/moderate/entry/{$entry->getId()}/pin"); self::assertResponseStatusCodeSame(401); } public function testApiNonModeratorCannotUnpinEntry(): void { $user = $this->getUserByUsername('user'); $magazine = $this->getMagazineByNameNoRSAKey('acme'); $entry = $this->getEntryByTitle('test article', body: 'test for favourite', user: $user, magazine: $magazine); $entryManager = $this->entryManager; $entryManager->pin($entry, null); self::createOAuth2AuthCodeClient(); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read moderate:entry:pin'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->jsonRequest('PUT', "/api/moderate/entry/{$entry->getId()}/pin", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); } public function testApiCannotUnpinEntryWithoutScope(): void { $user = $this->getUserByUsername('user'); $magazine = $this->getMagazineByNameNoRSAKey('acme', $user); $entry = $this->getEntryByTitle('test article', body: 'test for favourite', user: $user, magazine: $magazine); $entryManager = $this->entryManager; $entryManager->pin($entry, null); self::createOAuth2AuthCodeClient(); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->jsonRequest('PUT', "/api/moderate/entry/{$entry->getId()}/pin", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); } public function testApiCanUnpinEntry(): void { $user = $this->getUserByUsername('user'); $magazine = $this->getMagazineByNameNoRSAKey('acme', $user); $entry = $this->getEntryByTitle('test article', body: 'test for favourite', user: $user, magazine: $magazine); $entryManager = $this->entryManager; $entryManager->pin($entry, null); self::createOAuth2AuthCodeClient(); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read moderate:entry:pin'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->jsonRequest('PUT', "/api/moderate/entry/{$entry->getId()}/pin", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::ENTRY_RESPONSE_KEYS, $jsonData); self::assertSame($entry->getId(), $jsonData['entryId']); self::assertEquals($entry->title, $jsonData['title']); self::assertIsArray($jsonData['magazine']); self::assertArrayKeysMatch(self::MAGAZINE_SMALL_RESPONSE_KEYS, $jsonData['magazine']); self::assertSame($magazine->getId(), $jsonData['magazine']['magazineId']); self::assertIsArray($jsonData['user']); self::assertArrayKeysMatch(self::USER_SMALL_RESPONSE_KEYS, $jsonData['user']); self::assertSame($user->getId(), $jsonData['user']['userId']); self::assertNull($jsonData['domain']); self::assertNull($jsonData['url']); self::assertEquals($entry->body, $jsonData['body']); self::assertNull($jsonData['image']); self::assertEquals($entry->lang, $jsonData['lang']); self::assertEmpty($jsonData['tags']); self::assertIsArray($jsonData['badges']); self::assertEmpty($jsonData['badges']); self::assertSame(0, $jsonData['numComments']); self::assertSame(0, $jsonData['uv']); self::assertSame(0, $jsonData['dv']); self::assertSame(0, $jsonData['favourites']); // No scope for seeing votes granted self::assertNull($jsonData['isFavourited']); self::assertNull($jsonData['userVote']); self::assertFalse($jsonData['isOc']); self::assertFalse($jsonData['isAdult']); self::assertFalse($jsonData['isPinned']); self::assertStringMatchesFormat('%d-%d-%dT%d:%d:%d%i:00', $jsonData['createdAt'], 'createdAt date format invalid'); self::assertNull($jsonData['editedAt']); self::assertStringMatchesFormat('%d-%d-%dT%d:%d:%d%i:00', $jsonData['lastActive'], 'lastActive date format invalid'); self::assertEquals('article', $jsonData['type']); self::assertEquals('test-article', $jsonData['slug']); self::assertNull($jsonData['apId']); } } ================================================ FILE: tests/Functional/Controller/Api/Entry/Moderate/EntrySetAdultApiTest.php ================================================ getMagazineByNameNoRSAKey('acme'); $entry = $this->getEntryByTitle('test article', body: 'test for favourite', magazine: $magazine); $this->client->jsonRequest('PUT', "/api/moderate/entry/{$entry->getId()}/adult/true"); self::assertResponseStatusCodeSame(401); } public function testApiNonModeratorCannotSetEntryAdult(): void { $user = $this->getUserByUsername('user'); $magazine = $this->getMagazineByNameNoRSAKey('acme'); $entry = $this->getEntryByTitle('test article', body: 'test for favourite', user: $user, magazine: $magazine); self::createOAuth2AuthCodeClient(); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read moderate:entry:set_adult'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->jsonRequest('PUT', "/api/moderate/entry/{$entry->getId()}/adult/true", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); } public function testApiCannotSetEntryAdultWithoutScope(): void { $user = $this->getUserByUsername('user'); $magazine = $this->getMagazineByNameNoRSAKey('acme', $user); $entry = $this->getEntryByTitle('test article', body: 'test for favourite', user: $user, magazine: $magazine); self::createOAuth2AuthCodeClient(); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->jsonRequest('PUT', "/api/moderate/entry/{$entry->getId()}/adult/true", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); } public function testApiCanSetEntryAdult(): void { $user = $this->getUserByUsername('user'); $admin = $this->getUserByUsername('admin', isAdmin: true); $magazine = $this->getMagazineByNameNoRSAKey('acme'); $entry = $this->getEntryByTitle('test article', body: 'test for favourite', user: $user, magazine: $magazine); $magazineManager = $this->magazineManager; $moderator = new ModeratorDto($magazine); $moderator->user = $user; $moderator->addedBy = $admin; $magazineManager->addModerator($moderator); self::createOAuth2AuthCodeClient(); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read moderate:entry:set_adult'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->jsonRequest('PUT', "/api/moderate/entry/{$entry->getId()}/adult/true", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::ENTRY_RESPONSE_KEYS, $jsonData); self::assertSame($entry->getId(), $jsonData['entryId']); self::assertEquals($entry->title, $jsonData['title']); self::assertIsArray($jsonData['magazine']); self::assertArrayKeysMatch(self::MAGAZINE_SMALL_RESPONSE_KEYS, $jsonData['magazine']); self::assertSame($magazine->getId(), $jsonData['magazine']['magazineId']); self::assertIsArray($jsonData['user']); self::assertArrayKeysMatch(self::USER_SMALL_RESPONSE_KEYS, $jsonData['user']); self::assertSame($user->getId(), $jsonData['user']['userId']); self::assertNull($jsonData['domain']); self::assertNull($jsonData['url']); self::assertEquals($entry->body, $jsonData['body']); self::assertNull($jsonData['image']); self::assertEquals($entry->lang, $jsonData['lang']); self::assertEmpty($jsonData['tags']); self::assertIsArray($jsonData['badges']); self::assertEmpty($jsonData['badges']); self::assertSame(0, $jsonData['numComments']); self::assertSame(0, $jsonData['uv']); self::assertSame(0, $jsonData['dv']); self::assertSame(0, $jsonData['favourites']); // No scope for seeing votes granted self::assertNull($jsonData['isFavourited']); self::assertNull($jsonData['userVote']); self::assertFalse($jsonData['isOc']); self::assertTrue($jsonData['isAdult']); self::assertFalse($jsonData['isPinned']); self::assertStringMatchesFormat('%d-%d-%dT%d:%d:%d%i:00', $jsonData['createdAt'], 'createdAt date format invalid'); self::assertNull($jsonData['editedAt']); self::assertStringMatchesFormat('%d-%d-%dT%d:%d:%d%i:00', $jsonData['lastActive'], 'lastActive date format invalid'); self::assertEquals('visible', $jsonData['visibility']); self::assertEquals('article', $jsonData['type']); self::assertEquals('test-article', $jsonData['slug']); self::assertNull($jsonData['apId']); } public function testApiCannotSetEntryNotAdultAnonymous(): void { $magazine = $this->getMagazineByNameNoRSAKey('acme'); $entry = $this->getEntryByTitle('test article', body: 'test for favourite', magazine: $magazine); $entityManager = $this->entityManager; $entry->isAdult = true; $entityManager->persist($entry); $entityManager->flush(); $this->client->request('PUT', "/api/moderate/entry/{$entry->getId()}/adult/false"); self::assertResponseStatusCodeSame(401); } public function testApiNonModeratorCannotSetEntryNotAdult(): void { $user = $this->getUserByUsername('user'); $magazine = $this->getMagazineByNameNoRSAKey('acme'); $entry = $this->getEntryByTitle('test article', body: 'test for favourite', user: $user, magazine: $magazine); $entityManager = $this->entityManager; $entry->isAdult = true; $entityManager->persist($entry); $entityManager->flush(); self::createOAuth2AuthCodeClient(); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read moderate:entry:set_adult'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->jsonRequest('PUT', "/api/moderate/entry/{$entry->getId()}/adult/false", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); } public function testApiCannotSetEntryNotAdultWithoutScope(): void { $user = $this->getUserByUsername('user'); $magazine = $this->getMagazineByNameNoRSAKey('acme', $user); $entry = $this->getEntryByTitle('test article', body: 'test for favourite', user: $user, magazine: $magazine); $entityManager = $this->entityManager; $entry->isAdult = true; $entityManager->persist($entry); $entityManager->flush(); self::createOAuth2AuthCodeClient(); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->jsonRequest('PUT', "/api/moderate/entry/{$entry->getId()}/adult/false", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); } public function testApiCanSetEntryNotAdult(): void { $user = $this->getUserByUsername('user'); $admin = $this->getUserByUsername('admin', isAdmin: true); $magazine = $this->getMagazineByNameNoRSAKey('acme'); $entry = $this->getEntryByTitle('test article', body: 'test for favourite', user: $user, magazine: $magazine); $magazineManager = $this->magazineManager; $moderator = new ModeratorDto($magazine); $moderator->user = $user; $moderator->addedBy = $admin; $magazineManager->addModerator($moderator); $entityManager = $this->entityManager; $entry->isAdult = true; $entityManager->persist($entry); $entityManager->flush(); self::createOAuth2AuthCodeClient(); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read moderate:entry:set_adult'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->jsonRequest('PUT', "/api/moderate/entry/{$entry->getId()}/adult/false", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::ENTRY_RESPONSE_KEYS, $jsonData); self::assertSame($entry->getId(), $jsonData['entryId']); self::assertEquals($entry->title, $jsonData['title']); self::assertIsArray($jsonData['magazine']); self::assertArrayKeysMatch(self::MAGAZINE_SMALL_RESPONSE_KEYS, $jsonData['magazine']); self::assertSame($magazine->getId(), $jsonData['magazine']['magazineId']); self::assertIsArray($jsonData['user']); self::assertArrayKeysMatch(self::USER_SMALL_RESPONSE_KEYS, $jsonData['user']); self::assertSame($user->getId(), $jsonData['user']['userId']); self::assertNull($jsonData['domain']); self::assertNull($jsonData['url']); self::assertEquals($entry->body, $jsonData['body']); self::assertNull($jsonData['image']); self::assertEquals($entry->lang, $jsonData['lang']); self::assertEmpty($jsonData['tags']); self::assertIsArray($jsonData['badges']); self::assertEmpty($jsonData['badges']); self::assertSame(0, $jsonData['numComments']); self::assertSame(0, $jsonData['uv']); self::assertSame(0, $jsonData['dv']); self::assertSame(0, $jsonData['favourites']); // No scope for seeing votes granted self::assertNull($jsonData['isFavourited']); self::assertNull($jsonData['userVote']); self::assertFalse($jsonData['isOc']); self::assertFalse($jsonData['isAdult']); self::assertFalse($jsonData['isPinned']); self::assertStringMatchesFormat('%d-%d-%dT%d:%d:%d%i:00', $jsonData['createdAt'], 'createdAt date format invalid'); self::assertNull($jsonData['editedAt']); self::assertStringMatchesFormat('%d-%d-%dT%d:%d:%d%i:00', $jsonData['lastActive'], 'lastActive date format invalid'); self::assertEquals('visible', $jsonData['visibility']); self::assertEquals('article', $jsonData['type']); self::assertEquals('test-article', $jsonData['slug']); self::assertNull($jsonData['apId']); } } ================================================ FILE: tests/Functional/Controller/Api/Entry/Moderate/EntrySetLanguageApiTest.php ================================================ getMagazineByNameNoRSAKey('acme'); $entry = $this->getEntryByTitle('test article', body: 'test for favourite', magazine: $magazine); $this->client->jsonRequest('PUT', "/api/moderate/entry/{$entry->getId()}/de"); self::assertResponseStatusCodeSame(401); } public function testApiNonModeratorCannotSetEntryLanguage(): void { $user = $this->getUserByUsername('user'); $magazine = $this->getMagazineByNameNoRSAKey('acme'); $entry = $this->getEntryByTitle('test article', body: 'test for favourite', user: $user, magazine: $magazine); self::createOAuth2AuthCodeClient(); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read moderate:entry:language'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->jsonRequest('PUT', "/api/moderate/entry/{$entry->getId()}/de", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); } public function testApiCannotSetEntryLanguageWithoutScope(): void { $user = $this->getUserByUsername('user'); $magazine = $this->getMagazineByNameNoRSAKey('acme', $user); $entry = $this->getEntryByTitle('test article', body: 'test for favourite', user: $user, magazine: $magazine); self::createOAuth2AuthCodeClient(); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->jsonRequest('PUT', "/api/moderate/entry/{$entry->getId()}/de", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); } public function testApiCannotSetEntryLanguageInvalid(): void { $user = $this->getUserByUsername('user'); $admin = $this->getUserByUsername('admin', isAdmin: true); $magazine = $this->getMagazineByNameNoRSAKey('acme'); $entry = $this->getEntryByTitle('test article', body: 'test for favourite', user: $user, magazine: $magazine); $magazineManager = $this->magazineManager; $moderator = new ModeratorDto($magazine); $moderator->user = $user; $moderator->addedBy = $admin; $magazineManager->addModerator($moderator); self::createOAuth2AuthCodeClient(); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read moderate:entry:language'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->jsonRequest('PUT', "/api/moderate/entry/{$entry->getId()}/fake", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(400); $this->client->jsonRequest('PUT', "/api/moderate/entry/{$entry->getId()}/ac", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(400); $this->client->jsonRequest('PUT', "/api/moderate/entry/{$entry->getId()}/aaa", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(400); $this->client->jsonRequest('PUT', "/api/moderate/entry/{$entry->getId()}/a", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(400); } public function testApiCanSetEntryLanguage(): void { $user = $this->getUserByUsername('user'); $admin = $this->getUserByUsername('admin', isAdmin: true); $magazine = $this->getMagazineByNameNoRSAKey('acme'); $entry = $this->getEntryByTitle('test article', body: 'test for favourite', user: $user, magazine: $magazine); $magazineManager = $this->magazineManager; $moderator = new ModeratorDto($magazine); $moderator->user = $user; $moderator->addedBy = $admin; $magazineManager->addModerator($moderator); self::createOAuth2AuthCodeClient(); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read moderate:entry:language'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->jsonRequest('PUT', "/api/moderate/entry/{$entry->getId()}/de", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::ENTRY_RESPONSE_KEYS, $jsonData); self::assertSame($entry->getId(), $jsonData['entryId']); self::assertEquals($entry->title, $jsonData['title']); self::assertIsArray($jsonData['magazine']); self::assertArrayKeysMatch(self::MAGAZINE_SMALL_RESPONSE_KEYS, $jsonData['magazine']); self::assertSame($magazine->getId(), $jsonData['magazine']['magazineId']); self::assertIsArray($jsonData['user']); self::assertArrayKeysMatch(self::USER_SMALL_RESPONSE_KEYS, $jsonData['user']); self::assertSame($user->getId(), $jsonData['user']['userId']); self::assertNull($jsonData['domain']); self::assertNull($jsonData['url']); self::assertEquals($entry->body, $jsonData['body']); self::assertNull($jsonData['image']); self::assertEquals('de', $jsonData['lang']); self::assertEmpty($jsonData['tags']); self::assertIsArray($jsonData['badges']); self::assertEmpty($jsonData['badges']); self::assertSame(0, $jsonData['numComments']); self::assertSame(0, $jsonData['uv']); self::assertSame(0, $jsonData['dv']); self::assertSame(0, $jsonData['favourites']); // No scope for seeing votes granted self::assertNull($jsonData['isFavourited']); self::assertNull($jsonData['userVote']); self::assertFalse($jsonData['isOc']); self::assertFalse($jsonData['isAdult']); self::assertFalse($jsonData['isPinned']); self::assertStringMatchesFormat('%d-%d-%dT%d:%d:%d%i:00', $jsonData['createdAt'], 'createdAt date format invalid'); self::assertNull($jsonData['editedAt']); self::assertStringMatchesFormat('%d-%d-%dT%d:%d:%d%i:00', $jsonData['lastActive'], 'lastActive date format invalid'); self::assertEquals('visible', $jsonData['visibility']); self::assertEquals('article', $jsonData['type']); self::assertEquals('test-article', $jsonData['slug']); self::assertNull($jsonData['apId']); } public function testApiCanSetEntryLanguage3Letter(): void { $user = $this->getUserByUsername('user'); $admin = $this->getUserByUsername('admin', isAdmin: true); $magazine = $this->getMagazineByNameNoRSAKey('acme'); $entry = $this->getEntryByTitle('test article', body: 'test for favourite', user: $user, magazine: $magazine); $magazineManager = $this->magazineManager; $moderator = new ModeratorDto($magazine); $moderator->user = $user; $moderator->addedBy = $admin; $magazineManager->addModerator($moderator); self::createOAuth2AuthCodeClient(); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read moderate:entry:language'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->jsonRequest('PUT', "/api/moderate/entry/{$entry->getId()}/elx", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::ENTRY_RESPONSE_KEYS, $jsonData); self::assertSame($entry->getId(), $jsonData['entryId']); self::assertEquals($entry->title, $jsonData['title']); self::assertIsArray($jsonData['magazine']); self::assertArrayKeysMatch(self::MAGAZINE_SMALL_RESPONSE_KEYS, $jsonData['magazine']); self::assertSame($magazine->getId(), $jsonData['magazine']['magazineId']); self::assertIsArray($jsonData['user']); self::assertArrayKeysMatch(self::USER_SMALL_RESPONSE_KEYS, $jsonData['user']); self::assertSame($user->getId(), $jsonData['user']['userId']); self::assertNull($jsonData['domain']); self::assertNull($jsonData['url']); self::assertEquals($entry->body, $jsonData['body']); self::assertNull($jsonData['image']); self::assertEquals('elx', $jsonData['lang']); self::assertEmpty($jsonData['tags']); self::assertIsArray($jsonData['badges']); self::assertEmpty($jsonData['badges']); self::assertSame(0, $jsonData['numComments']); self::assertSame(0, $jsonData['uv']); self::assertSame(0, $jsonData['dv']); self::assertSame(0, $jsonData['favourites']); // No scope for seeing votes granted self::assertNull($jsonData['isFavourited']); self::assertNull($jsonData['userVote']); self::assertFalse($jsonData['isOc']); self::assertFalse($jsonData['isAdult']); self::assertFalse($jsonData['isPinned']); self::assertStringMatchesFormat('%d-%d-%dT%d:%d:%d%i:00', $jsonData['createdAt'], 'createdAt date format invalid'); self::assertNull($jsonData['editedAt']); self::assertStringMatchesFormat('%d-%d-%dT%d:%d:%d%i:00', $jsonData['lastActive'], 'lastActive date format invalid'); self::assertEquals('visible', $jsonData['visibility']); self::assertEquals('article', $jsonData['type']); self::assertEquals('test-article', $jsonData['slug']); self::assertNull($jsonData['apId']); } } ================================================ FILE: tests/Functional/Controller/Api/Entry/Moderate/EntryTrashApiTest.php ================================================ getMagazineByNameNoRSAKey('acme'); $entry = $this->getEntryByTitle('test article', body: 'test for favourite', magazine: $magazine); $this->client->jsonRequest('PUT', "/api/moderate/entry/{$entry->getId()}/trash"); self::assertResponseStatusCodeSame(401); } public function testApiNonModeratorCannotTrashEntry(): void { $user = $this->getUserByUsername('user'); $magazine = $this->getMagazineByNameNoRSAKey('acme'); $entry = $this->getEntryByTitle('test article', body: 'test for favourite', user: $user, magazine: $magazine); self::createOAuth2AuthCodeClient(); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read moderate:entry:trash'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->jsonRequest('PUT', "/api/moderate/entry/{$entry->getId()}/trash", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); } public function testApiCannotTrashEntryWithoutScope(): void { $user = $this->getUserByUsername('user'); $magazine = $this->getMagazineByNameNoRSAKey('acme', $user); $entry = $this->getEntryByTitle('test article', body: 'test for favourite', user: $user, magazine: $magazine); self::createOAuth2AuthCodeClient(); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->jsonRequest('PUT', "/api/moderate/entry/{$entry->getId()}/trash", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); } public function testApiCanTrashEntry(): void { $user = $this->getUserByUsername('user'); $admin = $this->getUserByUsername('admin', isAdmin: true); $magazine = $this->getMagazineByNameNoRSAKey('acme'); $entry = $this->getEntryByTitle('test article', body: 'test for favourite', user: $user, magazine: $magazine); $magazineManager = $this->magazineManager; $moderator = new ModeratorDto($magazine); $moderator->user = $user; $moderator->addedBy = $admin; $magazineManager->addModerator($moderator); self::createOAuth2AuthCodeClient(); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read moderate:entry:trash'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->jsonRequest('PUT', "/api/moderate/entry/{$entry->getId()}/trash", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::ENTRY_RESPONSE_KEYS, $jsonData); self::assertSame($entry->getId(), $jsonData['entryId']); self::assertEquals($entry->title, $jsonData['title']); self::assertIsArray($jsonData['magazine']); self::assertArrayKeysMatch(self::MAGAZINE_SMALL_RESPONSE_KEYS, $jsonData['magazine']); self::assertSame($magazine->getId(), $jsonData['magazine']['magazineId']); self::assertIsArray($jsonData['user']); self::assertArrayKeysMatch(self::USER_SMALL_RESPONSE_KEYS, $jsonData['user']); self::assertSame($user->getId(), $jsonData['user']['userId']); self::assertNull($jsonData['domain']); self::assertNull($jsonData['url']); self::assertEquals($entry->body, $jsonData['body']); self::assertNull($jsonData['image']); self::assertEquals($entry->lang, $jsonData['lang']); self::assertEmpty($jsonData['tags']); self::assertIsArray($jsonData['badges']); self::assertEmpty($jsonData['badges']); self::assertSame(0, $jsonData['numComments']); self::assertSame(0, $jsonData['uv']); self::assertSame(0, $jsonData['dv']); self::assertSame(0, $jsonData['favourites']); // No scope for seeing votes granted self::assertNull($jsonData['isFavourited']); self::assertNull($jsonData['userVote']); self::assertFalse($jsonData['isOc']); self::assertFalse($jsonData['isAdult']); self::assertFalse($jsonData['isPinned']); self::assertStringMatchesFormat('%d-%d-%dT%d:%d:%d%i:00', $jsonData['createdAt'], 'createdAt date format invalid'); self::assertNull($jsonData['editedAt']); self::assertStringMatchesFormat('%d-%d-%dT%d:%d:%d%i:00', $jsonData['lastActive'], 'lastActive date format invalid'); self::assertEquals('trashed', $jsonData['visibility']); self::assertEquals('article', $jsonData['type']); self::assertEquals('test-article', $jsonData['slug']); self::assertNull($jsonData['apId']); } public function testApiCannotRestoreEntryAnonymous(): void { $magazine = $this->getMagazineByNameNoRSAKey('acme'); $user = $this->getUserByUsername('user'); $entry = $this->getEntryByTitle('test article', body: 'test for favourite', magazine: $magazine); $entryManager = $this->entryManager; $entryManager->trash($user, $entry); $this->client->jsonRequest('PUT', "/api/moderate/entry/{$entry->getId()}/restore"); self::assertResponseStatusCodeSame(401); } public function testApiNonModeratorCannotRestoreEntry(): void { $user = $this->getUserByUsername('user'); $magazine = $this->getMagazineByNameNoRSAKey('acme'); $entry = $this->getEntryByTitle('test article', body: 'test for favourite', user: $user, magazine: $magazine); $entryManager = $this->entryManager; $entryManager->trash($user, $entry); self::createOAuth2AuthCodeClient(); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read moderate:entry:trash'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->jsonRequest('PUT', "/api/moderate/entry/{$entry->getId()}/restore", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); } public function testApiCannotRestoreEntryWithoutScope(): void { $user = $this->getUserByUsername('user'); $magazine = $this->getMagazineByNameNoRSAKey('acme', $user); $entry = $this->getEntryByTitle('test article', body: 'test for favourite', user: $user, magazine: $magazine); $entryManager = $this->entryManager; $entryManager->trash($user, $entry); self::createOAuth2AuthCodeClient(); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->jsonRequest('PUT', "/api/moderate/entry/{$entry->getId()}/restore", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); } public function testApiCanRestoreEntry(): void { $user = $this->getUserByUsername('user'); $admin = $this->getUserByUsername('admin', isAdmin: true); $magazine = $this->getMagazineByNameNoRSAKey('acme'); $entry = $this->getEntryByTitle('test article', body: 'test for favourite', user: $user, magazine: $magazine); $magazineManager = $this->magazineManager; $moderator = new ModeratorDto($magazine); $moderator->user = $user; $moderator->addedBy = $admin; $magazineManager->addModerator($moderator); $entryManager = $this->entryManager; $entryManager->trash($user, $entry); self::createOAuth2AuthCodeClient(); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read moderate:entry:trash'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->jsonRequest('PUT', "/api/moderate/entry/{$entry->getId()}/restore", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::ENTRY_RESPONSE_KEYS, $jsonData); self::assertSame($entry->getId(), $jsonData['entryId']); self::assertEquals($entry->title, $jsonData['title']); self::assertIsArray($jsonData['magazine']); self::assertArrayKeysMatch(self::MAGAZINE_SMALL_RESPONSE_KEYS, $jsonData['magazine']); self::assertSame($magazine->getId(), $jsonData['magazine']['magazineId']); self::assertIsArray($jsonData['user']); self::assertArrayKeysMatch(self::USER_SMALL_RESPONSE_KEYS, $jsonData['user']); self::assertSame($user->getId(), $jsonData['user']['userId']); self::assertNull($jsonData['domain']); self::assertNull($jsonData['url']); self::assertEquals($entry->body, $jsonData['body']); self::assertNull($jsonData['image']); self::assertEquals($entry->lang, $jsonData['lang']); self::assertEmpty($jsonData['tags']); self::assertIsArray($jsonData['badges']); self::assertEmpty($jsonData['badges']); self::assertSame(0, $jsonData['numComments']); self::assertSame(0, $jsonData['uv']); self::assertSame(0, $jsonData['dv']); self::assertSame(0, $jsonData['favourites']); // No scope for seeing votes granted self::assertNull($jsonData['isFavourited']); self::assertNull($jsonData['userVote']); self::assertFalse($jsonData['isOc']); self::assertFalse($jsonData['isAdult']); self::assertFalse($jsonData['isPinned']); self::assertStringMatchesFormat('%d-%d-%dT%d:%d:%d%i:00', $jsonData['createdAt'], 'createdAt date format invalid'); self::assertNull($jsonData['editedAt']); self::assertStringMatchesFormat('%d-%d-%dT%d:%d:%d%i:00', $jsonData['lastActive'], 'lastActive date format invalid'); self::assertEquals('visible', $jsonData['visibility']); self::assertEquals('article', $jsonData['type']); self::assertEquals('test-article', $jsonData['slug']); self::assertNull($jsonData['apId']); } } ================================================ FILE: tests/Functional/Controller/Api/Entry/UserEntryRetrieveApiTest.php ================================================ getEntryByTitle('an entry', body: 'test'); $this->createEntryComment('up the ranking', $entry); $magazine = $this->getMagazineByNameNoRSAKey('somemag'); $otherUser = $this->getUserByUsername('somebody'); $this->getEntryByTitle('another entry', url: 'https://google.com', magazine: $magazine, user: $otherUser); $this->client->request('GET', "/api/users/{$otherUser->getId()}/entries"); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::PAGINATED_KEYS, $jsonData); self::assertIsArray($jsonData['items']); self::assertCount(1, $jsonData['items']); self::assertIsArray($jsonData['pagination']); self::assertArrayKeysMatch(self::PAGINATION_KEYS, $jsonData['pagination']); self::assertSame(1, $jsonData['pagination']['count']); self::assertIsArray($jsonData['items'][0]); self::assertArrayKeysMatch(self::ENTRY_RESPONSE_KEYS, $jsonData['items'][0]); self::assertEquals('another entry', $jsonData['items'][0]['title']); self::assertIsArray($jsonData['items'][0]['magazine']); self::assertArrayKeysMatch(self::MAGAZINE_SMALL_RESPONSE_KEYS, $jsonData['items'][0]['magazine']); self::assertSame($magazine->getId(), $jsonData['items'][0]['magazine']['magazineId']); self::assertIsArray($jsonData['items'][0]['user']); self::assertArrayKeysMatch(self::USER_SMALL_RESPONSE_KEYS, $jsonData['items'][0]['user']); self::assertSame($otherUser->getId(), $jsonData['items'][0]['user']['userId']); self::assertEquals('link', $jsonData['items'][0]['type']); self::assertSame(0, $jsonData['items'][0]['numComments']); self::assertNull($jsonData['items'][0]['crosspostedEntries']); } public function testApiCanGetUserEntries(): void { $entry = $this->getEntryByTitle('an entry', body: 'test'); $this->createEntryComment('up the ranking', $entry); $magazine = $this->getMagazineByNameNoRSAKey('somemag'); $otherUser = $this->getUserByUsername('somebody'); $this->getEntryByTitle('another entry', url: 'https://google.com', magazine: $magazine, user: $otherUser); self::createOAuth2AuthCodeClient(); $this->client->loginUser($this->getUserByUsername('user')); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('GET', "/api/users/{$otherUser->getId()}/entries", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::PAGINATED_KEYS, $jsonData); self::assertIsArray($jsonData['items']); self::assertCount(1, $jsonData['items']); self::assertIsArray($jsonData['pagination']); self::assertArrayKeysMatch(self::PAGINATION_KEYS, $jsonData['pagination']); self::assertSame(1, $jsonData['pagination']['count']); self::assertIsArray($jsonData['items'][0]); self::assertArrayKeysMatch(self::ENTRY_RESPONSE_KEYS, $jsonData['items'][0]); self::assertEquals('another entry', $jsonData['items'][0]['title']); self::assertIsArray($jsonData['items'][0]['magazine']); self::assertArrayKeysMatch(self::MAGAZINE_SMALL_RESPONSE_KEYS, $jsonData['items'][0]['magazine']); self::assertSame($magazine->getId(), $jsonData['items'][0]['magazine']['magazineId']); self::assertIsArray($jsonData['items'][0]['user']); self::assertArrayKeysMatch(self::USER_SMALL_RESPONSE_KEYS, $jsonData['items'][0]['user']); self::assertSame($otherUser->getId(), $jsonData['items'][0]['user']['userId']); self::assertEquals('link', $jsonData['items'][0]['type']); self::assertSame(0, $jsonData['items'][0]['numComments']); self::assertNull($jsonData['items'][0]['crosspostedEntries']); } public function testApiCanGetUserEntriesNewest(): void { $first = $this->getEntryByTitle('first', body: 'test'); $second = $this->getEntryByTitle('second', url: 'https://google.com'); $third = $this->getEntryByTitle('third', url: 'https://google.com'); $otherUser = $first->user; $first->createdAt = new \DateTimeImmutable('-1 hour'); $second->createdAt = new \DateTimeImmutable('-1 second'); $third->createdAt = new \DateTimeImmutable(); $entityManager = $this->entityManager; $entityManager->persist($first); $entityManager->persist($second); $entityManager->persist($third); $entityManager->flush(); self::createOAuth2AuthCodeClient(); $this->client->loginUser($this->getUserByUsername('user')); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('GET', "/api/users/{$otherUser->getId()}/entries?sort=newest", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::PAGINATED_KEYS, $jsonData); self::assertIsArray($jsonData['items']); self::assertCount(3, $jsonData['items']); self::assertIsArray($jsonData['pagination']); self::assertArrayKeysMatch(self::PAGINATION_KEYS, $jsonData['pagination']); self::assertSame(3, $jsonData['pagination']['count']); self::assertIsArray($jsonData['items'][0]); self::assertArrayKeysMatch(self::ENTRY_RESPONSE_KEYS, $jsonData['items'][0]); self::assertSame($third->getId(), $jsonData['items'][0]['entryId']); self::assertIsArray($jsonData['items'][1]); self::assertArrayKeysMatch(self::ENTRY_RESPONSE_KEYS, $jsonData['items'][1]); self::assertSame($second->getId(), $jsonData['items'][1]['entryId']); self::assertIsArray($jsonData['items'][2]); self::assertArrayKeysMatch(self::ENTRY_RESPONSE_KEYS, $jsonData['items'][2]); self::assertSame($first->getId(), $jsonData['items'][2]['entryId']); } public function testApiCanGetUserEntriesOldest(): void { $first = $this->getEntryByTitle('first', body: 'test'); $second = $this->getEntryByTitle('second', url: 'https://google.com'); $third = $this->getEntryByTitle('third', url: 'https://google.com'); $otherUser = $first->user; $first->createdAt = new \DateTimeImmutable('-1 hour'); $second->createdAt = new \DateTimeImmutable('-1 second'); $third->createdAt = new \DateTimeImmutable(); $entityManager = $this->entityManager; $entityManager->persist($first); $entityManager->persist($second); $entityManager->persist($third); $entityManager->flush(); self::createOAuth2AuthCodeClient(); $this->client->loginUser($this->getUserByUsername('user')); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('GET', "/api/users/{$otherUser->getId()}/entries?sort=oldest", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::PAGINATED_KEYS, $jsonData); self::assertIsArray($jsonData['items']); self::assertCount(3, $jsonData['items']); self::assertIsArray($jsonData['pagination']); self::assertArrayKeysMatch(self::PAGINATION_KEYS, $jsonData['pagination']); self::assertSame(3, $jsonData['pagination']['count']); self::assertIsArray($jsonData['items'][0]); self::assertArrayKeysMatch(self::ENTRY_RESPONSE_KEYS, $jsonData['items'][0]); self::assertSame($first->getId(), $jsonData['items'][0]['entryId']); self::assertIsArray($jsonData['items'][1]); self::assertArrayKeysMatch(self::ENTRY_RESPONSE_KEYS, $jsonData['items'][1]); self::assertSame($second->getId(), $jsonData['items'][1]['entryId']); self::assertIsArray($jsonData['items'][2]); self::assertArrayKeysMatch(self::ENTRY_RESPONSE_KEYS, $jsonData['items'][2]); self::assertSame($third->getId(), $jsonData['items'][2]['entryId']); } public function testApiCanGetUserEntriesCommented(): void { $first = $this->getEntryByTitle('first', body: 'test'); $this->createEntryComment('comment 1', $first); $this->createEntryComment('comment 2', $first); $second = $this->getEntryByTitle('second', url: 'https://google.com'); $this->createEntryComment('comment 1', $second); $third = $this->getEntryByTitle('third', url: 'https://google.com'); $otherUser = $first->user; self::createOAuth2AuthCodeClient(); $this->client->loginUser($this->getUserByUsername('user')); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('GET', "/api/users/{$otherUser->getId()}/entries?sort=commented", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::PAGINATED_KEYS, $jsonData); self::assertIsArray($jsonData['items']); self::assertCount(3, $jsonData['items']); self::assertIsArray($jsonData['pagination']); self::assertArrayKeysMatch(self::PAGINATION_KEYS, $jsonData['pagination']); self::assertSame(3, $jsonData['pagination']['count']); self::assertIsArray($jsonData['items'][0]); self::assertArrayKeysMatch(self::ENTRY_RESPONSE_KEYS, $jsonData['items'][0]); self::assertSame($first->getId(), $jsonData['items'][0]['entryId']); self::assertSame(2, $jsonData['items'][0]['numComments']); self::assertIsArray($jsonData['items'][1]); self::assertArrayKeysMatch(self::ENTRY_RESPONSE_KEYS, $jsonData['items'][1]); self::assertSame($second->getId(), $jsonData['items'][1]['entryId']); self::assertSame(1, $jsonData['items'][1]['numComments']); self::assertIsArray($jsonData['items'][2]); self::assertArrayKeysMatch(self::ENTRY_RESPONSE_KEYS, $jsonData['items'][2]); self::assertSame($third->getId(), $jsonData['items'][2]['entryId']); self::assertSame(0, $jsonData['items'][2]['numComments']); } public function testApiCanGetUserEntriesActive(): void { $first = $this->getEntryByTitle('first', body: 'test'); $second = $this->getEntryByTitle('second', url: 'https://google.com'); $third = $this->getEntryByTitle('third', url: 'https://google.com'); $otherUser = $first->user; $first->lastActive = new \DateTime('-1 hour'); $second->lastActive = new \DateTime('-1 second'); $third->lastActive = new \DateTime(); $entityManager = $this->entityManager; $entityManager->persist($first); $entityManager->persist($second); $entityManager->persist($third); $entityManager->flush(); self::createOAuth2AuthCodeClient(); $this->client->loginUser($this->getUserByUsername('user')); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('GET', "/api/users/{$otherUser->getId()}/entries?sort=active", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::PAGINATED_KEYS, $jsonData); self::assertIsArray($jsonData['items']); self::assertCount(3, $jsonData['items']); self::assertIsArray($jsonData['pagination']); self::assertArrayKeysMatch(self::PAGINATION_KEYS, $jsonData['pagination']); self::assertSame(3, $jsonData['pagination']['count']); self::assertIsArray($jsonData['items'][0]); self::assertArrayKeysMatch(self::ENTRY_RESPONSE_KEYS, $jsonData['items'][0]); self::assertSame($third->getId(), $jsonData['items'][0]['entryId']); self::assertIsArray($jsonData['items'][1]); self::assertArrayKeysMatch(self::ENTRY_RESPONSE_KEYS, $jsonData['items'][1]); self::assertSame($second->getId(), $jsonData['items'][1]['entryId']); self::assertIsArray($jsonData['items'][2]); self::assertArrayKeysMatch(self::ENTRY_RESPONSE_KEYS, $jsonData['items'][2]); self::assertSame($first->getId(), $jsonData['items'][2]['entryId']); } public function testApiCanGetUserEntriesTop(): void { $first = $this->getEntryByTitle('first', body: 'test'); $second = $this->getEntryByTitle('second', url: 'https://google.com'); $third = $this->getEntryByTitle('third', url: 'https://google.com'); $otherUser = $first->user; $voteManager = $this->voteManager; $voteManager->vote(1, $first, $this->getUserByUsername('voter1'), rateLimit: false); $voteManager->vote(1, $first, $this->getUserByUsername('voter2'), rateLimit: false); $voteManager->vote(1, $second, $this->getUserByUsername('voter1'), rateLimit: false); self::createOAuth2AuthCodeClient(); $this->client->loginUser($this->getUserByUsername('user')); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('GET', "/api/users/{$otherUser->getId()}/entries?sort=top", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::PAGINATED_KEYS, $jsonData); self::assertIsArray($jsonData['items']); self::assertCount(3, $jsonData['items']); self::assertIsArray($jsonData['pagination']); self::assertArrayKeysMatch(self::PAGINATION_KEYS, $jsonData['pagination']); self::assertSame(3, $jsonData['pagination']['count']); self::assertIsArray($jsonData['items'][0]); self::assertArrayKeysMatch(self::ENTRY_RESPONSE_KEYS, $jsonData['items'][0]); self::assertSame($first->getId(), $jsonData['items'][0]['entryId']); self::assertSame(2, $jsonData['items'][0]['uv']); self::assertIsArray($jsonData['items'][1]); self::assertArrayKeysMatch(self::ENTRY_RESPONSE_KEYS, $jsonData['items'][1]); self::assertSame($second->getId(), $jsonData['items'][1]['entryId']); self::assertSame(1, $jsonData['items'][1]['uv']); self::assertIsArray($jsonData['items'][2]); self::assertArrayKeysMatch(self::ENTRY_RESPONSE_KEYS, $jsonData['items'][2]); self::assertSame($third->getId(), $jsonData['items'][2]['entryId']); self::assertSame(0, $jsonData['items'][2]['uv']); } public function testApiCanGetUserEntriesWithUserVoteStatus(): void { $this->getEntryByTitle('an entry', body: 'test'); $otherUser = $this->getUserByUsername('somebody'); $magazine = $this->getMagazineByNameNoRSAKey('somemag'); $entry = $this->getEntryByTitle('another entry', url: 'https://google.com', magazine: $magazine, user: $otherUser); self::createOAuth2AuthCodeClient(); $this->client->loginUser($this->getUserByUsername('user')); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read vote'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('GET', "/api/users/{$otherUser->getId()}/entries", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::PAGINATED_KEYS, $jsonData); self::assertIsArray($jsonData['items']); self::assertCount(1, $jsonData['items']); self::assertIsArray($jsonData['pagination']); self::assertArrayKeysMatch(self::PAGINATION_KEYS, $jsonData['pagination']); self::assertSame(1, $jsonData['pagination']['count']); self::assertIsArray($jsonData['items'][0]); self::assertArrayKeysMatch(self::ENTRY_RESPONSE_KEYS, $jsonData['items'][0]); self::assertSame($entry->getId(), $jsonData['items'][0]['entryId']); self::assertEquals('another entry', $jsonData['items'][0]['title']); self::assertIsArray($jsonData['items'][0]['magazine']); self::assertArrayKeysMatch(self::MAGAZINE_SMALL_RESPONSE_KEYS, $jsonData['items'][0]['magazine']); self::assertSame($magazine->getId(), $jsonData['items'][0]['magazine']['magazineId']); self::assertIsArray($jsonData['items'][0]['user']); self::assertArrayKeysMatch(self::USER_SMALL_RESPONSE_KEYS, $jsonData['items'][0]['user']); self::assertSame($otherUser->getId(), $jsonData['items'][0]['user']['userId']); self::assertIsArray($jsonData['items'][0]['domain']); self::assertArrayKeysMatch(self::DOMAIN_RESPONSE_KEYS, $jsonData['items'][0]['domain']); self::assertEquals('https://google.com', $jsonData['items'][0]['url']); self::assertNull($jsonData['items'][0]['body']); if (null !== $jsonData['items'][0]['image']) { self::assertStringContainsString('google.com', parse_url($jsonData['items'][0]['image']['sourceUrl'], PHP_URL_HOST)); } self::assertEquals('en', $jsonData['items'][0]['lang']); self::assertEmpty($jsonData['items'][0]['tags']); self::assertSame(0, $jsonData['items'][0]['numComments']); self::assertSame(0, $jsonData['items'][0]['uv']); self::assertSame(0, $jsonData['items'][0]['dv']); self::assertSame(0, $jsonData['items'][0]['favourites']); self::assertFalse($jsonData['items'][0]['isFavourited']); self::assertSame(0, $jsonData['items'][0]['userVote']); self::assertFalse($jsonData['items'][0]['isOc']); self::assertFalse($jsonData['items'][0]['isAdult']); self::assertFalse($jsonData['items'][0]['isPinned']); self::assertStringMatchesFormat('%d-%d-%dT%d:%d:%d%i:00', $jsonData['items'][0]['createdAt'], 'createdAt date format invalid'); self::assertNull($jsonData['items'][0]['editedAt']); self::assertStringMatchesFormat('%d-%d-%dT%d:%d:%d%i:00', $jsonData['items'][0]['lastActive'], 'lastActive date format invalid'); self::assertEquals('link', $jsonData['items'][0]['type']); self::assertEquals('another-entry', $jsonData['items'][0]['slug']); self::assertNull($jsonData['items'][0]['apId']); self::assertNull($jsonData['items'][0]['crosspostedEntries']); } } ================================================ FILE: tests/Functional/Controller/Api/Instance/Admin/InstanceFederationUpdateApiTest.php ================================================ client->request('PUT', '/api/defederated'); self::assertResponseStatusCodeSame(401); } public function testApiCannotUpdateInstanceFederationWithoutAdmin(): void { self::createOAuth2AuthCodeClient(); $user = $this->getUserByUsername('JohnDoe'); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('PUT', '/api/defederated', server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); } public function testApiCannotUpdateInstanceFederationWithoutScope(): void { self::createOAuth2AuthCodeClient(); $user = $this->getUserByUsername('JohnDoe', isAdmin: true); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('PUT', '/api/defederated', server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); } public function testApiCanUpdateInstanceFederation(): void { self::createOAuth2AuthCodeClient(); $user = $this->getUserByUsername('JohnDoe', isAdmin: true); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read admin:federation:update'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->jsonRequest('PUT', '/api/defederated', ['instances' => ['bad-instance.com']], server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertArrayKeysMatch(['instances'], $jsonData); self::assertSame(['bad-instance.com'], $jsonData['instances']); } public function testApiCanClearInstanceFederation(): void { $this->instanceManager->setBannedInstances(['defederated.social', 'evil.social']); self::createOAuth2AuthCodeClient(); $user = $this->getUserByUsername('JohnDoe', isAdmin: true); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read admin:federation:update'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->jsonRequest('PUT', '/api/defederated', ['instances' => []], server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertArrayKeysMatch(['instances'], $jsonData); self::assertEmpty($jsonData['instances']); } } ================================================ FILE: tests/Functional/Controller/Api/Instance/Admin/InstancePagesUpdateApiTest.php ================================================ client->request('PUT', '/api/instance/about'); self::assertResponseStatusCodeSame(401); } public function testApiCannotUpdateInstanceAboutPageWithoutAdmin(): void { self::createOAuth2AuthCodeClient(); $user = $this->getUserByUsername('JohnDoe'); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('PUT', '/api/instance/about', server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); } public function testApiCannotUpdateInstanceAboutPageWithoutScope(): void { self::createOAuth2AuthCodeClient(); $user = $this->getUserByUsername('JohnDoe', isAdmin: true); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('PUT', '/api/instance/about', server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); } public function testApiCanUpdateInstanceAboutPage(): void { self::createOAuth2AuthCodeClient(); $user = $this->getUserByUsername('JohnDoe', isAdmin: true); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read admin:instance:information:edit'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->jsonRequest('PUT', '/api/instance/about', ['body' => 'about page'], server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertArrayKeysMatch(InstanceDetailsApiTest::INSTANCE_PAGE_RESPONSE_KEYS, $jsonData); self::assertEquals('about page', $jsonData['about']); } public function testApiCannotUpdateInstanceContactPageAnonymous(): void { $this->client->request('PUT', '/api/instance/contact'); self::assertResponseStatusCodeSame(401); } public function testApiCannotUpdateInstanceContactPageWithoutAdmin(): void { self::createOAuth2AuthCodeClient(); $user = $this->getUserByUsername('JohnDoe'); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('PUT', '/api/instance/contact', server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); } public function testApiCannotUpdateInstanceContactPageWithoutScope(): void { self::createOAuth2AuthCodeClient(); $user = $this->getUserByUsername('JohnDoe', isAdmin: true); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('PUT', '/api/instance/contact', server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); } public function testApiCanUpdateInstanceContactPage(): void { self::createOAuth2AuthCodeClient(); $user = $this->getUserByUsername('JohnDoe', isAdmin: true); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read admin:instance:information:edit'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->jsonRequest('PUT', '/api/instance/contact', ['body' => 'contact page'], server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertArrayKeysMatch(InstanceDetailsApiTest::INSTANCE_PAGE_RESPONSE_KEYS, $jsonData); self::assertEquals('contact page', $jsonData['contact']); } public function testApiCannotUpdateInstanceFAQPageAnonymous(): void { $this->client->request('PUT', '/api/instance/faq'); self::assertResponseStatusCodeSame(401); } public function testApiCannotUpdateInstanceFAQPageWithoutAdmin(): void { self::createOAuth2AuthCodeClient(); $user = $this->getUserByUsername('JohnDoe'); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('PUT', '/api/instance/faq', server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); } public function testApiCannotUpdateInstanceFAQPageWithoutScope(): void { self::createOAuth2AuthCodeClient(); $user = $this->getUserByUsername('JohnDoe', isAdmin: true); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('PUT', '/api/instance/faq', server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); } public function testApiCanUpdateInstanceFAQPage(): void { self::createOAuth2AuthCodeClient(); $user = $this->getUserByUsername('JohnDoe', isAdmin: true); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read admin:instance:information:edit'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->jsonRequest('PUT', '/api/instance/faq', ['body' => 'faq page'], server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertArrayKeysMatch(InstanceDetailsApiTest::INSTANCE_PAGE_RESPONSE_KEYS, $jsonData); self::assertEquals('faq page', $jsonData['faq']); } public function testApiCannotUpdateInstancePrivacyPolicyPageAnonymous(): void { $this->client->request('PUT', '/api/instance/privacyPolicy'); self::assertResponseStatusCodeSame(401); } public function testApiCannotUpdateInstancePrivacyPolicyPageWithoutAdmin(): void { self::createOAuth2AuthCodeClient(); $user = $this->getUserByUsername('JohnDoe'); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('PUT', '/api/instance/privacyPolicy', server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); } public function testApiCannotUpdateInstancePrivacyPolicyPageWithoutScope(): void { self::createOAuth2AuthCodeClient(); $user = $this->getUserByUsername('JohnDoe', isAdmin: true); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('PUT', '/api/instance/privacyPolicy', server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); } public function testApiCanUpdateInstancePrivacyPolicyPage(): void { self::createOAuth2AuthCodeClient(); $user = $this->getUserByUsername('JohnDoe', isAdmin: true); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read admin:instance:information:edit'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->jsonRequest('PUT', '/api/instance/privacyPolicy', ['body' => 'privacyPolicy page'], server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertArrayKeysMatch(InstanceDetailsApiTest::INSTANCE_PAGE_RESPONSE_KEYS, $jsonData); self::assertEquals('privacyPolicy page', $jsonData['privacyPolicy']); } public function testApiCannotUpdateInstanceTermsPageAnonymous(): void { $this->client->request('PUT', '/api/instance/terms'); self::assertResponseStatusCodeSame(401); } public function testApiCannotUpdateInstanceTermsPageWithoutAdmin(): void { self::createOAuth2AuthCodeClient(); $user = $this->getUserByUsername('JohnDoe'); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('PUT', '/api/instance/terms', server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); } public function testApiCannotUpdateInstanceTermsPageWithoutScope(): void { self::createOAuth2AuthCodeClient(); $user = $this->getUserByUsername('JohnDoe', isAdmin: true); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('PUT', '/api/instance/terms', server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); } public function testApiCanUpdateInstanceTermsPage(): void { self::createOAuth2AuthCodeClient(); $user = $this->getUserByUsername('JohnDoe', isAdmin: true); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read admin:instance:information:edit'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->jsonRequest('PUT', '/api/instance/terms', ['body' => 'terms page'], server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertArrayKeysMatch(InstanceDetailsApiTest::INSTANCE_PAGE_RESPONSE_KEYS, $jsonData); self::assertEquals('terms page', $jsonData['terms']); } } ================================================ FILE: tests/Functional/Controller/Api/Instance/Admin/InstanceSettingsRetrieveApiTest.php ================================================ client->request('GET', '/api/instance/settings'); self::assertResponseStatusCodeSame(401); } public function testApiCannotRetrieveInstanceSettingsWithoutAdmin(): void { self::createOAuth2AuthCodeClient(); $user = $this->getUserByUsername('JohnDoe'); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('GET', '/api/instance/settings', server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); } public function testApiCannotRetrieveInstanceSettingsWithoutScope(): void { self::createOAuth2AuthCodeClient(); $user = $this->getUserByUsername('JohnDoe', isAdmin: true); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('GET', '/api/instance/settings', server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); } public function testApiCanRetrieveInstanceSettings(): void { self::createOAuth2AuthCodeClient(); $user = $this->getUserByUsername('JohnDoe', isAdmin: true); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read admin:instance:settings:read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('GET', '/api/instance/settings', server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertArrayKeysMatch(self::INSTANCE_SETTINGS_RESPONSE_KEYS, $jsonData); foreach ($jsonData as $key => $value) { self::assertNotNull($value, "$key was null!"); } } } ================================================ FILE: tests/Functional/Controller/Api/Instance/Admin/InstanceSettingsUpdateApiTest.php ================================================ client->request('PUT', '/api/instance/settings'); self::assertResponseStatusCodeSame(401); } public function testApiCannotUpdateInstanceSettingsWithoutAdmin(): void { self::createOAuth2AuthCodeClient(); $user = $this->getUserByUsername('JohnDoe'); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('PUT', '/api/instance/settings', server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); } public function testApiCannotUpdateInstanceSettingsWithoutScope(): void { self::createOAuth2AuthCodeClient(); $user = $this->getUserByUsername('JohnDoe', isAdmin: true); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('PUT', '/api/instance/settings', server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); } public function testApiCanUpdateInstanceSettings(): void { self::createOAuth2AuthCodeClient(); $user = $this->getUserByUsername('JohnDoe', isAdmin: true); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read admin:instance:settings:edit'); $token = $codes['token_type'].' '.$codes['access_token']; $settings = [ 'KBIN_DOMAIN' => 'kbinupdated.test', 'KBIN_TITLE' => 'updated title', 'KBIN_META_TITLE' => 'meta title', 'KBIN_META_KEYWORDS' => 'this, is, a, test', 'KBIN_META_DESCRIPTION' => 'Testing out the API', 'KBIN_DEFAULT_LANG' => 'de', 'KBIN_CONTACT_EMAIL' => 'test@kbinupdated.test', 'KBIN_SENDER_EMAIL' => 'noreply@kbinupdated.test', 'MBIN_DEFAULT_THEME' => 'dark', 'KBIN_JS_ENABLED' => true, 'KBIN_FEDERATION_ENABLED' => true, 'KBIN_REGISTRATIONS_ENABLED' => false, 'KBIN_HEADER_LOGO' => true, 'KBIN_CAPTCHA_ENABLED' => true, 'KBIN_MERCURE_ENABLED' => false, 'KBIN_FEDERATION_PAGE_ENABLED' => false, 'KBIN_ADMIN_ONLY_OAUTH_CLIENTS' => true, 'MBIN_PRIVATE_INSTANCE' => true, 'KBIN_FEDERATED_SEARCH_ONLY_LOGGEDIN' => false, 'MBIN_SIDEBAR_SECTIONS_RANDOM_LOCAL_ONLY' => false, 'MBIN_SIDEBAR_SECTIONS_USERS_LOCAL_ONLY' => false, 'MBIN_SSO_REGISTRATIONS_ENABLED' => true, 'MBIN_RESTRICT_MAGAZINE_CREATION' => false, 'MBIN_DOWNVOTES_MODE' => DownvotesMode::Enabled->value, 'MBIN_SSO_ONLY_MODE' => false, 'MBIN_SSO_SHOW_FIRST' => false, 'MBIN_NEW_USERS_NEED_APPROVAL' => false, 'MBIN_USE_FEDERATION_ALLOW_LIST' => false, ]; $this->client->jsonRequest('PUT', '/api/instance/settings', $settings, server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertArrayKeysMatch(self::INSTANCE_SETTINGS_RESPONSE_KEYS, $jsonData); foreach ($jsonData as $key => $value) { self::assertEquals($settings[$key], $value, "$key did not match!"); } $settings = [ 'KBIN_DOMAIN' => 'kbin.test', 'KBIN_TITLE' => 'updated title', 'KBIN_META_TITLE' => 'meta title', 'KBIN_META_KEYWORDS' => 'this, is, a, test', 'KBIN_META_DESCRIPTION' => 'Testing out the API', 'KBIN_DEFAULT_LANG' => 'en', 'KBIN_CONTACT_EMAIL' => 'test@kbinupdated.test', 'KBIN_SENDER_EMAIL' => 'noreply@kbinupdated.test', 'MBIN_DEFAULT_THEME' => 'light', 'KBIN_JS_ENABLED' => false, 'KBIN_FEDERATION_ENABLED' => false, 'KBIN_REGISTRATIONS_ENABLED' => true, 'KBIN_HEADER_LOGO' => false, 'KBIN_CAPTCHA_ENABLED' => false, 'KBIN_MERCURE_ENABLED' => true, 'KBIN_FEDERATION_PAGE_ENABLED' => true, 'KBIN_ADMIN_ONLY_OAUTH_CLIENTS' => false, 'MBIN_PRIVATE_INSTANCE' => false, 'KBIN_FEDERATED_SEARCH_ONLY_LOGGEDIN' => true, 'MBIN_SIDEBAR_SECTIONS_RANDOM_LOCAL_ONLY' => true, 'MBIN_SIDEBAR_SECTIONS_USERS_LOCAL_ONLY' => true, 'MBIN_SSO_REGISTRATIONS_ENABLED' => false, 'MBIN_RESTRICT_MAGAZINE_CREATION' => true, 'MBIN_DOWNVOTES_MODE' => DownvotesMode::Hidden->value, 'MBIN_SSO_ONLY_MODE' => true, 'MBIN_SSO_SHOW_FIRST' => true, 'MBIN_NEW_USERS_NEED_APPROVAL' => false, 'MBIN_USE_FEDERATION_ALLOW_LIST' => false, ]; $this->client->jsonRequest('PUT', '/api/instance/settings', $settings, server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertArrayKeysMatch(self::INSTANCE_SETTINGS_RESPONSE_KEYS, $jsonData); foreach ($jsonData as $key => $value) { self::assertEquals($settings[$key], $value, "$key did not match!"); } } protected function tearDown(): void { parent::tearDown(); SettingsManager::resetDto(); } } ================================================ FILE: tests/Functional/Controller/Api/Instance/InstanceDetailsApiTest.php ================================================ createInstancePages(); $this->client->request('GET', '/api/instance'); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertArrayKeysMatch(self::INSTANCE_PAGE_RESPONSE_KEYS, $jsonData); self::assertEquals($site->about, $jsonData['about']); self::assertEquals($site->contact, $jsonData['contact']); self::assertEquals($site->faq, $jsonData['faq']); self::assertEquals($site->privacyPolicy, $jsonData['privacyPolicy']); self::assertEquals($site->terms, $jsonData['terms']); } public function testApiCanRetrieveInstanceDetails(): void { $site = $this->createInstancePages(); self::createOAuth2AuthCodeClient(); $user = $this->getUserByUsername('JohnDoe'); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('GET', '/api/instance', server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertArrayKeysMatch(self::INSTANCE_PAGE_RESPONSE_KEYS, $jsonData); self::assertEquals($site->about, $jsonData['about']); self::assertEquals($site->contact, $jsonData['contact']); self::assertEquals($site->faq, $jsonData['faq']); self::assertEquals($site->privacyPolicy, $jsonData['privacyPolicy']); self::assertEquals($site->terms, $jsonData['terms']); } } ================================================ FILE: tests/Functional/Controller/Api/Instance/InstanceFederationApiTest.php ================================================ instanceManager->setBannedInstances([]); self::createOAuth2AuthCodeClient(); $user = $this->getUserByUsername('JohnDoe'); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('GET', '/api/defederated', server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertArrayKeysMatch(self::INSTANCE_DEFEDERATED_RESPONSE_KEYS, $jsonData); self::assertSame([], $jsonData['instances']); } #[Group(name: 'NonThreadSafe')] public function testApiCanRetrieveInstanceDefederationAnonymous(): void { $this->instanceManager->setBannedInstances(['defederated.social']); $this->client->request('GET', '/api/defederated'); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertArrayKeysMatch(self::INSTANCE_DEFEDERATED_RESPONSE_KEYS, $jsonData); self::assertSame(['defederated.social'], $jsonData['instances']); } #[Group(name: 'NonThreadSafe')] public function testApiCanRetrieveInstanceDefederation(): void { $this->instanceManager->setBannedInstances(['defederated.social', 'evil.social']); self::createOAuth2AuthCodeClient(); $user = $this->getUserByUsername('JohnDoe'); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('GET', '/api/defederated', server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertArrayKeysMatch(self::INSTANCE_DEFEDERATED_RESPONSE_KEYS, $jsonData); self::assertSame(['defederated.social', 'evil.social'], $jsonData['instances']); } } ================================================ FILE: tests/Functional/Controller/Api/Instance/InstanceModlogApiTest.php ================================================ createModlogMessages(); $this->client->request('GET', '/api/modlog'); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::PAGINATED_KEYS, $jsonData); self::assertIsArray($jsonData['items']); self::assertCount(5, $jsonData['items']); self::assertIsArray($jsonData['pagination']); self::assertArrayKeysMatch(self::PAGINATION_KEYS, $jsonData['pagination']); self::assertSame(5, $jsonData['pagination']['count']); $magazine = $this->getMagazineByName('acme'); $moderator = $magazine->getOwner(); $this->validateModlog($jsonData, $magazine, $moderator); } public function testApiCanRetrieveModlogAnonymousWithTypeFilter(): void { $this->createModlogMessages(); $this->client->request('GET', '/api/modlog?types[]='.MagazineLog::CHOICES[0].'&types[]='.MagazineLog::CHOICES[1]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); } public function testApiCanRetrieveModlog(): void { $this->createModlogMessages(); self::createOAuth2AuthCodeClient(); $user = $this->getUserByUsername('JohnDoe'); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('GET', '/api/modlog', server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::PAGINATED_KEYS, $jsonData); self::assertIsArray($jsonData['items']); self::assertCount(5, $jsonData['items']); self::assertIsArray($jsonData['pagination']); self::assertArrayKeysMatch(self::PAGINATION_KEYS, $jsonData['pagination']); self::assertSame(5, $jsonData['pagination']['count']); $magazine = $this->getMagazineByName('acme'); $moderator = $magazine->getOwner(); $this->validateModlog($jsonData, $magazine, $moderator); } } ================================================ FILE: tests/Functional/Controller/Api/Instance/InstanceRetrieveInfoApiTest.php ================================================ getUserByUsername('admin', isAdmin: true); $this->getUserByUsername('moderator', isModerator: true); $this->client->request('GET', '/api/info'); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertArrayKeysMatch(self::INFO_KEYS, $jsonData); self::assertIsString($jsonData['softwareName']); self::assertIsString($jsonData['softwareVersion']); self::assertIsString($jsonData['softwareRepository']); self::assertIsString($jsonData['websiteDomain']); self::assertIsString($jsonData['websiteContactEmail']); self::assertIsString($jsonData['websiteTitle']); self::assertIsBool($jsonData['websiteOpenRegistrations']); self::assertIsBool($jsonData['websiteFederationEnabled']); self::assertIsString($jsonData['websiteDefaultLang']); self::assertIsArray($jsonData['instanceAdmins']); self::assertIsArray($jsonData['instanceModerators']); self::assertNotEmpty($jsonData['instanceAdmins']); self::assertNotEmpty($jsonData['instanceModerators']); self::assertArrayKeysMatch(self::AP_USER_DEFAULT_KEYS, $jsonData['instanceAdmins'][0]); self::assertArrayKeysMatch(self::AP_USER_DEFAULT_KEYS, $jsonData['instanceModerators'][0]); } } ================================================ FILE: tests/Functional/Controller/Api/Magazine/Admin/MagazineBadgesApiTest.php ================================================ getMagazineByName('test'); $this->client->jsonRequest('POST', "/api/moderate/magazine/{$magazine->getId()}/badge", parameters: ['name' => 'test']); self::assertResponseStatusCodeSame(401); } public function testApiCannotRemoveBadgesFromMagazineAnonymous(): void { $magazine = $this->getMagazineByName('test'); $badgeManager = $this->badgeManager; $badge = $badgeManager->create(BadgeDto::create($magazine, 'test')); $this->client->request('DELETE', "/api/moderate/magazine/{$magazine->getId()}/badge/{$badge->getId()}"); self::assertResponseStatusCodeSame(401); } public function testApiCannotAddBadgesToMagazineWithoutScope(): void { $this->client->loginUser($this->getUserByUsername('JohnDoe')); self::createOAuth2AuthCodeClient(); $magazine = $this->getMagazineByName('test'); $codes = self::getAuthorizationCodeTokenResponse($this->client); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->jsonRequest('POST', "/api/moderate/magazine/{$magazine->getId()}/badge", parameters: ['name' => 'test'], server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); } public function testApiCannotRemoveBadgesFromMagazineWithoutScope(): void { $this->client->loginUser($this->getUserByUsername('JohnDoe')); self::createOAuth2AuthCodeClient(); $magazine = $this->getMagazineByName('test'); $badgeManager = $this->badgeManager; $badge = $badgeManager->create(BadgeDto::create($magazine, 'test')); $codes = self::getAuthorizationCodeTokenResponse($this->client); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('DELETE', "/api/moderate/magazine/{$magazine->getId()}/badge/{$badge->getId()}", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); } public function testApiModCannotAddBadgesMagazine(): void { $moderator = $this->getUserByUsername('JohnDoe'); $this->client->loginUser($moderator); $owner = $this->getUserByUsername('JaneDoe'); $admin = $this->getUserByUsername('admin', isAdmin: true); self::createOAuth2AuthCodeClient(); $magazine = $this->getMagazineByName('test', $owner); $magazineManager = $this->magazineManager; $dto = new ModeratorDto($magazine); $dto->user = $moderator; $dto->addedBy = $admin; $magazineManager->addModerator($dto); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read write moderate:magazine_admin:badges'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->jsonRequest('POST', "/api/moderate/magazine/{$magazine->getId()}/badge", parameters: ['name' => 'test'], server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); } public function testApiModCannotRemoveBadgesMagazine(): void { $moderator = $this->getUserByUsername('JohnDoe'); $this->client->loginUser($moderator); $owner = $this->getUserByUsername('JaneDoe'); $admin = $this->getUserByUsername('admin', isAdmin: true); self::createOAuth2AuthCodeClient(); $magazine = $this->getMagazineByName('test', $owner); $magazineManager = $this->magazineManager; $dto = new ModeratorDto($magazine); $dto->user = $moderator; $dto->addedBy = $admin; $magazineManager->addModerator($dto); $badgeManager = $this->badgeManager; $badge = $badgeManager->create(BadgeDto::create($magazine, 'test')); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read write moderate:magazine_admin:badges'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('DELETE', "/api/moderate/magazine/{$magazine->getId()}/badge/{$badge->getId()}", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); } public function testApiOwnerCanAddBadgesMagazine(): void { $user = $this->getUserByUsername('JohnDoe'); $this->client->loginUser($user); self::createOAuth2AuthCodeClient(); $magazine = $this->getMagazineByName('test'); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read write moderate:magazine_admin:badges'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->jsonRequest('POST', "/api/moderate/magazine/{$magazine->getId()}/badge", parameters: ['name' => 'test'], server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(MagazineRetrieveApiTest::MAGAZINE_RESPONSE_KEYS, $jsonData); self::assertIsArray($jsonData['badges']); self::assertCount(1, $jsonData['badges']); self::assertArrayKeysMatch(self::BADGE_RESPONSE_KEYS, $jsonData['badges'][0]); self::assertEquals('test', $jsonData['badges'][0]['name']); } public function testApiOwnerCanRemoveBadgesMagazine(): void { $user = $this->getUserByUsername('JohnDoe'); $this->client->loginUser($user); self::createOAuth2AuthCodeClient(); $magazine = $this->getMagazineByName('test'); $badgeManager = $this->badgeManager; $badge = $badgeManager->create(BadgeDto::create($magazine, 'test')); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read write moderate:magazine_admin:badges'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('DELETE', "/api/moderate/magazine/{$magazine->getId()}/badge/{$badge->getId()}", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(MagazineRetrieveApiTest::MAGAZINE_RESPONSE_KEYS, $jsonData); self::assertIsArray($jsonData['badges']); self::assertCount(0, $jsonData['badges']); } } ================================================ FILE: tests/Functional/Controller/Api/Magazine/Admin/MagazineCreateApiTest.php ================================================ client->request('POST', '/api/moderate/magazine/new'); self::assertResponseStatusCodeSame(401); } public function testApiCannotCreateMagazineWithoutScope(): void { $this->client->loginUser($this->getUserByUsername('JohnDoe')); self::createOAuth2AuthCodeClient(); $codes = self::getAuthorizationCodeTokenResponse($this->client); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('POST', '/api/moderate/magazine/new', server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); } public function testApiCanCreateMagazine(): void { $user = $this->getUserByUsername('JohnDoe'); $this->client->loginUser($user); self::createOAuth2AuthCodeClient(); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read write moderate:magazine_admin:create'); $token = $codes['token_type'].' '.$codes['access_token']; $name = 'test'; $title = 'API Test Magazine'; $description = 'A description'; $this->client->jsonRequest( 'POST', '/api/moderate/magazine/new', parameters: [ 'name' => $name, 'title' => $title, 'description' => $description, 'isAdult' => false, 'discoverable' => false, 'isPostingRestrictedToMods' => true, 'indexable' => false, ], server: ['HTTP_AUTHORIZATION' => $token] ); self::assertResponseStatusCodeSame(201); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(MagazineRetrieveApiTest::MAGAZINE_RESPONSE_KEYS, $jsonData); self::assertEquals($name, $jsonData['name']); self::assertSame($user->getId(), $jsonData['owner']['userId']); self::assertEquals($description, $jsonData['description']); self::assertEquals($rules, $jsonData['rules']); self::assertFalse($jsonData['isAdult']); self::assertFalse($jsonData['discoverable']); self::assertTrue($jsonData['isPostingRestrictedToMods']); self::assertFalse($jsonData['indexable']); } public function testApiCannotCreateInvalidMagazine(): void { $user = $this->getUserByUsername('JohnDoe'); $this->client->loginUser($user); self::createOAuth2AuthCodeClient(); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read write moderate:magazine_admin:create'); $token = $codes['token_type'].' '.$codes['access_token']; $title = 'No name'; $description = 'A description'; $this->client->jsonRequest( 'POST', '/api/moderate/magazine/new', parameters: [ 'name' => null, 'title' => $title, 'description' => $description, 'isAdult' => false, ], server: ['HTTP_AUTHORIZATION' => $token] ); self::assertResponseStatusCodeSame(400); $name = 'a'; $title = 'Too short name'; $this->client->jsonRequest( 'POST', '/api/moderate/magazine/new', parameters: [ 'name' => $name, 'title' => $title, 'description' => $description, 'isAdult' => false, ], server: ['HTTP_AUTHORIZATION' => $token] ); self::assertResponseStatusCodeSame(400); $name = 'long_name_that_exceeds_the_limit'; $title = 'Too long name'; $this->client->jsonRequest( 'POST', '/api/moderate/magazine/new', parameters: [ 'name' => $name, 'title' => $title, 'description' => $description, 'isAdult' => false, ], server: ['HTTP_AUTHORIZATION' => $token] ); self::assertResponseStatusCodeSame(400); $name = 'invalidch@racters!'; $title = 'Invalid Characters in name'; $this->client->jsonRequest( 'POST', '/api/moderate/magazine/new', parameters: [ 'name' => $name, 'title' => $title, 'description' => $description, 'isAdult' => false, ], server: ['HTTP_AUTHORIZATION' => $token] ); self::assertResponseStatusCodeSame(400); $name = 'nulltitle'; $title = null; $this->client->jsonRequest( 'POST', '/api/moderate/magazine/new', parameters: [ 'name' => $name, 'title' => $title, 'description' => $description, 'isAdult' => false, ], server: ['HTTP_AUTHORIZATION' => $token] ); self::assertResponseStatusCodeSame(400); $name = 'shorttitle'; $title = 'as'; $this->client->jsonRequest( 'POST', '/api/moderate/magazine/new', parameters: [ 'name' => $name, 'title' => $title, 'description' => $description, 'isAdult' => false, ], server: ['HTTP_AUTHORIZATION' => $token] ); self::assertResponseStatusCodeSame(400); $name = 'longtitle'; $title = 'Way too long of a title. This can only be 50 characters!'; $this->client->jsonRequest( 'POST', '/api/moderate/magazine/new', parameters: [ 'name' => $name, 'title' => $title, 'description' => $description, 'isAdult' => false, ], server: ['HTTP_AUTHORIZATION' => $token] ); self::assertResponseStatusCodeSame(400); $name = 'rulesDeprecated'; $title = 'rules are deprecated'; $rules = 'Some rules'; $this->client->jsonRequest( 'POST', '/api/moderate/magazine/new', parameters: [ 'name' => $name, 'title' => $title, 'rules' => $rules, 'isAdult' => false, ], server: ['HTTP_AUTHORIZATION' => $token] ); self::assertResponseStatusCodeSame(400); } } ================================================ FILE: tests/Functional/Controller/Api/Magazine/Admin/MagazineDeleteApiTest.php ================================================ getMagazineByName('test'); $this->client->request('DELETE', "/api/moderate/magazine/{$magazine->getId()}"); self::assertResponseStatusCodeSame(401); } public function testApiCannotDeleteMagazineWithoutScope(): void { $this->client->loginUser($this->getUserByUsername('JohnDoe')); self::createOAuth2AuthCodeClient(); $magazine = $this->getMagazineByName('test'); $codes = self::getAuthorizationCodeTokenResponse($this->client); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('DELETE', "/api/moderate/magazine/{$magazine->getId()}", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); } public function testApiUserCannotDeleteUnownedMagazine(): void { $moderator = $this->getUserByUsername('JohnDoe'); $this->client->loginUser($moderator); $owner = $this->getUserByUsername('JaneDoe'); self::createOAuth2AuthCodeClient(); $magazine = $this->getMagazineByName('test', $owner); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read write moderate:magazine_admin:delete'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('DELETE', "/api/moderate/magazine/{$magazine->getId()}", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); } public function testApiModCannotDeleteUnownedMagazine(): void { $moderator = $this->getUserByUsername('JohnDoe'); $this->client->loginUser($moderator); $owner = $this->getUserByUsername('JaneDoe'); $admin = $this->getUserByUsername('admin', isAdmin: true); self::createOAuth2AuthCodeClient(); $magazine = $this->getMagazineByName('test', $owner); $magazineManager = $this->magazineManager; $dto = new ModeratorDto($magazine); $dto->user = $moderator; $dto->addedBy = $admin; $magazineManager->addModerator($dto); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read write moderate:magazine_admin:delete'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('DELETE', "/api/moderate/magazine/{$magazine->getId()}", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); } public function testApiCanDeleteMagazine(): void { $user = $this->getUserByUsername('JohnDoe'); $this->client->loginUser($user); self::createOAuth2AuthCodeClient(); $magazine = $this->getMagazineByName('test'); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read write moderate:magazine_admin:delete'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('DELETE', "/api/moderate/magazine/{$magazine->getId()}", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(204); } } ================================================ FILE: tests/Functional/Controller/Api/Magazine/Admin/MagazineDeleteIconApiTest.php ================================================ kibbyPath = \dirname(__FILE__, 6).'/assets/kibby_emoji.png'; } public function testApiCannotDeleteMagazineIconAnonymous(): void { $magazine = $this->getMagazineByName('test'); $this->client->request('DELETE', "/api/moderate/magazine/{$magazine->getId()}/icon"); self::assertResponseStatusCodeSame(401); } public function testApiCannotDeleteMagazineIconWithoutScope(): void { $this->client->loginUser($this->getUserByUsername('JohnDoe')); self::createOAuth2AuthCodeClient(); $magazine = $this->getMagazineByName('test'); $codes = self::getAuthorizationCodeTokenResponse($this->client); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('DELETE', "/api/moderate/magazine/{$magazine->getId()}/icon", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); } public function testApiModCannotDeleteMagazineIcon(): void { $moderator = $this->getUserByUsername('JohnDoe'); $this->client->loginUser($moderator); $owner = $this->getUserByUsername('JaneDoe'); $admin = $this->getUserByUsername('admin', isAdmin: true); self::createOAuth2AuthCodeClient(); $magazine = $this->getMagazineByName('test', $owner); $magazineManager = $this->magazineManager; $dto = new ModeratorDto($magazine); $dto->user = $moderator; $dto->addedBy = $admin; $magazineManager->addModerator($dto); $codes = self::getAuthorizationCodeTokenResponse($this->client); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('DELETE', "/api/moderate/magazine/{$magazine->getId()}/icon", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); } #[Group(name: 'NonThreadSafe')] public function testApiCanDeleteMagazineIcon(): void { $user = $this->getUserByUsername('JohnDoe'); $this->client->loginUser($user); self::createOAuth2AuthCodeClient(); $magazine = $this->getMagazineByName('test'); $tmpPath = bin2hex(random_bytes(32)); copy($this->kibbyPath, $tmpPath.'.png'); $upload = new UploadedFile($tmpPath.'.png', 'kibby_emoji.png', 'image/png'); $imageRepository = $this->imageRepository; $image = $imageRepository->findOrCreateFromUpload($upload); self::assertNotNull($image); $magazine->icon = $image; $entityManager = $this->entityManager; $entityManager->persist($magazine); $entityManager->flush(); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read write moderate:magazine_admin:theme'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('GET', "/api/magazine/{$magazine->getId()}", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertArrayKeysMatch(WebTestCase::MAGAZINE_RESPONSE_KEYS, $jsonData); self::assertIsArray($jsonData['icon']); self::assertArrayKeysMatch(self::IMAGE_KEYS, $jsonData['icon']); self::assertSame(96, $jsonData['icon']['width']); self::assertSame(96, $jsonData['icon']['height']); self::assertEquals('a8/1c/a81cc2fea35eeb232cd28fcb109b3eb5a4e52c71bce95af6650d71876c1bcbb7.png', $jsonData['icon']['filePath']); self::assertNull($jsonData['banner']); $this->client->request('DELETE', "/api/moderate/magazine/{$magazine->getId()}/icon", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(MagazineUpdateThemeApiTest::MAGAZINE_THEME_RESPONSE_KEYS, $jsonData); self::assertIsArray($jsonData['magazine']); self::assertArrayKeysMatch(MagazineRetrieveApiTest::MAGAZINE_SMALL_RESPONSE_KEYS, $jsonData['magazine']); self::assertNull($jsonData['icon']); } } ================================================ FILE: tests/Functional/Controller/Api/Magazine/Admin/MagazineModeratorsApiTest.php ================================================ getMagazineByName('test'); $user = $this->getUserByUsername('notamod'); $this->client->request('POST', "/api/moderate/magazine/{$magazine->getId()}/mod/{$user->getId()}"); self::assertResponseStatusCodeSame(401); } public function testApiCannotRemoveModeratorsFromMagazineAnonymous(): void { $magazine = $this->getMagazineByName('test'); $user = $this->getUserByUsername('yesamod'); $admin = $this->getUserByUsername('admin', isAdmin: true); $magazineManager = $this->magazineManager; $dto = new ModeratorDto($magazine); $dto->user = $user; $dto->addedBy = $admin; $magazineManager->addModerator($dto); $this->client->request('DELETE', "/api/moderate/magazine/{$magazine->getId()}/mod/{$user->getId()}"); self::assertResponseStatusCodeSame(401); } public function testApiCannotAddModeratorsToMagazineWithoutScope(): void { $this->client->loginUser($this->getUserByUsername('JohnDoe')); self::createOAuth2AuthCodeClient(); $magazine = $this->getMagazineByName('test'); $user = $this->getUserByUsername('notamod'); $codes = self::getAuthorizationCodeTokenResponse($this->client); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('POST', "/api/moderate/magazine/{$magazine->getId()}/mod/{$user->getId()}", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); } public function testApiCannotRemoveModeratorsFromMagazineWithoutScope(): void { $this->client->loginUser($this->getUserByUsername('JohnDoe')); self::createOAuth2AuthCodeClient(); $magazine = $this->getMagazineByName('test'); $user = $this->getUserByUsername('yesamod'); $admin = $this->getUserByUsername('admin', isAdmin: true); $magazineManager = $this->magazineManager; $dto = new ModeratorDto($magazine); $dto->user = $user; $dto->addedBy = $admin; $magazineManager->addModerator($dto); $codes = self::getAuthorizationCodeTokenResponse($this->client); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('DELETE', "/api/moderate/magazine/{$magazine->getId()}/mod/{$user->getId()}", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); } public function testApiModCannotAddModeratorsMagazine(): void { $moderator = $this->getUserByUsername('JohnDoe'); $user = $this->getUserByUsername('notamod'); $this->client->loginUser($moderator); $owner = $this->getUserByUsername('JaneDoe'); self::createOAuth2AuthCodeClient(); $magazine = $this->getMagazineByName('test', $owner); $magazineManager = $this->magazineManager; $dto = new ModeratorDto($magazine); $dto->user = $moderator; $dto->addedBy = $owner; $magazineManager->addModerator($dto); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read write moderate:magazine_admin:moderators'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('POST', "/api/moderate/magazine/{$magazine->getId()}/mod/{$user->getId()}", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); } public function testApiModCannotRemoveModeratorsMagazine(): void { $moderator = $this->getUserByUsername('JohnDoe'); $user = $this->getUserByUsername('yesamod'); $this->client->loginUser($moderator); $owner = $this->getUserByUsername('JaneDoe'); self::createOAuth2AuthCodeClient(); $magazine = $this->getMagazineByName('test', $owner); $magazineManager = $this->magazineManager; $dto = new ModeratorDto($magazine); $dto->user = $moderator; $dto->addedBy = $owner; $magazineManager->addModerator($dto); $dto = new ModeratorDto($magazine); $dto->user = $user; $dto->addedBy = $owner; $magazineManager->addModerator($dto); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read write moderate:magazine_admin:moderators'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('DELETE', "/api/moderate/magazine/{$magazine->getId()}/mod/{$user->getId()}", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); } public function testApiOwnerCanAddModeratorsMagazine(): void { $user = $this->getUserByUsername('JohnDoe'); $moderator = $this->getUserByUsername('willbeamod'); $this->client->loginUser($user); self::createOAuth2AuthCodeClient(); $magazine = $this->getMagazineByName('test'); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read write moderate:magazine_admin:moderators'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('POST', "/api/moderate/magazine/{$magazine->getId()}/mod/{$moderator->getId()}", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(MagazineRetrieveApiTest::MAGAZINE_RESPONSE_KEYS, $jsonData); self::assertIsArray($jsonData['moderators']); self::assertCount(2, $jsonData['moderators']); self::assertArrayKeysMatch(MagazineRetrieveApiTest::MODERATOR_RESPONSE_KEYS, $jsonData['moderators'][1]); self::assertSame($moderator->getId(), $jsonData['moderators'][1]['userId']); } public function testApiOwnerCanRemoveModeratorsMagazine(): void { $user = $this->getUserByUsername('JohnDoe'); $this->client->loginUser($user); self::createOAuth2AuthCodeClient(); $magazine = $this->getMagazineByName('test'); $moderator = $this->getUserByUsername('yesamod'); $admin = $this->getUserByUsername('admin', isAdmin: true); $magazineManager = $this->magazineManager; $dto = new ModeratorDto($magazine); $dto->user = $moderator; $dto->addedBy = $admin; $magazineManager->addModerator($dto); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read write moderate:magazine_admin:moderators'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('GET', "/api/magazine/{$magazine->getId()}", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(MagazineRetrieveApiTest::MAGAZINE_RESPONSE_KEYS, $jsonData); self::assertIsArray($jsonData['moderators']); self::assertCount(2, $jsonData['moderators']); self::assertArrayKeysMatch(MagazineRetrieveApiTest::MODERATOR_RESPONSE_KEYS, $jsonData['moderators'][1]); self::assertSame($moderator->getId(), $jsonData['moderators'][1]['userId']); $this->client->request('DELETE', "/api/moderate/magazine/{$magazine->getId()}/mod/{$moderator->getId()}", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(MagazineRetrieveApiTest::MAGAZINE_RESPONSE_KEYS, $jsonData); self::assertIsArray($jsonData['moderators']); self::assertCount(1, $jsonData['moderators']); self::assertArrayKeysMatch(MagazineRetrieveApiTest::MODERATOR_RESPONSE_KEYS, $jsonData['moderators'][0]); self::assertSame($user->getId(), $jsonData['moderators'][0]['userId']); } } ================================================ FILE: tests/Functional/Controller/Api/Magazine/Admin/MagazinePurgeApiTest.php ================================================ getMagazineByName('test'); $this->client->request('DELETE', "/api/admin/magazine/{$magazine->getId()}/purge"); self::assertResponseStatusCodeSame(401); } public function testApiCannotPurgeMagazineWithoutScope(): void { $this->client->loginUser($this->getUserByUsername('JohnDoe')); self::createOAuth2AuthCodeClient(); $magazine = $this->getMagazineByName('test'); $codes = self::getAuthorizationCodeTokenResponse($this->client); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('DELETE', "/api/admin/magazine/{$magazine->getId()}/purge", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); } public function testApiNonAdminUserCannotPurgeMagazine(): void { $moderator = $this->getUserByUsername('JohnDoe'); $this->client->loginUser($moderator); $owner = $this->getUserByUsername('JaneDoe'); self::createOAuth2AuthCodeClient(); $magazine = $this->getMagazineByName('test', $owner); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read write admin:magazine:purge'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('DELETE', "/api/admin/magazine/{$magazine->getId()}/purge", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); } public function testApiModCannotPurgeMagazine(): void { $moderator = $this->getUserByUsername('JohnDoe'); $this->client->loginUser($moderator); $owner = $this->getUserByUsername('JaneDoe'); self::createOAuth2AuthCodeClient(); $magazine = $this->getMagazineByName('test', $owner); $magazineManager = $this->magazineManager; $dto = new ModeratorDto($magazine); $dto->user = $moderator; $dto->addedBy = $owner; $magazineManager->addModerator($dto); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read write admin:magazine:purge'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('DELETE', "/api/admin/magazine/{$magazine->getId()}/purge", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); } public function testApiOwnerCannotPurgeMagazine(): void { $user = $this->getUserByUsername('JohnDoe'); $this->client->loginUser($user); self::createOAuth2AuthCodeClient(); $magazine = $this->getMagazineByName('test'); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read write admin:magazine:purge'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('DELETE', "/api/admin/magazine/{$magazine->getId()}/purge", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); } public function testApiAdminCanPurgeMagazine(): void { $admin = $this->getUserByUsername('JohnDoe', isAdmin: true); $owner = $this->getUserByUsername('JaneDoe'); $this->client->loginUser($admin); self::createOAuth2AuthCodeClient(); $magazine = $this->getMagazineByName('test', $owner); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read write admin:magazine:purge'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('DELETE', "/api/admin/magazine/{$magazine->getId()}/purge", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(204); } } ================================================ FILE: tests/Functional/Controller/Api/Magazine/Admin/MagazineRetrieveStatsApiTest.php ================================================ getMagazineByName('test'); $this->client->request('GET', "/api/stats/magazine/{$magazine->getId()}/votes"); self::assertResponseStatusCodeSame(401); $this->client->request('GET', "/api/stats/magazine/{$magazine->getId()}/content"); self::assertResponseStatusCodeSame(401); } public function testApiCannotRetrieveMagazineStatsWithoutScope(): void { $this->client->loginUser($this->getUserByUsername('JohnDoe')); self::createOAuth2AuthCodeClient(); $magazine = $this->getMagazineByName('test'); $codes = self::getAuthorizationCodeTokenResponse($this->client); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('GET', "/api/stats/magazine/{$magazine->getId()}/votes", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); $this->client->request('GET', "/api/stats/magazine/{$magazine->getId()}/content", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); } public function testApiCannotRetrieveMagazineStatsIfNotOwner(): void { $this->client->loginUser($this->getUserByUsername('JohnDoe')); self::createOAuth2AuthCodeClient(); $owner = $this->getUserByUsername('JaneDoe'); $magazine = $this->getMagazineByName('test', $owner); $magazineManager = $this->magazineManager; $dto = new ModeratorDto($magazine); $dto->user = $this->getUserByUsername('JohnDoe'); $dto->addedBy = $owner; $magazineManager->addModerator($dto); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read write moderate:magazine_admin:stats'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('GET', "/api/stats/magazine/{$magazine->getId()}/votes", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); $this->client->request('GET', "/api/stats/magazine/{$magazine->getId()}/content", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); } public function testApiCanRetrieveMagazineStats(): void { $user = $this->getUserByUsername('JohnDoe'); $user2 = $this->getUserByUsername('JohnDoe2'); $this->client->loginUser($user); self::createOAuth2AuthCodeClient(); $magazine = $this->getMagazineByName('test'); $entry = $this->getEntryByTitle('Stats test', body: 'This is gonna be a statistic', magazine: $magazine, user: $user); $requestStack = $this->requestStack; $requestStack->push(Request::create('/')); $dispatcher = $this->eventDispatcher; $dispatcher->dispatch(new EntryHasBeenSeenEvent($entry)); $favouriteManager = $this->favouriteManager; $favourite = $favouriteManager->toggle($user, $entry); $voteManager = $this->voteManager; $vote = $voteManager->upvote($entry, $user); $entityManager = $this->entityManager; $entityManager->persist($favourite); $entityManager->persist($vote); $entityManager->flush(); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read write moderate:magazine_admin:stats'); $token = $codes['token_type'].' '.$codes['access_token']; // Start a day ago to avoid timezone issues when testing on machines with non-UTC timezones $startString = rawurlencode($entry->getCreatedAt()->add(\DateInterval::createFromDateString('-1 minute'))->format(\DateTimeImmutable::ATOM)); $this->client->request('GET', "/api/stats/magazine/{$magazine->getId()}/votes?resolution=hour&start=$startString", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::STATS_BY_CONTENT_TYPE_KEYS, $jsonData); self::assertIsArray($jsonData['entry']); self::assertCount(1, $jsonData['entry']); self::assertIsArray($jsonData['entry_comment']); self::assertEmpty($jsonData['entry_comment']); self::assertIsArray($jsonData['post']); self::assertEmpty($jsonData['post']); self::assertIsArray($jsonData['post_comment']); self::assertEmpty($jsonData['post_comment']); self::assertArrayKeysMatch(self::VOTE_ITEM_KEYS, $jsonData['entry'][0]); self::assertSame(1, $jsonData['entry'][0]['up']); self::assertSame(0, $jsonData['entry'][0]['down']); self::assertSame(1, $jsonData['entry'][0]['boost']); $this->client->request('GET', "/api/stats/magazine/{$magazine->getId()}/content?resolution=hour&start=$startString", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::STATS_BY_CONTENT_TYPE_KEYS, $jsonData); self::assertIsInt($jsonData['entry']); self::assertIsInt($jsonData['entry_comment']); self::assertIsInt($jsonData['post']); self::assertIsInt($jsonData['post_comment']); self::assertSame(1, $jsonData['entry']); } } ================================================ FILE: tests/Functional/Controller/Api/Magazine/Admin/MagazineTagsApiTest.php ================================================ getMagazineByName('test'); $this->client->request('POST', "/api/moderate/magazine/{$magazine->getId()}/tag/test"); self::assertResponseStatusCodeSame(401); } public function testApiCannotRemoveTagsFromMagazineAnonymous(): void { $magazine = $this->getMagazineByName('test'); $magazine->tags = ['test']; $entityManager = $this->entityManager; $entityManager->persist($magazine); $entityManager->flush(); $this->client->request('DELETE', "/api/moderate/magazine/{$magazine->getId()}/tag/test"); self::assertResponseStatusCodeSame(401); } public function testApiCannotAddTagsToMagazineWithoutScope(): void { $this->client->loginUser($this->getUserByUsername('JohnDoe')); self::createOAuth2AuthCodeClient(); $magazine = $this->getMagazineByName('test'); $codes = self::getAuthorizationCodeTokenResponse($this->client); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('POST', "/api/moderate/magazine/{$magazine->getId()}/tag/test", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); } public function testApiCannotRemoveTagsFromMagazineWithoutScope(): void { $this->client->loginUser($this->getUserByUsername('JohnDoe')); self::createOAuth2AuthCodeClient(); $magazine = $this->getMagazineByName('test'); $magazine->tags = ['test']; $entityManager = $this->entityManager; $entityManager->persist($magazine); $entityManager->flush(); $codes = self::getAuthorizationCodeTokenResponse($this->client); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('DELETE', "/api/moderate/magazine/{$magazine->getId()}/tag/test", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); } public function testApiModCannotAddTagsMagazine(): void { $moderator = $this->getUserByUsername('JohnDoe'); $this->client->loginUser($moderator); $owner = $this->getUserByUsername('JaneDoe'); self::createOAuth2AuthCodeClient(); $magazine = $this->getMagazineByName('test', $owner); $magazineManager = $this->magazineManager; $dto = new ModeratorDto($magazine); $dto->user = $moderator; $dto->addedBy = $owner; $magazineManager->addModerator($dto); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read write moderate:magazine_admin:tags'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('POST', "/api/moderate/magazine/{$magazine->getId()}/tag/test", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); } public function testApiModCannotRemoveTagsMagazine(): void { $moderator = $this->getUserByUsername('JohnDoe'); $this->client->loginUser($moderator); $owner = $this->getUserByUsername('JaneDoe'); self::createOAuth2AuthCodeClient(); $magazine = $this->getMagazineByName('test', $owner); $magazineManager = $this->magazineManager; $dto = new ModeratorDto($magazine); $dto->user = $moderator; $dto->addedBy = $owner; $magazineManager->addModerator($dto); $magazine->tags = ['test']; $entityManager = $this->entityManager; $entityManager->persist($magazine); $entityManager->flush(); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read write moderate:magazine_admin:tags'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('DELETE', "/api/moderate/magazine/{$magazine->getId()}/tag/test", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); } public function testApiOwnerCanAddTagsMagazine(): void { $user = $this->getUserByUsername('JohnDoe'); $this->client->loginUser($user); self::createOAuth2AuthCodeClient(); $magazine = $this->getMagazineByName('test'); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read write moderate:magazine_admin:tags'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('POST', "/api/moderate/magazine/{$magazine->getId()}/tag/test", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(MagazineRetrieveApiTest::MAGAZINE_RESPONSE_KEYS, $jsonData); self::assertIsArray($jsonData['tags']); self::assertCount(1, $jsonData['tags']); self::assertEquals('test', $jsonData['tags'][0]); } public function testApiOwnerCannotAddWeirdTagsMagazine(): void { $user = $this->getUserByUsername('JohnDoe'); $this->client->loginUser($user); self::createOAuth2AuthCodeClient(); $magazine = $this->getMagazineByName('test'); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read write moderate:magazine_admin:tags'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('POST', "/api/moderate/magazine/{$magazine->getId()}/tag/test%20Weird", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(400); } public function testApiOwnerCanRemoveTagsMagazine(): void { $user = $this->getUserByUsername('JohnDoe'); $this->client->loginUser($user); self::createOAuth2AuthCodeClient(); $magazine = $this->getMagazineByName('test'); $magazine->tags = ['test']; $entityManager = $this->entityManager; $entityManager->persist($magazine); $entityManager->flush(); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read write moderate:magazine_admin:tags'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('GET', "/api/magazine/{$magazine->getId()}", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(MagazineRetrieveApiTest::MAGAZINE_RESPONSE_KEYS, $jsonData); self::assertIsArray($jsonData['tags']); self::assertCount(1, $jsonData['tags']); self::assertEquals('test', $jsonData['tags'][0]); $this->client->request('DELETE', "/api/moderate/magazine/{$magazine->getId()}/tag/test", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(MagazineRetrieveApiTest::MAGAZINE_RESPONSE_KEYS, $jsonData); self::assertEmpty($jsonData['tags']); } } ================================================ FILE: tests/Functional/Controller/Api/Magazine/Admin/MagazineUpdateApiTest.php ================================================ getMagazineByName('test'); $this->client->request('PUT', "/api/moderate/magazine/{$magazine->getId()}"); self::assertResponseStatusCodeSame(401); } public function testApiCannotUpdateMagazineWithoutScope(): void { $this->client->loginUser($this->getUserByUsername('JohnDoe')); self::createOAuth2AuthCodeClient(); $magazine = $this->getMagazineByName('test'); $codes = self::getAuthorizationCodeTokenResponse($this->client); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('PUT', "/api/moderate/magazine/{$magazine->getId()}", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); } public function testApiCanUpdateMagazine(): void { $user = $this->getUserByUsername('JohnDoe'); $this->client->loginUser($user); self::createOAuth2AuthCodeClient(); $magazine = $this->getMagazineByName('test'); $magazine->rules = 'Some initial rules'; $this->entityManager->persist($magazine); $this->entityManager->flush(); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read write moderate:magazine_admin:update'); $token = $codes['token_type'].' '.$codes['access_token']; $name = 'test'; $title = 'API Test Magazine'; $description = 'A description'; $rules = 'Some rules'; $this->client->jsonRequest( 'PUT', "/api/moderate/magazine/{$magazine->getId()}", parameters: [ 'name' => $name, 'title' => $title, 'description' => $description, 'rules' => $rules, 'isAdult' => true, 'discoverable' => false, 'indexable' => false, ], server: ['HTTP_AUTHORIZATION' => $token] ); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(WebTestCase::MAGAZINE_RESPONSE_KEYS, $jsonData); self::assertEquals($name, $jsonData['name']); self::assertSame($user->getId(), $jsonData['owner']['userId']); self::assertEquals($description, $jsonData['description']); self::assertEquals($rules, $jsonData['rules']); self::assertTrue($jsonData['isAdult']); self::assertFalse($jsonData['discoverable']); self::assertFalse($jsonData['indexable']); } public function testApiCannotUpdateMagazineWithInvalidParams(): void { $user = $this->getUserByUsername('JohnDoe'); $this->client->loginUser($user); self::createOAuth2AuthCodeClient(); $magazine = $this->getMagazineByName('test'); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read write moderate:magazine_admin:update'); $token = $codes['token_type'].' '.$codes['access_token']; $name = 'someothername'; $title = 'Different name'; $description = 'A description'; $this->client->jsonRequest( 'PUT', "/api/moderate/magazine/{$magazine->getId()}", parameters: [ 'name' => $name, 'title' => $title, 'description' => $description, 'isAdult' => false, ], server: ['HTTP_AUTHORIZATION' => $token] ); self::assertResponseStatusCodeSame(400); $description = 'short title'; $title = 'as'; $this->client->jsonRequest( 'PUT', "/api/moderate/magazine/{$magazine->getId()}", parameters: [ 'title' => $title, 'description' => $description, 'isAdult' => false, ], server: ['HTTP_AUTHORIZATION' => $token] ); self::assertResponseStatusCodeSame(400); $description = 'long title'; $title = 'Way too long of a title. This can only be 50 characters!'; $this->client->jsonRequest( 'PUT', "/api/moderate/magazine/{$magazine->getId()}", parameters: [ 'title' => $title, 'description' => $description, 'isAdult' => false, ], server: ['HTTP_AUTHORIZATION' => $token] ); self::assertResponseStatusCodeSame(400); $rules = 'Some rules'; $description = 'Rules are deprecated'; $this->client->jsonRequest( 'PUT', "/api/moderate/magazine/{$magazine->getId()}", parameters: [ 'rules' => $rules, 'description' => $description, 'isAdult' => false, ], server: ['HTTP_AUTHORIZATION' => $token] ); self::assertResponseStatusCodeSame(400); } } ================================================ FILE: tests/Functional/Controller/Api/Magazine/Admin/MagazineUpdateThemeApiTest.php ================================================ kibbyPath = \dirname(__FILE__, 6).'/assets/kibby_emoji.png'; } public function testApiCannotUpdateMagazineThemeAnonymous(): void { $magazine = $this->getMagazineByName('test'); $this->client->request('POST', "/api/moderate/magazine/{$magazine->getId()}/theme"); self::assertResponseStatusCodeSame(401); } public function testApiModCannotUpdateMagazineTheme(): void { $moderator = $this->getUserByUsername('JohnDoe'); $this->client->loginUser($moderator); $owner = $this->getUserByUsername('JaneDoe'); self::createOAuth2AuthCodeClient(); $magazine = $this->getMagazineByName('test', $owner); $magazineManager = $this->magazineManager; $dto = new ModeratorDto($magazine); $dto->user = $moderator; $dto->addedBy = $owner; $magazineManager->addModerator($dto); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read write moderate:magazine_admin:theme'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('POST', "/api/moderate/magazine/{$magazine->getId()}/theme", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); } public function testApiCannotUpdateMagazineThemeWithoutScope(): void { $this->client->loginUser($this->getUserByUsername('JohnDoe')); self::createOAuth2AuthCodeClient(); $magazine = $this->getMagazineByName('test'); $codes = self::getAuthorizationCodeTokenResponse($this->client); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('POST', "/api/moderate/magazine/{$magazine->getId()}/theme", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); } public function testApiCanUpdateMagazineThemeWithCustomCss(): void { $user = $this->getUserByUsername('JohnDoe'); $this->client->loginUser($user); self::createOAuth2AuthCodeClient(); $magazine = $this->getMagazineByName('test'); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read write moderate:magazine_admin:theme'); $token = $codes['token_type'].' '.$codes['access_token']; // Uploading a file appears to delete the file at the given path, so make a copy before upload $tmpPath = bin2hex(random_bytes(32)); copy($this->kibbyPath, $tmpPath.'.tmp'); $image = new UploadedFile($tmpPath.'.tmp', 'kibby_emoji.png', 'image/png'); $customCss = 'a {background: red;}'; $this->client->request( 'POST', "/api/moderate/magazine/{$magazine->getId()}/theme", parameters: [ 'customCss' => $customCss, ], files: ['uploadImage' => $image], server: ['HTTP_AUTHORIZATION' => $token] ); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::MAGAZINE_THEME_RESPONSE_KEYS, $jsonData); self::assertIsArray($jsonData['magazine']); self::assertArrayKeysMatch(MagazineRetrieveApiTest::MAGAZINE_SMALL_RESPONSE_KEYS, $jsonData['magazine']); self::assertStringContainsString($customCss, $jsonData['customCss']); self::assertIsArray($jsonData['icon']); self::assertArrayKeysMatch(self::IMAGE_KEYS, $jsonData['icon']); self::assertNull($jsonData['banner']); self::assertSame(96, $jsonData['icon']['width']); self::assertSame(96, $jsonData['icon']['height']); self::assertEquals('a8/1c/a81cc2fea35eeb232cd28fcb109b3eb5a4e52c71bce95af6650d71876c1bcbb7.png', $jsonData['icon']['filePath']); } public function testApiCanUpdateMagazineThemeWithBackgroundImage(): void { $user = $this->getUserByUsername('JohnDoe'); $this->client->loginUser($user); self::createOAuth2AuthCodeClient(); $magazine = $this->getMagazineByName('test'); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read write moderate:magazine_admin:theme'); $token = $codes['token_type'].' '.$codes['access_token']; // Uploading a file appears to delete the file at the given path, so make a copy before upload $tmpPath = bin2hex(random_bytes(32)); copy($this->kibbyPath, $tmpPath.'.png'); $image = new UploadedFile($tmpPath.'.png', 'kibby_emoji.png', 'image/png'); $imageManager = $this->imageManager; $expectedPath = $imageManager->getFilePath($image->getFilename()); $backgroundImage = 'shape1'; $this->client->request( 'POST', "/api/moderate/magazine/{$magazine->getId()}/theme", parameters: [ 'backgroundImage' => $backgroundImage, ], files: ['uploadImage' => $image], server: ['HTTP_AUTHORIZATION' => $token] ); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::MAGAZINE_THEME_RESPONSE_KEYS, $jsonData); self::assertIsArray($jsonData['magazine']); self::assertArrayKeysMatch(MagazineRetrieveApiTest::MAGAZINE_SMALL_RESPONSE_KEYS, $jsonData['magazine']); self::assertStringContainsString('/build/images/shape.png', $jsonData['customCss']); self::assertIsArray($jsonData['icon']); self::assertArrayKeysMatch(self::IMAGE_KEYS, $jsonData['icon']); self::assertSame(96, $jsonData['icon']['width']); self::assertSame(96, $jsonData['icon']['height']); self::assertEquals($expectedPath, $jsonData['icon']['filePath']); } public function testCanUpdateMagazineBanner(): void { $user = $this->getUserByUsername('JohnDoe'); $this->client->loginUser($user); self::createOAuth2AuthCodeClient(); $magazine = $this->getMagazineByName('test'); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read write moderate:magazine_admin:theme'); $token = $codes['token_type'].' '.$codes['access_token']; // Uploading a file appears to delete the file at the given path, so make a copy before upload $tmpPath = bin2hex(random_bytes(32)); copy($this->kibbyPath, $tmpPath.'.tmp'); $image = new UploadedFile($tmpPath.'.tmp', 'kibby_emoji.png', 'image/png'); $this->client->request( 'PUT', "/api/moderate/magazine/{$magazine->getId()}/banner", files: ['uploadImage' => $image], server: ['HTTP_AUTHORIZATION' => $token] ); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::MAGAZINE_THEME_RESPONSE_KEYS, $jsonData); self::assertIsArray($jsonData['magazine']); self::assertArrayKeysMatch(WebTestCase::MAGAZINE_SMALL_RESPONSE_KEYS, $jsonData['magazine']); self::assertNull($jsonData['icon']); self::assertArrayKeysMatch(self::IMAGE_KEYS, $jsonData['banner']); self::assertSame(96, $jsonData['banner']['width']); self::assertSame(96, $jsonData['banner']['height']); self::assertEquals('a8/1c/a81cc2fea35eeb232cd28fcb109b3eb5a4e52c71bce95af6650d71876c1bcbb7.png', $jsonData['banner']['filePath']); } } ================================================ FILE: tests/Functional/Controller/Api/Magazine/MagazineBlockApiTest.php ================================================ getMagazineByName('test'); $this->client->request('PUT', '/api/magazine/'.(string) $magazine->getId().'/block'); self::assertResponseStatusCodeSame(401); } public function testApiCannotBlockMagazineWithoutScope(): void { $user = $this->getUserByUsername('testuser'); $this->client->loginUser($user); self::createOAuth2AuthCodeClient(); $magazine = $this->getMagazineByName('test'); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read write'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('PUT', '/api/magazine/'.(string) $magazine->getId().'/block', server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); } public function testApiCanBlockMagazine(): void { $user = $this->getUserByUsername('testuser'); $this->client->loginUser($user); self::createOAuth2AuthCodeClient(); $magazine = $this->getMagazineByName('test'); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read write magazine:block'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('PUT', '/api/magazine/'.(string) $magazine->getId().'/block', server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(MagazineRetrieveApiTest::MAGAZINE_RESPONSE_KEYS, $jsonData); // Scopes for reading subscriptions and blocklists granted, so these values should be filled self::assertNull($jsonData['isUserSubscribed']); self::assertTrue($jsonData['isBlockedByUser']); $this->client->request('GET', '/api/magazine/'.(string) $magazine->getId(), server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(MagazineRetrieveApiTest::MAGAZINE_RESPONSE_KEYS, $jsonData); // Scopes for reading subscriptions and blocklists granted, so these values should be filled self::assertNull($jsonData['isUserSubscribed']); self::assertTrue($jsonData['isBlockedByUser']); } public function testApiCannotUnblockMagazineAnonymously(): void { $magazine = $this->getMagazineByName('test'); $this->client->request('PUT', '/api/magazine/'.(string) $magazine->getId().'/unblock'); self::assertResponseStatusCodeSame(401); } public function testApiCannotUnblockMagazineWithoutScope(): void { $user = $this->getUserByUsername('testuser'); $this->client->loginUser($user); self::createOAuth2AuthCodeClient(); $magazine = $this->getMagazineByName('test'); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read write'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('PUT', '/api/magazine/'.(string) $magazine->getId().'/unblock', server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); } public function testApiCanUnblockMagazine(): void { $user = $this->getUserByUsername('testuser'); $this->client->loginUser($user); self::createOAuth2AuthCodeClient(); $magazine = $this->getMagazineByName('test'); $manager = $this->magazineManager; $manager->block($magazine, $user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read write magazine:block'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('PUT', '/api/magazine/'.(string) $magazine->getId().'/unblock', server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(MagazineRetrieveApiTest::MAGAZINE_RESPONSE_KEYS, $jsonData); // Scopes for reading subscriptions and blocklists granted, so these values should be filled self::assertNull($jsonData['isUserSubscribed']); self::assertFalse($jsonData['isBlockedByUser']); $this->client->request('GET', '/api/magazine/'.(string) $magazine->getId(), server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(MagazineRetrieveApiTest::MAGAZINE_RESPONSE_KEYS, $jsonData); // Scopes for reading subscriptions and blocklists granted, so these values should be filled self::assertNull($jsonData['isUserSubscribed']); self::assertFalse($jsonData['isBlockedByUser']); } } ================================================ FILE: tests/Functional/Controller/Api/Magazine/MagazineModlogApiTest.php ================================================ getMagazineByName('test'); $this->client->request('GET', '/api/magazine/'.(string) $magazine->getId().'/log'); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::PAGINATED_KEYS, $jsonData); self::assertIsArray($jsonData['items']); self::assertEmpty($jsonData['items']); } public function testApiCanRetrieveModlogByMagazineIdAnonymouslyWithTypeFilter(): void { $magazine = $this->getMagazineByName('test'); $this->client->request('GET', '/api/magazine/'.$magazine->getId().'/log?types[]='.MagazineLog::CHOICES[0].'&types[]='.MagazineLog::CHOICES[1]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::PAGINATED_KEYS, $jsonData); self::assertIsArray($jsonData['items']); self::assertEmpty($jsonData['items']); } public function testApiCanRetrieveMagazineById(): void { $this->client->loginUser($this->getUserByUsername('JohnDoe')); self::createOAuth2AuthCodeClient(); $magazine = $this->getMagazineByName('test'); $codes = self::getAuthorizationCodeTokenResponse($this->client); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('GET', '/api/magazine/'.(string) $magazine->getId().'/log', server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::PAGINATED_KEYS, $jsonData); self::assertIsArray($jsonData['items']); self::assertEmpty($jsonData['items']); } public function testApiCanRetrieveEntryPinnedLog(): void { $user = $this->getUserByUsername('JohnDoe'); $this->client->loginUser($user); self::createOAuth2AuthCodeClient(); $magazine = $this->getMagazineByName('test'); $entry = $this->getEntryByTitle('Something to pin', magazine: $magazine); $this->entryManager->pin($entry, $user); $codes = self::getAuthorizationCodeTokenResponse($this->client); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('GET', '/api/magazine/'.$magazine->getId().'/log', server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::PAGINATED_KEYS, $jsonData); self::assertIsArray($jsonData['items']); self::assertCount(1, $jsonData['items']); $item = $jsonData['items'][0]; self::assertArrayKeysMatch(WebTestCase::LOG_ENTRY_KEYS, $item); self::assertEquals('log_entry_pinned', $item['type']); self::assertIsArray($item['subject']); self::assertArrayKeysMatch(WebTestCase::ENTRY_RESPONSE_KEYS, $item['subject']); self::assertEquals($entry->getId(), $item['subject']['entryId']); } public function testApiCanRetrieveUserBannedLog(): void { $user = $this->getUserByUsername('JohnDoe'); $this->client->loginUser($user); self::createOAuth2AuthCodeClient(); $magazine = $this->getMagazineByName('test'); $banned = $this->getUserByUsername('troll'); $dto = new MagazineBanDto(); $dto->reason = 'because'; $ban = $this->magazineManager->ban($magazine, $banned, $user, $dto); $codes = self::getAuthorizationCodeTokenResponse($this->client); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('GET', '/api/magazine/'.$magazine->getId().'/log', server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::PAGINATED_KEYS, $jsonData); self::assertIsArray($jsonData['items']); self::assertCount(1, $jsonData['items']); $item = $jsonData['items'][0]; self::assertArrayKeysMatch(WebTestCase::LOG_ENTRY_KEYS, $item); self::assertEquals('log_ban', $item['type']); self::assertArrayKeysMatch(WebTestCase::BAN_RESPONSE_KEYS, $item['subject']); self::assertEquals($ban->getId(), $item['subject']['banId']); } public function testApiCanRetrieveModeratorAddedLog(): void { $user = $this->getUserByUsername('JohnDoe'); $this->client->loginUser($user); self::createOAuth2AuthCodeClient(); $magazine = $this->getMagazineByName('test'); $mod = $this->getUserByUsername('mod'); $dto = new ModeratorDto($magazine, $mod, $user); $this->magazineManager->addModerator($dto); $codes = self::getAuthorizationCodeTokenResponse($this->client); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('GET', '/api/magazine/'.$magazine->getId().'/log', server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::PAGINATED_KEYS, $jsonData); self::assertIsArray($jsonData['items']); self::assertCount(1, $jsonData['items']); $item = $jsonData['items'][0]; self::assertArrayKeysMatch(WebTestCase::LOG_ENTRY_KEYS, $item); self::assertEquals('log_moderator_add', $item['type']); self::assertArrayKeysMatch(WebTestCase::USER_SMALL_RESPONSE_KEYS, $item['subject']); self::assertEquals($mod->getId(), $item['subject']['userId']); self::assertArrayKeysMatch(WebTestCase::USER_SMALL_RESPONSE_KEYS, $item['moderator']); self::assertEquals($user->getId(), $item['moderator']['userId']); } public function testApiModlogReflectsModerationActionsTaken(): void { $this->createModlogMessages(); $magazine = $this->getMagazineByName('acme'); $moderator = $magazine->getOwner(); $entityManager = $this->entityManager; $entityManager->refresh($magazine); $this->client->request('GET', '/api/magazine/'.(string) $magazine->getId().'/log'); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::PAGINATED_KEYS, $jsonData); self::assertIsArray($jsonData['items']); self::assertCount(5, $jsonData['items']); $this->validateModlog($jsonData, $magazine, $moderator); } } ================================================ FILE: tests/Functional/Controller/Api/Magazine/MagazineRetrieveApiTest.php ================================================ getMagazineByName('test'); $this->client->request('GET', "/api/magazine/{$magazine->getId()}"); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::MAGAZINE_RESPONSE_KEYS, $jsonData); self::assertSame($magazine->getId(), $jsonData['magazineId']); self::assertIsArray($jsonData['owner']); self::assertArrayKeysMatch(self::MODERATOR_RESPONSE_KEYS, $jsonData['owner']); self::assertSame($magazine->getOwner()->getId(), $jsonData['owner']['userId']); self::assertNull($jsonData['icon']); self::assertNull($jsonData['banner']); self::assertEmpty($jsonData['tags']); self::assertEquals('test', $jsonData['name']); self::assertIsArray($jsonData['badges']); self::assertIsArray($jsonData['moderators']); self::assertCount(1, $jsonData['moderators']); self::assertIsArray($jsonData['moderators'][0]); self::assertArrayKeysMatch(self::MODERATOR_RESPONSE_KEYS, $jsonData['moderators'][0]); self::assertSame($magazine->getOwner()->getId(), $jsonData['moderators'][0]['userId']); self::assertFalse($jsonData['isAdult']); // Anonymous access, so these values should be null self::assertNull($jsonData['isUserSubscribed']); self::assertNull($jsonData['isBlockedByUser']); } public function testApiCanRetrieveMagazineById(): void { $this->client->loginUser($this->getUserByUsername('JohnDoe')); self::createOAuth2AuthCodeClient(); $magazine = $this->getMagazineByName('test'); $codes = self::getAuthorizationCodeTokenResponse($this->client); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('GET', "/api/magazine/{$magazine->getId()}", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::MAGAZINE_RESPONSE_KEYS, $jsonData); self::assertSame($magazine->getId(), $jsonData['magazineId']); self::assertIsArray($jsonData['owner']); self::assertArrayKeysMatch(self::MODERATOR_RESPONSE_KEYS, $jsonData['owner']); self::assertSame($magazine->getOwner()->getId(), $jsonData['owner']['userId']); self::assertNull($jsonData['icon']); self::assertNull($jsonData['banner']); self::assertEmpty($jsonData['tags']); self::assertEquals('test', $jsonData['name']); self::assertIsArray($jsonData['badges']); self::assertIsArray($jsonData['moderators']); self::assertCount(1, $jsonData['moderators']); self::assertIsArray($jsonData['moderators'][0]); self::assertArrayKeysMatch(self::MODERATOR_RESPONSE_KEYS, $jsonData['moderators'][0]); self::assertSame($magazine->getOwner()->getId(), $jsonData['moderators'][0]['userId']); self::assertFalse($jsonData['isAdult']); // Scopes for reading subscriptions and blocklists not granted, so these values should be null self::assertNull($jsonData['isUserSubscribed']); self::assertNull($jsonData['isBlockedByUser']); } public function testApiCanRetrieveMagazineByNameAnonymously(): void { $magazine = $this->getMagazineByName('test'); $this->client->request('GET', '/api/magazine/name/test'); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::MAGAZINE_RESPONSE_KEYS, $jsonData); self::assertSame($magazine->getId(), $jsonData['magazineId']); self::assertIsArray($jsonData['owner']); self::assertArrayKeysMatch(self::MODERATOR_RESPONSE_KEYS, $jsonData['owner']); self::assertSame($magazine->getOwner()->getId(), $jsonData['owner']['userId']); self::assertNull($jsonData['icon']); self::assertNull($jsonData['banner']); self::assertEmpty($jsonData['tags']); self::assertEquals('test', $jsonData['name']); self::assertIsArray($jsonData['badges']); self::assertIsArray($jsonData['moderators']); self::assertCount(1, $jsonData['moderators']); self::assertIsArray($jsonData['moderators'][0]); self::assertArrayKeysMatch(self::MODERATOR_RESPONSE_KEYS, $jsonData['moderators'][0]); self::assertSame($magazine->getOwner()->getId(), $jsonData['moderators'][0]['userId']); self::assertFalse($jsonData['isAdult']); // Anonymous access, so these values should be null self::assertNull($jsonData['isUserSubscribed']); self::assertNull($jsonData['isBlockedByUser']); } public function testApiCanRetrieveMagazineByName(): void { $this->client->loginUser($this->getUserByUsername('JohnDoe')); self::createOAuth2AuthCodeClient(); $magazine = $this->getMagazineByName('test'); $codes = self::getAuthorizationCodeTokenResponse($this->client); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('GET', '/api/magazine/name/test', server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::MAGAZINE_RESPONSE_KEYS, $jsonData); self::assertSame($magazine->getId(), $jsonData['magazineId']); self::assertIsArray($jsonData['owner']); self::assertArrayKeysMatch(self::MODERATOR_RESPONSE_KEYS, $jsonData['owner']); self::assertSame($magazine->getOwner()->getId(), $jsonData['owner']['userId']); self::assertNull($jsonData['icon']); self::assertNull($jsonData['banner']); self::assertEmpty($jsonData['tags']); self::assertEquals('test', $jsonData['name']); self::assertIsArray($jsonData['badges']); self::assertIsArray($jsonData['moderators']); self::assertCount(1, $jsonData['moderators']); self::assertIsArray($jsonData['moderators'][0]); self::assertArrayKeysMatch(self::MODERATOR_RESPONSE_KEYS, $jsonData['moderators'][0]); self::assertSame($magazine->getOwner()->getId(), $jsonData['moderators'][0]['userId']); self::assertFalse($jsonData['isAdult']); // Scopes for reading subscriptions and blocklists not granted, so these values should be null self::assertNull($jsonData['isUserSubscribed']); self::assertNull($jsonData['isBlockedByUser']); } public function testApiMagazineSubscribeAndBlockFlags(): void { $user = $this->getUserByUsername('testuser'); $this->client->loginUser($user); self::createOAuth2AuthCodeClient(); $magazine = $this->getMagazineByName('test'); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read write magazine:subscribe magazine:block'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('GET', "/api/magazine/{$magazine->getId()}", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::MAGAZINE_RESPONSE_KEYS, $jsonData); // Scopes for reading subscriptions and blocklists granted, so these values should be filled self::assertFalse($jsonData['isUserSubscribed']); self::assertFalse($jsonData['isBlockedByUser']); } // The 2 next tests exist because changing the subscription status via MagazineManager after calling the API // was causing strange doctrine exceptions. If doctrine did not throw exceptions when modifications // were made, these tests could be rolled into testApiMagazineSubscribeAndBlockFlags above public function testApiMagazineSubscribeFlagIsTrueWhenSubscribed(): void { $user = $this->getUserByUsername('testuser'); $this->client->loginUser($user); self::createOAuth2AuthCodeClient(); $magazine = $this->getMagazineByName('test'); $manager = $this->magazineManager; $manager->subscribe($magazine, $user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read write magazine:subscribe magazine:block'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('GET', "/api/magazine/{$magazine->getId()}", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::MAGAZINE_RESPONSE_KEYS, $jsonData); // Scopes for reading subscriptions and blocklists granted, so these values should be filled self::assertTrue($jsonData['isUserSubscribed']); self::assertFalse($jsonData['isBlockedByUser']); } public function testApiMagazineBlockFlagIsTrueWhenBlocked(): void { $user = $this->getUserByUsername('testuser'); $this->client->loginUser($user); self::createOAuth2AuthCodeClient(); $magazine = $this->getMagazineByName('test'); $manager = $this->magazineManager; $manager->block($magazine, $user); $entityManager = $this->entityManager; $entityManager->persist($user); $entityManager->flush(); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read write magazine:subscribe magazine:block'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('GET', "/api/magazine/{$magazine->getId()}", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::MAGAZINE_RESPONSE_KEYS, $jsonData); // Scopes for reading subscriptions and blocklists granted, so these values should be filled self::assertFalse($jsonData['isUserSubscribed']); self::assertTrue($jsonData['isBlockedByUser']); } public function testApiCanRetrieveMagazineCollectionAnonymous(): void { $magazine = $this->getMagazineByName('test'); $this->client->request('GET', '/api/magazines'); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::PAGINATED_KEYS, $jsonData); self::assertIsArray($jsonData['pagination']); self::assertArrayKeysMatch(self::PAGINATION_KEYS, $jsonData['pagination']); self::assertSame(1, $jsonData['pagination']['count']); self::assertIsArray($jsonData['items']); self::assertCount(1, $jsonData['items']); self::assertArrayKeysMatch(self::MAGAZINE_RESPONSE_KEYS, $jsonData['items'][0]); self::assertSame($magazine->getId(), $jsonData['items'][0]['magazineId']); } public function testApiCanRetrieveMagazineCollection(): void { $this->client->loginUser($this->getUserByUsername('JohnDoe')); self::createOAuth2AuthCodeClient(); $magazine = $this->getMagazineByName('test'); $codes = self::getAuthorizationCodeTokenResponse($this->client); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('GET', '/api/magazines', server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::PAGINATED_KEYS, $jsonData); self::assertIsArray($jsonData['pagination']); self::assertArrayKeysMatch(self::PAGINATION_KEYS, $jsonData['pagination']); self::assertSame(1, $jsonData['pagination']['count']); self::assertIsArray($jsonData['items']); self::assertCount(1, $jsonData['items']); self::assertArrayKeysMatch(self::MAGAZINE_RESPONSE_KEYS, $jsonData['items'][0]); self::assertSame($magazine->getId(), $jsonData['items'][0]['magazineId']); // Scopes not granted self::assertNull($jsonData['items'][0]['isUserSubscribed']); self::assertNull($jsonData['items'][0]['isBlockedByUser']); } public function testApiCanRetrieveMagazineCollectionMultiplePages(): void { $this->client->loginUser($this->getUserByUsername('JohnDoe')); self::createOAuth2AuthCodeClient(); $magazines = []; for ($i = 0; $i < self::MAGAZINE_COUNT; ++$i) { $magazines[] = $this->getMagazineByNameNoRSAKey("test{$i}"); } $perPage = max((int) ceil(self::MAGAZINE_COUNT / 2), 1); $codes = self::getAuthorizationCodeTokenResponse($this->client); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('GET', "/api/magazines?perPage={$perPage}", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::PAGINATED_KEYS, $jsonData); self::assertIsArray($jsonData['pagination']); self::assertArrayKeysMatch(self::PAGINATION_KEYS, $jsonData['pagination']); self::assertSame(self::MAGAZINE_COUNT, $jsonData['pagination']['count']); self::assertSame($perPage, $jsonData['pagination']['perPage']); self::assertSame(1, $jsonData['pagination']['currentPage']); self::assertSame(2, $jsonData['pagination']['maxPage']); self::assertIsArray($jsonData['items']); self::assertCount($perPage, $jsonData['items']); self::assertArrayKeysMatch(self::MAGAZINE_RESPONSE_KEYS, $jsonData['items'][0]); self::assertAllValuesFoundByName($magazines, $jsonData['items']); } public function testApiCannotRetrieveMagazineSubscriptionsAnonymous(): void { $this->client->request('GET', '/api/magazines/subscribed'); self::assertResponseStatusCodeSame(401); } public function testApiCannotRetrieveMagazineSubscriptionsWithoutScope(): void { $this->client->loginUser($this->getUserByUsername('JohnDoe')); self::createOAuth2AuthCodeClient(); $codes = self::getAuthorizationCodeTokenResponse($this->client); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('GET', '/api/magazines/subscribed', server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); } public function testApiCanRetrieveMagazineSubscriptions(): void { $this->client->loginUser($this->getUserByUsername('JohnDoe')); self::createOAuth2AuthCodeClient(); $notSubbedMag = $this->getMagazineByName('someother', $this->getUserByUsername('JaneDoe')); $magazine = $this->getMagazineByName('test'); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read write magazine:subscribe'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('GET', '/api/magazines/subscribed', server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::PAGINATED_KEYS, $jsonData); self::assertIsArray($jsonData['pagination']); self::assertArrayKeysMatch(self::PAGINATION_KEYS, $jsonData['pagination']); self::assertSame(1, $jsonData['pagination']['count']); self::assertIsArray($jsonData['items']); self::assertCount(1, $jsonData['items']); self::assertArrayKeysMatch(self::MAGAZINE_RESPONSE_KEYS, $jsonData['items'][0]); self::assertSame($magazine->getId(), $jsonData['items'][0]['magazineId']); // Block scope not granted self::assertTrue($jsonData['items'][0]['isUserSubscribed']); self::assertNull($jsonData['items'][0]['isBlockedByUser']); } public function testApiCannotRetrieveUserMagazineSubscriptionsAnonymous(): void { $user = $this->getUserByUsername('testUser'); $this->client->request('GET', "/api/users/{$user->getId()}/magazines/subscriptions"); self::assertResponseStatusCodeSame(401); } public function testApiCannotRetrieveUserMagazineSubscriptionsWithoutScope(): void { $this->client->loginUser($this->getUserByUsername('JohnDoe')); self::createOAuth2AuthCodeClient(); $codes = self::getAuthorizationCodeTokenResponse($this->client); $token = $codes['token_type'].' '.$codes['access_token']; $user = $this->getUserByUsername('testUser'); $this->client->request('GET', "/api/users/{$user->getId()}/magazines/subscriptions", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); } public function testApiCanRetrieveUserMagazineSubscriptions(): void { $this->client->loginUser($this->getUserByUsername('JohnDoe')); self::createOAuth2AuthCodeClient(); $user = $this->getUserByUsername('testUser'); $user->showProfileSubscriptions = true; $entityManager = $this->entityManager; $entityManager->persist($user); $entityManager->flush(); $notSubbedMag = $this->getMagazineByName('someother', $this->getUserByUsername('JaneDoe')); $magazine = $this->getMagazineByName('test', $user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read write magazine:subscribe'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('GET', "/api/users/{$user->getId()}/magazines/subscriptions", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::PAGINATED_KEYS, $jsonData); self::assertIsArray($jsonData['pagination']); self::assertArrayKeysMatch(self::PAGINATION_KEYS, $jsonData['pagination']); self::assertSame(1, $jsonData['pagination']['count']); self::assertIsArray($jsonData['items']); self::assertCount(1, $jsonData['items']); self::assertArrayKeysMatch(self::MAGAZINE_RESPONSE_KEYS, $jsonData['items'][0]); self::assertSame($magazine->getId(), $jsonData['items'][0]['magazineId']); // Block scope not granted self::assertFalse($jsonData['items'][0]['isUserSubscribed']); self::assertNull($jsonData['items'][0]['isBlockedByUser']); } public function testApiCannotRetrieveUserMagazineSubscriptionsIfSettingTurnedOff(): void { $this->client->loginUser($this->getUserByUsername('JohnDoe')); self::createOAuth2AuthCodeClient(); $user = $this->getUserByUsername('testUser'); $user->showProfileSubscriptions = false; $entityManager = $this->entityManager; $entityManager->persist($user); $entityManager->flush(); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read write magazine:subscribe'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('GET', "/api/users/{$user->getId()}/magazines/subscriptions", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); } public function testApiCannotRetrieveModeratedMagazinesAnonymous(): void { $this->client->request('GET', '/api/magazines/moderated'); self::assertResponseStatusCodeSame(401); } public function testApiCannotRetrieveModeratedMagazinesWithoutScope(): void { $this->client->loginUser($this->getUserByUsername('JohnDoe')); self::createOAuth2AuthCodeClient(); $codes = self::getAuthorizationCodeTokenResponse($this->client); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('GET', '/api/magazines/moderated', server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); } public function testApiCanRetrieveModeratedMagazines(): void { $this->client->loginUser($this->getUserByUsername('JohnDoe')); self::createOAuth2AuthCodeClient(); $notModdedMag = $this->getMagazineByName('someother', $this->getUserByUsername('JaneDoe')); $magazine = $this->getMagazineByName('test'); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read write moderate:magazine:list'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('GET', '/api/magazines/moderated', server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::PAGINATED_KEYS, $jsonData); self::assertIsArray($jsonData['pagination']); self::assertArrayKeysMatch(self::PAGINATION_KEYS, $jsonData['pagination']); self::assertSame(1, $jsonData['pagination']['count']); self::assertIsArray($jsonData['items']); self::assertCount(1, $jsonData['items']); self::assertArrayKeysMatch(self::MAGAZINE_RESPONSE_KEYS, $jsonData['items'][0]); self::assertSame($magazine->getId(), $jsonData['items'][0]['magazineId']); // Subscribe and block scopes not granted self::assertNull($jsonData['items'][0]['isUserSubscribed']); self::assertNull($jsonData['items'][0]['isBlockedByUser']); } public function testApiCannotRetrieveBlockedMagazinesAnonymous(): void { $this->client->request('GET', '/api/magazines/blocked'); self::assertResponseStatusCodeSame(401); } public function testApiCannotRetrieveBlockedMagazinesWithoutScope(): void { $this->client->loginUser($this->getUserByUsername('JohnDoe')); self::createOAuth2AuthCodeClient(); $codes = self::getAuthorizationCodeTokenResponse($this->client); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('GET', '/api/magazines/blocked', server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); } public function testApiCanRetrieveBlockedMagazines(): void { $this->client->loginUser($this->getUserByUsername('JohnDoe')); self::createOAuth2AuthCodeClient(); $notBlockedMag = $this->getMagazineByName('someother', $this->getUserByUsername('JaneDoe')); $magazine = $this->getMagazineByName('test', $this->getUserByUsername('JaneDoe')); $manager = $this->magazineManager; $manager->block($magazine, $this->getUserByUsername('JohnDoe')); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read write magazine:block'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('GET', '/api/magazines/blocked', server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::PAGINATED_KEYS, $jsonData); self::assertIsArray($jsonData['pagination']); self::assertArrayKeysMatch(self::PAGINATION_KEYS, $jsonData['pagination']); self::assertSame(1, $jsonData['pagination']['count']); self::assertIsArray($jsonData['items']); self::assertCount(1, $jsonData['items']); self::assertArrayKeysMatch(self::MAGAZINE_RESPONSE_KEYS, $jsonData['items'][0]); self::assertSame($magazine->getId(), $jsonData['items'][0]['magazineId']); // Subscribe and block scopes not granted self::assertNull($jsonData['items'][0]['isUserSubscribed']); self::assertTrue($jsonData['items'][0]['isBlockedByUser']); } public function testApiCanRetrieveAbandonedMagazine(): void { $abandoningUser = $this->getUserByUsername('JohnDoe'); $activeUser = $this->getUserByUsername('DoeJohn'); $magazine1 = $this->getMagazineByName('test1', $abandoningUser); $magazine2 = $this->getMagazineByName('test2', $abandoningUser); $magazine3 = $this->getMagazineByName('test3', $activeUser); $abandoningUser->lastActive = new \DateTime('-6 months'); $activeUser->lastActive = new \DateTime('-2 days'); $this->userRepository->save($abandoningUser, true); $this->userRepository->save($activeUser, true); $this->client->request('GET', '/api/magazines?abandoned=true&federation=local'); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::PAGINATED_KEYS, $jsonData); self::assertIsArray($jsonData['pagination']); self::assertArrayKeysMatch(self::PAGINATION_KEYS, $jsonData['pagination']); self::assertSame(2, $jsonData['pagination']['count']); self::assertIsArray($jsonData['items']); self::assertCount(2, $jsonData['items']); self::assertArrayKeysMatch(self::MAGAZINE_RESPONSE_KEYS, $jsonData['items'][0]); self::assertSame($magazine1->getId(), $jsonData['items'][0]['magazineId']); self::assertSame($magazine2->getId(), $jsonData['items'][1]['magazineId']); } public function testApiCanRetrieveAbandonedMagazineSortedByOwner(): void { $abandoningUser1 = $this->getUserByUsername('user1'); $abandoningUser2 = $this->getUserByUsername('user2'); $abandoningUser3 = $this->getUserByUsername('user3'); $magazine1 = $this->getMagazineByName('test1', $abandoningUser1); $magazine2 = $this->getMagazineByName('test2', $abandoningUser2); $magazine3 = $this->getMagazineByName('test3', $abandoningUser3); $abandoningUser1->lastActive = new \DateTime('-6 months'); $abandoningUser2->lastActive = new \DateTime('-5 months'); $abandoningUser3->lastActive = new \DateTime('-7 months'); $this->userRepository->save($abandoningUser1, true); $this->userRepository->save($abandoningUser2, true); $this->userRepository->save($abandoningUser3, true); $this->client->request('GET', '/api/magazines?abandoned=true&federation=local&sort=ownerLastActive'); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::PAGINATED_KEYS, $jsonData); self::assertIsArray($jsonData['pagination']); self::assertArrayKeysMatch(self::PAGINATION_KEYS, $jsonData['pagination']); self::assertSame(3, $jsonData['pagination']['count']); self::assertIsArray($jsonData['items']); self::assertCount(3, $jsonData['items']); self::assertArrayKeysMatch(self::MAGAZINE_RESPONSE_KEYS, $jsonData['items'][0]); self::assertSame($magazine1->getId(), $jsonData['items'][1]['magazineId']); self::assertSame($magazine2->getId(), $jsonData['items'][2]['magazineId']); self::assertSame($magazine3->getId(), $jsonData['items'][0]['magazineId']); } public static function assertAllValuesFoundByName(array $magazines, array $values, string $message = '') { $nameMap = array_column($magazines, null, 'name'); $containsMagazine = fn (bool $result, array $item) => $result && null !== $nameMap[$item['name']]; self::assertTrue(array_reduce($values, $containsMagazine, true), $message); } } ================================================ FILE: tests/Functional/Controller/Api/Magazine/MagazineRetrieveThemeApiTest.php ================================================ getMagazineByName('test'); $magazine->customCss = '.test {}'; $entityManager = $this->entityManager; $entityManager->persist($magazine); $entityManager->flush(); $this->client->request('GET', '/api/magazine/'.(string) $magazine->getId().'/theme'); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::MAGAZINE_THEME_RESPONSE_KEYS, $jsonData); self::assertIsArray($jsonData['magazine']); self::assertArrayKeysMatch(MagazineRetrieveApiTest::MAGAZINE_SMALL_RESPONSE_KEYS, $jsonData['magazine']); self::assertSame($magazine->getId(), $jsonData['magazine']['magazineId']); self::assertEquals('.test {}', $jsonData['customCss']); } public function testApiCanRetrieveMagazineThemeById(): void { $this->client->loginUser($this->getUserByUsername('JohnDoe')); self::createOAuth2AuthCodeClient(); $magazine = $this->getMagazineByName('test'); $magazine->customCss = '.test {}'; $entityManager = $this->entityManager; $entityManager->persist($magazine); $entityManager->flush(); $codes = self::getAuthorizationCodeTokenResponse($this->client); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('GET', '/api/magazine/'.(string) $magazine->getId().'/theme', server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::MAGAZINE_THEME_RESPONSE_KEYS, $jsonData); self::assertIsArray($jsonData['magazine']); self::assertArrayKeysMatch(MagazineRetrieveApiTest::MAGAZINE_SMALL_RESPONSE_KEYS, $jsonData['magazine']); self::assertSame($magazine->getId(), $jsonData['magazine']['magazineId']); self::assertEquals('.test {}', $jsonData['customCss']); } } ================================================ FILE: tests/Functional/Controller/Api/Magazine/MagazineSubscribeApiTest.php ================================================ getMagazineByName('test'); $this->client->request('PUT', '/api/magazine/'.(string) $magazine->getId().'/subscribe'); self::assertResponseStatusCodeSame(401); } public function testApiCannotSubscribeToMagazineWithoutScope(): void { $user = $this->getUserByUsername('testuser'); $this->client->loginUser($user); self::createOAuth2AuthCodeClient(); $magazine = $this->getMagazineByName('test'); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read write magazine:block'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('PUT', '/api/magazine/'.(string) $magazine->getId().'/subscribe', server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); } public function testApiCanSubscribeToMagazine(): void { $user = $this->getUserByUsername('testuser'); $this->client->loginUser($user); self::createOAuth2AuthCodeClient(); $magazine = $this->getMagazineByName('test'); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read write magazine:subscribe magazine:block'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('PUT', '/api/magazine/'.(string) $magazine->getId().'/subscribe', server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(MagazineRetrieveApiTest::MAGAZINE_RESPONSE_KEYS, $jsonData); // Scopes for reading subscriptions and blocklists granted, so these values should be filled self::assertTrue($jsonData['isUserSubscribed']); self::assertFalse($jsonData['isBlockedByUser']); $this->client->request('GET', '/api/magazine/'.(string) $magazine->getId(), server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(MagazineRetrieveApiTest::MAGAZINE_RESPONSE_KEYS, $jsonData); // Scopes for reading subscriptions and blocklists granted, so these values should be filled self::assertTrue($jsonData['isUserSubscribed']); self::assertFalse($jsonData['isBlockedByUser']); } public function testApiCannotUnsubscribeFromMagazineAnonymously(): void { $magazine = $this->getMagazineByName('test'); $this->client->request('PUT', '/api/magazine/'.(string) $magazine->getId().'/unsubscribe'); self::assertResponseStatusCodeSame(401); } public function testApiCannotUnsubscribeFromMagazineWithoutScope(): void { $user = $this->getUserByUsername('testuser'); $this->client->loginUser($user); self::createOAuth2AuthCodeClient(); $magazine = $this->getMagazineByName('test'); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read write magazine:block'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('PUT', '/api/magazine/'.(string) $magazine->getId().'/unsubscribe', server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); } public function testApiCanUnsubscribeFromMagazine(): void { $user = $this->getUserByUsername('testuser'); $this->client->loginUser($user); self::createOAuth2AuthCodeClient(); $magazine = $this->getMagazineByName('test'); $manager = $this->magazineManager; $manager->subscribe($magazine, $user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read write magazine:subscribe'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('PUT', '/api/magazine/'.(string) $magazine->getId().'/unsubscribe', server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(MagazineRetrieveApiTest::MAGAZINE_RESPONSE_KEYS, $jsonData); // Scopes for reading subscriptions and blocklists granted, so these values should be filled self::assertFalse($jsonData['isUserSubscribed']); self::assertNull($jsonData['isBlockedByUser']); $this->client->request('GET', '/api/magazine/'.(string) $magazine->getId(), server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(MagazineRetrieveApiTest::MAGAZINE_RESPONSE_KEYS, $jsonData); // Scopes for reading subscriptions and blocklists granted, so these values should be filled self::assertFalse($jsonData['isUserSubscribed']); self::assertNull($jsonData['isBlockedByUser']); } } ================================================ FILE: tests/Functional/Controller/Api/Magazine/Moderate/MagazineActionReportsApiTest.php ================================================ getMagazineByName('test'); $user = $this->getUserByUsername('JohnDoe'); $reportedUser = $this->getUserByUsername('testuser'); $entry = $this->getEntryByTitle('Report test', body: 'This is gonna be reported', magazine: $magazine, user: $reportedUser); $reportManager = $this->reportManager; $report = $reportManager->report(ReportDto::create($entry, 'I don\'t like it'), $user); $this->client->request('POST', "/api/moderate/magazine/{$magazine->getId()}/reports/{$report->getId()}/accept"); self::assertResponseStatusCodeSame(401); } public function testApiCannotRejectReportAnonymous(): void { $magazine = $this->getMagazineByName('test'); $user = $this->getUserByUsername('JohnDoe'); $reportedUser = $this->getUserByUsername('testuser'); $entry = $this->getEntryByTitle('Report test', body: 'This is gonna be reported', magazine: $magazine, user: $reportedUser); $reportManager = $this->reportManager; $report = $reportManager->report(ReportDto::create($entry, 'I don\'t like it'), $user); $this->client->request('POST', "/api/moderate/magazine/{$magazine->getId()}/reports/{$report->getId()}/reject"); self::assertResponseStatusCodeSame(401); } public function testApiCannotAcceptReportWithoutScope(): void { $user = $this->getUserByUsername('JohnDoe'); $this->client->loginUser($user); self::createOAuth2AuthCodeClient(); $magazine = $this->getMagazineByName('test'); $reportedUser = $this->getUserByUsername('testuser'); $entry = $this->getEntryByTitle('Report test', body: 'This is gonna be reported', magazine: $magazine, user: $reportedUser); $reportManager = $this->reportManager; $report = $reportManager->report(ReportDto::create($entry, 'I don\'t like it'), $user); $codes = self::getAuthorizationCodeTokenResponse($this->client); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('POST', "/api/moderate/magazine/{$magazine->getId()}/reports/{$report->getId()}/accept", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); } public function testApiCannotRejectReportWithoutScope(): void { $user = $this->getUserByUsername('JohnDoe'); $this->client->loginUser($user); self::createOAuth2AuthCodeClient(); $magazine = $this->getMagazineByName('test'); $reportedUser = $this->getUserByUsername('testuser'); $entry = $this->getEntryByTitle('Report test', body: 'This is gonna be reported', magazine: $magazine, user: $reportedUser); $reportManager = $this->reportManager; $report = $reportManager->report(ReportDto::create($entry, 'I don\'t like it'), $user); $codes = self::getAuthorizationCodeTokenResponse($this->client); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('POST', "/api/moderate/magazine/{$magazine->getId()}/reports/{$report->getId()}/reject", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); } public function testApiCannotAcceptReportIfNotMod(): void { $user = $this->getUserByUsername('JohnDoe'); $this->client->loginUser($user); self::createOAuth2AuthCodeClient(); $magazine = $this->getMagazineByName('test', $this->getUserByUsername('JaneDoe')); $reportedUser = $this->getUserByUsername('testuser'); $entry = $this->getEntryByTitle('Report test', body: 'This is gonna be reported', magazine: $magazine, user: $reportedUser); $reportManager = $this->reportManager; $report = $reportManager->report(ReportDto::create($entry, 'I don\'t like it'), $user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read write moderate:magazine:reports:action'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('POST', "/api/moderate/magazine/{$magazine->getId()}/reports/{$report->getId()}/accept", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); } public function testApiCannotRejectReportIfNotMod(): void { $user = $this->getUserByUsername('JohnDoe'); $this->client->loginUser($user); self::createOAuth2AuthCodeClient(); $magazine = $this->getMagazineByName('test', $this->getUserByUsername('JaneDoe')); $reportedUser = $this->getUserByUsername('testuser'); $entry = $this->getEntryByTitle('Report test', body: 'This is gonna be reported', magazine: $magazine, user: $reportedUser); $reportManager = $this->reportManager; $report = $reportManager->report(ReportDto::create($entry, 'I don\'t like it'), $user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read write moderate:magazine:reports:action'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('POST', "/api/moderate/magazine/{$magazine->getId()}/reports/{$report->getId()}/reject", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); } #[Group(name: 'NonThreadSafe')] public function testApiCanAcceptReport(): void { $user = $this->getUserByUsername('JohnDoe'); $this->client->loginUser($user); self::createOAuth2AuthCodeClient(); $magazine = $this->getMagazineByName('test'); $reportedUser = $this->getUserByUsername('testuser'); $entry = $this->getEntryByTitle('Report test', body: 'This is gonna be reported', magazine: $magazine, user: $reportedUser); $reportManager = $this->reportManager; $report = $reportManager->report(ReportDto::create($entry, 'I don\'t like it'), $user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read write moderate:magazine:reports:action'); $token = $codes['token_type'].' '.$codes['access_token']; $consideredAt = new \DateTimeImmutable(); $this->client->jsonRequest('POST', "/api/moderate/magazine/{$magazine->getId()}/reports/{$report->getId()}/accept", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(MagazineRetrieveReportsApiTest::REPORT_RESPONSE_KEYS, $jsonData); self::assertEquals('entry_report', $jsonData['type']); self::assertEquals($report->reason, $jsonData['reason']); self::assertArrayKeysMatch(MagazineRetrieveApiTest::MAGAZINE_SMALL_RESPONSE_KEYS, $jsonData['magazine']); self::assertSame($magazine->getId(), $jsonData['magazine']['magazineId']); self::assertArrayKeysMatch(self::USER_SMALL_RESPONSE_KEYS, $jsonData['reported']); self::assertSame($reportedUser->getId(), $jsonData['reported']['userId']); self::assertArrayKeysMatch(self::USER_SMALL_RESPONSE_KEYS, $jsonData['reporting']); self::assertSame($user->getId(), $jsonData['reporting']['userId']); self::assertArrayKeysMatch(self::ENTRY_RESPONSE_KEYS, $jsonData['subject']); self::assertEquals($entry->getId(), $jsonData['subject']['entryId']); self::assertEquals('trashed', $jsonData['subject']['visibility']); self::assertEquals($entry->body, $jsonData['subject']['body']); self::assertEquals('approved', $jsonData['status']); self::assertSame(1, $jsonData['weight']); self::assertEqualsWithDelta($report->createdAt->getTimestamp(), \DateTimeImmutable::createFromFormat(\DateTimeImmutable::ATOM, $jsonData['createdAt'])->getTimestamp(), 10.0); self::assertEqualsWithDelta($consideredAt->getTimestamp(), \DateTimeImmutable::createFromFormat(\DateTimeImmutable::ATOM, $jsonData['consideredAt'])->getTimestamp(), 10.0); self::assertNotNull($jsonData['consideredBy']); self::assertArrayKeysMatch(self::USER_SMALL_RESPONSE_KEYS, $jsonData['consideredBy']); self::assertSame($user->getId(), $jsonData['consideredBy']['userId']); } public function testApiCanRejectReport(): void { $user = $this->getUserByUsername('JohnDoe'); $this->client->loginUser($user); self::createOAuth2AuthCodeClient(); $magazine = $this->getMagazineByName('test'); $reportedUser = $this->getUserByUsername('testuser'); $entry = $this->getEntryByTitle('Report test', body: 'This is gonna be reported', magazine: $magazine, user: $reportedUser); $reportManager = $this->reportManager; $report = $reportManager->report(ReportDto::create($entry, 'I don\'t like it'), $user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read write moderate:magazine:reports:action'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->jsonRequest('POST', "/api/moderate/magazine/{$magazine->getId()}/reports/{$report->getId()}/reject", server: ['HTTP_AUTHORIZATION' => $token]); $consideredAt = new \DateTimeImmutable(); $adjustedConsideredAt = floor($consideredAt->getTimestamp() / 1000); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); $adjustedReceivedConsideredAt = floor(\DateTimeImmutable::createFromFormat(\DateTimeImmutable::ATOM, $jsonData['createdAt'])->getTimestamp() / 1000); self::assertIsArray($jsonData); self::assertArrayKeysMatch(MagazineRetrieveReportsApiTest::REPORT_RESPONSE_KEYS, $jsonData); self::assertEquals('entry_report', $jsonData['type']); self::assertEquals($report->reason, $jsonData['reason']); self::assertArrayKeysMatch(MagazineRetrieveApiTest::MAGAZINE_SMALL_RESPONSE_KEYS, $jsonData['magazine']); self::assertSame($magazine->getId(), $jsonData['magazine']['magazineId']); self::assertArrayKeysMatch(self::USER_SMALL_RESPONSE_KEYS, $jsonData['reported']); self::assertSame($reportedUser->getId(), $jsonData['reported']['userId']); self::assertArrayKeysMatch(self::USER_SMALL_RESPONSE_KEYS, $jsonData['reporting']); self::assertSame($user->getId(), $jsonData['reporting']['userId']); self::assertArrayKeysMatch(self::ENTRY_RESPONSE_KEYS, $jsonData['subject']); self::assertEquals($entry->getId(), $jsonData['subject']['entryId']); self::assertEquals('visible', $jsonData['subject']['visibility']); self::assertEquals($entry->body, $jsonData['subject']['body']); self::assertEquals('rejected', $jsonData['status']); self::assertSame(1, $jsonData['weight']); self::assertEqualsWithDelta($report->createdAt->getTimestamp(), \DateTimeImmutable::createFromFormat(\DateTimeImmutable::ATOM, $jsonData['createdAt'])->getTimestamp(), 10.0); self::assertEqualsWithDelta($adjustedConsideredAt, $adjustedReceivedConsideredAt, 10.0); self::assertNotNull($jsonData['consideredBy']); self::assertArrayKeysMatch(self::USER_SMALL_RESPONSE_KEYS, $jsonData['consideredBy']); self::assertSame($user->getId(), $jsonData['consideredBy']['userId']); } } ================================================ FILE: tests/Functional/Controller/Api/Magazine/Moderate/MagazineBanApiTest.php ================================================ getMagazineByName('test'); $user = $this->getUserByUsername('testuser'); $this->client->request('POST', "/api/moderate/magazine/{$magazine->getId()}/ban/{$user->getId()}"); self::assertResponseStatusCodeSame(401); } public function testApiCannotCreateMagazineBanWithoutScope(): void { $this->client->loginUser($this->getUserByUsername('JohnDoe')); self::createOAuth2AuthCodeClient(); $magazine = $this->getMagazineByName('test'); $user = $this->getUserByUsername('testuser'); $codes = self::getAuthorizationCodeTokenResponse($this->client); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('POST', "/api/moderate/magazine/{$magazine->getId()}/ban/{$user->getId()}", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); } public function testApiCannotCreateMagazineBanIfNotMod(): void { $this->client->loginUser($this->getUserByUsername('JohnDoe')); self::createOAuth2AuthCodeClient(); $magazine = $this->getMagazineByName('test', $this->getUserByUsername('JaneDoe')); $user = $this->getUserByUsername('testuser'); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read write moderate:magazine:ban:create'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('POST', "/api/moderate/magazine/{$magazine->getId()}/ban/{$user->getId()}", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); } public function testApiCanCreateMagazineBan(): void { $user = $this->getUserByUsername('JohnDoe'); $this->client->loginUser($user); self::createOAuth2AuthCodeClient(); $magazine = $this->getMagazineByName('test'); $bannedUser = $this->getUserByUsername('hapless_fool'); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read write moderate:magazine:ban:create'); $token = $codes['token_type'].' '.$codes['access_token']; $reason = 'you got banned through the API, how does that make you feel?'; $expiredAt = (new \DateTimeImmutable('+1 hour'))->format(\DateTimeImmutable::ATOM); $this->client->jsonRequest( 'POST', "/api/moderate/magazine/{$magazine->getId()}/ban/{$bannedUser->getId()}", parameters: [ 'reason' => $reason, 'expiredAt' => $expiredAt, ], server: ['HTTP_AUTHORIZATION' => $token] ); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(MagazineRetrieveBansApiTest::BAN_RESPONSE_KEYS, $jsonData); self::assertEquals($reason, $jsonData['reason']); self::assertArrayKeysMatch(MagazineRetrieveApiTest::MAGAZINE_SMALL_RESPONSE_KEYS, $jsonData['magazine']); self::assertSame($magazine->getId(), $jsonData['magazine']['magazineId']); self::assertArrayKeysMatch(self::USER_SMALL_RESPONSE_KEYS, $jsonData['bannedUser']); self::assertSame($bannedUser->getId(), $jsonData['bannedUser']['userId']); self::assertArrayKeysMatch(self::USER_SMALL_RESPONSE_KEYS, $jsonData['bannedBy']); self::assertSame($user->getId(), $jsonData['bannedBy']['userId']); self::assertEquals($expiredAt, $jsonData['expiredAt']); self::assertFalse($jsonData['expired']); } public function testApiCannotDeleteMagazineBanAnonymous(): void { $magazine = $this->getMagazineByName('test'); $user = $this->getUserByUsername('testuser'); $this->client->request('DELETE', "/api/moderate/magazine/{$magazine->getId()}/ban/{$user->getId()}"); self::assertResponseStatusCodeSame(401); } public function testApiCannotDeleteMagazineBanWithoutScope(): void { $this->client->loginUser($this->getUserByUsername('JohnDoe')); self::createOAuth2AuthCodeClient(); $magazine = $this->getMagazineByName('test'); $user = $this->getUserByUsername('testuser'); $codes = self::getAuthorizationCodeTokenResponse($this->client); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('DELETE', "/api/moderate/magazine/{$magazine->getId()}/ban/{$user->getId()}", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); } public function testApiCannotDeleteMagazineBanIfNotMod(): void { $this->client->loginUser($this->getUserByUsername('JohnDoe')); self::createOAuth2AuthCodeClient(); $magazine = $this->getMagazineByName('test', $this->getUserByUsername('JaneDoe')); $user = $this->getUserByUsername('testuser'); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read write moderate:magazine:ban:delete'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('DELETE', "/api/moderate/magazine/{$magazine->getId()}/ban/{$user->getId()}", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); } public function testApiCanDeleteMagazineBan(): void { $user = $this->getUserByUsername('JohnDoe'); $this->client->loginUser($user); self::createOAuth2AuthCodeClient(); $magazine = $this->getMagazineByName('test'); $bannedUser = $this->getUserByUsername('hapless_fool'); $magazineManager = $this->magazineManager; $ban = MagazineBanDto::create('test ban <3'); $magazineManager->ban($magazine, $bannedUser, $user, $ban); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read write moderate:magazine:ban:delete'); $token = $codes['token_type'].' '.$codes['access_token']; $expiredAt = new \DateTimeImmutable(); $this->client->request('DELETE', "/api/moderate/magazine/{$magazine->getId()}/ban/{$bannedUser->getId()}", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(MagazineRetrieveBansApiTest::BAN_RESPONSE_KEYS, $jsonData); self::assertEquals($ban->reason, $jsonData['reason']); self::assertArrayKeysMatch(MagazineRetrieveApiTest::MAGAZINE_SMALL_RESPONSE_KEYS, $jsonData['magazine']); self::assertSame($magazine->getId(), $jsonData['magazine']['magazineId']); self::assertArrayKeysMatch(self::USER_SMALL_RESPONSE_KEYS, $jsonData['bannedUser']); self::assertSame($bannedUser->getId(), $jsonData['bannedUser']['userId']); self::assertArrayKeysMatch(self::USER_SMALL_RESPONSE_KEYS, $jsonData['bannedBy']); self::assertSame($user->getId(), $jsonData['bannedBy']['userId']); $actualExpiry = \DateTimeImmutable::createFromFormat(\DateTimeImmutable::ATOM, $jsonData['expiredAt']); // Hopefully the API responds fast enough that there is only a max delta of 10 second between these two timestamps self::assertEqualsWithDelta($expiredAt->getTimestamp(), $actualExpiry->getTimestamp(), 10.0); self::assertTrue($jsonData['expired']); } } ================================================ FILE: tests/Functional/Controller/Api/Magazine/Moderate/MagazineModOwnerRequestApiTest.php ================================================ getMagazineByName('test'); $this->client->request('PUT', "/api/moderate/magazine/{$magazine->getId()}/modRequest/toggle"); self::assertResponseStatusCodeSame(401); } public function testApiCannotToggleModRequestWithoutScope(): void { $magazine = $this->getMagazineByName('test'); $user = $this->getUserByUsername('JohnDoe'); $this->client->loginUser($user); self::createOAuth2AuthCodeClient(); $codes = self::getAuthorizationCodeTokenResponse($this->client); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('PUT', "/api/moderate/magazine/{$magazine->getId()}/modRequest/toggle", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); } public function testApiCanToggleModRequest(): void { $magazine = $this->getMagazineByName('test'); $user = $this->getUserByUsername('JohnDoe'); $this->client->loginUser($user); self::createOAuth2AuthCodeClient(); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'magazine:subscribe'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('PUT', "/api/moderate/magazine/{$magazine->getId()}/modRequest/toggle", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(['created'], $jsonData); self::assertTrue($jsonData['created']); $this->client->request('PUT', "/api/moderate/magazine/{$magazine->getId()}/modRequest/toggle", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(['created'], $jsonData); self::assertFalse($jsonData['created']); } public function testApiCannotAcceptModRequestAnonymously(): void { $magazine = $this->getMagazineByName('test'); $user = $this->getUserByUsername('JohnDoe'); $this->magazineManager->toggleModeratorRequest($magazine, $user); $this->client->request('PUT', "/api/moderate/magazine/{$magazine->getId()}/modRequest/accept/{$user->getId()}"); self::assertResponseStatusCodeSame(401); } public function testApiCannotAcceptModRequestWithoutScope(): void { $magazine = $this->getMagazineByName('test'); $user = $this->getUserByUsername('JohnDoe'); $this->magazineManager->toggleModeratorRequest($magazine, $user); $adminUser = $this->getUserByUsername('Admin'); $this->setAdmin($adminUser); $this->client->loginUser($adminUser); self::createOAuth2AuthCodeClient(); $codes = self::getAuthorizationCodeTokenResponse($this->client); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('PUT', "/api/moderate/magazine/{$magazine->getId()}/modRequest/accept/{$user->getId()}", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); } public function testApiCanAcceptModRequest(): void { $magazine = $this->getMagazineByName('test'); $user = $this->getUserByUsername('JohnDoeTheSecond'); $this->magazineManager->toggleModeratorRequest($magazine, $user); $adminUser = $this->getUserByUsername('Admin'); $this->setAdmin($adminUser); $this->client->loginUser($adminUser); self::createOAuth2AuthCodeClient(); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'admin:magazine:moderate'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('PUT', "/api/moderate/magazine/{$magazine->getId()}/modRequest/accept/{$user->getId()}", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(204); self::assertSame('', $this->client->getResponse()->getContent()); $modRequest = $this->entityManager->getRepository(ModeratorRequest::class)->findOneBy([ 'magazine' => $magazine, 'user' => $user, ]); self::assertNull($modRequest); $magazine = $this->magazineRepository->findOneBy(['id' => $magazine->getId()]); $user = $this->userRepository->findOneBy(['id' => $user->getId()]); self::assertTrue($magazine->userIsModerator($user)); } public function testApiCanRejectModRequest(): void { $magazine = $this->getMagazineByName('test'); $user = $this->getUserByUsername('JohnDoeTheSecond'); $this->magazineManager->toggleModeratorRequest($magazine, $user); $adminUser = $this->getUserByUsername('Admin'); $this->setAdmin($adminUser); $this->client->loginUser($adminUser); self::createOAuth2AuthCodeClient(); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'admin:magazine:moderate'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('PUT', "/api/moderate/magazine/{$magazine->getId()}/modRequest/reject/{$user->getId()}", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(204); self::assertSame('', $this->client->getResponse()->getContent()); $modRequest = $this->entityManager->getRepository(ModeratorRequest::class)->findOneBy([ 'magazine' => $magazine, 'user' => $user, ]); self::assertNull($modRequest); $magazine = $this->magazineRepository->findOneBy(['id' => $magazine->getId()]); $user = $this->userRepository->findOneBy(['id' => $user->getId()]); self::assertFalse($magazine->userIsModerator($user)); } public function testApiCannotListModRequestsAnonymously(): void { $this->client->request('GET', '/api/moderate/modRequest/list'); self::assertResponseStatusCodeSame(401); } public function testApiCannotListModRequestsWithoutScope(): void { $user = $this->getUserByUsername('JohnDoe'); $this->client->loginUser($user); self::createOAuth2AuthCodeClient(); $codes = self::getAuthorizationCodeTokenResponse($this->client); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('GET', '/api/moderate/modRequest/list', server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); } public function testApiCannotListModRequestsForInvalidMagazineId(): void { $adminUser = $this->getUserByUsername('Admin'); $this->setAdmin($adminUser); $this->client->loginUser($adminUser); self::createOAuth2AuthCodeClient(); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'admin:magazine:moderate'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('GET', '/api/moderate/modRequest/list?magazine=a', server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(404); } public function testApiCannotListModRequestsForMissingMagazine(): void { $adminUser = $this->getUserByUsername('Admin'); $this->setAdmin($adminUser); $this->client->loginUser($adminUser); self::createOAuth2AuthCodeClient(); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'admin:magazine:moderate'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('GET', '/api/moderate/modRequest/list?magazine=99', server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(404); } public function testApiCanListModRequestsForMagazine(): void { $magazine1 = $this->getMagazineByName('Magazine 1'); $magazine2 = $this->getMagazineByName('Magazine 2'); $magazine3 = $this->getMagazineByName('Magazine 3'); $user1 = $this->getUserByUsername('User 1'); $user2 = $this->getUserByUsername('User 2'); $this->magazineManager->toggleModeratorRequest($magazine1, $user1); $this->magazineManager->toggleModeratorRequest($magazine1, $user2); $this->magazineManager->toggleModeratorRequest($magazine2, $user2); $adminUser = $this->getUserByUsername('Admin'); $this->setAdmin($adminUser); $this->client->loginUser($adminUser); self::createOAuth2AuthCodeClient(); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'admin:magazine:moderate'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('GET', "/api/moderate/modRequest/list?magazine={$magazine1->getId()}", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertCount(2, $jsonData); self::assertTrue(array_all($jsonData, function ($item) use ($magazine1, $user1, $user2) { return $item['magazine']['magazineId'] === $magazine1->getId() && ($item['user']['userId'] === $user1->getId() || $item['user']['userId'] === $user2->getId()); })); self::assertNotSame($jsonData[0]['user']['userId'], $jsonData[1]['user']['userId']); } public function testApiCanListModRequestsForAllMagazines(): void { $magazine1 = $this->getMagazineByName('Magazine 1'); $magazine2 = $this->getMagazineByName('Magazine 2'); $magazine3 = $this->getMagazineByName('Magazine 3'); $user1 = $this->getUserByUsername('User 1'); $user2 = $this->getUserByUsername('User 2'); $this->magazineManager->toggleModeratorRequest($magazine1, $user1); $this->magazineManager->toggleModeratorRequest($magazine1, $user2); $this->magazineManager->toggleModeratorRequest($magazine2, $user2); $adminUser = $this->getUserByUsername('Admin'); $this->setAdmin($adminUser); $this->client->loginUser($adminUser); self::createOAuth2AuthCodeClient(); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'admin:magazine:moderate'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('GET', '/api/moderate/modRequest/list', server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertCount(3, $jsonData); self::assertTrue(array_all($jsonData, function ($item) use ($magazine1, $magazine2, $user1, $user2) { return ($item['magazine']['magazineId'] === $magazine1->getId() && $item['user']['userId'] === $user1->getId()) || ($item['magazine']['magazineId'] === $magazine1->getId() && $item['user']['userId'] === $user2->getId()) || ($item['magazine']['magazineId'] === $magazine2->getId() && $item['user']['userId'] === $user2->getId()); })); } public function testApiCannotToggleOwnerRequestAnonymously(): void { $magazine = $this->getMagazineByName('test'); $this->client->request('PUT', "/api/moderate/magazine/{$magazine->getId()}/ownerRequest/toggle"); self::assertResponseStatusCodeSame(401); } public function testApiCannotToggleOwnerRequestWithoutScope(): void { $magazine = $this->getMagazineByName('test'); $user = $this->getUserByUsername('JohnDoe'); $this->client->loginUser($user); self::createOAuth2AuthCodeClient(); $codes = self::getAuthorizationCodeTokenResponse($this->client); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('PUT', "/api/moderate/magazine/{$magazine->getId()}/ownerRequest/toggle", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); } public function testApiCanToggleOwnerRequest(): void { $magazine = $this->getMagazineByName('test'); $user = $this->getUserByUsername('JohnDoe'); $this->client->loginUser($user); self::createOAuth2AuthCodeClient(); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'magazine:subscribe'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('PUT', "/api/moderate/magazine/{$magazine->getId()}/ownerRequest/toggle", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(['created'], $jsonData); self::assertTrue($jsonData['created']); $this->client->request('PUT', "/api/moderate/magazine/{$magazine->getId()}/ownerRequest/toggle", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(['created'], $jsonData); self::assertFalse($jsonData['created']); } public function testApiCannotAcceptOwnerRequestAnonymously(): void { $magazine = $this->getMagazineByName('test'); $user = $this->getUserByUsername('JohnDoe'); $this->magazineManager->toggleModeratorRequest($magazine, $user); $this->client->request('PUT', "/api/moderate/magazine/{$magazine->getId()}/ownerRequest/accept/{$user->getId()}"); self::assertResponseStatusCodeSame(401); } public function testApiCannotAcceptOwnerRequestWithoutScope(): void { $magazine = $this->getMagazineByName('test'); $user = $this->getUserByUsername('JohnDoe'); $this->magazineManager->toggleModeratorRequest($magazine, $user); $adminUser = $this->getUserByUsername('Admin'); $this->setAdmin($adminUser); $this->client->loginUser($adminUser); self::createOAuth2AuthCodeClient(); $codes = self::getAuthorizationCodeTokenResponse($this->client); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('PUT', "/api/moderate/magazine/{$magazine->getId()}/ownerRequest/accept/{$user->getId()}", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); } public function testApiCanAcceptOwnerRequest(): void { $magazine = $this->getMagazineByName('test'); $user = $this->getUserByUsername('JohnDoeTheSecond'); $this->magazineManager->toggleOwnershipRequest($magazine, $user); $adminUser = $this->getUserByUsername('Admin'); $this->setAdmin($adminUser); $this->client->loginUser($adminUser); self::createOAuth2AuthCodeClient(); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'admin:magazine:moderate'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('PUT', "/api/moderate/magazine/{$magazine->getId()}/ownerRequest/accept/{$user->getId()}", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(204); self::assertSame('', $this->client->getResponse()->getContent()); $ownerRequest = $this->entityManager->getRepository(MagazineOwnershipRequest::class)->findOneBy([ 'magazine' => $magazine, 'user' => $user, ]); self::assertNull($ownerRequest); $magazine = $this->magazineRepository->findOneBy(['id' => $magazine->getId()]); $user = $this->userRepository->findOneBy(['id' => $user->getId()]); self::assertTrue($magazine->userIsOwner($user)); } public function testApiCanRejectOwnerRequest(): void { $magazine = $this->getMagazineByName('test'); $user = $this->getUserByUsername('JohnDoeTheSecond'); $this->magazineManager->toggleOwnershipRequest($magazine, $user); $adminUser = $this->getUserByUsername('Admin'); $this->setAdmin($adminUser); $this->client->loginUser($adminUser); self::createOAuth2AuthCodeClient(); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'admin:magazine:moderate'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('PUT', "/api/moderate/magazine/{$magazine->getId()}/ownerRequest/reject/{$user->getId()}", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(204); self::assertSame('', $this->client->getResponse()->getContent()); $ownerRequest = $this->entityManager->getRepository(ModeratorRequest::class)->findOneBy([ 'magazine' => $magazine, 'user' => $user, ]); self::assertNull($ownerRequest); $magazine = $this->magazineRepository->findOneBy(['id' => $magazine->getId()]); $user = $this->userRepository->findOneBy(['id' => $user->getId()]); self::assertFalse($magazine->userIsOwner($user)); self::assertFalse($magazine->userIsModerator($user)); } public function testApiCannotListOwnerRequestsAnonymously(): void { $this->client->request('GET', '/api/moderate/ownerRequest/list'); self::assertResponseStatusCodeSame(401); } public function testApiCannotListOwnerRequestsWithoutScope(): void { $user = $this->getUserByUsername('JohnDoe'); $this->client->loginUser($user); self::createOAuth2AuthCodeClient(); $codes = self::getAuthorizationCodeTokenResponse($this->client); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('GET', '/api/moderate/ownerRequest/list', server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); } public function testApiCannotListOwnerRequestsForInvalidMagazineId(): void { $adminUser = $this->getUserByUsername('Admin'); $this->setAdmin($adminUser); $this->client->loginUser($adminUser); self::createOAuth2AuthCodeClient(); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'admin:magazine:moderate'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('GET', '/api/moderate/ownerRequest/list?magazine=a', server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(404); } public function testApiCannotListOwnerRequestsForMissingMagazine(): void { $adminUser = $this->getUserByUsername('Admin'); $this->setAdmin($adminUser); $this->client->loginUser($adminUser); self::createOAuth2AuthCodeClient(); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'admin:magazine:moderate'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('GET', '/api/moderate/ownerRequest/list?magazine=99', server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(404); } public function testApiCanListOwnerRequestsForMagazine(): void { $magazine1 = $this->getMagazineByName('Magazine 1'); $magazine2 = $this->getMagazineByName('Magazine 2'); $magazine3 = $this->getMagazineByName('Magazine 3'); $user1 = $this->getUserByUsername('User 1'); $user2 = $this->getUserByUsername('User 2'); $this->magazineManager->toggleOwnershipRequest($magazine1, $user1); $this->magazineManager->toggleOwnershipRequest($magazine1, $user2); $this->magazineManager->toggleOwnershipRequest($magazine2, $user2); $adminUser = $this->getUserByUsername('Admin'); $this->setAdmin($adminUser); $this->client->loginUser($adminUser); self::createOAuth2AuthCodeClient(); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'admin:magazine:moderate'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('GET', "/api/moderate/ownerRequest/list?magazine={$magazine1->getId()}", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertCount(2, $jsonData); self::assertTrue(array_all($jsonData, function ($item) use ($magazine1, $user1, $user2) { return $item['magazine']['magazineId'] === $magazine1->getId() && ($item['user']['userId'] === $user1->getId() || $item['user']['userId'] === $user2->getId()); })); self::assertNotSame($jsonData[0]['user']['userId'], $jsonData[1]['user']['userId']); } public function testApiCanListOwnerRequestsForAllMagazines(): void { $magazine1 = $this->getMagazineByName('Magazine 1'); $magazine2 = $this->getMagazineByName('Magazine 2'); $magazine3 = $this->getMagazineByName('Magazine 3'); $user1 = $this->getUserByUsername('User 1'); $user2 = $this->getUserByUsername('User 2'); $this->magazineManager->toggleOwnershipRequest($magazine1, $user1); $this->magazineManager->toggleOwnershipRequest($magazine1, $user2); $this->magazineManager->toggleOwnershipRequest($magazine2, $user2); $adminUser = $this->getUserByUsername('Admin'); $this->setAdmin($adminUser); $this->client->loginUser($adminUser); self::createOAuth2AuthCodeClient(); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'admin:magazine:moderate'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('GET', '/api/moderate/ownerRequest/list', server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertCount(3, $jsonData); self::assertTrue(array_all($jsonData, function ($item) use ($magazine1, $magazine2, $user1, $user2) { return ($item['magazine']['magazineId'] === $magazine1->getId() && $item['user']['userId'] === $user1->getId()) || ($item['magazine']['magazineId'] === $magazine1->getId() && $item['user']['userId'] === $user2->getId()) || ($item['magazine']['magazineId'] === $magazine2->getId() && $item['user']['userId'] === $user2->getId()); })); } } ================================================ FILE: tests/Functional/Controller/Api/Magazine/Moderate/MagazineRetrieveBansApiTest.php ================================================ getMagazineByName('test'); $this->client->request('GET', "/api/moderate/magazine/{$magazine->getId()}/bans"); self::assertResponseStatusCodeSame(401); } public function testApiCannotRetrieveMagazineBansWithoutScope(): void { $this->client->loginUser($this->getUserByUsername('JohnDoe')); self::createOAuth2AuthCodeClient(); $magazine = $this->getMagazineByName('test'); $codes = self::getAuthorizationCodeTokenResponse($this->client); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('GET', "/api/moderate/magazine/{$magazine->getId()}/bans", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); } public function testApiCannotRetrieveMagazineBansIfNotMod(): void { $this->client->loginUser($this->getUserByUsername('JohnDoe')); self::createOAuth2AuthCodeClient(); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read write moderate:magazine:ban:read'); $token = $codes['token_type'].' '.$codes['access_token']; $magazine = $this->getMagazineByName('test', $this->getUserByUsername('JaneDoe')); $this->client->request('GET', "/api/moderate/magazine/{$magazine->getId()}/bans", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); } public function testApiCanRetrieveMagazineBans(): void { $user = $this->getUserByUsername('JohnDoe'); $this->client->loginUser($user); self::createOAuth2AuthCodeClient(); $magazine = $this->getMagazineByName('test'); $bannedUser = $this->getUserByUsername('hapless_fool'); $magazineManager = $this->magazineManager; $ban = MagazineBanDto::create('test ban :)'); $magazineManager->ban($magazine, $bannedUser, $user, $ban); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read write moderate:magazine:ban:read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('GET', "/api/moderate/magazine/{$magazine->getId()}/bans", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::PAGINATED_KEYS, $jsonData); self::assertIsArray($jsonData['pagination']); self::assertArrayKeysMatch(self::PAGINATION_KEYS, $jsonData['pagination']); self::assertSame(1, $jsonData['pagination']['count']); self::assertIsArray($jsonData['items']); self::assertCount(1, $jsonData['items']); self::assertArrayKeysMatch(self::BAN_RESPONSE_KEYS, $jsonData['items'][0]); self::assertEquals($ban->reason, $jsonData['items'][0]['reason']); self::assertArrayKeysMatch(MagazineRetrieveApiTest::MAGAZINE_SMALL_RESPONSE_KEYS, $jsonData['items'][0]['magazine']); self::assertSame($magazine->getId(), $jsonData['items'][0]['magazine']['magazineId']); self::assertArrayKeysMatch(self::USER_SMALL_RESPONSE_KEYS, $jsonData['items'][0]['bannedUser']); self::assertSame($bannedUser->getId(), $jsonData['items'][0]['bannedUser']['userId']); self::assertArrayKeysMatch(self::USER_SMALL_RESPONSE_KEYS, $jsonData['items'][0]['bannedBy']); self::assertSame($user->getId(), $jsonData['items'][0]['bannedBy']['userId']); self::assertNull($jsonData['items'][0]['expiredAt']); self::assertFalse($jsonData['items'][0]['expired']); } } ================================================ FILE: tests/Functional/Controller/Api/Magazine/Moderate/MagazineRetrieveReportsApiTest.php ================================================ getUserByUsername('JohnDoe'); $magazine = $this->getMagazineByName('test'); $reportedUser = $this->getUserByUsername('hapless_fool'); $entry = $this->getEntryByTitle('Report test', body: 'This is gonna be reported', magazine: $magazine, user: $reportedUser); $reportManager = $this->reportManager; $report = $reportManager->report(ReportDto::create($entry, 'I don\'t like it'), $user); $this->client->request('GET', "/api/moderate/magazine/{$magazine->getId()}/reports/{$report->getId()}"); self::assertResponseStatusCodeSame(401); } public function testApiCannotRetrieveMagazineReportByIdWithoutScope(): void { $user = $this->getUserByUsername('JohnDoe'); $this->client->loginUser($user); self::createOAuth2AuthCodeClient(); $magazine = $this->getMagazineByName('test'); $reportedUser = $this->getUserByUsername('hapless_fool'); $entry = $this->getEntryByTitle('Report test', body: 'This is gonna be reported', magazine: $magazine, user: $reportedUser); $reportManager = $this->reportManager; $report = $reportManager->report(ReportDto::create($entry, 'I don\'t like it'), $user); $codes = self::getAuthorizationCodeTokenResponse($this->client); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('GET', "/api/moderate/magazine/{$magazine->getId()}/reports/{$report->getId()}", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); } public function testApiCannotRetrieveMagazineReportByIdIfNotMod(): void { $user = $this->getUserByUsername('JohnDoe'); $this->client->loginUser($user); self::createOAuth2AuthCodeClient(); $magazine = $this->getMagazineByName('test', $this->getUserByUsername('JaneDoe')); $reportedUser = $this->getUserByUsername('hapless_fool'); $entry = $this->getEntryByTitle('Report test', body: 'This is gonna be reported', magazine: $magazine, user: $reportedUser); $reportManager = $this->reportManager; $report = $reportManager->report(ReportDto::create($entry, 'I don\'t like it'), $user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read write moderate:magazine:reports:read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('GET', "/api/moderate/magazine/{$magazine->getId()}/reports/{$report->getId()}", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); } public function testApiCanRetrieveMagazineReportById(): void { $user = $this->getUserByUsername('JohnDoe'); $this->client->loginUser($user); self::createOAuth2AuthCodeClient(); $magazine = $this->getMagazineByName('test'); $reportedUser = $this->getUserByUsername('hapless_fool'); $entry = $this->getEntryByTitle('Report test', body: 'This is gonna be reported', magazine: $magazine, user: $reportedUser); $reportManager = $this->reportManager; $report = $reportManager->report(ReportDto::create($entry, 'I don\'t like it'), $user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read write moderate:magazine:reports:read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('GET', "/api/moderate/magazine/{$magazine->getId()}/reports/{$report->getId()}", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::REPORT_RESPONSE_KEYS, $jsonData); self::assertEquals($report->reason, $jsonData['reason']); self::assertEquals('entry_report', $jsonData['type']); self::assertArrayKeysMatch(MagazineRetrieveApiTest::MAGAZINE_SMALL_RESPONSE_KEYS, $jsonData['magazine']); self::assertSame($magazine->getId(), $jsonData['magazine']['magazineId']); self::assertArrayKeysMatch(self::USER_SMALL_RESPONSE_KEYS, $jsonData['reported']); self::assertSame($reportedUser->getId(), $jsonData['reported']['userId']); self::assertArrayKeysMatch(self::USER_SMALL_RESPONSE_KEYS, $jsonData['reporting']); self::assertSame($user->getId(), $jsonData['reporting']['userId']); self::assertArrayKeysMatch(self::ENTRY_RESPONSE_KEYS, $jsonData['subject']); self::assertSame($entry->getId(), $jsonData['subject']['entryId']); self::assertEquals('pending', $jsonData['status']); self::assertSame(1, $jsonData['weight']); self::assertNull($jsonData['consideredAt']); self::assertNull($jsonData['consideredBy']); self::assertEqualsWithDelta($report->createdAt->getTimestamp(), \DateTimeImmutable::createFromFormat(\DateTimeImmutable::ATOM, $jsonData['createdAt'])->getTimestamp(), 10.0); } public function testApiCannotRetrieveMagazineReportsAnonymous(): void { $magazine = $this->getMagazineByName('test'); $this->client->request('GET', "/api/moderate/magazine/{$magazine->getId()}/reports"); self::assertResponseStatusCodeSame(401); } public function testApiCannotRetrieveMagazineReportsWithoutScope(): void { $this->client->loginUser($this->getUserByUsername('JohnDoe')); self::createOAuth2AuthCodeClient(); $magazine = $this->getMagazineByName('test'); $codes = self::getAuthorizationCodeTokenResponse($this->client); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('GET', "/api/moderate/magazine/{$magazine->getId()}/reports", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); } public function testApiCannotRetrieveMagazineReportsIfNotMod(): void { $this->client->loginUser($this->getUserByUsername('JohnDoe')); self::createOAuth2AuthCodeClient(); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read write moderate:magazine:reports:read'); $token = $codes['token_type'].' '.$codes['access_token']; $magazine = $this->getMagazineByName('test', $this->getUserByUsername('JaneDoe')); $this->client->request('GET', "/api/moderate/magazine/{$magazine->getId()}/reports", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); } public function testApiCanRetrieveMagazineReports(): void { $user = $this->getUserByUsername('JohnDoe'); $this->client->loginUser($user); self::createOAuth2AuthCodeClient(); $magazine = $this->getMagazineByName('test'); $reportedUser = $this->getUserByUsername('hapless_fool'); $entry = $this->getEntryByTitle('Report test', body: 'This is gonna be reported', magazine: $magazine, user: $reportedUser); $reportManager = $this->reportManager; $report = $reportManager->report(ReportDto::create($entry, 'I don\'t like it'), $user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read write moderate:magazine:reports:read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('GET', "/api/moderate/magazine/{$magazine->getId()}/reports", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::PAGINATED_KEYS, $jsonData); self::assertIsArray($jsonData['pagination']); self::assertArrayKeysMatch(self::PAGINATION_KEYS, $jsonData['pagination']); self::assertSame(1, $jsonData['pagination']['count']); self::assertIsArray($jsonData['items']); self::assertCount(1, $jsonData['items']); self::assertArrayKeysMatch(self::REPORT_RESPONSE_KEYS, $jsonData['items'][0]); self::assertEquals($report->reason, $jsonData['items'][0]['reason']); self::assertEquals('entry_report', $jsonData['items'][0]['type']); self::assertArrayKeysMatch(MagazineRetrieveApiTest::MAGAZINE_SMALL_RESPONSE_KEYS, $jsonData['items'][0]['magazine']); self::assertSame($magazine->getId(), $jsonData['items'][0]['magazine']['magazineId']); self::assertArrayKeysMatch(self::USER_SMALL_RESPONSE_KEYS, $jsonData['items'][0]['reported']); self::assertSame($reportedUser->getId(), $jsonData['items'][0]['reported']['userId']); self::assertArrayKeysMatch(self::USER_SMALL_RESPONSE_KEYS, $jsonData['items'][0]['reporting']); self::assertSame($user->getId(), $jsonData['items'][0]['reporting']['userId']); self::assertArrayKeysMatch(self::ENTRY_RESPONSE_KEYS, $jsonData['items'][0]['subject']); self::assertSame($entry->getId(), $jsonData['items'][0]['subject']['entryId']); self::assertEquals('pending', $jsonData['items'][0]['status']); self::assertSame(1, $jsonData['items'][0]['weight']); self::assertNull($jsonData['items'][0]['consideredAt']); self::assertNull($jsonData['items'][0]['consideredBy']); self::assertEqualsWithDelta($report->createdAt->getTimestamp(), \DateTimeImmutable::createFromFormat(\DateTimeImmutable::ATOM, $jsonData['items'][0]['createdAt'])->getTimestamp(), 10.0); } } ================================================ FILE: tests/Functional/Controller/Api/Magazine/Moderate/MagazineRetrieveTrashApiTest.php ================================================ getMagazineByName('test'); $this->client->request('GET', "/api/moderate/magazine/{$magazine->getId()}/trash"); self::assertResponseStatusCodeSame(401); } public function testApiCannotRetrieveMagazineTrashWithoutScope(): void { $this->client->loginUser($this->getUserByUsername('JohnDoe')); self::createOAuth2AuthCodeClient(); $magazine = $this->getMagazineByName('test'); $codes = self::getAuthorizationCodeTokenResponse($this->client); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('GET', "/api/moderate/magazine/{$magazine->getId()}/trash", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); } public function testApiCannotRetrieveMagazineTrashIfNotMod(): void { $this->client->loginUser($this->getUserByUsername('JohnDoe')); self::createOAuth2AuthCodeClient(); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read write moderate:magazine:trash:read'); $token = $codes['token_type'].' '.$codes['access_token']; $magazine = $this->getMagazineByName('test', $this->getUserByUsername('JaneDoe')); $this->client->request('GET', "/api/moderate/magazine/{$magazine->getId()}/trash", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); } public function testApiCanRetrieveMagazineTrash(): void { $user = $this->getUserByUsername('JohnDoe'); $this->client->loginUser($user); self::createOAuth2AuthCodeClient(); $magazine = $this->getMagazineByName('test'); $reportedUser = $this->getUserByUsername('hapless_fool'); $entry = $this->getEntryByTitle('Delete test', body: 'This is gonna be deleted', magazine: $magazine, user: $reportedUser); $entryManager = $this->entryManager; $entryManager->delete($user, $entry); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read write moderate:magazine:trash:read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('GET', "/api/moderate/magazine/{$magazine->getId()}/trash", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::PAGINATED_KEYS, $jsonData); self::assertIsArray($jsonData['pagination']); self::assertArrayKeysMatch(self::PAGINATION_KEYS, $jsonData['pagination']); self::assertSame(1, $jsonData['pagination']['count']); self::assertIsArray($jsonData['items']); self::assertCount(1, $jsonData['items']); $trashedEntryResponseKeys = array_merge(self::ENTRY_RESPONSE_KEYS, ['itemType']); self::assertArrayKeysMatch($trashedEntryResponseKeys, $jsonData['items'][0]); self::assertArrayKeysMatch(MagazineRetrieveApiTest::MAGAZINE_SMALL_RESPONSE_KEYS, $jsonData['items'][0]['magazine']); self::assertSame($magazine->getId(), $jsonData['items'][0]['magazine']['magazineId']); self::assertSame($entry->getId(), $jsonData['items'][0]['entryId']); self::assertEquals($entry->body, $jsonData['items'][0]['body']); self::assertEquals(VisibilityInterface::VISIBILITY_TRASHED, $jsonData['items'][0]['visibility']); } } ================================================ FILE: tests/Functional/Controller/Api/Message/MessageReadApiTest.php ================================================ createMessage($this->getUserByUsername('JohnDoe'), $this->getUserByUsername('JaneDoe'), 'test message'); $this->client->request('PUT', "/api/messages/{$message->getId()}/read"); self::assertResponseStatusCodeSame(401); } public function testApiCannotMarkMessagesReadWithoutScope(): void { self::createOAuth2AuthCodeClient(); $user = $this->getUserByUsername('JohnDoe'); $this->client->loginUser($user); $message = $this->createMessage($this->getUserByUsername('JohnDoe'), $this->getUserByUsername('JaneDoe'), 'test message'); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('PUT', "/api/messages/{$message->getId()}/read", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); } public function testApiCannotMarkOtherUsersMessagesRead(): void { self::createOAuth2AuthCodeClient(); $user = $this->getUserByUsername('JohnDoe'); $messagingUser = $this->getUserByUsername('JaneDoe'); $messagedUser = $this->getUserByUsername('JamesDoe'); $message = $this->createMessage($messagedUser, $messagingUser, 'test message'); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read user:message:read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('PUT', "/api/messages/{$message->getId()}/read", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); } public function testApiCanMarkMessagesRead(): void { self::createOAuth2AuthCodeClient(); $user = $this->getUserByUsername('JohnDoe'); $messagingUser = $this->getUserByUsername('JaneDoe'); $thread = $this->createMessageThread($user, $messagingUser, 'test message'); /** @var Message $message */ $message = $thread->messages->get(0); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read user:message:read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('PUT', "/api/messages/{$message->getId()}/read", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::MESSAGE_RESPONSE_KEYS, $jsonData); self::assertSame($message->getId(), $jsonData['messageId']); self::assertSame($thread->getId(), $jsonData['threadId']); self::assertEquals('test message', $jsonData['body']); self::assertEquals(Message::STATUS_READ, $jsonData['status']); self::assertSame($message->createdAt->getTimestamp(), \DateTimeImmutable::createFromFormat(\DateTimeImmutable::ATOM, $jsonData['createdAt'])->getTimestamp()); self::assertArrayKeysMatch(self::USER_SMALL_RESPONSE_KEYS, $jsonData['sender']); self::assertSame($messagingUser->getId(), $jsonData['sender']['userId']); } public function testApiCannotMarkMessagesUnreadAnonymous(): void { $message = $this->createMessage($this->getUserByUsername('JohnDoe'), $this->getUserByUsername('JaneDoe'), 'test message'); $this->client->request('PUT', "/api/messages/{$message->getId()}/unread"); self::assertResponseStatusCodeSame(401); } public function testApiCannotMarkMessagesUnreadWithoutScope(): void { self::createOAuth2AuthCodeClient(); $user = $this->getUserByUsername('JohnDoe'); $this->client->loginUser($user); $message = $this->createMessage($this->getUserByUsername('JohnDoe'), $this->getUserByUsername('JaneDoe'), 'test message'); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('PUT', "/api/messages/{$message->getId()}/unread", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); } public function testApiCannotMarkOtherUsersMessagesUnread(): void { self::createOAuth2AuthCodeClient(); $user = $this->getUserByUsername('JohnDoe'); $messagingUser = $this->getUserByUsername('JaneDoe'); $messagedUser = $this->getUserByUsername('JamesDoe'); $message = $this->createMessage($messagedUser, $messagingUser, 'test message'); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read user:message:read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('PUT', "/api/messages/{$message->getId()}/unread", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); } public function testApiCanMarkMessagesUnread(): void { self::createOAuth2AuthCodeClient(); $user = $this->getUserByUsername('JohnDoe'); $messagingUser = $this->getUserByUsername('JaneDoe'); $thread = $this->createMessageThread($user, $messagingUser, 'test message'); /** @var Message $message */ $message = $thread->messages->get(0); $messageManager = $this->messageManager; $messageManager->readMessage($message, $user, flush: true); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read user:message:read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('PUT', "/api/messages/{$message->getId()}/unread", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::MESSAGE_RESPONSE_KEYS, $jsonData); self::assertSame($message->getId(), $jsonData['messageId']); self::assertSame($thread->getId(), $jsonData['threadId']); self::assertEquals('test message', $jsonData['body']); self::assertEquals(Message::STATUS_NEW, $jsonData['status']); self::assertSame($message->createdAt->getTimestamp(), \DateTimeImmutable::createFromFormat(\DateTimeImmutable::ATOM, $jsonData['createdAt'])->getTimestamp()); self::assertArrayKeysMatch(self::USER_SMALL_RESPONSE_KEYS, $jsonData['sender']); self::assertSame($messagingUser->getId(), $jsonData['sender']['userId']); } } ================================================ FILE: tests/Functional/Controller/Api/Message/MessageRetrieveApiTest.php ================================================ client->request('GET', '/api/messages'); self::assertResponseStatusCodeSame(401); } public function testApiCannotGetMessagesWithoutScope(): void { self::createOAuth2AuthCodeClient(); $user = $this->getUserByUsername('JohnDoe'); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('GET', '/api/messages', server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); } public function testApiCanGetMessages(): void { self::createOAuth2AuthCodeClient(); $user = $this->getUserByUsername('JohnDoe'); $messagingUser = $this->getUserByUsername('JaneDoe'); $messageManager = $this->messageManager; $dto = new MessageDto(); $dto->body = 'test message'; $thread = $messageManager->toThread($dto, $messagingUser, $user); /** @var Message $message */ $message = $thread->messages->get(0); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read user:message:read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('GET', '/api/messages', server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::PAGINATED_KEYS, $jsonData); self::assertIsArray($jsonData['pagination']); self::assertArrayKeysMatch(self::PAGINATION_KEYS, $jsonData['pagination']); self::assertCount(1, $jsonData['items']); self::assertIsArray($jsonData['items'][0]); self::assertArrayKeysMatch(self::MESSAGE_THREAD_RESPONSE_KEYS, $jsonData['items'][0]); self::assertSame($thread->getId(), $jsonData['items'][0]['threadId']); self::assertSame(1, $jsonData['items'][0]['messageCount']); self::assertIsArray($jsonData['items'][0]['messages']); self::assertCount(1, $jsonData['items'][0]['messages']); self::assertArrayKeysMatch(self::MESSAGE_RESPONSE_KEYS, $jsonData['items'][0]['messages'][0]); self::assertSame($message->getId(), $jsonData['items'][0]['messages'][0]['messageId']); self::assertSame($thread->getId(), $jsonData['items'][0]['messages'][0]['threadId']); self::assertEquals('test message', $jsonData['items'][0]['messages'][0]['body']); self::assertEquals('new', $jsonData['items'][0]['messages'][0]['status']); self::assertSame($message->createdAt->getTimestamp(), \DateTimeImmutable::createFromFormat(\DateTimeImmutable::ATOM, $jsonData['items'][0]['messages'][0]['createdAt'])->getTimestamp()); self::assertArrayKeysMatch(self::USER_SMALL_RESPONSE_KEYS, $jsonData['items'][0]['messages'][0]['sender']); self::assertSame($messagingUser->getId(), $jsonData['items'][0]['messages'][0]['sender']['userId']); } public function testApiCannotGetMessageByIdAnonymous(): void { $this->client->request('GET', '/api/messages/1'); self::assertResponseStatusCodeSame(401); } public function testApiCannotGetMessageByIdWithoutScope(): void { self::createOAuth2AuthCodeClient(); $user = $this->getUserByUsername('JohnDoe'); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('GET', '/api/messages/1', server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); } public function testApiCannotGetOtherUsersMessageById(): void { self::createOAuth2AuthCodeClient(); $user = $this->getUserByUsername('JohnDoe'); $messagingUser = $this->getUserByUsername('JaneDoe'); $messagedUser = $this->getUserByUsername('JamesDoe'); $messageManager = $this->messageManager; $dto = new MessageDto(); $dto->body = 'test message'; $thread = $messageManager->toThread($dto, $messagingUser, $messagedUser); /** @var Message $message */ $message = $thread->messages->get(0); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read user:message:read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('GET', "/api/messages/{$message->getId()}", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); } public function testApiCanGetMessageById(): void { self::createOAuth2AuthCodeClient(); $user = $this->getUserByUsername('JohnDoe'); $messagingUser = $this->getUserByUsername('JaneDoe'); $messageManager = $this->messageManager; $dto = new MessageDto(); $dto->body = 'test message'; $thread = $messageManager->toThread($dto, $messagingUser, $user); /** @var Message $message */ $message = $thread->messages->get(0); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read user:message:read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('GET', "/api/messages/{$message->getId()}", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::MESSAGE_RESPONSE_KEYS, $jsonData); self::assertSame($message->getId(), $jsonData['messageId']); self::assertSame($thread->getId(), $jsonData['threadId']); self::assertEquals('test message', $jsonData['body']); self::assertEquals('new', $jsonData['status']); self::assertSame($message->createdAt->getTimestamp(), \DateTimeImmutable::createFromFormat(\DateTimeImmutable::ATOM, $jsonData['createdAt'])->getTimestamp()); self::assertArrayKeysMatch(self::USER_SMALL_RESPONSE_KEYS, $jsonData['sender']); self::assertSame($messagingUser->getId(), $jsonData['sender']['userId']); } public function testApiCannotGetMessageThreadByIdAnonymous(): void { $messagingUser = $this->getUserByUsername('JaneDoe'); $messagedUser = $this->getUserByUsername('JamesDoe'); $messageManager = $this->messageManager; $dto = new MessageDto(); $dto->body = 'test message'; $thread = $messageManager->toThread($dto, $messagingUser, $messagedUser); $this->client->request('GET', "/api/messages/thread/{$thread->getId()}"); self::assertResponseStatusCodeSame(401); } public function testApiCannotGetMessageThreadByIdWithoutScope(): void { self::createOAuth2AuthCodeClient(); $user = $this->getUserByUsername('JohnDoe'); $messagingUser = $this->getUserByUsername('JaneDoe'); $messagedUser = $this->getUserByUsername('JamesDoe'); $this->client->loginUser($user); $messageManager = $this->messageManager; $dto = new MessageDto(); $dto->body = 'test message'; $thread = $messageManager->toThread($dto, $messagingUser, $messagedUser); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('GET', "/api/messages/thread/{$thread->getId()}", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); } public function testApiCannotGetOtherUsersMessageThreadById(): void { self::createOAuth2AuthCodeClient(); $user = $this->getUserByUsername('JohnDoe'); $messagingUser = $this->getUserByUsername('JaneDoe'); $messagedUser = $this->getUserByUsername('JamesDoe'); $messageManager = $this->messageManager; $dto = new MessageDto(); $dto->body = 'test message'; $thread = $messageManager->toThread($dto, $messagingUser, $messagedUser); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read user:message:read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('GET', "/api/messages/thread/{$thread->getId()}", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); } public function testApiCanGetMessageThreadById(): void { self::createOAuth2AuthCodeClient(); $user = $this->getUserByUsername('JohnDoe'); $messagingUser = $this->getUserByUsername('JaneDoe'); $messageManager = $this->messageManager; $dto = new MessageDto(); $dto->body = 'test message'; $thread = $messageManager->toThread($dto, $messagingUser, $user); /** @var Message $message */ $message = $thread->messages->get(0); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read user:message:read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('GET', "/api/messages/thread/{$thread->getId()}", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(array_merge(self::PAGINATED_KEYS, ['participants']), $jsonData); self::assertIsArray($jsonData['items']); self::assertCount(1, $jsonData['items']); self::assertIsArray($jsonData['participants']); self::assertCount(2, $jsonData['participants']); self::assertIsArray($jsonData['pagination']); self::assertArrayKeysMatch(self::PAGINATION_KEYS, $jsonData['pagination']); self::assertSame($message->getId(), $jsonData['items'][0]['messageId']); self::assertSame($thread->getId(), $jsonData['items'][0]['threadId']); self::assertEquals('test message', $jsonData['items'][0]['body']); self::assertEquals('new', $jsonData['items'][0]['status']); self::assertSame($message->createdAt->getTimestamp(), \DateTimeImmutable::createFromFormat(\DateTimeImmutable::ATOM, $jsonData['items'][0]['createdAt'])->getTimestamp()); self::assertArrayKeysMatch(self::USER_SMALL_RESPONSE_KEYS, $jsonData['items'][0]['sender']); self::assertSame($messagingUser->getId(), $jsonData['items'][0]['sender']['userId']); } } ================================================ FILE: tests/Functional/Controller/Api/Message/MessageThreadCreateApiTest.php ================================================ getUserByUsername('JohnDoe'); $this->client->jsonRequest('POST', "/api/users/{$messagedUser->getId()}/message", parameters: ['body' => 'test message']); self::assertResponseStatusCodeSame(401); } public function testApiCannotCreateThreadWithoutScope(): void { self::createOAuth2AuthCodeClient(); $user = $this->getUserByUsername('JohnDoe'); $this->client->loginUser($user); $messagedUser = $this->getUserByUsername('JaneDoe'); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->jsonRequest('POST', "/api/users/{$messagedUser->getId()}/message", parameters: ['body' => 'test message'], server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); } public function testApiCanCreateThread(): void { self::createOAuth2AuthCodeClient(); $user = $this->getUserByUsername('JohnDoe'); $messagedUser = $this->getUserByUsername('JaneDoe'); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read user:message:create'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->jsonRequest('POST', "/api/users/{$messagedUser->getId()}/message", parameters: ['body' => 'test message'], server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(MessageRetrieveApiTest::MESSAGE_THREAD_RESPONSE_KEYS, $jsonData); self::assertIsArray($jsonData['participants']); self::assertCount(2, $jsonData['participants']); self::assertArrayKeysMatch(self::USER_RESPONSE_KEYS, $jsonData['participants'][0]); self::assertTrue($user->getId() === $jsonData['participants'][0]['userId'] || $messagedUser->getId() === $jsonData['participants'][0]['userId']); self::assertArrayKeysMatch(self::USER_RESPONSE_KEYS, $jsonData['participants'][1]); self::assertTrue($user->getId() === $jsonData['participants'][1]['userId'] || $messagedUser->getId() === $jsonData['participants'][1]['userId']); self::assertSame(1, $jsonData['messageCount']); self::assertNotNull($jsonData['threadId']); self::assertIsArray($jsonData['messages']); self::assertCount(1, $jsonData['messages']); self::assertArrayKeysMatch(self::MESSAGE_RESPONSE_KEYS, $jsonData['messages'][0]); self::assertEquals('test message', $jsonData['messages'][0]['body']); self::assertEquals(Message::STATUS_NEW, $jsonData['messages'][0]['status']); self::assertArrayKeysMatch(self::USER_SMALL_RESPONSE_KEYS, $jsonData['messages'][0]['sender']); self::assertSame($user->getId(), $jsonData['messages'][0]['sender']['userId']); } } ================================================ FILE: tests/Functional/Controller/Api/Message/MessageThreadReplyApiTest.php ================================================ getUserByUsername('JohnDoe'); $from = $this->getUserByUsername('JaneDoe'); $thread = $this->createMessageThread($to, $from, 'starting a thread'); $this->client->jsonRequest('POST', "/api/messages/thread/{$thread->getId()}/reply", parameters: ['body' => 'test message']); self::assertResponseStatusCodeSame(401); } public function testApiCannotReplyToThreadWithoutScope(): void { self::createOAuth2AuthCodeClient(); $user = $this->getUserByUsername('JohnDoe'); $this->client->loginUser($user); $from = $this->getUserByUsername('JaneDoe'); $thread = $this->createMessageThread($user, $from, 'starting a thread'); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->jsonRequest('POST', "/api/messages/thread/{$thread->getId()}/reply", parameters: ['body' => 'test message'], server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); } public function testApiCanReplyToThread(): void { self::createOAuth2AuthCodeClient(); $user = $this->getUserByUsername('JohnDoe'); $from = $this->getUserByUsername('JaneDoe'); $thread = $this->createMessageThread($user, $from, 'starting a thread'); // Fake when the message was created at so that the newest to oldest order can be reliably determined $thread->messages->get(0)->createdAt = new \DateTimeImmutable('-5 seconds'); $entityManager = $this->entityManager; $entityManager->persist($thread); $entityManager->flush(); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read user:message:create'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->jsonRequest('POST', "/api/messages/thread/{$thread->getId()}/reply", parameters: ['body' => 'test message'], server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(MessageRetrieveApiTest::MESSAGE_THREAD_RESPONSE_KEYS, $jsonData); self::assertIsArray($jsonData['participants']); self::assertCount(2, $jsonData['participants']); self::assertArrayKeysMatch(self::USER_RESPONSE_KEYS, $jsonData['participants'][0]); self::assertTrue($user->getId() === $jsonData['participants'][0]['userId'] || $from->getId() === $jsonData['participants'][0]['userId']); self::assertArrayKeysMatch(self::USER_RESPONSE_KEYS, $jsonData['participants'][1]); self::assertTrue($user->getId() === $jsonData['participants'][1]['userId'] || $from->getId() === $jsonData['participants'][1]['userId']); self::assertSame(2, $jsonData['messageCount']); self::assertNotNull($jsonData['threadId']); self::assertIsArray($jsonData['messages']); self::assertCount(2, $jsonData['messages']); self::assertArrayKeysMatch(self::MESSAGE_RESPONSE_KEYS, $jsonData['messages'][0]); // Newest first self::assertEquals('test message', $jsonData['messages'][0]['body']); self::assertEquals(Message::STATUS_NEW, $jsonData['messages'][0]['status']); self::assertArrayKeysMatch(self::USER_SMALL_RESPONSE_KEYS, $jsonData['messages'][0]['sender']); self::assertSame($user->getId(), $jsonData['messages'][0]['sender']['userId']); self::assertEquals('starting a thread', $jsonData['messages'][1]['body']); self::assertEquals(Message::STATUS_NEW, $jsonData['messages'][1]['status']); self::assertArrayKeysMatch(self::USER_SMALL_RESPONSE_KEYS, $jsonData['messages'][1]['sender']); self::assertSame($from->getId(), $jsonData['messages'][1]['sender']['userId']); } } ================================================ FILE: tests/Functional/Controller/Api/Notification/AdminNotificationRetrieveApiTest.php ================================================ getUserByUsername('JohnDoe', isAdmin: true); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read user:notification:read user:message:read'); $token = $codes['token_type'].' '.$codes['access_token']; $createdAt = new \DateTimeImmutable(); $createDto = UserDto::create('new_here', email: 'user@example.com', createdAt: $createdAt, applicationText: 'hello there'); $createDto->plainPassword = '1234'; $this->userManager->create($createDto, false, false, false); $this->client->request('GET', '/api/notifications/all', server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertCount(1, $jsonData['items']); $item = $jsonData['items'][0]; self::assertArrayKeysMatch(NotificationRetrieveApiTest::NOTIFICATION_RESPONSE_KEYS, $item); self::assertEquals('new_signup', $item['type']); self::assertEquals('new', $item['status']); self::assertNull($item['reportId']); $subject = $item['subject']; self::assertIsArray($subject); self::assertArrayKeysMatch(self::USER_SIGNUP_RESPONSE_KEYS, $subject); self::assertNotEquals(0, $subject['userId']); self::assertEquals('new_here', $subject['username']); self::assertEquals('user@example.com', $subject['email']); self::assertEquals($createdAt->format(\DateTimeInterface::ATOM), $subject['createdAt']); self::assertEquals('hello there', $subject['applicationText']); } } ================================================ FILE: tests/Functional/Controller/Api/Notification/NotificationDeleteApiTest.php ================================================ createMessageNotification(); $this->client->request('DELETE', "/api/notifications/{$notification->getId()}"); self::assertResponseStatusCodeSame(401); } public function testApiCannotDeleteNotificationByIdWithoutScope(): void { self::createOAuth2AuthCodeClient(); $user = $this->getUserByUsername('JohnDoe'); $notification = $this->createMessageNotification(); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('DELETE', "/api/notifications/{$notification->getId()}", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); } public function testApiCannotDeleteOtherUsersNotificationById(): void { self::createOAuth2AuthCodeClient(); $user = $this->getUserByUsername('JohnDoe'); $messagedUser = $this->getUserByUsername('JamesDoe'); $notification = $this->createMessageNotification($messagedUser); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read user:notification:delete'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('DELETE', "/api/notifications/{$notification->getId()}", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); } public function testApiCanDeleteNotificationById(): void { self::createOAuth2AuthCodeClient(); $user = $this->getUserByUsername('JohnDoe'); $notification = $this->createMessageNotification(); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read user:notification:delete'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('DELETE', "/api/notifications/{$notification->getId()}", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(204); $notificationRepository = $this->notificationRepository; $notification = $notificationRepository->find($notification->getId()); self::assertNull($notification); } public function testApiCannotDeleteAllNotificationsAnonymous(): void { $this->createMessageNotification(); $this->client->request('DELETE', '/api/notifications'); self::assertResponseStatusCodeSame(401); } public function testApiCannotDeleteAllNotificationsWithoutScope(): void { self::createOAuth2AuthCodeClient(); $user = $this->getUserByUsername('JohnDoe'); $this->client->loginUser($user); $this->createMessageNotification(); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('DELETE', '/api/notifications', server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); } public function testApiCanDeleteAllNotifications(): void { self::createOAuth2AuthCodeClient(); $user = $this->getUserByUsername('JohnDoe'); $notification = $this->createMessageNotification(); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read user:notification:delete'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('DELETE', '/api/notifications', server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(204); $notificationRepository = $this->notificationRepository; $notification = $notificationRepository->find($notification->getId()); self::assertNull($notification); } } ================================================ FILE: tests/Functional/Controller/Api/Notification/NotificationReadApiTest.php ================================================ createMessageNotification(); $this->client->request('PUT', "/api/notifications/{$notification->getId()}/read"); self::assertResponseStatusCodeSame(401); } public function testApiCannotMarkNotificationReadWithoutScope(): void { self::createOAuth2AuthCodeClient(); $user = $this->getUserByUsername('JohnDoe'); $notification = $this->createMessageNotification(); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('PUT', "/api/notifications/{$notification->getId()}/read", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); } public function testApiCannotMarkOtherUsersNotificationRead(): void { self::createOAuth2AuthCodeClient(); $user = $this->getUserByUsername('JohnDoe'); $messagedUser = $this->getUserByUsername('JamesDoe'); $notification = $this->createMessageNotification($messagedUser); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read user:notification:read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('PUT', "/api/notifications/{$notification->getId()}/read", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); } public function testApiCanMarkNotificationRead(): void { self::createOAuth2AuthCodeClient(); $user = $this->getUserByUsername('JohnDoe'); $notification = $this->createMessageNotification(); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read user:notification:read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('PUT', "/api/notifications/{$notification->getId()}/read", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(NotificationRetrieveApiTest::NOTIFICATION_RESPONSE_KEYS, $jsonData); self::assertEquals('read', $jsonData['status']); self::assertEquals('message_notification', $jsonData['type']); self::assertIsArray($jsonData['subject']); self::assertArrayKeysMatch(self::MESSAGE_RESPONSE_KEYS, $jsonData['subject']); self::assertNull($jsonData['subject']['messageId']); self::assertNull($jsonData['subject']['threadId']); self::assertNull($jsonData['subject']['sender']); self::assertNull($jsonData['subject']['status']); self::assertNull($jsonData['subject']['createdAt']); self::assertEquals('This app has not received permission to read your messages.', $jsonData['subject']['body']); } public function testApiCannotMarkNotificationUnreadAnonymous(): void { $notification = $this->createMessageNotification(); $this->client->request('PUT', "/api/notifications/{$notification->getId()}/unread"); self::assertResponseStatusCodeSame(401); } public function testApiCannotMarkNotificationUnreadWithoutScope(): void { self::createOAuth2AuthCodeClient(); $user = $this->getUserByUsername('JohnDoe'); $notification = $this->createMessageNotification(); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('PUT', "/api/notifications/{$notification->getId()}/unread", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); } public function testApiCannotMarkOtherUsersNotificationUnread(): void { self::createOAuth2AuthCodeClient(); $user = $this->getUserByUsername('JohnDoe'); $messagedUser = $this->getUserByUsername('JamesDoe'); $notification = $this->createMessageNotification($messagedUser); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read user:notification:read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('PUT', "/api/notifications/{$notification->getId()}/unread", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); } public function testApiCanMarkNotificationUnread(): void { self::createOAuth2AuthCodeClient(); $user = $this->getUserByUsername('JohnDoe'); $notification = $this->createMessageNotification(); $notification->status = Notification::STATUS_READ; $entityManager = $this->entityManager; $entityManager->persist($notification); $entityManager->flush(); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read user:notification:read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('PUT', "/api/notifications/{$notification->getId()}/unread", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(NotificationRetrieveApiTest::NOTIFICATION_RESPONSE_KEYS, $jsonData); self::assertEquals('new', $jsonData['status']); self::assertEquals('message_notification', $jsonData['type']); self::assertIsArray($jsonData['subject']); self::assertArrayKeysMatch(self::MESSAGE_RESPONSE_KEYS, $jsonData['subject']); self::assertNull($jsonData['subject']['messageId']); self::assertNull($jsonData['subject']['threadId']); self::assertNull($jsonData['subject']['sender']); self::assertNull($jsonData['subject']['status']); self::assertNull($jsonData['subject']['createdAt']); self::assertEquals('This app has not received permission to read your messages.', $jsonData['subject']['body']); } public function testApiCannotMarkAllNotificationsReadAnonymous(): void { $this->createMessageNotification(); $this->client->request('PUT', '/api/notifications/read'); self::assertResponseStatusCodeSame(401); } public function testApiCannotMarkAllNotificationsReadWithoutScope(): void { self::createOAuth2AuthCodeClient(); $user = $this->getUserByUsername('JohnDoe'); $this->client->loginUser($user); $this->createMessageNotification(); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('PUT', '/api/notifications/read', server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); } public function testApiCanMarkAllNotificationsRead(): void { self::createOAuth2AuthCodeClient(); $user = $this->getUserByUsername('JohnDoe'); $notification = $this->createMessageNotification(); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read user:notification:read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('PUT', '/api/notifications/read', server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(204); $notificationRepository = $this->notificationRepository; $notification = $notificationRepository->find($notification->getId()); self::assertNotNull($notification); self::assertEquals('read', $notification->status); } } ================================================ FILE: tests/Functional/Controller/Api/Notification/NotificationRetrieveApiTest.php ================================================ client->request('GET', '/api/notifications/all'); self::assertResponseStatusCodeSame(401); } public function testApiCannotGetNotificationsByStatusWithoutScope(): void { self::createOAuth2AuthCodeClient(); $user = $this->getUserByUsername('JohnDoe'); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('GET', '/api/notifications/all', server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); } public function testApiCanGetNotificationsByStatusMessagesRedactedWithoutScope(): void { self::createOAuth2AuthCodeClient(); $user = $this->getUserByUsername('JohnDoe'); $messagingUser = $this->getUserByUsername('JaneDoe'); $messageManager = $this->messageManager; $dto = new MessageDto(); $dto->body = 'test message'; $thread = $messageManager->toThread($dto, $messagingUser, $user); /** @var Message $message */ $message = $thread->messages->get(0); $notificationManager = $this->notificationManager; $notificationManager->readMessageNotification($message, $user); // Create unread notification $thread = $messageManager->toThread($dto, $messagingUser, $user); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read user:notification:read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('GET', '/api/notifications/all', server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::PAGINATED_KEYS, $jsonData); self::assertIsArray($jsonData['pagination']); self::assertArrayKeysMatch(self::PAGINATION_KEYS, $jsonData['pagination']); self::assertIsArray($jsonData['items']); self::assertCount(2, $jsonData['items']); self::assertArrayKeysMatch(self::NOTIFICATION_RESPONSE_KEYS, $jsonData['items'][0]); self::assertEquals('new', $jsonData['items'][0]['status']); self::assertEquals('message_notification', $jsonData['items'][0]['type']); self::assertArrayKeysMatch(self::NOTIFICATION_RESPONSE_KEYS, $jsonData['items'][1]); self::assertEquals('read', $jsonData['items'][1]['status']); self::assertEquals('message_notification', $jsonData['items'][1]['type']); self::assertIsArray($jsonData['items'][0]['subject']); self::assertArrayKeysMatch(self::MESSAGE_RESPONSE_KEYS, $jsonData['items'][0]['subject']); self::assertNull($jsonData['items'][0]['subject']['messageId']); self::assertNull($jsonData['items'][0]['subject']['threadId']); self::assertNull($jsonData['items'][0]['subject']['sender']); self::assertNull($jsonData['items'][0]['subject']['status']); self::assertNull($jsonData['items'][0]['subject']['createdAt']); self::assertEquals('This app has not received permission to read your messages.', $jsonData['items'][0]['subject']['body']); } public function testApiCanGetNotificationsByStatusAll(): void { self::createOAuth2AuthCodeClient(); $user = $this->getUserByUsername('JohnDoe'); $messagingUser = $this->getUserByUsername('JaneDoe'); $messageManager = $this->messageManager; $dto = new MessageDto(); $dto->body = 'test message'; $thread = $messageManager->toThread($dto, $messagingUser, $user); /** @var Message $message */ $message = $thread->messages->get(0); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read user:notification:read user:message:read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('GET', '/api/notifications/all', server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::PAGINATED_KEYS, $jsonData); self::assertIsArray($jsonData['pagination']); self::assertArrayKeysMatch(self::PAGINATION_KEYS, $jsonData['pagination']); self::assertIsArray($jsonData['items']); self::assertCount(1, $jsonData['items']); self::assertArrayKeysMatch(self::NOTIFICATION_RESPONSE_KEYS, $jsonData['items'][0]); self::assertEquals('new', $jsonData['items'][0]['status']); self::assertEquals('message_notification', $jsonData['items'][0]['type']); self::assertIsArray($jsonData['items'][0]['subject']); self::assertArrayKeysMatch(self::MESSAGE_RESPONSE_KEYS, $jsonData['items'][0]['subject']); self::assertSame($message->getId(), $jsonData['items'][0]['subject']['messageId']); self::assertSame($message->thread->getId(), $jsonData['items'][0]['subject']['threadId']); self::assertIsArray($jsonData['items'][0]['subject']['sender']); self::assertArrayKeysMatch(self::USER_SMALL_RESPONSE_KEYS, $jsonData['items'][0]['subject']['sender']); self::assertSame($messagingUser->getId(), $jsonData['items'][0]['subject']['sender']['userId']); self::assertEquals('new', $jsonData['items'][0]['subject']['status']); self::assertNotNull($jsonData['items'][0]['subject']['createdAt']); self::assertEquals($message->body, $jsonData['items'][0]['subject']['body']); } public function testApiCanGetNotificationsFromThreads(): void { self::createOAuth2AuthCodeClient(); $user = $this->getUserByUsername('JohnDoe'); $messagingUser = $this->getUserByUsername('JaneDoe'); $magazine = $this->getMagazineByName('acme'); $entry = $this->getEntryByTitle('Test notification entry', body: 'Test body', magazine: $magazine, user: $messagingUser); $userEntry = $this->getEntryByTitle('Test entry', body: 'Test body', magazine: $magazine, user: $user); $comment = $this->createEntryComment('Test notification comment', $userEntry, $messagingUser); $commentTwo = $this->createEntryComment('Test notification comment 2', $userEntry, $messagingUser, $comment); $parent = $this->createEntryComment('Test parent comment', $entry, $user); $reply = $this->createEntryComment('Test reply comment', $entry, $messagingUser, $parent); $this->createEntryComment('Test not notified comment', $entry, $messagingUser); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read user:notification:read user:message:read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('GET', '/api/notifications/all', server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::PAGINATED_KEYS, $jsonData); self::assertIsArray($jsonData['pagination']); self::assertArrayKeysMatch(self::PAGINATION_KEYS, $jsonData['pagination']); self::assertIsArray($jsonData['items']); self::assertCount(4, $jsonData['items']); self::assertArrayKeysMatch(self::NOTIFICATION_RESPONSE_KEYS, $jsonData['items'][0]); self::assertEquals('new', $jsonData['items'][0]['status']); self::assertEquals('entry_comment_reply_notification', $jsonData['items'][0]['type']); self::assertArrayKeysMatch(self::NOTIFICATION_RESPONSE_KEYS, $jsonData['items'][1]); self::assertEquals('new', $jsonData['items'][1]['status']); self::assertEquals('entry_comment_created_notification', $jsonData['items'][1]['type']); self::assertArrayKeysMatch(self::NOTIFICATION_RESPONSE_KEYS, $jsonData['items'][2]); self::assertEquals('new', $jsonData['items'][2]['status']); self::assertEquals('entry_comment_created_notification', $jsonData['items'][2]['type']); self::assertArrayKeysMatch(self::NOTIFICATION_RESPONSE_KEYS, $jsonData['items'][3]); self::assertEquals('new', $jsonData['items'][3]['status']); self::assertEquals('entry_created_notification', $jsonData['items'][3]['type']); self::assertIsArray($jsonData['items'][0]['subject']); self::assertArrayKeysMatch(self::ENTRY_COMMENT_RESPONSE_KEYS, $jsonData['items'][0]['subject']); self::assertSame($reply->getId(), $jsonData['items'][0]['subject']['commentId']); self::assertIsArray($jsonData['items'][1]['subject']); self::assertArrayKeysMatch(self::ENTRY_COMMENT_RESPONSE_KEYS, $jsonData['items'][1]['subject']); self::assertSame($commentTwo->getId(), $jsonData['items'][1]['subject']['commentId']); self::assertIsArray($jsonData['items'][2]['subject']); self::assertArrayKeysMatch(self::ENTRY_COMMENT_RESPONSE_KEYS, $jsonData['items'][2]['subject']); self::assertSame($comment->getId(), $jsonData['items'][2]['subject']['commentId']); self::assertIsArray($jsonData['items'][3]['subject']); self::assertArrayKeysMatch(self::ENTRY_RESPONSE_KEYS, $jsonData['items'][3]['subject']); self::assertSame($entry->getId(), $jsonData['items'][3]['subject']['entryId']); } public function testApiCanGetNotificationsFromPosts(): void { self::createOAuth2AuthCodeClient(); $user = $this->getUserByUsername('JohnDoe'); $messagingUser = $this->getUserByUsername('JaneDoe'); $magazine = $this->getMagazineByName('acme'); $post = $this->createPost('Test notification post', magazine: $magazine, user: $messagingUser); $userPost = $this->createPost('Test not notified body', magazine: $magazine, user: $user); $comment = $this->createPostComment('Test notification comment', $userPost, $messagingUser); $commentTwo = $this->createPostCommentReply('Test notification comment 2', $userPost, $messagingUser, $comment); $parent = $this->createPostComment('Test parent comment', $post, $user); $reply = $this->createPostCommentReply('Test reply comment', $post, $messagingUser, $parent); $this->createPostComment('Test not notified comment', $post, $messagingUser); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read user:notification:read user:message:read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('GET', '/api/notifications/all', server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::PAGINATED_KEYS, $jsonData); self::assertIsArray($jsonData['pagination']); self::assertArrayKeysMatch(self::PAGINATION_KEYS, $jsonData['pagination']); self::assertIsArray($jsonData['items']); self::assertCount(4, $jsonData['items']); self::assertArrayKeysMatch(self::NOTIFICATION_RESPONSE_KEYS, $jsonData['items'][0]); self::assertEquals('new', $jsonData['items'][0]['status']); self::assertEquals('post_comment_reply_notification', $jsonData['items'][0]['type']); self::assertArrayKeysMatch(self::NOTIFICATION_RESPONSE_KEYS, $jsonData['items'][1]); self::assertEquals('new', $jsonData['items'][1]['status']); self::assertEquals('post_comment_created_notification', $jsonData['items'][1]['type']); self::assertArrayKeysMatch(self::NOTIFICATION_RESPONSE_KEYS, $jsonData['items'][2]); self::assertEquals('new', $jsonData['items'][2]['status']); self::assertEquals('post_comment_created_notification', $jsonData['items'][2]['type']); self::assertArrayKeysMatch(self::NOTIFICATION_RESPONSE_KEYS, $jsonData['items'][3]); self::assertEquals('new', $jsonData['items'][3]['status']); self::assertEquals('post_created_notification', $jsonData['items'][3]['type']); self::assertIsArray($jsonData['items'][0]['subject']); self::assertArrayKeysMatch(self::POST_COMMENT_RESPONSE_KEYS, $jsonData['items'][0]['subject']); self::assertSame($reply->getId(), $jsonData['items'][0]['subject']['commentId']); self::assertIsArray($jsonData['items'][1]['subject']); self::assertArrayKeysMatch(self::POST_COMMENT_RESPONSE_KEYS, $jsonData['items'][1]['subject']); self::assertSame($commentTwo->getId(), $jsonData['items'][1]['subject']['commentId']); self::assertIsArray($jsonData['items'][2]['subject']); self::assertArrayKeysMatch(self::POST_COMMENT_RESPONSE_KEYS, $jsonData['items'][2]['subject']); self::assertSame($comment->getId(), $jsonData['items'][2]['subject']['commentId']); self::assertIsArray($jsonData['items'][3]['subject']); self::assertArrayKeysMatch(self::POST_RESPONSE_KEYS, $jsonData['items'][3]['subject']); self::assertSame($post->getId(), $jsonData['items'][3]['subject']['postId']); } public function testApiCanGetNotificationsByStatusRead(): void { self::createOAuth2AuthCodeClient(); $user = $this->getUserByUsername('JohnDoe'); $messagingUser = $this->getUserByUsername('JaneDoe'); $messageManager = $this->messageManager; $dto = new MessageDto(); $dto->body = 'test message'; $thread = $messageManager->toThread($dto, $messagingUser, $user); /** @var Message $message */ $message = $thread->messages->get(0); $notificationManager = $this->notificationManager; $notificationManager->readMessageNotification($message, $user); // Create unread notification $thread = $messageManager->toThread($dto, $messagingUser, $user); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read user:notification:read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('GET', '/api/notifications/read', server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::PAGINATED_KEYS, $jsonData); self::assertIsArray($jsonData['pagination']); self::assertArrayKeysMatch(self::PAGINATION_KEYS, $jsonData['pagination']); self::assertIsArray($jsonData['items']); self::assertCount(1, $jsonData['items']); self::assertArrayKeysMatch(self::NOTIFICATION_RESPONSE_KEYS, $jsonData['items'][0]); self::assertEquals('read', $jsonData['items'][0]['status']); self::assertEquals('message_notification', $jsonData['items'][0]['type']); self::assertIsArray($jsonData['items'][0]['subject']); self::assertArrayKeysMatch(self::MESSAGE_RESPONSE_KEYS, $jsonData['items'][0]['subject']); self::assertNull($jsonData['items'][0]['subject']['messageId']); self::assertNull($jsonData['items'][0]['subject']['threadId']); self::assertNull($jsonData['items'][0]['subject']['sender']); self::assertNull($jsonData['items'][0]['subject']['status']); self::assertNull($jsonData['items'][0]['subject']['createdAt']); self::assertEquals('This app has not received permission to read your messages.', $jsonData['items'][0]['subject']['body']); } public function testApiCanGetNotificationsByStatusNew(): void { self::createOAuth2AuthCodeClient(); $user = $this->getUserByUsername('JohnDoe'); $messagingUser = $this->getUserByUsername('JaneDoe'); $messageManager = $this->messageManager; $dto = new MessageDto(); $dto->body = 'test message'; $thread = $messageManager->toThread($dto, $messagingUser, $user); /** @var Message $message */ $message = $thread->messages->get(0); $notificationManager = $this->notificationManager; $notificationManager->readMessageNotification($message, $user); // Create unread notification $thread = $messageManager->toThread($dto, $messagingUser, $user); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read user:notification:read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('GET', '/api/notifications/new', server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::PAGINATED_KEYS, $jsonData); self::assertIsArray($jsonData['pagination']); self::assertArrayKeysMatch(self::PAGINATION_KEYS, $jsonData['pagination']); self::assertIsArray($jsonData['items']); self::assertCount(1, $jsonData['items']); self::assertArrayKeysMatch(self::NOTIFICATION_RESPONSE_KEYS, $jsonData['items'][0]); self::assertEquals('new', $jsonData['items'][0]['status']); self::assertEquals('message_notification', $jsonData['items'][0]['type']); self::assertIsArray($jsonData['items'][0]['subject']); self::assertArrayKeysMatch(self::MESSAGE_RESPONSE_KEYS, $jsonData['items'][0]['subject']); self::assertNull($jsonData['items'][0]['subject']['messageId']); self::assertNull($jsonData['items'][0]['subject']['threadId']); self::assertNull($jsonData['items'][0]['subject']['sender']); self::assertNull($jsonData['items'][0]['subject']['status']); self::assertNull($jsonData['items'][0]['subject']['createdAt']); self::assertEquals('This app has not received permission to read your messages.', $jsonData['items'][0]['subject']['body']); } public function testApiCannotGetNotificationsByInvalidStatus(): void { self::createOAuth2AuthCodeClient(); $user = $this->getUserByUsername('JohnDoe'); $messagingUser = $this->getUserByUsername('JaneDoe'); $messageManager = $this->messageManager; $dto = new MessageDto(); $dto->body = 'test message'; $thread = $messageManager->toThread($dto, $messagingUser, $user); /** @var Message $message */ $message = $thread->messages->get(0); $notificationManager = $this->notificationManager; $notificationManager->readMessageNotification($message, $user); // Create unread notification $thread = $messageManager->toThread($dto, $messagingUser, $user); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read user:notification:read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('GET', '/api/notifications/invalid', server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(400); } public function testApiCannotGetNotificationCountAnonymous(): void { $this->client->request('GET', '/api/notifications/count'); self::assertResponseStatusCodeSame(401); } public function testApiCannotGetNotificationCountWithoutScope(): void { self::createOAuth2AuthCodeClient(); $user = $this->getUserByUsername('JohnDoe'); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('GET', '/api/notifications/count', server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); } public function testApiCanGetNotificationCount(): void { self::createOAuth2AuthCodeClient(); $user = $this->getUserByUsername('JohnDoe'); $messagingUser = $this->getUserByUsername('JaneDoe'); $magazine = $this->getMagazineByName('acme'); $this->getEntryByTitle('Test notification entry', body: 'Test body', magazine: $magazine, user: $messagingUser); $this->createPost('Test notification post body', magazine: $magazine, user: $messagingUser); $messageManager = $this->messageManager; $dto = new MessageDto(); $dto->body = 'test message'; $thread = $messageManager->toThread($dto, $messagingUser, $user); /** @var Message $message */ $message = $thread->messages->get(0); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read user:notification:read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('GET', '/api/notifications/count', server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(['count'], $jsonData); self::assertSame(3, $jsonData['count']); } public function testApiCannotGetNotificationByIdAnonymous(): void { $notification = $this->createMessageNotification(); self::assertNotNull($notification); $this->client->request('GET', "/api/notification/{$notification->getId()}"); self::assertResponseStatusCodeSame(401); } public function testApiCannotGetNotificationByIdWithoutScope(): void { self::createOAuth2AuthCodeClient(); $user = $this->getUserByUsername('JohnDoe'); $this->client->loginUser($user); $notification = $this->createMessageNotification(); self::assertNotNull($notification); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('GET', "/api/notification/{$notification->getId()}", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); } public function testApiCannotGetOtherUsersNotificationById(): void { self::createOAuth2AuthCodeClient(); $user = $this->getUserByUsername('JohnDoe'); $messagedUser = $this->getUserByUsername('JamesDoe'); $notification = $this->createMessageNotification($messagedUser); self::assertNotNull($notification); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read user:notification:read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('GET', "/api/notification/{$notification->getId()}", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); } public function testApiCanGetNotificationById(): void { self::createOAuth2AuthCodeClient(); $user = $this->getUserByUsername('JohnDoe'); $notification = $this->createMessageNotification(); self::assertNotNull($notification); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read user:notification:read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('GET', "/api/notification/{$notification->getId()}", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::NOTIFICATION_RESPONSE_KEYS, $jsonData); self::assertSame($notification->getId(), $jsonData['notificationId']); } } ================================================ FILE: tests/Functional/Controller/Api/Notification/NotificationUpdateApiTest.php ================================================ user = $this->getUserByUsername('user'); $this->client->loginUser($this->user); self::createOAuth2PublicAuthCodeClient(); $codes = self::getPublicAuthorizationCodeTokenResponse($this->client, scopes: 'read user:notification:edit'); $this->token = $codes['token_type'].' '.$codes['access_token']; // it seems that the oauth flow detaches the user object from the entity manager, so fetch it again $this->user = $this->userRepository->findOneByUsername('user'); } public function testSetEntryNotificationSetting(): void { $entry = $this->getEntryByTitle('entry'); $this->testAllSettings("/api/entry/{$entry->getId()}", "/api/notification/update/entry/{$entry->getId()}"); } public function testSetPostNotificationSetting(): void { $post = $this->createPost('post'); $this->testAllSettings("/api/post/{$post->getId()}", "/api/notification/update/post/{$post->getId()}"); } public function testSetUserNotificationSetting(): void { $user2 = $this->getUserByUsername('test'); $this->testAllSettings("/api/users/{$user2->getId()}", "/api/notification/update/user/{$user2->getId()}"); } public function testSetMagazineNotificationSetting(): void { $magazine = $this->getMagazineByName('test'); $this->testAllSettings("/api/magazine/{$magazine->getId()}", "/api/notification/update/magazine/{$magazine->getId()}"); } private function testAllSettings(string $retrieveUrl, string $updateUrl): void { $this->client->request('GET', $retrieveUrl, server: ['HTTP_AUTHORIZATION' => $this->token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertEquals('Default', $jsonData['notificationStatus']); $this->client->request('PUT', "$updateUrl/Loud", server: ['HTTP_AUTHORIZATION' => $this->token]); self::assertResponseIsSuccessful(); $this->client->request('GET', $retrieveUrl, server: ['HTTP_AUTHORIZATION' => $this->token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertEquals('Loud', $jsonData['notificationStatus']); $this->client->request('PUT', "$updateUrl/Muted", server: ['HTTP_AUTHORIZATION' => $this->token]); self::assertResponseIsSuccessful(); $this->client->request('GET', $retrieveUrl, server: ['HTTP_AUTHORIZATION' => $this->token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertEquals('Muted', $jsonData['notificationStatus']); $this->client->request('PUT', "$updateUrl/Default", server: ['HTTP_AUTHORIZATION' => $this->token]); self::assertResponseIsSuccessful(); $this->client->request('GET', $retrieveUrl, server: ['HTTP_AUTHORIZATION' => $this->token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertEquals('Default', $jsonData['notificationStatus']); } } ================================================ FILE: tests/Functional/Controller/Api/OAuth2/OAuth2ClientApiTest.php ================================================ '/kbin API Created Test Client', 'description' => 'An OAuth2 client for testing purposes, created via the API', 'contactEmail' => 'test@kbin.test', 'redirectUris' => [ 'https://localhost:3002', ], 'grants' => [ 'authorization_code', 'refresh_token', ], 'scopes' => [ 'read', 'write', 'admin:oauth_clients:read', ], ]; $this->client->jsonRequest('POST', '/api/client', $requestData); self::assertResponseIsSuccessful(); $clientData = self::getJsonResponse($this->client); self::assertIsArray($clientData); self::assertArrayKeysMatch(self::CLIENT_RESPONSE_KEYS, $clientData); self::assertNotNull($clientData['identifier']); self::assertNotNull($clientData['secret']); self::assertEquals($requestData['name'], $clientData['name']); self::assertEquals($requestData['contactEmail'], $clientData['contactEmail']); self::assertEquals($requestData['description'], $clientData['description']); self::assertNull($clientData['user']); self::assertIsArray($clientData['redirectUris']); self::assertEquals($requestData['redirectUris'], $clientData['redirectUris']); self::assertIsArray($clientData['grants']); self::assertEquals($requestData['grants'], $clientData['grants']); self::assertIsArray($clientData['scopes']); self::assertEquals($requestData['scopes'], $clientData['scopes']); self::assertNull($clientData['image']); $this->client->loginUser($this->getUserByUsername('JohnDoe')); $jsonData = self::getAuthorizationCodeTokenResponse( $this->client, clientId: $clientData['identifier'], clientSecret: $clientData['secret'], redirectUri: $clientData['redirectUris'][0], ); self::assertResponseIsSuccessful(); self::assertIsArray($jsonData); } public function testApiCanCreateWorkingPublicClient(): void { $requestData = [ 'name' => '/kbin API Created Test Client', 'description' => 'An OAuth2 client for testing purposes, created via the API', 'contactEmail' => 'test@kbin.test', 'public' => true, 'redirectUris' => [ 'https://localhost:3001', ], 'grants' => [ 'authorization_code', 'refresh_token', ], 'scopes' => [ 'read', 'write', 'admin:oauth_clients:read', ], ]; $this->client->jsonRequest('POST', '/api/client', $requestData); self::assertResponseIsSuccessful(); $clientData = self::getJsonResponse($this->client); self::assertIsArray($clientData); self::assertArrayKeysMatch(self::CLIENT_RESPONSE_KEYS, $clientData); self::assertNotNull($clientData['identifier']); self::assertNull($clientData['secret']); self::assertEquals($requestData['name'], $clientData['name']); self::assertEquals($requestData['contactEmail'], $clientData['contactEmail']); self::assertEquals($requestData['description'], $clientData['description']); self::assertNull($clientData['user']); self::assertIsArray($clientData['redirectUris']); self::assertEquals($requestData['redirectUris'], $clientData['redirectUris']); self::assertIsArray($clientData['grants']); self::assertEquals($requestData['grants'], $clientData['grants']); self::assertIsArray($clientData['scopes']); self::assertEquals($requestData['scopes'], $clientData['scopes']); self::assertNull($clientData['image']); $this->client->loginUser($this->getUserByUsername('JohnDoe')); $jsonData = self::getPublicAuthorizationCodeTokenResponse( $this->client, clientId: $clientData['identifier'], redirectUri: $clientData['redirectUris'][0], ); self::assertResponseIsSuccessful(); self::assertIsArray($jsonData); } #[Group(name: 'NonThreadSafe')] public function testApiCanCreateWorkingClientWithImage(): void { $requestData = [ 'name' => '/kbin API Created Test Client', 'description' => 'An OAuth2 client for testing purposes, created via the API', 'contactEmail' => 'test@kbin.test', 'redirectUris' => [ 'https://localhost:3002', ], 'grants' => [ 'authorization_code', 'refresh_token', ], 'scopes' => [ 'read', 'write', 'admin:oauth_clients:read', ], ]; // Uploading a file appears to delete the file at the given path, so make a copy before upload copy($this->kibbyPath, $this->kibbyPath.'.tmp'); $image = new UploadedFile($this->kibbyPath.'.tmp', 'kibby_emoji.png', 'image/png'); $this->client->request('POST', '/api/client-with-logo', $requestData, files: ['uploadImage' => $image]); self::assertResponseIsSuccessful(); $clientData = self::getJsonResponse($this->client); self::assertIsArray($clientData); self::assertArrayKeysMatch(self::CLIENT_RESPONSE_KEYS, $clientData); self::assertNotNull($clientData['identifier']); self::assertNotNull($clientData['secret']); self::assertEquals($requestData['name'], $clientData['name']); self::assertEquals($requestData['contactEmail'], $clientData['contactEmail']); self::assertEquals($requestData['description'], $clientData['description']); self::assertNull($clientData['user']); self::assertIsArray($clientData['redirectUris']); self::assertEquals($requestData['redirectUris'], $clientData['redirectUris']); self::assertIsArray($clientData['grants']); self::assertEquals($requestData['grants'], $clientData['grants']); self::assertIsArray($clientData['scopes']); self::assertEquals($requestData['scopes'], $clientData['scopes']); self::assertisArray($clientData['image']); self::assertArrayKeysMatch(self::IMAGE_KEYS, $clientData['image']); $this->client->loginUser($this->getUserByUsername('JohnDoe')); self::runAuthorizationCodeFlowToConsentPage($this->client, 'read write', 'oauth2state', $clientData['identifier'], $clientData['redirectUris'][0]); self::assertSelectorExists('img.oauth-client-logo'); $logo = $this->client->getCrawler()->filter('img.oauth-client-logo')->first(); self::assertStringContainsString($clientData['image']['filePath'], $logo->attr('src')); self::runAuthorizationCodeFlowToRedirectUri($this->client, 'read write', 'yes', 'oauth2state', $clientData['identifier'], $clientData['redirectUris'][0]); $jsonData = self::runAuthorizationCodeTokenFlow($this->client, $clientData['identifier'], $clientData['secret'], $clientData['redirectUris'][0]); self::assertResponseIsSuccessful(); self::assertIsArray($jsonData); } public function testApiCanDeletePrivateClient(): void { $this->client->loginUser($this->getUserByUsername('JohnDoe')); self::createOAuth2AuthCodeClient(); $query = http_build_query([ 'client_id' => 'testclient', 'client_secret' => 'testsecret', ]); $this->client->request('DELETE', '/api/client?'.$query); self::assertResponseStatusCodeSame(204); $jsonData = self::getAuthorizationCodeTokenResponse($this->client); self::assertResponseStatusCodeSame(401); self::assertIsArray($jsonData); self::assertArrayHasKey('error', $jsonData); self::assertEquals('invalid_client', $jsonData['error']); self::assertArrayHasKey('error_description', $jsonData); } public function testAdminApiCanAccessClientStats(): void { $this->client->loginUser($this->getUserByUsername('JohnDoe', isAdmin: true)); self::createOAuth2AuthCodeClient(); $jsonData = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'admin:oauth_clients:read'); self::assertResponseIsSuccessful(); self::assertIsArray($jsonData); self::assertArrayHasKey('access_token', $jsonData); $token = 'Bearer '.$jsonData['access_token']; $query = http_build_query([ 'resolution' => 'day', ]); $this->client->request('GET', '/api/clients/stats?'.$query, server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayHasKey('data', $jsonData); self::assertIsArray($jsonData['data']); self::assertCount(1, $jsonData['data']); self::assertIsArray($jsonData['data'][0]); self::assertArrayHasKey('client', $jsonData['data'][0]); self::assertEquals('/kbin Test Client', $jsonData['data'][0]['client']); self::assertArrayHasKey('datetime', $jsonData['data'][0]); // If tests are run near midnight UTC we might get unlucky with a failure, but that // should be unlikely. $today = (new \DateTime())->setTime(0, 0)->format('Y-m-d H:i:s'); self::assertEquals($today, $jsonData['data'][0]['datetime']); self::assertArrayHasKey('count', $jsonData['data'][0]); self::assertEquals(1, $jsonData['data'][0]['count']); } public function testAdminApiCannotAccessClientStatsWithoutScope(): void { $this->client->loginUser($this->getUserByUsername('JohnDoe', isAdmin: true)); self::createOAuth2AuthCodeClient(); $jsonData = self::getAuthorizationCodeTokenResponse($this->client); self::assertResponseIsSuccessful(); self::assertIsArray($jsonData); self::assertArrayHasKey('access_token', $jsonData); $token = 'Bearer '.$jsonData['access_token']; $query = http_build_query([ 'resolution' => 'day', ]); $this->client->request('GET', '/api/clients/stats?'.$query, server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayHasKey('type', $jsonData); self::assertEquals('https://tools.ietf.org/html/rfc2616#section-10', $jsonData['type']); self::assertArrayHasKey('title', $jsonData); self::assertEquals('An error occurred', $jsonData['title']); self::assertArrayHasKey('status', $jsonData); self::assertEquals(403, $jsonData['status']); self::assertArrayHasKey('detail', $jsonData); } public function testAdminApiCanAccessClientList(): void { $this->client->loginUser($this->getUserByUsername('JohnDoe', isAdmin: true)); self::createOAuth2AuthCodeClient(); $jsonData = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'admin:oauth_clients:read'); self::assertResponseIsSuccessful(); self::assertIsArray($jsonData); self::assertArrayHasKey('access_token', $jsonData); $token = 'Bearer '.