Skip to content

GitLab

Commit 61713bca authored by Fabrice Gangler's avatar Fabrice Gangler 🎨
Browse files

FIX(user website): allow only a valid URL with HTTP scheme

parent c7cd3a0e
Pipeline #13550 passed with stage
in 5 minutes and 46 seconds
Hide whitespace changes
Inline Side-by-side
Showing with 176 additions and 16 deletions
src/Model/Table/UsersTable.php
View file @ 61713bca
......@@ -521,8 +521,20 @@ class UsersTable extends Table
$validator
->allowEmpty('logo_directory');
// URL field: allow only a valid URL with HTTP scheme ('https://' or 'http://')
$validator
->allowEmpty('url');
->allowEmpty('url')
->add('url', [
'validUrlFormat' => [
'rule' => array('url'),
'last' => true,
'message' => 'Please enter a valid URL'
],
'isHttpProtocol' => [
'rule' => array('custom', '/^(http|https)(:\/\/)/i'),
'message' => 'Please enter a valid URL'
]
]);
$validator
->allowEmpty('description');
......
tests/Acceptance/RoleAdminCheckActionsCest.php
View file @ 61713bca
......@@ -189,7 +189,7 @@ class RoleAdminCheckActionsCest
$I->submitForm(
'#editInformationAccountForm',
[
'url' => 'http://localhost:8080/users/91',
'url' => 'http://example.com:8080/users/91',
'description' => 'person',
]
);
......@@ -226,7 +226,7 @@ class RoleAdminCheckActionsCest
$I->submitForm(
'#editInformationAccountForm',
[
'url' => 'http://localhost:8080/users/91',
'url' => 'http://example.com:8080/users/91',
'description' => 'person',
'role' => 'newRole'
]
......
tests/Acceptance/UserAdministrationCheckActionsCest.php
View file @ 61713bca
......@@ -359,7 +359,7 @@ class UserAdministrationCheckActionsCest
private function commonEditeUserAccount(AcceptanceTester $I, string $username = '')
{
$updateData = [
'url' => 'http://localhost:8080/users/284',
'url' => 'http://example.com:8080/users/284',
'description' => 'administration',
];
$checkNewName = false;
......
tests/Acceptance/UserAssociationCheckActionsCest.php
View file @ 61713bca
......@@ -222,7 +222,7 @@ class UserAssociationCheckActionsCest
$I->submitForm(
'#editInformationAccountForm',
[
'url' => 'http://localhost:8080/users/287',
'url' => 'http://example.com:8080/users/287',
'description' => 'association',
]
);
......
tests/Acceptance/UserPersonCheckActionsCest.php
View file @ 61713bca
......@@ -224,7 +224,7 @@ class UserPersonCheckActionsCest
$I->submitForm(
'#editInformationAccountForm',
[
'url' => 'http://localhost:8080/users/285',
'url' => 'http://example.com:8080/users/285',
'description' => 'person',
]
);
......@@ -261,7 +261,7 @@ class UserPersonCheckActionsCest
$I->submitForm(
'#editInformationAccountForm',
[
'url' => 'http://localhost:8080/users/285',
'url' => 'http://example.com:8080/users/285',
'description' => 'person',
'role' => 'admin'
]
......
tests/Acceptance/UserProviderCheckActionsCest.php
View file @ 61713bca
......@@ -130,7 +130,7 @@ class UserProviderCheckActionsCest
$I->submitForm(
'#editInformationAccountForm',
[
'url' => 'http://localhost:8080/users/286',
'url' => 'http://example.com:8080/users/286',
'description' => 'service provider',
]
);
......
tests/TestCase/Controller/Api/V1/UsersControllerTest.php
View file @ 61713bca
......@@ -94,7 +94,17 @@ class UsersControllerTest extends ApiIntegrationTestCase
],
"url" => [
"presenceRequired" => false,
"allowEmpty" => true
"allowEmpty" => true,
"validUrlFormat" => [
"rule" => 'url',
"message" => "Please enter a valid URL",
"limit" => null
],
"isHttpProtocol" => [
"rule" => 'custom',
"message" => "Please enter a valid URL",
"limit" => "/^(http|https)(:\/\/)/i"
],
],
"description" => [
"presenceRequired" => false,
......@@ -211,7 +221,7 @@ class UsersControllerTest extends ApiIntegrationTestCase
$emailFixture1 = 'bob_'. mt_rand().'@example.com';
$userFixture1 = [
'username' => 'Bob',
'url' => 'url',
'url' => 'http://example.com',
'user_type_id' => 1,
'description' => 'A description',
'role' => 'user',
......@@ -371,7 +381,7 @@ class UsersControllerTest extends ApiIntegrationTestCase
$user = [
'username' => 'Toto',
'logo_directory' => '',
'url' => 'url',
'url' => 'http://example.com',
'user_type_id' => 1,
'description' => 'A description',
'role' => 'admin',
......@@ -411,6 +421,144 @@ class UsersControllerTest extends ApiIntegrationTestCase
// );
}
/**
* Test add method with empty URL field
* @return void
*/
public function testAddWithEmptyUrlField()
{
$email = 'toto_'. mt_rand().'@adullact.org';
$user = [
'username' => 'Toto',
'logo_directory' => '',
'url' => '',
'user_type_id' => 1,
'description' => 'A description',
'role' => 'admin',
'password' => 'passwd',
'confirm_password' => 'passwd',
'email' => $email,
'photo' => $this->correctFile,
];
// Cheking that the user does not exist in the database before creating it.
$this->assertEquals(0, $this->Users->find()->where(['email' => $email])->count());
$this->post('api/v1/users.json', $user);
// Vérifie que le code de réponse est 200
$this->assertResponseOk();
$this->assertContains("Success", $this->_response->body());
// Cheking that the user now exists in the database and grab it's ID.