$jsonData['access_token']; $this->client->request('GET', '/api/clients', server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayHasKey('items', $jsonData); self::assertIsArray($jsonData['items']); self::assertCount(1, $jsonData['items']); self::assertIsArray($jsonData['items'][0]); self::assertArrayHasKey('identifier', $jsonData['items'][0]); self::assertArrayNotHasKey('secret', $jsonData['items'][0]); self::assertEquals('testclient', $jsonData['items'][0]['identifier']); self::assertArrayHasKey('name', $jsonData['items'][0]); self::assertEquals('/kbin Test Client', $jsonData['items'][0]['name']); self::assertArrayHasKey('contactEmail', $jsonData['items'][0]); self::assertEquals('test@kbin.test', $jsonData['items'][0]['contactEmail']); self::assertArrayHasKey('description', $jsonData['items'][0]); self::assertEquals('An OAuth2 client for testing purposes', $jsonData['items'][0]['description']); self::assertArrayHasKey('user', $jsonData['items'][0]); self::assertNull($jsonData['items'][0]['user']); self::assertArrayHasKey('active', $jsonData['items'][0]); self::assertEquals(true, $jsonData['items'][0]['active']); self::assertArrayHasKey('createdAt', $jsonData['items'][0]); self::assertNotNull($jsonData['items'][0]['createdAt']); self::assertArrayHasKey('redirectUris', $jsonData['items'][0]); self::assertIsArray($jsonData['items'][0]['redirectUris']); self::assertCount(1, $jsonData['items'][0]['redirectUris']); self::assertArrayHasKey('grants', $jsonData['items'][0]); self::assertIsArray($jsonData['items'][0]['grants']); self::assertCount(2, $jsonData['items'][0]['grants']); self::assertArrayHasKey('scopes', $jsonData['items'][0]); self::assertIsArray($jsonData['items'][0]['scopes']); self::assertArrayHasKey('pagination', $jsonData); self::assertIsArray($jsonData['pagination']); self::assertArrayHasKey('count', $jsonData['pagination']); self::assertEquals(1, $jsonData['pagination']['count']); self::assertArrayHasKey('currentPage', $jsonData['pagination']); self::assertEquals(1, $jsonData['pagination']['currentPage']); self::assertArrayHasKey('maxPage', $jsonData['pagination']); self::assertEquals(1, $jsonData['pagination']['maxPage']); self::assertArrayHasKey('perPage', $jsonData['pagination']); self::assertEquals(15, $jsonData['pagination']['perPage']); } public function testAdminApiCannotAccessClientListWithoutScope(): void { $this->client->loginUser($this->getUserByUsername('JohnDoe', isAdmin: true)); self::createOAuth2AuthCodeClient(); $jsonData = self::getAuthorizationCodeTokenResponse($this->client); self::assertResponseIsSuccessful(); self::assertIsArray($jsonData); self::assertArrayHasKey('access_token', $jsonData); $token = 'Bearer '.$jsonData['access_token']; $this->client->request('GET', '/api/clients', server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayHasKey('type', $jsonData); self::assertEquals('https://tools.ietf.org/html/rfc2616#section-10', $jsonData['type']); self::assertArrayHasKey('title', $jsonData); self::assertEquals('An error occurred', $jsonData['title']); self::assertArrayHasKey('status', $jsonData); self::assertEquals(403, $jsonData['status']); self::assertArrayHasKey('detail', $jsonData); } public function testAdminApiCanAccessClientByIdentifier(): void { $this->client->loginUser($this->getUserByUsername('JohnDoe', isAdmin: true)); self::createOAuth2AuthCodeClient(); $jsonData = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'admin:oauth_clients:read'); self::assertResponseIsSuccessful(); self::assertIsArray($jsonData); self::assertArrayHasKey('access_token', $jsonData); $token = 'Bearer '.$jsonData['access_token']; $this->client->request('GET', '/api/clients/testclient', server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayHasKey('identifier', $jsonData); self::assertArrayNotHasKey('secret', $jsonData); self::assertEquals('testclient', $jsonData['identifier']); self::assertArrayHasKey('name', $jsonData); self::assertEquals('/kbin Test Client', $jsonData['name']); self::assertArrayHasKey('contactEmail', $jsonData); self::assertEquals('test@kbin.test', $jsonData['contactEmail']); self::assertArrayHasKey('description', $jsonData); self::assertEquals('An OAuth2 client for testing purposes', $jsonData['description']); self::assertArrayHasKey('user', $jsonData); self::assertNull($jsonData['user']); self::assertArrayHasKey('active', $jsonData); self::assertEquals(true, $jsonData['active']); self::assertArrayHasKey('createdAt', $jsonData); self::assertNotNull($jsonData['createdAt']); self::assertArrayHasKey('redirectUris', $jsonData); self::assertIsArray($jsonData['redirectUris']); self::assertCount(1, $jsonData['redirectUris']); self::assertArrayHasKey('grants', $jsonData); self::assertIsArray($jsonData['grants']); self::assertCount(2, $jsonData['grants']); self::assertArrayHasKey('scopes', $jsonData); self::assertIsArray($jsonData['scopes']); } public function testApiCanRevokeTokens(): void { $this->client->loginUser($this->getUserByUsername('JohnDoe', isAdmin: true)); self::createOAuth2AuthCodeClient(); $tokenData = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'admin:oauth_clients:read'); self::assertResponseIsSuccessful(); self::assertIsArray($tokenData); self::assertArrayHasKey('access_token', $tokenData); self::assertArrayHasKey('refresh_token', $tokenData); $token = 'Bearer '.$tokenData['access_token']; $this->client->request('GET', '/api/clients/testclient', server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $this->client->request('POST', '/api/revoke', server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(204); $this->client->request('GET', '/api/clients/testclient', server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(401); $jsonData = self::getRefreshTokenResponse($this->client, $tokenData['refresh_token']); self::assertResponseStatusCodeSame(400); self::assertIsArray($jsonData); self::assertArrayHasKey('error', $jsonData); self::assertEquals('invalid_grant', $jsonData['error']); self::assertArrayHasKey('error_description', $jsonData); self::assertEquals('The refresh token is invalid.', $jsonData['error_description']); self::assertArrayHasKey('hint', $jsonData); self::assertEquals('Token has been revoked', $jsonData['hint']); } public function testAdminApiCannotAccessClientByIdentifierWithoutScope(): void { $this->client->loginUser($this->getUserByUsername('JohnDoe', isAdmin: true)); self::createOAuth2AuthCodeClient(); $jsonData = self::getAuthorizationCodeTokenResponse($this->client); self::assertResponseIsSuccessful(); self::assertIsArray($jsonData); self::assertArrayHasKey('access_token', $jsonData); $token = 'Bearer '.$jsonData['access_token']; $this->client->request('GET', '/api/clients/testclient', server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayHasKey('type', $jsonData); self::assertEquals('https://tools.ietf.org/html/rfc2616#section-10', $jsonData['type']); self::assertArrayHasKey('title', $jsonData); self::assertEquals('An error occurred', $jsonData['title']); self::assertArrayHasKey('status', $jsonData); self::assertEquals(403, $jsonData['status']); self::assertArrayHasKey('detail', $jsonData); } } ================================================ FILE: tests/Functional/Controller/Api/Post/Admin/PostPurgeApiTest.php ================================================ getMagazineByNameNoRSAKey('acme'); $post = $this->createPost('test post', magazine: $magazine); $this->client->request('DELETE', "/api/admin/post/{$post->getId()}/purge"); self::assertResponseStatusCodeSame(401); } public function testApiCannotPurgeArticlePostWithoutScope(): void { $user = $this->getUserByUsername('user', isAdmin: true); $magazine = $this->getMagazineByNameNoRSAKey('acme'); $post = $this->createPost('test post', user: $user, magazine: $magazine); self::createOAuth2AuthCodeClient(); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('DELETE', "/api/admin/post/{$post->getId()}/purge", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); } public function testApiNonAdminCannotPurgeArticlePost(): void { $otherUser = $this->getUserByUsername('somebody'); $user = $this->getUserByUsername('user'); $magazine = $this->getMagazineByNameNoRSAKey('acme'); $post = $this->createPost('test post', user: $otherUser, magazine: $magazine); self::createOAuth2AuthCodeClient(); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read admin:post:purge'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('DELETE', "/api/admin/post/{$post->getId()}/purge", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); } public function testApiCanPurgeArticlePost(): void { $admin = $this->getUserByUsername('admin', isAdmin: true); $user = $this->getUserByUsername('user'); $magazine = $this->getMagazineByNameNoRSAKey('acme'); $post = $this->createPost('test post', user: $user, magazine: $magazine); self::createOAuth2AuthCodeClient(); $this->client->loginUser($admin); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read admin:post:purge'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('DELETE', "/api/admin/post/{$post->getId()}/purge", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(204); } public function testApiCannotPurgeImagePostAnonymous(): void { $magazine = $this->getMagazineByNameNoRSAKey('acme'); $imageDto = $this->getKibbyImageDto(); $post = $this->createPost('test image', imageDto: $imageDto, magazine: $magazine); $this->client->request('DELETE', "/api/admin/post/{$post->getId()}/purge"); self::assertResponseStatusCodeSame(401); } public function testApiCannotPurgeImagePostWithoutScope(): void { $magazine = $this->getMagazineByNameNoRSAKey('acme'); $user = $this->getUserByUsername('user', isAdmin: true); $imageDto = $this->getKibbyImageDto(); $post = $this->createPost('test image', imageDto: $imageDto, user: $user, magazine: $magazine); self::createOAuth2AuthCodeClient(); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('DELETE', "/api/admin/post/{$post->getId()}/purge", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); } public function testApiNonAdminCannotPurgeImagePost(): void { $otherUser = $this->getUserByUsername('somebody'); $user = $this->getUserByUsername('user'); $magazine = $this->getMagazineByNameNoRSAKey('acme'); $imageDto = $this->getKibbyImageDto(); $post = $this->createPost('test image', imageDto: $imageDto, user: $otherUser, magazine: $magazine); self::createOAuth2AuthCodeClient(); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read admin:post:purge'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('DELETE', "/api/admin/post/{$post->getId()}/purge", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); } public function testApiCanPurgeImagePost(): void { $admin = $this->getUserByUsername('admin', isAdmin: true); $user = $this->getUserByUsername('user'); $magazine = $this->getMagazineByNameNoRSAKey('acme'); $imageDto = $this->getKibbyImageDto(); $post = $this->createPost('test image', imageDto: $imageDto, user: $user, magazine: $magazine); self::createOAuth2AuthCodeClient(); $this->client->loginUser($admin); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read admin:post:purge'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('DELETE', "/api/admin/post/{$post->getId()}/purge", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(204); } } ================================================ FILE: tests/Functional/Controller/Api/Post/Comment/Admin/PostCommentPurgeApiTest.php ================================================ getMagazineByNameNoRSAKey('acme'); $post = $this->createPost('test article', magazine: $magazine); $comment = $this->createPostComment('test comment', $post); $commentRepository = $this->postCommentRepository; $this->client->request('DELETE', "/api/admin/post-comment/{$comment->getId()}/purge"); self::assertResponseStatusCodeSame(401); $comment = $commentRepository->find($comment->getId()); self::assertNotNull($comment); } public function testApiCannotPurgeCommentWithoutScope(): void { $user = $this->getUserByUsername('user', isAdmin: true); $magazine = $this->getMagazineByNameNoRSAKey('acme'); $post = $this->createPost('test article', user: $user, magazine: $magazine); $comment = $this->createPostComment('test comment', $post); $commentRepository = $this->postCommentRepository; self::createOAuth2AuthCodeClient(); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('DELETE', "/api/admin/post-comment/{$comment->getId()}/purge", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); $comment = $commentRepository->find($comment->getId()); self::assertNotNull($comment); } public function testApiNonAdminCannotPurgeComment(): void { $otherUser = $this->getUserByUsername('somebody'); $user = $this->getUserByUsername('user'); $magazine = $this->getMagazineByNameNoRSAKey('acme'); $post = $this->createPost('test article', user: $otherUser, magazine: $magazine); $comment = $this->createPostComment('test comment', $post); $commentRepository = $this->postCommentRepository; self::createOAuth2AuthCodeClient(); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read admin:post_comment:purge'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('DELETE', "/api/admin/post-comment/{$comment->getId()}/purge", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); $comment = $commentRepository->find($comment->getId()); self::assertNotNull($comment); } public function testApiCanPurgeComment(): void { $admin = $this->getUserByUsername('admin', isAdmin: true); $user = $this->getUserByUsername('user'); $magazine = $this->getMagazineByNameNoRSAKey('acme'); $post = $this->createPost('test article', user: $user, magazine: $magazine); $comment = $this->createPostComment('test comment', $post); $commentRepository = $this->postCommentRepository; self::createOAuth2AuthCodeClient(); $this->client->loginUser($admin); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read admin:post_comment:purge'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('DELETE', "/api/admin/post-comment/{$comment->getId()}/purge", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(204); $comment = $commentRepository->find($comment->getId()); self::assertNull($comment); } public function testApiCannotPurgeImageCommentAnonymous(): void { $magazine = $this->getMagazineByNameNoRSAKey('acme'); $imageDto = $this->getKibbyImageDto(); $post = $this->createPost('test image', magazine: $magazine); $comment = $this->createPostComment('test comment', $post, imageDto: $imageDto); $commentRepository = $this->postCommentRepository; $this->client->request('DELETE', "/api/admin/post-comment/{$comment->getId()}/purge"); self::assertResponseStatusCodeSame(401); $comment = $commentRepository->find($comment->getId()); self::assertNotNull($comment); } public function testApiCannotPurgeImageCommentWithoutScope(): void { $magazine = $this->getMagazineByNameNoRSAKey('acme'); $user = $this->getUserByUsername('user', isAdmin: true); $imageDto = $this->getKibbyImageDto(); $post = $this->createPost('test image', magazine: $magazine); $comment = $this->createPostComment('test comment', $post, imageDto: $imageDto); $commentRepository = $this->postCommentRepository; self::createOAuth2AuthCodeClient(); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('DELETE', "/api/admin/post-comment/{$comment->getId()}/purge", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); $comment = $commentRepository->find($comment->getId()); self::assertNotNull($comment); } public function testApiNonAdminCannotPurgeImageComment(): void { $user = $this->getUserByUsername('user'); $magazine = $this->getMagazineByNameNoRSAKey('acme'); $imageDto = $this->getKibbyImageDto(); $post = $this->createPost('test image', magazine: $magazine); $comment = $this->createPostComment('test comment', $post, imageDto: $imageDto); $commentRepository = $this->postCommentRepository; self::createOAuth2AuthCodeClient(); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read admin:post_comment:purge'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('DELETE', "/api/admin/post-comment/{$comment->getId()}/purge", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); $comment = $commentRepository->find($comment->getId()); self::assertNotNull($comment); } public function testApiCanPurgeImageComment(): void { $admin = $this->getUserByUsername('admin', isAdmin: true); $magazine = $this->getMagazineByNameNoRSAKey('acme'); $imageDto = $this->getKibbyImageDto(); $post = $this->createPost('test image', magazine: $magazine); $comment = $this->createPostComment('test comment', $post, imageDto: $imageDto); $commentRepository = $this->postCommentRepository; self::createOAuth2AuthCodeClient(); $this->client->loginUser($admin); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read admin:post_comment:purge'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('DELETE', "/api/admin/post-comment/{$comment->getId()}/purge", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(204); $comment = $commentRepository->find($comment->getId()); self::assertNull($comment); } } ================================================ FILE: tests/Functional/Controller/Api/Post/Comment/Moderate/PostCommentSetAdultApiTest.php ================================================ getMagazineByNameNoRSAKey('acme'); $post = $this->createPost('a post', $magazine); $comment = $this->createPostComment('test comment', $post); $this->client->jsonRequest('PUT', "/api/moderate/post-comment/{$comment->getId()}/adult/true"); self::assertResponseStatusCodeSame(401); } public function testApiCannotSetCommentAdultWithoutScope(): void { $user = $this->getUserByUsername('user'); $admin = $this->getUserByUsername('admin', isAdmin: true); $magazine = $this->getMagazineByNameNoRSAKey('acme'); $user2 = $this->getUserByUsername('user2'); $post = $this->createPost('a post', magazine: $magazine); $comment = $this->createPostComment('test comment', $post, $user2); $magazineManager = $this->magazineManager; $moderator = new ModeratorDto($magazine); $moderator->user = $user; $moderator->addedBy = $admin; $magazineManager->addModerator($moderator); self::createOAuth2AuthCodeClient(); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->jsonRequest('PUT', "/api/moderate/post-comment/{$comment->getId()}/adult/true", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); } public function testApiNonModCannotSetCommentAdult(): void { $magazine = $this->getMagazineByNameNoRSAKey('acme'); $user = $this->getUserByUsername('user'); $user2 = $this->getUserByUsername('user2'); $post = $this->createPost('a post', $magazine); $comment = $this->createPostComment('test comment', $post, $user2); self::createOAuth2AuthCodeClient(); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read moderate:post_comment:set_adult'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->jsonRequest('PUT', "/api/moderate/post-comment/{$comment->getId()}/adult/true", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); } public function testApiCanSetCommentAdult(): void { $user = $this->getUserByUsername('user'); $admin = $this->getUserByUsername('admin', isAdmin: true); $magazine = $this->getMagazineByNameNoRSAKey('acme'); $user2 = $this->getUserByUsername('other'); $post = $this->createPost('a post', magazine: $magazine); $comment = $this->createPostComment('test comment', $post, $user2); $magazineManager = $this->magazineManager; $moderator = new ModeratorDto($magazine); $moderator->user = $user; $moderator->addedBy = $admin; $magazineManager->addModerator($moderator); self::createOAuth2AuthCodeClient(); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read moderate:post_comment:set_adult'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->jsonRequest('PUT', "/api/moderate/post-comment/{$comment->getId()}/adult/true", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(200); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::POST_COMMENT_RESPONSE_KEYS, $jsonData); self::assertTrue($jsonData['isAdult']); } public function testApiCannotUnsetCommentAdultAnonymous(): void { $magazine = $this->getMagazineByNameNoRSAKey('acme'); $post = $this->createPost('a post', $magazine); $comment = $this->createPostComment('test comment', $post); $entityManager = $this->entityManager; $comment->isAdult = true; $entityManager->persist($comment); $entityManager->flush(); $this->client->jsonRequest('PUT', "/api/moderate/post-comment/{$comment->getId()}/adult/false"); self::assertResponseStatusCodeSame(401); } public function testApiCannotUnsetCommentAdultWithoutScope(): void { $user = $this->getUserByUsername('user'); $admin = $this->getUserByUsername('admin', isAdmin: true); $magazine = $this->getMagazineByNameNoRSAKey('acme'); $user2 = $this->getUserByUsername('user2'); $post = $this->createPost('a post', magazine: $magazine); $comment = $this->createPostComment('test comment', $post, $user2); $magazineManager = $this->magazineManager; $moderator = new ModeratorDto($magazine); $moderator->user = $user; $moderator->addedBy = $admin; $magazineManager->addModerator($moderator); $entityManager = $this->entityManager; $comment->isAdult = true; $entityManager->persist($comment); $entityManager->flush(); self::createOAuth2AuthCodeClient(); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->jsonRequest('PUT', "/api/moderate/post-comment/{$comment->getId()}/adult/false", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); } public function testApiNonModCannotUnsetCommentAdult(): void { $magazine = $this->getMagazineByNameNoRSAKey('acme'); $user = $this->getUserByUsername('user'); $user2 = $this->getUserByUsername('user2'); $post = $this->createPost('a post', $magazine); $comment = $this->createPostComment('test comment', $post, $user2); $entityManager = $this->entityManager; $comment->isAdult = true; $entityManager->persist($comment); $entityManager->flush(); self::createOAuth2AuthCodeClient(); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read moderate:post_comment:set_adult'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->jsonRequest('PUT', "/api/moderate/post-comment/{$comment->getId()}/adult/false", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); } public function testApiCanUnsetCommentAdult(): void { $user = $this->getUserByUsername('user'); $admin = $this->getUserByUsername('admin', isAdmin: true); $magazine = $this->getMagazineByNameNoRSAKey('acme'); $user2 = $this->getUserByUsername('other'); $post = $this->createPost('a post', magazine: $magazine); $comment = $this->createPostComment('test comment', $post, $user2); $magazineManager = $this->magazineManager; $moderator = new ModeratorDto($magazine); $moderator->user = $user; $moderator->addedBy = $admin; $magazineManager->addModerator($moderator); $entityManager = $this->entityManager; $comment->isAdult = true; $entityManager->persist($comment); $entityManager->flush(); $commentRepository = $this->postCommentRepository; self::createOAuth2AuthCodeClient(); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read moderate:post_comment:set_adult'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->jsonRequest('PUT', "/api/moderate/post-comment/{$comment->getId()}/adult/false", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(200); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::POST_COMMENT_RESPONSE_KEYS, $jsonData); self::assertFalse($jsonData['isAdult']); $comment = $commentRepository->find($comment->getId()); self::assertFalse($comment->isAdult); } } ================================================ FILE: tests/Functional/Controller/Api/Post/Comment/Moderate/PostCommentSetLanguageApiTest.php ================================================ createPost('a post'); $comment = $this->createPostComment('test comment', $post); $this->client->jsonRequest('PUT', "/api/moderate/post-comment/{$comment->getId()}/de"); self::assertResponseStatusCodeSame(401); } public function testApiCannotSetCommentLanguageWithoutScope(): void { $user = $this->getUserByUsername('user'); $admin = $this->getUserByUsername('admin', isAdmin: true); $magazine = $this->getMagazineByName('acme'); $user2 = $this->getUserByUsername('user2'); $post = $this->createPost('a post', magazine: $magazine); $comment = $this->createPostComment('test comment', $post, $user2); $magazineManager = $this->magazineManager; $moderator = new ModeratorDto($magazine); $moderator->user = $user; $moderator->addedBy = $admin; $magazineManager->addModerator($moderator); self::createOAuth2AuthCodeClient(); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->jsonRequest('PUT', "/api/moderate/post-comment/{$comment->getId()}/de", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); } public function testApiNonModCannotSetCommentLanguage(): void { $user = $this->getUserByUsername('user'); $user2 = $this->getUserByUsername('user2'); $post = $this->createPost('a post'); $comment = $this->createPostComment('test comment', $post, $user2); self::createOAuth2AuthCodeClient(); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read moderate:post_comment:language'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->jsonRequest('PUT', "/api/moderate/post-comment/{$comment->getId()}/de", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); } public function testApiCanSetCommentLanguage(): void { $user = $this->getUserByUsername('user'); $admin = $this->getUserByUsername('admin', isAdmin: true); $magazine = $this->getMagazineByName('acme'); $user2 = $this->getUserByUsername('other'); $post = $this->createPost('a post', magazine: $magazine); $comment = $this->createPostComment('test comment', $post, $user2); $magazineManager = $this->magazineManager; $moderator = new ModeratorDto($magazine); $moderator->user = $user; $moderator->addedBy = $admin; $magazineManager->addModerator($moderator); self::createOAuth2AuthCodeClient(); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read moderate:post_comment:language'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->jsonRequest('PUT', "/api/moderate/post-comment/{$comment->getId()}/de", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(200); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::POST_COMMENT_RESPONSE_KEYS, $jsonData); self::assertSame($comment->getId(), $jsonData['commentId']); self::assertSame('test comment', $jsonData['body']); self::assertSame('de', $jsonData['lang']); } } ================================================ FILE: tests/Functional/Controller/Api/Post/Comment/Moderate/PostCommentTrashApiTest.php ================================================ getMagazineByNameNoRSAKey('acme'); $post = $this->createPost('a post', $magazine); $comment = $this->createPostComment('test comment', $post); $this->client->jsonRequest('PUT', "/api/moderate/post-comment/{$comment->getId()}/trash"); self::assertResponseStatusCodeSame(401); } public function testApiCannotTrashCommentWithoutScope(): void { $user = $this->getUserByUsername('user'); $admin = $this->getUserByUsername('admin', isAdmin: true); $magazine = $this->getMagazineByNameNoRSAKey('acme'); $user2 = $this->getUserByUsername('user2'); $post = $this->createPost('a post', magazine: $magazine); $comment = $this->createPostComment('test comment', $post, $user2); $magazineManager = $this->magazineManager; $moderator = new ModeratorDto($magazine); $moderator->user = $user; $moderator->addedBy = $admin; $magazineManager->addModerator($moderator); self::createOAuth2AuthCodeClient(); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->jsonRequest('PUT', "/api/moderate/post-comment/{$comment->getId()}/trash", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); } public function testApiNonModCannotTrashComment(): void { $magazine = $this->getMagazineByNameNoRSAKey('acme'); $user = $this->getUserByUsername('user'); $user2 = $this->getUserByUsername('user2'); $post = $this->createPost('a post', $magazine); $comment = $this->createPostComment('test comment', $post, $user2); self::createOAuth2AuthCodeClient(); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read moderate:post_comment:trash'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->jsonRequest('PUT', "/api/moderate/post-comment/{$comment->getId()}/trash", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); } public function testApiCanTrashComment(): void { $user = $this->getUserByUsername('user'); $admin = $this->getUserByUsername('admin', isAdmin: true); $magazine = $this->getMagazineByName('acme'); $user2 = $this->getUserByUsername('other'); $post = $this->createPost('a post', magazine: $magazine); $comment = $this->createPostComment('test comment', $post, $user2); $magazineManager = $this->magazineManager; $moderator = new ModeratorDto($magazine); $moderator->user = $user; $moderator->addedBy = $admin; $magazineManager->addModerator($moderator); self::createOAuth2AuthCodeClient(); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read moderate:post_comment:trash'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->jsonRequest('PUT', "/api/moderate/post-comment/{$comment->getId()}/trash", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(200); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::POST_COMMENT_RESPONSE_KEYS, $jsonData); self::assertSame($comment->getId(), $jsonData['commentId']); self::assertSame('test comment', $jsonData['body']); self::assertSame('trashed', $jsonData['visibility']); } public function testApiCannotRestoreCommentAnonymous(): void { $magazine = $this->getMagazineByNameNoRSAKey('acme'); $post = $this->createPost('a post', $magazine); $comment = $this->createPostComment('test comment', $post); $postCommentManager = $this->postCommentManager; $postCommentManager->trash($this->getUserByUsername('user'), $comment); $this->client->jsonRequest('PUT', "/api/moderate/post-comment/{$comment->getId()}/restore"); self::assertResponseStatusCodeSame(401); } public function testApiCannotRestoreCommentWithoutScope(): void { $magazine = $this->getMagazineByNameNoRSAKey('acme'); $user = $this->getUserByUsername('user'); $user2 = $this->getUserByUsername('user2'); $post = $this->createPost('a post', $magazine); $comment = $this->createPostComment('test comment', $post, $user2); $postCommentManager = $this->postCommentManager; $postCommentManager->trash($user, $comment); self::createOAuth2AuthCodeClient(); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->jsonRequest('PUT', "/api/moderate/post-comment/{$comment->getId()}/restore", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); } public function testApiNonModCannotRestoreComment(): void { $magazine = $this->getMagazineByNameNoRSAKey('acme'); $user = $this->getUserByUsername('user'); $user2 = $this->getUserByUsername('user2'); $post = $this->createPost('a post', $magazine); $comment = $this->createPostComment('test comment', $post, $user2); $postCommentManager = $this->postCommentManager; $postCommentManager->trash($user, $comment); self::createOAuth2AuthCodeClient(); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read moderate:post_comment:trash'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->jsonRequest('PUT', "/api/moderate/post-comment/{$comment->getId()}/restore", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); } public function testApiCanRestoreComment(): void { $user = $this->getUserByUsername('user'); $admin = $this->getUserByUsername('admin', isAdmin: true); $magazine = $this->getMagazineByNameNoRSAKey('acme'); $user2 = $this->getUserByUsername('other'); $post = $this->createPost('a post', magazine: $magazine); $comment = $this->createPostComment('test comment', $post, $user2); $magazineManager = $this->magazineManager; $moderator = new ModeratorDto($magazine); $moderator->user = $user; $moderator->addedBy = $admin; $magazineManager->addModerator($moderator); $postCommentManager = $this->postCommentManager; $postCommentManager->trash($user, $comment); self::createOAuth2AuthCodeClient(); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read moderate:post_comment:trash'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->jsonRequest('PUT', "/api/moderate/post-comment/{$comment->getId()}/restore", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(200); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::POST_COMMENT_RESPONSE_KEYS, $jsonData); self::assertSame($comment->getId(), $jsonData['commentId']); self::assertSame('test comment', $jsonData['body']); self::assertSame('visible', $jsonData['visibility']); } } ================================================ FILE: tests/Functional/Controller/Api/Post/Comment/PostCommentCreateApiTest.php ================================================ createPost('a post'); $comment = [ 'body' => 'Test comment', 'lang' => 'en', 'isAdult' => false, ]; $this->client->jsonRequest( 'POST', "/api/posts/{$post->getId()}/comments", parameters: $comment ); self::assertResponseStatusCodeSame(401); } public function testApiCannotCreateCommentWithoutScope(): void { $post = $this->createPost('a post'); $comment = [ 'body' => 'Test comment', 'lang' => 'en', 'isAdult' => false, ]; self::createOAuth2AuthCodeClient(); $this->client->loginUser($this->getUserByUsername('user')); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->jsonRequest( 'POST', "/api/posts/{$post->getId()}/comments", parameters: $comment, server: ['HTTP_AUTHORIZATION' => $token] ); self::assertResponseStatusCodeSame(403); } public function testApiCanCreateComment(): void { $post = $this->createPost('a post'); $comment = [ 'body' => 'Test comment', 'lang' => 'en', 'isAdult' => false, ]; self::createOAuth2AuthCodeClient(); $user = $this->getUserByUsername('user'); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read post_comment:create'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->jsonRequest( 'POST', "/api/posts/{$post->getId()}/comments", parameters: $comment, server: ['HTTP_AUTHORIZATION' => $token] ); self::assertResponseStatusCodeSame(201); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::POST_COMMENT_RESPONSE_KEYS, $jsonData); self::assertSame($comment['body'], $jsonData['body']); self::assertSame($comment['lang'], $jsonData['lang']); self::assertSame($comment['isAdult'], $jsonData['isAdult']); self::assertSame($post->getId(), $jsonData['postId']); self::assertIsArray($jsonData['magazine']); self::assertArrayKeysMatch(self::MAGAZINE_SMALL_RESPONSE_KEYS, $jsonData['magazine']); self::assertSame($post->magazine->getId(), $jsonData['magazine']['magazineId']); self::assertIsArray($jsonData['user']); self::assertArrayKeysMatch(self::USER_SMALL_RESPONSE_KEYS, $jsonData['user']); self::assertSame($user->getId(), $jsonData['user']['userId']); self::assertNull($jsonData['rootId']); self::assertNull($jsonData['parentId']); } public function testApiCannotCreateCommentReplyAnonymous(): void { $post = $this->createPost('a post'); $postComment = $this->createPostComment('a comment', $post); $comment = [ 'body' => 'Test comment', 'lang' => 'en', 'isAdult' => false, ]; $this->client->jsonRequest( 'POST', "/api/posts/{$post->getId()}/comments/{$postComment->getId()}/reply", parameters: $comment ); self::assertResponseStatusCodeSame(401); } public function testApiCannotCreateCommentReplyWithoutScope(): void { $post = $this->createPost('a post'); $postComment = $this->createPostComment('a comment', $post); $comment = [ 'body' => 'Test comment', 'lang' => 'en', 'isAdult' => false, ]; self::createOAuth2AuthCodeClient(); $this->client->loginUser($this->getUserByUsername('user')); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->jsonRequest( 'POST', "/api/posts/{$post->getId()}/comments/{$postComment->getId()}/reply", parameters: $comment, server: ['HTTP_AUTHORIZATION' => $token] ); self::assertResponseStatusCodeSame(403); } public function testApiCanCreateCommentReply(): void { $post = $this->createPost('a post'); $postComment = $this->createPostComment('a comment', $post); $comment = [ 'body' => 'Test comment', 'lang' => 'en', 'isAdult' => false, ]; self::createOAuth2AuthCodeClient(); $user = $this->getUserByUsername('user'); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read post_comment:create'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->jsonRequest( 'POST', "/api/posts/{$post->getId()}/comments/{$postComment->getId()}/reply", parameters: $comment, server: ['HTTP_AUTHORIZATION' => $token] ); self::assertResponseStatusCodeSame(201); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::POST_COMMENT_RESPONSE_KEYS, $jsonData); self::assertSame($comment['body'], $jsonData['body']); self::assertSame($comment['lang'], $jsonData['lang']); self::assertSame($comment['isAdult'], $jsonData['isAdult']); self::assertSame($post->getId(), $jsonData['postId']); self::assertIsArray($jsonData['magazine']); self::assertArrayKeysMatch(self::MAGAZINE_SMALL_RESPONSE_KEYS, $jsonData['magazine']); self::assertSame($post->magazine->getId(), $jsonData['magazine']['magazineId']); self::assertIsArray($jsonData['user']); self::assertArrayKeysMatch(self::USER_SMALL_RESPONSE_KEYS, $jsonData['user']); self::assertSame($user->getId(), $jsonData['user']['userId']); self::assertSame($postComment->getId(), $jsonData['rootId']); self::assertSame($postComment->getId(), $jsonData['parentId']); } public function testApiCannotCreateImageCommentAnonymous(): void { $post = $this->createPost('a post'); $comment = [ 'body' => 'Test comment', 'lang' => 'en', 'isAdult' => false, 'alt' => 'It\'s Kibby!', ]; // Uploading a file appears to delete the file at the given path, so make a copy before upload copy($this->kibbyPath, $this->kibbyPath.'.tmp'); $image = new UploadedFile($this->kibbyPath.'.tmp', 'kibby_emoji.png', 'image/png'); $this->client->request( 'POST', "/api/posts/{$post->getId()}/comments/image", parameters: $comment, files: ['uploadImage' => $image] ); self::assertResponseStatusCodeSame(401); } public function testApiCannotCreateImageCommentWithoutScope(): void { $post = $this->createPost('a post'); $comment = [ 'body' => 'Test comment', 'lang' => 'en', 'isAdult' => false, 'alt' => 'It\'s Kibby!', ]; // Uploading a file appears to delete the file at the given path, so make a copy before upload $tmpPath = bin2hex(random_bytes(32)); copy($this->kibbyPath, $tmpPath.'.png'); $image = new UploadedFile($tmpPath.'.png', 'kibby_emoji.png', 'image/png'); self::createOAuth2AuthCodeClient(); $this->client->loginUser($this->getUserByUsername('user')); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request( 'POST', "/api/posts/{$post->getId()}/comments/image", parameters: $comment, files: ['uploadImage' => $image], server: ['HTTP_AUTHORIZATION' => $token] ); self::assertResponseStatusCodeSame(403); } public function testApiCanCreateImageComment(): void { $post = $this->createPost('a post'); $comment = [ 'body' => 'Test comment', 'lang' => 'en', 'isAdult' => false, 'alt' => 'It\'s Kibby!', ]; // Uploading a file appears to delete the file at the given path, so make a copy before upload copy($this->kibbyPath, $this->kibbyPath.'.tmp'); $image = new UploadedFile($this->kibbyPath.'.tmp', 'kibby_emoji.png', 'image/png'); self::createOAuth2AuthCodeClient(); $user = $this->getUserByUsername('user'); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read post_comment:create'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request( 'POST', "/api/posts/{$post->getId()}/comments/image", parameters: $comment, files: ['uploadImage' => $image], server: ['HTTP_AUTHORIZATION' => $token] ); self::assertResponseStatusCodeSame(201); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::POST_COMMENT_RESPONSE_KEYS, $jsonData); self::assertSame($comment['body'], $jsonData['body']); self::assertSame($comment['lang'], $jsonData['lang']); self::assertSame($comment['isAdult'], $jsonData['isAdult']); self::assertSame($post->getId(), $jsonData['postId']); self::assertIsArray($jsonData['magazine']); self::assertArrayKeysMatch(self::MAGAZINE_SMALL_RESPONSE_KEYS, $jsonData['magazine']); self::assertSame($post->magazine->getId(), $jsonData['magazine']['magazineId']); self::assertIsArray($jsonData['user']); self::assertArrayKeysMatch(self::USER_SMALL_RESPONSE_KEYS, $jsonData['user']); self::assertSame($user->getId(), $jsonData['user']['userId']); self::assertNull($jsonData['rootId']); self::assertNull($jsonData['parentId']); } public function testApiCannotCreateImageCommentReplyAnonymous(): void { $post = $this->createPost('a post'); $postComment = $this->createPostComment('a comment', $post); $comment = [ 'body' => 'Test comment', 'lang' => 'en', 'isAdult' => false, 'alt' => 'It\'s Kibby!', ]; // Uploading a file appears to delete the file at the given path, so make a copy before upload copy($this->kibbyPath, $this->kibbyPath.'.tmp'); $image = new UploadedFile($this->kibbyPath.'.tmp', 'kibby_emoji.png', 'image/png'); $this->client->request( 'POST', "/api/posts/{$post->getId()}/comments/{$postComment->getId()}/reply/image", parameters: $comment, files: ['uploadImage' => $image] ); self::assertResponseStatusCodeSame(401); } public function testApiCannotCreateImageCommentReplyWithoutScope(): void { $post = $this->createPost('a post'); $postComment = $this->createPostComment('a comment', $post); $comment = [ 'body' => 'Test comment', 'lang' => 'en', 'isAdult' => false, ]; // Uploading a file appears to delete the file at the given path, so make a copy before upload $tmpPath = bin2hex(random_bytes(32)); copy($this->kibbyPath, $tmpPath.'.tmp'); $image = new UploadedFile($tmpPath.'.tmp', 'kibby_emoji.png', 'image/png'); self::createOAuth2AuthCodeClient(); $this->client->loginUser($this->getUserByUsername('user')); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request( 'POST', "/api/posts/{$post->getId()}/comments/{$postComment->getId()}/reply/image", parameters: $comment, files: ['uploadImage' => $image], server: ['HTTP_AUTHORIZATION' => $token] ); self::assertResponseStatusCodeSame(403); } public function testApiCanCreateImageCommentReply(): void { $post = $this->createPost('a post'); $postComment = $this->createPostComment('a comment', $post); $comment = [ 'body' => 'Test comment', 'lang' => 'en', 'isAdult' => false, 'alt' => 'It\'s Kibby!', ]; // Uploading a file appears to delete the file at the given path, so make a copy before upload $tmpPath = bin2hex(random_bytes(32)); copy($this->kibbyPath, $tmpPath.'.png'); $image = new UploadedFile($tmpPath.'.png', 'kibby_emoji.png', 'image/png'); $imageManager = $this->imageManager; $expectedPath = $imageManager->getFilePath($image->getFilename()); self::createOAuth2AuthCodeClient(); $user = $this->getUserByUsername('user'); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read post_comment:create'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request( 'POST', "/api/posts/{$post->getId()}/comments/{$postComment->getId()}/reply/image", parameters: $comment, files: ['uploadImage' => $image], server: ['HTTP_AUTHORIZATION' => $token] ); self::assertResponseStatusCodeSame(201); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::POST_COMMENT_RESPONSE_KEYS, $jsonData); self::assertSame($comment['body'], $jsonData['body']); self::assertSame($comment['lang'], $jsonData['lang']); self::assertSame($comment['isAdult'], $jsonData['isAdult']); self::assertSame($post->getId(), $jsonData['postId']); self::assertIsArray($jsonData['magazine']); self::assertArrayKeysMatch(self::MAGAZINE_SMALL_RESPONSE_KEYS, $jsonData['magazine']); self::assertSame($post->magazine->getId(), $jsonData['magazine']['magazineId']); self::assertIsArray($jsonData['user']); self::assertArrayKeysMatch(self::USER_SMALL_RESPONSE_KEYS, $jsonData['user']); self::assertSame($user->getId(), $jsonData['user']['userId']); self::assertSame($postComment->getId(), $jsonData['rootId']); self::assertSame($postComment->getId(), $jsonData['parentId']); self::assertIsArray($jsonData['image']); self::assertArrayKeysMatch(self::IMAGE_KEYS, $jsonData['image']); self::assertEquals($expectedPath, $jsonData['image']['filePath']); } } ================================================ FILE: tests/Functional/Controller/Api/Post/Comment/PostCommentDeleteApiTest.php ================================================ createPost('a post'); $comment = $this->createPostComment('test comment', $post); $this->client->request('DELETE', "/api/post-comments/{$comment->getId()}"); self::assertResponseStatusCodeSame(401); } public function testApiCannotDeleteCommentWithoutScope(): void { $user = $this->getUserByUsername('user'); $post = $this->createPost('a post'); $comment = $this->createPostComment('test comment', $post, $user); self::createOAuth2AuthCodeClient(); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('DELETE', "/api/post-comments/{$comment->getId()}", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); } public function testApiCannotDeleteOtherUsersComment(): void { $user = $this->getUserByUsername('user'); $user2 = $this->getUserByUsername('other'); $post = $this->createPost('a post'); $comment = $this->createPostComment('test comment', $post, $user2); self::createOAuth2AuthCodeClient(); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read post_comment:delete'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('DELETE', "/api/post-comments/{$comment->getId()}", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); } public function testApiCanDeleteComment(): void { $user = $this->getUserByUsername('user'); $post = $this->createPost('a post'); $comment = $this->createPostComment('test comment', $post, $user); $commentRepository = $this->postCommentRepository; self::createOAuth2AuthCodeClient(); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read post_comment:delete'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('DELETE', "/api/post-comments/{$comment->getId()}", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(204); $comment = $commentRepository->find($comment->getId()); self::assertNull($comment); } public function testApiCanSoftDeleteComment(): void { $user = $this->getUserByUsername('user'); $post = $this->createPost('a post'); $comment = $this->createPostComment('test comment', $post, $user); $this->createPostComment('test comment', $post, $user, parent: $comment); $commentRepository = $this->postCommentRepository; self::createOAuth2AuthCodeClient(); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read post_comment:delete'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('DELETE', "/api/post-comments/{$comment->getId()}", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(204); $comment = $commentRepository->find($comment->getId()); self::assertNotNull($comment); self::assertTrue($comment->isSoftDeleted()); } } ================================================ FILE: tests/Functional/Controller/Api/Post/Comment/PostCommentReportApiTest.php ================================================ createPost('a post'); $comment = $this->createPostComment('test comment', $post); $report = [ 'reason' => 'This comment breaks the rules!', ]; $this->client->jsonRequest('POST', "/api/post-comments/{$comment->getId()}/report", $report); self::assertResponseStatusCodeSame(401); } public function testApiCannotReportCommentWithoutScope(): void { $user = $this->getUserByUsername('user'); $post = $this->createPost('a post'); $comment = $this->createPostComment('test comment', $post, $user); $report = [ 'reason' => 'This comment breaks the rules!', ]; self::createOAuth2AuthCodeClient(); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->jsonRequest('POST', "/api/post-comments/{$comment->getId()}/report", $report, server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); } public function testApiCanReportOtherUsersComment(): void { $user = $this->getUserByUsername('user'); $user2 = $this->getUserByUsername('other'); $post = $this->createPost('a post'); $comment = $this->createPostComment('test comment', $post, $user2); $reportRepository = $this->reportRepository; $report = [ 'reason' => 'This comment breaks the rules!', ]; self::createOAuth2AuthCodeClient(); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read post_comment:report'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->jsonRequest('POST', "/api/post-comments/{$comment->getId()}/report", $report, server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(204); $report = $reportRepository->findBySubject($comment); self::assertNotNull($report); self::assertSame('This comment breaks the rules!', $report->reason); self::assertSame($user->getId(), $report->reporting->getId()); } public function testApiCanReportOwnComment(): void { $user = $this->getUserByUsername('user'); $post = $this->createPost('a post'); $comment = $this->createPostComment('test comment', $post, $user); $reportRepository = $this->reportRepository; $report = [ 'reason' => 'This comment breaks the rules!', ]; self::createOAuth2AuthCodeClient(); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read post_comment:report'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->jsonRequest('POST', "/api/post-comments/{$comment->getId()}/report", $report, server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(204); $report = $reportRepository->findBySubject($comment); self::assertNotNull($report); self::assertSame('This comment breaks the rules!', $report->reason); self::assertSame($user->getId(), $report->reporting->getId()); } } ================================================ FILE: tests/Functional/Controller/Api/Post/Comment/PostCommentRetrieveApiTest.php ================================================ createPost('test post'); for ($i = 0; $i < 5; ++$i) { $this->createPostComment("test parent comment {$i}", $post); } $this->client->request('GET', "/api/posts/{$post->getId()}/comments"); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::PAGINATED_KEYS, $jsonData); self::assertIsArray($jsonData['items']); self::assertCount(5, $jsonData['items']); self::assertIsArray($jsonData['pagination']); self::assertArrayKeysMatch(self::PAGINATION_KEYS, $jsonData['pagination']); self::assertSame(5, $jsonData['pagination']['count']); foreach ($jsonData['items'] as $comment) { self::assertIsArray($comment); self::assertArrayKeysMatch(self::POST_COMMENT_RESPONSE_KEYS, $comment); self::assertIsArray($comment['user']); self::assertArrayKeysMatch(self::USER_SMALL_RESPONSE_KEYS, $comment['user']); self::assertIsArray($comment['magazine']); self::assertArrayKeysMatch(self::MAGAZINE_SMALL_RESPONSE_KEYS, $comment['magazine']); self::assertSame($post->getId(), $comment['postId']); self::assertStringContainsString('test parent comment', $comment['body']); self::assertSame('en', $comment['lang']); self::assertSame(0, $comment['uv']); self::assertSame(0, $comment['favourites']); self::assertSame(0, $comment['childCount']); self::assertSame('visible', $comment['visibility']); self::assertIsArray($comment['mentions']); self::assertEmpty($comment['mentions']); self::assertIsArray($comment['children']); self::assertEmpty($comment['children']); self::assertFalse($comment['isAdult']); self::assertNull($comment['image']); self::assertNull($comment['parentId']); self::assertNull($comment['rootId']); self::assertNull($comment['isFavourited']); self::assertNull($comment['userVote']); self::assertNull($comment['apId']); self::assertEmpty($comment['tags']); self::assertNull($comment['editedAt']); self::assertStringMatchesFormat('%d-%d-%dT%d:%d:%d%i:00', $comment['createdAt'], 'createdAt date format invalid'); self::assertStringMatchesFormat('%d-%d-%dT%d:%d:%d%i:00', $comment['lastActive'], 'lastActive date format invalid'); self::assertNull($comment['bookmarks']); } } public function testApiCannotGetPostCommentsByPreferredLangAnonymous(): void { $post = $this->createPost('test post'); for ($i = 0; $i < 5; ++$i) { $this->createPostComment("test parent comment {$i}", $post); } $this->client->request('GET', "/api/posts/{$post->getId()}/comments?usePreferredLangs=true"); self::assertResponseStatusCodeSame(403); } public function testApiCanGetPostCommentsByPreferredLang(): void { $post = $this->createPost('test post'); for ($i = 0; $i < 5; ++$i) { $this->createPostComment("test parent comment {$i}", $post); $this->createPostComment("test german parent comment {$i}", $post, lang: 'de'); $this->createPostComment("test dutch parent comment {$i}", $post, lang: 'nl'); } self::createOAuth2AuthCodeClient(); $user = $this->getUserByUsername('user'); $user->preferredLanguages = ['en', 'de']; $entityManager = $this->entityManager; $entityManager->persist($user); $entityManager->flush(); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('GET', "/api/posts/{$post->getId()}/comments?usePreferredLangs=true", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::PAGINATED_KEYS, $jsonData); self::assertIsArray($jsonData['items']); self::assertCount(10, $jsonData['items']); self::assertIsArray($jsonData['pagination']); self::assertArrayKeysMatch(self::PAGINATION_KEYS, $jsonData['pagination']); self::assertSame(10, $jsonData['pagination']['count']); foreach ($jsonData['items'] as $comment) { self::assertIsArray($comment); self::assertArrayKeysMatch(self::POST_COMMENT_RESPONSE_KEYS, $comment); self::assertIsArray($comment['user']); self::assertArrayKeysMatch(self::USER_SMALL_RESPONSE_KEYS, $comment['user']); self::assertIsArray($comment['magazine']); self::assertArrayKeysMatch(self::MAGAZINE_SMALL_RESPONSE_KEYS, $comment['magazine']); self::assertSame($post->getId(), $comment['postId']); self::assertStringContainsString('parent comment', $comment['body']); self::assertTrue('en' === $comment['lang'] || 'de' === $comment['lang']); self::assertSame(0, $comment['uv']); self::assertSame(0, $comment['favourites']); self::assertSame(0, $comment['childCount']); self::assertSame('visible', $comment['visibility']); self::assertIsArray($comment['mentions']); self::assertEmpty($comment['mentions']); self::assertIsArray($comment['children']); self::assertEmpty($comment['children']); self::assertFalse($comment['isAdult']); self::assertNull($comment['image']); self::assertNull($comment['parentId']); self::assertNull($comment['rootId']); // No scope granted so these should be null self::assertNull($comment['isFavourited']); self::assertNull($comment['userVote']); self::assertNull($comment['apId']); self::assertEmpty($comment['tags']); self::assertNull($comment['editedAt']); self::assertStringMatchesFormat('%d-%d-%dT%d:%d:%d%i:00', $comment['createdAt'], 'createdAt date format invalid'); self::assertStringMatchesFormat('%d-%d-%dT%d:%d:%d%i:00', $comment['lastActive'], 'lastActive date format invalid'); self::assertIsArray($comment['bookmarks']); self::assertEmpty($comment['bookmarks']); } } public function testApiCanGetPostCommentsWithLanguageAnonymous(): void { $post = $this->createPost('test post'); for ($i = 0; $i < 5; ++$i) { $this->createPostComment("test parent comment {$i}", $post); $this->createPostComment("test german parent comment {$i}", $post, lang: 'de'); $this->createPostComment("test dutch comment {$i}", $post, lang: 'nl'); } $this->client->request('GET', "/api/posts/{$post->getId()}/comments?lang[]=en&lang[]=de"); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::PAGINATED_KEYS, $jsonData); self::assertIsArray($jsonData['items']); self::assertCount(10, $jsonData['items']); self::assertIsArray($jsonData['pagination']); self::assertArrayKeysMatch(self::PAGINATION_KEYS, $jsonData['pagination']); self::assertSame(10, $jsonData['pagination']['count']); foreach ($jsonData['items'] as $comment) { self::assertIsArray($comment); self::assertArrayKeysMatch(self::POST_COMMENT_RESPONSE_KEYS, $comment); self::assertIsArray($comment['user']); self::assertArrayKeysMatch(self::USER_SMALL_RESPONSE_KEYS, $comment['user']); self::assertIsArray($comment['magazine']); self::assertArrayKeysMatch(self::MAGAZINE_SMALL_RESPONSE_KEYS, $comment['magazine']); self::assertSame($post->getId(), $comment['postId']); self::assertStringContainsString('parent comment', $comment['body']); self::assertTrue('en' === $comment['lang'] || 'de' === $comment['lang']); self::assertSame(0, $comment['uv']); self::assertSame(0, $comment['favourites']); self::assertSame(0, $comment['childCount']); self::assertSame('visible', $comment['visibility']); self::assertIsArray($comment['mentions']); self::assertEmpty($comment['mentions']); self::assertIsArray($comment['children']); self::assertEmpty($comment['children']); self::assertFalse($comment['isAdult']); self::assertNull($comment['image']); self::assertNull($comment['parentId']); self::assertNull($comment['rootId']); self::assertNull($comment['isFavourited']); self::assertNull($comment['userVote']); self::assertNull($comment['apId']); self::assertEmpty($comment['tags']); self::assertNull($comment['editedAt']); self::assertStringMatchesFormat('%d-%d-%dT%d:%d:%d%i:00', $comment['createdAt'], 'createdAt date format invalid'); self::assertStringMatchesFormat('%d-%d-%dT%d:%d:%d%i:00', $comment['lastActive'], 'lastActive date format invalid'); self::assertNull($comment['bookmarks']); } } public function testApiCanGetPostCommentsWithLanguage(): void { $post = $this->createPost('test post'); for ($i = 0; $i < 5; ++$i) { $this->createPostComment("test parent comment {$i}", $post); $this->createPostComment("test german parent comment {$i}", $post, lang: 'de'); $this->createPostComment("test dutch parent comment {$i}", $post, lang: 'nl'); } self::createOAuth2AuthCodeClient(); $this->client->loginUser($this->getUserByUsername('user')); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('GET', "/api/posts/{$post->getId()}/comments?lang[]=en&lang[]=de", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::PAGINATED_KEYS, $jsonData); self::assertIsArray($jsonData['items']); self::assertCount(10, $jsonData['items']); self::assertIsArray($jsonData['pagination']); self::assertArrayKeysMatch(self::PAGINATION_KEYS, $jsonData['pagination']); self::assertSame(10, $jsonData['pagination']['count']); foreach ($jsonData['items'] as $comment) { self::assertIsArray($comment); self::assertArrayKeysMatch(self::POST_COMMENT_RESPONSE_KEYS, $comment); self::assertIsArray($comment['user']); self::assertArrayKeysMatch(self::USER_SMALL_RESPONSE_KEYS, $comment['user']); self::assertIsArray($comment['magazine']); self::assertArrayKeysMatch(self::MAGAZINE_SMALL_RESPONSE_KEYS, $comment['magazine']); self::assertSame($post->getId(), $comment['postId']); self::assertStringContainsString('parent comment', $comment['body']); self::assertTrue('en' === $comment['lang'] || 'de' === $comment['lang']); self::assertSame(0, $comment['uv']); self::assertSame(0, $comment['favourites']); self::assertSame(0, $comment['childCount']); self::assertSame('visible', $comment['visibility']); self::assertIsArray($comment['mentions']); self::assertEmpty($comment['mentions']); self::assertIsArray($comment['children']); self::assertEmpty($comment['children']); self::assertFalse($comment['isAdult']); self::assertNull($comment['image']); self::assertNull($comment['parentId']); self::assertNull($comment['rootId']); // No scope granted so these should be null self::assertNull($comment['isFavourited']); self::assertNull($comment['userVote']); self::assertNull($comment['apId']); self::assertEmpty($comment['tags']); self::assertNull($comment['editedAt']); self::assertStringMatchesFormat('%d-%d-%dT%d:%d:%d%i:00', $comment['createdAt'], 'createdAt date format invalid'); self::assertStringMatchesFormat('%d-%d-%dT%d:%d:%d%i:00', $comment['lastActive'], 'lastActive date format invalid'); self::assertIsArray($comment['bookmarks']); self::assertEmpty($comment['bookmarks']); } } public function testApiCanGetPostComments(): void { $user = $this->getUserByUsername('user'); $post = $this->createPost('test post'); for ($i = 0; $i < 5; ++$i) { $this->createPostComment("test parent comment {$i} #tag @user", $post); } self::createOAuth2AuthCodeClient(); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('GET', "/api/posts/{$post->getId()}/comments", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::PAGINATED_KEYS, $jsonData); self::assertIsArray($jsonData['items']); self::assertCount(5, $jsonData['items']); self::assertIsArray($jsonData['pagination']); self::assertArrayKeysMatch(self::PAGINATION_KEYS, $jsonData['pagination']); self::assertSame(5, $jsonData['pagination']['count']); foreach ($jsonData['items'] as $comment) { self::assertIsArray($comment); self::assertArrayKeysMatch(self::POST_COMMENT_RESPONSE_KEYS, $comment); self::assertIsArray($comment['user']); self::assertArrayKeysMatch(self::USER_SMALL_RESPONSE_KEYS, $comment['user']); self::assertIsArray($comment['magazine']); self::assertArrayKeysMatch(self::MAGAZINE_SMALL_RESPONSE_KEYS, $comment['magazine']); self::assertSame($post->getId(), $comment['postId']); self::assertStringContainsString('test parent comment', $comment['body']); self::assertSame('en', $comment['lang']); self::assertSame(0, $comment['uv']); self::assertSame(0, $comment['favourites']); self::assertSame(0, $comment['childCount']); self::assertSame('visible', $comment['visibility']); self::assertIsArray($comment['mentions']); self::assertSame(['@user'], $comment['mentions']); self::assertIsArray($comment['tags']); self::assertSame(['tag'], $comment['tags']); self::assertIsArray($comment['children']); self::assertEmpty($comment['children']); self::assertFalse($comment['isAdult']); self::assertNull($comment['image']); self::assertNull($comment['parentId']); self::assertNull($comment['rootId']); // No scope granted so these should be null self::assertNull($comment['isFavourited']); self::assertNull($comment['userVote']); self::assertNull($comment['apId']); self::assertNull($comment['editedAt']); self::assertStringMatchesFormat('%d-%d-%dT%d:%d:%d%i:00', $comment['createdAt'], 'createdAt date format invalid'); self::assertStringMatchesFormat('%d-%d-%dT%d:%d:%d%i:00', $comment['lastActive'], 'lastActive date format invalid'); self::assertIsArray($comment['bookmarks']); self::assertEmpty($comment['bookmarks']); } } public function testApiCanGetPostCommentsWithChildren(): void { $post = $this->createPost('test post'); for ($i = 0; $i < 5; ++$i) { $comment = $this->createPostComment("test parent comment {$i}", $post); $this->createPostComment("test child comment {$i}", $post, parent: $comment); } self::createOAuth2AuthCodeClient(); $this->client->loginUser($this->getUserByUsername('user')); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('GET', "/api/posts/{$post->getId()}/comments", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::PAGINATED_KEYS, $jsonData); self::assertIsArray($jsonData['items']); self::assertCount(5, $jsonData['items']); self::assertIsArray($jsonData['pagination']); self::assertArrayKeysMatch(self::PAGINATION_KEYS, $jsonData['pagination']); self::assertSame(5, $jsonData['pagination']['count']); foreach ($jsonData['items'] as $comment) { self::assertIsArray($comment); self::assertArrayKeysMatch(self::POST_COMMENT_RESPONSE_KEYS, $comment); self::assertIsArray($comment['user']); self::assertArrayKeysMatch(self::USER_SMALL_RESPONSE_KEYS, $comment['user']); self::assertIsArray($comment['magazine']); self::assertArrayKeysMatch(self::MAGAZINE_SMALL_RESPONSE_KEYS, $comment['magazine']); self::assertSame($post->getId(), $comment['postId']); self::assertStringContainsString('test parent comment', $comment['body']); self::assertSame('en', $comment['lang']); self::assertSame(0, $comment['uv']); self::assertSame(0, $comment['favourites']); self::assertSame(1, $comment['childCount']); self::assertSame('visible', $comment['visibility']); self::assertIsArray($comment['mentions']); self::assertEmpty($comment['mentions']); self::assertIsArray($comment['children']); self::assertCount(1, $comment['children']); self::assertIsArray($comment['children'][0]); self::assertArrayKeysMatch(self::POST_COMMENT_RESPONSE_KEYS, $comment['children'][0]); self::assertStringContainsString('test child comment', $comment['children'][0]['body']); self::assertFalse($comment['isAdult']); self::assertNull($comment['image']); self::assertNull($comment['parentId']); self::assertNull($comment['rootId']); // No scope granted so these should be null self::assertNull($comment['isFavourited']); self::assertNull($comment['userVote']); self::assertNull($comment['apId']); self::assertEmpty($comment['tags']); self::assertNull($comment['editedAt']); self::assertStringMatchesFormat('%d-%d-%dT%d:%d:%d%i:00', $comment['createdAt'], 'createdAt date format invalid'); self::assertStringMatchesFormat('%d-%d-%dT%d:%d:%d%i:00', $comment['lastActive'], 'lastActive date format invalid'); self::assertIsArray($comment['bookmarks']); self::assertEmpty($comment['bookmarks']); } } public function testApiCanGetPostCommentsLimitedDepth(): void { $post = $this->createPost('test post'); for ($i = 0; $i < 2; ++$i) { $comment = $this->createPostComment("test parent comment {$i}", $post); $parent = $comment; for ($j = 1; $j <= 5; ++$j) { $parent = $this->createPostComment("test child comment {$i} depth {$j}", $post, parent: $parent); } } self::createOAuth2AuthCodeClient(); $this->client->loginUser($this->getUserByUsername('user')); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('GET', "/api/posts/{$post->getId()}/comments?d=3", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::PAGINATED_KEYS, $jsonData); self::assertIsArray($jsonData['items']); self::assertCount(2, $jsonData['items']); self::assertIsArray($jsonData['pagination']); self::assertArrayKeysMatch(self::PAGINATION_KEYS, $jsonData['pagination']); self::assertSame(2, $jsonData['pagination']['count']); foreach ($jsonData['items'] as $comment) { self::assertIsArray($comment); self::assertArrayKeysMatch(self::POST_COMMENT_RESPONSE_KEYS, $comment); self::assertIsArray($comment['user']); self::assertArrayKeysMatch(self::USER_SMALL_RESPONSE_KEYS, $comment['user']); self::assertIsArray($comment['magazine']); self::assertArrayKeysMatch(self::MAGAZINE_SMALL_RESPONSE_KEYS, $comment['magazine']); self::assertSame($post->getId(), $comment['postId']); self::assertStringContainsString('test parent comment', $comment['body']); self::assertSame('en', $comment['lang']); self::assertSame(0, $comment['uv']); self::assertSame(0, $comment['favourites']); self::assertSame(5, $comment['childCount']); self::assertSame('visible', $comment['visibility']); self::assertIsArray($comment['mentions']); self::assertEmpty($comment['mentions']); self::assertIsArray($comment['children']); self::assertCount(1, $comment['children']); $depth = 0; $current = $comment; while (\count($current['children']) > 0) { self::assertIsArray($current['children'][0]); self::assertArrayKeysMatch(self::POST_COMMENT_RESPONSE_KEYS, $current['children'][0]); self::assertStringContainsString('test child comment', $current['children'][0]['body']); self::assertSame(5 - ($depth + 1), $current['children'][0]['childCount']); $current = $current['children'][0]; ++$depth; } self::assertSame(3, $depth); self::assertFalse($comment['isAdult']); self::assertNull($comment['image']); self::assertNull($comment['parentId']); self::assertNull($comment['rootId']); // No scope granted so these should be null self::assertNull($comment['isFavourited']); self::assertNull($comment['userVote']); self::assertNull($comment['apId']); self::assertEmpty($comment['tags']); self::assertNull($comment['editedAt']); self::assertStringMatchesFormat('%d-%d-%dT%d:%d:%d%i:00', $comment['createdAt'], 'createdAt date format invalid'); self::assertStringMatchesFormat('%d-%d-%dT%d:%d:%d%i:00', $comment['lastActive'], 'lastActive date format invalid'); self::assertIsArray($comment['bookmarks']); self::assertEmpty($comment['bookmarks']); } } public function testApiCanGetPostCommentsNewest(): void { $post = $this->createPost('post'); $first = $this->createPostComment('first', $post); $second = $this->createPostComment('second', $post); $third = $this->createPostComment('third', $post); $first->createdAt = new \DateTimeImmutable('-1 hour'); $second->createdAt = new \DateTimeImmutable('-1 second'); $third->createdAt = new \DateTimeImmutable(); $entityManager = $this->entityManager; $entityManager->persist($first); $entityManager->persist($second); $entityManager->persist($third); $entityManager->flush(); self::createOAuth2AuthCodeClient(); $this->client->loginUser($this->getUserByUsername('user')); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('GET', "/api/posts/{$post->getId()}/comments?sort=newest", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::PAGINATED_KEYS, $jsonData); self::assertIsArray($jsonData['items']); self::assertCount(3, $jsonData['items']); self::assertIsArray($jsonData['pagination']); self::assertArrayKeysMatch(self::PAGINATION_KEYS, $jsonData['pagination']); self::assertSame(3, $jsonData['pagination']['count']); self::assertIsArray($jsonData['items'][0]); self::assertArrayKeysMatch(self::POST_COMMENT_RESPONSE_KEYS, $jsonData['items'][0]); self::assertSame($third->getId(), $jsonData['items'][0]['commentId']); self::assertIsArray($jsonData['items'][1]); self::assertArrayKeysMatch(self::POST_COMMENT_RESPONSE_KEYS, $jsonData['items'][1]); self::assertSame($second->getId(), $jsonData['items'][1]['commentId']); self::assertIsArray($jsonData['items'][2]); self::assertArrayKeysMatch(self::POST_COMMENT_RESPONSE_KEYS, $jsonData['items'][2]); self::assertSame($first->getId(), $jsonData['items'][2]['commentId']); } public function testApiCanGetPostCommentsOldest(): void { $post = $this->createPost('post'); $first = $this->createPostComment('first', $post); $second = $this->createPostComment('second', $post); $third = $this->createPostComment('third', $post); $first->createdAt = new \DateTimeImmutable('-1 hour'); $second->createdAt = new \DateTimeImmutable('-1 second'); $third->createdAt = new \DateTimeImmutable(); $entityManager = $this->entityManager; $entityManager->persist($first); $entityManager->persist($second); $entityManager->persist($third); $entityManager->flush(); self::createOAuth2AuthCodeClient(); $this->client->loginUser($this->getUserByUsername('user')); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('GET', "/api/posts/{$post->getId()}/comments?sort=oldest", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::PAGINATED_KEYS, $jsonData); self::assertIsArray($jsonData['items']); self::assertCount(3, $jsonData['items']); self::assertIsArray($jsonData['pagination']); self::assertArrayKeysMatch(self::PAGINATION_KEYS, $jsonData['pagination']); self::assertSame(3, $jsonData['pagination']['count']); self::assertIsArray($jsonData['items'][0]); self::assertArrayKeysMatch(self::POST_COMMENT_RESPONSE_KEYS, $jsonData['items'][0]); self::assertSame($first->getId(), $jsonData['items'][0]['commentId']); self::assertIsArray($jsonData['items'][1]); self::assertArrayKeysMatch(self::POST_COMMENT_RESPONSE_KEYS, $jsonData['items'][1]); self::assertSame($second->getId(), $jsonData['items'][1]['commentId']); self::assertIsArray($jsonData['items'][2]); self::assertArrayKeysMatch(self::POST_COMMENT_RESPONSE_KEYS, $jsonData['items'][2]); self::assertSame($third->getId(), $jsonData['items'][2]['commentId']); } public function testApiCanGetPostCommentsActive(): void { $post = $this->createPost('post'); $first = $this->createPostComment('first', $post); $second = $this->createPostComment('second', $post); $third = $this->createPostComment('third', $post); $first->lastActive = new \DateTime('-1 hour'); $second->lastActive = new \DateTime('-1 second'); $third->lastActive = new \DateTime(); $entityManager = $this->entityManager; $entityManager->persist($first); $entityManager->persist($second); $entityManager->persist($third); $entityManager->flush(); self::createOAuth2AuthCodeClient(); $this->client->loginUser($this->getUserByUsername('user')); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('GET', "/api/posts/{$post->getId()}/comments?sort=active", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::PAGINATED_KEYS, $jsonData); self::assertIsArray($jsonData['items']); self::assertCount(3, $jsonData['items']); self::assertIsArray($jsonData['pagination']); self::assertArrayKeysMatch(self::PAGINATION_KEYS, $jsonData['pagination']); self::assertSame(3, $jsonData['pagination']['count']); self::assertIsArray($jsonData['items'][0]); self::assertArrayKeysMatch(self::POST_COMMENT_RESPONSE_KEYS, $jsonData['items'][0]); self::assertSame($third->getId(), $jsonData['items'][0]['commentId']); self::assertIsArray($jsonData['items'][1]); self::assertArrayKeysMatch(self::POST_COMMENT_RESPONSE_KEYS, $jsonData['items'][1]); self::assertSame($second->getId(), $jsonData['items'][1]['commentId']); self::assertIsArray($jsonData['items'][2]); self::assertArrayKeysMatch(self::POST_COMMENT_RESPONSE_KEYS, $jsonData['items'][2]); self::assertSame($first->getId(), $jsonData['items'][2]['commentId']); } public function testApiCanGetPostCommentsHot(): void { $post = $this->createPost('post'); $first = $this->createPostComment('first', $post); $second = $this->createPostComment('second', $post); $third = $this->createPostComment('third', $post); $voteManager = $this->voteManager; $voteManager->vote(1, $first, $this->getUserByUsername('voter1'), rateLimit: false); $voteManager->vote(1, $first, $this->getUserByUsername('voter2'), rateLimit: false); $voteManager->vote(1, $second, $this->getUserByUsername('voter1'), rateLimit: false); self::createOAuth2AuthCodeClient(); $this->client->loginUser($this->getUserByUsername('user')); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('GET', "/api/posts/{$post->getId()}/comments?sort=hot", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::PAGINATED_KEYS, $jsonData); self::assertIsArray($jsonData['items']); self::assertCount(3, $jsonData['items']); self::assertIsArray($jsonData['pagination']); self::assertArrayKeysMatch(self::PAGINATION_KEYS, $jsonData['pagination']); self::assertSame(3, $jsonData['pagination']['count']); self::assertIsArray($jsonData['items'][0]); self::assertArrayKeysMatch(self::POST_COMMENT_RESPONSE_KEYS, $jsonData['items'][0]); self::assertSame($first->getId(), $jsonData['items'][0]['commentId']); self::assertSame(2, $jsonData['items'][0]['uv']); self::assertIsArray($jsonData['items'][1]); self::assertArrayKeysMatch(self::POST_COMMENT_RESPONSE_KEYS, $jsonData['items'][1]); self::assertSame($second->getId(), $jsonData['items'][1]['commentId']); self::assertSame(1, $jsonData['items'][1]['uv']); self::assertIsArray($jsonData['items'][2]); self::assertArrayKeysMatch(self::POST_COMMENT_RESPONSE_KEYS, $jsonData['items'][2]); self::assertSame($third->getId(), $jsonData['items'][2]['commentId']); self::assertSame(0, $jsonData['items'][2]['uv']); } public function testApiCanGetPostCommentByIdAnonymous(): void { $post = $this->createPost('test post'); $comment = $this->createPostComment('test parent comment', $post); $this->client->request('GET', "/api/post-comments/{$comment->getId()}"); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::POST_COMMENT_RESPONSE_KEYS, $jsonData); self::assertIsArray($jsonData['user']); self::assertArrayKeysMatch(self::USER_SMALL_RESPONSE_KEYS, $jsonData['user']); self::assertIsArray($jsonData['magazine']); self::assertArrayKeysMatch(self::MAGAZINE_SMALL_RESPONSE_KEYS, $jsonData['magazine']); self::assertSame($post->getId(), $jsonData['postId']); self::assertStringContainsString('test parent comment', $jsonData['body']); self::assertSame('en', $jsonData['lang']); self::assertSame(0, $jsonData['uv']); self::assertSame(0, $jsonData['favourites']); self::assertSame(0, $jsonData['childCount']); self::assertSame('visible', $jsonData['visibility']); self::assertIsArray($jsonData['mentions']); self::assertEmpty($jsonData['mentions']); self::assertIsArray($jsonData['children']); self::assertEmpty($jsonData['children']); self::assertFalse($jsonData['isAdult']); self::assertNull($jsonData['image']); self::assertNull($jsonData['parentId']); self::assertNull($jsonData['rootId']); self::assertNull($jsonData['isFavourited']); self::assertNull($jsonData['userVote']); self::assertNull($jsonData['apId']); self::assertEmpty($jsonData['tags']); self::assertNull($jsonData['editedAt']); self::assertStringMatchesFormat('%d-%d-%dT%d:%d:%d%i:00', $jsonData['createdAt'], 'createdAt date format invalid'); self::assertStringMatchesFormat('%d-%d-%dT%d:%d:%d%i:00', $jsonData['lastActive'], 'lastActive date format invalid'); self::assertNull($jsonData['bookmarks']); } public function testApiCanGetPostCommentById(): void { $post = $this->createPost('test post'); $comment = $this->createPostComment('test parent comment', $post); self::createOAuth2AuthCodeClient(); $this->client->loginUser($this->getUserByUsername('user')); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('GET', "/api/post-comments/{$comment->getId()}", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::POST_COMMENT_RESPONSE_KEYS, $jsonData); self::assertIsArray($jsonData['user']); self::assertArrayKeysMatch(self::USER_SMALL_RESPONSE_KEYS, $jsonData['user']); self::assertIsArray($jsonData['magazine']); self::assertArrayKeysMatch(self::MAGAZINE_SMALL_RESPONSE_KEYS, $jsonData['magazine']); self::assertSame($post->getId(), $jsonData['postId']); self::assertStringContainsString('test parent comment', $jsonData['body']); self::assertSame('en', $jsonData['lang']); self::assertSame(0, $jsonData['uv']); self::assertSame(0, $jsonData['favourites']); self::assertSame(0, $jsonData['childCount']); self::assertSame('visible', $jsonData['visibility']); self::assertIsArray($jsonData['mentions']); self::assertEmpty($jsonData['mentions']); self::assertIsArray($jsonData['children']); self::assertEmpty($jsonData['children']); self::assertFalse($jsonData['isAdult']); self::assertNull($jsonData['image']); self::assertNull($jsonData['parentId']); self::assertNull($jsonData['rootId']); // No scope granted so these should be null self::assertNull($jsonData['isFavourited']); self::assertNull($jsonData['userVote']); self::assertNull($jsonData['apId']); self::assertEmpty($jsonData['tags']); self::assertNull($jsonData['editedAt']); self::assertStringMatchesFormat('%d-%d-%dT%d:%d:%d%i:00', $jsonData['createdAt'], 'createdAt date format invalid'); self::assertStringMatchesFormat('%d-%d-%dT%d:%d:%d%i:00', $jsonData['lastActive'], 'lastActive date format invalid'); self::assertIsArray($jsonData['bookmarks']); self::assertEmpty($jsonData['bookmarks']); } public function testApiCanGetPostCommentByIdWithDepth(): void { $post = $this->createPost('test post'); $comment = $this->createPostComment('test parent comment', $post); $parent = $comment; for ($i = 0; $i < 5; ++$i) { $parent = $this->createPostComment('test nested reply', $post, parent: $parent); } self::createOAuth2AuthCodeClient(); $this->client->loginUser($this->getUserByUsername('user')); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('GET', "/api/post-comments/{$comment->getId()}?d=2", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::POST_COMMENT_RESPONSE_KEYS, $jsonData); self::assertIsArray($jsonData['user']); self::assertArrayKeysMatch(self::USER_SMALL_RESPONSE_KEYS, $jsonData['user']); self::assertIsArray($jsonData['magazine']); self::assertArrayKeysMatch(self::MAGAZINE_SMALL_RESPONSE_KEYS, $jsonData['magazine']); self::assertSame($post->getId(), $jsonData['postId']); self::assertStringContainsString('test parent comment', $jsonData['body']); self::assertSame('en', $jsonData['lang']); self::assertSame(0, $jsonData['uv']); self::assertSame(0, $jsonData['favourites']); self::assertSame(5, $jsonData['childCount']); self::assertSame('visible', $jsonData['visibility']); self::assertIsArray($jsonData['mentions']); self::assertEmpty($jsonData['mentions']); self::assertIsArray($jsonData['children']); self::assertCount(1, $jsonData['children']); self::assertFalse($jsonData['isAdult']); self::assertNull($jsonData['image']); self::assertNull($jsonData['parentId']); self::assertNull($jsonData['rootId']); // No scope granted so these should be null self::assertNull($jsonData['isFavourited']); self::assertNull($jsonData['userVote']); self::assertNull($jsonData['apId']); self::assertEmpty($jsonData['tags']); self::assertNull($jsonData['editedAt']); self::assertStringMatchesFormat('%d-%d-%dT%d:%d:%d%i:00', $jsonData['createdAt'], 'createdAt date format invalid'); self::assertStringMatchesFormat('%d-%d-%dT%d:%d:%d%i:00', $jsonData['lastActive'], 'lastActive date format invalid'); self::assertIsArray($jsonData['bookmarks']); self::assertEmpty($jsonData['bookmarks']); $depth = 0; $current = $jsonData; while (\count($current['children']) > 0) { self::assertIsArray($current['children'][0]); self::assertArrayKeysMatch(self::POST_COMMENT_RESPONSE_KEYS, $current['children'][0]); ++$depth; $current = $current['children'][0]; } self::assertSame(2, $depth); } } ================================================ FILE: tests/Functional/Controller/Api/Post/Comment/PostCommentUpdateApiTest.php ================================================ createPost('a post'); $comment = $this->createPostComment('test comment', $post); $update = [ 'body' => 'updated body', 'lang' => 'de', 'isAdult' => true, ]; $this->client->jsonRequest('PUT', "/api/post-comments/{$comment->getId()}", $update); self::assertResponseStatusCodeSame(401); } public function testApiCannotUpdateCommentWithoutScope(): void { $user = $this->getUserByUsername('user'); $post = $this->createPost('a post'); $comment = $this->createPostComment('test comment', $post, $user); $update = [ 'body' => 'updated body', 'lang' => 'de', 'isAdult' => true, ]; self::createOAuth2AuthCodeClient(); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->jsonRequest('PUT', "/api/post-comments/{$comment->getId()}", $update, server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); } public function testApiCannotUpdateOtherUsersComment(): void { $user = $this->getUserByUsername('user'); $user2 = $this->getUserByUsername('other'); $post = $this->createPost('a post'); $comment = $this->createPostComment('test comment', $post, $user2); $update = [ 'body' => 'updated body', 'lang' => 'de', 'isAdult' => true, ]; self::createOAuth2AuthCodeClient(); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read post_comment:edit'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->jsonRequest('PUT', "/api/post-comments/{$comment->getId()}", $update, server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); } public function testApiCanUpdateComment(): void { $user = $this->getUserByUsername('user'); $post = $this->createPost('a post'); $comment = $this->createPostComment('test comment', $post, $user); $parent = $comment; for ($i = 0; $i < 5; ++$i) { $parent = $this->createPostComment('test reply', $post, $user, parent: $parent); } $update = [ 'body' => 'updated body', 'lang' => 'de', 'isAdult' => true, ]; self::createOAuth2AuthCodeClient(); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read post_comment:edit'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->jsonRequest('PUT', "/api/post-comments/{$comment->getId()}?d=2", $update, server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(200); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::POST_COMMENT_RESPONSE_KEYS, $jsonData); self::assertSame($comment->getId(), $jsonData['commentId']); self::assertSame($update['body'], $jsonData['body']); self::assertSame($update['lang'], $jsonData['lang']); self::assertSame($update['isAdult'], $jsonData['isAdult']); self::assertSame(5, $jsonData['childCount']); $depth = 0; $current = $jsonData; while (\count($current['children']) > 0) { self::assertIsArray($current['children'][0]); self::assertArrayKeysMatch(self::POST_COMMENT_RESPONSE_KEYS, $current['children'][0]); ++$depth; $current = $current['children'][0]; } self::assertSame(2, $depth); } } ================================================ FILE: tests/Functional/Controller/Api/Post/Comment/PostCommentVoteApiTest.php ================================================ createPost('a post'); $comment = $this->createPostComment('test comment', $post); $this->client->request('PUT', "/api/post-comments/{$comment->getId()}/vote/1"); self::assertResponseStatusCodeSame(401); } public function testApiCannotUpvoteCommentWithoutScope(): void { $user = $this->getUserByUsername('user'); $post = $this->createPost('a post'); $comment = $this->createPostComment('test comment', $post, $user); self::createOAuth2AuthCodeClient(); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('PUT', "/api/post-comments/{$comment->getId()}/vote/1", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); } public function testApiCanUpvoteComment(): void { $user = $this->getUserByUsername('user'); $post = $this->createPost('a post'); $comment = $this->createPostComment('test comment', $post, $user); self::createOAuth2AuthCodeClient(); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read post_comment:vote'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('PUT', "/api/post-comments/{$comment->getId()}/vote/1", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(200); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::POST_COMMENT_RESPONSE_KEYS, $jsonData); self::assertSame(1, $jsonData['uv']); self::assertSame(0, $jsonData['dv']); self::assertSame(0, $jsonData['favourites']); self::assertSame(1, $jsonData['userVote']); self::assertFalse($jsonData['isFavourited']); } public function testApiCannotDownvoteCommentAnonymous(): void { $post = $this->createPost('a post'); $comment = $this->createPostComment('test comment', $post); $this->client->request('PUT', "/api/post-comments/{$comment->getId()}/vote/-1"); self::assertResponseStatusCodeSame(401); } public function testApiCannotDownvoteCommentWithoutScope(): void { $user = $this->getUserByUsername('user'); $post = $this->createPost('a post'); $comment = $this->createPostComment('test comment', $post, $user); self::createOAuth2AuthCodeClient(); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('PUT', "/api/post-comments/{$comment->getId()}/vote/-1", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); } public function testApiCannotDownvoteComment(): void { $user = $this->getUserByUsername('user'); $post = $this->createPost('a post'); $comment = $this->createPostComment('test comment', $post, $user); self::createOAuth2AuthCodeClient(); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read post_comment:vote'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('PUT', "/api/post-comments/{$comment->getId()}/vote/-1", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(400); } public function testApiCannotRemoveVoteCommentAnonymous(): void { $post = $this->createPost('a post'); $comment = $this->createPostComment('test comment', $post); $voteManager = $this->voteManager; $voteManager->vote(1, $comment, $this->getUserByUsername('user'), rateLimit: false); $this->client->request('PUT', "/api/post-comments/{$comment->getId()}/vote/0"); self::assertResponseStatusCodeSame(401); } public function testApiCannotRemoveVoteCommentWithoutScope(): void { $user = $this->getUserByUsername('user'); $post = $this->createPost('a post'); $comment = $this->createPostComment('test comment', $post, $user); $voteManager = $this->voteManager; $voteManager->vote(1, $comment, $user, rateLimit: false); self::createOAuth2AuthCodeClient(); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('PUT', "/api/post-comments/{$comment->getId()}/vote/0", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); } public function testApiCanRemoveVoteComment(): void { $user = $this->getUserByUsername('user'); $post = $this->createPost('a post'); $comment = $this->createPostComment('test comment', $post, $user); $voteManager = $this->voteManager; $voteManager->vote(1, $comment, $user, rateLimit: false); self::createOAuth2AuthCodeClient(); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read post_comment:vote'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('PUT', "/api/post-comments/{$comment->getId()}/vote/0", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(200); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::POST_COMMENT_RESPONSE_KEYS, $jsonData); self::assertSame(0, $jsonData['uv']); self::assertSame(0, $jsonData['dv']); self::assertSame(0, $jsonData['favourites']); self::assertSame(0, $jsonData['userVote']); self::assertFalse($jsonData['isFavourited']); } public function testApiCannotFavouriteCommentAnonymous(): void { $post = $this->createPost('a post'); $comment = $this->createPostComment('test comment', $post); $this->client->request('PUT', "/api/post-comments/{$comment->getId()}/favourite"); self::assertResponseStatusCodeSame(401); } public function testApiCannotFavouriteCommentWithoutScope(): void { $user = $this->getUserByUsername('user'); $post = $this->createPost('a post'); $comment = $this->createPostComment('test comment', $post, $user); self::createOAuth2AuthCodeClient(); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('PUT', "/api/post-comments/{$comment->getId()}/favourite", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); } public function testApiCanFavouriteComment(): void { $user = $this->getUserByUsername('user'); $post = $this->createPost('a post'); $comment = $this->createPostComment('test comment', $post, $user); self::createOAuth2AuthCodeClient(); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read post_comment:vote'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('PUT', "/api/post-comments/{$comment->getId()}/favourite", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(200); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::POST_COMMENT_RESPONSE_KEYS, $jsonData); self::assertSame(0, $jsonData['uv']); self::assertSame(0, $jsonData['dv']); self::assertSame(1, $jsonData['favourites']); self::assertSame(0, $jsonData['userVote']); self::assertTrue($jsonData['isFavourited']); } public function testApiCannotUnfavouriteCommentWithoutScope(): void { $user = $this->getUserByUsername('user'); $post = $this->createPost('a post'); $comment = $this->createPostComment('test comment', $post, $user); $favouriteManager = $this->favouriteManager; $favouriteManager->toggle($user, $comment); self::createOAuth2AuthCodeClient(); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('PUT', "/api/post-comments/{$comment->getId()}/favourite", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); } public function testApiCanUnfavouriteComment(): void { $user = $this->getUserByUsername('user'); $post = $this->createPost('a post'); $comment = $this->createPostComment('test comment', $post, $user); $favouriteManager = $this->favouriteManager; $favouriteManager->toggle($user, $comment); self::createOAuth2AuthCodeClient(); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read post_comment:vote'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('PUT', "/api/post-comments/{$comment->getId()}/favourite", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(200); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::POST_COMMENT_RESPONSE_KEYS, $jsonData); self::assertSame(0, $jsonData['uv']); self::assertSame(0, $jsonData['dv']); self::assertSame(0, $jsonData['favourites']); self::assertSame(0, $jsonData['userVote']); self::assertFalse($jsonData['isFavourited']); } } ================================================ FILE: tests/Functional/Controller/Api/Post/Comment/PostCommentsActivityApiTest.php ================================================ getUserByUsername('user'); $magazine = $this->getMagazineByNameNoRSAKey('acme'); $post = $this->createPost('test post', user: $user, magazine: $magazine); $comment = $this->createPostComment('test comment', $post, $user); $this->client->jsonRequest('GET', "/api/post-comments/{$comment->getId()}/activity"); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(EntriesActivityApiTest::ACTIVITIES_RESPONSE_DTO_KEYS, $jsonData); self::assertSame([], $jsonData['boosts']); self::assertSame([], $jsonData['upvotes']); self::assertSame(null, $jsonData['downvotes']); } public function testUpvotes() { $author = $this->getUserByUsername('userA'); $user1 = $this->getUserByUsername('user1'); $user2 = $this->getUserByUsername('user2'); $this->getUserByUsername('user3'); $magazine = $this->getMagazineByNameNoRSAKey('acme'); $post = $this->createPost('test post', user: $author, magazine: $magazine); $comment = $this->createPostComment('test comment', $post, $author); $this->favouriteManager->toggle($user1, $comment); $this->favouriteManager->toggle($user2, $comment); $this->client->jsonRequest('GET', "/api/post-comments/{$comment->getId()}/activity"); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(EntriesActivityApiTest::ACTIVITIES_RESPONSE_DTO_KEYS, $jsonData); self::assertSame([], $jsonData['boosts']); self::assertSame(null, $jsonData['downvotes']); self::assertCount(2, $jsonData['upvotes']); self::assertTrue(array_all($jsonData['upvotes'], function ($u) use ($user1, $user2) { /* @var UserSmallResponseDto $u */ return $u['userId'] === $user1->getId() || $u['userId'] === $user2->getId(); }), serialize($jsonData['upvotes'])); } public function testBoosts() { $author = $this->getUserByUsername('userA'); $user1 = $this->getUserByUsername('user1'); $user2 = $this->getUserByUsername('user2'); $this->getUserByUsername('user3'); $magazine = $this->getMagazineByNameNoRSAKey('acme'); $post = $this->createPost('test post', user: $author, magazine: $magazine); $comment = $this->createPostComment('test comment', $post, $author); $this->voteManager->upvote($comment, $user1); $this->voteManager->upvote($comment, $user2); $this->client->jsonRequest('GET', "/api/post-comments/{$comment->getId()}/activity"); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(EntriesActivityApiTest::ACTIVITIES_RESPONSE_DTO_KEYS, $jsonData); self::assertSame([], $jsonData['upvotes']); self::assertSame(null, $jsonData['downvotes']); self::assertCount(2, $jsonData['boosts']); self::assertTrue(array_all($jsonData['boosts'], function ($u) use ($user1, $user2) { /* @var UserSmallResponseDto $u */ return $u['userId'] === $user1->getId() || $u['userId'] === $user2->getId(); }), serialize($jsonData['boosts'])); } } ================================================ FILE: tests/Functional/Controller/Api/Post/Comment/UserPostCommentRetrieveApiTest.php ================================================ createPost('a post'); $magazine = $this->getMagazineByNameNoRSAKey('somemag'); $post = $this->createPost('another post', magazine: $magazine); $comment = $this->createPostComment('test comment', $post); $user = $post->user; $this->client->request('GET', "/api/users/{$user->getId()}/post-comments"); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::PAGINATED_KEYS, $jsonData); self::assertIsArray($jsonData['items']); self::assertCount(1, $jsonData['items']); self::assertIsArray($jsonData['pagination']); self::assertArrayKeysMatch(self::PAGINATION_KEYS, $jsonData['pagination']); self::assertSame(1, $jsonData['pagination']['count']); self::assertIsArray($jsonData['items'][0]); self::assertArrayKeysMatch(self::POST_COMMENT_RESPONSE_KEYS, $jsonData['items'][0]); self::assertEquals('test comment', $jsonData['items'][0]['body']); self::assertIsArray($jsonData['items'][0]['magazine']); self::assertArrayKeysMatch(self::MAGAZINE_SMALL_RESPONSE_KEYS, $jsonData['items'][0]['magazine']); self::assertSame($magazine->getId(), $jsonData['items'][0]['magazine']['magazineId']); self::assertSame(0, $jsonData['items'][0]['childCount']); self::assertIsArray($jsonData['items'][0]['children']); self::assertEmpty($jsonData['items'][0]['children']); self::assertSame($comment->getId(), $jsonData['items'][0]['commentId']); self::assertSame($post->getId(), $jsonData['items'][0]['postId']); } public function testApiCanGetUserPostComments(): void { $this->createPost('a post'); $magazine = $this->getMagazineByNameNoRSAKey('somemag'); $post = $this->createPost('another post', magazine: $magazine); $comment = $this->createPostComment('test comment', $post); $user = $post->user; self::createOAuth2AuthCodeClient(); $this->client->loginUser($this->getUserByUsername('user')); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('GET', "/api/users/{$user->getId()}/post-comments", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::PAGINATED_KEYS, $jsonData); self::assertIsArray($jsonData['items']); self::assertCount(1, $jsonData['items']); self::assertIsArray($jsonData['pagination']); self::assertArrayKeysMatch(self::PAGINATION_KEYS, $jsonData['pagination']); self::assertSame(1, $jsonData['pagination']['count']); self::assertIsArray($jsonData['items'][0]); self::assertArrayKeysMatch(self::POST_COMMENT_RESPONSE_KEYS, $jsonData['items'][0]); self::assertEquals('test comment', $jsonData['items'][0]['body']); self::assertIsArray($jsonData['items'][0]['magazine']); self::assertArrayKeysMatch(self::MAGAZINE_SMALL_RESPONSE_KEYS, $jsonData['items'][0]['magazine']); self::assertSame($magazine->getId(), $jsonData['items'][0]['magazine']['magazineId']); self::assertSame(0, $jsonData['items'][0]['childCount']); self::assertIsArray($jsonData['items'][0]['children']); self::assertEmpty($jsonData['items'][0]['children']); self::assertSame($comment->getId(), $jsonData['items'][0]['commentId']); self::assertSame($post->getId(), $jsonData['items'][0]['postId']); } public function testApiCanGetUserPostCommentsDepth(): void { $this->createPost('a post'); $magazine = $this->getMagazineByNameNoRSAKey('somemag'); $post = $this->createPost('another post', magazine: $magazine); $comment = $this->createPostComment('test comment', $post); $nested1 = $this->createPostComment('test comment nested 1', $post, parent: $comment); $nested2 = $this->createPostComment('test comment nested 2', $post, parent: $nested1); $nested3 = $this->createPostComment('test comment nested 3', $post, parent: $nested2); $user = $post->user; self::createOAuth2AuthCodeClient(); $this->client->loginUser($this->getUserByUsername('user')); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('GET', "/api/users/{$user->getId()}/post-comments?d=2", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::PAGINATED_KEYS, $jsonData); self::assertIsArray($jsonData['items']); self::assertCount(4, $jsonData['items']); self::assertIsArray($jsonData['pagination']); self::assertArrayKeysMatch(self::PAGINATION_KEYS, $jsonData['pagination']); self::assertSame(4, $jsonData['pagination']['count']); foreach ($jsonData['items'] as $comment) { self::assertIsArray($comment); self::assertArrayKeysMatch(self::POST_COMMENT_RESPONSE_KEYS, $comment); self::assertTrue(\count($comment['children']) <= 1); $depth = 0; $current = $comment; while (\count($current['children']) > 0) { ++$depth; $current = $current['children'][0]; self::assertIsArray($current); self::assertArrayKeysMatch(self::POST_COMMENT_RESPONSE_KEYS, $current); } self::assertTrue($depth <= 2); } } public function testApiCanGetUserPostCommentsNewest(): void { $post = $this->createPost('post'); $first = $this->createPostComment('first', $post); $second = $this->createPostComment('second', $post); $third = $this->createPostComment('third', $post); $user = $post->user; $first->createdAt = new \DateTimeImmutable('-1 hour'); $second->createdAt = new \DateTimeImmutable('-1 second'); $third->createdAt = new \DateTimeImmutable(); $entityManager = $this->entityManager; $entityManager->persist($first); $entityManager->persist($second); $entityManager->persist($third); $entityManager->flush(); self::createOAuth2AuthCodeClient(); $this->client->loginUser($this->getUserByUsername('user')); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('GET', "/api/users/{$user->getId()}/post-comments?sort=newest", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::PAGINATED_KEYS, $jsonData); self::assertIsArray($jsonData['items']); self::assertCount(3, $jsonData['items']); self::assertIsArray($jsonData['pagination']); self::assertArrayKeysMatch(self::PAGINATION_KEYS, $jsonData['pagination']); self::assertSame(3, $jsonData['pagination']['count']); self::assertIsArray($jsonData['items'][0]); self::assertArrayKeysMatch(self::POST_COMMENT_RESPONSE_KEYS, $jsonData['items'][0]); self::assertSame($third->getId(), $jsonData['items'][0]['commentId']); self::assertIsArray($jsonData['items'][1]); self::assertArrayKeysMatch(self::POST_COMMENT_RESPONSE_KEYS, $jsonData['items'][1]); self::assertSame($second->getId(), $jsonData['items'][1]['commentId']); self::assertIsArray($jsonData['items'][2]); self::assertArrayKeysMatch(self::POST_COMMENT_RESPONSE_KEYS, $jsonData['items'][2]); self::assertSame($first->getId(), $jsonData['items'][2]['commentId']); } public function testApiCanGetUserPostCommentsOldest(): void { $post = $this->createPost('post'); $first = $this->createPostComment('first', $post); $second = $this->createPostComment('second', $post); $third = $this->createPostComment('third', $post); $user = $post->user; $first->createdAt = new \DateTimeImmutable('-1 hour'); $second->createdAt = new \DateTimeImmutable('-1 second'); $third->createdAt = new \DateTimeImmutable(); $entityManager = $this->entityManager; $entityManager->persist($first); $entityManager->persist($second); $entityManager->persist($third); $entityManager->flush(); self::createOAuth2AuthCodeClient(); $this->client->loginUser($this->getUserByUsername('user')); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('GET', "/api/users/{$user->getId()}/post-comments?sort=oldest", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::PAGINATED_KEYS, $jsonData); self::assertIsArray($jsonData['items']); self::assertCount(3, $jsonData['items']); self::assertIsArray($jsonData['pagination']); self::assertArrayKeysMatch(self::PAGINATION_KEYS, $jsonData['pagination']); self::assertSame(3, $jsonData['pagination']['count']); self::assertIsArray($jsonData['items'][0]); self::assertArrayKeysMatch(self::POST_COMMENT_RESPONSE_KEYS, $jsonData['items'][0]); self::assertSame($first->getId(), $jsonData['items'][0]['commentId']); self::assertIsArray($jsonData['items'][1]); self::assertArrayKeysMatch(self::POST_COMMENT_RESPONSE_KEYS, $jsonData['items'][1]); self::assertSame($second->getId(), $jsonData['items'][1]['commentId']); self::assertIsArray($jsonData['items'][2]); self::assertArrayKeysMatch(self::POST_COMMENT_RESPONSE_KEYS, $jsonData['items'][2]); self::assertSame($third->getId(), $jsonData['items'][2]['commentId']); } public function testApiCanGetUserPostCommentsActive(): void { $post = $this->createPost('post'); $first = $this->createPostComment('first', $post); $second = $this->createPostComment('second', $post); $third = $this->createPostComment('third', $post); $user = $post->user; $first->lastActive = new \DateTime('-1 hour'); $second->lastActive = new \DateTime('-1 second'); $third->lastActive = new \DateTime(); $entityManager = $this->entityManager; $entityManager->persist($first); $entityManager->persist($second); $entityManager->persist($third); $entityManager->flush(); self::createOAuth2AuthCodeClient(); $this->client->loginUser($this->getUserByUsername('user')); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('GET', "/api/users/{$user->getId()}/post-comments?sort=active", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::PAGINATED_KEYS, $jsonData); self::assertIsArray($jsonData['items']); self::assertCount(3, $jsonData['items']); self::assertIsArray($jsonData['pagination']); self::assertArrayKeysMatch(self::PAGINATION_KEYS, $jsonData['pagination']); self::assertSame(3, $jsonData['pagination']['count']); self::assertIsArray($jsonData['items'][0]); self::assertArrayKeysMatch(self::POST_COMMENT_RESPONSE_KEYS, $jsonData['items'][0]); self::assertSame($third->getId(), $jsonData['items'][0]['commentId']); self::assertIsArray($jsonData['items'][1]); self::assertArrayKeysMatch(self::POST_COMMENT_RESPONSE_KEYS, $jsonData['items'][1]); self::assertSame($second->getId(), $jsonData['items'][1]['commentId']); self::assertIsArray($jsonData['items'][2]); self::assertArrayKeysMatch(self::POST_COMMENT_RESPONSE_KEYS, $jsonData['items'][2]); self::assertSame($first->getId(), $jsonData['items'][2]['commentId']); } public function testApiCanGetUserPostCommentsHot(): void { $post = $this->createPost('post'); $first = $this->createPostComment('first', $post); $second = $this->createPostComment('second', $post); $third = $this->createPostComment('third', $post); $user = $post->user; $voteManager = $this->voteManager; $voteManager->vote(1, $first, $this->getUserByUsername('voter1'), rateLimit: false); $voteManager->vote(1, $first, $this->getUserByUsername('voter2'), rateLimit: false); $voteManager->vote(1, $second, $this->getUserByUsername('voter1'), rateLimit: false); self::createOAuth2AuthCodeClient(); $this->client->loginUser($this->getUserByUsername('user')); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('GET', "/api/users/{$user->getId()}/post-comments?sort=hot", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::PAGINATED_KEYS, $jsonData); self::assertIsArray($jsonData['items']); self::assertCount(3, $jsonData['items']); self::assertIsArray($jsonData['pagination']); self::assertArrayKeysMatch(self::PAGINATION_KEYS, $jsonData['pagination']); self::assertSame(3, $jsonData['pagination']['count']); self::assertIsArray($jsonData['items'][0]); self::assertArrayKeysMatch(self::POST_COMMENT_RESPONSE_KEYS, $jsonData['items'][0]); self::assertSame($first->getId(), $jsonData['items'][0]['commentId']); self::assertSame(2, $jsonData['items'][0]['uv']); self::assertIsArray($jsonData['items'][1]); self::assertArrayKeysMatch(self::POST_COMMENT_RESPONSE_KEYS, $jsonData['items'][1]); self::assertSame($second->getId(), $jsonData['items'][1]['commentId']); self::assertSame(1, $jsonData['items'][1]['uv']); self::assertIsArray($jsonData['items'][2]); self::assertArrayKeysMatch(self::POST_COMMENT_RESPONSE_KEYS, $jsonData['items'][2]); self::assertSame($third->getId(), $jsonData['items'][2]['commentId']); self::assertSame(0, $jsonData['items'][2]['uv']); } public function testApiCanGetUserPostCommentsWithUserVoteStatus(): void { $this->createPost('a post'); $magazine = $this->getMagazineByNameNoRSAKey('somemag'); $post = $this->createPost('another post', magazine: $magazine); $comment = $this->createPostComment('test comment', $post); $user = $post->user; self::createOAuth2AuthCodeClient(); $this->client->loginUser($this->getUserByUsername('user')); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read vote'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('GET', "/api/users/{$user->getId()}/post-comments", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::PAGINATED_KEYS, $jsonData); self::assertIsArray($jsonData['items']); self::assertCount(1, $jsonData['items']); self::assertIsArray($jsonData['pagination']); self::assertArrayKeysMatch(self::PAGINATION_KEYS, $jsonData['pagination']); self::assertSame(1, $jsonData['pagination']['count']); self::assertIsArray($jsonData['items'][0]); self::assertArrayKeysMatch(self::POST_COMMENT_RESPONSE_KEYS, $jsonData['items'][0]); self::assertSame($comment->getId(), $jsonData['items'][0]['commentId']); self::assertSame($post->getId(), $jsonData['items'][0]['postId']); self::assertEquals('test comment', $jsonData['items'][0]['body']); self::assertIsArray($jsonData['items'][0]['magazine']); self::assertArrayKeysMatch(self::MAGAZINE_SMALL_RESPONSE_KEYS, $jsonData['items'][0]['magazine']); self::assertSame($magazine->getId(), $jsonData['items'][0]['magazine']['magazineId']); self::assertIsArray($jsonData['items'][0]['user']); self::assertArrayKeysMatch(self::USER_SMALL_RESPONSE_KEYS, $jsonData['items'][0]['user']); self::assertNull($jsonData['items'][0]['image']); self::assertEquals('en', $jsonData['items'][0]['lang']); self::assertEmpty($jsonData['items'][0]['tags']); self::assertSame(0, $jsonData['items'][0]['childCount']); self::assertIsArray($jsonData['items'][0]['children']); self::assertEmpty($jsonData['items'][0]['children']); self::assertSame(0, $jsonData['items'][0]['uv']); self::assertSame(0, $jsonData['items'][0]['dv']); self::assertSame(0, $jsonData['items'][0]['favourites']); self::assertFalse($jsonData['items'][0]['isFavourited']); self::assertSame(0, $jsonData['items'][0]['userVote']); self::assertFalse($jsonData['items'][0]['isAdult']); self::assertStringMatchesFormat('%d-%d-%dT%d:%d:%d%i:00', $jsonData['items'][0]['createdAt'], 'createdAt date format invalid'); self::assertNull($jsonData['items'][0]['editedAt']); self::assertStringMatchesFormat('%d-%d-%dT%d:%d:%d%i:00', $jsonData['items'][0]['lastActive'], 'lastActive date format invalid'); self::assertNull($jsonData['items'][0]['apId']); } } ================================================ FILE: tests/Functional/Controller/Api/Post/MagazinePostRetrieveApiTest.php ================================================ createPost('a post'); $this->createPostComment('up the ranking', $post); $magazine = $this->getMagazineByNameNoRSAKey('somemag'); $this->createPost('another post', magazine: $magazine); $this->client->request('GET', "/api/magazine/{$magazine->getId()}/posts"); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::PAGINATED_KEYS, $jsonData); self::assertIsArray($jsonData['items']); self::assertCount(1, $jsonData['items']); self::assertIsArray($jsonData['pagination']); self::assertArrayKeysMatch(self::PAGINATION_KEYS, $jsonData['pagination']); self::assertSame(1, $jsonData['pagination']['count']); self::assertIsArray($jsonData['items'][0]); self::assertArrayKeysMatch(self::POST_RESPONSE_KEYS, $jsonData['items'][0]); self::assertEquals('another post', $jsonData['items'][0]['body']); self::assertIsArray($jsonData['items'][0]['magazine']); self::assertArrayKeysMatch(self::MAGAZINE_SMALL_RESPONSE_KEYS, $jsonData['items'][0]['magazine']); self::assertSame($magazine->getId(), $jsonData['items'][0]['magazine']['magazineId']); self::assertSame(0, $jsonData['items'][0]['comments']); } public function testApiCanGetMagazinePosts(): void { $post = $this->createPost('a post'); $this->createPostComment('up the ranking', $post); $magazine = $this->getMagazineByNameNoRSAKey('somemag'); $this->createPost('another post', magazine: $magazine); self::createOAuth2AuthCodeClient(); $this->client->loginUser($this->getUserByUsername('user')); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('GET', "/api/magazine/{$magazine->getId()}/posts", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::PAGINATED_KEYS, $jsonData); self::assertIsArray($jsonData['items']); self::assertCount(1, $jsonData['items']); self::assertIsArray($jsonData['pagination']); self::assertArrayKeysMatch(self::PAGINATION_KEYS, $jsonData['pagination']); self::assertSame(1, $jsonData['pagination']['count']); self::assertIsArray($jsonData['items'][0]); self::assertArrayKeysMatch(self::POST_RESPONSE_KEYS, $jsonData['items'][0]); self::assertEquals('another post', $jsonData['items'][0]['body']); self::assertIsArray($jsonData['items'][0]['magazine']); self::assertArrayKeysMatch(self::MAGAZINE_SMALL_RESPONSE_KEYS, $jsonData['items'][0]['magazine']); self::assertSame($magazine->getId(), $jsonData['items'][0]['magazine']['magazineId']); self::assertSame(0, $jsonData['items'][0]['comments']); } public function testApiCanGetMagazinePostsPinnedFirst(): void { $voteManager = $this->voteManager; $postManager = $this->postManager; $voter = $this->getUserByUsername('voter'); $first = $this->createPost('a post'); $this->createPostComment('up the ranking', $first); $magazine = $this->getMagazineByNameNoRSAKey('somemag'); $second = $this->createPost('another post', magazine: $magazine); // Upvote and comment on $second so it should come first, but then pin $third so it actually comes first $voteManager->vote(1, $second, $voter, rateLimit: false); $this->createPostComment('test', $second, $voter); $third = $this->createPost('a pinned post', magazine: $magazine); $postManager->pin($third); self::createOAuth2AuthCodeClient(); $this->client->loginUser($this->getUserByUsername('user')); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('GET', "/api/magazine/{$magazine->getId()}/posts", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::PAGINATED_KEYS, $jsonData); self::assertIsArray($jsonData['items']); self::assertCount(2, $jsonData['items']); self::assertIsArray($jsonData['pagination']); self::assertArrayKeysMatch(self::PAGINATION_KEYS, $jsonData['pagination']); self::assertSame(2, $jsonData['pagination']['count']); self::assertIsArray($jsonData['items'][0]); self::assertArrayKeysMatch(self::POST_RESPONSE_KEYS, $jsonData['items'][0]); self::assertEquals('a pinned post', $jsonData['items'][0]['body']); self::assertIsArray($jsonData['items'][0]['magazine']); self::assertArrayKeysMatch(self::MAGAZINE_SMALL_RESPONSE_KEYS, $jsonData['items'][0]['magazine']); self::assertSame($magazine->getId(), $jsonData['items'][0]['magazine']['magazineId']); self::assertSame(0, $jsonData['items'][0]['comments']); self::assertSame(0, $jsonData['items'][0]['uv']); self::assertTrue($jsonData['items'][0]['isPinned']); self::assertIsArray($jsonData['items'][1]); self::assertArrayKeysMatch(self::POST_RESPONSE_KEYS, $jsonData['items'][1]); self::assertEquals('another post', $jsonData['items'][1]['body']); self::assertIsArray($jsonData['items'][1]['magazine']); self::assertArrayKeysMatch(self::MAGAZINE_SMALL_RESPONSE_KEYS, $jsonData['items'][1]['magazine']); self::assertSame($magazine->getId(), $jsonData['items'][1]['magazine']['magazineId']); self::assertSame(1, $jsonData['items'][1]['comments']); self::assertSame(1, $jsonData['items'][1]['uv']); self::assertFalse($jsonData['items'][1]['isPinned']); } public function testApiCanGetMagazinePostsNewest(): void { $first = $this->createPost('first'); $second = $this->createPost('second'); $third = $this->createPost('third'); $magazine = $first->magazine; $first->createdAt = new \DateTimeImmutable('-1 hour'); $second->createdAt = new \DateTimeImmutable('-1 second'); $third->createdAt = new \DateTimeImmutable(); $entityManager = $this->entityManager; $entityManager->persist($first); $entityManager->persist($second); $entityManager->persist($third); $entityManager->flush(); self::createOAuth2AuthCodeClient(); $this->client->loginUser($this->getUserByUsername('user')); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('GET', "/api/magazine/{$magazine->getId()}/posts?sort=newest", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::PAGINATED_KEYS, $jsonData); self::assertIsArray($jsonData['items']); self::assertCount(3, $jsonData['items']); self::assertIsArray($jsonData['pagination']); self::assertArrayKeysMatch(self::PAGINATION_KEYS, $jsonData['pagination']); self::assertSame(3, $jsonData['pagination']['count']); self::assertIsArray($jsonData['items'][0]); self::assertArrayKeysMatch(self::POST_RESPONSE_KEYS, $jsonData['items'][0]); self::assertSame($third->getId(), $jsonData['items'][0]['postId']); self::assertIsArray($jsonData['items'][1]); self::assertArrayKeysMatch(self::POST_RESPONSE_KEYS, $jsonData['items'][1]); self::assertSame($second->getId(), $jsonData['items'][1]['postId']); self::assertIsArray($jsonData['items'][2]); self::assertArrayKeysMatch(self::POST_RESPONSE_KEYS, $jsonData['items'][2]); self::assertSame($first->getId(), $jsonData['items'][2]['postId']); } public function testApiCanGetMagazinePostsOldest(): void { $first = $this->createPost('first'); $second = $this->createPost('second'); $third = $this->createPost('third'); $magazine = $first->magazine; $first->createdAt = new \DateTimeImmutable('-1 hour'); $second->createdAt = new \DateTimeImmutable('-1 second'); $third->createdAt = new \DateTimeImmutable(); $entityManager = $this->entityManager; $entityManager->persist($first); $entityManager->persist($second); $entityManager->persist($third); $entityManager->flush(); self::createOAuth2AuthCodeClient(); $this->client->loginUser($this->getUserByUsername('user')); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('GET', "/api/magazine/{$magazine->getId()}/posts?sort=oldest", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::PAGINATED_KEYS, $jsonData); self::assertIsArray($jsonData['items']); self::assertCount(3, $jsonData['items']); self::assertIsArray($jsonData['pagination']); self::assertArrayKeysMatch(self::PAGINATION_KEYS, $jsonData['pagination']); self::assertSame(3, $jsonData['pagination']['count']); self::assertIsArray($jsonData['items'][0]); self::assertArrayKeysMatch(self::POST_RESPONSE_KEYS, $jsonData['items'][0]); self::assertSame($first->getId(), $jsonData['items'][0]['postId']); self::assertIsArray($jsonData['items'][1]); self::assertArrayKeysMatch(self::POST_RESPONSE_KEYS, $jsonData['items'][1]); self::assertSame($second->getId(), $jsonData['items'][1]['postId']); self::assertIsArray($jsonData['items'][2]); self::assertArrayKeysMatch(self::POST_RESPONSE_KEYS, $jsonData['items'][2]); self::assertSame($third->getId(), $jsonData['items'][2]['postId']); } public function testApiCanGetMagazinePostsCommented(): void { $first = $this->createPost('first'); $this->createPostComment('comment 1', $first); $this->createPostComment('comment 2', $first); $second = $this->createPost('second'); $this->createPostComment('comment 1', $second); $third = $this->createPost('third'); $magazine = $first->magazine; self::createOAuth2AuthCodeClient(); $this->client->loginUser($this->getUserByUsername('user')); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('GET', "/api/magazine/{$magazine->getId()}/posts?sort=commented", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::PAGINATED_KEYS, $jsonData); self::assertIsArray($jsonData['items']); self::assertCount(3, $jsonData['items']); self::assertIsArray($jsonData['pagination']); self::assertArrayKeysMatch(self::PAGINATION_KEYS, $jsonData['pagination']); self::assertSame(3, $jsonData['pagination']['count']); self::assertIsArray($jsonData['items'][0]); self::assertArrayKeysMatch(self::POST_RESPONSE_KEYS, $jsonData['items'][0]); self::assertSame($first->getId(), $jsonData['items'][0]['postId']); self::assertSame(2, $jsonData['items'][0]['comments']); self::assertIsArray($jsonData['items'][1]); self::assertArrayKeysMatch(self::POST_RESPONSE_KEYS, $jsonData['items'][1]); self::assertSame($second->getId(), $jsonData['items'][1]['postId']); self::assertSame(1, $jsonData['items'][1]['comments']); self::assertIsArray($jsonData['items'][2]); self::assertArrayKeysMatch(self::POST_RESPONSE_KEYS, $jsonData['items'][2]); self::assertSame($third->getId(), $jsonData['items'][2]['postId']); self::assertSame(0, $jsonData['items'][2]['comments']); } public function testApiCanGetMagazinePostsActive(): void { $first = $this->createPost('first'); $second = $this->createPost('second'); $third = $this->createPost('third'); $magazine = $first->magazine; $first->lastActive = new \DateTime('-1 hour'); $second->lastActive = new \DateTime('-1 second'); $third->lastActive = new \DateTime(); $entityManager = $this->entityManager; $entityManager->persist($first); $entityManager->persist($second); $entityManager->persist($third); $entityManager->flush(); self::createOAuth2AuthCodeClient(); $this->client->loginUser($this->getUserByUsername('user')); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('GET', "/api/magazine/{$magazine->getId()}/posts?sort=active", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::PAGINATED_KEYS, $jsonData); self::assertIsArray($jsonData['items']); self::assertCount(3, $jsonData['items']); self::assertIsArray($jsonData['pagination']); self::assertArrayKeysMatch(self::PAGINATION_KEYS, $jsonData['pagination']); self::assertSame(3, $jsonData['pagination']['count']); self::assertIsArray($jsonData['items'][0]); self::assertArrayKeysMatch(self::POST_RESPONSE_KEYS, $jsonData['items'][0]); self::assertSame($third->getId(), $jsonData['items'][0]['postId']); self::assertIsArray($jsonData['items'][1]); self::assertArrayKeysMatch(self::POST_RESPONSE_KEYS, $jsonData['items'][1]); self::assertSame($second->getId(), $jsonData['items'][1]['postId']); self::assertIsArray($jsonData['items'][2]); self::assertArrayKeysMatch(self::POST_RESPONSE_KEYS, $jsonData['items'][2]); self::assertSame($first->getId(), $jsonData['items'][2]['postId']); } public function testApiCanGetMagazinePostsTop(): void { $first = $this->createPost('first'); $second = $this->createPost('second'); $third = $this->createPost('third'); $magazine = $first->magazine; $voteManager = $this->voteManager; $voteManager->vote(1, $first, $this->getUserByUsername('voter1'), rateLimit: false); $voteManager->vote(1, $first, $this->getUserByUsername('voter2'), rateLimit: false); $voteManager->vote(1, $second, $this->getUserByUsername('voter1'), rateLimit: false); self::createOAuth2AuthCodeClient(); $this->client->loginUser($this->getUserByUsername('user')); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('GET', "/api/magazine/{$magazine->getId()}/posts?sort=top", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::PAGINATED_KEYS, $jsonData); self::assertIsArray($jsonData['items']); self::assertCount(3, $jsonData['items']); self::assertIsArray($jsonData['pagination']); self::assertArrayKeysMatch(self::PAGINATION_KEYS, $jsonData['pagination']); self::assertSame(3, $jsonData['pagination']['count']); self::assertIsArray($jsonData['items'][0]); self::assertArrayKeysMatch(self::POST_RESPONSE_KEYS, $jsonData['items'][0]); self::assertSame($first->getId(), $jsonData['items'][0]['postId']); self::assertSame(2, $jsonData['items'][0]['uv']); self::assertIsArray($jsonData['items'][1]); self::assertArrayKeysMatch(self::POST_RESPONSE_KEYS, $jsonData['items'][1]); self::assertSame($second->getId(), $jsonData['items'][1]['postId']); self::assertSame(1, $jsonData['items'][1]['uv']); self::assertIsArray($jsonData['items'][2]); self::assertArrayKeysMatch(self::POST_RESPONSE_KEYS, $jsonData['items'][2]); self::assertSame($third->getId(), $jsonData['items'][2]['postId']); self::assertSame(0, $jsonData['items'][2]['uv']); } public function testApiCanGetMagazinePostsWithUserVoteStatus(): void { $first = $this->createPost('an post'); $this->createPostComment('up the ranking', $first); $magazine = $this->getMagazineByNameNoRSAKey('somemag'); $post = $this->createPost('another post', magazine: $magazine); self::createOAuth2AuthCodeClient(); $this->client->loginUser($this->getUserByUsername('user')); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read vote'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('GET', "/api/magazine/{$magazine->getId()}/posts", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::PAGINATED_KEYS, $jsonData); self::assertIsArray($jsonData['items']); self::assertCount(1, $jsonData['items']); self::assertIsArray($jsonData['pagination']); self::assertArrayKeysMatch(self::PAGINATION_KEYS, $jsonData['pagination']); self::assertSame(1, $jsonData['pagination']['count']); self::assertIsArray($jsonData['items'][0]); self::assertArrayKeysMatch(self::POST_RESPONSE_KEYS, $jsonData['items'][0]); self::assertSame($post->getId(), $jsonData['items'][0]['postId']); self::assertEquals('another post', $jsonData['items'][0]['body']); self::assertIsArray($jsonData['items'][0]['magazine']); self::assertArrayKeysMatch(self::MAGAZINE_SMALL_RESPONSE_KEYS, $jsonData['items'][0]['magazine']); self::assertSame($magazine->getId(), $jsonData['items'][0]['magazine']['magazineId']); self::assertIsArray($jsonData['items'][0]['user']); self::assertArrayKeysMatch(self::USER_SMALL_RESPONSE_KEYS, $jsonData['items'][0]['user']); self::assertNull($jsonData['items'][0]['image']); self::assertEquals('en', $jsonData['items'][0]['lang']); self::assertEmpty($jsonData['items'][0]['tags']); self::assertNull($jsonData['items'][0]['mentions']); self::assertSame(0, $jsonData['items'][0]['comments']); self::assertSame(0, $jsonData['items'][0]['uv']); self::assertSame(0, $jsonData['items'][0]['dv']); self::assertSame(0, $jsonData['items'][0]['favourites']); self::assertFalse($jsonData['items'][0]['isFavourited']); self::assertSame(0, $jsonData['items'][0]['userVote']); self::assertFalse($jsonData['items'][0]['isAdult']); self::assertFalse($jsonData['items'][0]['isPinned']); self::assertStringMatchesFormat('%d-%d-%dT%d:%d:%d%i:00', $jsonData['items'][0]['createdAt'], 'createdAt date format invalid'); self::assertNull($jsonData['items'][0]['editedAt']); self::assertStringMatchesFormat('%d-%d-%dT%d:%d:%d%i:00', $jsonData['items'][0]['lastActive'], 'lastActive date format invalid'); self::assertEquals('another-post', $jsonData['items'][0]['slug']); self::assertNull($jsonData['items'][0]['apId']); } } ================================================ FILE: tests/Functional/Controller/Api/Post/Moderate/PostLockApiTest.php ================================================ getMagazineByNameNoRSAKey('acme'); $post = $this->createPost('test article', magazine: $magazine); $this->client->jsonRequest('PUT', "/api/moderate/post/{$post->getId()}/lock"); self::assertResponseStatusCodeSame(401); } public function testApiNonModeratorCannotLockPost(): void { $user = $this->getUserByUsername('user'); $user2 = $this->getUserByUsername('user2'); $magazine = $this->getMagazineByNameNoRSAKey('acme'); $post = $this->createPost('test article', user: $user2, magazine: $magazine); self::createOAuth2AuthCodeClient(); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read moderate:post:lock'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->jsonRequest('PUT', "/api/moderate/post/{$post->getId()}/lock", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); } public function testApiCannotLockPostWithoutScope(): void { $user = $this->getUserByUsername('user'); $magazine = $this->getMagazineByNameNoRSAKey('acme', $user); $post = $this->createPost('test article', user: $user, magazine: $magazine); self::createOAuth2AuthCodeClient(); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->jsonRequest('PUT', "/api/moderate/post/{$post->getId()}/lock", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); } public function testApiCanLockPost(): void { $user = $this->getUserByUsername('user'); $magazine = $this->getMagazineByNameNoRSAKey('acme', $user); $post = $this->createPost('test article', user: $user, magazine: $magazine); self::createOAuth2AuthCodeClient(); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read moderate:post:lock'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->jsonRequest('PUT', "/api/moderate/post/{$post->getId()}/lock", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::POST_RESPONSE_KEYS, $jsonData); self::assertSame($post->getId(), $jsonData['postId']); self::assertIsArray($jsonData['magazine']); self::assertArrayKeysMatch(self::MAGAZINE_SMALL_RESPONSE_KEYS, $jsonData['magazine']); self::assertSame($magazine->getId(), $jsonData['magazine']['magazineId']); self::assertIsArray($jsonData['user']); self::assertArrayKeysMatch(self::USER_SMALL_RESPONSE_KEYS, $jsonData['user']); self::assertSame($user->getId(), $jsonData['user']['userId']); self::assertEquals($post->body, $jsonData['body']); self::assertNull($jsonData['image']); self::assertEquals($post->lang, $jsonData['lang']); self::assertEmpty($jsonData['tags']); self::assertNull($jsonData['mentions']); self::assertSame(0, $jsonData['comments']); self::assertSame(0, $jsonData['uv']); self::assertSame(0, $jsonData['dv']); self::assertSame(0, $jsonData['favourites']); // No scope for seeing votes granted self::assertNull($jsonData['isFavourited']); self::assertNull($jsonData['userVote']); self::assertFalse($jsonData['isAdult']); self::assertFalse($jsonData['isPinned']); self::assertTrue($jsonData['isLocked']); self::assertStringMatchesFormat('%d-%d-%dT%d:%d:%d%i:00', $jsonData['createdAt'], 'createdAt date format invalid'); self::assertNull($jsonData['editedAt']); self::assertStringMatchesFormat('%d-%d-%dT%d:%d:%d%i:00', $jsonData['lastActive'], 'lastActive date format invalid'); self::assertEquals('test-article', $jsonData['slug']); self::assertNull($jsonData['apId']); } public function testApiAuthorNonModeratorCanLockPost(): void { $user = $this->getUserByUsername('user'); $magazine = $this->getMagazineByNameNoRSAKey('acme'); $post = $this->createPost('test article', user: $user, magazine: $magazine); self::createOAuth2AuthCodeClient(); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read moderate:post:lock'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->jsonRequest('PUT', "/api/moderate/post/{$post->getId()}/lock", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::POST_RESPONSE_KEYS, $jsonData); self::assertSame($post->getId(), $jsonData['postId']); self::assertIsArray($jsonData['magazine']); self::assertArrayKeysMatch(self::MAGAZINE_SMALL_RESPONSE_KEYS, $jsonData['magazine']); self::assertSame($magazine->getId(), $jsonData['magazine']['magazineId']); self::assertIsArray($jsonData['user']); self::assertArrayKeysMatch(self::USER_SMALL_RESPONSE_KEYS, $jsonData['user']); self::assertSame($user->getId(), $jsonData['user']['userId']); self::assertEquals($post->body, $jsonData['body']); self::assertNull($jsonData['image']); self::assertEquals($post->lang, $jsonData['lang']); self::assertEmpty($jsonData['tags']); self::assertNull($jsonData['mentions']); self::assertSame(0, $jsonData['comments']); self::assertSame(0, $jsonData['uv']); self::assertSame(0, $jsonData['dv']); self::assertSame(0, $jsonData['favourites']); // No scope for seeing votes granted self::assertNull($jsonData['isFavourited']); self::assertNull($jsonData['userVote']); self::assertFalse($jsonData['isAdult']); self::assertFalse($jsonData['isPinned']); self::assertTrue($jsonData['isLocked']); self::assertStringMatchesFormat('%d-%d-%dT%d:%d:%d%i:00', $jsonData['createdAt'], 'createdAt date format invalid'); self::assertNull($jsonData['editedAt']); self::assertStringMatchesFormat('%d-%d-%dT%d:%d:%d%i:00', $jsonData['lastActive'], 'lastActive date format invalid'); self::assertEquals('test-article', $jsonData['slug']); self::assertNull($jsonData['apId']); } public function testApiCannotUnlockPostAnonymous(): void { $user = $this->getUserByUsername('user'); $magazine = $this->getMagazineByNameNoRSAKey('acme'); $post = $this->createPost('test article', magazine: $magazine); $postManager = $this->postManager; $postManager->toggleLock($post, $user); $this->client->jsonRequest('PUT', "/api/moderate/post/{$post->getId()}/lock"); self::assertResponseStatusCodeSame(401); } public function testApiNonModeratorCannotUnpinPost(): void { $user = $this->getUserByUsername('user'); $user2 = $this->getUserByUsername('user2'); $magazine = $this->getMagazineByNameNoRSAKey('acme'); $post = $this->createPost('test article', user: $user2, magazine: $magazine); $postManager = $this->postManager; $postManager->toggleLock($post, $user); self::createOAuth2AuthCodeClient(); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read moderate:post:lock'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->jsonRequest('PUT', "/api/moderate/post/{$post->getId()}/lock", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); } public function testApiCannotUnpinPostWithoutScope(): void { $user = $this->getUserByUsername('user'); $magazine = $this->getMagazineByNameNoRSAKey('acme', $user); $post = $this->createPost('test article', user: $user, magazine: $magazine); $postManager = $this->postManager; $postManager->toggleLock($post, $user); self::createOAuth2AuthCodeClient(); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->jsonRequest('PUT', "/api/moderate/post/{$post->getId()}/lock", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); } public function testApiCanUnpinPost(): void { $user = $this->getUserByUsername('user'); $magazine = $this->getMagazineByNameNoRSAKey('acme', $user); $post = $this->createPost('test article', user: $user, magazine: $magazine); $postManager = $this->postManager; $postManager->toggleLock($post, $user); self::createOAuth2AuthCodeClient(); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read moderate:post:lock'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->jsonRequest('PUT', "/api/moderate/post/{$post->getId()}/lock", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::POST_RESPONSE_KEYS, $jsonData); self::assertSame($post->getId(), $jsonData['postId']); self::assertIsArray($jsonData['magazine']); self::assertArrayKeysMatch(self::MAGAZINE_SMALL_RESPONSE_KEYS, $jsonData['magazine']); self::assertSame($magazine->getId(), $jsonData['magazine']['magazineId']); self::assertIsArray($jsonData['user']); self::assertArrayKeysMatch(self::USER_SMALL_RESPONSE_KEYS, $jsonData['user']); self::assertSame($user->getId(), $jsonData['user']['userId']); self::assertEquals($post->body, $jsonData['body']); self::assertNull($jsonData['image']); self::assertEquals($post->lang, $jsonData['lang']); self::assertEmpty($jsonData['tags']); self::assertNull($jsonData['mentions']); self::assertSame(0, $jsonData['comments']); self::assertSame(0, $jsonData['uv']); self::assertSame(0, $jsonData['dv']); self::assertSame(0, $jsonData['favourites']); // No scope for seeing votes granted self::assertNull($jsonData['isFavourited']); self::assertNull($jsonData['userVote']); self::assertFalse($jsonData['isAdult']); self::assertFalse($jsonData['isPinned']); self::assertFalse($jsonData['isLocked']); self::assertStringMatchesFormat('%d-%d-%dT%d:%d:%d%i:00', $jsonData['createdAt'], 'createdAt date format invalid'); self::assertNull($jsonData['editedAt']); self::assertStringMatchesFormat('%d-%d-%dT%d:%d:%d%i:00', $jsonData['lastActive'], 'lastActive date format invalid'); self::assertEquals('test-article', $jsonData['slug']); self::assertNull($jsonData['apId']); } public function testApiAuthorNonModeratorCanUnpinPost(): void { $user = $this->getUserByUsername('user'); $magazine = $this->getMagazineByNameNoRSAKey('acme'); $post = $this->createPost('test article', user: $user, magazine: $magazine); $postManager = $this->postManager; $postManager->toggleLock($post, $user); self::createOAuth2AuthCodeClient(); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read moderate:post:lock'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->jsonRequest('PUT', "/api/moderate/post/{$post->getId()}/lock", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::POST_RESPONSE_KEYS, $jsonData); self::assertSame($post->getId(), $jsonData['postId']); self::assertIsArray($jsonData['magazine']); self::assertArrayKeysMatch(self::MAGAZINE_SMALL_RESPONSE_KEYS, $jsonData['magazine']); self::assertSame($magazine->getId(), $jsonData['magazine']['magazineId']); self::assertIsArray($jsonData['user']); self::assertArrayKeysMatch(self::USER_SMALL_RESPONSE_KEYS, $jsonData['user']); self::assertSame($user->getId(), $jsonData['user']['userId']); self::assertEquals($post->body, $jsonData['body']); self::assertNull($jsonData['image']); self::assertEquals($post->lang, $jsonData['lang']); self::assertEmpty($jsonData['tags']); self::assertNull($jsonData['mentions']); self::assertSame(0, $jsonData['comments']); self::assertSame(0, $jsonData['uv']); self::assertSame(0, $jsonData['dv']); self::assertSame(0, $jsonData['favourites']); // No scope for seeing votes granted self::assertNull($jsonData['isFavourited']); self::assertNull($jsonData['userVote']); self::assertFalse($jsonData['isAdult']); self::assertFalse($jsonData['isPinned']); self::assertFalse($jsonData['isLocked']); self::assertStringMatchesFormat('%d-%d-%dT%d:%d:%d%i:00', $jsonData['createdAt'], 'createdAt date format invalid'); self::assertNull($jsonData['editedAt']); self::assertStringMatchesFormat('%d-%d-%dT%d:%d:%d%i:00', $jsonData['lastActive'], 'lastActive date format invalid'); self::assertEquals('test-article', $jsonData['slug']); self::assertNull($jsonData['apId']); } } ================================================ FILE: tests/Functional/Controller/Api/Post/Moderate/PostPinApiTest.php ================================================ getMagazineByNameNoRSAKey('acme'); $post = $this->createPost('test article', magazine: $magazine); $this->client->jsonRequest('PUT', "/api/moderate/post/{$post->getId()}/pin"); self::assertResponseStatusCodeSame(401); } public function testApiNonModeratorCannotPinPost(): void { $user = $this->getUserByUsername('user'); $magazine = $this->getMagazineByNameNoRSAKey('acme'); $post = $this->createPost('test article', user: $user, magazine: $magazine); self::createOAuth2AuthCodeClient(); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read moderate:post:pin'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->jsonRequest('PUT', "/api/moderate/post/{$post->getId()}/pin", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); } public function testApiCannotPinPostWithoutScope(): void { $user = $this->getUserByUsername('user'); $magazine = $this->getMagazineByNameNoRSAKey('acme', $user); $post = $this->createPost('test article', user: $user, magazine: $magazine); self::createOAuth2AuthCodeClient(); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->jsonRequest('PUT', "/api/moderate/post/{$post->getId()}/pin", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); } public function testApiCanPinPost(): void { $user = $this->getUserByUsername('user'); $magazine = $this->getMagazineByNameNoRSAKey('acme', $user); $post = $this->createPost('test article', user: $user, magazine: $magazine); self::createOAuth2AuthCodeClient(); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read moderate:post:pin'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->jsonRequest('PUT', "/api/moderate/post/{$post->getId()}/pin", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::POST_RESPONSE_KEYS, $jsonData); self::assertSame($post->getId(), $jsonData['postId']); self::assertIsArray($jsonData['magazine']); self::assertArrayKeysMatch(self::MAGAZINE_SMALL_RESPONSE_KEYS, $jsonData['magazine']); self::assertSame($magazine->getId(), $jsonData['magazine']['magazineId']); self::assertIsArray($jsonData['user']); self::assertArrayKeysMatch(self::USER_SMALL_RESPONSE_KEYS, $jsonData['user']); self::assertSame($user->getId(), $jsonData['user']['userId']); self::assertEquals($post->body, $jsonData['body']); self::assertNull($jsonData['image']); self::assertEquals($post->lang, $jsonData['lang']); self::assertEmpty($jsonData['tags']); self::assertNull($jsonData['mentions']); self::assertSame(0, $jsonData['comments']); self::assertSame(0, $jsonData['uv']); self::assertSame(0, $jsonData['dv']); self::assertSame(0, $jsonData['favourites']); // No scope for seeing votes granted self::assertNull($jsonData['isFavourited']); self::assertNull($jsonData['userVote']); self::assertFalse($jsonData['isAdult']); self::assertTrue($jsonData['isPinned']); self::assertStringMatchesFormat('%d-%d-%dT%d:%d:%d%i:00', $jsonData['createdAt'], 'createdAt date format invalid'); self::assertNull($jsonData['editedAt']); self::assertStringMatchesFormat('%d-%d-%dT%d:%d:%d%i:00', $jsonData['lastActive'], 'lastActive date format invalid'); self::assertEquals('test-article', $jsonData['slug']); self::assertNull($jsonData['apId']); } public function testApiCannotUnpinPostAnonymous(): void { $magazine = $this->getMagazineByNameNoRSAKey('acme'); $post = $this->createPost('test article', magazine: $magazine); $postManager = $this->postManager; $postManager->pin($post); $this->client->jsonRequest('PUT', "/api/moderate/post/{$post->getId()}/pin"); self::assertResponseStatusCodeSame(401); } public function testApiNonModeratorCannotUnpinPost(): void { $user = $this->getUserByUsername('user'); $magazine = $this->getMagazineByNameNoRSAKey('acme'); $post = $this->createPost('test article', user: $user, magazine: $magazine); $postManager = $this->postManager; $postManager->pin($post); self::createOAuth2AuthCodeClient(); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read moderate:post:pin'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->jsonRequest('PUT', "/api/moderate/post/{$post->getId()}/pin", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); } public function testApiCannotUnpinPostWithoutScope(): void { $user = $this->getUserByUsername('user'); $magazine = $this->getMagazineByNameNoRSAKey('acme', $user); $post = $this->createPost('test article', user: $user, magazine: $magazine); $postManager = $this->postManager; $postManager->pin($post); self::createOAuth2AuthCodeClient(); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->jsonRequest('PUT', "/api/moderate/post/{$post->getId()}/pin", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); } public function testApiCanUnpinPost(): void { $user = $this->getUserByUsername('user'); $magazine = $this->getMagazineByNameNoRSAKey('acme', $user); $post = $this->createPost('test article', user: $user, magazine: $magazine); $postManager = $this->postManager; $postManager->pin($post); self::createOAuth2AuthCodeClient(); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read moderate:post:pin'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->jsonRequest('PUT', "/api/moderate/post/{$post->getId()}/pin", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::POST_RESPONSE_KEYS, $jsonData); self::assertSame($post->getId(), $jsonData['postId']); self::assertIsArray($jsonData['magazine']); self::assertArrayKeysMatch(self::MAGAZINE_SMALL_RESPONSE_KEYS, $jsonData['magazine']); self::assertSame($magazine->getId(), $jsonData['magazine']['magazineId']); self::assertIsArray($jsonData['user']); self::assertArrayKeysMatch(self::USER_SMALL_RESPONSE_KEYS, $jsonData['user']); self::assertSame($user->getId(), $jsonData['user']['userId']); self::assertEquals($post->body, $jsonData['body']); self::assertNull($jsonData['image']); self::assertEquals($post->lang, $jsonData['lang']); self::assertEmpty($jsonData['tags']); self::assertNull($jsonData['mentions']); self::assertSame(0, $jsonData['comments']); self::assertSame(0, $jsonData['uv']); self::assertSame(0, $jsonData['dv']); self::assertSame(0, $jsonData['favourites']); // No scope for seeing votes granted self::assertNull($jsonData['isFavourited']); self::assertNull($jsonData['userVote']); self::assertFalse($jsonData['isAdult']); self::assertFalse($jsonData['isPinned']); self::assertStringMatchesFormat('%d-%d-%dT%d:%d:%d%i:00', $jsonData['createdAt'], 'createdAt date format invalid'); self::assertNull($jsonData['editedAt']); self::assertStringMatchesFormat('%d-%d-%dT%d:%d:%d%i:00', $jsonData['lastActive'], 'lastActive date format invalid'); self::assertEquals('test-article', $jsonData['slug']); self::assertNull($jsonData['apId']); } } ================================================ FILE: tests/Functional/Controller/Api/Post/Moderate/PostSetAdultApiTest.php ================================================ getMagazineByNameNoRSAKey('acme'); $post = $this->createPost('test article', magazine: $magazine); $this->client->jsonRequest('PUT', "/api/moderate/post/{$post->getId()}/adult/true"); self::assertResponseStatusCodeSame(401); } public function testApiNonModeratorCannotSetPostAdult(): void { $user = $this->getUserByUsername('user'); $magazine = $this->getMagazineByNameNoRSAKey('acme'); $post = $this->createPost('test article', user: $user, magazine: $magazine); self::createOAuth2AuthCodeClient(); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read moderate:post:set_adult'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->jsonRequest('PUT', "/api/moderate/post/{$post->getId()}/adult/true", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); } public function testApiCannotSetPostAdultWithoutScope(): void { $user = $this->getUserByUsername('user'); $magazine = $this->getMagazineByNameNoRSAKey('acme', $user); $post = $this->createPost('test article', user: $user, magazine: $magazine); self::createOAuth2AuthCodeClient(); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->jsonRequest('PUT', "/api/moderate/post/{$post->getId()}/adult/true", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); } public function testApiCanSetPostAdult(): void { $user = $this->getUserByUsername('user'); $admin = $this->getUserByUsername('admin', isAdmin: true); $magazine = $this->getMagazineByNameNoRSAKey('acme'); $post = $this->createPost('test article', user: $user, magazine: $magazine); $magazineManager = $this->magazineManager; $moderator = new ModeratorDto($magazine); $moderator->user = $user; $moderator->addedBy = $admin; $magazineManager->addModerator($moderator); self::createOAuth2AuthCodeClient(); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read moderate:post:set_adult'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->jsonRequest('PUT', "/api/moderate/post/{$post->getId()}/adult/true", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::POST_RESPONSE_KEYS, $jsonData); self::assertSame($post->getId(), $jsonData['postId']); self::assertIsArray($jsonData['magazine']); self::assertArrayKeysMatch(self::MAGAZINE_SMALL_RESPONSE_KEYS, $jsonData['magazine']); self::assertSame($magazine->getId(), $jsonData['magazine']['magazineId']); self::assertIsArray($jsonData['user']); self::assertArrayKeysMatch(self::USER_SMALL_RESPONSE_KEYS, $jsonData['user']); self::assertSame($user->getId(), $jsonData['user']['userId']); self::assertEquals($post->body, $jsonData['body']); self::assertNull($jsonData['image']); self::assertEquals($post->lang, $jsonData['lang']); self::assertEmpty($jsonData['tags']); self::assertNull($jsonData['mentions']); self::assertSame(0, $jsonData['comments']); self::assertSame(0, $jsonData['uv']); self::assertSame(0, $jsonData['dv']); self::assertSame(0, $jsonData['favourites']); // No scope for seeing votes granted self::assertNull($jsonData['isFavourited']); self::assertNull($jsonData['userVote']); self::assertTrue($jsonData['isAdult']); self::assertFalse($jsonData['isPinned']); self::assertStringMatchesFormat('%d-%d-%dT%d:%d:%d%i:00', $jsonData['createdAt'], 'createdAt date format invalid'); self::assertNull($jsonData['editedAt']); self::assertStringMatchesFormat('%d-%d-%dT%d:%d:%d%i:00', $jsonData['lastActive'], 'lastActive date format invalid'); self::assertEquals('visible', $jsonData['visibility']); self::assertEquals('test-article', $jsonData['slug']); self::assertNull($jsonData['apId']); } public function testApiCannotSetPostNotAdultAnonymous(): void { $magazine = $this->getMagazineByNameNoRSAKey('acme'); $post = $this->createPost('test article', magazine: $magazine); $entityManager = $this->entityManager; $post->isAdult = true; $entityManager->persist($post); $entityManager->flush(); $this->client->request('PUT', "/api/moderate/post/{$post->getId()}/adult/false"); self::assertResponseStatusCodeSame(401); } public function testApiNonModeratorCannotSetPostNotAdult(): void { $user = $this->getUserByUsername('user'); $magazine = $this->getMagazineByNameNoRSAKey('acme'); $post = $this->createPost('test article', user: $user, magazine: $magazine); $entityManager = $this->entityManager; $post->isAdult = true; $entityManager->persist($post); $entityManager->flush(); self::createOAuth2AuthCodeClient(); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read moderate:post:set_adult'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->jsonRequest('PUT', "/api/moderate/post/{$post->getId()}/adult/false", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); } public function testApiCannotSetPostNotAdultWithoutScope(): void { $user = $this->getUserByUsername('user'); $magazine = $this->getMagazineByNameNoRSAKey('acme', $user); $post = $this->createPost('test article', user: $user, magazine: $magazine); $entityManager = $this->entityManager; $post->isAdult = true; $entityManager->persist($post); $entityManager->flush(); self::createOAuth2AuthCodeClient(); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->jsonRequest('PUT', "/api/moderate/post/{$post->getId()}/adult/false", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); } public function testApiCanSetPostNotAdult(): void { $user = $this->getUserByUsername('user'); $admin = $this->getUserByUsername('admin', isAdmin: true); $magazine = $this->getMagazineByNameNoRSAKey('acme'); $post = $this->createPost('test article', user: $user, magazine: $magazine); $magazineManager = $this->magazineManager; $moderator = new ModeratorDto($magazine); $moderator->user = $user; $moderator->addedBy = $admin; $magazineManager->addModerator($moderator); $entityManager = $this->entityManager; $post->isAdult = true; $entityManager->persist($post); $entityManager->flush(); self::createOAuth2AuthCodeClient(); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read moderate:post:set_adult'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->jsonRequest('PUT', "/api/moderate/post/{$post->getId()}/adult/false", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::POST_RESPONSE_KEYS, $jsonData); self::assertSame($post->getId(), $jsonData['postId']); self::assertIsArray($jsonData['magazine']); self::assertArrayKeysMatch(self::MAGAZINE_SMALL_RESPONSE_KEYS, $jsonData['magazine']); self::assertSame($magazine->getId(), $jsonData['magazine']['magazineId']); self::assertIsArray($jsonData['user']); self::assertArrayKeysMatch(self::USER_SMALL_RESPONSE_KEYS, $jsonData['user']); self::assertSame($user->getId(), $jsonData['user']['userId']); self::assertEquals($post->body, $jsonData['body']); self::assertNull($jsonData['image']); self::assertEquals($post->lang, $jsonData['lang']); self::assertEmpty($jsonData['tags']); self::assertNull($jsonData['mentions']); self::assertSame(0, $jsonData['comments']); self::assertSame(0, $jsonData['uv']); self::assertSame(0, $jsonData['dv']); self::assertSame(0, $jsonData['favourites']); // No scope for seeing votes granted self::assertNull($jsonData['isFavourited']); self::assertNull($jsonData['userVote']); self::assertFalse($jsonData['isAdult']); self::assertFalse($jsonData['isPinned']); self::assertStringMatchesFormat('%d-%d-%dT%d:%d:%d%i:00', $jsonData['createdAt'], 'createdAt date format invalid'); self::assertNull($jsonData['editedAt']); self::assertStringMatchesFormat('%d-%d-%dT%d:%d:%d%i:00', $jsonData['lastActive'], 'lastActive date format invalid'); self::assertEquals('visible', $jsonData['visibility']); self::assertEquals('test-article', $jsonData['slug']); self::assertNull($jsonData['apId']); } } ================================================ FILE: tests/Functional/Controller/Api/Post/Moderate/PostSetLanguageApiTest.php ================================================ getMagazineByNameNoRSAKey('acme'); $post = $this->createPost('test post', magazine: $magazine); $this->client->jsonRequest('PUT', "/api/moderate/post/{$post->getId()}/de"); self::assertResponseStatusCodeSame(401); } public function testApiNonModeratorCannotSetPostLanguage(): void { $user = $this->getUserByUsername('user'); $magazine = $this->getMagazineByNameNoRSAKey('acme'); $post = $this->createPost('test post', user: $user, magazine: $magazine); self::createOAuth2AuthCodeClient(); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read moderate:post:language'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->jsonRequest('PUT', "/api/moderate/post/{$post->getId()}/de", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); } public function testApiCannotSetPostLanguageWithoutScope(): void { $user = $this->getUserByUsername('user'); $magazine = $this->getMagazineByNameNoRSAKey('acme', $user); $post = $this->createPost('test post', user: $user, magazine: $magazine); self::createOAuth2AuthCodeClient(); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->jsonRequest('PUT', "/api/moderate/post/{$post->getId()}/de", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); } public function testApiCannotSetPostLanguageInvalid(): void { $user = $this->getUserByUsername('user'); $admin = $this->getUserByUsername('admin', isAdmin: true); $magazine = $this->getMagazineByNameNoRSAKey('acme'); $post = $this->createPost('test post', user: $user, magazine: $magazine); $magazineManager = $this->magazineManager; $moderator = new ModeratorDto($magazine); $moderator->user = $user; $moderator->addedBy = $admin; $magazineManager->addModerator($moderator); self::createOAuth2AuthCodeClient(); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read moderate:post:language'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->jsonRequest('PUT', "/api/moderate/post/{$post->getId()}/fake", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(400); $this->client->jsonRequest('PUT', "/api/moderate/post/{$post->getId()}/ac", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(400); $this->client->jsonRequest('PUT', "/api/moderate/post/{$post->getId()}/aaa", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(400); $this->client->jsonRequest('PUT', "/api/moderate/post/{$post->getId()}/a", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(400); } public function testApiCanSetPostLanguage(): void { $user = $this->getUserByUsername('user'); $admin = $this->getUserByUsername('admin', isAdmin: true); $magazine = $this->getMagazineByNameNoRSAKey('acme'); $post = $this->createPost('test post', user: $user, magazine: $magazine); $magazineManager = $this->magazineManager; $moderator = new ModeratorDto($magazine); $moderator->user = $user; $moderator->addedBy = $admin; $magazineManager->addModerator($moderator); self::createOAuth2AuthCodeClient(); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read moderate:post:language'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->jsonRequest('PUT', "/api/moderate/post/{$post->getId()}/de", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::POST_RESPONSE_KEYS, $jsonData); self::assertSame($post->getId(), $jsonData['postId']); self::assertIsArray($jsonData['magazine']); self::assertArrayKeysMatch(self::MAGAZINE_SMALL_RESPONSE_KEYS, $jsonData['magazine']); self::assertSame($magazine->getId(), $jsonData['magazine']['magazineId']); self::assertIsArray($jsonData['user']); self::assertArrayKeysMatch(self::USER_SMALL_RESPONSE_KEYS, $jsonData['user']); self::assertSame($user->getId(), $jsonData['user']['userId']); self::assertEquals($post->body, $jsonData['body']); self::assertNull($jsonData['image']); self::assertEquals('de', $jsonData['lang']); self::assertEmpty($jsonData['tags']); self::assertNull($jsonData['mentions']); self::assertSame(0, $jsonData['comments']); self::assertSame(0, $jsonData['uv']); self::assertSame(0, $jsonData['dv']); self::assertSame(0, $jsonData['favourites']); // No scope for seeing votes granted self::assertNull($jsonData['isFavourited']); self::assertNull($jsonData['userVote']); self::assertFalse($jsonData['isAdult']); self::assertFalse($jsonData['isPinned']); self::assertStringMatchesFormat('%d-%d-%dT%d:%d:%d%i:00', $jsonData['createdAt'], 'createdAt date format invalid'); self::assertNull($jsonData['editedAt']); self::assertStringMatchesFormat('%d-%d-%dT%d:%d:%d%i:00', $jsonData['lastActive'], 'lastActive date format invalid'); self::assertEquals('visible', $jsonData['visibility']); self::assertEquals('test-post', $jsonData['slug']); self::assertNull($jsonData['apId']); } public function testApiCanSetPostLanguage3Letter(): void { $user = $this->getUserByUsername('user'); $admin = $this->getUserByUsername('admin', isAdmin: true); $magazine = $this->getMagazineByNameNoRSAKey('acme'); $post = $this->createPost('test post', user: $user, magazine: $magazine); $magazineManager = $this->magazineManager; $moderator = new ModeratorDto($magazine); $moderator->user = $user; $moderator->addedBy = $admin; $magazineManager->addModerator($moderator); self::createOAuth2AuthCodeClient(); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read moderate:post:language'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->jsonRequest('PUT', "/api/moderate/post/{$post->getId()}/elx", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::POST_RESPONSE_KEYS, $jsonData); self::assertSame($post->getId(), $jsonData['postId']); self::assertIsArray($jsonData['magazine']); self::assertArrayKeysMatch(self::MAGAZINE_SMALL_RESPONSE_KEYS, $jsonData['magazine']); self::assertSame($magazine->getId(), $jsonData['magazine']['magazineId']); self::assertIsArray($jsonData['user']); self::assertArrayKeysMatch(self::USER_SMALL_RESPONSE_KEYS, $jsonData['user']); self::assertSame($user->getId(), $jsonData['user']['userId']); self::assertEquals($post->body, $jsonData['body']); self::assertNull($jsonData['image']); self::assertEquals('elx', $jsonData['lang']); self::assertEmpty($jsonData['tags']); self::assertNull($jsonData['mentions']); self::assertSame(0, $jsonData['comments']); self::assertSame(0, $jsonData['uv']); self::assertSame(0, $jsonData['dv']); self::assertSame(0, $jsonData['favourites']); // No scope for seeing votes granted self::assertNull($jsonData['isFavourited']); self::assertNull($jsonData['userVote']); self::assertFalse($jsonData['isAdult']); self::assertFalse($jsonData['isPinned']); self::assertStringMatchesFormat('%d-%d-%dT%d:%d:%d%i:00', $jsonData['createdAt'], 'createdAt date format invalid'); self::assertNull($jsonData['editedAt']); self::assertStringMatchesFormat('%d-%d-%dT%d:%d:%d%i:00', $jsonData['lastActive'], 'lastActive date format invalid'); self::assertEquals('visible', $jsonData['visibility']); self::assertEquals('test-post', $jsonData['slug']); self::assertNull($jsonData['apId']); } } ================================================ FILE: tests/Functional/Controller/Api/Post/Moderate/PostTrashApiTest.php ================================================ getMagazineByNameNoRSAKey('acme'); $post = $this->createPost('test post', magazine: $magazine); $this->client->jsonRequest('PUT', "/api/moderate/post/{$post->getId()}/trash"); self::assertResponseStatusCodeSame(401); } public function testApiNonModeratorCannotTrashPost(): void { $user = $this->getUserByUsername('user'); $magazine = $this->getMagazineByNameNoRSAKey('acme'); $post = $this->createPost('test post', user: $user, magazine: $magazine); self::createOAuth2AuthCodeClient(); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read moderate:post:trash'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->jsonRequest('PUT', "/api/moderate/post/{$post->getId()}/trash", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); } public function testApiCannotTrashPostWithoutScope(): void { $user = $this->getUserByUsername('user'); $magazine = $this->getMagazineByNameNoRSAKey('acme', $user); $post = $this->createPost('test post', user: $user, magazine: $magazine); self::createOAuth2AuthCodeClient(); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->jsonRequest('PUT', "/api/moderate/post/{$post->getId()}/trash", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); } public function testApiCanTrashPost(): void { $user = $this->getUserByUsername('user'); $admin = $this->getUserByUsername('admin', isAdmin: true); $magazine = $this->getMagazineByNameNoRSAKey('acme'); $post = $this->createPost('test post', user: $user, magazine: $magazine); $magazineManager = $this->magazineManager; $moderator = new ModeratorDto($magazine); $moderator->user = $user; $moderator->addedBy = $admin; $magazineManager->addModerator($moderator); self::createOAuth2AuthCodeClient(); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read moderate:post:trash'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->jsonRequest('PUT', "/api/moderate/post/{$post->getId()}/trash", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::POST_RESPONSE_KEYS, $jsonData); self::assertSame($post->getId(), $jsonData['postId']); self::assertIsArray($jsonData['magazine']); self::assertArrayKeysMatch(self::MAGAZINE_SMALL_RESPONSE_KEYS, $jsonData['magazine']); self::assertSame($magazine->getId(), $jsonData['magazine']['magazineId']); self::assertIsArray($jsonData['user']); self::assertArrayKeysMatch(self::USER_SMALL_RESPONSE_KEYS, $jsonData['user']); self::assertSame($user->getId(), $jsonData['user']['userId']); self::assertEquals($post->body, $jsonData['body']); self::assertNull($jsonData['image']); self::assertEquals($post->lang, $jsonData['lang']); self::assertEmpty($jsonData['tags']); self::assertNull($jsonData['mentions']); self::assertSame(0, $jsonData['comments']); self::assertSame(0, $jsonData['uv']); self::assertSame(0, $jsonData['dv']); self::assertSame(0, $jsonData['favourites']); // No scope for seeing votes granted self::assertNull($jsonData['isFavourited']); self::assertNull($jsonData['userVote']); self::assertFalse($jsonData['isAdult']); self::assertFalse($jsonData['isPinned']); self::assertStringMatchesFormat('%d-%d-%dT%d:%d:%d%i:00', $jsonData['createdAt'], 'createdAt date format invalid'); self::assertNull($jsonData['editedAt']); self::assertStringMatchesFormat('%d-%d-%dT%d:%d:%d%i:00', $jsonData['lastActive'], 'lastActive date format invalid'); self::assertEquals('trashed', $jsonData['visibility']); self::assertEquals('test-post', $jsonData['slug']); self::assertNull($jsonData['apId']); } public function testApiCannotRestorePostAnonymous(): void { $magazine = $this->getMagazineByNameNoRSAKey('acme'); $user = $this->getUserByUsername('user'); $post = $this->createPost('test post', magazine: $magazine); $postManager = $this->postManager; $postManager->trash($user, $post); $this->client->jsonRequest('PUT', "/api/moderate/post/{$post->getId()}/restore"); self::assertResponseStatusCodeSame(401); } public function testApiNonModeratorCannotRestorePost(): void { $user = $this->getUserByUsername('user'); $magazine = $this->getMagazineByNameNoRSAKey('acme'); $post = $this->createPost('test post', user: $user, magazine: $magazine); $postManager = $this->postManager; $postManager->trash($user, $post); self::createOAuth2AuthCodeClient(); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read moderate:post:trash'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->jsonRequest('PUT', "/api/moderate/post/{$post->getId()}/restore", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); } public function testApiCannotRestorePostWithoutScope(): void { $user = $this->getUserByUsername('user'); $magazine = $this->getMagazineByNameNoRSAKey('acme', $user); $post = $this->createPost('test post', user: $user, magazine: $magazine); $postManager = $this->postManager; $postManager->trash($user, $post); self::createOAuth2AuthCodeClient(); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->jsonRequest('PUT', "/api/moderate/post/{$post->getId()}/restore", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); } public function testApiCanRestorePost(): void { $user = $this->getUserByUsername('user'); $admin = $this->getUserByUsername('admin', isAdmin: true); $magazine = $this->getMagazineByNameNoRSAKey('acme'); $post = $this->createPost('test post', user: $user, magazine: $magazine); $magazineManager = $this->magazineManager; $moderator = new ModeratorDto($magazine); $moderator->user = $user; $moderator->addedBy = $admin; $magazineManager->addModerator($moderator); $postManager = $this->postManager; $postManager->trash($user, $post); self::createOAuth2AuthCodeClient(); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read moderate:post:trash'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->jsonRequest('PUT', "/api/moderate/post/{$post->getId()}/restore", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::POST_RESPONSE_KEYS, $jsonData); self::assertSame($post->getId(), $jsonData['postId']); self::assertIsArray($jsonData['magazine']); self::assertArrayKeysMatch(self::MAGAZINE_SMALL_RESPONSE_KEYS, $jsonData['magazine']); self::assertSame($magazine->getId(), $jsonData['magazine']['magazineId']); self::assertIsArray($jsonData['user']); self::assertArrayKeysMatch(self::USER_SMALL_RESPONSE_KEYS, $jsonData['user']); self::assertSame($user->getId(), $jsonData['user']['userId']); self::assertEquals($post->body, $jsonData['body']); self::assertNull($jsonData['image']); self::assertEquals($post->lang, $jsonData['lang']); self::assertEmpty($jsonData['tags']); self::assertNull($jsonData['mentions']); self::assertSame(0, $jsonData['comments']); self::assertSame(0, $jsonData['uv']); self::assertSame(0, $jsonData['dv']); self::assertSame(0, $jsonData['favourites']); // No scope for seeing votes granted self::assertNull($jsonData['isFavourited']); self::assertNull($jsonData['userVote']); self::assertFalse($jsonData['isAdult']); self::assertFalse($jsonData['isPinned']); self::assertStringMatchesFormat('%d-%d-%dT%d:%d:%d%i:00', $jsonData['createdAt'], 'createdAt date format invalid'); self::assertNull($jsonData['editedAt']); self::assertStringMatchesFormat('%d-%d-%dT%d:%d:%d%i:00', $jsonData['lastActive'], 'lastActive date format invalid'); self::assertEquals('visible', $jsonData['visibility']); self::assertEquals('test-post', $jsonData['slug']); self::assertNull($jsonData['apId']); } } ================================================ FILE: tests/Functional/Controller/Api/Post/PostCreateApiTest.php ================================================ getMagazineByNameNoRSAKey('acme'); $postRequest = [ 'body' => 'This is a microblog', 'lang' => 'en', 'isAdult' => false, ]; $this->client->jsonRequest('POST', "/api/magazine/{$magazine->getId()}/posts", parameters: $postRequest); self::assertResponseStatusCodeSame(401); } public function testApiCannotCreatePostWithoutScope(): void { $magazine = $this->getMagazineByNameNoRSAKey('acme'); $postRequest = [ 'body' => 'No scope post', 'lang' => 'en', 'isAdult' => false, ]; self::createOAuth2AuthCodeClient(); $this->client->loginUser($this->getUserByUsername('user')); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->jsonRequest('POST', "/api/magazine/{$magazine->getId()}/posts", parameters: $postRequest, server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); } public function testApiCanCreatePost(): void { $user = $this->getUserByUsername('user'); $magazine = $this->getMagazineByNameNoRSAKey('acme'); $postRequest = [ 'body' => 'This is a microblog #test @user', 'lang' => 'en', 'isAdult' => false, ]; self::createOAuth2AuthCodeClient(); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read post:create'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->jsonRequest('POST', "/api/magazine/{$magazine->getId()}/posts", parameters: $postRequest, server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(201); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::POST_RESPONSE_KEYS, $jsonData); self::assertNotNull($jsonData['postId']); self::assertIsArray($jsonData['magazine']); self::assertArrayKeysMatch(self::MAGAZINE_SMALL_RESPONSE_KEYS, $jsonData['magazine']); self::assertSame($magazine->getId(), $jsonData['magazine']['magazineId']); self::assertIsArray($jsonData['user']); self::assertArrayKeysMatch(self::USER_SMALL_RESPONSE_KEYS, $jsonData['user']); self::assertSame($user->getId(), $jsonData['user']['userId']); self::assertEquals('This is a microblog #test @user', $jsonData['body']); self::assertNull($jsonData['image']); self::assertEquals('en', $jsonData['lang']); self::assertIsArray($jsonData['tags']); self::assertSame(['test'], $jsonData['tags']); self::assertIsArray($jsonData['mentions']); self::assertSame(['@user'], $jsonData['mentions']); self::assertSame(0, $jsonData['comments']); self::assertSame(0, $jsonData['uv']); self::assertSame(0, $jsonData['dv']); self::assertSame(0, $jsonData['favourites']); // No scope for seeing votes granted self::assertNull($jsonData['isFavourited']); self::assertNull($jsonData['userVote']); self::assertFalse($jsonData['isAdult']); self::assertFalse($jsonData['isPinned']); self::assertStringMatchesFormat('%d-%d-%dT%d:%d:%d%i:00', $jsonData['createdAt'], 'createdAt date format invalid'); self::assertNull($jsonData['editedAt']); self::assertStringMatchesFormat('%d-%d-%dT%d:%d:%d%i:00', $jsonData['lastActive'], 'lastActive date format invalid'); self::assertNull($jsonData['apId']); self::assertEquals('This-is-a-microblog-test-at-user', $jsonData['slug']); } public function testApiCannotCreateImagePostAnonymous(): void { $magazine = $this->getMagazineByNameNoRSAKey('acme'); $postRequest = [ 'alt' => 'It\'s kibby!', 'lang' => 'en', 'isAdult' => false, ]; // Uploading a file appears to delete the file at the given path, so make a copy before upload copy($this->kibbyPath, $this->kibbyPath.'.tmp'); $image = new UploadedFile($this->kibbyPath.'.tmp', 'kibby_emoji.png', 'image/png'); $this->client->request( 'POST', "/api/magazine/{$magazine->getId()}/posts/image", parameters: $postRequest, files: ['uploadImage' => $image], ); self::assertResponseStatusCodeSame(401); } public function testApiCannotCreateImagePostWithoutScope(): void { $magazine = $this->getMagazineByNameNoRSAKey('acme'); $postRequest = [ 'alt' => 'It\'s kibby!', 'lang' => 'en', 'isAdult' => false, ]; // Uploading a file appears to delete the file at the given path, so make a copy before upload $tmpPath = bin2hex(random_bytes(32)); copy($this->kibbyPath, $tmpPath.'.png'); $image = new UploadedFile($tmpPath.'.png', 'kibby_emoji.png', 'image/png'); self::createOAuth2AuthCodeClient(); $this->client->loginUser($this->getUserByUsername('user')); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request( 'POST', "/api/magazine/{$magazine->getId()}/posts/image", parameters: $postRequest, files: ['uploadImage' => $image], server: ['HTTP_AUTHORIZATION' => $token] ); self::assertResponseStatusCodeSame(403); } public function testApiCanCreateImagePost(): void { $user = $this->getUserByUsername('user'); $magazine = $this->getMagazineByNameNoRSAKey('acme'); $postRequest = [ 'alt' => 'It\'s kibby!', 'lang' => 'en', 'isAdult' => false, ]; self::createOAuth2AuthCodeClient(); $this->client->loginUser($user); // Uploading a file appears to delete the file at the given path, so make a copy before upload $tmpPath = bin2hex(random_bytes(32)); copy($this->kibbyPath, $tmpPath.'.png'); $image = new UploadedFile($tmpPath.'.png', 'kibby_emoji.png', 'image/png'); $imageManager = $this->imageManager; $expectedPath = $imageManager->getFilePath($image->getFilename()); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read post:create'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request( 'POST', "/api/magazine/{$magazine->getId()}/posts/image", parameters: $postRequest, files: ['uploadImage' => $image], server: ['HTTP_AUTHORIZATION' => $token] ); self::assertResponseStatusCodeSame(201); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::POST_RESPONSE_KEYS, $jsonData); self::assertNotNull($jsonData['postId']); self::assertIsArray($jsonData['magazine']); self::assertArrayKeysMatch(self::MAGAZINE_SMALL_RESPONSE_KEYS, $jsonData['magazine']); self::assertSame($magazine->getId(), $jsonData['magazine']['magazineId']); self::assertIsArray($jsonData['user']); self::assertArrayKeysMatch(self::USER_SMALL_RESPONSE_KEYS, $jsonData['user']); self::assertSame($user->getId(), $jsonData['user']['userId']); self::assertEquals('', $jsonData['body']); self::assertIsArray($jsonData['image']); self::assertArrayKeysMatch(self::IMAGE_KEYS, $jsonData['image']); self::assertStringContainsString($expectedPath, $jsonData['image']['filePath']); self::assertEquals('It\'s kibby!', $jsonData['image']['altText']); self::assertEquals('en', $jsonData['lang']); self::assertEmpty($jsonData['tags']); self::assertNull($jsonData['mentions']); self::assertSame(0, $jsonData['comments']); self::assertSame(0, $jsonData['uv']); self::assertSame(0, $jsonData['dv']); self::assertSame(0, $jsonData['favourites']); // No scope for seeing votes granted self::assertNull($jsonData['isFavourited']); self::assertNull($jsonData['userVote']); self::assertFalse($jsonData['isAdult']); self::assertFalse($jsonData['isPinned']); self::assertStringMatchesFormat('%d-%d-%dT%d:%d:%d%i:00', $jsonData['createdAt'], 'createdAt date format invalid'); self::assertNull($jsonData['editedAt']); self::assertStringMatchesFormat('%d-%d-%dT%d:%d:%d%i:00', $jsonData['lastActive'], 'lastActive date format invalid'); self::assertNull($jsonData['apId']); self::assertEquals('acme-It-s-kibby', $jsonData['slug']); } public function testApiCannotCreatePostWithoutMagazine(): void { $magazine = $this->getMagazineByNameNoRSAKey('acme'); $invalidId = $magazine->getId() + 1; $postRequest = [ 'lang' => 'en', 'isAdult' => false, ]; self::createOAuth2AuthCodeClient(); $this->client->loginUser($this->getUserByUsername('user')); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read post:create'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->jsonRequest('POST', "/api/magazine/{$invalidId}/posts", parameters: $postRequest, server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(404); $this->client->request('POST', "/api/magazine/{$invalidId}/posts/image", parameters: $postRequest, server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(404); } public function testApiCannotCreatePostWithoutBodyOrImage(): void { $magazine = $this->getMagazineByNameNoRSAKey('acme'); $postRequest = [ 'lang' => 'en', 'isAdult' => false, ]; self::createOAuth2AuthCodeClient(); $this->client->loginUser($this->getUserByUsername('user')); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read post:create'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->jsonRequest('POST', "/api/magazine/{$magazine->getId()}/posts", parameters: $postRequest, server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(400); $this->client->request('POST', "/api/magazine/{$magazine->getId()}/posts/image", parameters: $postRequest, server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(400); } } ================================================ FILE: tests/Functional/Controller/Api/Post/PostDeleteApiTest.php ================================================ getMagazineByNameNoRSAKey('acme'); $post = $this->createPost(body: 'test for deletion', magazine: $magazine); $this->client->request('DELETE', "/api/post/{$post->getId()}"); self::assertResponseStatusCodeSame(401); } public function testApiCannotDeletePostWithoutScope(): void { $user = $this->getUserByUsername('user'); $magazine = $this->getMagazineByNameNoRSAKey('acme'); $post = $this->createPost(body: 'test for deletion', user: $user, magazine: $magazine); self::createOAuth2AuthCodeClient(); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('DELETE', "/api/post/{$post->getId()}", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); } public function testApiCannotDeleteOtherUsersPost(): void { $otherUser = $this->getUserByUsername('somebody'); $user = $this->getUserByUsername('user'); $magazine = $this->getMagazineByNameNoRSAKey('acme'); $post = $this->createPost(body: 'test for deletion', user: $otherUser, magazine: $magazine); self::createOAuth2AuthCodeClient(); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read post:delete'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('DELETE', "/api/post/{$post->getId()}", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); } public function testApiCanDeletePost(): void { $user = $this->getUserByUsername('user'); $magazine = $this->getMagazineByNameNoRSAKey('acme'); $post = $this->createPost(body: 'test for deletion', user: $user, magazine: $magazine); self::createOAuth2AuthCodeClient(); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read post:delete'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('DELETE', "/api/post/{$post->getId()}", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(204); } public function testApiCannotDeleteImagePostAnonymous(): void { $magazine = $this->getMagazineByNameNoRSAKey('acme'); $imageDto = $this->getKibbyImageDto(); $post = $this->createPost('test image', imageDto: $imageDto, magazine: $magazine); $this->client->request('DELETE', "/api/post/{$post->getId()}"); self::assertResponseStatusCodeSame(401); } public function testApiCannotDeleteImagePostWithoutScope(): void { $magazine = $this->getMagazineByNameNoRSAKey('acme'); $user = $this->getUserByUsername('user'); $imageDto = $this->getKibbyImageDto(); $post = $this->createPost('test image', imageDto: $imageDto, user: $user, magazine: $magazine); self::createOAuth2AuthCodeClient(); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('DELETE', "/api/post/{$post->getId()}", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); } public function testApiCannotDeleteOtherUsersImagePost(): void { $otherUser = $this->getUserByUsername('somebody'); $user = $this->getUserByUsername('user'); $magazine = $this->getMagazineByNameNoRSAKey('acme'); $imageDto = $this->getKibbyImageDto(); $post = $this->createPost('test image', imageDto: $imageDto, user: $otherUser, magazine: $magazine); self::createOAuth2AuthCodeClient(); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read post:delete'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('DELETE', "/api/post/{$post->getId()}", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); } public function testApiCanDeleteImagePost(): void { $user = $this->getUserByUsername('user'); $magazine = $this->getMagazineByNameNoRSAKey('acme'); $imageDto = $this->getKibbyImageDto(); $post = $this->createPost('test image', imageDto: $imageDto, user: $user, magazine: $magazine); self::createOAuth2AuthCodeClient(); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read post:delete'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('DELETE', "/api/post/{$post->getId()}", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(204); } } ================================================ FILE: tests/Functional/Controller/Api/Post/PostFavouriteApiTest.php ================================================ getMagazineByNameNoRSAKey('acme'); $post = $this->createPost('test for favourite', magazine: $magazine); $this->client->jsonRequest('PUT', "/api/post/{$post->getId()}/favourite"); self::assertResponseStatusCodeSame(401); } public function testApiCannotFavouritePostWithoutScope(): void { $user = $this->getUserByUsername('user'); $magazine = $this->getMagazineByNameNoRSAKey('acme'); $post = $this->createPost('test for favourite', user: $user, magazine: $magazine); self::createOAuth2AuthCodeClient(); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->jsonRequest('PUT', "/api/post/{$post->getId()}/favourite", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); } public function testApiCanFavouritePost(): void { $user = $this->getUserByUsername('user'); $magazine = $this->getMagazineByNameNoRSAKey('acme'); $post = $this->createPost('test for favourite', user: $user, magazine: $magazine); self::createOAuth2AuthCodeClient(); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read post:vote'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->jsonRequest('PUT', "/api/post/{$post->getId()}/favourite", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::POST_RESPONSE_KEYS, $jsonData); self::assertSame($post->getId(), $jsonData['postId']); self::assertIsArray($jsonData['magazine']); self::assertArrayKeysMatch(self::MAGAZINE_SMALL_RESPONSE_KEYS, $jsonData['magazine']); self::assertSame($magazine->getId(), $jsonData['magazine']['magazineId']); self::assertIsArray($jsonData['user']); self::assertArrayKeysMatch(self::USER_SMALL_RESPONSE_KEYS, $jsonData['user']); self::assertSame($user->getId(), $jsonData['user']['userId']); self::assertEquals($post->body, $jsonData['body']); self::assertNull($jsonData['image']); self::assertEquals($post->lang, $jsonData['lang']); self::assertEmpty($jsonData['tags']); self::assertNull($jsonData['mentions']); self::assertSame(0, $jsonData['comments']); self::assertSame(0, $jsonData['uv']); self::assertSame(0, $jsonData['dv']); self::assertSame(1, $jsonData['favourites']); self::assertTrue($jsonData['isFavourited']); self::assertSame(0, $jsonData['userVote']); self::assertFalse($jsonData['isAdult']); self::assertFalse($jsonData['isPinned']); self::assertStringMatchesFormat('%d-%d-%dT%d:%d:%d%i:00', $jsonData['createdAt'], 'createdAt date format invalid'); self::assertNull($jsonData['editedAt']); self::assertStringMatchesFormat('%d-%d-%dT%d:%d:%d%i:00', $jsonData['lastActive'], 'lastActive date format invalid'); self::assertEquals('test-for-favourite', $jsonData['slug']); self::assertNull($jsonData['apId']); } } ================================================ FILE: tests/Functional/Controller/Api/Post/PostReportApiTest.php ================================================ getMagazineByNameNoRSAKey('acme'); $post = $this->createPost('test for report', magazine: $magazine); $reportRequest = [ 'reason' => 'Test reporting', ]; $this->client->jsonRequest('POST', "/api/post/{$post->getId()}/report", $reportRequest); self::assertResponseStatusCodeSame(401); } public function testApiCannotReportPostWithoutScope(): void { $user = $this->getUserByUsername('user'); $magazine = $this->getMagazineByNameNoRSAKey('acme'); $post = $this->createPost('test for report', user: $user, magazine: $magazine); $reportRequest = [ 'reason' => 'Test reporting', ]; self::createOAuth2AuthCodeClient(); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->jsonRequest('POST', "/api/post/{$post->getId()}/report", $reportRequest, server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); } public function testApiCanReportPost(): void { $user = $this->getUserByUsername('user'); $otherUser = $this->getUserByUsername('somebody'); $magazine = $this->getMagazineByNameNoRSAKey('acme'); $post = $this->createPost('test for report', user: $otherUser, magazine: $magazine); $reportRequest = [ 'reason' => 'Test reporting', ]; $magazineRepository = $this->magazineRepository; self::createOAuth2AuthCodeClient(); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read post:report'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->jsonRequest('POST', "/api/post/{$post->getId()}/report", $reportRequest, server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(204); $magazine = $magazineRepository->find($magazine->getId()); $reports = $magazineRepository->findReports($magazine); self::assertSame(1, $reports->count()); /** @var Report $report */ $report = $reports->getCurrentPageResults()[0]; self::assertEquals('Test reporting', $report->reason); self::assertSame($user->getId(), $report->reporting->getId()); self::assertSame($otherUser->getId(), $report->reported->getId()); self::assertSame($post->getId(), $report->getSubject()->getId()); } } ================================================ FILE: tests/Functional/Controller/Api/Post/PostRetrieveApiTest.php ================================================ client->request('GET', '/api/posts/subscribed'); self::assertResponseStatusCodeSame(401); } public function testApiCannotGetSubscribedPostsWithoutScope(): void { self::createOAuth2AuthCodeClient(); $this->client->loginUser($this->getUserByUsername('user')); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'write'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('GET', '/api/posts/subscribed', server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); } public function testApiCanGetSubscribedPosts(): void { $user = $this->getUserByUsername('user'); $this->createPost('a post'); $magazine = $this->getMagazineByNameNoRSAKey('somemag', $user); $post = $this->createPost('another post', magazine: $magazine); self::createOAuth2AuthCodeClient(); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('GET', '/api/posts/subscribed', server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::PAGINATED_KEYS, $jsonData); self::assertIsArray($jsonData['items']); self::assertCount(1, $jsonData['items']); self::assertIsArray($jsonData['pagination']); self::assertArrayKeysMatch(self::PAGINATION_KEYS, $jsonData['pagination']); self::assertSame(1, $jsonData['pagination']['count']); self::assertIsArray($jsonData['items'][0]); self::assertArrayKeysMatch(self::POST_RESPONSE_KEYS, $jsonData['items'][0]); self::assertSame($post->getId(), $jsonData['items'][0]['postId']); self::assertEquals('another post', $jsonData['items'][0]['body']); self::assertIsArray($jsonData['items'][0]['magazine']); self::assertArrayKeysMatch(self::MAGAZINE_SMALL_RESPONSE_KEYS, $jsonData['items'][0]['magazine']); self::assertSame($magazine->getId(), $jsonData['items'][0]['magazine']['magazineId']); self::assertIsArray($jsonData['items'][0]['user']); self::assertArrayKeysMatch(self::USER_SMALL_RESPONSE_KEYS, $jsonData['items'][0]['user']); self::assertNull($jsonData['items'][0]['image']); self::assertEquals('en', $jsonData['items'][0]['lang']); self::assertEmpty($jsonData['items'][0]['tags']); self::assertNull($jsonData['items'][0]['mentions']); self::assertSame(0, $jsonData['items'][0]['comments']); self::assertSame(0, $jsonData['items'][0]['uv']); self::assertSame(0, $jsonData['items'][0]['dv']); self::assertSame(0, $jsonData['items'][0]['favourites']); // No scope for seeing votes granted self::assertNull($jsonData['items'][0]['isFavourited']); self::assertNull($jsonData['items'][0]['userVote']); self::assertFalse($jsonData['items'][0]['isAdult']); self::assertFalse($jsonData['items'][0]['isPinned']); self::assertStringMatchesFormat('%d-%d-%dT%d:%d:%d%i:00', $jsonData['items'][0]['createdAt'], 'createdAt date format invalid'); self::assertNull($jsonData['items'][0]['editedAt']); self::assertStringMatchesFormat('%d-%d-%dT%d:%d:%d%i:00', $jsonData['items'][0]['lastActive'], 'lastActive date format invalid'); self::assertEquals('another-post', $jsonData['items'][0]['slug']); self::assertNull($jsonData['items'][0]['apId']); self::assertIsArray($jsonData['items'][0]['bookmarks']); self::assertEmpty($jsonData['items'][0]['bookmarks']); } public function testApiCanGetSubscribedPostsWithBoosts(): void { $user = $this->getUserByUsername('user'); $userFollowing = $this->getUserByUsername('user2'); $user3 = $this->getUserByUsername('user3'); $this->userManager->follow($user, $userFollowing, false); $postFollowed = $this->createPost('a post', user: $userFollowing); $postBoosted = $this->createPost('third user post', user: $user3); $this->createPost('unrelated post', user: $user3); $commentFollowed = $this->createPostComment('a comment', $postBoosted, $userFollowing); $commentBoosted = $this->createPostComment('a boosted comment', $postBoosted, $user3); $this->createPostComment('unrelated comment', $postBoosted, $user3); $this->voteManager->upvote($postBoosted, $userFollowing); $this->voteManager->upvote($commentBoosted, $userFollowing); self::createOAuth2AuthCodeClient(); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('GET', '/api/posts/subscribedWithBoosts', server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::PAGINATED_KEYS, $jsonData); self::assertIsArray($jsonData['items']); self::assertCount(4, $jsonData['items']); self::assertIsArray($jsonData['pagination']); self::assertArrayKeysMatch(self::PAGINATION_KEYS, $jsonData['pagination']); self::assertSame(4, $jsonData['pagination']['count']); $retrievedPostIds = array_map(function ($item) { if (null !== $item['post']) { self::assertArrayKeysMatch(self::POST_RESPONSE_KEYS, $item['post']); return $item['post']['postId']; } else { return null; } }, $jsonData['items']); $retrievedPostIds = array_filter($retrievedPostIds, function ($item) { return null !== $item; }); sort($retrievedPostIds); $retrievedPostCommentIds = array_map(function ($item) { if (null !== $item['postComment']) { self::assertArrayKeysMatch(self::POST_COMMENT_RESPONSE_KEYS, $item['postComment']); return $item['postComment']['commentId']; } else { return null; } }, $jsonData['items']); $retrievedPostCommentIds = array_filter($retrievedPostCommentIds, function ($item) { return null !== $item; }); sort($retrievedPostCommentIds); $expectedPostIds = [$postFollowed->getId(), $postBoosted->getId()]; sort($expectedPostIds); $expectedPostCommentIds = [$commentFollowed->getId(), $commentBoosted->getId()]; sort($expectedPostCommentIds); self::assertEquals($retrievedPostIds, $expectedPostIds); self::assertEquals($expectedPostCommentIds, $expectedPostCommentIds); } public function testApiCannotGetModeratedPostsAnonymous(): void { $this->client->request('GET', '/api/posts/moderated'); self::assertResponseStatusCodeSame(401); } public function testApiCannotGetModeratedPostsWithoutScope(): void { self::createOAuth2AuthCodeClient(); $this->client->loginUser($this->getUserByUsername('user')); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('GET', '/api/posts/moderated', server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); } public function testApiCanGetModeratedPosts(): void { $user = $this->getUserByUsername('user'); $this->createPost('a post'); $magazine = $this->getMagazineByNameNoRSAKey('somemag', $user); $post = $this->createPost('another post', magazine: $magazine); self::createOAuth2AuthCodeClient(); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read moderate:post'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('GET', '/api/posts/moderated', server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::PAGINATED_KEYS, $jsonData); self::assertIsArray($jsonData['items']); self::assertCount(1, $jsonData['items']); self::assertIsArray($jsonData['pagination']); self::assertArrayKeysMatch(self::PAGINATION_KEYS, $jsonData['pagination']); self::assertSame(1, $jsonData['pagination']['count']); self::assertIsArray($jsonData['items'][0]); self::assertArrayKeysMatch(self::POST_RESPONSE_KEYS, $jsonData['items'][0]); self::assertSame($post->getId(), $jsonData['items'][0]['postId']); self::assertIsArray($jsonData['items'][0]['magazine']); self::assertArrayKeysMatch(self::MAGAZINE_SMALL_RESPONSE_KEYS, $jsonData['items'][0]['magazine']); self::assertSame($magazine->getId(), $jsonData['items'][0]['magazine']['magazineId']); self::assertIsArray($jsonData['items'][0]['user']); self::assertArrayKeysMatch(self::USER_SMALL_RESPONSE_KEYS, $jsonData['items'][0]['user']); self::assertEquals('another post', $jsonData['items'][0]['body']); self::assertNull($jsonData['items'][0]['image']); self::assertEquals('en', $jsonData['items'][0]['lang']); self::assertEmpty($jsonData['items'][0]['tags']); self::assertNull($jsonData['items'][0]['mentions']); self::assertSame(0, $jsonData['items'][0]['comments']); self::assertSame(0, $jsonData['items'][0]['uv']); self::assertSame(0, $jsonData['items'][0]['dv']); self::assertSame(0, $jsonData['items'][0]['favourites']); // No scope for seeing votes granted self::assertNull($jsonData['items'][0]['isFavourited']); self::assertNull($jsonData['items'][0]['userVote']); self::assertFalse($jsonData['items'][0]['isAdult']); self::assertFalse($jsonData['items'][0]['isPinned']); self::assertStringMatchesFormat('%d-%d-%dT%d:%d:%d%i:00', $jsonData['items'][0]['createdAt'], 'createdAt date format invalid'); self::assertNull($jsonData['items'][0]['editedAt']); self::assertStringMatchesFormat('%d-%d-%dT%d:%d:%d%i:00', $jsonData['items'][0]['lastActive'], 'lastActive date format invalid'); self::assertEquals('another-post', $jsonData['items'][0]['slug']); self::assertNull($jsonData['items'][0]['apId']); self::assertIsArray($jsonData['items'][0]['bookmarks']); self::assertEmpty($jsonData['items'][0]['bookmarks']); } public function testApiCannotGetFavouritedPostsAnonymous(): void { $this->client->request('GET', '/api/posts/favourited'); self::assertResponseStatusCodeSame(401); } public function testApiCannotGetFavouritedPostsWithoutScope(): void { self::createOAuth2AuthCodeClient(); $this->client->loginUser($this->getUserByUsername('user')); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('GET', '/api/posts/favourited', server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); } public function testApiCanGetFavouritedPosts(): void { $user = $this->getUserByUsername('user'); $post = $this->createPost('a post'); $magazine = $this->getMagazineByNameNoRSAKey('somemag'); $this->createPost('another post', magazine: $magazine); $favouriteManager = $this->favouriteManager; $favouriteManager->toggle($user, $post); self::createOAuth2AuthCodeClient(); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read post:vote'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('GET', '/api/posts/favourited', server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::PAGINATED_KEYS, $jsonData); self::assertIsArray($jsonData['items']); self::assertCount(1, $jsonData['items']); self::assertIsArray($jsonData['pagination']); self::assertArrayKeysMatch(self::PAGINATION_KEYS, $jsonData['pagination']); self::assertSame(1, $jsonData['pagination']['count']); self::assertIsArray($jsonData['items'][0]); self::assertArrayKeysMatch(self::POST_RESPONSE_KEYS, $jsonData['items'][0]); self::assertSame($post->getId(), $jsonData['items'][0]['postId']); self::assertEquals('a post', $jsonData['items'][0]['body']); self::assertIsArray($jsonData['items'][0]['magazine']); self::assertArrayKeysMatch(self::MAGAZINE_SMALL_RESPONSE_KEYS, $jsonData['items'][0]['magazine']); self::assertIsArray($jsonData['items'][0]['user']); self::assertArrayKeysMatch(self::USER_SMALL_RESPONSE_KEYS, $jsonData['items'][0]['user']); self::assertNull($jsonData['items'][0]['image']); self::assertEquals('en', $jsonData['items'][0]['lang']); self::assertEmpty($jsonData['items'][0]['tags']); self::assertNull($jsonData['items'][0]['mentions']); self::assertSame(0, $jsonData['items'][0]['comments']); self::assertSame(0, $jsonData['items'][0]['uv']); self::assertSame(0, $jsonData['items'][0]['dv']); self::assertSame(1, $jsonData['items'][0]['favourites']); // No scope for seeing votes granted self::assertTrue($jsonData['items'][0]['isFavourited']); self::assertSame(0, $jsonData['items'][0]['userVote']); self::assertFalse($jsonData['items'][0]['isAdult']); self::assertFalse($jsonData['items'][0]['isPinned']); self::assertStringMatchesFormat('%d-%d-%dT%d:%d:%d%i:00', $jsonData['items'][0]['createdAt'], 'createdAt date format invalid'); self::assertNull($jsonData['items'][0]['editedAt']); self::assertStringMatchesFormat('%d-%d-%dT%d:%d:%d%i:00', $jsonData['items'][0]['lastActive'], 'lastActive date format invalid'); self::assertEquals('a-post', $jsonData['items'][0]['slug']); self::assertNull($jsonData['items'][0]['apId']); self::assertIsArray($jsonData['items'][0]['bookmarks']); self::assertEmpty($jsonData['items'][0]['bookmarks']); } public function testApiCanGetPostsAnonymous(): void { $post = $this->createPost('a post'); $this->createPostComment('up the ranking', $post); $magazine = $this->getMagazineByNameNoRSAKey('somemag'); $second = $this->createPost('another post', magazine: $magazine); // Check that pinned posts don't get pinned to the top of the instance, just the magazine $postManager = $this->postManager; $postManager->pin($second); $this->client->request('GET', '/api/posts'); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::PAGINATED_KEYS, $jsonData); self::assertIsArray($jsonData['items']); self::assertCount(2, $jsonData['items']); self::assertIsArray($jsonData['pagination']); self::assertArrayKeysMatch(self::PAGINATION_KEYS, $jsonData['pagination']); self::assertSame(2, $jsonData['pagination']['count']); self::assertIsArray($jsonData['items'][0]); self::assertArrayKeysMatch(self::POST_RESPONSE_KEYS, $jsonData['items'][0]); self::assertSame($post->getId(), $jsonData['items'][0]['postId']); self::assertEquals('a post', $jsonData['items'][0]['body']); self::assertIsArray($jsonData['items'][0]['magazine']); self::assertArrayKeysMatch(self::MAGAZINE_SMALL_RESPONSE_KEYS, $jsonData['items'][0]['magazine']); self::assertIsArray($jsonData['items'][0]['user']); self::assertArrayKeysMatch(self::USER_SMALL_RESPONSE_KEYS, $jsonData['items'][0]['user']); self::assertNull($jsonData['items'][0]['image']); self::assertEquals('en', $jsonData['items'][0]['lang']); self::assertEmpty($jsonData['items'][0]['tags']); self::assertNull($jsonData['items'][0]['mentions']); self::assertSame(1, $jsonData['items'][0]['comments']); self::assertSame(0, $jsonData['items'][0]['uv']); self::assertSame(0, $jsonData['items'][0]['dv']); self::assertSame(0, $jsonData['items'][0]['favourites']); self::assertNull($jsonData['items'][0]['isFavourited']); self::assertNull($jsonData['items'][0]['userVote']); self::assertFalse($jsonData['items'][0]['isAdult']); self::assertFalse($jsonData['items'][0]['isPinned']); self::assertStringMatchesFormat('%d-%d-%dT%d:%d:%d%i:00', $jsonData['items'][0]['createdAt'], 'createdAt date format invalid'); self::assertNull($jsonData['items'][0]['editedAt']); self::assertStringMatchesFormat('%d-%d-%dT%d:%d:%d%i:00', $jsonData['items'][0]['lastActive'], 'lastActive date format invalid'); self::assertEquals('a-post', $jsonData['items'][0]['slug']); self::assertNull($jsonData['items'][0]['apId']); self::assertNull($jsonData['items'][0]['bookmarks']); self::assertIsArray($jsonData['items'][1]); self::assertArrayKeysMatch(self::POST_RESPONSE_KEYS, $jsonData['items'][1]); self::assertEquals('another post', $jsonData['items'][1]['body']); self::assertIsArray($jsonData['items'][1]['magazine']); self::assertArrayKeysMatch(self::MAGAZINE_SMALL_RESPONSE_KEYS, $jsonData['items'][1]['magazine']); self::assertSame($magazine->getId(), $jsonData['items'][1]['magazine']['magazineId']); self::assertSame(0, $jsonData['items'][1]['comments']); } public function testApiCanGetPosts(): void { $post = $this->createPost('a post'); $this->createPostComment('up the ranking', $post); $magazine = $this->getMagazineByNameNoRSAKey('somemag'); $this->createPost('another post', magazine: $magazine); self::createOAuth2AuthCodeClient(); $this->client->loginUser($this->getUserByUsername('user')); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('GET', '/api/posts', server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::PAGINATED_KEYS, $jsonData); self::assertIsArray($jsonData['items']); self::assertCount(2, $jsonData['items']); self::assertIsArray($jsonData['pagination']); self::assertArrayKeysMatch(self::PAGINATION_KEYS, $jsonData['pagination']); self::assertSame(2, $jsonData['pagination']['count']); self::assertIsArray($jsonData['items'][0]); self::assertArrayKeysMatch(self::POST_RESPONSE_KEYS, $jsonData['items'][0]); self::assertSame($post->getId(), $jsonData['items'][0]['postId']); self::assertEquals('a post', $jsonData['items'][0]['body']); self::assertIsArray($jsonData['items'][0]['magazine']); self::assertArrayKeysMatch(self::MAGAZINE_SMALL_RESPONSE_KEYS, $jsonData['items'][0]['magazine']); self::assertIsArray($jsonData['items'][0]['user']); self::assertArrayKeysMatch(self::USER_SMALL_RESPONSE_KEYS, $jsonData['items'][0]['user']); self::assertNull($jsonData['items'][0]['image']); self::assertEquals('en', $jsonData['items'][0]['lang']); self::assertEmpty($jsonData['items'][0]['tags']); self::assertNull($jsonData['items'][0]['mentions']); self::assertSame(1, $jsonData['items'][0]['comments']); self::assertSame(0, $jsonData['items'][0]['uv']); self::assertSame(0, $jsonData['items'][0]['dv']); self::assertSame(0, $jsonData['items'][0]['favourites']); // No scope for seeing votes granted self::assertNull($jsonData['items'][0]['isFavourited']); self::assertNull($jsonData['items'][0]['userVote']); self::assertFalse($jsonData['items'][0]['isAdult']); self::assertFalse($jsonData['items'][0]['isPinned']); self::assertStringMatchesFormat('%d-%d-%dT%d:%d:%d%i:00', $jsonData['items'][0]['createdAt'], 'createdAt date format invalid'); self::assertNull($jsonData['items'][0]['editedAt']); self::assertStringMatchesFormat('%d-%d-%dT%d:%d:%d%i:00', $jsonData['items'][0]['lastActive'], 'lastActive date format invalid'); self::assertEquals('a-post', $jsonData['items'][0]['slug']); self::assertNull($jsonData['items'][0]['apId']); self::assertIsArray($jsonData['items'][0]['bookmarks']); self::assertEmpty($jsonData['items'][0]['bookmarks']); self::assertIsArray($jsonData['items'][1]); self::assertArrayKeysMatch(self::POST_RESPONSE_KEYS, $jsonData['items'][1]); self::assertEquals('another post', $jsonData['items'][1]['body']); self::assertIsArray($jsonData['items'][1]['magazine']); self::assertArrayKeysMatch(self::MAGAZINE_SMALL_RESPONSE_KEYS, $jsonData['items'][1]['magazine']); self::assertSame($magazine->getId(), $jsonData['items'][1]['magazine']['magazineId']); self::assertSame(0, $jsonData['items'][1]['comments']); } public function testApiCanGetPostsWithLanguageAnonymous(): void { $post = $this->createPost('a post'); $this->createPostComment('up the ranking', $post); $magazine = $this->getMagazineByNameNoRSAKey('somemag'); $second = $this->createPost('another post', magazine: $magazine, lang: 'de'); $this->createPost('a dutch post', magazine: $magazine, lang: 'nl'); // Check that pinned posts don't get pinned to the top of the instance, just the magazine $postManager = $this->postManager; $postManager->pin($second); $this->client->request('GET', '/api/posts?lang[]=en&lang[]=de'); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::PAGINATED_KEYS, $jsonData); self::assertIsArray($jsonData['items']); self::assertCount(2, $jsonData['items']); self::assertIsArray($jsonData['pagination']); self::assertArrayKeysMatch(self::PAGINATION_KEYS, $jsonData['pagination']); self::assertSame(2, $jsonData['pagination']['count']); self::assertIsArray($jsonData['items'][0]); self::assertArrayKeysMatch(self::POST_RESPONSE_KEYS, $jsonData['items'][0]); self::assertSame($post->getId(), $jsonData['items'][0]['postId']); self::assertEquals('a post', $jsonData['items'][0]['body']); self::assertIsArray($jsonData['items'][0]['magazine']); self::assertArrayKeysMatch(self::MAGAZINE_SMALL_RESPONSE_KEYS, $jsonData['items'][0]['magazine']); self::assertIsArray($jsonData['items'][0]['user']); self::assertArrayKeysMatch(self::USER_SMALL_RESPONSE_KEYS, $jsonData['items'][0]['user']); self::assertNull($jsonData['items'][0]['image']); self::assertEquals('en', $jsonData['items'][0]['lang']); self::assertEmpty($jsonData['items'][0]['tags']); self::assertNull($jsonData['items'][0]['mentions']); self::assertSame(1, $jsonData['items'][0]['comments']); self::assertSame(0, $jsonData['items'][0]['uv']); self::assertSame(0, $jsonData['items'][0]['dv']); self::assertSame(0, $jsonData['items'][0]['favourites']); self::assertNull($jsonData['items'][0]['isFavourited']); self::assertNull($jsonData['items'][0]['userVote']); self::assertFalse($jsonData['items'][0]['isAdult']); self::assertFalse($jsonData['items'][0]['isPinned']); self::assertStringMatchesFormat('%d-%d-%dT%d:%d:%d%i:00', $jsonData['items'][0]['createdAt'], 'createdAt date format invalid'); self::assertNull($jsonData['items'][0]['editedAt']); self::assertStringMatchesFormat('%d-%d-%dT%d:%d:%d%i:00', $jsonData['items'][0]['lastActive'], 'lastActive date format invalid'); self::assertEquals('a-post', $jsonData['items'][0]['slug']); self::assertNull($jsonData['items'][0]['apId']); self::assertNull($jsonData['items'][0]['bookmarks']); self::assertIsArray($jsonData['items'][1]); self::assertArrayKeysMatch(self::POST_RESPONSE_KEYS, $jsonData['items'][1]); self::assertEquals('another post', $jsonData['items'][1]['body']); self::assertIsArray($jsonData['items'][1]['magazine']); self::assertArrayKeysMatch(self::MAGAZINE_SMALL_RESPONSE_KEYS, $jsonData['items'][1]['magazine']); self::assertSame($magazine->getId(), $jsonData['items'][1]['magazine']['magazineId']); self::assertEquals('de', $jsonData['items'][1]['lang']); self::assertSame(0, $jsonData['items'][1]['comments']); } public function testApiCanGetPostsWithLanguage(): void { $post = $this->createPost('a post'); $this->createPostComment('up the ranking', $post); $magazine = $this->getMagazineByNameNoRSAKey('somemag'); $this->createPost('another post', magazine: $magazine, lang: 'de'); $this->createPost('a dutch post', magazine: $magazine, lang: 'nl'); self::createOAuth2AuthCodeClient(); $this->client->loginUser($this->getUserByUsername('user')); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('GET', '/api/posts?lang[]=en&lang[]=de', server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::PAGINATED_KEYS, $jsonData); self::assertIsArray($jsonData['items']); self::assertCount(2, $jsonData['items']); self::assertIsArray($jsonData['pagination']); self::assertArrayKeysMatch(self::PAGINATION_KEYS, $jsonData['pagination']); self::assertSame(2, $jsonData['pagination']['count']); self::assertIsArray($jsonData['items'][0]); self::assertArrayKeysMatch(self::POST_RESPONSE_KEYS, $jsonData['items'][0]); self::assertSame($post->getId(), $jsonData['items'][0]['postId']); self::assertEquals('a post', $jsonData['items'][0]['body']); self::assertIsArray($jsonData['items'][0]['magazine']); self::assertArrayKeysMatch(self::MAGAZINE_SMALL_RESPONSE_KEYS, $jsonData['items'][0]['magazine']); self::assertIsArray($jsonData['items'][0]['user']); self::assertArrayKeysMatch(self::USER_SMALL_RESPONSE_KEYS, $jsonData['items'][0]['user']); self::assertNull($jsonData['items'][0]['image']); self::assertEquals('en', $jsonData['items'][0]['lang']); self::assertEmpty($jsonData['items'][0]['tags']); self::assertNull($jsonData['items'][0]['mentions']); self::assertSame(1, $jsonData['items'][0]['comments']); self::assertSame(0, $jsonData['items'][0]['uv']); self::assertSame(0, $jsonData['items'][0]['dv']); self::assertSame(0, $jsonData['items'][0]['favourites']); // No scope for seeing votes granted self::assertNull($jsonData['items'][0]['isFavourited']); self::assertNull($jsonData['items'][0]['userVote']); self::assertFalse($jsonData['items'][0]['isAdult']); self::assertFalse($jsonData['items'][0]['isPinned']); self::assertStringMatchesFormat('%d-%d-%dT%d:%d:%d%i:00', $jsonData['items'][0]['createdAt'], 'createdAt date format invalid'); self::assertNull($jsonData['items'][0]['editedAt']); self::assertStringMatchesFormat('%d-%d-%dT%d:%d:%d%i:00', $jsonData['items'][0]['lastActive'], 'lastActive date format invalid'); self::assertEquals('a-post', $jsonData['items'][0]['slug']); self::assertNull($jsonData['items'][0]['apId']); self::assertIsArray($jsonData['items'][0]['bookmarks']); self::assertEmpty($jsonData['items'][0]['bookmarks']); self::assertIsArray($jsonData['items'][1]); self::assertArrayKeysMatch(self::POST_RESPONSE_KEYS, $jsonData['items'][1]); self::assertEquals('another post', $jsonData['items'][1]['body']); self::assertIsArray($jsonData['items'][1]['magazine']); self::assertArrayKeysMatch(self::MAGAZINE_SMALL_RESPONSE_KEYS, $jsonData['items'][1]['magazine']); self::assertSame($magazine->getId(), $jsonData['items'][1]['magazine']['magazineId']); self::assertEquals('de', $jsonData['items'][1]['lang']); self::assertSame(0, $jsonData['items'][1]['comments']); } public function testApiCannotGetPostsByPreferredLangAnonymous(): void { $post = $this->createPost('a post'); $this->createPostComment('up the ranking', $post); $magazine = $this->getMagazineByNameNoRSAKey('somemag'); $second = $this->createPost('another post', magazine: $magazine); // Check that pinned posts don't get pinned to the top of the instance, just the magazine $postManager = $this->postManager; $postManager->pin($second); $this->client->request('GET', '/api/posts?usePreferredLangs=true'); self::assertResponseStatusCodeSame(403); } public function testApiCanGetPostsByPreferredLang(): void { $post = $this->createPost('a post'); $this->createPostComment('up the ranking', $post); $magazine = $this->getMagazineByNameNoRSAKey('somemag'); $this->createPost('another post', magazine: $magazine); $this->createPost('German post', lang: 'de'); $user = $this->getUserByUsername('user'); $user->preferredLanguages = ['en']; $entityManager = $this->entityManager; $entityManager->persist($user); $entityManager->flush(); self::createOAuth2AuthCodeClient(); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('GET', '/api/posts?usePreferredLangs=true', server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::PAGINATED_KEYS, $jsonData); self::assertIsArray($jsonData['items']); self::assertCount(2, $jsonData['items']); self::assertIsArray($jsonData['pagination']); self::assertArrayKeysMatch(self::PAGINATION_KEYS, $jsonData['pagination']); self::assertSame(2, $jsonData['pagination']['count']); self::assertIsArray($jsonData['items'][0]); self::assertArrayKeysMatch(self::POST_RESPONSE_KEYS, $jsonData['items'][0]); self::assertSame($post->getId(), $jsonData['items'][0]['postId']); self::assertEquals('a post', $jsonData['items'][0]['body']); self::assertIsArray($jsonData['items'][0]['magazine']); self::assertArrayKeysMatch(self::MAGAZINE_SMALL_RESPONSE_KEYS, $jsonData['items'][0]['magazine']); self::assertIsArray($jsonData['items'][0]['user']); self::assertArrayKeysMatch(self::USER_SMALL_RESPONSE_KEYS, $jsonData['items'][0]['user']); self::assertNull($jsonData['items'][0]['image']); self::assertEquals('en', $jsonData['items'][0]['lang']); self::assertEmpty($jsonData['items'][0]['tags']); self::assertNull($jsonData['items'][0]['mentions']); self::assertSame(1, $jsonData['items'][0]['comments']); self::assertSame(0, $jsonData['items'][0]['uv']); self::assertSame(0, $jsonData['items'][0]['dv']); self::assertSame(0, $jsonData['items'][0]['favourites']); // No scope for seeing votes granted self::assertNull($jsonData['items'][0]['isFavourited']); self::assertNull($jsonData['items'][0]['userVote']); self::assertFalse($jsonData['items'][0]['isAdult']); self::assertFalse($jsonData['items'][0]['isPinned']); self::assertStringMatchesFormat('%d-%d-%dT%d:%d:%d%i:00', $jsonData['items'][0]['createdAt'], 'createdAt date format invalid'); self::assertNull($jsonData['items'][0]['editedAt']); self::assertStringMatchesFormat('%d-%d-%dT%d:%d:%d%i:00', $jsonData['items'][0]['lastActive'], 'lastActive date format invalid'); self::assertEquals('a-post', $jsonData['items'][0]['slug']); self::assertNull($jsonData['items'][0]['apId']); self::assertIsArray($jsonData['items'][0]['bookmarks']); self::assertEmpty($jsonData['items'][0]['bookmarks']); self::assertIsArray($jsonData['items'][1]); self::assertArrayKeysMatch(self::POST_RESPONSE_KEYS, $jsonData['items'][1]); self::assertEquals('another post', $jsonData['items'][1]['body']); self::assertIsArray($jsonData['items'][1]['magazine']); self::assertArrayKeysMatch(self::MAGAZINE_SMALL_RESPONSE_KEYS, $jsonData['items'][1]['magazine']); self::assertSame($magazine->getId(), $jsonData['items'][1]['magazine']['magazineId']); self::assertEquals('en', $jsonData['items'][1]['lang']); self::assertSame(0, $jsonData['items'][1]['comments']); } public function testApiCanGetPostsNewest(): void { $first = $this->createPost('first'); $second = $this->createPost('second'); $third = $this->createPost('third'); $first->createdAt = new \DateTimeImmutable('-1 hour'); $second->createdAt = new \DateTimeImmutable('-1 second'); $third->createdAt = new \DateTimeImmutable(); $entityManager = $this->entityManager; $entityManager->persist($first); $entityManager->persist($second); $entityManager->persist($third); $entityManager->flush(); self::createOAuth2AuthCodeClient(); $this->client->loginUser($this->getUserByUsername('user')); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('GET', '/api/posts?sort=newest', server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::PAGINATED_KEYS, $jsonData); self::assertIsArray($jsonData['items']); self::assertCount(3, $jsonData['items']); self::assertIsArray($jsonData['pagination']); self::assertArrayKeysMatch(self::PAGINATION_KEYS, $jsonData['pagination']); self::assertSame(3, $jsonData['pagination']['count']); self::assertIsArray($jsonData['items'][0]); self::assertArrayKeysMatch(self::POST_RESPONSE_KEYS, $jsonData['items'][0]); self::assertSame($third->getId(), $jsonData['items'][0]['postId']); self::assertIsArray($jsonData['items'][1]); self::assertArrayKeysMatch(self::POST_RESPONSE_KEYS, $jsonData['items'][1]); self::assertSame($second->getId(), $jsonData['items'][1]['postId']); self::assertIsArray($jsonData['items'][2]); self::assertArrayKeysMatch(self::POST_RESPONSE_KEYS, $jsonData['items'][2]); self::assertSame($first->getId(), $jsonData['items'][2]['postId']); } public function testApiCanGetPostsOldest(): void { $first = $this->createPost('first'); $second = $this->createPost('second'); $third = $this->createPost('third'); $first->createdAt = new \DateTimeImmutable('-1 hour'); $second->createdAt = new \DateTimeImmutable('-1 second'); $third->createdAt = new \DateTimeImmutable(); $entityManager = $this->entityManager; $entityManager->persist($first); $entityManager->persist($second); $entityManager->persist($third); $entityManager->flush(); self::createOAuth2AuthCodeClient(); $this->client->loginUser($this->getUserByUsername('user')); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('GET', '/api/posts?sort=oldest', server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::PAGINATED_KEYS, $jsonData); self::assertIsArray($jsonData['items']); self::assertCount(3, $jsonData['items']); self::assertIsArray($jsonData['pagination']); self::assertArrayKeysMatch(self::PAGINATION_KEYS, $jsonData['pagination']); self::assertSame(3, $jsonData['pagination']['count']); self::assertIsArray($jsonData['items'][0]); self::assertArrayKeysMatch(self::POST_RESPONSE_KEYS, $jsonData['items'][0]); self::assertSame($first->getId(), $jsonData['items'][0]['postId']); self::assertIsArray($jsonData['items'][1]); self::assertArrayKeysMatch(self::POST_RESPONSE_KEYS, $jsonData['items'][1]); self::assertSame($second->getId(), $jsonData['items'][1]['postId']); self::assertIsArray($jsonData['items'][2]); self::assertArrayKeysMatch(self::POST_RESPONSE_KEYS, $jsonData['items'][2]); self::assertSame($third->getId(), $jsonData['items'][2]['postId']); } public function testApiCanGetPostsCommented(): void { $first = $this->createPost('first'); $this->createPostComment('comment 1', $first); $this->createPostComment('comment 2', $first); $second = $this->createPost('second'); $this->createPostComment('comment 1', $second); $third = $this->createPost('third'); self::createOAuth2AuthCodeClient(); $this->client->loginUser($this->getUserByUsername('user')); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('GET', '/api/posts?sort=commented', server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::PAGINATED_KEYS, $jsonData); self::assertIsArray($jsonData['items']); self::assertCount(3, $jsonData['items']); self::assertIsArray($jsonData['pagination']); self::assertArrayKeysMatch(self::PAGINATION_KEYS, $jsonData['pagination']); self::assertSame(3, $jsonData['pagination']['count']); self::assertIsArray($jsonData['items'][0]); self::assertArrayKeysMatch(self::POST_RESPONSE_KEYS, $jsonData['items'][0]); self::assertSame($first->getId(), $jsonData['items'][0]['postId']); self::assertSame(2, $jsonData['items'][0]['comments']); self::assertIsArray($jsonData['items'][1]); self::assertArrayKeysMatch(self::POST_RESPONSE_KEYS, $jsonData['items'][1]); self::assertSame($second->getId(), $jsonData['items'][1]['postId']); self::assertSame(1, $jsonData['items'][1]['comments']); self::assertIsArray($jsonData['items'][2]); self::assertArrayKeysMatch(self::POST_RESPONSE_KEYS, $jsonData['items'][2]); self::assertSame($third->getId(), $jsonData['items'][2]['postId']); self::assertSame(0, $jsonData['items'][2]['comments']); } public function testApiCanGetPostsActive(): void { $first = $this->createPost('first'); $second = $this->createPost('second'); $third = $this->createPost('third'); $first->lastActive = new \DateTime('-1 hour'); $second->lastActive = new \DateTime('-1 second'); $third->lastActive = new \DateTime(); $entityManager = $this->entityManager; $entityManager->persist($first); $entityManager->persist($second); $entityManager->persist($third); $entityManager->flush(); self::createOAuth2AuthCodeClient(); $this->client->loginUser($this->getUserByUsername('user')); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('GET', '/api/posts?sort=active', server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::PAGINATED_KEYS, $jsonData); self::assertIsArray($jsonData['items']); self::assertCount(3, $jsonData['items']); self::assertIsArray($jsonData['pagination']); self::assertArrayKeysMatch(self::PAGINATION_KEYS, $jsonData['pagination']); self::assertSame(3, $jsonData['pagination']['count']); self::assertIsArray($jsonData['items'][0]); self::assertArrayKeysMatch(self::POST_RESPONSE_KEYS, $jsonData['items'][0]); self::assertSame($third->getId(), $jsonData['items'][0]['postId']); self::assertIsArray($jsonData['items'][1]); self::assertArrayKeysMatch(self::POST_RESPONSE_KEYS, $jsonData['items'][1]); self::assertSame($second->getId(), $jsonData['items'][1]['postId']); self::assertIsArray($jsonData['items'][2]); self::assertArrayKeysMatch(self::POST_RESPONSE_KEYS, $jsonData['items'][2]); self::assertSame($first->getId(), $jsonData['items'][2]['postId']); } public function testApiCanGetPostsTop(): void { $first = $this->createPost('first'); $second = $this->createPost('second'); $third = $this->createPost('third'); $voteManager = $this->voteManager; $voteManager->vote(1, $first, $this->getUserByUsername('voter1'), rateLimit: false); $voteManager->vote(1, $first, $this->getUserByUsername('voter2'), rateLimit: false); $voteManager->vote(1, $second, $this->getUserByUsername('voter1'), rateLimit: false); self::createOAuth2AuthCodeClient(); $this->client->loginUser($this->getUserByUsername('user')); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('GET', '/api/posts?sort=top', server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::PAGINATED_KEYS, $jsonData); self::assertIsArray($jsonData['items']); self::assertCount(3, $jsonData['items']); self::assertIsArray($jsonData['pagination']); self::assertArrayKeysMatch(self::PAGINATION_KEYS, $jsonData['pagination']); self::assertSame(3, $jsonData['pagination']['count']); self::assertIsArray($jsonData['items'][0]); self::assertArrayKeysMatch(self::POST_RESPONSE_KEYS, $jsonData['items'][0]); self::assertSame($first->getId(), $jsonData['items'][0]['postId']); self::assertSame(2, $jsonData['items'][0]['uv']); self::assertIsArray($jsonData['items'][1]); self::assertArrayKeysMatch(self::POST_RESPONSE_KEYS, $jsonData['items'][1]); self::assertSame($second->getId(), $jsonData['items'][1]['postId']); self::assertSame(1, $jsonData['items'][1]['uv']); self::assertIsArray($jsonData['items'][2]); self::assertArrayKeysMatch(self::POST_RESPONSE_KEYS, $jsonData['items'][2]); self::assertSame($third->getId(), $jsonData['items'][2]['postId']); self::assertSame(0, $jsonData['items'][2]['uv']); } public function testApiCanGetPostsWithUserVoteStatus(): void { $post = $this->createPost('a post'); $this->createPostComment('up the ranking', $post); $magazine = $this->getMagazineByNameNoRSAKey('somemag'); $this->createPost('another post', magazine: $magazine); self::createOAuth2AuthCodeClient(); $this->client->loginUser($this->getUserByUsername('user')); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read vote'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('GET', '/api/posts', server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::PAGINATED_KEYS, $jsonData); self::assertIsArray($jsonData['items']); self::assertCount(2, $jsonData['items']); self::assertIsArray($jsonData['pagination']); self::assertArrayKeysMatch(self::PAGINATION_KEYS, $jsonData['pagination']); self::assertSame(2, $jsonData['pagination']['count']); self::assertIsArray($jsonData['items'][0]); self::assertArrayKeysMatch(self::POST_RESPONSE_KEYS, $jsonData['items'][0]); self::assertSame($post->getId(), $jsonData['items'][0]['postId']); self::assertEquals('a post', $jsonData['items'][0]['body']); self::assertIsArray($jsonData['items'][0]['magazine']); self::assertArrayKeysMatch(self::MAGAZINE_SMALL_RESPONSE_KEYS, $jsonData['items'][0]['magazine']); self::assertIsArray($jsonData['items'][0]['user']); self::assertArrayKeysMatch(self::USER_SMALL_RESPONSE_KEYS, $jsonData['items'][0]['user']); self::assertNull($jsonData['items'][0]['image']); self::assertEquals('en', $jsonData['items'][0]['lang']); self::assertEmpty($jsonData['items'][0]['tags']); self::assertSame(1, $jsonData['items'][0]['comments']); self::assertSame(0, $jsonData['items'][0]['uv']); self::assertSame(0, $jsonData['items'][0]['dv']); self::assertSame(0, $jsonData['items'][0]['favourites']); self::assertFalse($jsonData['items'][0]['isFavourited']); self::assertSame(0, $jsonData['items'][0]['userVote']); self::assertFalse($jsonData['items'][0]['isAdult']); self::assertFalse($jsonData['items'][0]['isPinned']); self::assertStringMatchesFormat('%d-%d-%dT%d:%d:%d%i:00', $jsonData['items'][0]['createdAt'], 'createdAt date format invalid'); self::assertNull($jsonData['items'][0]['editedAt']); self::assertStringMatchesFormat('%d-%d-%dT%d:%d:%d%i:00', $jsonData['items'][0]['lastActive'], 'lastActive date format invalid'); self::assertEquals('a-post', $jsonData['items'][0]['slug']); self::assertNull($jsonData['items'][0]['apId']); self::assertIsArray($jsonData['items'][0]['bookmarks']); self::assertEmpty($jsonData['items'][0]['bookmarks']); self::assertIsArray($jsonData['items'][1]); self::assertArrayKeysMatch(self::POST_RESPONSE_KEYS, $jsonData['items'][1]); self::assertEquals('another post', $jsonData['items'][1]['body']); self::assertIsArray($jsonData['items'][1]['magazine']); self::assertArrayKeysMatch(self::MAGAZINE_SMALL_RESPONSE_KEYS, $jsonData['items'][1]['magazine']); self::assertSame($magazine->getId(), $jsonData['items'][1]['magazine']['magazineId']); self::assertSame(0, $jsonData['items'][1]['comments']); } public function testApiCanGetPostByIdAnonymous(): void { $post = $this->createPost('a post'); $this->client->request('GET', "/api/post/{$post->getId()}"); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::POST_RESPONSE_KEYS, $jsonData); self::assertSame($post->getId(), $jsonData['postId']); self::assertEquals('a post', $jsonData['body']); self::assertIsArray($jsonData['magazine']); self::assertArrayKeysMatch(self::MAGAZINE_SMALL_RESPONSE_KEYS, $jsonData['magazine']); self::assertIsArray($jsonData['user']); self::assertArrayKeysMatch(self::USER_SMALL_RESPONSE_KEYS, $jsonData['user']); self::assertNull($jsonData['image']); self::assertEquals('en', $jsonData['lang']); self::assertEmpty($jsonData['tags']); self::assertNull($jsonData['mentions']); self::assertSame(0, $jsonData['comments']); self::assertSame(0, $jsonData['uv']); self::assertSame(0, $jsonData['dv']); self::assertSame(0, $jsonData['favourites']); self::assertNull($jsonData['isFavourited']); self::assertNull($jsonData['userVote']); self::assertFalse($jsonData['isAdult']); self::assertFalse($jsonData['isPinned']); self::assertStringMatchesFormat('%d-%d-%dT%d:%d:%d%i:00', $jsonData['createdAt'], 'createdAt date format invalid'); self::assertNull($jsonData['editedAt']); self::assertStringMatchesFormat('%d-%d-%dT%d:%d:%d%i:00', $jsonData['lastActive'], 'lastActive date format invalid'); self::assertEquals('a-post', $jsonData['slug']); self::assertNull($jsonData['apId']); self::assertNull($jsonData['bookmarks']); } public function testApiCanGetPostById(): void { $post = $this->createPost('a post'); self::createOAuth2AuthCodeClient(); $this->client->loginUser($this->getUserByUsername('user')); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('GET', "/api/post/{$post->getId()}", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::POST_RESPONSE_KEYS, $jsonData); self::assertSame($post->getId(), $jsonData['postId']); self::assertEquals('a post', $jsonData['body']); self::assertIsArray($jsonData['magazine']); self::assertArrayKeysMatch(self::MAGAZINE_SMALL_RESPONSE_KEYS, $jsonData['magazine']); self::assertIsArray($jsonData['user']); self::assertArrayKeysMatch(self::USER_SMALL_RESPONSE_KEYS, $jsonData['user']); self::assertNull($jsonData['image']); self::assertEquals('en', $jsonData['lang']); self::assertEmpty($jsonData['tags']); self::assertSame(0, $jsonData['comments']); self::assertSame(0, $jsonData['uv']); self::assertSame(0, $jsonData['dv']); self::assertSame(0, $jsonData['favourites']); // No scope for seeing votes granted self::assertNull($jsonData['isFavourited']); self::assertNull($jsonData['userVote']); self::assertFalse($jsonData['isAdult']); self::assertFalse($jsonData['isPinned']); self::assertStringMatchesFormat('%d-%d-%dT%d:%d:%d%i:00', $jsonData['createdAt'], 'createdAt date format invalid'); self::assertNull($jsonData['editedAt']); self::assertStringMatchesFormat('%d-%d-%dT%d:%d:%d%i:00', $jsonData['lastActive'], 'lastActive date format invalid'); self::assertEquals('a-post', $jsonData['slug']); self::assertNull($jsonData['apId']); self::assertIsArray($jsonData['bookmarks']); self::assertEmpty($jsonData['bookmarks']); } public function testApiCanGetPostByIdWithUserVoteStatus(): void { $post = $this->createPost('a post'); self::createOAuth2AuthCodeClient(); $this->client->loginUser($this->getUserByUsername('user')); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read vote'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('GET', "/api/post/{$post->getId()}", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::POST_RESPONSE_KEYS, $jsonData); self::assertSame($post->getId(), $jsonData['postId']); self::assertEquals('a post', $jsonData['body']); self::assertIsArray($jsonData['magazine']); self::assertArrayKeysMatch(self::MAGAZINE_SMALL_RESPONSE_KEYS, $jsonData['magazine']); self::assertIsArray($jsonData['user']); self::assertArrayKeysMatch(self::USER_SMALL_RESPONSE_KEYS, $jsonData['user']); self::assertNull($jsonData['image']); self::assertEquals('en', $jsonData['lang']); self::assertEmpty($jsonData['tags']); self::assertSame(0, $jsonData['comments']); self::assertSame(0, $jsonData['uv']); self::assertSame(0, $jsonData['dv']); self::assertSame(0, $jsonData['favourites']); self::assertFalse($jsonData['isFavourited']); self::assertSame(0, $jsonData['userVote']); self::assertFalse($jsonData['isAdult']); self::assertFalse($jsonData['isPinned']); // This API creates a view when used self::assertStringMatchesFormat('%d-%d-%dT%d:%d:%d%i:00', $jsonData['createdAt'], 'createdAt date format invalid'); self::assertNull($jsonData['editedAt']); self::assertStringMatchesFormat('%d-%d-%dT%d:%d:%d%i:00', $jsonData['lastActive'], 'lastActive date format invalid'); self::assertEquals('a-post', $jsonData['slug']); self::assertNull($jsonData['apId']); self::assertIsArray($jsonData['bookmarks']); self::assertEmpty($jsonData['bookmarks']); } public function testApiCanGetPostsLocal(): void { $first = $this->createPost('first'); $second = $this->createPost('second'); $second->apId = 'https://some.url'; $entityManager = $this->entityManager; $entityManager->persist($first); $entityManager->persist($second); $entityManager->flush(); self::createOAuth2AuthCodeClient(); $this->client->loginUser($this->getUserByUsername('user')); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('GET', '/api/posts?federation=local', server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::PAGINATED_KEYS, $jsonData); self::assertIsArray($jsonData['items']); self::assertCount(1, $jsonData['items']); self::assertIsArray($jsonData['pagination']); self::assertArrayKeysMatch(self::PAGINATION_KEYS, $jsonData['pagination']); self::assertSame(1, $jsonData['pagination']['count']); self::assertIsArray($jsonData['items'][0]); self::assertArrayKeysMatch(self::POST_RESPONSE_KEYS, $jsonData['items'][0]); self::assertSame($first->getId(), $jsonData['items'][0]['postId']); } public function testApiCanGetPostsFederated(): void { $first = $this->createPost('first'); $second = $this->createPost('second'); $second->apId = 'https://some.url'; $entityManager = $this->entityManager; $entityManager->persist($first); $entityManager->persist($second); $entityManager->flush(); self::createOAuth2AuthCodeClient(); $this->client->loginUser($this->getUserByUsername('user')); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('GET', '/api/posts?federation=federated', server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::PAGINATED_KEYS, $jsonData); self::assertIsArray($jsonData['items']); self::assertCount(1, $jsonData['items']); self::assertIsArray($jsonData['pagination']); self::assertArrayKeysMatch(self::PAGINATION_KEYS, $jsonData['pagination']); self::assertSame(1, $jsonData['pagination']['count']); self::assertIsArray($jsonData['items'][0]); self::assertArrayKeysMatch(self::POST_RESPONSE_KEYS, $jsonData['items'][0]); self::assertSame($second->getId(), $jsonData['items'][0]['postId']); } } ================================================ FILE: tests/Functional/Controller/Api/Post/PostUpdateApiTest.php ================================================ getMagazineByNameNoRSAKey('acme'); $post = $this->createPost('test article', magazine: $magazine); $updateRequest = [ 'body' => 'Updated body', 'lang' => 'nl', 'isAdult' => true, ]; $this->client->jsonRequest('PUT', "/api/post/{$post->getId()}", $updateRequest); self::assertResponseStatusCodeSame(401); } public function testApiCannotUpdatePostWithoutScope(): void { $user = $this->getUserByUsername('user'); $magazine = $this->getMagazineByNameNoRSAKey('acme'); $post = $this->createPost('test article', user: $user, magazine: $magazine); $updateRequest = [ 'body' => 'Updated body', 'lang' => 'nl', 'isAdult' => true, ]; self::createOAuth2AuthCodeClient(); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->jsonRequest('PUT', "/api/post/{$post->getId()}", $updateRequest, server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); } public function testApiCannotUpdateOtherUsersPost(): void { $otherUser = $this->getUserByUsername('somebody'); $user = $this->getUserByUsername('user'); $magazine = $this->getMagazineByNameNoRSAKey('acme'); $post = $this->createPost('test article', user: $otherUser, magazine: $magazine); $updateRequest = [ 'body' => 'Updated body', 'lang' => 'nl', 'isAdult' => true, ]; self::createOAuth2AuthCodeClient(); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read post:edit'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->jsonRequest('PUT', "/api/post/{$post->getId()}", $updateRequest, server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); } public function testApiCanUpdatePost(): void { $user = $this->getUserByUsername('user'); $magazine = $this->getMagazineByNameNoRSAKey('acme'); $post = $this->createPost('test article', user: $user, magazine: $magazine); $updateRequest = [ 'body' => 'Updated #body @user', 'lang' => 'nl', 'isAdult' => true, ]; self::createOAuth2AuthCodeClient(); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read post:edit'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->jsonRequest('PUT', "/api/post/{$post->getId()}", $updateRequest, server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::POST_RESPONSE_KEYS, $jsonData); self::assertSame($post->getId(), $jsonData['postId']); self::assertIsArray($jsonData['magazine']); self::assertArrayKeysMatch(self::MAGAZINE_SMALL_RESPONSE_KEYS, $jsonData['magazine']); self::assertSame($magazine->getId(), $jsonData['magazine']['magazineId']); self::assertIsArray($jsonData['user']); self::assertArrayKeysMatch(self::USER_SMALL_RESPONSE_KEYS, $jsonData['user']); self::assertSame($user->getId(), $jsonData['user']['userId']); self::assertEquals($updateRequest['body'], $jsonData['body']); self::assertNull($jsonData['image']); self::assertEquals($updateRequest['lang'], $jsonData['lang']); self::assertIsArray($jsonData['tags']); self::assertSame(['body'], $jsonData['tags']); self::assertIsArray($jsonData['mentions']); self::assertSame(['@user'], $jsonData['mentions']); self::assertSame(0, $jsonData['comments']); self::assertSame(0, $jsonData['uv']); self::assertSame(0, $jsonData['dv']); self::assertSame(0, $jsonData['favourites']); // No scope for seeing votes granted self::assertNull($jsonData['isFavourited']); self::assertNull($jsonData['userVote']); self::assertTrue($jsonData['isAdult']); self::assertFalse($jsonData['isPinned']); self::assertStringMatchesFormat('%d-%d-%dT%d:%d:%d%i:00', $jsonData['createdAt'], 'createdAt date format invalid'); self::assertStringMatchesFormat('%d-%d-%dT%d:%d:%d%i:00', $jsonData['editedAt'], 'editedAt date format invalid'); self::assertStringMatchesFormat('%d-%d-%dT%d:%d:%d%i:00', $jsonData['lastActive'], 'lastActive date format invalid'); self::assertEquals('Updated-body-at-user', $jsonData['slug']); self::assertNull($jsonData['apId']); } public function testApiCannotUpdateImagePostAnonymous(): void { $magazine = $this->getMagazineByNameNoRSAKey('acme'); $imageDto = $this->getKibbyImageDto(); $post = $this->createPost('test image', imageDto: $imageDto, magazine: $magazine); $updateRequest = [ 'body' => 'Updated body', 'lang' => 'nl', 'isAdult' => true, ]; $this->client->jsonRequest('PUT', "/api/post/{$post->getId()}", $updateRequest); self::assertResponseStatusCodeSame(401); } public function testApiCannotUpdateImagePostWithoutScope(): void { $magazine = $this->getMagazineByNameNoRSAKey('acme'); $user = $this->getUserByUsername('user'); $imageDto = $this->getKibbyImageDto(); $post = $this->createPost('test image', imageDto: $imageDto, user: $user, magazine: $magazine); $updateRequest = [ 'body' => 'Updated body', 'lang' => 'nl', 'isAdult' => true, ]; self::createOAuth2AuthCodeClient(); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->jsonRequest('PUT', "/api/post/{$post->getId()}", $updateRequest, server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); } public function testApiCannotUpdateOtherUsersImagePost(): void { $otherUser = $this->getUserByUsername('somebody'); $user = $this->getUserByUsername('user'); $magazine = $this->getMagazineByNameNoRSAKey('acme'); $imageDto = $this->getKibbyImageDto(); $post = $this->createPost('test image', imageDto: $imageDto, user: $otherUser, magazine: $magazine); $updateRequest = [ 'body' => 'Updated body', 'lang' => 'nl', 'isAdult' => true, ]; self::createOAuth2AuthCodeClient(); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read post:edit'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->jsonRequest('PUT', "/api/post/{$post->getId()}", $updateRequest, server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); } #[Group(name: 'NonThreadSafe')] public function testApiCanUpdateImagePost(): void { $user = $this->getUserByUsername('user'); $magazine = $this->getMagazineByNameNoRSAKey('acme'); $imageDto = $this->getKibbyImageDto(); $post = $this->createPost('test image', imageDto: $imageDto, user: $user, magazine: $magazine); $updateRequest = [ 'body' => 'Updated #body @user', 'lang' => 'nl', 'isAdult' => true, ]; self::createOAuth2AuthCodeClient(); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read post:edit'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->jsonRequest('PUT', "/api/post/{$post->getId()}", $updateRequest, server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::POST_RESPONSE_KEYS, $jsonData); self::assertSame($post->getId(), $jsonData['postId']); self::assertIsArray($jsonData['magazine']); self::assertArrayKeysMatch(self::MAGAZINE_SMALL_RESPONSE_KEYS, $jsonData['magazine']); self::assertSame($magazine->getId(), $jsonData['magazine']['magazineId']); self::assertIsArray($jsonData['user']); self::assertArrayKeysMatch(self::USER_SMALL_RESPONSE_KEYS, $jsonData['user']); self::assertSame($user->getId(), $jsonData['user']['userId']); self::assertEquals($updateRequest['body'], $jsonData['body']); self::assertIsArray($jsonData['image']); self::assertArrayKeysMatch(self::IMAGE_KEYS, $jsonData['image']); self::assertStringContainsString($imageDto->filePath, $jsonData['image']['filePath']); self::assertEquals($updateRequest['lang'], $jsonData['lang']); self::assertIsArray($jsonData['tags']); self::assertSame(['body'], $jsonData['tags']); self::assertIsArray($jsonData['mentions']); self::assertSame(['@user'], $jsonData['mentions']); self::assertSame(0, $jsonData['comments']); self::assertSame(0, $jsonData['uv']); self::assertSame(0, $jsonData['dv']); self::assertSame(0, $jsonData['favourites']); // No scope for seeing votes granted self::assertNull($jsonData['isFavourited']); self::assertNull($jsonData['userVote']); self::assertTrue($jsonData['isAdult']); self::assertFalse($jsonData['isPinned']); self::assertStringMatchesFormat('%d-%d-%dT%d:%d:%d%i:00', $jsonData['createdAt'], 'createdAt date format invalid'); self::assertStringMatchesFormat('%d-%d-%dT%d:%d:%d%i:00', $jsonData['editedAt'], 'editedAt date format invalid'); self::assertStringMatchesFormat('%d-%d-%dT%d:%d:%d%i:00', $jsonData['lastActive'], 'lastActive date format invalid'); self::assertEquals('Updated-body-at-user', $jsonData['slug']); self::assertNull($jsonData['apId']); } } ================================================ FILE: tests/Functional/Controller/Api/Post/PostVoteApiTest.php ================================================ getMagazineByNameNoRSAKey('acme'); $post = $this->createPost('test post', magazine: $magazine); $this->client->jsonRequest('PUT', "/api/post/{$post->getId()}/vote/1"); self::assertResponseStatusCodeSame(401); } public function testApiCannotUpvotePostWithoutScope(): void { $user = $this->getUserByUsername('user'); $magazine = $this->getMagazineByNameNoRSAKey('acme'); $post = $this->createPost('test post', user: $user, magazine: $magazine); self::createOAuth2AuthCodeClient(); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->jsonRequest('PUT', "/api/post/{$post->getId()}/vote/1", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); } public function testApiCanUpvotePost(): void { $user = $this->getUserByUsername('user'); $magazine = $this->getMagazineByNameNoRSAKey('acme'); $post = $this->createPost('test post', user: $user, magazine: $magazine); self::createOAuth2AuthCodeClient(); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read post:vote'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->jsonRequest('PUT', "/api/post/{$post->getId()}/vote/1", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::POST_RESPONSE_KEYS, $jsonData); self::assertSame($post->getId(), $jsonData['postId']); self::assertIsArray($jsonData['magazine']); self::assertArrayKeysMatch(self::MAGAZINE_SMALL_RESPONSE_KEYS, $jsonData['magazine']); self::assertSame($magazine->getId(), $jsonData['magazine']['magazineId']); self::assertIsArray($jsonData['user']); self::assertArrayKeysMatch(self::USER_SMALL_RESPONSE_KEYS, $jsonData['user']); self::assertSame($user->getId(), $jsonData['user']['userId']); self::assertEquals($post->body, $jsonData['body']); self::assertNull($jsonData['image']); self::assertEquals($post->lang, $jsonData['lang']); self::assertEmpty($jsonData['tags']); self::assertNull($jsonData['mentions']); self::assertSame(0, $jsonData['comments']); self::assertSame(1, $jsonData['uv']); self::assertSame(0, $jsonData['dv']); self::assertSame(0, $jsonData['favourites']); // No scope for seeing votes granted self::assertFalse($jsonData['isFavourited']); self::assertSame(1, $jsonData['userVote']); self::assertFalse($jsonData['isAdult']); self::assertFalse($jsonData['isPinned']); self::assertStringMatchesFormat('%d-%d-%dT%d:%d:%d%i:00', $jsonData['createdAt'], 'createdAt date format invalid'); self::assertNull($jsonData['editedAt']); self::assertStringMatchesFormat('%d-%d-%dT%d:%d:%d%i:00', $jsonData['lastActive'], 'lastActive date format invalid'); self::assertEquals('test-post', $jsonData['slug']); self::assertNull($jsonData['apId']); } public function testApiCannotDownvotePostAnonymous(): void { $magazine = $this->getMagazineByNameNoRSAKey('acme'); $post = $this->createPost('test post', magazine: $magazine); $this->client->jsonRequest('PUT', "/api/post/{$post->getId()}/vote/-1"); self::assertResponseStatusCodeSame(401); } public function testApiCannotDownvotePostWithoutScope(): void { $user = $this->getUserByUsername('user'); $magazine = $this->getMagazineByNameNoRSAKey('acme'); $post = $this->createPost('test post', user: $user, magazine: $magazine); self::createOAuth2AuthCodeClient(); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->jsonRequest('PUT', "/api/post/{$post->getId()}/vote/-1", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); } public function testApiCannotDownvotePost(): void { $user = $this->getUserByUsername('user'); $magazine = $this->getMagazineByNameNoRSAKey('acme'); $post = $this->createPost('test post', user: $user, magazine: $magazine); self::createOAuth2AuthCodeClient(); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read post:vote'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->jsonRequest('PUT', "/api/post/{$post->getId()}/vote/-1", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(400); } public function testApiCannotClearVotePostAnonymous(): void { $magazine = $this->getMagazineByNameNoRSAKey('acme'); $post = $this->createPost('test post', magazine: $magazine); $this->client->jsonRequest('PUT', "/api/post/{$post->getId()}/vote/0"); self::assertResponseStatusCodeSame(401); } public function testApiCannotClearVotePostWithoutScope(): void { $user = $this->getUserByUsername('user'); $magazine = $this->getMagazineByNameNoRSAKey('acme'); $post = $this->createPost('test post', user: $user, magazine: $magazine); $voteManager = $this->voteManager; $voteManager->vote(1, $post, $user, rateLimit: false); self::createOAuth2AuthCodeClient(); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->jsonRequest('PUT', "/api/post/{$post->getId()}/vote/0", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); } public function testApiCanClearVotePost(): void { $user = $this->getUserByUsername('user'); $magazine = $this->getMagazineByNameNoRSAKey('acme'); $post = $this->createPost('test post', user: $user, magazine: $magazine); $voteManager = $this->voteManager; $voteManager->vote(1, $post, $user, rateLimit: false); self::createOAuth2AuthCodeClient(); $this->client->loginUser($user); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read post:vote'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->jsonRequest('PUT', "/api/post/{$post->getId()}/vote/0", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::POST_RESPONSE_KEYS, $jsonData); self::assertSame($post->getId(), $jsonData['postId']); self::assertIsArray($jsonData['magazine']); self::assertArrayKeysMatch(self::MAGAZINE_SMALL_RESPONSE_KEYS, $jsonData['magazine']); self::assertSame($magazine->getId(), $jsonData['magazine']['magazineId']); self::assertIsArray($jsonData['user']); self::assertArrayKeysMatch(self::USER_SMALL_RESPONSE_KEYS, $jsonData['user']); self::assertSame($user->getId(), $jsonData['user']['userId']); self::assertEquals($post->body, $jsonData['body']); self::assertNull($jsonData['image']); self::assertEquals($post->lang, $jsonData['lang']); self::assertEmpty($jsonData['tags']); self::assertNull($jsonData['mentions']); self::assertSame(0, $jsonData['comments']); self::assertSame(0, $jsonData['uv']); self::assertSame(0, $jsonData['dv']); self::assertSame(0, $jsonData['favourites']); // No scope for seeing votes granted self::assertFalse($jsonData['isFavourited']); self::assertSame(0, $jsonData['userVote']); self::assertFalse($jsonData['isAdult']); self::assertFalse($jsonData['isPinned']); self::assertStringMatchesFormat('%d-%d-%dT%d:%d:%d%i:00', $jsonData['createdAt'], 'createdAt date format invalid'); self::assertNull($jsonData['editedAt']); self::assertStringMatchesFormat('%d-%d-%dT%d:%d:%d%i:00', $jsonData['lastActive'], 'lastActive date format invalid'); self::assertEquals('test-post', $jsonData['slug']); self::assertNull($jsonData['apId']); } } ================================================ FILE: tests/Functional/Controller/Api/Post/PostsActivityApiTest.php ================================================ getUserByUsername('user'); $magazine = $this->getMagazineByNameNoRSAKey('acme'); $post = $this->createPost('test post', user: $user, magazine: $magazine); $this->client->jsonRequest('GET', "/api/post/{$post->getId()}/activity"); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(EntriesActivityApiTest::ACTIVITIES_RESPONSE_DTO_KEYS, $jsonData); self::assertSame([], $jsonData['boosts']); self::assertSame([], $jsonData['upvotes']); self::assertSame(null, $jsonData['downvotes']); } public function testUpvotes() { $author = $this->getUserByUsername('userA'); $user1 = $this->getUserByUsername('user1'); $user2 = $this->getUserByUsername('user2'); $this->getUserByUsername('user3'); $magazine = $this->getMagazineByNameNoRSAKey('acme'); $post = $this->createPost('test post', user: $author, magazine: $magazine); $this->favouriteManager->toggle($user1, $post); $this->favouriteManager->toggle($user2, $post); $this->client->jsonRequest('GET', "/api/post/{$post->getId()}/activity"); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(EntriesActivityApiTest::ACTIVITIES_RESPONSE_DTO_KEYS, $jsonData); self::assertSame([], $jsonData['boosts']); self::assertSame(null, $jsonData['downvotes']); self::assertCount(2, $jsonData['upvotes']); self::assertTrue(array_all($jsonData['upvotes'], function ($u) use ($user1, $user2) { /* @var UserSmallResponseDto $u */ return $u['userId'] === $user1->getId() || $u['userId'] === $user2->getId(); }), serialize($jsonData['upvotes'])); } public function testBoosts() { $author = $this->getUserByUsername('userA'); $user1 = $this->getUserByUsername('user1'); $user2 = $this->getUserByUsername('user2'); $this->getUserByUsername('user3'); $magazine = $this->getMagazineByNameNoRSAKey('acme'); $post = $this->createPost('test post', user: $author, magazine: $magazine); $this->voteManager->upvote($post, $user1); $this->voteManager->upvote($post, $user2); $this->client->jsonRequest('GET', "/api/post/{$post->getId()}/activity"); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(EntriesActivityApiTest::ACTIVITIES_RESPONSE_DTO_KEYS, $jsonData); self::assertSame([], $jsonData['upvotes']); self::assertSame(null, $jsonData['downvotes']); self::assertCount(2, $jsonData['boosts']); self::assertTrue(array_all($jsonData['boosts'], function ($u) use ($user1, $user2) { /* @var UserSmallResponseDto $u */ return $u['userId'] === $user1->getId() || $u['userId'] === $user2->getId(); }), serialize($jsonData['boosts'])); } } ================================================ FILE: tests/Functional/Controller/Api/Post/UserPostRetrieveApiTest.php ================================================ createPost('a post'); $this->createPostComment('up the ranking', $post); $magazine = $this->getMagazineByNameNoRSAKey('somemag'); $otherUser = $this->getUserByUsername('somebody'); $this->createPost('another post', magazine: $magazine, user: $otherUser); $this->client->request('GET', "/api/users/{$otherUser->getId()}/posts"); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::PAGINATED_KEYS, $jsonData); self::assertIsArray($jsonData['items']); self::assertCount(1, $jsonData['items']); self::assertIsArray($jsonData['pagination']); self::assertArrayKeysMatch(self::PAGINATION_KEYS, $jsonData['pagination']); self::assertSame(1, $jsonData['pagination']['count']); self::assertIsArray($jsonData['items'][0]); self::assertArrayKeysMatch(self::POST_RESPONSE_KEYS, $jsonData['items'][0]); self::assertEquals('another post', $jsonData['items'][0]['body']); self::assertIsArray($jsonData['items'][0]['magazine']); self::assertArrayKeysMatch(self::MAGAZINE_SMALL_RESPONSE_KEYS, $jsonData['items'][0]['magazine']); self::assertSame($magazine->getId(), $jsonData['items'][0]['magazine']['magazineId']); self::assertIsArray($jsonData['items'][0]['user']); self::assertArrayKeysMatch(self::USER_SMALL_RESPONSE_KEYS, $jsonData['items'][0]['user']); self::assertSame($otherUser->getId(), $jsonData['items'][0]['user']['userId']); self::assertSame(0, $jsonData['items'][0]['comments']); } public function testApiCanGetUserEntries(): void { $post = $this->createPost('a post'); $this->createPostComment('up the ranking', $post); $magazine = $this->getMagazineByNameNoRSAKey('somemag'); $otherUser = $this->getUserByUsername('somebody'); $this->createPost('another post', magazine: $magazine, user: $otherUser); self::createOAuth2AuthCodeClient(); $this->client->loginUser($this->getUserByUsername('user')); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('GET', "/api/users/{$otherUser->getId()}/posts", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::PAGINATED_KEYS, $jsonData); self::assertIsArray($jsonData['items']); self::assertCount(1, $jsonData['items']); self::assertIsArray($jsonData['pagination']); self::assertArrayKeysMatch(self::PAGINATION_KEYS, $jsonData['pagination']); self::assertSame(1, $jsonData['pagination']['count']); self::assertIsArray($jsonData['items'][0]); self::assertArrayKeysMatch(self::POST_RESPONSE_KEYS, $jsonData['items'][0]); self::assertEquals('another post', $jsonData['items'][0]['body']); self::assertIsArray($jsonData['items'][0]['magazine']); self::assertArrayKeysMatch(self::MAGAZINE_SMALL_RESPONSE_KEYS, $jsonData['items'][0]['magazine']); self::assertSame($magazine->getId(), $jsonData['items'][0]['magazine']['magazineId']); self::assertIsArray($jsonData['items'][0]['user']); self::assertArrayKeysMatch(self::USER_SMALL_RESPONSE_KEYS, $jsonData['items'][0]['user']); self::assertSame($otherUser->getId(), $jsonData['items'][0]['user']['userId']); self::assertSame(0, $jsonData['items'][0]['comments']); } public function testApiCanGetUserEntriesNewest(): void { $first = $this->createPost('first'); $second = $this->createPost('second'); $third = $this->createPost('third'); $otherUser = $first->user; $first->createdAt = new \DateTimeImmutable('-1 hour'); $second->createdAt = new \DateTimeImmutable('-1 second'); $third->createdAt = new \DateTimeImmutable(); $entityManager = $this->entityManager; $entityManager->persist($first); $entityManager->persist($second); $entityManager->persist($third); $entityManager->flush(); self::createOAuth2AuthCodeClient(); $this->client->loginUser($this->getUserByUsername('user')); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('GET', "/api/users/{$otherUser->getId()}/posts?sort=newest", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::PAGINATED_KEYS, $jsonData); self::assertIsArray($jsonData['items']); self::assertCount(3, $jsonData['items']); self::assertIsArray($jsonData['pagination']); self::assertArrayKeysMatch(self::PAGINATION_KEYS, $jsonData['pagination']); self::assertSame(3, $jsonData['pagination']['count']); self::assertIsArray($jsonData['items'][0]); self::assertArrayKeysMatch(self::POST_RESPONSE_KEYS, $jsonData['items'][0]); self::assertSame($third->getId(), $jsonData['items'][0]['postId']); self::assertIsArray($jsonData['items'][1]); self::assertArrayKeysMatch(self::POST_RESPONSE_KEYS, $jsonData['items'][1]); self::assertSame($second->getId(), $jsonData['items'][1]['postId']); self::assertIsArray($jsonData['items'][2]); self::assertArrayKeysMatch(self::POST_RESPONSE_KEYS, $jsonData['items'][2]); self::assertSame($first->getId(), $jsonData['items'][2]['postId']); } public function testApiCanGetUserEntriesOldest(): void { $first = $this->createPost('first'); $second = $this->createPost('second'); $third = $this->createPost('third'); $otherUser = $first->user; $first->createdAt = new \DateTimeImmutable('-1 hour'); $second->createdAt = new \DateTimeImmutable('-1 second'); $third->createdAt = new \DateTimeImmutable(); $entityManager = $this->entityManager; $entityManager->persist($first); $entityManager->persist($second); $entityManager->persist($third); $entityManager->flush(); self::createOAuth2AuthCodeClient(); $this->client->loginUser($this->getUserByUsername('user')); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('GET', "/api/users/{$otherUser->getId()}/posts?sort=oldest", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::PAGINATED_KEYS, $jsonData); self::assertIsArray($jsonData['items']); self::assertCount(3, $jsonData['items']); self::assertIsArray($jsonData['pagination']); self::assertArrayKeysMatch(self::PAGINATION_KEYS, $jsonData['pagination']); self::assertSame(3, $jsonData['pagination']['count']); self::assertIsArray($jsonData['items'][0]); self::assertArrayKeysMatch(self::POST_RESPONSE_KEYS, $jsonData['items'][0]); self::assertSame($first->getId(), $jsonData['items'][0]['postId']); self::assertIsArray($jsonData['items'][1]); self::assertArrayKeysMatch(self::POST_RESPONSE_KEYS, $jsonData['items'][1]); self::assertSame($second->getId(), $jsonData['items'][1]['postId']); self::assertIsArray($jsonData['items'][2]); self::assertArrayKeysMatch(self::POST_RESPONSE_KEYS, $jsonData['items'][2]); self::assertSame($third->getId(), $jsonData['items'][2]['postId']); } public function testApiCanGetUserEntriesCommented(): void { $first = $this->createPost('first'); $this->createPostComment('comment 1', $first); $this->createPostComment('comment 2', $first); $second = $this->createPost('second'); $this->createPostComment('comment 1', $second); $third = $this->createPost('third'); $otherUser = $first->user; self::createOAuth2AuthCodeClient(); $this->client->loginUser($this->getUserByUsername('user')); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('GET', "/api/users/{$otherUser->getId()}/posts?sort=commented", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::PAGINATED_KEYS, $jsonData); self::assertIsArray($jsonData['items']); self::assertCount(3, $jsonData['items']); self::assertIsArray($jsonData['pagination']); self::assertArrayKeysMatch(self::PAGINATION_KEYS, $jsonData['pagination']); self::assertSame(3, $jsonData['pagination']['count']); self::assertIsArray($jsonData['items'][0]); self::assertArrayKeysMatch(self::POST_RESPONSE_KEYS, $jsonData['items'][0]); self::assertSame($first->getId(), $jsonData['items'][0]['postId']); self::assertSame(2, $jsonData['items'][0]['comments']); self::assertIsArray($jsonData['items'][1]); self::assertArrayKeysMatch(self::POST_RESPONSE_KEYS, $jsonData['items'][1]); self::assertSame($second->getId(), $jsonData['items'][1]['postId']); self::assertSame(1, $jsonData['items'][1]['comments']); self::assertIsArray($jsonData['items'][2]); self::assertArrayKeysMatch(self::POST_RESPONSE_KEYS, $jsonData['items'][2]); self::assertSame($third->getId(), $jsonData['items'][2]['postId']); self::assertSame(0, $jsonData['items'][2]['comments']); } public function testApiCanGetUserEntriesActive(): void { $first = $this->createPost('first'); $second = $this->createPost('second'); $third = $this->createPost('third'); $otherUser = $first->user; $first->lastActive = new \DateTime('-1 hour'); $second->lastActive = new \DateTime('-1 second'); $third->lastActive = new \DateTime(); $entityManager = $this->entityManager; $entityManager->persist($first); $entityManager->persist($second); $entityManager->persist($third); $entityManager->flush(); self::createOAuth2AuthCodeClient(); $this->client->loginUser($this->getUserByUsername('user')); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('GET', "/api/users/{$otherUser->getId()}/posts?sort=active", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::PAGINATED_KEYS, $jsonData); self::assertIsArray($jsonData['items']); self::assertCount(3, $jsonData['items']); self::assertIsArray($jsonData['pagination']); self::assertArrayKeysMatch(self::PAGINATION_KEYS, $jsonData['pagination']); self::assertSame(3, $jsonData['pagination']['count']); self::assertIsArray($jsonData['items'][0]); self::assertArrayKeysMatch(self::POST_RESPONSE_KEYS, $jsonData['items'][0]); self::assertSame($third->getId(), $jsonData['items'][0]['postId']); self::assertIsArray($jsonData['items'][1]); self::assertArrayKeysMatch(self::POST_RESPONSE_KEYS, $jsonData['items'][1]); self::assertSame($second->getId(), $jsonData['items'][1]['postId']); self::assertIsArray($jsonData['items'][2]); self::assertArrayKeysMatch(self::POST_RESPONSE_KEYS, $jsonData['items'][2]); self::assertSame($first->getId(), $jsonData['items'][2]['postId']); } public function testApiCanGetUserEntriesTop(): void { $first = $this->createPost('first'); $second = $this->createPost('second'); $third = $this->createPost('third'); $otherUser = $first->user; $voteManager = $this->voteManager; $voteManager->vote(1, $first, $this->getUserByUsername('voter1'), rateLimit: false); $voteManager->vote(1, $first, $this->getUserByUsername('voter2'), rateLimit: false); $voteManager->vote(1, $second, $this->getUserByUsername('voter1'), rateLimit: false); self::createOAuth2AuthCodeClient(); $this->client->loginUser($this->getUserByUsername('user')); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('GET', "/api/users/{$otherUser->getId()}/posts?sort=top", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::PAGINATED_KEYS, $jsonData); self::assertIsArray($jsonData['items']); self::assertCount(3, $jsonData['items']); self::assertIsArray($jsonData['pagination']); self::assertArrayKeysMatch(self::PAGINATION_KEYS, $jsonData['pagination']); self::assertSame(3, $jsonData['pagination']['count']); self::assertIsArray($jsonData['items'][0]); self::assertArrayKeysMatch(self::POST_RESPONSE_KEYS, $jsonData['items'][0]); self::assertSame($first->getId(), $jsonData['items'][0]['postId']); self::assertSame(2, $jsonData['items'][0]['uv']); self::assertIsArray($jsonData['items'][1]); self::assertArrayKeysMatch(self::POST_RESPONSE_KEYS, $jsonData['items'][1]); self::assertSame($second->getId(), $jsonData['items'][1]['postId']); self::assertSame(1, $jsonData['items'][1]['uv']); self::assertIsArray($jsonData['items'][2]); self::assertArrayKeysMatch(self::POST_RESPONSE_KEYS, $jsonData['items'][2]); self::assertSame($third->getId(), $jsonData['items'][2]['postId']); self::assertSame(0, $jsonData['items'][2]['uv']); } public function testApiCanGetUserEntriesWithUserVoteStatus(): void { $this->createPost('a post'); $otherUser = $this->getUserByUsername('somebody'); $magazine = $this->getMagazineByNameNoRSAKey('somemag'); $post = $this->createPost('another post', magazine: $magazine, user: $otherUser); self::createOAuth2AuthCodeClient(); $this->client->loginUser($this->getUserByUsername('user')); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read vote'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->request('GET', "/api/users/{$otherUser->getId()}/posts", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::PAGINATED_KEYS, $jsonData); self::assertIsArray($jsonData['items']); self::assertCount(1, $jsonData['items']); self::assertIsArray($jsonData['pagination']); self::assertArrayKeysMatch(self::PAGINATION_KEYS, $jsonData['pagination']); self::assertSame(1, $jsonData['pagination']['count']); self::assertIsArray($jsonData['items'][0]); self::assertArrayKeysMatch(self::POST_RESPONSE_KEYS, $jsonData['items'][0]); self::assertSame($post->getId(), $jsonData['items'][0]['postId']); self::assertEquals('another post', $jsonData['items'][0]['body']); self::assertIsArray($jsonData['items'][0]['magazine']); self::assertArrayKeysMatch(self::MAGAZINE_SMALL_RESPONSE_KEYS, $jsonData['items'][0]['magazine']); self::assertSame($magazine->getId(), $jsonData['items'][0]['magazine']['magazineId']); self::assertIsArray($jsonData['items'][0]['user']); self::assertArrayKeysMatch(self::USER_SMALL_RESPONSE_KEYS, $jsonData['items'][0]['user']); self::assertSame($otherUser->getId(), $jsonData['items'][0]['user']['userId']); self::assertNull($jsonData['items'][0]['image']); self::assertEquals('en', $jsonData['items'][0]['lang']); self::assertEmpty($jsonData['items'][0]['tags']); self::assertNull($jsonData['items'][0]['mentions']); self::assertSame(0, $jsonData['items'][0]['comments']); self::assertSame(0, $jsonData['items'][0]['uv']); self::assertSame(0, $jsonData['items'][0]['dv']); self::assertSame(0, $jsonData['items'][0]['favourites']); self::assertFalse($jsonData['items'][0]['isFavourited']); self::assertSame(0, $jsonData['items'][0]['userVote']); self::assertFalse($jsonData['items'][0]['isAdult']); self::assertFalse($jsonData['items'][0]['isPinned']); self::assertStringMatchesFormat('%d-%d-%dT%d:%d:%d%i:00', $jsonData['items'][0]['createdAt'], 'createdAt date format invalid'); self::assertNull($jsonData['items'][0]['editedAt']); self::assertStringMatchesFormat('%d-%d-%dT%d:%d:%d%i:00', $jsonData['items'][0]['lastActive'], 'lastActive date format invalid'); self::assertEquals('another-post', $jsonData['items'][0]['slug']); self::assertNull($jsonData['items'][0]['apId']); } } ================================================ FILE: tests/Functional/Controller/Api/Search/SearchApiTest.php ================================================ someUser = $this->getUserByUsername('JohnDoe2', email: 'jd@test.tld'); $this->someMagazine = $this->getMagazineByName('acme2', $this->someUser); } public function setUpRemoteEntities(): void { $this->createRemoteEntryInRemoteMagazine($this->remoteMagazine, $this->remoteUser, function (Entry $entry) { $this->testEntryUrl = 'https://remote.mbin/m/someremotemagazine/t/'.$entry->getId(); }); } protected function setUpRemoteActors(): void { parent::setUpRemoteActors(); $this->remoteUser = $this->getUserByUsername(self::TEST_USER_NAME, addImage: false); $this->registerActor($this->remoteUser, $this->remoteDomain, true); $this->remoteMagazine = $this->getMagazineByName(self::TEST_MAGAZINE_NAME); $this->registerActor($this->remoteMagazine, $this->remoteDomain, true); } public function testApiCannotSearchWithNoQuery(): void { $this->client->request('GET', '/api/search/v2'); self::assertResponseStatusCodeSame(400); } public function testApiCanFindEntryByTitleAnonymous(): void { $entry = $this->getEntryByTitle('A test title to search for', magazine: $this->someMagazine, user: $this->someUser); $this->getEntryByTitle('Cannot find this', magazine: $this->someMagazine, user: $this->someUser); $this->client->request('GET', '/api/search/v2?q=title'); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::validateResponseOuterData($jsonData, 1, 0); self::validateResponseItemData($jsonData['items'][0], 'entry', $entry->getId()); } public function testApiCanFindContentByBodyAnonymous(): void { $entry = $this->getEntryByTitle('A test title to search for', body: 'This is the body we\'re finding', magazine: $this->someMagazine, user: $this->someUser); $this->getEntryByTitle('Cannot find this', body: 'No keywords here!', magazine: $this->someMagazine, user: $this->someUser); $post = $this->createPost('Lets get a post with its body in there too!', magazine: $this->someMagazine, user: $this->someUser); $this->createPost('But not this one.', magazine: $this->someMagazine, user: $this->someUser); $this->client->request('GET', '/api/search/v2?q=body'); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::validateResponseOuterData($jsonData, 2, 0); foreach ($jsonData['items'] as $item) { if (null !== $item['entry']) { $type = 'entry'; $id = $entry->getId(); } else { $type = 'post'; $id = $post->getId(); } self::validateResponseItemData($item, $type, $id); } } public function testApiCanFindCommentsByBodyAnonymous(): void { $entry = $this->getEntryByTitle('Cannot find this', body: 'No keywords here!', magazine: $this->someMagazine, user: $this->someUser); $post = $this->createPost('But not this one.', magazine: $this->someMagazine, user: $this->someUser); $entryComment = $this->createEntryComment('Some comment on a thread', $entry, user: $this->someUser); $postComment = $this->createPostComment('Some comment on a post', $post, user: $this->someUser); $this->client->request('GET', '/api/search/v2?q=comment'); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::validateResponseOuterData($jsonData, 2, 0); foreach ($jsonData['items'] as $item) { if (null !== $item['entryComment']) { $type = 'entryComment'; $id = $entryComment->getId(); } else { $type = 'postComment'; $id = $postComment->getId(); } self::validateResponseItemData($item, $type, $id); } } public function testApiCannotFindRemoteUserAnonymousWhenOptionSet(): void { $settingsManager = $this->settingsManager; $value = $settingsManager->get('KBIN_FEDERATED_SEARCH_ONLY_LOGGEDIN'); $settingsManager->set('KBIN_FEDERATED_SEARCH_ONLY_LOGGEDIN', true); $this->client->request('GET', '/api/search/v2?q='.self::TEST_USER_HANDLE); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::validateResponseOuterData($jsonData, 0, 0); // Seems like settings can persist in the test environment? Might only be for bare metal setups $settingsManager->set('KBIN_FEDERATED_SEARCH_ONLY_LOGGEDIN', $value); } public function testApiCannotFindRemoteMagazineAnonymousWhenOptionSet(): void { $settingsManager = $this->settingsManager; $value = $settingsManager->get('KBIN_FEDERATED_SEARCH_ONLY_LOGGEDIN'); $settingsManager->set('KBIN_FEDERATED_SEARCH_ONLY_LOGGEDIN', true); $this->client->request('GET', '/api/search/v2?q='.self::TEST_MAGAZINE_HANDLE); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::validateResponseOuterData($jsonData, 0, 0); // Seems like settings can persist in the test environment? Might only be for bare metal setups $settingsManager->set('KBIN_FEDERATED_SEARCH_ONLY_LOGGEDIN', $value); } public function testApiCanFindRemoteUserByHandleAnonymous(): void { $settingsManager = $this->settingsManager; $value = $settingsManager->get('KBIN_FEDERATED_SEARCH_ONLY_LOGGEDIN'); $settingsManager->set('KBIN_FEDERATED_SEARCH_ONLY_LOGGEDIN', false); $this->getUserByUsername('test'); $this->client->request('GET', '/api/search/v2?q=@'.self::TEST_USER_HANDLE); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::validateResponseOuterData($jsonData, 0, 1); self::validateResponseItemData($jsonData['apResults'][0], 'user', null, self::TEST_USER_HANDLE, self::TEST_USER_URL); $this->client->request('GET', '/api/search/v2?q='.self::TEST_USER_HANDLE); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::validateResponseOuterData($jsonData, 1, 1); self::assertSame(self::TEST_USER_URL, $jsonData['items'][0]['user']['apProfileId']); self::validateResponseItemData($jsonData['apResults'][0], 'user', null, self::TEST_USER_HANDLE, self::TEST_USER_URL); // Seems like settings can persist in the test environment? Might only be for bare metal setups. $settingsManager->set('KBIN_FEDERATED_SEARCH_ONLY_LOGGEDIN', $value); } public function testApiCanFindRemoteMagazineByHandleAnonymous(): void { // Admin user must exist to retrieve a remote magazine since remote mods aren't federated (yet) $this->getUserByUsername('admin', isAdmin: true); $settingsManager = $this->settingsManager; $value = $settingsManager->get('KBIN_FEDERATED_SEARCH_ONLY_LOGGEDIN'); $settingsManager->set('KBIN_FEDERATED_SEARCH_ONLY_LOGGEDIN', false); $this->getMagazineByName('testMag', user: $this->someUser); $this->client->request('GET', '/api/search/v2?q=!'.self::TEST_MAGAZINE_HANDLE); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::validateResponseOuterData($jsonData, 0, 1); self::validateResponseItemData($jsonData['apResults'][0], 'magazine', null, self::TEST_MAGAZINE_HANDLE, self::TEST_MAGAZINE_URL); // Seems like settings can persist in the test environment? Might only be for bare metal setups $settingsManager->set('KBIN_FEDERATED_SEARCH_ONLY_LOGGEDIN', $value); } public function testApiCanFindRemoteUserByUrl(): void { $settingsManager = $this->settingsManager; $value = $settingsManager->get('KBIN_FEDERATED_SEARCH_ONLY_LOGGEDIN'); $settingsManager->set('KBIN_FEDERATED_SEARCH_ONLY_LOGGEDIN', true); $this->getUserByUsername('test'); $this->client->loginUser($this->localUser); $this->client->request('GET', '/api/search/v2?q='.urlencode(self::TEST_USER_URL)); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::validateResponseOuterData($jsonData, 0, 1); self::validateResponseItemData($jsonData['apResults'][0], 'user', null, self::TEST_USER_HANDLE, self::TEST_USER_URL); // Seems like settings can persist in the test environment? Might only be for bare metal setups $settingsManager->set('KBIN_FEDERATED_SEARCH_ONLY_LOGGEDIN', $value); } public function testApiCanFindRemoteMagazineByUrl(): void { $this->getUserByUsername('admin', isAdmin: true); $settingsManager = $this->settingsManager; $value = $settingsManager->get('KBIN_FEDERATED_SEARCH_ONLY_LOGGEDIN'); $settingsManager->set('KBIN_FEDERATED_SEARCH_ONLY_LOGGEDIN', true); $this->client->loginUser($this->localUser); $this->getMagazineByName('testMag', user: $this->someUser); $this->client->request('GET', '/api/search/v2?q='.urlencode(self::TEST_MAGAZINE_URL)); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::validateResponseOuterData($jsonData, 0, 1); self::validateResponseItemData($jsonData['apResults'][0], 'magazine', null, self::TEST_MAGAZINE_HANDLE, self::TEST_MAGAZINE_URL); // Seems like settings can persist in the test environment? Might only be for bare metal setups $settingsManager->set('KBIN_FEDERATED_SEARCH_ONLY_LOGGEDIN', $value); } public function testApiCanFindRemotePostByUrl(): void { $this->getUserByUsername('admin', isAdmin: true); $settingsManager = $this->settingsManager; $value = $settingsManager->get('KBIN_FEDERATED_SEARCH_ONLY_LOGGEDIN'); $settingsManager->set('KBIN_FEDERATED_SEARCH_ONLY_LOGGEDIN', true); $this->client->loginUser($this->localUser); $this->getMagazineByName('testMag', user: $this->someUser); $this->client->request('GET', '/api/search/v2?q='.urlencode($this->testEntryUrl)); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::validateResponseOuterData($jsonData, 0, 1); self::validateResponseItemData($jsonData['apResults'][0], 'entry', null, $this->testEntryUrl); // Seems like settings can persist in the test environment? Might only be for bare metal setups $settingsManager->set('KBIN_FEDERATED_SEARCH_ONLY_LOGGEDIN', $value); } private static function validateResponseOuterData(array $data, int $expectedLength, int $expectedApLength): void { self::assertIsArray($data); self::assertArrayKeysMatch(self::SEARCH_PAGINATED_KEYS, $data); self::assertIsArray($data['items']); self::assertCount($expectedLength, $data['items']); self::assertIsArray($data['pagination']); self::assertArrayKeysMatch(self::PAGINATION_KEYS, $data['pagination']); self::assertSame($expectedLength, $data['pagination']['count']); self::assertIsArray($data['apResults']); self::assertCount($expectedApLength, $data['apResults']); } private static function validateResponseItemData(array $data, string $expectedType, ?int $expectedId = null, ?string $expectedApId = null, ?string $apProfileId = null): void { self::assertIsArray($data); self::assertArrayKeysMatch(self::SEARCH_ITEM_KEYS, $data); switch ($expectedType) { case 'entry': self::assertNotNull($data['entry']); self::assertNull($data['entryComment']); self::assertNull($data['post']); self::assertNull($data['postComment']); self::assertNull($data['magazine']); self::assertNull($data['user']); self::assertArrayKeysMatch(self::ENTRY_RESPONSE_KEYS, $data['entry']); if (null !== $expectedId) { self::assertSame($expectedId, $data['entry']['entryId']); } else { self::assertSame($expectedApId, $data['entry']['apId']); } break; case 'entryComment': self::assertNotNull($data['entryComment']); self::assertNull($data['entry']); self::assertNull($data['post']); self::assertNull($data['postComment']); self::assertNull($data['magazine']); self::assertNull($data['user']); self::assertArrayKeysMatch(self::ENTRY_COMMENT_RESPONSE_KEYS, $data['entryComment']); if (null !== $expectedId) { self::assertSame($expectedId, $data['entryComment']['commentId']); } else { self::assertSame($expectedApId, $data['entryComment']['apId']); } break; case 'post': self::assertNotNull($data['post']); self::assertNull($data['entry']); self::assertNull($data['entryComment']); self::assertNull($data['postComment']); self::assertNull($data['magazine']); self::assertNull($data['user']); self::assertArrayKeysMatch(self::POST_RESPONSE_KEYS, $data['post']); if (null !== $expectedId) { self::assertSame($expectedId, $data['post']['postId']); } else { self::assertSame($expectedApId, $data['post']['apId']); } break; case 'postComment': self::assertNotNull($data['postComment']); self::assertNull($data['entry']); self::assertNull($data['entryComment']); self::assertNull($data['post']); self::assertNull($data['magazine']); self::assertNull($data['user']); self::assertArrayKeysMatch(self::POST_COMMENT_RESPONSE_KEYS, $data['postComment']); if (null !== $expectedId) { self::assertSame($expectedId, $data['postComment']['commentId']); } else { self::assertSame($expectedApId, $data['postComment']['apId']); } break; case 'magazine': self::assertNotNull($data['magazine']); self::assertNull($data['entry']); self::assertNull($data['entryComment']); self::assertNull($data['post']); self::assertNull($data['postComment']); self::assertNull($data['user']); self::assertArrayKeysMatch(self::MAGAZINE_RESPONSE_KEYS, $data['magazine']); if (null !== $expectedId) { self::assertSame($expectedId, $data['magazine']['magazineId']); } else { self::assertSame($expectedApId, $data['magazine']['apId']); } if (null !== $apProfileId) { self::assertSame($apProfileId, $data['magazine']['apProfileId']); } break; case 'user': self::assertNotNull($data['user']); self::assertNull($data['entry']); self::assertNull($data['entryComment']); self::assertNull($data['post']); self::assertNull($data['postComment']); self::assertNull($data['magazine']); self::assertArrayKeysMatch(self::USER_RESPONSE_KEYS, $data['user']); if (null !== $expectedId) { self::assertSame($expectedId, $data['user']['userId']); } else { self::assertSame($expectedApId, $data['user']['apId']); } if (null !== $apProfileId) { self::assertSame($apProfileId, $data['user']['apProfileId']); } break; default: throw new \AssertionError(); } } } ================================================ FILE: tests/Functional/Controller/Api/User/Admin/UserBanApiTest.php ================================================ getUserByUsername('UserWithoutAbout', isAdmin: true); $bannedUser = $this->getUserByUsername('JohnDoe'); $this->client->loginUser($testUser); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $this->client->request('POST', '/api/admin/users/'.(string) $bannedUser->getId().'/ban', server: ['HTTP_AUTHORIZATION' => $codes['token_type'].' '.$codes['access_token']]); self::assertResponseStatusCodeSame(403); $repository = $this->userRepository; $bannedUser = $repository->find($bannedUser->getId()); self::assertFalse($bannedUser->isBanned); } public function testApiCannotUnbanUserWithoutScope(): void { self::createOAuth2AuthCodeClient(); $testUser = $this->getUserByUsername('UserWithoutAbout', isAdmin: true); $bannedUser = $this->getUserByUsername('JohnDoe'); $this->userManager->ban($bannedUser, $testUser, null); $this->client->loginUser($testUser); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $this->client->request('POST', '/api/admin/users/'.(string) $bannedUser->getId().'/unban', server: ['HTTP_AUTHORIZATION' => $codes['token_type'].' '.$codes['access_token']]); self::assertResponseStatusCodeSame(403); $repository = $this->userRepository; $bannedUser = $repository->find($bannedUser->getId()); self::assertTrue($bannedUser->isBanned); } public function testApiCannotBanUserWithoutAdminAccount(): void { self::createOAuth2AuthCodeClient(); $testUser = $this->getUserByUsername('UserWithoutAbout', isAdmin: false); $bannedUser = $this->getUserByUsername('JohnDoe'); $this->client->loginUser($testUser); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read admin:user:ban'); $this->client->request('POST', '/api/admin/users/'.(string) $bannedUser->getId().'/ban', server: ['HTTP_AUTHORIZATION' => $codes['token_type'].' '.$codes['access_token']]); self::assertResponseStatusCodeSame(403); $repository = $this->userRepository; $bannedUser = $repository->find($bannedUser->getId()); self::assertFalse($bannedUser->isBanned); } public function testApiCannotUnbanUserWithoutAdminAccount(): void { self::createOAuth2AuthCodeClient(); $testUser = $this->getUserByUsername('UserWithoutAbout', isAdmin: false); $bannedUser = $this->getUserByUsername('JohnDoe'); $this->userManager->ban($bannedUser, $testUser, null); $this->client->loginUser($testUser); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read admin:user:ban'); $this->client->request('POST', '/api/admin/users/'.(string) $bannedUser->getId().'/unban', server: ['HTTP_AUTHORIZATION' => $codes['token_type'].' '.$codes['access_token']]); self::assertResponseStatusCodeSame(403); $repository = $this->userRepository; $bannedUser = $repository->find($bannedUser->getId()); self::assertTrue($bannedUser->isBanned); } public function testApiCanBanUser(): void { self::createOAuth2AuthCodeClient(); $testUser = $this->getUserByUsername('UserWithoutAbout', isAdmin: true); $bannedUser = $this->getUserByUsername('JohnDoe'); $this->client->loginUser($testUser); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read admin:user:ban'); $this->client->request('POST', '/api/admin/users/'.(string) $bannedUser->getId().'/ban', server: ['HTTP_AUTHORIZATION' => $codes['token_type'].' '.$codes['access_token']]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertArrayKeysMatch(array_merge(self::USER_RESPONSE_KEYS, ['isBanned']), $jsonData); self::assertTrue($jsonData['isBanned']); $repository = $this->userRepository; $bannedUser = $repository->find($bannedUser->getId()); self::assertTrue($bannedUser->isBanned); } public function testApiCanUnbanUser(): void { self::createOAuth2AuthCodeClient(); $testUser = $this->getUserByUsername('UserWithoutAbout', isAdmin: true); $bannedUser = $this->getUserByUsername('JohnDoe'); $this->userManager->ban($bannedUser, $testUser, null); $this->client->loginUser($testUser); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read admin:user:ban'); $this->client->request('POST', '/api/admin/users/'.(string) $bannedUser->getId().'/unban', server: ['HTTP_AUTHORIZATION' => $codes['token_type'].' '.$codes['access_token']]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertArrayKeysMatch(array_merge(self::USER_RESPONSE_KEYS, ['isBanned']), $jsonData); self::assertFalse($jsonData['isBanned']); $repository = $this->userRepository; $bannedUser = $repository->find($bannedUser->getId()); self::assertFalse($bannedUser->isBanned); } public function testBanApiReturns404IfUserNotFound(): void { self::createOAuth2AuthCodeClient(); $testUser = $this->getUserByUsername('UserWithoutAbout', isAdmin: true); $bannedUser = $this->getUserByUsername('JohnDoe'); $this->client->loginUser($testUser); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read admin:user:ban'); $this->client->request('POST', '/api/admin/users/'.(string) ($bannedUser->getId() * 10).'/ban', server: ['HTTP_AUTHORIZATION' => $codes['token_type'].' '.$codes['access_token']]); self::assertResponseStatusCodeSame(404); $repository = $this->userRepository; $bannedUser = $repository->find($bannedUser->getId()); self::assertFalse($bannedUser->isBanned); } public function testUnbanApiReturns404IfUserNotFound(): void { self::createOAuth2AuthCodeClient(); $testUser = $this->getUserByUsername('UserWithoutAbout', isAdmin: true); $bannedUser = $this->getUserByUsername('JohnDoe'); $this->userManager->ban($bannedUser, $testUser, null); $this->client->loginUser($testUser); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read admin:user:ban'); $this->client->request('POST', '/api/admin/users/'.(string) ($bannedUser->getId() * 10).'/unban', server: ['HTTP_AUTHORIZATION' => $codes['token_type'].' '.$codes['access_token']]); self::assertResponseStatusCodeSame(404); $repository = $this->userRepository; $bannedUser = $repository->find($bannedUser->getId()); self::assertTrue($bannedUser->isBanned); } public function testBanApiReturns401IfTokenNotProvided(): void { $bannedUser = $this->getUserByUsername('JohnDoe'); $this->client->request('POST', '/api/admin/users/'.(string) $bannedUser->getId().'/ban'); self::assertResponseStatusCodeSame(401); } public function testUnbanApiReturns401IfTokenNotProvided(): void { $bannedUser = $this->getUserByUsername('JohnDoe'); $this->client->request('POST', '/api/admin/users/'.(string) $bannedUser->getId().'/unban'); self::assertResponseStatusCodeSame(401); } public function testBanApiIsIdempotent(): void { self::createOAuth2AuthCodeClient(); $testUser = $this->getUserByUsername('UserWithoutAbout', isAdmin: true); $bannedUser = $this->getUserByUsername('JohnDoe'); $this->userManager->ban($bannedUser, $testUser, null); $this->client->loginUser($testUser); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read admin:user:ban'); // Ban user a second time with the API $this->client->request('POST', '/api/admin/users/'.(string) $bannedUser->getId().'/ban', server: ['HTTP_AUTHORIZATION' => $codes['token_type'].' '.$codes['access_token']]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertArrayKeysMatch(array_merge(self::USER_RESPONSE_KEYS, ['isBanned']), $jsonData); self::assertTrue($jsonData['isBanned']); $repository = $this->userRepository; $bannedUser = $repository->find($bannedUser->getId()); self::assertTrue($bannedUser->isBanned); } public function testUnbanApiIsIdempotent(): void { self::createOAuth2AuthCodeClient(); $testUser = $this->getUserByUsername('UserWithoutAbout', isAdmin: true); $bannedUser = $this->getUserByUsername('JohnDoe'); // Do not ban user $this->client->loginUser($testUser); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read admin:user:ban'); $this->client->request('POST', '/api/admin/users/'.(string) $bannedUser->getId().'/unban', server: ['HTTP_AUTHORIZATION' => $codes['token_type'].' '.$codes['access_token']]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertArrayKeysMatch(array_merge(self::USER_RESPONSE_KEYS, ['isBanned']), $jsonData); self::assertFalse($jsonData['isBanned']); $repository = $this->userRepository; $bannedUser = $repository->find($bannedUser->getId()); self::assertFalse($bannedUser->isBanned); } } ================================================ FILE: tests/Functional/Controller/Api/User/Admin/UserDeleteApiTest.php ================================================ getUserByUsername('UserWithoutAbout', isAdmin: true); $deletedUser = $this->getUserByUsername('JohnDoe'); $this->client->loginUser($testUser); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $this->client->request( 'DELETE', '/api/admin/users/'.(string) $deletedUser->getId().'/delete_account', server: ['HTTP_AUTHORIZATION' => $codes['token_type'].' '.$codes['access_token']] ); self::assertResponseStatusCodeSame(403); $repository = $this->userRepository; $deletedUser = $repository->find($deletedUser->getId()); self::assertFalse($deletedUser->isAccountDeleted()); } public function testApiCannotDeleteUserWithoutAdminAccount(): void { self::createOAuth2AuthCodeClient(); $testUser = $this->getUserByUsername('UserWithoutAbout', isAdmin: false); $deletedUser = $this->getUserByUsername('JohnDoe'); $this->client->loginUser($testUser); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read admin:user:delete'); $this->client->request( 'DELETE', '/api/admin/users/'.(string) $deletedUser->getId().'/delete_account', server: ['HTTP_AUTHORIZATION' => $codes['token_type'].' '.$codes['access_token']] ); self::assertResponseStatusCodeSame(403); $repository = $this->userRepository; $deletedUser = $repository->find($deletedUser->getId()); self::assertFalse($deletedUser->isAccountDeleted()); } public function testApiCanDeleteUser(): void { self::createOAuth2AuthCodeClient(); $testUser = $this->getUserByUsername('UserWithoutAbout', isAdmin: true); $deletedUser = $this->getUserByUsername('JohnDoe'); $this->client->loginUser($testUser); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read admin:user:delete'); $this->client->request( 'DELETE', '/api/admin/users/'.(string) $deletedUser->getId().'/delete_account', server: ['HTTP_AUTHORIZATION' => $codes['token_type'].' '.$codes['access_token']] ); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertArrayKeysMatch(self::USER_RESPONSE_KEYS, $jsonData); $repository = $this->userRepository; $deletedUser = $repository->find($deletedUser->getId()); self::assertTrue($deletedUser->isAccountDeleted()); } public function testDeleteApiReturns404IfUserNotFound(): void { self::createOAuth2AuthCodeClient(); $testUser = $this->getUserByUsername('UserWithoutAbout', isAdmin: true); $deletedUser = $this->getUserByUsername('JohnDoe'); $this->client->loginUser($testUser); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read admin:user:delete'); $this->client->request( 'DELETE', '/api/admin/users/'.(string) ($deletedUser->getId() * 10).'/delete_account', server: ['HTTP_AUTHORIZATION' => $codes['token_type'].' '.$codes['access_token']] ); self::assertResponseStatusCodeSame(404); $repository = $this->userRepository; $deletedUser = $repository->find($deletedUser->getId()); self::assertFalse($deletedUser->isBanned); } public function testDeleteApiReturns401IfTokenNotProvided(): void { $deletedUser = $this->getUserByUsername('JohnDoe'); $this->client->request('DELETE', '/api/admin/users/'.(string) $deletedUser->getId().'/delete_account'); self::assertResponseStatusCodeSame(401); } public function testDeleteApiIsNotIdempotent(): void { self::createOAuth2AuthCodeClient(); $testUser = $this->getUserByUsername('UserWithoutAbout', isAdmin: true); $deletedUser = $this->getUserByUsername('JohnDoe'); $deleteId = $deletedUser->getId(); $this->userManager->delete($deletedUser); $this->client->loginUser($testUser); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read admin:user:delete'); // Ban user a second time with the API $this->client->request( 'DELETE', '/api/admin/users/'.(string) $deleteId.'/delete_account', server: ['HTTP_AUTHORIZATION' => $codes['token_type'].' '.$codes['access_token']] ); self::assertResponseStatusCodeSame(404); $repository = $this->userRepository; $deletedUser = $repository->find($deleteId); self::assertNull($deletedUser); } } ================================================ FILE: tests/Functional/Controller/Api/User/Admin/UserPurgeApiTest.php ================================================ getUserByUsername('UserWithoutAbout', isAdmin: true); $purgedUser = $this->getUserByUsername('JohnDoe'); $this->client->loginUser($testUser); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $this->client->request('DELETE', '/api/admin/users/'.(string) $purgedUser->getId().'/purge_account', server: ['HTTP_AUTHORIZATION' => $codes['token_type'].' '.$codes['access_token']]); self::assertResponseStatusCodeSame(403); $repository = $this->userRepository; $purgedUser = $repository->find($purgedUser->getId()); self::assertNotNull($purgedUser); } public function testApiCannotPurgeUserWithoutAdminAccount(): void { self::createOAuth2AuthCodeClient(); $testUser = $this->getUserByUsername('UserWithoutAbout', isAdmin: false); $purgedUser = $this->getUserByUsername('JohnDoe'); $this->client->loginUser($testUser); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read admin:user:purge'); $this->client->request('DELETE', '/api/admin/users/'.(string) $purgedUser->getId().'/purge_account', server: ['HTTP_AUTHORIZATION' => $codes['token_type'].' '.$codes['access_token']]); self::assertResponseStatusCodeSame(403); $repository = $this->userRepository; $purgedUser = $repository->find($purgedUser->getId()); self::assertNotNull($purgedUser); } public function testApiCanPurgeUser(): void { self::createOAuth2AuthCodeClient(); $testUser = $this->getUserByUsername('UserWithoutAbout', isAdmin: true); $purgedUser = $this->getUserByUsername('JohnDoe'); $this->client->loginUser($testUser); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read admin:user:purge'); $this->client->request('DELETE', '/api/admin/users/'.(string) $purgedUser->getId().'/purge_account', server: ['HTTP_AUTHORIZATION' => $codes['token_type'].' '.$codes['access_token']]); self::assertResponseStatusCodeSame(204); $repository = $this->userRepository; $purgedUser = $repository->find($purgedUser->getId()); self::assertNull($purgedUser); } public function testPurgeApiReturns404IfUserNotFound(): void { self::createOAuth2AuthCodeClient(); $testUser = $this->getUserByUsername('UserWithoutAbout', isAdmin: true); $purgedUser = $this->getUserByUsername('JohnDoe'); $this->client->loginUser($testUser); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read admin:user:purge'); $this->client->request('DELETE', '/api/admin/users/'.(string) ($purgedUser->getId() * 10).'/purge_account', server: ['HTTP_AUTHORIZATION' => $codes['token_type'].' '.$codes['access_token']]); self::assertResponseStatusCodeSame(404); $repository = $this->userRepository; $purgedUser = $repository->find($purgedUser->getId()); self::assertNotNull($purgedUser); } public function testPurgeApiReturns401IfTokenNotProvided(): void { $purgedUser = $this->getUserByUsername('JohnDoe'); $this->client->request('DELETE', '/api/admin/users/'.(string) $purgedUser->getId().'/purge_account'); self::assertResponseStatusCodeSame(401); } } ================================================ FILE: tests/Functional/Controller/Api/User/Admin/UserRetrieveBannedApiTest.php ================================================ getUserByUsername('UserWithoutAbout', isAdmin: true); $bannedUser = $this->getUserByUsername('JohnDoe'); $this->userManager->ban($bannedUser, $testUser, null); $this->client->loginUser($testUser); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $this->client->request('GET', '/api/admin/users/banned', server: ['HTTP_AUTHORIZATION' => $codes['token_type'].' '.$codes['access_token']]); self::assertResponseStatusCodeSame(403); } public function testApiCannotRetrieveBannedUsersWithoutAdminAccount(): void { self::createOAuth2AuthCodeClient(); $testUser = $this->getUserByUsername('UserWithoutAbout', isAdmin: false); $bannedUser = $this->getUserByUsername('JohnDoe'); $this->userManager->ban($bannedUser, $testUser, null); $this->client->loginUser($testUser); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read admin:user:ban'); $this->client->request('GET', '/api/admin/users/banned', server: ['HTTP_AUTHORIZATION' => $codes['token_type'].' '.$codes['access_token']]); self::assertResponseStatusCodeSame(403); } public function testApiCanRetrieveBannedUsers(): void { self::createOAuth2AuthCodeClient(); $testUser = $this->getUserByUsername('UserWithoutAbout', isAdmin: true); $bannedUser = $this->getUserByUsername('JohnDoe'); $this->userManager->ban($bannedUser, $testUser, null); $this->client->loginUser($testUser); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read admin:user:ban'); $this->client->request('GET', '/api/admin/users/banned', server: ['HTTP_AUTHORIZATION' => $codes['token_type'].' '.$codes['access_token']]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::PAGINATED_KEYS, $jsonData); self::assertIsArray($jsonData['pagination']); self::assertArrayKeysMatch(self::PAGINATION_KEYS, $jsonData['pagination']); self::assertSame(1, $jsonData['pagination']['count']); self::assertIsArray($jsonData['items']); self::assertCount(1, $jsonData['items']); self::assertIsArray($jsonData['items'][0]); self::assertArrayKeysMatch(array_merge(self::USER_RESPONSE_KEYS, ['isBanned']), $jsonData['items'][0]); self::assertSame($bannedUser->getId(), $jsonData['items'][0]['userId']); } } ================================================ FILE: tests/Functional/Controller/Api/User/Admin/UserVerifyApiTest.php ================================================ getUserByUsername('UserWithoutAbout', isAdmin: true); $unverifiedUser = $this->getUserByUsername('JohnDoe', active: false); $this->client->loginUser($testUser); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $this->client->request('PUT', '/api/admin/users/'.(string) $unverifiedUser->getId().'/verify', server: ['HTTP_AUTHORIZATION' => $codes['token_type'].' '.$codes['access_token']]); self::assertResponseStatusCodeSame(403); $repository = $this->userRepository; $unverifiedUser = $repository->find($unverifiedUser->getId()); self::assertFalse($unverifiedUser->isVerified); } public function testApiCannotVerifyUserWithoutAdminAccount(): void { self::createOAuth2AuthCodeClient(); $testUser = $this->getUserByUsername('UserWithoutAbout', isAdmin: false); $unverifiedUser = $this->getUserByUsername('JohnDoe', active: false); $this->client->loginUser($testUser); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read admin:user:verify'); $this->client->request('PUT', '/api/admin/users/'.(string) $unverifiedUser->getId().'/verify', server: ['HTTP_AUTHORIZATION' => $codes['token_type'].' '.$codes['access_token']]); self::assertResponseStatusCodeSame(403); $repository = $this->userRepository; $unverifiedUser = $repository->find($unverifiedUser->getId()); self::assertFalse($unverifiedUser->isVerified); } public function testApiCanVerifyUser(): void { self::createOAuth2AuthCodeClient(); $testUser = $this->getUserByUsername('UserWithoutAbout', isAdmin: true); $unverifiedUser = $this->getUserByUsername('JohnDoe', active: false); $this->client->loginUser($testUser); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read admin:user:verify'); $this->client->request('PUT', '/api/admin/users/'.(string) $unverifiedUser->getId().'/verify', server: ['HTTP_AUTHORIZATION' => $codes['token_type'].' '.$codes['access_token']]); self::assertResponseStatusCodeSame(200); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(array_merge(self::USER_RESPONSE_KEYS, ['isVerified']), $jsonData); self::assertTrue($jsonData['isVerified']); $repository = $this->userRepository; $unverifiedUser = $repository->find($unverifiedUser->getId()); self::assertTrue($unverifiedUser->isVerified); } public function testVerifyApiReturns404IfUserNotFound(): void { self::createOAuth2AuthCodeClient(); $testUser = $this->getUserByUsername('UserWithoutAbout', isAdmin: true); $unverifiedUser = $this->getUserByUsername('JohnDoe', active: false); $this->client->loginUser($testUser); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read admin:user:verify'); $this->client->request('PUT', '/api/admin/users/'.(string) ($unverifiedUser->getId() * 10).'/verify', server: ['HTTP_AUTHORIZATION' => $codes['token_type'].' '.$codes['access_token']]); self::assertResponseStatusCodeSame(404); } public function testVerifyApiReturns401IfTokenNotProvided(): void { $unverifiedUser = $this->getUserByUsername('JohnDoe', active: false); $this->client->request('PUT', '/api/admin/users/'.(string) $unverifiedUser->getId().'/verify'); self::assertResponseStatusCodeSame(401); } } ================================================ FILE: tests/Functional/Controller/Api/User/UserBlockApiTest.php ================================================ getUserByUsername('UserWithoutAbout'); $blockedUser = $this->getUserByUsername('JohnDoe'); $this->client->loginUser($testUser); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $this->client->request('PUT', '/api/users/'.(string) $blockedUser->getId().'/block', server: ['HTTP_AUTHORIZATION' => $codes['token_type'].' '.$codes['access_token']]); self::assertResponseStatusCodeSame(403); } public function testApiCannotUnblockUserWithoutScope(): void { self::createOAuth2AuthCodeClient(); $testUser = $this->getUserByUsername('UserWithoutAbout'); $blockedUser = $this->getUserByUsername('JohnDoe'); $this->client->loginUser($testUser); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $this->client->request('PUT', '/api/users/'.(string) $blockedUser->getId().'/unblock', server: ['HTTP_AUTHORIZATION' => $codes['token_type'].' '.$codes['access_token']]); self::assertResponseStatusCodeSame(403); } #[Group(name: 'NonThreadSafe')] public function testApiCanBlockUser(): void { self::createOAuth2AuthCodeClient(); $testUser = $this->getUserByUsername('UserWithoutAbout'); $followedUser = $this->getUserByUsername('JohnDoe'); $this->client->loginUser($testUser); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read user:follow user:block'); $this->client->request('PUT', '/api/users/'.(string) $followedUser->getId().'/block', server: ['HTTP_AUTHORIZATION' => $codes['token_type'].' '.$codes['access_token']]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayHasKey('userId', $jsonData); self::assertArrayHasKey('username', $jsonData); self::assertArrayHasKey('about', $jsonData); self::assertArrayHasKey('avatar', $jsonData); self::assertArrayHasKey('cover', $jsonData); self::assertArrayNotHasKey('lastActive', $jsonData); self::assertArrayHasKey('createdAt', $jsonData); self::assertArrayHasKey('followersCount', $jsonData); self::assertArrayHasKey('apId', $jsonData); self::assertArrayHasKey('apProfileId', $jsonData); self::assertArrayHasKey('isBot', $jsonData); self::assertArrayHasKey('isFollowedByUser', $jsonData); self::assertArrayHasKey('isFollowerOfUser', $jsonData); self::assertArrayHasKey('isBlockedByUser', $jsonData); self::assertSame(0, $jsonData['followersCount']); self::assertFalse($jsonData['isFollowedByUser']); self::assertFalse($jsonData['isFollowerOfUser']); self::assertTrue($jsonData['isBlockedByUser']); } #[Group(name: 'NonThreadSafe')] public function testApiCanUnblockUser(): void { self::createOAuth2AuthCodeClient(); $testUser = $this->getUserByUsername('UserWithoutAbout'); $blockedUser = $this->getUserByUsername('JohnDoe'); $testUser->block($blockedUser); $manager = $this->entityManager; $manager->persist($testUser); $manager->flush(); $this->client->loginUser($testUser); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read user:follow user:block'); $this->client->request('PUT', '/api/users/'.(string) $blockedUser->getId().'/unblock', server: ['HTTP_AUTHORIZATION' => $codes['token_type'].' '.$codes['access_token']]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayHasKey('userId', $jsonData); self::assertArrayHasKey('username', $jsonData); self::assertArrayHasKey('about', $jsonData); self::assertArrayHasKey('avatar', $jsonData); self::assertArrayHasKey('cover', $jsonData); self::assertArrayNotHasKey('lastActive', $jsonData); self::assertArrayHasKey('createdAt', $jsonData); self::assertArrayHasKey('followersCount', $jsonData); self::assertArrayHasKey('apId', $jsonData); self::assertArrayHasKey('apProfileId', $jsonData); self::assertArrayHasKey('isBot', $jsonData); self::assertArrayHasKey('isFollowedByUser', $jsonData); self::assertArrayHasKey('isFollowerOfUser', $jsonData); self::assertArrayHasKey('isBlockedByUser', $jsonData); self::assertSame(0, $jsonData['followersCount']); self::assertFalse($jsonData['isFollowedByUser']); self::assertFalse($jsonData['isFollowerOfUser']); self::assertFalse($jsonData['isBlockedByUser']); } } ================================================ FILE: tests/Functional/Controller/Api/User/UserContentApiTest.php ================================================ getUserByUsername('JohnDoe'); $dummyUser = $this->getUserByUsername('dummy'); $magazine = $this->getMagazineByName('test'); $entry1 = $this->createEntry('e 1', $magazine, $user); $entry2 = $this->createEntry('e 2', $magazine, $user); $entryDummy = $this->createEntry('dummy', $magazine, $dummyUser); $post1 = $this->createPost('p 1', $magazine, $user); $post2 = $this->createPost('p 2', $magazine, $user); $this->createPost('dummy', $magazine, $dummyUser); $comment1 = $this->createEntryComment('c 1', $entryDummy, $user); $comment2 = $this->createEntryComment('c 2', $entryDummy, $user); $this->createEntryComment('dummy', $entryDummy, $dummyUser); $reply1 = $this->createPostComment('r 1', $post1, $user); $reply2 = $this->createPostComment('r 2', $post1, $user); $this->createPostComment('dummy', $post1, $dummyUser); $this->client->request('GET', "/api/users/{$user->getId()}/content"); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::PAGINATED_KEYS, $jsonData); self::assertIsArray($jsonData['items']); self::assertCount(8, $jsonData['items']); self::assertIsArray($jsonData['pagination']); self::assertArrayKeysMatch(self::PAGINATION_KEYS, $jsonData['pagination']); self::assertSame(8, $jsonData['pagination']['count']); self::assertTrue(array_all($jsonData['items'], function ($item) use ($entry1, $entry2, $post1, $post2, $comment1, $comment2, $reply1, $reply2) { return (null !== $item['entry'] && ($item['entry']['entryId'] === $entry1->getId() || $item['entry']['entryId'] === $entry2->getId())) || (null !== $item['post'] && ($item['post']['postId'] === $post1->getId() || $item['post']['postId'] === $post2->getId())) || (null !== $item['entryComment'] && ($item['entryComment']['commentId'] === $comment1->getId() || $item['entryComment']['commentId'] === $comment2->getId())) || (null !== $item['postComment'] && ($item['postComment']['commentId'] === $reply1->getId() || $item['postComment']['commentId'] === $reply2->getId())) ; })); } public function testCanGetUserContentHideAdult() { $user = $this->getUserByUsername('JohnDoe'); $dummyUser = $this->getUserByUsername('dummy'); $magazine = $this->getMagazineByName('test'); $entry1 = $this->createEntry('e 1', $magazine, $user); $entry2 = $this->createEntry('e 2', $magazine, $user); $entryDummy = $this->createEntry('dummy', $magazine, $dummyUser); $post1 = $this->createPost('p 1', $magazine, $user); $post2 = $this->createPost('p 2', $magazine, $user); $this->createPost('dummy', $magazine, $dummyUser); $comment1 = $this->createEntryComment('c 1', $entryDummy, $user); $comment2 = $this->createEntryComment('c 2', $entryDummy, $user); $this->createEntryComment('dummy', $entryDummy, $dummyUser); $reply1 = $this->createPostComment('r 1', $post1, $user); $reply2 = $this->createPostComment('r 2', $post1, $user); $this->createPostComment('dummy', $post1, $dummyUser); $entry2->isAdult = true; $post2->isAdult = true; $comment2->isAdult = true; $reply2->isAdult = true; $this->entityManager->persist($entry2); $this->entityManager->persist($post2); $this->entityManager->persist($comment2); $this->entityManager->persist($reply2); $this->entityManager->flush(); $this->client->request('GET', "/api/users/{$user->getId()}/content?hideAdult=true"); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::PAGINATED_KEYS, $jsonData); self::assertIsArray($jsonData['items']); self::assertCount(4, $jsonData['items']); self::assertIsArray($jsonData['pagination']); self::assertArrayKeysMatch(self::PAGINATION_KEYS, $jsonData['pagination']); self::assertSame(4, $jsonData['pagination']['count']); self::assertTrue(array_all($jsonData['items'], function ($item) use ($entry1, $post1, $comment1, $reply1) { return (null !== $item['entry'] && $item['entry']['entryId'] === $entry1->getId()) || (null !== $item['post'] && $item['post']['postId'] === $post1->getId()) || (null !== $item['entryComment'] && $item['entryComment']['commentId'] === $comment1->getId()) || (null !== $item['postComment'] && $item['postComment']['commentId'] === $reply1->getId()) ; })); } public function testCanGetUserBoosts() { $user = $this->getUserByUsername('JohnDoe'); $dummyUser = $this->getUserByUsername('dummy'); $magazine = $this->getMagazineByName('test'); $entry1 = $this->createEntry('e 1', $magazine, $dummyUser); $entry2 = $this->createEntry('e 2', $magazine, $dummyUser); $entryDummy = $this->createEntry('dummy', $magazine, $dummyUser); $post1 = $this->createPost('p 1', $magazine, $dummyUser); $post2 = $this->createPost('p 2', $magazine, $dummyUser); $this->createPost('dummy', $magazine, $dummyUser); $comment1 = $this->createEntryComment('c 1', $entryDummy, $dummyUser); $comment2 = $this->createEntryComment('c 2', $entryDummy, $dummyUser); $this->createEntryComment('dummy', $entryDummy, $dummyUser); $reply1 = $this->createPostComment('r 1', $post1, $dummyUser); $reply2 = $this->createPostComment('r 2', $post1, $dummyUser); $this->createPostComment('dummy', $post1, $dummyUser); $this->voteManager->upvote($entry1, $user); $this->voteManager->upvote($entry2, $user); $this->voteManager->upvote($post1, $user); $this->voteManager->upvote($post2, $user); $this->voteManager->upvote($comment1, $user); $this->voteManager->upvote($comment2, $user); $this->voteManager->upvote($reply1, $user); $this->voteManager->upvote($reply2, $user); $this->client->request('GET', "/api/users/{$user->getId()}/boosts"); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::PAGINATED_KEYS, $jsonData); self::assertIsArray($jsonData['items']); self::assertCount(8, $jsonData['items']); self::assertIsArray($jsonData['pagination']); self::assertArrayKeysMatch(self::PAGINATION_KEYS, $jsonData['pagination']); self::assertSame(8, $jsonData['pagination']['count']); self::assertTrue(array_all($jsonData['items'], function ($item) use ($entry1, $entry2, $post1, $post2, $comment1, $comment2, $reply1, $reply2) { return (null !== $item['entry'] && ($item['entry']['entryId'] === $entry1->getId() || $item['entry']['entryId'] === $entry2->getId())) || (null !== $item['post'] && ($item['post']['postId'] === $post1->getId() || $item['post']['postId'] === $post2->getId())) || (null !== $item['entryComment'] && ($item['entryComment']['commentId'] === $comment1->getId() || $item['entryComment']['commentId'] === $comment2->getId())) || (null !== $item['postComment'] && ($item['postComment']['commentId'] === $reply1->getId() || $item['postComment']['commentId'] === $reply2->getId())) ; })); } } ================================================ FILE: tests/Functional/Controller/Api/User/UserFilterListApiTest.php ================================================ getListUserToken(); $this->client->request('GET', '/api/users/filterLists', server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $data = self::getJsonResponse($this->client); self::assertArrayHasKey('items', $data); self::assertCount(1, $data['items']); $list = $data['items'][0]; self::assertArrayKeysMatch(self::USER_FILTER_LIST_KEYS, $list); } public function testAnonymousCannotRetrieve(): void { $this->client->request('GET', '/api/users/filterLists'); self::assertResponseStatusCodeSame(401); } public function testUserCanEditList(): void { $token = $this->getListUserToken(); $requestParams = [ 'name' => 'Some new Name', 'expirationDate' => (new \DateTimeImmutable('now - 5 days'))->format(DATE_ATOM), 'feeds' => false, 'profile' => false, 'comments' => false, 'words' => [ [ 'exactMatch' => true, 'word' => 'newWord', ], [ 'exactMatch' => false, 'word' => 'sOmEnEwWoRd', ], ], ]; $this->client->jsonRequest('PUT', '/api/users/filterLists/'.$this->list->getId(), $requestParams, server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $data = self::getJsonResponse($this->client); self::assertArrayIsEqualToArrayIgnoringListOfKeys($requestParams, $data, ['id']); } public function testOtherUserCannotEditList(): void { self::createOAuth2AuthCodeClient(); $this->client->loginUser($this->otherUser); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'user:profile:edit'); $token = $codes['token_type'].' '.$codes['access_token']; $requestParams = [ 'name' => 'Some new Name', 'expirationDate' => null, 'feeds' => false, 'profile' => false, 'comments' => false, 'words' => $this->list->words, ]; $this->client->jsonRequest('PUT', '/api/users/filterLists/'.$this->list->getId(), $requestParams, server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); } public function testUserCanDeleteList(): void { $token = $this->getListUserToken(); $this->client->jsonRequest('DELETE', '/api/users/filterLists/'.$this->list->getId(), server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $freshList = $this->entityManager->getRepository(UserFilterList::class)->find($this->list->getId()); self::assertNull($freshList); } public function testOtherUserCannotDeleteList(): void { self::createOAuth2AuthCodeClient(); $this->client->loginUser($this->otherUser); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'user:profile:edit'); $token = $codes['token_type'].' '.$codes['access_token']; $this->client->jsonRequest('DELETE', '/api/users/filterLists/'.$this->list->getId(), server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseStatusCodeSame(403); $freshList = $this->entityManager->getRepository(UserFilterList::class)->find($this->list->getId()); self::assertNotNull($freshList); } public function testFilteredHomePage(): void { $token = $this->getListUserToken(); $this->deactivateFilterList($token); $entry = $this->getEntryByTitle('Cringe entry', body: 'some entry'); $entry2 = $this->getEntryByTitle('Some entry', body: 'some entry'); $entry2->createdAt = new \DateTimeImmutable('now - 1 minutes'); $entry3 = $this->getEntryByTitle('Some other entry', body: 'some entry with a cringe body'); $entry3->createdAt = new \DateTimeImmutable('now - 2 minutes'); $post = $this->createPost('Cringe body'); $post->createdAt = new \DateTimeImmutable('now - 3 minutes'); $post2 = $this->createPost('Body with a cringe text'); $post2->createdAt = new \DateTimeImmutable('now - 4 minutes'); $post3 = $this->createPost('Some post'); $post3->createdAt = new \DateTimeImmutable('now - 5 minutes'); $this->entityManager->flush(); $this->client->jsonRequest('GET', '/api/combined?sort=newest', server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $data = self::getJsonResponse($this->client); self::assertIsArray($data); self::assertArrayKeysMatch(self::PAGINATED_KEYS, $data); self::assertIsArray($data['items']); self::assertCount(6, $data['items']); self::assertEquals($entry->getId(), $data['items'][0]['entry']['entryId']); self::assertEquals($entry2->getId(), $data['items'][1]['entry']['entryId']); self::assertEquals($entry3->getId(), $data['items'][2]['entry']['entryId']); self::assertEquals($post->getId(), $data['items'][3]['post']['postId']); self::assertEquals($post2->getId(), $data['items'][4]['post']['postId']); self::assertEquals($post3->getId(), $data['items'][5]['post']['postId']); // activate list $this->activateFilterList($token); $this->client->jsonRequest('GET', '/api/combined?sortBy=newest', server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $data = self::getJsonResponse($this->client); self::assertIsArray($data); self::assertArrayKeysMatch(self::PAGINATED_KEYS, $data); self::assertIsArray($data['items']); self::assertCount(2, $data['items']); self::assertEquals($entry2->getId(), $data['items'][0]['entry']['entryId']); self::assertEquals($post3->getId(), $data['items'][1]['post']['postId']); } public function testFilteredHomePageExact(): void { $token = $this->getListUserToken(); $this->deactivateFilterList($token); $entry = $this->getEntryByTitle('TEST entry', body: 'some entry'); $entry2 = $this->getEntryByTitle('Some entry', body: 'some test entry'); $entry2->createdAt = new \DateTimeImmutable('now - 1 minutes'); $entry3 = $this->getEntryByTitle('Some other entry', body: 'some entry with a TEST body'); $entry3->createdAt = new \DateTimeImmutable('now - 2 minutes'); $post = $this->createPost('TEST body'); $post->createdAt = new \DateTimeImmutable('now - 3 minutes'); $post2 = $this->createPost('Body with a TEST text'); $post2->createdAt = new \DateTimeImmutable('now - 4 minutes'); $post3 = $this->createPost('Some test post'); $post3->createdAt = new \DateTimeImmutable('now - 5 minutes'); $this->entityManager->flush(); $this->client->jsonRequest('GET', '/api/combined?sort=newest', server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $data = self::getJsonResponse($this->client); self::assertIsArray($data); self::assertArrayKeysMatch(self::PAGINATED_KEYS, $data); self::assertIsArray($data['items']); self::assertCount(6, $data['items']); self::assertEquals($entry->getId(), $data['items'][0]['entry']['entryId']); self::assertEquals($entry2->getId(), $data['items'][1]['entry']['entryId']); self::assertEquals($entry3->getId(), $data['items'][2]['entry']['entryId']); self::assertEquals($post->getId(), $data['items'][3]['post']['postId']); self::assertEquals($post2->getId(), $data['items'][4]['post']['postId']); self::assertEquals($post3->getId(), $data['items'][5]['post']['postId']); $this->activateFilterList($token); $this->client->jsonRequest('GET', '/api/combined?sortBy=newest', server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $data = self::getJsonResponse($this->client); self::assertIsArray($data); self::assertArrayKeysMatch(self::PAGINATED_KEYS, $data); self::assertIsArray($data['items']); self::assertCount(2, $data['items']); self::assertEquals($entry2->getId(), $data['items'][0]['entry']['entryId']); self::assertEquals($post3->getId(), $data['items'][1]['post']['postId']); } public function testFilteredEntryComments(): void { $token = $this->getListUserToken(); $entry = $this->getEntryByTitle('Some Entry'); $comment1 = $this->createEntryComment('Some normal comment', $entry); $comment1->createdAt = new \DateTimeImmutable('now - 1 minutes'); $subComment1 = $this->createEntryComment('Some sub comment', $entry, parent: $comment1); $subComment1->createdAt = new \DateTimeImmutable('now - 1 minutes'); $subComment2 = $this->createEntryComment('Some Cringe sub comment', $entry, parent: $comment1); $subComment2->createdAt = new \DateTimeImmutable('now - 2 minutes'); $subComment3 = $this->createEntryComment('Some other Cringe sub comment', $entry, parent: $comment1); $subComment3->createdAt = new \DateTimeImmutable('now - 3 minutes'); $comment2 = $this->createEntryComment('Some cringe comment', $entry); $comment2->createdAt = new \DateTimeImmutable('now - 2 minutes'); $comment3 = $this->createEntryComment('Some other Cringe comment', $entry); $comment3->createdAt = new \DateTimeImmutable('now - 3 minutes'); $this->entityManager->flush(); $this->deactivateFilterList($token); $this->client->request('GET', "/api/entry/{$entry->getId()}/comments?sortBy=newest", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::PAGINATED_KEYS, $jsonData); self::assertIsArray($jsonData['items']); self::assertCount(3, $jsonData['items']); self::assertEquals($comment1->getId(), $jsonData['items'][0]['commentId']); self::assertEquals($comment2->getId(), $jsonData['items'][1]['commentId']); self::assertEquals($comment3->getId(), $jsonData['items'][2]['commentId']); self::assertIsArray($jsonData['items']); self::assertCount(3, $jsonData['items'][0]['children']); self::assertEquals($subComment1->getId(), $jsonData['items'][0]['children'][0]['commentId']); self::assertEquals($subComment2->getId(), $jsonData['items'][0]['children'][1]['commentId']); self::assertEquals($subComment3->getId(), $jsonData['items'][0]['children'][2]['commentId']); $this->activateFilterList($token); $this->client->request('GET', "/api/entry/{$entry->getId()}/comments?sortBy=newest", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::PAGINATED_KEYS, $jsonData); self::assertIsArray($jsonData['items']); self::assertCount(1, $jsonData['items']); self::assertEquals($comment1->getId(), $jsonData['items'][0]['commentId']); self::assertCount(1, $jsonData['items'][0]['children']); self::assertEquals($subComment1->getId(), $jsonData['items'][0]['children'][0]['commentId']); } public function testFilteredEntryCommentsExact(): void { $token = $this->getListUserToken(); $entry = $this->getEntryByTitle('Some Entry'); $comment1 = $this->createEntryComment('Some normal comment', $entry); $comment1->createdAt = new \DateTimeImmutable('now - 1 minutes'); $subComment1 = $this->createEntryComment('Some sub comment', $entry, parent: $comment1); $subComment1->createdAt = new \DateTimeImmutable('now - 1 minutes'); $subComment2 = $this->createEntryComment('Some TEST sub comment', $entry, parent: $comment1); $subComment2->createdAt = new \DateTimeImmutable('now - 2 minutes'); $subComment3 = $this->createEntryComment('Some other test sub comment', $entry, parent: $comment1); $subComment3->createdAt = new \DateTimeImmutable('now - 3 minutes'); $comment2 = $this->createEntryComment('Some TEST comment', $entry); $comment2->createdAt = new \DateTimeImmutable('now - 2 minutes'); $comment3 = $this->createEntryComment('Some other test comment', $entry); $comment3->createdAt = new \DateTimeImmutable('now - 3 minutes'); $this->entityManager->flush(); $this->deactivateFilterList($token); $this->client->request('GET', "/api/entry/{$entry->getId()}/comments?sortBy=newest", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::PAGINATED_KEYS, $jsonData); self::assertIsArray($jsonData['items']); self::assertCount(3, $jsonData['items']); self::assertEquals($comment1->getId(), $jsonData['items'][0]['commentId']); self::assertEquals($comment2->getId(), $jsonData['items'][1]['commentId']); self::assertEquals($comment3->getId(), $jsonData['items'][2]['commentId']); self::assertCount(3, $jsonData['items'][0]['children']); self::assertEquals($subComment1->getId(), $jsonData['items'][0]['children'][0]['commentId']); self::assertEquals($subComment2->getId(), $jsonData['items'][0]['children'][1]['commentId']); self::assertEquals($subComment3->getId(), $jsonData['items'][0]['children'][2]['commentId']); $this->activateFilterList($token); $this->client->request('GET', "/api/entry/{$entry->getId()}/comments?sortBy=newest", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::PAGINATED_KEYS, $jsonData); self::assertIsArray($jsonData['items']); self::assertCount(2, $jsonData['items']); self::assertEquals($comment1->getId(), $jsonData['items'][0]['commentId']); self::assertCount(2, $jsonData['items'][0]['children']); self::assertEquals($subComment1->getId(), $jsonData['items'][0]['children'][0]['commentId']); self::assertEquals($subComment3->getId(), $jsonData['items'][0]['children'][1]['commentId']); } public function testFilteredPostComments(): void { $token = $this->getListUserToken(); $post = $this->createPost('Some Post'); $comment1 = $this->createPostComment('Some normal comment', $post); $comment1->createdAt = new \DateTimeImmutable('now - 1 minutes'); $subComment1 = $this->createPostComment('Some sub comment', $post, parent: $comment1); $subComment1->createdAt = new \DateTimeImmutable('now - 1 minutes'); $subComment2 = $this->createPostComment('Some Cringe sub comment', $post, parent: $comment1); $subComment2->createdAt = new \DateTimeImmutable('now - 2 minutes'); $subComment3 = $this->createPostComment('Some other Cringe sub comment', $post, parent: $comment1); $subComment3->createdAt = new \DateTimeImmutable('now - 3 minutes'); $comment2 = $this->createPostComment('Some cringe comment', $post); $comment2->createdAt = new \DateTimeImmutable('now - 2 minutes'); $comment3 = $this->createPostComment('Some other Cringe comment', $post); $comment3->createdAt = new \DateTimeImmutable('now - 3 minutes'); $this->entityManager->flush(); $this->deactivateFilterList($token); $this->client->request('GET', "/api/posts/{$post->getId()}/comments?sortBy=newest", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::PAGINATED_KEYS, $jsonData); self::assertIsArray($jsonData['items']); self::assertCount(3, $jsonData['items']); self::assertEquals($comment1->getId(), $jsonData['items'][0]['commentId']); self::assertEquals($comment2->getId(), $jsonData['items'][1]['commentId']); self::assertEquals($comment3->getId(), $jsonData['items'][2]['commentId']); self::assertIsArray($jsonData['items']); self::assertCount(3, $jsonData['items'][0]['children']); self::assertEquals($subComment1->getId(), $jsonData['items'][0]['children'][0]['commentId']); self::assertEquals($subComment2->getId(), $jsonData['items'][0]['children'][1]['commentId']); self::assertEquals($subComment3->getId(), $jsonData['items'][0]['children'][2]['commentId']); $this->activateFilterList($token); $this->client->request('GET', "/api/posts/{$post->getId()}/comments?sortBy=newest", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::PAGINATED_KEYS, $jsonData); self::assertIsArray($jsonData['items']); self::assertCount(1, $jsonData['items']); self::assertEquals($comment1->getId(), $jsonData['items'][0]['commentId']); self::assertCount(1, $jsonData['items'][0]['children']); self::assertEquals($subComment1->getId(), $jsonData['items'][0]['children'][0]['commentId']); } public function testFilteredPostCommentsExact(): void { $token = $this->getListUserToken(); $post = $this->createPost('Some Post'); $comment1 = $this->createPostComment('Some normal comment', $post); $comment1->createdAt = new \DateTimeImmutable('now - 1 minutes'); $subComment1 = $this->createPostComment('Some sub comment', $post, parent: $comment1); $subComment1->createdAt = new \DateTimeImmutable('now - 1 minutes'); $subComment2 = $this->createPostComment('Some TEST sub comment', $post, parent: $comment1); $subComment2->createdAt = new \DateTimeImmutable('now - 2 minutes'); $subComment3 = $this->createPostComment('Some other test sub comment', $post, parent: $comment1); $subComment3->createdAt = new \DateTimeImmutable('now - 3 minutes'); $comment2 = $this->createPostComment('Some TEST comment', $post); $comment2->createdAt = new \DateTimeImmutable('now - 2 minutes'); $comment3 = $this->createPostComment('Some other test comment', $post); $comment3->createdAt = new \DateTimeImmutable('now - 3 minutes'); $this->entityManager->flush(); $this->deactivateFilterList($token); $this->client->request('GET', "/api/posts/{$post->getId()}/comments?sortBy=newest", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::PAGINATED_KEYS, $jsonData); self::assertIsArray($jsonData['items']); self::assertCount(3, $jsonData['items']); self::assertEquals($comment1->getId(), $jsonData['items'][0]['commentId']); self::assertEquals($comment2->getId(), $jsonData['items'][1]['commentId']); self::assertEquals($comment3->getId(), $jsonData['items'][2]['commentId']); self::assertCount(3, $jsonData['items'][0]['children']); self::assertEquals($subComment1->getId(), $jsonData['items'][0]['children'][0]['commentId']); self::assertEquals($subComment2->getId(), $jsonData['items'][0]['children'][1]['commentId']); self::assertEquals($subComment3->getId(), $jsonData['items'][0]['children'][2]['commentId']); $this->activateFilterList($token); $this->client->request('GET', "/api/posts/{$post->getId()}/comments?sortBy=newest", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::PAGINATED_KEYS, $jsonData); self::assertIsArray($jsonData['items']); self::assertCount(2, $jsonData['items']); self::assertEquals($comment1->getId(), $jsonData['items'][0]['commentId']); self::assertCount(2, $jsonData['items'][0]['children']); self::assertEquals($subComment1->getId(), $jsonData['items'][0]['children'][0]['commentId']); self::assertEquals($subComment3->getId(), $jsonData['items'][0]['children'][1]['commentId']); } public function testFilteredProfile(): void { $token = $this->getListUserToken(); $otherUser = $this->userRepository->findOneByUsername('otherUser'); $magazine = $this->getMagazineByName('someMag'); $entry = $this->createEntry('Some Entry', $magazine, $otherUser); $entry->createdAt = new \DateTimeImmutable('now - 10 minutes'); $entryComment1 = $this->createEntryComment('Some comment', $entry, user: $otherUser); $entryComment1->createdAt = new \DateTimeImmutable('now - 9 minutes'); $entryComment2 = $this->createEntryComment('Some cringe comment', $entry, user: $otherUser); $entryComment2->createdAt = new \DateTimeImmutable('now - 8 minutes'); $entryComment3 = $this->createEntryComment('Some Cringe comment', $entry, user: $otherUser); $entryComment3->createdAt = new \DateTimeImmutable('now - 7 minutes'); $entry2 = $this->getEntryByTitle('Some cringe Entry', user: $otherUser); $entry2->createdAt = new \DateTimeImmutable('now - 6 minutes'); $post = $this->createPost('Some Post', user: $otherUser); $post->createdAt = new \DateTimeImmutable('now - 5 minutes'); $postComment1 = $this->createPostComment('Some comment', $post, user: $otherUser); $postComment1->createdAt = new \DateTimeImmutable('now - 4 minutes'); $postComment2 = $this->createPostComment('Some cringe comment', $post, user: $otherUser); $postComment2->createdAt = new \DateTimeImmutable('now - 3 minutes'); $postComment3 = $this->createPostComment('Some Cringe comment', $post, user: $otherUser); $postComment3->createdAt = new \DateTimeImmutable('now - 2 minutes'); $post2 = $this->createPost('Some Cringe Post', user: $otherUser); $post2->createdAt = new \DateTimeImmutable('now - 1 minutes'); $this->entityManager->flush(); $this->deactivateFilterList($token); $this->client->jsonRequest('GET', "/api/users/{$otherUser->getId()}/content", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData['items']); self::assertCount(10, $jsonData['items']); self::assertEquals($entry->getId(), $jsonData['items'][9]['entry']['entryId']); self::assertEquals($entryComment1->getId(), $jsonData['items'][8]['entryComment']['commentId']); self::assertEquals($entryComment2->getId(), $jsonData['items'][7]['entryComment']['commentId']); self::assertEquals($entryComment3->getId(), $jsonData['items'][6]['entryComment']['commentId']); self::assertEquals($entry2->getId(), $jsonData['items'][5]['entry']['entryId']); self::assertEquals($post->getId(), $jsonData['items'][4]['post']['postId']); self::assertEquals($postComment1->getId(), $jsonData['items'][3]['postComment']['commentId']); self::assertEquals($postComment2->getId(), $jsonData['items'][2]['postComment']['commentId']); self::assertEquals($postComment3->getId(), $jsonData['items'][1]['postComment']['commentId']); self::assertEquals($post2->getId(), $jsonData['items'][0]['post']['postId']); $this->activateFilterList($token); $this->client->jsonRequest('GET', "/api/users/{$otherUser->getId()}/content", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData['items']); self::assertCount(4, $jsonData['items']); self::assertEquals($entry->getId(), $jsonData['items'][3]['entry']['entryId']); self::assertEquals($entryComment1->getId(), $jsonData['items'][2]['entryComment']['commentId']); self::assertEquals($post->getId(), $jsonData['items'][1]['post']['postId']); self::assertEquals($postComment1->getId(), $jsonData['items'][0]['postComment']['commentId']); } public function testFilteredProfileExact(): void { $token = $this->getListUserToken(); $otherUser = $this->userRepository->findOneByUsername('otherUser'); $magazine = $this->getMagazineByName('someMag'); $entry = $this->createEntry('Some Entry', $magazine, $otherUser); $entry->createdAt = new \DateTimeImmutable('now - 10 minutes'); $entryComment1 = $this->createEntryComment('Some comment', $entry, user: $otherUser); $entryComment1->createdAt = new \DateTimeImmutable('now - 9 minutes'); $entryComment2 = $this->createEntryComment('Some TEST comment', $entry, user: $otherUser); $entryComment2->createdAt = new \DateTimeImmutable('now - 8 minutes'); $entryComment3 = $this->createEntryComment('Some test comment', $entry, user: $otherUser); $entryComment3->createdAt = new \DateTimeImmutable('now - 7 minutes'); $entry2 = $this->getEntryByTitle('Some TEST Entry', user: $otherUser); $entry2->createdAt = new \DateTimeImmutable('now - 6 minutes'); $post = $this->createPost('Some Post', user: $otherUser); $post->createdAt = new \DateTimeImmutable('now - 5 minutes'); $postComment1 = $this->createPostComment('Some comment', $post, user: $otherUser); $postComment1->createdAt = new \DateTimeImmutable('now - 4 minutes'); $postComment2 = $this->createPostComment('Some TEST comment', $post, user: $otherUser); $postComment2->createdAt = new \DateTimeImmutable('now - 3 minutes'); $postComment3 = $this->createPostComment('Some test comment', $post, user: $otherUser); $postComment3->createdAt = new \DateTimeImmutable('now - 2 minutes'); $post2 = $this->createPost('Some TEST Post', user: $otherUser); $post2->createdAt = new \DateTimeImmutable('now - 1 minutes'); $this->entityManager->flush(); $this->deactivateFilterList($token); $this->client->jsonRequest('GET', "/api/users/{$otherUser->getId()}/content", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData['items']); self::assertCount(10, $jsonData['items']); self::assertEquals($entry->getId(), $jsonData['items'][9]['entry']['entryId']); self::assertEquals($entryComment1->getId(), $jsonData['items'][8]['entryComment']['commentId']); self::assertEquals($entryComment2->getId(), $jsonData['items'][7]['entryComment']['commentId']); self::assertEquals($entryComment3->getId(), $jsonData['items'][6]['entryComment']['commentId']); self::assertEquals($entry2->getId(), $jsonData['items'][5]['entry']['entryId']); self::assertEquals($post->getId(), $jsonData['items'][4]['post']['postId']); self::assertEquals($postComment1->getId(), $jsonData['items'][3]['postComment']['commentId']); self::assertEquals($postComment2->getId(), $jsonData['items'][2]['postComment']['commentId']); self::assertEquals($postComment3->getId(), $jsonData['items'][1]['postComment']['commentId']); self::assertEquals($post2->getId(), $jsonData['items'][0]['post']['postId']); $this->activateFilterList($token); $this->client->jsonRequest('GET', "/api/users/{$otherUser->getId()}/content", server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData['items']); self::assertCount(6, $jsonData['items']); self::assertEquals($entry->getId(), $jsonData['items'][5]['entry']['entryId']); self::assertEquals($entryComment1->getId(), $jsonData['items'][4]['entryComment']['commentId']); self::assertEquals($entryComment3->getId(), $jsonData['items'][3]['entryComment']['commentId']); self::assertEquals($post->getId(), $jsonData['items'][2]['post']['postId']); self::assertEquals($postComment1->getId(), $jsonData['items'][1]['postComment']['commentId']); self::assertEquals($postComment3->getId(), $jsonData['items'][0]['postComment']['commentId']); } public function setUp(): void { parent::setUp(); $this->listUser = $this->getUserByUsername('listOwner'); $this->otherUser = $this->getUserByUsername('otherUser'); $this->list = new UserFilterList(); $this->list->name = 'Test List'; $this->list->user = $this->listUser; $this->list->expirationDate = null; $this->list->feeds = true; $this->list->profile = true; $this->list->comments = true; $this->list->words = [ [ 'exactMatch' => true, 'word' => 'TEST', ], [ 'exactMatch' => false, 'word' => 'Cringe', ], ]; $this->entityManager->persist($this->list); $this->entityManager->flush(); } private function deactivateFilterList(string $token): void { $dto = $this->getFilterListDto(); $this->client->jsonRequest('PUT', '/api/users/filterLists/'.$this->list->getId(), $dto, server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); } private function activateFilterList(string $token): void { $dto = $this->getFilterListDto(); $dto['expirationDate'] = null; $this->client->jsonRequest('PUT', '/api/users/filterLists/'.$this->list->getId(), $dto, server: ['HTTP_AUTHORIZATION' => $token]); self::assertResponseIsSuccessful(); } private function getFilterListDto(): array { return [ 'name' => $this->list->name, 'expirationDate' => (new \DateTimeImmutable('now - 1 day'))->format(DATE_ATOM), 'feeds' => true, 'profile' => true, 'comments' => true, 'words' => $this->list->words, ]; } private function getListUserToken(): string { self::createOAuth2AuthCodeClient(); $this->client->loginUser($this->listUser); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'user:profile:edit'); $token = $codes['token_type'].' '.$codes['access_token']; return $token; } } ================================================ FILE: tests/Functional/Controller/Api/User/UserFollowApiTest.php ================================================ getUserByUsername('UserWithoutAbout'); $followedUser = $this->getUserByUsername('JohnDoe'); $this->client->loginUser($testUser); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $this->client->request('PUT', '/api/users/'.(string) $followedUser->getId().'/follow', server: ['HTTP_AUTHORIZATION' => $codes['token_type'].' '.$codes['access_token']]); self::assertResponseStatusCodeSame(403); } public function testApiCannotUnfollowUserWithoutScope(): void { self::createOAuth2AuthCodeClient(); $testUser = $this->getUserByUsername('UserWithoutAbout'); $followedUser = $this->getUserByUsername('JohnDoe'); $this->client->loginUser($testUser); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $this->client->request('PUT', '/api/users/'.(string) $followedUser->getId().'/unfollow', server: ['HTTP_AUTHORIZATION' => $codes['token_type'].' '.$codes['access_token']]); self::assertResponseStatusCodeSame(403); } #[Group(name: 'NonThreadSafe')] public function testApiCanFollowUser(): void { self::createOAuth2AuthCodeClient(); $testUser = $this->getUserByUsername('UserWithoutAbout'); $followedUser = $this->getUserByUsername('JohnDoe'); $this->client->loginUser($testUser); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read user:follow user:block'); $this->client->request('PUT', '/api/users/'.(string) $followedUser->getId().'/follow', server: ['HTTP_AUTHORIZATION' => $codes['token_type'].' '.$codes['access_token']]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayHasKey('userId', $jsonData); self::assertArrayHasKey('username', $jsonData); self::assertArrayHasKey('about', $jsonData); self::assertArrayHasKey('avatar', $jsonData); self::assertArrayHasKey('cover', $jsonData); self::assertArrayNotHasKey('lastActive', $jsonData); self::assertArrayHasKey('createdAt', $jsonData); self::assertArrayHasKey('followersCount', $jsonData); self::assertArrayHasKey('apId', $jsonData); self::assertArrayHasKey('apProfileId', $jsonData); self::assertArrayHasKey('isBot', $jsonData); self::assertArrayHasKey('isFollowedByUser', $jsonData); self::assertArrayHasKey('isFollowerOfUser', $jsonData); self::assertArrayHasKey('isBlockedByUser', $jsonData); self::assertSame(1, $jsonData['followersCount']); self::assertTrue($jsonData['isFollowedByUser']); self::assertFalse($jsonData['isFollowerOfUser']); self::assertFalse($jsonData['isBlockedByUser']); } public function testApiCanUnfollowUser(): void { self::createOAuth2AuthCodeClient(); $testUser = $this->getUserByUsername('UserWithoutAbout'); $followedUser = $this->getUserByUsername('JohnDoe'); $testUser->follow($followedUser); $manager = $this->entityManager; $manager->persist($testUser); $manager->flush(); $this->client->loginUser($testUser); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read user:follow user:block'); $this->client->request('PUT', '/api/users/'.(string) $followedUser->getId().'/unfollow', server: ['HTTP_AUTHORIZATION' => $codes['token_type'].' '.$codes['access_token']]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayHasKey('userId', $jsonData); self::assertArrayHasKey('username', $jsonData); self::assertArrayHasKey('about', $jsonData); self::assertArrayHasKey('avatar', $jsonData); self::assertArrayHasKey('cover', $jsonData); self::assertArrayNotHasKey('lastActive', $jsonData); self::assertArrayHasKey('createdAt', $jsonData); self::assertArrayHasKey('followersCount', $jsonData); self::assertArrayHasKey('apId', $jsonData); self::assertArrayHasKey('apProfileId', $jsonData); self::assertArrayHasKey('isBot', $jsonData); self::assertArrayHasKey('isFollowedByUser', $jsonData); self::assertArrayHasKey('isFollowerOfUser', $jsonData); self::assertArrayHasKey('isBlockedByUser', $jsonData); self::assertSame(0, $jsonData['followersCount']); self::assertFalse($jsonData['isFollowedByUser']); self::assertFalse($jsonData['isFollowerOfUser']); self::assertFalse($jsonData['isBlockedByUser']); } } ================================================ FILE: tests/Functional/Controller/Api/User/UserModeratesApiTest.php ================================================ getUserByUsername('JohnDoe'); $user = $this->getUserByUsername('user'); $magazine1 = $this->getMagazineByName('m 1'); $magazine2 = $this->getMagazineByName('m 2'); $this->getMagazineByName('dummy'); $this->magazineManager->addModerator(new ModeratorDto($magazine1, $user, $owner)); $this->magazineManager->addModerator(new ModeratorDto($magazine2, $user, $owner)); $this->client->request('GET', "/api/users/{$user->getId()}/moderatedMagazines"); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::PAGINATED_KEYS, $jsonData); self::assertIsArray($jsonData['items']); self::assertCount(2, $jsonData['items']); self::assertIsArray($jsonData['pagination']); self::assertArrayKeysMatch(self::PAGINATION_KEYS, $jsonData['pagination']); self::assertSame(2, $jsonData['pagination']['count']); self::assertTrue(array_all($jsonData['items'], function ($item) use ($magazine1, $magazine2) { return $item['magazineId'] === $magazine1->getId() || $item['magazineId'] === $magazine2->getId(); })); } } ================================================ FILE: tests/Functional/Controller/Api/User/UserRetrieveApiTest.php ================================================ getUserByUsername('user'.(string) ($i + 1), about: 'Test user '.(string) ($i + 1)); } $this->getUserByUsername('userWithoutAbout'); $this->client->request('GET', '/api/users?withAbout=1'); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::PAGINATED_KEYS, $jsonData); self::assertIsArray($jsonData['pagination']); self::assertArrayKeysMatch(self::PAGINATION_KEYS, $jsonData['pagination']); self::assertSame(self::NUM_USERS, $jsonData['pagination']['count']); self::assertSame(1, $jsonData['pagination']['currentPage']); self::assertSame(1, $jsonData['pagination']['maxPage']); // Default perPage count should be used since no perPage value was specified self::assertSame(UserRepository::PER_PAGE, $jsonData['pagination']['perPage']); self::assertIsArray($jsonData['items']); self::assertSame(self::NUM_USERS, \count($jsonData['items'])); } public function testApiCanRetrieveAdminsAnonymous(): void { $users = []; for ($i = 0; $i < self::NUM_USERS; ++$i) { $users[] = $this->getUserByUsername('admin'.(string) ($i + 1), isAdmin: true); } $this->client->request('GET', '/api/users/admins'); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertIsArray($jsonData['items']); self::assertSame(self::NUM_USERS, \count($jsonData['items'])); } public function testApiCanRetrieveModeratorsAnonymous(): void { $users = []; for ($i = 0; $i < self::NUM_USERS; ++$i) { $users[] = $this->getUserByUsername('moderator'.(string) ($i + 1), isModerator: true); } $this->client->request('GET', '/api/users/moderators'); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertIsArray($jsonData['items']); self::assertSame(self::NUM_USERS, \count($jsonData['items'])); } public function testApiCanRetrieveUsersWithAbout(): void { self::createOAuth2AuthCodeClient(); $this->client->loginUser($this->getUserByUsername('UserWithoutAbout')); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $users = []; for ($i = 0; $i < self::NUM_USERS; ++$i) { $users[] = $this->getUserByUsername('user'.(string) ($i + 1), about: 'Test user '.(string) ($i + 1)); } $this->client->request('GET', '/api/users?withAbout=1', server: ['HTTP_AUTHORIZATION' => $codes['token_type'].' '.$codes['access_token']]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::PAGINATED_KEYS, $jsonData); self::assertArrayKeysMatch(self::PAGINATION_KEYS, $jsonData['pagination']); self::assertSame(self::NUM_USERS, $jsonData['pagination']['count']); } public function testApiCanRetrieveUserByIdAnonymous(): void { $testUser = $this->getUserByUsername('UserWithoutAbout'); $this->client->request('GET', '/api/users/'.(string) $testUser->getId()); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::USER_RESPONSE_KEYS, $jsonData); self::assertSame($testUser->getId(), $jsonData['userId']); self::assertSame('UserWithoutAbout', $jsonData['username']); self::assertNull($jsonData['about']); self::assertNotNull($jsonData['createdAt']); self::assertFalse($jsonData['isBot']); self::assertNull($jsonData['apId']); // Follow and block scopes not assigned, so these flags should be null self::assertNull($jsonData['isFollowedByUser']); self::assertNull($jsonData['isFollowerOfUser']); self::assertNull($jsonData['isBlockedByUser']); } public function testApiCanRetrieveUserById(): void { self::createOAuth2AuthCodeClient(); $testUser = $this->getUserByUsername('UserWithoutAbout'); $this->client->loginUser($testUser); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $this->client->request('GET', '/api/users/'.(string) $testUser->getId(), server: ['HTTP_AUTHORIZATION' => $codes['token_type'].' '.$codes['access_token']]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::USER_RESPONSE_KEYS, $jsonData); self::assertSame($testUser->getId(), $jsonData['userId']); self::assertSame('UserWithoutAbout', $jsonData['username']); self::assertNull($jsonData['about']); self::assertNotNull($jsonData['createdAt']); self::assertFalse($jsonData['isBot']); self::assertNull($jsonData['apId']); // Follow and block scopes not assigned, so these flags should be null self::assertNull($jsonData['isFollowedByUser']); self::assertNull($jsonData['isFollowerOfUser']); self::assertNull($jsonData['isBlockedByUser']); } public function testApiCanRetrieveUserByNameAnonymous(): void { $testUser = $this->getUserByUsername('UserWithoutAbout'); $this->client->request('GET', '/api/users/name/'.$testUser->getUsername()); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::USER_RESPONSE_KEYS, $jsonData); self::assertSame($testUser->getId(), $jsonData['userId']); self::assertSame('UserWithoutAbout', $jsonData['username']); self::assertNull($jsonData['about']); self::assertNotNull($jsonData['createdAt']); self::assertFalse($jsonData['isBot']); self::assertNull($jsonData['apId']); // Follow and block scopes not assigned, so these flags should be null self::assertNull($jsonData['isFollowedByUser']); self::assertNull($jsonData['isFollowerOfUser']); self::assertNull($jsonData['isBlockedByUser']); } public function testApiCanRetrieveUserByName(): void { self::createOAuth2AuthCodeClient(); $testUser = $this->getUserByUsername('UserWithoutAbout'); $this->client->loginUser($testUser); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $this->client->request('GET', '/api/users/name/'.$testUser->getUsername(), server: ['HTTP_AUTHORIZATION' => $codes['token_type'].' '.$codes['access_token']]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::USER_RESPONSE_KEYS, $jsonData); self::assertSame($testUser->getId(), $jsonData['userId']); self::assertSame('UserWithoutAbout', $jsonData['username']); self::assertNull($jsonData['about']); self::assertNotNull($jsonData['createdAt']); self::assertFalse($jsonData['isBot']); self::assertNull($jsonData['apId']); // Follow and block scopes not assigned, so these flags should be null self::assertNull($jsonData['isFollowedByUser']); self::assertNull($jsonData['isFollowerOfUser']); self::assertNull($jsonData['isBlockedByUser']); } public function testApiCannotRetrieveCurrentUserWithoutScope(): void { self::createOAuth2AuthCodeClient(); $testUser = $this->getUserByUsername('UserWithoutAbout'); $this->client->loginUser($testUser); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $this->client->request('GET', '/api/users/me', server: ['HTTP_AUTHORIZATION' => $codes['token_type'].' '.$codes['access_token']]); self::assertResponseStatusCodeSame(403); } public function testApiCanRetrieveCurrentUser(): void { self::createOAuth2AuthCodeClient(); $testUser = $this->getUserByUsername('UserWithoutAbout'); $this->client->loginUser($testUser); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read user:profile:read'); $this->client->request('GET', '/api/users/me', server: ['HTTP_AUTHORIZATION' => $codes['token_type'].' '.$codes['access_token']]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::USER_RESPONSE_KEYS, $jsonData); self::assertSame($testUser->getId(), $jsonData['userId']); self::assertSame('UserWithoutAbout', $jsonData['username']); self::assertNull($jsonData['about']); self::assertNotNull($jsonData['createdAt']); self::assertFalse($jsonData['isBot']); self::assertNull($jsonData['apId']); // Follow and block scopes not assigned, so these flags should be null self::assertNull($jsonData['isFollowedByUser']); self::assertNull($jsonData['isFollowerOfUser']); self::assertNull($jsonData['isBlockedByUser']); } public function testApiCanRetrieveUserFlagsWithScopes(): void { self::createOAuth2AuthCodeClient(); $testUser = $this->getUserByUsername('UserWithoutAbout'); $follower = $this->getUserByUsername('follower'); $follower->follow($testUser); $manager = $this->entityManager; $manager->persist($follower); $manager->flush(); $this->client->loginUser($testUser); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read user:follow user:block'); $this->client->request('GET', '/api/users/'.(string) $follower->getId(), server: ['HTTP_AUTHORIZATION' => $codes['token_type'].' '.$codes['access_token']]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::USER_RESPONSE_KEYS, $jsonData); // Follow and block scopes assigned, so these flags should not be null self::assertFalse($jsonData['isFollowedByUser']); self::assertTrue($jsonData['isFollowerOfUser']); self::assertFalse($jsonData['isBlockedByUser']); } public function testApiCanGetBlockedUsers(): void { self::createOAuth2AuthCodeClient(); $testUser = $this->getUserByUsername('UserWithoutAbout'); $blockedUser = $this->getUserByUsername('JohnDoe'); $testUser->block($blockedUser); $manager = $this->entityManager; $manager->persist($testUser); $manager->flush(); $this->client->loginUser($testUser); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read user:follow user:block'); $this->client->request('GET', '/api/users/blocked', server: ['HTTP_AUTHORIZATION' => $codes['token_type'].' '.$codes['access_token']]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::PAGINATED_KEYS, $jsonData); self::assertIsArray($jsonData['pagination']); self::assertArrayKeysMatch(self::PAGINATION_KEYS, $jsonData['pagination']); self::assertSame(1, $jsonData['pagination']['count']); self::assertSame(1, \count($jsonData['items'])); self::assertArrayKeysMatch(self::USER_RESPONSE_KEYS, $jsonData['items'][0]); self::assertSame($blockedUser->getId(), $jsonData['items'][0]['userId']); } public function testApiCannotGetFollowedUsersWithoutScope(): void { self::createOAuth2AuthCodeClient(); $testUser = $this->getUserByUsername('UserWithoutAbout'); $this->client->loginUser($testUser); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $this->client->request('GET', '/api/users/followed', server: ['HTTP_AUTHORIZATION' => $codes['token_type'].' '.$codes['access_token']]); self::assertResponseStatusCodeSame(403); } public function testApiCannotGetFollowersWithoutScope(): void { self::createOAuth2AuthCodeClient(); $testUser = $this->getUserByUsername('UserWithoutAbout'); $this->client->loginUser($testUser); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $this->client->request('GET', '/api/users/followers', server: ['HTTP_AUTHORIZATION' => $codes['token_type'].' '.$codes['access_token']]); self::assertResponseStatusCodeSame(403); } public function testApiCanGetFollowedUsers(): void { self::createOAuth2AuthCodeClient(); $testUser = $this->getUserByUsername('UserWithoutAbout'); $followedUser = $this->getUserByUsername('JohnDoe'); $testUser->follow($followedUser); $manager = $this->entityManager; $manager->persist($testUser); $manager->flush(); $this->client->loginUser($testUser); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read user:follow user:block'); $this->client->request('GET', '/api/users/followed', server: ['HTTP_AUTHORIZATION' => $codes['token_type'].' '.$codes['access_token']]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::PAGINATED_KEYS, $jsonData); self::assertIsArray($jsonData['pagination']); self::assertArrayKeysMatch(self::PAGINATION_KEYS, $jsonData['pagination']); self::assertSame(1, $jsonData['pagination']['count']); self::assertSame(1, \count($jsonData['items'])); self::assertArrayKeysMatch(self::USER_RESPONSE_KEYS, $jsonData['items'][0]); self::assertSame($followedUser->getId(), $jsonData['items'][0]['userId']); } public function testApiCanGetFollowers(): void { self::createOAuth2AuthCodeClient(); $testUser = $this->getUserByUsername('UserWithoutAbout'); $followingUser = $this->getUserByUsername('JohnDoe'); $followingUser->follow($testUser); $manager = $this->entityManager; $manager->persist($testUser); $manager->flush(); $this->client->loginUser($testUser); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read user:follow user:block'); $this->client->request('GET', '/api/users/followers', server: ['HTTP_AUTHORIZATION' => $codes['token_type'].' '.$codes['access_token']]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::PAGINATED_KEYS, $jsonData); self::assertIsArray($jsonData['pagination']); self::assertArrayKeysMatch(self::PAGINATION_KEYS, $jsonData['pagination']); self::assertSame(1, $jsonData['pagination']['count']); self::assertSame(1, \count($jsonData['items'])); self::assertArrayKeysMatch(self::USER_RESPONSE_KEYS, $jsonData['items'][0]); self::assertSame($followingUser->getId(), $jsonData['items'][0]['userId']); } public function testApiCannotGetFollowedUsersByIdIfNotShared(): void { self::createOAuth2AuthCodeClient(); $testUser = $this->getUserByUsername('UserWithoutAbout'); $followedUser = $this->getUserByUsername('JohnDoe'); $testUser->follow($followedUser); $testUser->showProfileFollowings = false; $manager = $this->entityManager; $manager->persist($testUser); $manager->flush(); $this->client->loginUser($followedUser); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read user:follow user:block'); $this->client->request('GET', '/api/users/'.(string) $testUser->getId().'/followed', server: ['HTTP_AUTHORIZATION' => $codes['token_type'].' '.$codes['access_token']]); self::assertResponseStatusCodeSame(403); } public function testApiCanGetFollowedUsersById(): void { self::createOAuth2AuthCodeClient(); $testUser = $this->getUserByUsername('UserWithoutAbout'); $followedUser = $this->getUserByUsername('JohnDoe'); $testUser->follow($followedUser); $manager = $this->entityManager; $manager->persist($testUser); $manager->flush(); $this->client->loginUser($followedUser); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read user:follow user:block'); $this->client->request('GET', '/api/users/'.(string) $testUser->getId().'/followed', server: ['HTTP_AUTHORIZATION' => $codes['token_type'].' '.$codes['access_token']]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::PAGINATED_KEYS, $jsonData); self::assertIsArray($jsonData['pagination']); self::assertArrayKeysMatch(self::PAGINATION_KEYS, $jsonData['pagination']); self::assertSame(1, $jsonData['pagination']['count']); self::assertSame(1, \count($jsonData['items'])); self::assertArrayKeysMatch(self::USER_RESPONSE_KEYS, $jsonData['items'][0]); self::assertSame($followedUser->getId(), $jsonData['items'][0]['userId']); } public function testApiCanGetFollowersById(): void { self::createOAuth2AuthCodeClient(); $testUser = $this->getUserByUsername('UserWithoutAbout'); $followingUser = $this->getUserByUsername('JohnDoe'); $followingUser->follow($testUser); $manager = $this->entityManager; $manager->persist($testUser); $manager->flush(); $this->client->loginUser($followingUser); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read user:follow user:block'); $this->client->request('GET', '/api/users/'.(string) $testUser->getId().'/followers', server: ['HTTP_AUTHORIZATION' => $codes['token_type'].' '.$codes['access_token']]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::PAGINATED_KEYS, $jsonData); self::assertIsArray($jsonData['pagination']); self::assertArrayKeysMatch(self::PAGINATION_KEYS, $jsonData['pagination']); self::assertSame(1, $jsonData['pagination']['count']); self::assertSame(1, \count($jsonData['items'])); self::assertArrayKeysMatch(self::USER_RESPONSE_KEYS, $jsonData['items'][0]); self::assertSame($followingUser->getId(), $jsonData['items'][0]['userId']); } public function testApiCannotGetSettingsWithoutScope(): void { self::createOAuth2AuthCodeClient(); $testUser = $this->getUserByUsername('JohnDoe'); $this->client->loginUser($testUser); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read'); $this->client->request('GET', '/api/users/settings', server: ['HTTP_AUTHORIZATION' => $codes['token_type'].' '.$codes['access_token']]); self::assertResponseStatusCodeSame(403); } public function testApiCanGetSettings(): void { self::createOAuth2AuthCodeClient(); $testUser = $this->getUserByUsername('JohnDoe'); $this->client->loginUser($testUser); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read user:profile:read'); $this->client->request('GET', '/api/users/settings', server: ['HTTP_AUTHORIZATION' => $codes['token_type'].' '.$codes['access_token']]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::USER_SETTINGS_KEYS, $jsonData); } } ================================================ FILE: tests/Functional/Controller/Api/User/UserRetrieveOAuthConsentsApiTest.php ================================================ getUserByUsername('someuser'); $this->client->loginUser($testUser); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read user:follow user:block'); $this->client->request('GET', '/api/users/consents', server: ['HTTP_AUTHORIZATION' => $codes['token_type'].' '.$codes['access_token']]); self::assertResponseStatusCodeSame(403); } public function testApiCanGetConsents(): void { self::createOAuth2AuthCodeClient(); $testUser = $this->getUserByUsername('someuser'); $this->client->loginUser($testUser); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read user:oauth_clients:read user:follow user:block'); $this->client->request('GET', '/api/users/consents', server: ['HTTP_AUTHORIZATION' => $codes['token_type'].' '.$codes['access_token']]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::PAGINATED_KEYS, $jsonData); self::assertIsArray($jsonData['pagination']); self::assertArrayKeysMatch(self::PAGINATION_KEYS, $jsonData['pagination']); self::assertSame(1, $jsonData['pagination']['count']); self::assertIsArray($jsonData['items']); self::assertSame(1, \count($jsonData['items'])); self::assertIsArray($jsonData['items'][0]); self::assertArrayKeysMatch(self::CONSENT_RESPONSE_KEYS, $jsonData['items'][0]); self::assertEquals( ['read', 'user:oauth_clients:read', 'user:follow', 'user:block'], $jsonData['items'][0]['scopesGranted'] ); self::assertEquals( OAuth2ClientDto::AVAILABLE_SCOPES, $jsonData['items'][0]['scopesAvailable'] ); self::assertEquals('/kbin Test Client', $jsonData['items'][0]['client']); self::assertEquals('An OAuth2 client for testing purposes', $jsonData['items'][0]['description']); self::assertNull($jsonData['items'][0]['clientLogo']); } public function testApiCannotGetOtherUsersConsentsById(): void { self::createOAuth2AuthCodeClient(); $testUser = $this->getUserByUsername('someuser'); $testUser2 = $this->getUserByUsername('someuser2'); $this->client->loginUser($testUser); $codes1 = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read user:oauth_clients:read user:follow user:block'); $this->client->loginUser($testUser2); $codes2 = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read user:oauth_clients:read user:follow user:block'); $this->client->request('GET', '/api/users/consents', server: ['HTTP_AUTHORIZATION' => $codes1['token_type'].' '.$codes1['access_token']]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::PAGINATED_KEYS, $jsonData); self::assertIsArray($jsonData['items']); self::assertSame(1, \count($jsonData['items'])); self::assertIsArray($jsonData['items'][0]); self::assertArrayKeysMatch(self::CONSENT_RESPONSE_KEYS, $jsonData['items'][0]); $this->client->request( 'GET', '/api/users/consents/'.(string) $jsonData['items'][0]['consentId'], server: ['HTTP_AUTHORIZATION' => $codes2['token_type'].' '.$codes2['access_token']] ); self::assertResponseStatusCodeSame(403); } public function testApiCanGetConsentsById(): void { self::createOAuth2AuthCodeClient(); $testUser = $this->getUserByUsername('someuser'); $this->client->loginUser($testUser); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read user:oauth_clients:read user:follow user:block'); $this->client->request('GET', '/api/users/consents', server: ['HTTP_AUTHORIZATION' => $codes['token_type'].' '.$codes['access_token']]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::PAGINATED_KEYS, $jsonData); self::assertIsArray($jsonData['items']); self::assertSame(1, \count($jsonData['items'])); self::assertIsArray($jsonData['items'][0]); self::assertArrayKeysMatch(self::CONSENT_RESPONSE_KEYS, $jsonData['items'][0]); $consent = $jsonData['items'][0]; $this->client->request( 'GET', '/api/users/consents/'.(string) $consent['consentId'], server: ['HTTP_AUTHORIZATION' => $codes['token_type'].' '.$codes['access_token']] ); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertEquals($consent, $jsonData); } } ================================================ FILE: tests/Functional/Controller/Api/User/UserUpdateApiTest.php ================================================ getUserByUsername('JohnDoe'); $this->client->loginUser($testUser); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read user:profile:read'); $this->client->jsonRequest( 'PUT', '/api/users/profile', parameters: [ 'about' => 'Updated during test', ], server: ['HTTP_AUTHORIZATION' => $codes['token_type'].' '.$codes['access_token']] ); self::assertResponseStatusCodeSame(403); } public function testApiCanUpdateCurrentUserProfile(): void { self::createOAuth2AuthCodeClient(); $testUser = $this->getUserByUsername('JohnDoe'); $this->client->loginUser($testUser); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read user:profile:edit user:profile:read'); $this->client->request('GET', '/api/users/'.(string) $testUser->getId(), server: ['HTTP_AUTHORIZATION' => $codes['token_type'].' '.$codes['access_token']]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::USER_RESPONSE_KEYS, $jsonData); self::assertSame($testUser->getId(), $jsonData['userId']); self::assertNull($jsonData['about']); $this->client->jsonRequest( 'PUT', '/api/users/profile', parameters: [ 'about' => 'Updated during test', ], server: ['HTTP_AUTHORIZATION' => $codes['token_type'].' '.$codes['access_token']] ); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::USER_RESPONSE_KEYS, $jsonData); self::assertSame($testUser->getId(), $jsonData['userId']); self::assertEquals('Updated during test', $jsonData['about']); $this->client->request('GET', '/api/users/'.(string) $testUser->getId(), server: ['HTTP_AUTHORIZATION' => $codes['token_type'].' '.$codes['access_token']]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::USER_RESPONSE_KEYS, $jsonData); self::assertSame($testUser->getId(), $jsonData['userId']); self::assertEquals('Updated during test', $jsonData['about']); } public function testApiCanUpdateCurrentUserTitle(): void { self::createOAuth2AuthCodeClient(); $testUser = $this->getUserByUsername('JohnDoe'); $this->client->loginUser($testUser); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read user:profile:edit user:profile:read'); $this->client->request('GET', '/api/users/'.$testUser->getId(), server: ['HTTP_AUTHORIZATION' => $codes['token_type'].' '.$codes['access_token']]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::USER_RESPONSE_KEYS, $jsonData); self::assertSame($testUser->getId(), $jsonData['userId']); self::assertNull($jsonData['title']); // region set title $this->client->jsonRequest( 'PUT', '/api/users/profile', parameters: [ 'title' => 'Custom user-name', ], server: ['HTTP_AUTHORIZATION' => $codes['token_type'].' '.$codes['access_token']] ); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::USER_RESPONSE_KEYS, $jsonData); self::assertSame($testUser->getId(), $jsonData['userId']); self::assertEquals('Custom user-name', $jsonData['title']); $this->client->request('GET', '/api/users/'.$testUser->getId(), server: ['HTTP_AUTHORIZATION' => $codes['token_type'].' '.$codes['access_token']]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::USER_RESPONSE_KEYS, $jsonData); self::assertSame($testUser->getId(), $jsonData['userId']); self::assertEquals('Custom user-name', $jsonData['title']); // endregion // region reset title $this->client->jsonRequest( 'PUT', '/api/users/profile', parameters: [], server: ['HTTP_AUTHORIZATION' => $codes['token_type'].' '.$codes['access_token']] ); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::USER_RESPONSE_KEYS, $jsonData); self::assertSame($testUser->getId(), $jsonData['userId']); self::assertNull($jsonData['title']); $this->client->request('GET', '/api/users/'.$testUser->getId(), server: ['HTTP_AUTHORIZATION' => $codes['token_type'].' '.$codes['access_token']]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::USER_RESPONSE_KEYS, $jsonData); self::assertSame($testUser->getId(), $jsonData['userId']); self::assertNull($jsonData['title']); // endregion } public function testApiCannotUpdateCurrentUserTitleWithWhitespaces() { self::createOAuth2AuthCodeClient(); $testUser = $this->getUserByUsername('JohnDoe'); $this->client->loginUser($testUser); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read user:profile:edit user:profile:read'); $this->client->request('GET', '/api/users/'.$testUser->getId(), server: ['HTTP_AUTHORIZATION' => $codes['token_type'].' '.$codes['access_token']]); self::assertResponseIsSuccessful(); $this->client->jsonRequest( 'PUT', '/api/users/profile', parameters: [ 'title' => " \t", ], server: ['HTTP_AUTHORIZATION' => $codes['token_type'].' '.$codes['access_token']] ); self::assertResponseStatusCodeSame(400); $this->client->jsonRequest( 'PUT', '/api/users/profile', parameters: [ 'title' => '', ], server: ['HTTP_AUTHORIZATION' => $codes['token_type'].' '.$codes['access_token']] ); self::assertResponseStatusCodeSame(400); $this->client->jsonRequest( 'PUT', '/api/users/profile', parameters: [ 'title' => ' . ', ], server: ['HTTP_AUTHORIZATION' => $codes['token_type'].' '.$codes['access_token']] ); self::assertResponseStatusCodeSame(400); } public function testApiCannotUpdateCurrentUserSettingsWithoutScope(): void { self::createOAuth2AuthCodeClient(); $testUser = $this->getUserByUsername('JohnDoe'); $this->client->loginUser($testUser); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read user:profile:read'); $settings = (new UserSettingsDto( false, false, false, false, false, false, false, false, false, false, false, User::HOMEPAGE_MOD, Criteria::SORT_HOT, Criteria::SORT_HOT, false, ['test'], ['en'], directMessageSetting: EDirectMessageSettings::Everyone->value, frontDefaultContent: EFrontContentOptions::Combined->value, ))->jsonSerialize(); $this->client->jsonRequest( 'PUT', '/api/users/settings', parameters: $settings, server: ['HTTP_AUTHORIZATION' => $codes['token_type'].' '.$codes['access_token']] ); self::assertResponseStatusCodeSame(403); } public function testApiCanUpdateCurrentUserSettings(): void { self::createOAuth2AuthCodeClient(); $testUser = $this->getUserByUsername('JohnDoe'); $this->client->loginUser($testUser); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read user:profile:edit user:profile:read'); $settings = (new UserSettingsDto( false, false, false, false, false, false, false, false, false, false, false, User::HOMEPAGE_MOD, Criteria::SORT_NEW, Criteria::SORT_TOP, false, ['test'], ['en'], directMessageSetting: EDirectMessageSettings::FollowersOnly->value, frontDefaultContent: EFrontContentOptions::Threads->value, discoverable: false, indexable: false, ))->jsonSerialize(); $this->client->jsonRequest( 'PUT', '/api/users/settings', parameters: $settings, server: ['HTTP_AUTHORIZATION' => $codes['token_type'].' '.$codes['access_token']] ); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(UserRetrieveApiTest::USER_SETTINGS_KEYS, $jsonData); self::assertFalse($jsonData['notifyOnNewEntry']); self::assertFalse($jsonData['notifyOnNewEntryReply']); self::assertFalse($jsonData['notifyOnNewEntryCommentReply']); self::assertFalse($jsonData['notifyOnNewPost']); self::assertFalse($jsonData['notifyOnNewPostReply']); self::assertFalse($jsonData['notifyOnNewPostCommentReply']); self::assertFalse($jsonData['hideAdult']); self::assertFalse($jsonData['showProfileSubscriptions']); self::assertFalse($jsonData['showProfileFollowings']); self::assertFalse($jsonData['addMentionsEntries']); self::assertFalse($jsonData['addMentionsPosts']); self::assertFalse($jsonData['discoverable']); self::assertEquals(User::HOMEPAGE_MOD, $jsonData['homepage']); self::assertEquals(Criteria::SORT_NEW, $jsonData['frontDefaultSort']); self::assertEquals(Criteria::SORT_TOP, $jsonData['commentDefaultSort']); self::assertEquals(['test'], $jsonData['featuredMagazines']); self::assertEquals(['en'], $jsonData['preferredLanguages']); self::assertEquals(EDirectMessageSettings::FollowersOnly->value, $jsonData['directMessageSetting']); self::assertEquals(EFrontContentOptions::Threads->value, $jsonData['frontDefaultContent']); self::assertFalse($jsonData['indexable']); $this->client->request('GET', '/api/users/settings', server: ['HTTP_AUTHORIZATION' => $codes['token_type'].' '.$codes['access_token']]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(UserRetrieveApiTest::USER_SETTINGS_KEYS, $jsonData); self::assertFalse($jsonData['notifyOnNewEntry']); self::assertFalse($jsonData['notifyOnNewEntryReply']); self::assertFalse($jsonData['notifyOnNewEntryCommentReply']); self::assertFalse($jsonData['notifyOnNewPost']); self::assertFalse($jsonData['notifyOnNewPostReply']); self::assertFalse($jsonData['notifyOnNewPostCommentReply']); self::assertFalse($jsonData['hideAdult']); self::assertFalse($jsonData['showProfileSubscriptions']); self::assertFalse($jsonData['showProfileFollowings']); self::assertFalse($jsonData['addMentionsEntries']); self::assertFalse($jsonData['addMentionsPosts']); self::assertFalse($jsonData['discoverable']); self::assertEquals(User::HOMEPAGE_MOD, $jsonData['homepage']); self::assertEquals(Criteria::SORT_NEW, $jsonData['frontDefaultSort']); self::assertEquals(Criteria::SORT_TOP, $jsonData['commentDefaultSort']); self::assertEquals(['test'], $jsonData['featuredMagazines']); self::assertEquals(['en'], $jsonData['preferredLanguages']); self::assertEquals(EDirectMessageSettings::FollowersOnly->value, $jsonData['directMessageSetting']); self::assertEquals(EFrontContentOptions::Threads->value, $jsonData['frontDefaultContent']); self::assertFalse($jsonData['indexable']); } } ================================================ FILE: tests/Functional/Controller/Api/User/UserUpdateImagesApiTest.php ================================================ kibbyPath = \dirname(__FILE__, 5).'/assets/kibby_emoji.png'; } public function testApiCannotUpdateCurrentUserAvatarWithoutScope(): void { self::createOAuth2AuthCodeClient(); $testUser = $this->getUserByUsername('JohnDoe'); $this->client->loginUser($testUser); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read user:profile:read'); // Uploading a file appears to delete the file at the given path, so make a copy before upload copy($this->kibbyPath, $this->kibbyPath.'.tmp'); $image = new UploadedFile($this->kibbyPath.'.tmp', 'kibby_emoji.png', 'image/png'); $this->client->request( 'POST', '/api/users/avatar', files: ['uploadImage' => $image], server: ['HTTP_AUTHORIZATION' => $codes['token_type'].' '.$codes['access_token']] ); self::assertResponseStatusCodeSame(403); } public function testApiCannotUpdateCurrentUserCoverWithoutScope(): void { self::createOAuth2AuthCodeClient(); $testUser = $this->getUserByUsername('JohnDoe'); $this->client->loginUser($testUser); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read user:profile:read'); // Uploading a file appears to delete the file at the given path, so make a copy before upload copy($this->kibbyPath, $this->kibbyPath.'.tmp'); $image = new UploadedFile($this->kibbyPath.'.tmp', 'kibby_emoji.png', 'image/png'); $this->client->request( 'POST', '/api/users/cover', files: ['uploadImage' => $image], server: ['HTTP_AUTHORIZATION' => $codes['token_type'].' '.$codes['access_token']] ); self::assertResponseStatusCodeSame(403); } public function testApiCannotDeleteCurrentUserAvatarWithoutScope(): void { self::createOAuth2AuthCodeClient(); $testUser = $this->getUserByUsername('JohnDoe'); $this->client->loginUser($testUser); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read user:profile:read'); $this->client->request('DELETE', '/api/users/avatar', server: ['HTTP_AUTHORIZATION' => $codes['token_type'].' '.$codes['access_token']]); self::assertResponseStatusCodeSame(403); } public function testApiCannotDeleteCurrentUserCoverWithoutScope(): void { self::createOAuth2AuthCodeClient(); $testUser = $this->getUserByUsername('JohnDoe'); $this->client->loginUser($testUser); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read user:profile:read'); $this->client->request('DELETE', '/api/users/cover', server: ['HTTP_AUTHORIZATION' => $codes['token_type'].' '.$codes['access_token']]); self::assertResponseStatusCodeSame(403); } public function testApiCanUpdateAndDeleteCurrentUserAvatar(): void { self::createOAuth2AuthCodeClient(); $testUser = $this->getUserByUsername('JohnDoe'); $this->client->loginUser($testUser); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read user:profile:edit user:profile:read'); // Uploading a file appears to delete the file at the given path, so make a copy before upload $tmpPath = bin2hex(random_bytes(32)); copy($this->kibbyPath, $tmpPath.'.png'); $image = new UploadedFile($tmpPath.'.png', 'kibby_emoji.png', 'image/png'); $imageManager = $this->imageManager; $expectedPath = $imageManager->getFilePath($image->getFilename()); $this->client->request( 'POST', '/api/users/avatar', files: ['uploadImage' => $image], server: ['HTTP_AUTHORIZATION' => $codes['token_type'].' '.$codes['access_token']] ); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::USER_RESPONSE_KEYS, $jsonData); self::assertIsArray($jsonData['avatar']); self::assertArrayKeysMatch(self::IMAGE_KEYS, $jsonData['avatar']); self::assertSame(96, $jsonData['avatar']['width']); self::assertSame(96, $jsonData['avatar']['height']); self::assertEquals($expectedPath, $jsonData['avatar']['filePath']); // Clean up test data as well as checking that DELETE works // This isn't great, but since people could have their media directory // pretty much anywhere, its difficult to reliably clean up uploaded files // otherwise. This is certainly something that could be improved. $this->client->request('DELETE', '/api/users/avatar', server: ['HTTP_AUTHORIZATION' => $codes['token_type'].' '.$codes['access_token']]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::USER_RESPONSE_KEYS, $jsonData); self::assertNull($jsonData['avatar']); } public function testApiCanUpdateAndDeleteCurrentUserCover(): void { $imageManager = $this->imageManager; self::createOAuth2AuthCodeClient(); $testUser = $this->getUserByUsername('JohnDoe'); $this->client->loginUser($testUser); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read user:profile:edit user:profile:read'); // Uploading a file appears to delete the file at the given path, so make a copy before upload $tmpPath = bin2hex(random_bytes(32)); copy($this->kibbyPath, $tmpPath.'.png'); $image = new UploadedFile($tmpPath.'.png', 'kibby_emoji.png', 'image/png'); $expectedPath = $imageManager->getFilePath($image->getFilename()); $this->client->request( 'POST', '/api/users/cover', files: ['uploadImage' => $image], server: ['HTTP_AUTHORIZATION' => $codes['token_type'].' '.$codes['access_token']] ); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::USER_RESPONSE_KEYS, $jsonData); self::assertIsArray($jsonData['cover']); self::assertArrayKeysMatch(self::IMAGE_KEYS, $jsonData['cover']); self::assertSame(96, $jsonData['cover']['width']); self::assertSame(96, $jsonData['cover']['height']); self::assertEquals($expectedPath, $jsonData['cover']['filePath']); // Clean up test data as well as checking that DELETE works // This isn't great, but since people could have their media directory // pretty much anywhere, its difficult to reliably clean up uploaded files // otherwise. This is certainly something that could be improved. $this->client->request('DELETE', '/api/users/cover', server: ['HTTP_AUTHORIZATION' => $codes['token_type'].' '.$codes['access_token']]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::USER_RESPONSE_KEYS, $jsonData); self::assertNull($jsonData['cover']); } } ================================================ FILE: tests/Functional/Controller/Api/User/UserUpdateOAuthConsentsApiTest.php ================================================ getUserByUsername('someuser'); $this->client->loginUser($testUser); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read user:oauth_clients:read'); $this->client->request('GET', '/api/users/consents', server: ['HTTP_AUTHORIZATION' => $codes['token_type'].' '.$codes['access_token']]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::PAGINATED_KEYS, $jsonData); self::assertCount(1, $jsonData['items']); self::assertArrayKeysMatch(UserRetrieveOAuthConsentsApiTest::CONSENT_RESPONSE_KEYS, $jsonData['items'][0]); $this->client->jsonRequest( 'PUT', '/api/users/consents/'.(string) $jsonData['items'][0]['consentId'], server: ['HTTP_AUTHORIZATION' => $codes['token_type'].' '.$codes['access_token']] ); self::assertResponseStatusCodeSame(403); } public function testApiCanUpdateConsents(): void { self::createOAuth2AuthCodeClient(); $testUser = $this->getUserByUsername('someuser'); $this->client->loginUser($testUser); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read user:oauth_clients:read user:oauth_clients:edit user:follow'); $this->client->request('GET', '/api/users/consents', server: ['HTTP_AUTHORIZATION' => $codes['token_type'].' '.$codes['access_token']]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::PAGINATED_KEYS, $jsonData); self::assertCount(1, $jsonData['items']); self::assertArrayKeysMatch(UserRetrieveOAuthConsentsApiTest::CONSENT_RESPONSE_KEYS, $jsonData['items'][0]); self::assertEquals([ 'read', 'user:oauth_clients:read', 'user:oauth_clients:edit', 'user:follow', ], $jsonData['items'][0]['scopesGranted']); $this->client->jsonRequest( 'PUT', '/api/users/consents/'.(string) $jsonData['items'][0]['consentId'], parameters: ['scopes' => [ 'read', 'user:oauth_clients:read', 'user:oauth_clients:edit', ]], server: ['HTTP_AUTHORIZATION' => $codes['token_type'].' '.$codes['access_token']] ); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(UserRetrieveOAuthConsentsApiTest::CONSENT_RESPONSE_KEYS, $jsonData); self::assertEquals([ 'read', 'user:oauth_clients:read', 'user:oauth_clients:edit', ], $jsonData['scopesGranted']); } public function testApiUpdatingConsentsDoesNotAffectExistingKeys(): void { self::createOAuth2AuthCodeClient(); $testUser = $this->getUserByUsername('someuser'); $this->client->loginUser($testUser); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read user:oauth_clients:read user:oauth_clients:edit user:follow'); $this->client->request('GET', '/api/users/consents', server: ['HTTP_AUTHORIZATION' => $codes['token_type'].' '.$codes['access_token']]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); $this->client->jsonRequest( 'PUT', '/api/users/consents/'.(string) $jsonData['items'][0]['consentId'], parameters: ['scopes' => [ 'read', 'user:oauth_clients:edit', ]], server: ['HTTP_AUTHORIZATION' => $codes['token_type'].' '.$codes['access_token']] ); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); // Existing token still has permission to read oauth consents despite client consent being revoked. $this->client->jsonRequest( 'GET', '/api/users/consents/'.(string) $jsonData['consentId'], server: ['HTTP_AUTHORIZATION' => $codes['token_type'].' '.$codes['access_token']] ); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(UserRetrieveOAuthConsentsApiTest::CONSENT_RESPONSE_KEYS, $jsonData); self::assertEquals([ 'read', 'user:oauth_clients:edit', ], $jsonData['scopesGranted']); } public function testApiCannotAddConsents(): void { self::createOAuth2AuthCodeClient(); $testUser = $this->getUserByUsername('someuser'); $this->client->loginUser($testUser); $codes = self::getAuthorizationCodeTokenResponse($this->client, scopes: 'read user:oauth_clients:read user:oauth_clients:edit user:follow'); $this->client->request('GET', '/api/users/consents', server: ['HTTP_AUTHORIZATION' => $codes['token_type'].' '.$codes['access_token']]); self::assertResponseIsSuccessful(); $jsonData = self::getJsonResponse($this->client); self::assertIsArray($jsonData); self::assertArrayKeysMatch(self::PAGINATED_KEYS, $jsonData); self::assertCount(1, $jsonData['items']); self::assertArrayKeysMatch(UserRetrieveOAuthConsentsApiTest::CONSENT_RESPONSE_KEYS, $jsonData['items'][0]); self::assertEquals([ 'read', 'user:oauth_clients:read', 'user:oauth_clients:edit', 'user:follow', ], $jsonData['items'][0]['scopesGranted']); $this->client->jsonRequest( 'PUT', '/api/users/consents/'.(string) $jsonData['items'][0]['consentId'], parameters: ['scopes' => [ 'read', 'user:oauth_clients:read', 'user:oauth_clients:edit', 'user:block', ]], server: ['HTTP_AUTHORIZATION' => $codes['token_type'].' '.$codes['access_token']] ); self::assertResponseStatusCodeSame(403); } } ================================================ FILE: tests/Functional/Controller/Domain/DomainBlockControllerTest.php ================================================ createEntry( 'test entry 1', $this->getMagazineByName('acme'), $this->getUserByUsername('JohnDoe'), 'http://kbin.pub/instances' ); $this->client->loginUser($this->getUserByUsername('JaneDoe')); $crawler = $this->client->request('GET', '/d/kbin.pub'); // Block $this->client->submit($crawler->filter('#sidebar form[name=domain_block] button')->form()); $crawler = $this->client->followRedirect(); $this->assertSelectorExists('#sidebar form[name=domain_block] .active'); // Unblock $this->client->submit($crawler->filter('#sidebar form[name=domain_block] button')->form()); $this->client->followRedirect(); $this->assertSelectorNotExists('#sidebar form[name=domain_block] .active'); } #[Group(name: 'NonThreadSafe')] public function testXmlUserCanBlockDomain(): void { $entry = $this->createEntry( 'test entry 1', $this->getMagazineByName('acme'), $this->getUserByUsername('JohnDoe'), 'http://kbin.pub/instances' ); $this->client->loginUser($this->getUserByUsername('JaneDoe')); $crawler = $this->client->request('GET', '/d/kbin.pub'); $this->client->setServerParameter('HTTP_X-Requested-With', 'XMLHttpRequest'); $this->client->submit($crawler->filter('#sidebar form[name=domain_block] button')->form()); $this->assertStringContainsString('{"html":', $this->client->getResponse()->getContent()); $this->assertStringContainsString('active', $this->client->getResponse()->getContent()); } #[Group(name: 'NonThreadSafe')] public function testXmlUserCanUnblockDomain(): void { $entry = $this->createEntry( 'test entry 1', $this->getMagazineByName('acme'), $this->getUserByUsername('JohnDoe'), 'http://kbin.pub/instances' ); $this->client->loginUser($this->getUserByUsername('JaneDoe')); $crawler = $this->client->request('GET', '/d/kbin.pub'); // Block $this->client->submit($crawler->filter('#sidebar form[name=domain_block] button')->form()); $crawler = $this->client->followRedirect(); // Unblock $this->client->setServerParameter('HTTP_X-Requested-With', 'XMLHttpRequest'); $this->client->submit($crawler->filter('#sidebar form[name=domain_block] button')->form()); $this->assertStringContainsString('{"html":', $this->client->getResponse()->getContent()); $this->assertStringNotContainsString('active', $this->client->getResponse()->getContent()); } } ================================================ FILE: tests/Functional/Controller/Domain/DomainCommentFrontControllerTest.php ================================================ createEntry( 'test entry 1', $this->getMagazineByName('acme'), $this->getUserByUsername('JohnDoe'), 'http://kbin.pub/instances' ); $this->createEntryComment('test comment 1', $entry); $crawler = $this->client->request('GET', '/d/kbin.pub'); $crawler = $this->client->click($crawler->filter('#header')->selectLink('Comments')->link()); $this->assertSelectorTextContains('#header', '/d/kbin.pub'); $this->assertSelectorTextContains('blockquote header', 'JohnDoe'); $this->assertSelectorTextContains('blockquote header', 'to acme in test entry 1'); $this->assertSelectorTextContains('blockquote .content', 'test comment 1'); foreach ($this->getSortOptions() as $sortOption) { $crawler = $this->client->click($crawler->filter('.options__filter')->selectLink($sortOption)->link()); $this->assertSelectorTextContains('.options__filter', $sortOption); $this->assertSelectorTextContains('h1', 'kbin.pub'); $this->assertSelectorTextContains('h2', ucfirst($sortOption)); } } private function getSortOptions(): array { return ['Hot', 'Newest', 'Active', 'Oldest']; } } ================================================ FILE: tests/Functional/Controller/Domain/DomainFrontControllerTest.php ================================================ createEntry( 'test entry 1', $this->getMagazineByName('acme'), $this->getUserByUsername('JohnDoe'), 'http://kbin.pub/instances' ); $crawler = $this->client->request('GET', '/'); $crawler = $this->client->click($crawler->filter('#content article')->selectLink('More from domain')->link()); $this->assertSelectorTextContains('#header', '/d/kbin.pub'); $this->assertSelectorTextContains('.entry__meta', 'JohnDoe'); $this->assertSelectorTextContains('.entry__meta', 'to acme'); foreach ($this->getSortOptions() as $sortOption) { $crawler = $this->client->click($crawler->filter('.options__filter')->selectLink($sortOption)->link()); $this->assertSelectorTextContains('.options__filter', $sortOption); $this->assertSelectorTextContains('h1', 'kbin.pub'); $this->assertSelectorTextContains('h2', ucfirst($sortOption)); } } private function getSortOptions(): array { return ['Top', 'Hot', 'Newest', 'Active', 'Commented']; } } ================================================ FILE: tests/Functional/Controller/Domain/DomainSubControllerTest.php ================================================ createEntry( 'test entry 1', $this->getMagazineByName('acme'), $this->getUserByUsername('JohnDoe'), 'http://kbin.pub/instances' ); $this->client->loginUser($this->getUserByUsername('JaneDoe')); $crawler = $this->client->request('GET', '/d/kbin.pub'); // Subscribe $this->client->submit($crawler->filter('#sidebar .domain')->selectButton('Subscribe')->form()); $crawler = $this->client->followRedirect(); $this->assertSelectorExists('#sidebar form[name=domain_subscribe] .active'); $this->assertSelectorTextContains('#sidebar .domain', 'Unsubscribe'); $this->assertSelectorTextContains('#sidebar .domain', '1'); // Unsubscribe $this->client->submit($crawler->filter('#sidebar .domain')->selectButton('Unsubscribe')->form()); $this->client->followRedirect(); $this->assertSelectorNotExists('#sidebar form[name=domain_subscribe] .active'); $this->assertSelectorTextContains('#sidebar .domain', 'Subscribe'); $this->assertSelectorTextContains('#sidebar .domain', '0'); } public function testXmlUserCanSubDomain(): void { $this->createEntry( 'test entry 1', $this->getMagazineByName('acme'), $this->getUserByUsername('JohnDoe'), 'http://kbin.pub/instances' ); $this->client->loginUser($this->getUserByUsername('JaneDoe')); $crawler = $this->client->request('GET', '/d/kbin.pub'); // Subscribe $this->client->setServerParameter('HTTP_X-Requested-With', 'XMLHttpRequest'); $this->client->submit($crawler->filter('#sidebar .domain')->selectButton('Subscribe')->form()); $this->assertStringContainsString('{"html":', $this->client->getResponse()->getContent()); $this->assertStringContainsString('Unsubscribe', $this->client->getResponse()->getContent()); } public function testXmlUserCanUnsubDomain(): void { $this->createEntry( 'test entry 1', $this->getMagazineByName('acme'), $this->getUserByUsername('JohnDoe'), 'http://kbin.pub/instances' ); $this->client->loginUser($this->getUserByUsername('JaneDoe')); $crawler = $this->client->request('GET', '/d/kbin.pub'); // Subscribe $this->client->submit($crawler->filter('#sidebar .domain')->selectButton('Subscribe')->form()); $crawler = $this->client->followRedirect(); // Unsubscribe $this->client->setServerParameter('HTTP_X-Requested-With', 'XMLHttpRequest'); $this->client->submit($crawler->filter('#sidebar .domain')->selectButton('Unsubscribe')->form()); $this->assertStringContainsString('{"html":', $this->client->getResponse()->getContent()); $this->assertStringContainsString('Subscribe', $this->client->getResponse()->getContent()); } } ================================================ FILE: tests/Functional/Controller/Entry/Comment/EntryCommentBoostControllerTest.php ================================================ client->loginUser($this->getUserByUsername('JohnDoe')); $entry = $this->getEntryByTitle( 'test entry 1', 'https://kbin.pub', null, null, $this->getUserByUsername('JaneDoe') ); $this->createEntryComment('test comment 1', $entry, $this->getUserByUsername('JaneDoe')); $crawler = $this->client->request('GET', "/m/acme/t/{$entry->getId()}/test-entry-1"); $this->client->submit( $crawler->filter('#main .entry-comment')->selectButton('Boost')->form() ); $this->client->followRedirect(); self::assertResponseIsSuccessful(); $crawler = $this->client->request('GET', "/m/acme/t/{$entry->getId()}/test-entry-1"); $this->assertSelectorTextContains('#main .entry-comment', 'Boost (1)'); $crawler = $this->client->click($crawler->filter('#main .entry-comment')->selectLink('Activity')->link()); $this->client->click($crawler->filter('#main #activity')->selectLink('Boosts (1)')->link()); $this->assertSelectorTextContains('#main .users-columns', 'JohnDoe'); } } ================================================ FILE: tests/Functional/Controller/Entry/Comment/EntryCommentChangeLangControllerTest.php ================================================ client->loginUser($this->getUserByUsername('JohnDoe')); $comment = $this->createEntryComment('test comment 1'); $crawler = $this->client->request('GET', "/m/acme/t/{$comment->entry->getId()}/-/comment/{$comment->getId()}/moderate"); $form = $crawler->filter('.moderate-panel')->selectButton('lang[submit]')->form(); $this->assertSame($form['lang']['lang']->getValue(), 'en'); $form['lang']['lang']->select('fr'); $this->client->submit($form); $this->client->followRedirect(); $this->assertSelectorTextContains('#main .badge-lang', 'French'); } } ================================================ FILE: tests/Functional/Controller/Entry/Comment/EntryCommentCreateControllerTest.php ================================================ kibbyPath = \dirname(__FILE__, 5).'/assets/kibby_emoji.png'; } public function testUserCanCreateEntryComment(): void { $this->client->loginUser($this->getUserByUsername('JohnDoe')); $entry = $this->getEntryByTitle('test entry 1', 'https://kbin.pub'); $crawler = $this->client->request('GET', "/m/acme/t/{$entry->getId()}/test-entry-1"); $this->client->submit( $crawler->filter('form[name=entry_comment]')->selectButton('Add comment')->form( [ 'entry_comment[body]' => 'test comment 1', ] ) ); $this->assertResponseRedirects('/m/acme/t/'.$entry->getId().'/test-entry-1'); $this->client->followRedirect(); $this->assertSelectorTextContains('#main blockquote', 'test comment 1'); } public function testUserCannotCreateEntryCommentInLockedEntry(): void { $user = $this->getUserByUsername('JohnDoe'); $this->client->loginUser($user); $entry = $this->getEntryByTitle('test entry 1', 'https://kbin.pub'); $this->entryManager->toggleLock($entry, $user); $this->client->request('GET', "/m/acme/t/{$entry->getId()}/test-entry-1"); self::assertSelectorTextNotContains('#main', 'Add comment'); } #[Group(name: 'NonThreadSafe')] public function testUserCanCreateEntryCommentWithImage(): void { $this->client->loginUser($this->getUserByUsername('JohnDoe')); $entry = $this->getEntryByTitle('test entry 1', 'https://kbin.pub'); $crawler = $this->client->request('GET', "/m/acme/t/{$entry->getId()}/test-entry-1"); $form = $crawler->filter('form[name=entry_comment]')->selectButton('entry_comment[submit]')->form(); $form->get('entry_comment[body]')->setValue('test comment 1'); $form->get('entry_comment[image]')->upload($this->kibbyPath); // Needed since we require this global to be set when validating entries but the client doesn't actually set it $_FILES = $form->getPhpFiles(); $this->client->submit($form); $this->assertResponseRedirects('/m/acme/t/'.$entry->getId().'/test-entry-1'); $crawler = $this->client->followRedirect(); $this->assertSelectorTextContains('#main blockquote', 'test comment 1'); $this->assertSelectorExists('blockquote footer figure img'); $imgSrc = $crawler->filter('blockquote footer figure img')->getNode(0)->attributes->getNamedItem('src')->textContent; $this->assertStringContainsString(self::KIBBY_PNG_URL_RESULT, $imgSrc); $_FILES = []; } #[Group(name: 'NonThreadSafe')] public function testUserCanReplyEntryComment(): void { $comment = $this->createEntryComment( 'test comment 1', $entry = $this->getEntryByTitle('test entry 1', 'https://kbin.pub'), $this->getUserByUsername('JaneDoe') ); $this->client->loginUser($this->getUserByUsername('JohnDoe')); $crawler = $this->client->request('GET', "/m/acme/t/{$entry->getId()}/test-entry-1"); $crawler = $this->client->click($crawler->filter('#entry-comment-'.$comment->getId())->selectLink('Reply')->link()); $this->assertSelectorTextContains('#main blockquote', 'test comment 1'); $crawler = $this->client->submit( $crawler->filter('form[name=entry_comment]')->selectButton('Add comment')->form( [ 'entry_comment[body]' => 'test comment 2', ] ) ); $this->assertResponseRedirects('/m/acme/t/'.$entry->getId().'/test-entry-1'); $crawler = $this->client->followRedirect(); $this->assertEquals(2, $crawler->filter('#main blockquote')->count()); } #[Group(name: 'NonThreadSafe')] public function testUserCantCreateInvalidEntryComment(): void { $this->client->loginUser($this->getUserByUsername('JohnDoe')); $entry = $this->getEntryByTitle('test entry 1', 'https://kbin.pub'); $crawler = $this->client->request('GET', "/m/acme/t/{$entry->getId()}/test-entry-1"); $this->client->submit( $crawler->filter('form[name=entry_comment]')->selectButton('Add comment')->form( [ 'entry_comment[body]' => '', ] ) ); $this->assertSelectorTextContains( '#content', 'This value should not be blank.' ); } } ================================================ FILE: tests/Functional/Controller/Entry/Comment/EntryCommentDeleteControllerTest.php ================================================ getUserByUsername('user'); $magazine = $this->getMagazineByName('acme'); $entry = $this->getEntryByTitle('comment deletion test', body: 'a comment will be deleted', magazine: $magazine, user: $user); $comment = $this->createEntryComment('Delete me!', $entry, $user); $this->client->loginUser($user); $crawler = $this->client->request('GET', "/m/acme/t/{$entry->getId()}/comment-deletion-test"); $this->assertSelectorExists('#comments form[action$="delete"]'); $this->client->submit( $crawler->filter('#comments form[action$="delete"]')->selectButton('Delete')->form() ); $this->assertResponseRedirects(); } public function testUserCanSoftDeleteEntryComment() { $user = $this->getUserByUsername('user'); $magazine = $this->getMagazineByName('acme'); $entry = $this->getEntryByTitle('comment deletion test', body: 'a comment will be deleted', magazine: $magazine, user: $user); $comment = $this->createEntryComment('Delete me!', $entry, $user); $reply = $this->createEntryComment('Are you deleted yet?', $entry, $user, $comment); $this->client->loginUser($user); $crawler = $this->client->request('GET', "/m/acme/t/{$entry->getId()}/comment-deletion-test"); $this->assertSelectorExists("#entry-comment-{$comment->getId()} form[action$=\"delete\"]"); $this->client->submit( $crawler->filter("#entry-comment-{$comment->getId()} form[action$=\"delete\"]")->selectButton('Delete')->form() ); $this->assertResponseRedirects(); $crawler = $this->client->followRedirect(); $translator = $this->translator; $this->assertSelectorTextContains("#entry-comment-{$comment->getId()} .content", $translator->trans('deleted_by_author')); } } ================================================ FILE: tests/Functional/Controller/Entry/Comment/EntryCommentEditControllerTest.php ================================================ client->loginUser($this->getUserByUsername('JohnDoe')); $entry = $this->getEntryByTitle('test entry 1', 'https://kbin.pub'); $this->createEntryComment('test comment 1', $entry); $crawler = $this->client->request('GET', "/m/acme/t/{$entry->getId()}/test-entry-1"); $crawler = $this->client->click($crawler->filter('#main .entry-comment')->selectLink('Edit')->link()); $this->assertSelectorExists('#main .entry-comment'); $this->assertSelectorTextContains('#main .entry-comment', 'test comment 1'); $this->client->submit( $crawler->filter('form[name=entry_comment]')->selectButton('Update comment')->form( [ 'entry_comment[body]' => 'test comment 2 body', ] ) ); $this->client->followRedirect(); $this->assertSelectorTextContains('#main .entry-comment', 'test comment 2 body'); } #[Group(name: 'NonThreadSafe')] public function testAuthorCanEditOwnEntryCommentWithImage(): void { $this->client->loginUser($this->getUserByUsername('JohnDoe')); $imageDto = $this->getKibbyImageDto(); $entry = $this->getEntryByTitle('test entry 1', 'https://kbin.pub'); $this->createEntryComment('test comment 1', $entry, imageDto: $imageDto); $crawler = $this->client->request('GET', "/m/acme/t/{$entry->getId()}/test-entry-1"); $crawler = $this->client->click($crawler->filter('#main .entry-comment')->selectLink('Edit')->link()); $this->assertSelectorExists('#main .entry-comment'); $this->assertSelectorTextContains('#main .entry-comment', 'test comment 1'); $this->assertSelectorExists('#main .entry-comment img'); $node = $crawler->selectImage('kibby')->getNode(0); $this->assertNotNull($node); $this->assertStringContainsString($imageDto->filePath, $node->attributes->getNamedItem('src')->textContent); $this->client->submit( $crawler->filter('form[name=entry_comment]')->selectButton('Update comment')->form( [ 'entry_comment[body]' => 'test comment 2 body', ] ) ); $crawler = $this->client->followRedirect(); $this->assertSelectorTextContains('#main .entry-comment', 'test comment 2 body'); $this->assertSelectorExists('#main .entry-comment img'); $node = $crawler->selectImage('kibby')->getNode(0); $this->assertNotNull($node); $this->assertStringContainsString($imageDto->filePath, $node->attributes->getNamedItem('src')->textContent); } } ================================================ FILE: tests/Functional/Controller/Entry/Comment/EntryCommentFrontControllerTest.php ================================================ client = $this->prepareEntries(); $this->client->request('GET', '/comments'); $this->assertSelectorTextContains('h1', 'Hot'); $crawler = $this->client->request('GET', '/comments/newest'); $this->assertSelectorTextContains('blockquote header', 'JohnDoe'); $this->assertSelectorTextContains('blockquote header', 'to kbin in test entry 2'); $this->assertSelectorTextContains('blockquote .content', 'test comment 3'); $this->assertcount(3, $crawler->filter('.comment')); foreach ($this->getSortOptions() as $sortOption) { $crawler = $this->client->click($crawler->filter('.options__filter')->selectLink($sortOption)->link()); $this->assertSelectorTextContains('.options__filter', $sortOption); $this->assertSelectorTextContains('h1', ucfirst($sortOption)); } } public function testMagazinePage(): void { $this->client = $this->prepareEntries(); $this->client->request('GET', '/m/acme/comments'); $this->assertSelectorTextContains('h2', 'Hot'); $crawler = $this->client->request('GET', '/m/acme/comments/newest'); $this->assertSelectorTextContains('blockquote header', 'JohnDoe'); $this->assertSelectorTextNotContains('blockquote header', 'to acme'); $this->assertSelectorTextContains('blockquote header', 'in test entry 1'); $this->assertSelectorTextContains('blockquote .content', 'test comment 2'); $this->assertSelectorTextContains('.head-title', '/m/acme'); $this->assertSelectorTextContains('#sidebar .magazine', 'acme'); $this->assertcount(2, $crawler->filter('.comment')); foreach ($this->getSortOptions() as $sortOption) { $crawler = $this->client->click($crawler->filter('.options__filter')->selectLink($sortOption)->link()); $this->assertSelectorTextContains('.options__filter', $sortOption); $this->assertSelectorTextContains('h1', 'acme'); $this->assertSelectorTextContains('h2', ucfirst($sortOption)); } } public function testSubPage(): void { $this->client = $this->prepareEntries(); $magazineManager = $this->client->getContainer()->get(MagazineManager::class); $magazineManager->subscribe($this->getMagazineByName('acme'), $this->getUserByUsername('Actor')); $this->client->loginUser($this->getUserByUsername('Actor')); $this->client->request('GET', '/sub/comments'); $this->assertSelectorTextContains('h1', 'Hot'); $crawler = $this->client->request('GET', '/sub/comments/newest'); $this->assertSelectorTextContains('blockquote header', 'JohnDoe'); $this->assertSelectorTextContains('blockquote header', 'to acme in test entry 1'); $this->assertSelectorTextContains('blockquote .content', 'test comment 2'); $this->assertSelectorTextContains('.head-title', '/sub'); $this->assertcount(2, $crawler->filter('.comment')); foreach ($this->getSortOptions() as $sortOption) { $crawler = $this->client->click($crawler->filter('.options__filter')->selectLink($sortOption)->link()); $this->assertSelectorTextContains('.options__filter', $sortOption); $this->assertSelectorTextContains('h1', ucfirst($sortOption)); } } public function testModPage(): void { $this->client = $this->prepareEntries(); $admin = $this->getUserByUsername('admin', isAdmin: true); $magazineManager = $this->client->getContainer()->get(MagazineManager::class); $moderator = new ModeratorDto($this->getMagazineByName('acme')); $moderator->user = $this->getUserByUsername('Actor'); $moderator->addedBy = $admin; $magazineManager->addModerator($moderator); $this->client->loginUser($this->getUserByUsername('Actor')); $this->client->request('GET', '/mod/comments'); $this->assertSelectorTextContains('h1', 'Hot'); $crawler = $this->client->request('GET', '/mod/comments/newest'); $this->assertSelectorTextContains('blockquote header', 'JohnDoe'); $this->assertSelectorTextContains('blockquote header', 'to acme in test entry 1'); $this->assertSelectorTextContains('blockquote .content', 'test comment 2'); $this->assertSelectorTextContains('.head-title', '/mod'); $this->assertcount(2, $crawler->filter('.comment')); foreach ($this->getSortOptions() as $sortOption) { $crawler = $this->client->click($crawler->filter('.options__filter')->selectLink($sortOption)->link()); $this->assertSelectorTextContains('.options__filter', $sortOption); $this->assertSelectorTextContains('h1', ucfirst($sortOption)); } } public function testFavPage(): void { $this->client = $this->prepareEntries(); $favouriteManager = $this->favouriteManager; $favouriteManager->toggle( $this->getUserByUsername('Actor'), $this->createEntryComment('test comment 1', $this->getEntryByTitle('test entry 1')) ); $this->client->loginUser($this->getUserByUsername('Actor')); $this->client->request('GET', '/fav/comments'); $this->assertSelectorTextContains('h1', 'Hot'); $crawler = $this->client->request('GET', '/fav/comments/newest'); $this->assertSelectorTextContains('blockquote header', 'JohnDoe'); $this->assertSelectorTextContains('blockquote header', 'to acme in test entry 1'); $this->assertSelectorTextContains('blockquote .content', 'test comment 1'); $this->assertcount(1, $crawler->filter('.comment')); foreach ($this->getSortOptions() as $sortOption) { $crawler = $this->client->click($crawler->filter('.options__filter')->selectLink($sortOption)->link()); $this->assertSelectorTextContains('.options__filter', $sortOption); $this->assertSelectorTextContains('h1', ucfirst($sortOption)); } } private function prepareEntries(): KernelBrowser { $this->createEntryComment( 'test comment 1', $this->getEntryByTitle('test entry 1', 'https://kbin.pub'), $this->getUserByUsername('JohnDoe') ); $this->createEntryComment( 'test comment 2', $this->getEntryByTitle('test entry 1', 'https://kbin.pub'), $this->getUserByUsername('JohnDoe') ); $this->createEntryComment( 'test comment 3', $this->getEntryByTitle('test entry 2', 'https://kbin.pub', null, $this->getMagazineByName('kbin')), $this->getUserByUsername('JohnDoe') ); return $this->client; } private function getSortOptions(): array { return ['Hot', 'Newest', 'Active', 'Oldest']; } } ================================================ FILE: tests/Functional/Controller/Entry/Comment/EntryCommentModerateControllerTest.php ================================================ client->loginUser($this->getUserByUsername('JohnDoe')); $comment = $this->createEntryComment('test comment 1'); $crawler = $this->client->request('get', "/m/{$comment->magazine->name}/t/{$comment->entry->getId()}"); $this->client->click($crawler->filter('#entry-comment-'.$comment->getId())->selectLink('Moderate')->link()); $this->assertSelectorTextContains('.moderate-panel', 'Ban'); } public function testXmlModCanShowPanel(): void { $this->client->loginUser($this->getUserByUsername('JohnDoe')); $comment = $this->createEntryComment('test comment 1'); $crawler = $this->client->request('get', "/m/{$comment->magazine->name}/t/{$comment->entry->getId()}"); $this->client->setServerParameter('HTTP_X-Requested-With', 'XMLHttpRequest'); $this->client->click($crawler->filter('#entry-comment-'.$comment->getId())->selectLink('Moderate')->link()); $this->assertStringContainsString('moderate-panel', $this->client->getResponse()->getContent()); } public function testUnauthorizedCanNotShowPanel(): void { $this->client->loginUser($this->getUserByUsername('JaneDoe')); $comment = $this->createEntryComment('test comment 1'); $this->client->request('get', "/m/{$comment->magazine->name}/t/{$comment->entry->getId()}"); $this->assertSelectorTextNotContains('#entry-comment-'.$comment->getId(), 'Moderate'); $this->client->request( 'get', "/m/{$comment->magazine->name}/t/{$comment->entry->getId()}/-/comment/{$comment->getId()}/moderate" ); $this->assertResponseStatusCodeSame(403); } } ================================================ FILE: tests/Functional/Controller/Entry/EntryBoostControllerTest.php ================================================ client->loginUser($this->getUserByUsername('JohnDoe')); $entry = $this->getEntryByTitle( 'test entry 1', 'https://kbin.pub', null, null, $this->getUserByUsername('JaneDoe') ); $crawler = $this->client->request('GET', "/m/acme/t/{$entry->getId()}/test-entry-1"); $this->client->submit( $crawler->filter('#main .entry')->selectButton('Boost')->form([]) ); $crawler = $this->client->followRedirect(); $this->assertSelectorTextContains('#main .entry', 'Boost (1)'); $this->client->click($crawler->filter('#activity')->selectLink('Boosts (1)')->link()); $this->assertSelectorTextContains('#main .users-columns', 'JohnDoe'); } } ================================================ FILE: tests/Functional/Controller/Entry/EntryChangeAdultControllerTest.php ================================================ client->loginUser($this->getUserByUsername('JohnDoe')); $entry = $this->getEntryByTitle( 'test entry 1', 'https://kbin.pub', ); $crawler = $this->client->request('GET', "/m/acme/t/{$entry->getId()}/-/moderate"); $this->client->submit( $crawler->filter('.moderate-panel')->selectButton('Mark NSFW')->form([ 'adult' => 'on', ]) ); $this->client->followRedirect(); $this->assertSelectorTextContains('#main .entry .badge', '18+'); $crawler = $this->client->request('GET', "/m/acme/t/{$entry->getId()}/-/moderate"); $this->client->submit( $crawler->filter('.moderate-panel')->selectButton('Unmark NSFW')->form([ 'adult' => 'off', ]) ); $this->client->followRedirect(); $this->assertSelectorTextNotContains('#main .entry', '18+'); } } ================================================ FILE: tests/Functional/Controller/Entry/EntryChangeLangControllerTest.php ================================================ client->loginUser($this->getUserByUsername('JohnDoe')); $entry = $this->getEntryByTitle( 'test entry 1', 'https://kbin.pub', ); $crawler = $this->client->request('GET', "/m/acme/t/{$entry->getId()}/-/moderate"); $form = $crawler->filter('.moderate-panel')->selectButton('Change language')->form(); $this->assertSame($form['lang']['lang']->getValue(), 'en'); $form['lang']['lang']->select('fr'); $this->client->submit($form); $this->client->followRedirect(); $this->assertSelectorTextContains('#main .badge-lang', 'French'); } } ================================================ FILE: tests/Functional/Controller/Entry/EntryChangeMagazineControllerTest.php ================================================ getUserByUsername('JohnDoe'); $this->setAdmin($user); $this->client->loginUser($user); $this->getMagazineByName('kbin'); $entry = $this->getEntryByTitle( 'test entry 1', 'https://kbin.pub', ); $crawler = $this->client->request('GET', "/m/acme/t/{$entry->getId()}/-/moderate"); $this->client->submit( $crawler->filter('form[name=change_magazine]')->selectButton('Change magazine')->form( [ 'change_magazine[new_magazine]' => 'kbin', ] ) ); $this->client->followRedirect(); $this->client->followRedirect(); $this->assertSelectorTextContains('.head-title', 'kbin'); } public function testUnauthorizedUserCantChangeMagazine(): void { $this->client->loginUser($this->getUserByUsername('JohnDoe')); $this->getMagazineByName('kbin'); $entry = $this->getEntryByTitle( 'test entry 1', 'https://kbin.pub', ); $this->client->request('GET', "/m/acme/t/{$entry->getId()}/-/moderate"); $this->assertSelectorTextNotContains('.moderate-panel', 'Change magazine'); } } ================================================ FILE: tests/Functional/Controller/Entry/EntryCreateControllerTest.php ================================================ kibbyPath = \dirname(__FILE__, 4).'/assets/kibby_emoji.png'; } public function testUserCanCreateEntry() { $this->client->loginUser($this->getUserByUsername('user')); $this->client->request('GET', '/m/acme/new_entry'); $this->assertSelectorExists('form[name=entry]'); } public function testUserCanCreateEntryLinkFromMagazinePage(): void { $this->client->loginUser($this->getUserByUsername('user')); $this->getMagazineByName('acme'); $crawler = $this->client->request('GET', '/m/acme/new_entry'); $this->client->submit( $crawler->filter('form[name=entry]')->selectButton('Add new thread')->form( [ 'entry[url]' => 'https://kbin.pub', 'entry[title]' => 'Test entry 1', 'entry[body]' => 'Test body', ] ) ); $this->assertResponseRedirects('/m/acme/default/newest'); $this->client->followRedirect(); $this->assertSelectorTextContains('article h2', 'Test entry 1'); } public function testUserCanCreateEntryArticleFromMagazinePage() { $this->client->loginUser($this->getUserByUsername('user')); $this->getMagazineByName('acme'); $crawler = $this->client->request('GET', '/m/acme/new_entry'); $this->client->submit( $crawler->filter('form[name=entry]')->selectButton('Add new thread')->form( [ 'entry[title]' => 'Test entry 1', 'entry[body]' => 'Test body', ] ) ); $this->assertResponseRedirects('/m/acme/default/newest'); $this->client->followRedirect(); $this->assertSelectorTextContains('article h2', 'Test entry 1'); } #[Group(name: 'NonThreadSafe')] public function testUserCanCreateEntryPhotoFromMagazinePage() { $this->client->loginUser($this->getUserByUsername('user')); $this->getMagazineByName('acme'); $repository = $this->entryRepository; $crawler = $this->client->request('GET', '/m/acme/new_entry'); $this->assertSelectorExists('form[name=entry]'); $form = $crawler->filter('#main form[name=entry]')->selectButton('Add new thread')->form([ 'entry[title]' => 'Test image 1', 'entry[image]' => $this->kibbyPath, ]); // Needed since we require this global to be set when validating entries but the client doesn't actually set it $_FILES = $form->getPhpFiles(); $this->client->submit($form); $this->assertResponseRedirects('/m/acme/default/newest'); $crawler = $this->client->followRedirect(); $this->assertSelectorTextContains('article h2', 'Test image 1'); $this->assertSelectorExists('figure img'); $imgSrc = $crawler->filter('figure img.thumb-subject')->getNode(0)->attributes->getNamedItem('src')->textContent; $this->assertStringContainsString(self::KIBBY_PNG_URL_RESULT, $imgSrc); $user = $this->getUserByUsername('user'); $entry = $repository->findOneBy(['user' => $user]); $this->assertNotNull($entry); $this->assertNotNull($entry->image); $this->assertStringContainsString(self::KIBBY_PNG_URL_RESULT, $entry->image->filePath); $_FILES = []; } public function testUserCanCreateEntryArticleForAdults() { $this->client->loginUser($this->getUserByUsername('user', hideAdult: false)); $this->getMagazineByName('acme'); $crawler = $this->client->request('GET', '/m/acme/new_entry'); $this->client->submit( $crawler->filter('form[name=entry]')->selectButton('Add new thread')->form( [ 'entry[title]' => 'Test entry 1', 'entry[body]' => 'Test body', 'entry[isAdult]' => '1', ] ) ); $this->assertResponseRedirects('/m/acme/default/newest'); $this->client->followRedirect(); $this->assertSelectorTextContains('article h2', 'Test entry 1'); $this->assertSelectorTextContains('article h2 .danger', '18+'); } public function testPresetValues() { $this->client->loginUser($this->getUserByUsername('user', hideAdult: false)); $this->getMagazineByName('acme'); $crawler = $this->client->request('GET', '/m/acme/new_entry?' .'title=test' .'&url='.urlencode('https://example.com#title') .'&body='.urlencode("**Test**\nbody") .'&imageAlt=alt' .'&isNsfw=1' .'&isOc=1' .'&tags[]=1&tags[]=2' ); $this->assertFormValue('form[name=entry]', 'entry[title]', 'test'); $this->assertFormValue('form[name=entry]', 'entry[url]', 'https://example.com#title'); $this->assertFormValue('form[name=entry]', 'entry[body]', "**Test**\nbody"); $this->assertFormValue('form[name=entry]', 'entry[imageAlt]', 'alt'); $this->assertFormValue('form[name=entry]', 'entry[isAdult]', '1'); $this->assertFormValue('form[name=entry]', 'entry[isOc]', '1'); $this->assertFormValue('form[name=entry]', 'entry[tags]', '1 2'); } public function testPresetImage() { $user = $this->getUserByUsername('user'); $this->client->loginUser($user); $magazine = $this->getMagazineByName('acme'); $imgEntry = $this->createEntry('img', $magazine, $user, imageDto: $this->getKibbyImageDto()); $imgHash = strtok($imgEntry->image->fileName, '.'); // this is necessary so the second entry is guaranteed to be newer than the first sleep(1); $crawler = $this->client->request('GET', '/m/acme/new_entry?' .'title=test' .'&imageHash='.$imgHash ); $this->client->submit($crawler->filter('form[name=entry]')->form()); $crawler = $this->client->followRedirect(); $this->assertSelectorTextContains('article h2', 'test'); $this->assertSelectorExists('figure img'); $imgSrc = $crawler->filter('figure img.thumb-subject')->getNode(0)->attributes->getNamedItem('src')->textContent; $this->assertStringContainsString(self::KIBBY_PNG_URL_RESULT, $imgSrc); } public function testPresetImageNotFound() { $user = $this->getUserByUsername('user'); $this->client->loginUser($user); $magazine = $this->getMagazineByName('acme'); $imgEntry = $this->createEntry('img', $magazine, $user, imageDto: $this->getKibbyImageDto()); $imgHash = strtok($imgEntry->image->fileName, '.'); $imgHash = substr($imgHash, 0, \strlen($imgHash) - 1).'0'; // this is necessary so the second entry is guaranteed to be newer than the first sleep(1); $crawler = $this->client->request('GET', '/m/acme/new_entry?' .'title=test' .'&imageHash='.$imgHash ); $this->assertSelectorTextContains('.alert.alert__danger', 'The image referenced by \'imageHash\' could not be found.'); } } ================================================ FILE: tests/Functional/Controller/Entry/EntryDeleteControllerTest.php ================================================ getUserByUsername('user'); $magazine = $this->getMagazineByName('acme'); $entry = $this->getEntryByTitle('deletion test', body: 'will be deleted', magazine: $magazine, user: $user); $this->client->loginUser($user); $crawler = $this->client->request('GET', '/m/acme'); $this->assertSelectorExists('form[action$="delete"]'); $this->client->submit( $crawler->filter('form[action$="delete"]')->selectButton('Delete')->form() ); $this->assertResponseRedirects(); } public function testUserCanSoftDeleteEntry() { $user = $this->getUserByUsername('user'); $magazine = $this->getMagazineByName('acme'); $entry = $this->getEntryByTitle('deletion test', body: 'will be deleted', magazine: $magazine, user: $user); $comment = $this->createEntryComment('only softly', $entry, $user); $this->client->loginUser($user); $crawler = $this->client->request('GET', '/m/acme'); $this->assertSelectorExists('form[action$="delete"]'); $this->client->submit( $crawler->filter('form[action$="delete"]')->selectButton('Delete')->form() ); $this->assertResponseRedirects(); $this->client->request('GET', "/m/acme/t/{$entry->getId()}/deletion-test"); $translator = $this->translator; $this->assertSelectorTextContains("#entry-{$entry->getId()} header", $translator->trans('deleted_by_author')); } } ================================================ FILE: tests/Functional/Controller/Entry/EntryEditControllerTest.php ================================================ client->loginUser($this->getUserByUsername('JohnDoe')); $entry = $this->getEntryByTitle('test entry 1', 'https://kbin.pub'); $crawler = $this->client->request('GET', "/m/acme/t/{$entry->getId()}/test-entry-1"); $crawler = $this->client->click($crawler->filter('#main .entry')->selectLink('Edit')->link()); $this->assertSelectorExists('#main .entry_edit'); $this->assertInputValueSame('entry_edit[url]', 'https://kbin.pub'); $this->assertEquals('disabled', $crawler->filter('#entry_edit_magazine')->attr('disabled')); $this->client->submit( $crawler->filter('form[name=entry_edit]')->selectButton('Edit thread')->form( [ 'entry_edit[title]' => 'test entry 2 title', 'entry_edit[body]' => 'test entry 2 body', ] ) ); $this->client->followRedirect(); $this->assertSelectorTextContains('#main .entry header', 'test entry 2 title'); $this->assertSelectorTextContains('#main .entry .entry__body', 'test entry 2 body'); } public function testAuthorCanEditOwnEntryArticle(): void { $this->client->loginUser($this->getUserByUsername('JohnDoe')); $entry = $this->getEntryByTitle('test entry 1', null, 'entry content test entry 1'); $crawler = $this->client->request('GET', "/m/acme/t/{$entry->getId()}/test-entry-1"); $crawler = $this->client->click($crawler->filter('#main .entry')->selectLink('Edit')->link()); $this->assertSelectorExists('#main .entry_edit'); $this->assertEquals('disabled', $crawler->filter('#entry_edit_magazine')->attr('disabled')); $this->client->submit( $crawler->filter('form[name=entry_edit]')->selectButton('Edit thread')->form( [ 'entry_edit[title]' => 'test entry 2 title', 'entry_edit[body]' => 'test entry 2 body', ] ) ); $this->client->followRedirect(); $this->assertSelectorTextContains('#main .entry header', 'test entry 2 title'); $this->assertSelectorTextContains('#main .entry .entry__body', 'test entry 2 body'); } #[Group(name: 'NonThreadSafe')] public function testAuthorCanEditOwnEntryImage(): void { $this->client->loginUser($this->getUserByUsername('JohnDoe')); $imageDto = $this->getKibbyImageDto(); $entry = $this->getEntryByTitle('test entry 1', image: $imageDto); $crawler = $this->client->request('GET', "/m/acme/t/{$entry->getId()}/test-entry-1"); $this->assertResponseIsSuccessful(); $crawler = $this->client->click($crawler->filter('#main .entry')->selectLink('Edit')->link()); $this->assertResponseIsSuccessful(); $this->assertSelectorExists('#main .entry_edit'); $this->assertSelectorExists('#main .entry_edit img'); $node = $crawler->selectImage('kibby')->getNode(0); $this->assertNotNull($node); $this->assertStringContainsString($imageDto->filePath, $node->attributes->getNamedItem('src')->textContent); $this->assertEquals('disabled', $crawler->filter('#entry_edit_magazine')->attr('disabled')); $this->client->submit( $crawler->filter('form[name=entry_edit]')->selectButton('Edit thread')->form( [ 'entry_edit[title]' => 'test entry 2 title', ] ) ); $crawler = $this->client->followRedirect(); $this->assertSelectorTextContains('#main .entry header', 'test entry 2 title'); $this->assertSelectorExists('#main .entry img'); $node = $crawler->selectImage('kibby')->getNode(0); $this->assertNotNull($node); $this->assertStringContainsString($imageDto->filePath, $node->attributes->getNamedItem('src')->textContent); } } ================================================ FILE: tests/Functional/Controller/Entry/EntryFrontControllerTest.php ================================================ client = $this->prepareEntries(); $this->client->request('GET', '/'); $this->assertSelectorTextContains('h1', 'Hot'); $crawler = $this->client->request('GET', '/newest'); $this->assertSelectorTextContains('.entry__meta', 'JohnDoe'); $this->assertSelectorTextContains('.entry__meta', 'to acme'); $this->assertcount(2, $crawler->filter('.entry')); foreach ($this->getSortOptions() as $sortOption) { $crawler = $this->client->click($crawler->filter('.options__filter')->selectLink($sortOption)->link()); $this->assertSelectorTextContains('.options__filter', $sortOption); $this->assertSelectorTextContains('h1', ucfirst($sortOption)); } } public function testXmlRootPage(): void { $this->getEntryByTitle('test entry 1', 'https://kbin.pub'); $this->client->setServerParameter('HTTP_X-Requested-With', 'XMLHttpRequest'); $this->client->request('GET', '/'); $this->assertStringContainsString('{"html":', $this->client->getResponse()->getContent()); } public function testXmlRootPageIsFrontPage(): void { $this->getEntryByTitle('test entry 1', 'https://kbin.pub'); $this->client->setServerParameter('HTTP_X-Requested-With', 'XMLHttpRequest'); $this->client->request('GET', '/'); $root_content = self::removeTimeElements($this->clearTokens($this->client->getResponse()->getContent())); $this->client->request('GET', '/all'); $frontContent = self::removeTimeElements($this->clearTokens($this->client->getResponse()->getContent())); $this->assertSame($root_content, $frontContent); } public function testFrontPage(): void { $this->client = $this->prepareEntries(); $this->client->request('GET', '/all'); $this->assertSelectorTextContains('h1', 'Hot'); $crawler = $this->client->request('GET', '/all/newest'); $this->assertSelectorTextContains('.entry__meta', 'JohnDoe'); $this->assertSelectorTextContains('.entry__meta', 'to acme'); $this->assertcount(2, $crawler->filter('.entry')); foreach ($this->getSortOptions() as $sortOption) { $crawler = $this->client->click($crawler->filter('.options__filter')->selectLink($sortOption)->link()); $this->assertSelectorTextContains('.options__filter', $sortOption); $this->assertSelectorTextContains('h1', ucfirst($sortOption)); } } public function testXmlFrontPage(): void { $this->getEntryByTitle('test entry 1', 'https://kbin.pub'); $this->client->setServerParameter('HTTP_X-Requested-With', 'XMLHttpRequest'); $this->client->request('GET', '/all'); $this->assertStringContainsString('{"html":', $this->client->getResponse()->getContent()); } public function testMagazinePage(): void { $this->client = $this->prepareEntries(); $this->client->request('GET', '/m/acme'); $this->assertSelectorTextContains('h2', 'Hot'); $this->client->request('GET', '/m/ACME'); $this->assertSelectorTextContains('h2', 'Hot'); $crawler = $this->client->request('GET', '/m/acme/threads/newest'); $this->assertSelectorTextContains('.entry__meta', 'JohnDoe'); $this->assertSelectorTextNotContains('.entry__meta', 'to acme'); $this->assertSelectorTextContains('.head-title', '/m/acme'); $this->assertSelectorTextContains('#sidebar .magazine', 'acme'); $this->assertSelectorTextContains('#header .active', 'Threads'); $this->assertcount(1, $crawler->filter('.entry')); foreach ($this->getSortOptions() as $sortOption) { $crawler = $this->client->click($crawler->filter('.options__filter')->selectLink($sortOption)->link()); $this->assertSelectorTextContains('.options__filter', $sortOption); $this->assertSelectorTextContains('h1', 'acme'); $this->assertSelectorTextContains('h2', ucfirst($sortOption)); } } public function testXmlMagazinePage(): void { $this->getEntryByTitle('test entry 1', 'https://kbin.pub'); $this->client->setServerParameter('HTTP_X-Requested-With', 'XMLHttpRequest'); $this->client->request('GET', '/m/acme/newest'); self::assertResponseIsSuccessful(); $this->assertStringContainsString('{"html":', $this->client->getResponse()->getContent()); } public function testSubPage(): void { $this->client = $this->prepareEntries(); $magazineManager = $this->client->getContainer()->get(MagazineManager::class); $magazineManager->subscribe($this->getMagazineByName('acme'), $this->getUserByUsername('Actor')); $this->client->loginUser($this->getUserByUsername('Actor')); $this->client->request('GET', '/sub'); $this->assertSelectorTextContains('h1', 'Hot'); $crawler = $this->client->request('GET', '/sub/threads/newest'); $this->assertSelectorTextContains('.entry__meta', 'JohnDoe'); $this->assertSelectorTextContains('.entry__meta', 'to acme'); $this->assertSelectorTextContains('.head-title', '/sub'); $this->assertSelectorTextContains('#header .active', 'Threads'); $this->assertcount(1, $crawler->filter('.entry')); foreach ($this->getSortOptions() as $sortOption) { $crawler = $this->client->click($crawler->filter('.options__filter')->selectLink($sortOption)->link()); $this->assertSelectorTextContains('.options__filter', $sortOption); $this->assertSelectorTextContains('h1', ucfirst($sortOption)); } } public function testXmlSubPage(): void { $this->getEntryByTitle('test entry 1', 'https://kbin.pub'); $magazineManager = $this->client->getContainer()->get(MagazineManager::class); $magazineManager->subscribe($this->getMagazineByName('acme'), $this->getUserByUsername('Actor')); $this->client->loginUser($this->getUserByUsername('Actor')); $this->client->setServerParameter('HTTP_X-Requested-With', 'XMLHttpRequest'); $this->client->request('GET', '/sub'); $this->assertStringContainsString('{"html":', $this->client->getResponse()->getContent()); } public function testModPage(): void { $this->client = $this->prepareEntries(); $admin = $this->getUserByUsername('admin', isAdmin: true); $magazineManager = $this->client->getContainer()->get(MagazineManager::class); $moderator = new ModeratorDto($this->getMagazineByName('acme')); $moderator->user = $this->getUserByUsername('Actor'); $moderator->addedBy = $admin; $magazineManager->addModerator($moderator); $this->client->loginUser($this->getUserByUsername('Actor')); $this->client->request('GET', '/mod'); $this->assertSelectorTextContains('h1', 'Hot'); $crawler = $this->client->request('GET', '/mod/threads/newest'); $this->assertSelectorTextContains('.entry__meta', 'JohnDoe'); $this->assertSelectorTextContains('.entry__meta', 'to acme'); $this->assertSelectorTextContains('.head-title', '/mod'); $this->assertSelectorTextContains('#header .active', 'Threads'); $this->assertcount(1, $crawler->filter('.entry')); foreach ($this->getSortOptions() as $sortOption) { $crawler = $this->client->click($crawler->filter('.options__filter')->selectLink($sortOption)->link()); $this->assertSelectorTextContains('.options__filter', $sortOption); $this->assertSelectorTextContains('h1', ucfirst($sortOption)); } } public function testXmlModPage(): void { $admin = $this->getUserByUsername('admin', isAdmin: true); $this->getEntryByTitle('test entry 1', 'https://kbin.pub'); $magazineManager = $this->client->getContainer()->get(MagazineManager::class); $moderator = new ModeratorDto($this->getMagazineByName('acme')); $moderator->user = $this->getUserByUsername('Actor'); $moderator->addedBy = $admin; $magazineManager->addModerator($moderator); $this->client->loginUser($this->getUserByUsername('Actor')); $this->client->setServerParameter('HTTP_X-Requested-With', 'XMLHttpRequest'); $this->client->request('GET', '/mod'); $this->assertStringContainsString('{"html":', $this->client->getResponse()->getContent()); } public function testFavPage(): void { $this->client = $this->prepareEntries(); $favouriteManager = $this->favouriteManager; $favouriteManager->toggle( $this->getUserByUsername('Actor'), $this->getEntryByTitle('test entry 1', 'https://kbin.pub') ); $this->client->loginUser($this->getUserByUsername('Actor')); $this->client->request('GET', '/fav'); $this->assertSelectorTextContains('h1', 'Hot'); $crawler = $this->client->request('GET', '/fav/threads/newest'); $this->assertSelectorTextContains('.entry__meta', 'JaneDoe'); $this->assertSelectorTextContains('.entry__meta', 'to kbin'); $this->assertSelectorTextContains('.head-title', '/fav'); $this->assertSelectorTextContains('#header .active', 'Threads'); $this->assertcount(1, $crawler->filter('.entry')); foreach ($this->getSortOptions() as $sortOption) { $crawler = $this->client->click($crawler->filter('.options__filter')->selectLink($sortOption)->link()); $this->assertSelectorTextContains('.options__filter', $sortOption); $this->assertSelectorTextContains('h1', ucfirst($sortOption)); } } public function testXmlFavPage(): void { $this->getEntryByTitle('test entry 1', 'https://kbin.pub'); $favouriteManager = $this->favouriteManager; $favouriteManager->toggle( $this->getUserByUsername('Actor'), $this->getEntryByTitle('test entry 1', 'https://kbin.pub') ); $this->client->loginUser($this->getUserByUsername('Actor')); $this->client->setServerParameter('HTTP_X-Requested-With', 'XMLHttpRequest'); $this->client->request('GET', '/fav'); $this->assertStringContainsString('{"html":', $this->client->getResponse()->getContent()); } public function testCustomDefaultSort(): void { $older = $this->getEntryByTitle('Older entry'); $older->createdAt = new \DateTimeImmutable('now - 1 day'); $older->updateRanking(); $this->entityManager->flush(); $newer = $this->getEntryByTitle('Newer entry'); $comment = $this->createEntryComment('someone was here', entry: $older); self::assertGreaterThan($older->getRanking(), $newer->getRanking()); $user = $this->getUserByUsername('user'); $user->frontDefaultSort = ESortOptions::Newest->value; $this->entityManager->flush(); $this->client->loginUser($user); $crawler = $this->client->request('GET', '/'); self::assertResponseIsSuccessful(); self::assertSelectorTextContains('.options__filter button', $this->translator->trans(ESortOptions::Newest->value)); $iterator = $crawler->filter('#content div')->children()->getIterator(); /** @var \DOMElement $firstNode */ $firstNode = $iterator->current(); $firstId = $firstNode->attributes->getNamedItem('id')->nodeValue; self::assertEquals("entry-{$newer->getId()}", $firstId); $iterator->next(); $secondNode = $iterator->current(); $secondId = $secondNode->attributes->getNamedItem('id')->nodeValue; self::assertEquals("entry-{$older->getId()}", $secondId); $user->frontDefaultSort = ESortOptions::Commented->value; $this->entityManager->flush(); $crawler = $this->client->request('GET', '/'); self::assertResponseIsSuccessful(); self::assertSelectorTextContains('.options__filter button', $this->translator->trans(ESortOptions::Commented->value)); $iterator = $crawler->filter('#content div')->children()->getIterator(); /** @var \DOMElement $firstNode */ $firstNode = $iterator->current(); $firstId = $firstNode->attributes->getNamedItem('id')->nodeValue; self::assertEquals("entry-{$older->getId()}", $firstId); $iterator->next(); $secondNode = $iterator->current(); $secondId = $secondNode->attributes->getNamedItem('id')->nodeValue; self::assertEquals("entry-{$newer->getId()}", $secondId); } private function prepareEntries(): KernelBrowser { $older = $this->getEntryByTitle( 'test entry 1', 'https://kbin.pub', null, $this->getMagazineByName('kbin', $this->getUserByUsername('JaneDoe')), $this->getUserByUsername('JaneDoe') ); $older->createdAt = new \DateTimeImmutable('now - 1 minute'); $this->getEntryByTitle('test entry 2', 'https://kbin.pub'); return $this->client; } private function getSortOptions(): array { return ['Top', 'Hot', 'Newest', 'Active', 'Commented']; } private function clearTokens(string $responseContent): string { return preg_replace( '#name="token" value=".+"#', '', json_decode($responseContent, true, 512, JSON_THROW_ON_ERROR), )['html']; } private function clearDateTimes(string $responseContent): string { return preg_replace( '/