$this->assertEventFired('Model.User.created', $this->Users->eventManager());
$this->assertEquals(1, $this->Users->find()->where(['email' => $email])->count());
}
/**
* Test add method with valid Url formats
* @return void
*/
public function testAddWithvalidUrlFormat()
{
$validUrls = [
"http://example.com",
"https://example.com",
"http://example.com:8080",
"http://www.example.com",
"http://www.example.com/dir/page.html",
"http://dev.local",
"http://dev.local:8080",
"http://dev.local:8080/dir/page.html",
];
foreach ($validUrls as $url) {
$email = 'toto_'. mt_rand().'@adullact.org';
$user = [
'username' => 'Toto_'.mt_rand(),
'logo_directory' => '',
'url' => "$url",
'user_type_id' => 1,
'description' => 'A description',
'role' => 'admin',
'password' => 'passwd',
'confirm_password' => 'passwd',
'email' => $email,
'photo' => $this->correctFile,
];
// Cheking that the user does not exist in the database before creating it.
$this->assertEquals(0, $this->Users->find()->where(['email' => $email])->count());
// Send data and check for success message
$this->post('api/v1/users.json', $user);
$this->assertResponseOk();
$this->assertEquals('application/json; charset=UTF-8', $this->_response->header()['Content-Type']);
$objJson = json_decode($this->_response->body());
$this->assertObjectNotHasAttribute('errors', $objJson);
$this->assertObjectHasAttribute('message', $objJson);
$this->assertEquals('Success', $objJson->message);
// Cheking that the user now exists in the database
$this->assertEventFired('Model.User.created', $this->Users->eventManager());
$this->assertEquals(1, $this->Users->find()->where(['email' => $email])->count());
}
}
/**
* Test add method with invalid Url formats
* @return void
*/
public function testAddFailWithInvalidUrlFormat()
{
$invalidUrls = [ // invalidUrl => error type
"http://notvaliddomain" => "validUrlFormat",
"http://notvaliddomain.t3" => "validUrlFormat",
"http://notvaliddomain.t" => "validUrlFormat",
"http://localhost/" => "validUrlFormat",
"http://localhost/dir/page.html" => "validUrlFormat",
"example.com" => "isHttpProtocol",
"www.example.com" => "isHttpProtocol",
"www.example.com/dir/page.html" => "isHttpProtocol",
"ftp://example.com" => "isHttpProtocol",
];
foreach ($invalidUrls as $invalidUrl => $errorType) {
$email = 'toto_'. mt_rand().'@adullact.org';
$user = [
'username' => 'Toto_'.mt_rand(),
'logo_directory' => '',
'url' => "$invalidUrl",
'user_type_id' => 1,
'description' => 'A description',
'role' => 'admin',
'password' => 'passwd',
'confirm_password' => 'passwd',
'email' => $email,
'photo' => $this->correctFile,
];
// Cheking that the user does not exist in the database before creating it.
$this->assertEquals(0, $this->Users->find()->where(['email' => $email])->count());
// Send data and check for error message
$this->post('api/v1/users.json', $user);
$this->assertResponseOk();
$this->assertEquals('application/json; charset=UTF-8', $this->_response->header()['Content-Type']);
$objJson = json_decode($this->_response->body());
$this->assertObjectHasAttribute('message', $objJson);
$this->assertObjectHasAttribute('errors', $objJson);
$this->assertObjectHasAttribute('url', $objJson->errors);
$this->assertObjectHasAttribute("$errorType", $objJson->errors->url);
$this->assertEquals('Error', $objJson->message);
$this->assertEquals('Please enter a valid URL', $objJson->errors->url->{$errorType});
// Check that user does not exist in the database and that creation of user has failed
$this->assertEquals(0, $this->Users->find()->where(['email' => $email])->count());
}
}
/**
* Test add method using a wrong image
* Should return an array of errors containing all errors for the photo's field
......@@ -422,7 +570,7 @@ class UsersControllerTest extends ApiIntegrationTestCase
$user = [
'username' => 'Toto',
'logo_directory' => '',
'url' => 'url',
'url' => 'http://example.com',
'user_type_id' => 1,
'description' => 'A description',
'role' => 'User',
......@@ -474,7 +622,7 @@ class UsersControllerTest extends ApiIntegrationTestCase
$user = [
'username' => 'Toto',
'logo_directory' => '',
'url' => 'url',
'url' => 'http://example.com',
'user_type_id' => 1,
'description' => 'A description',
'role' => 'admin',
......@@ -525,7 +673,7 @@ class UsersControllerTest extends ApiIntegrationTestCase
$user = [
'username' => 'Administration',
'logo_directory' => '',
'url' => 'url',
'url' => 'http://example.com',
'user_type_id' => 1,
'description' => 'A description',
'role' => 'admin',
......@@ -570,7 +718,7 @@ class UsersControllerTest extends ApiIntegrationTestCase
$user = [
'username' => 'Toto',
'logo_directory' => '',
'url' => 'url',
'url' => 'http://example.com',
'user_type_id' => 1,
'description' => 'A description',
'role' => 'admin',
......@@ -613,7 +761,7 @@ class UsersControllerTest extends ApiIntegrationTestCase
$user = [
'username' => 'Toto',
'logo_directory' => '',
'url' => 'url',
'url' => 'http://example.com',
'user_type_id' => 1,
'description' => 'A description',
'role' => 'user',
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment