Skip to content
GitLab
Menu
Projects
Groups
Snippets
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
Menu
Open sidebar
Comptoir
Comptoir-srv
Commits
61713bca
Commit
61713bca
authored
Mar 30, 2021
by
Fabrice Gangler
🎨
Browse files
FIX(user website): allow only a valid URL with HTTP scheme
parent
c7cd3a0e
Pipeline
#13550
passed with stage
in 5 minutes and 46 seconds
Changes
7
Pipelines
4
Hide whitespace changes
Inline
Side-by-side
src/Model/Table/UsersTable.php
View file @
61713bca
...
...
@@ -521,8 +521,20 @@ class UsersTable extends Table
$validator
->
allowEmpty
(
'logo_directory'
);
// URL field: allow only a valid URL with HTTP scheme ('https://' or 'http://')
$validator
->
allowEmpty
(
'url'
);
->
allowEmpty
(
'url'
)
->
add
(
'url'
,
[
'validUrlFormat'
=>
[
'rule'
=>
array
(
'url'
),
'last'
=>
true
,
'message'
=>
'Please enter a valid URL'
],
'isHttpProtocol'
=>
[
'rule'
=>
array
(
'custom'
,
'/^(http|https)(:\/\/)/i'
),
'message'
=>
'Please enter a valid URL'
]
]);
$validator
->
allowEmpty
(
'description'
);
...
...
tests/Acceptance/RoleAdminCheckActionsCest.php
View file @
61713bca
...
...
@@ -189,7 +189,7 @@ class RoleAdminCheckActionsCest
$I
->
submitForm
(
'#editInformationAccountForm'
,
[
'url'
=>
'http://
localhost
:8080/users/91'
,
'url'
=>
'http://
example.com
:8080/users/91'
,
'description'
=>
'person'
,
]
);
...
...
@@ -226,7 +226,7 @@ class RoleAdminCheckActionsCest
$I
->
submitForm
(
'#editInformationAccountForm'
,
[
'url'
=>
'http://
localhost
:8080/users/91'
,
'url'
=>
'http://
example.com
:8080/users/91'
,
'description'
=>
'person'
,
'role'
=>
'newRole'
]
...
...
tests/Acceptance/UserAdministrationCheckActionsCest.php
View file @
61713bca
...
...
@@ -359,7 +359,7 @@ class UserAdministrationCheckActionsCest
private
function
commonEditeUserAccount
(
AcceptanceTester
$I
,
string
$username
=
''
)
{
$updateData
=
[
'url'
=>
'http://
localhost
:8080/users/284'
,
'url'
=>
'http://
example.com
:8080/users/284'
,
'description'
=>
'administration'
,
];
$checkNewName
=
false
;
...
...
tests/Acceptance/UserAssociationCheckActionsCest.php
View file @
61713bca
...
...
@@ -222,7 +222,7 @@ class UserAssociationCheckActionsCest
$I
->
submitForm
(
'#editInformationAccountForm'
,
[
'url'
=>
'http://
localhost
:8080/users/287'
,
'url'
=>
'http://
example.com
:8080/users/287'
,
'description'
=>
'association'
,
]
);
...
...
tests/Acceptance/UserPersonCheckActionsCest.php
View file @
61713bca
...
...
@@ -224,7 +224,7 @@ class UserPersonCheckActionsCest
$I
->
submitForm
(
'#editInformationAccountForm'
,
[
'url'
=>
'http://
localhost
:8080/users/285'
,
'url'
=>
'http://
example.com
:8080/users/285'
,
'description'
=>
'person'
,
]
);
...
...
@@ -261,7 +261,7 @@ class UserPersonCheckActionsCest
$I
->
submitForm
(
'#editInformationAccountForm'
,
[
'url'
=>
'http://
localhost
:8080/users/285'
,
'url'
=>
'http://
example.com
:8080/users/285'
,
'description'
=>
'person'
,
'role'
=>
'admin'
]
...
...
tests/Acceptance/UserProviderCheckActionsCest.php
View file @
61713bca
...
...
@@ -130,7 +130,7 @@ class UserProviderCheckActionsCest
$I
->
submitForm
(
'#editInformationAccountForm'
,
[
'url'
=>
'http://
localhost
:8080/users/286'
,
'url'
=>
'http://
example.com
:8080/users/286'
,
'description'
=>
'service provider'
,
]
);
...
...
tests/TestCase/Controller/Api/V1/UsersControllerTest.php
View file @
61713bca
...
...
@@ -94,7 +94,17 @@ class UsersControllerTest extends ApiIntegrationTestCase
],
"url"
=>
[
"presenceRequired"
=>
false
,
"allowEmpty"
=>
true
"allowEmpty"
=>
true
,
"validUrlFormat"
=>
[
"rule"
=>
'url'
,
"message"
=>
"Please enter a valid URL"
,
"limit"
=>
null
],
"isHttpProtocol"
=>
[
"rule"
=>
'custom'
,
"message"
=>
"Please enter a valid URL"
,
"limit"
=>
"/^(http|https)(:\/\/)/i"
],
],
"description"
=>
[
"presenceRequired"
=>
false
,
...
...
@@ -211,7 +221,7 @@ class UsersControllerTest extends ApiIntegrationTestCase
$emailFixture1
=
'bob_'
.
mt_rand
()
.
'@example.com'
;
$userFixture1
=
[
'username'
=>
'Bob'
,
'url'
=>
'
url
'
,
'url'
=>
'
http://example.com
'
,
'user_type_id'
=>
1
,
'description'
=>
'A description'
,
'role'
=>
'user'
,
...
...
@@ -371,7 +381,7 @@ class UsersControllerTest extends ApiIntegrationTestCase
$user
=
[
'username'
=>
'Toto'
,
'logo_directory'
=>
''
,
'url'
=>
'
url
'
,
'url'
=>
'
http://example.com
'
,
'user_type_id'
=>
1
,
'description'
=>
'A description'
,
'role'
=>
'admin'
,
...
...
@@ -411,6 +421,144 @@ class UsersControllerTest extends ApiIntegrationTestCase
// );
}
/**
* Test add method with empty URL field
* @return void
*/
public
function
testAddWithEmptyUrlField
()
{
$email
=
'toto_'
.
mt_rand
()
.
'@adullact.org'
;
$user
=
[
'username'
=>
'Toto'
,
'logo_directory'
=>
''
,
'url'
=>
''
,
'user_type_id'
=>
1
,
'description'
=>
'A description'
,
'role'
=>
'admin'
,
'password'
=>
'passwd'
,
'confirm_password'
=>
'passwd'
,
'email'
=>
$email
,
'photo'
=>
$this
->
correctFile
,
];
// Cheking that the user does not exist in the database before creating it.
$this
->
assertEquals
(
0
,
$this
->
Users
->
find
()
->
where
([
'email'
=>
$email
])
->
count
());
$this
->
post
(
'api/v1/users.json'
,
$user
);
// Vérifie que le code de réponse est 200
$this
->
assertResponseOk
();
$this
->
assertContains
(
"Success"
,
$this
->
_response
->
body
());
// Cheking that the user now exists in the database and grab it's ID.
$this
->
assertEventFired
(
'Model.User.created'
,
$this
->
Users
->
eventManager
());
$this
->
assertEquals
(
1
,
$this
->
Users
->
find
()
->
where
([
'email'
=>
$email
])
->
count
());
}
/**
* Test add method with valid Url formats
* @return void
*/
public
function
testAddWithvalidUrlFormat
()
{
$validUrls
=
[
"http://example.com"
,
"https://example.com"
,
"http://example.com:8080"
,
"http://www.example.com"
,
"http://www.example.com/dir/page.html"
,
"http://dev.local"
,
"http://dev.local:8080"
,
"http://dev.local:8080/dir/page.html"
,
];
foreach
(
$validUrls
as
$url
)
{
$email
=
'toto_'
.
mt_rand
()
.
'@adullact.org'
;
$user
=
[
'username'
=>
'Toto_'
.
mt_rand
(),
'logo_directory'
=>
''
,
'url'
=>
"
$url
"
,
'user_type_id'
=>
1
,
'description'
=>
'A description'
,
'role'
=>
'admin'
,
'password'
=>
'passwd'
,
'confirm_password'
=>
'passwd'
,
'email'
=>
$email
,
'photo'
=>
$this
->
correctFile
,
];
// Cheking that the user does not exist in the database before creating it.
$this
->
assertEquals
(
0
,
$this
->
Users
->
find
()
->
where
([
'email'
=>
$email
])
->
count
());
// Send data and check for success message
$this
->
post
(
'api/v1/users.json'
,
$user
);
$this
->
assertResponseOk
();
$this
->
assertEquals
(
'application/json; charset=UTF-8'
,
$this
->
_response
->
header
()[
'Content-Type'
]);
$objJson
=
json_decode
(
$this
->
_response
->
body
());
$this
->
assertObjectNotHasAttribute
(
'errors'
,
$objJson
);
$this
->
assertObjectHasAttribute
(
'message'
,
$objJson
);
$this
->
assertEquals
(
'Success'
,
$objJson
->
message
);
// Cheking that the user now exists in the database
$this
->
assertEventFired
(
'Model.User.created'
,
$this
->
Users
->
eventManager
());
$this
->
assertEquals
(
1
,
$this
->
Users
->
find
()
->
where
([
'email'
=>
$email
])
->
count
());
}
}
/**
* Test add method with invalid Url formats
* @return void
*/
public
function
testAddFailWithInvalidUrlFormat
()
{
$invalidUrls
=
[
// invalidUrl => error type
"http://notvaliddomain"
=>
"validUrlFormat"
,
"http://notvaliddomain.t3"
=>
"validUrlFormat"
,
"http://notvaliddomain.t"
=>
"validUrlFormat"
,
"http://localhost/"
=>
"validUrlFormat"
,
"http://localhost/dir/page.html"
=>
"validUrlFormat"
,
"example.com"
=>
"isHttpProtocol"
,
"www.example.com"
=>
"isHttpProtocol"
,
"www.example.com/dir/page.html"
=>
"isHttpProtocol"
,
"ftp://example.com"
=>
"isHttpProtocol"
,
];
foreach
(
$invalidUrls
as
$invalidUrl
=>
$errorType
)
{
$email
=
'toto_'
.
mt_rand
()
.
'@adullact.org'
;
$user
=
[
'username'
=>
'Toto_'
.
mt_rand
(),
'logo_directory'
=>
''
,
'url'
=>
"
$invalidUrl
"
,
'user_type_id'
=>
1
,
'description'
=>
'A description'
,
'role'
=>
'admin'
,
'password'
=>
'passwd'
,
'confirm_password'
=>
'passwd'
,
'email'
=>
$email
,
'photo'
=>
$this
->
correctFile
,
];
// Cheking that the user does not exist in the database before creating it.
$this
->
assertEquals
(
0
,
$this
->
Users
->
find
()
->
where
([
'email'
=>
$email
])
->
count
());
// Send data and check for error message
$this
->
post
(
'api/v1/users.json'
,
$user
);
$this
->
assertResponseOk
();
$this
->
assertEquals
(
'application/json; charset=UTF-8'
,
$this
->
_response
->
header
()[
'Content-Type'
]);
$objJson
=
json_decode
(
$this
->
_response
->
body
());
$this
->
assertObjectHasAttribute
(
'message'
,
$objJson
);
$this
->
assertObjectHasAttribute
(
'errors'
,
$objJson
);
$this
->
assertObjectHasAttribute
(
'url'
,
$objJson
->
errors
);
$this
->
assertObjectHasAttribute
(
"
$errorType
"
,
$objJson
->
errors
->
url
);
$this
->
assertEquals
(
'Error'
,
$objJson
->
message
);
$this
->
assertEquals
(
'Please enter a valid URL'
,
$objJson
->
errors
->
url
->
{
$errorType
});
// Check that user does not exist in the database and that creation of user has failed
$this
->
assertEquals
(
0
,
$this
->
Users
->
find
()
->
where
([
'email'
=>
$email
])
->
count
());
}
}
/**
* Test add method using a wrong image
* Should return an array of errors containing all errors for the photo's field
...
...
@@ -422,7 +570,7 @@ class UsersControllerTest extends ApiIntegrationTestCase
$user
=
[
'username'
=>
'Toto'
,
'logo_directory'
=>
''
,
'url'
=>
'
url
'
,
'url'
=>
'
http://example.com
'
,
'user_type_id'
=>
1
,
'description'
=>
'A description'
,
'role'
=>
'User'
,
...
...
@@ -474,7 +622,7 @@ class UsersControllerTest extends ApiIntegrationTestCase
$user
=
[
'username'
=>
'Toto'
,
'logo_directory'
=>
''
,
'url'
=>
'
url
'
,
'url'
=>
'
http://example.com
'
,
'user_type_id'
=>
1
,
'description'
=>
'A description'
,
'role'
=>
'admin'
,
...
...
@@ -525,7 +673,7 @@ class UsersControllerTest extends ApiIntegrationTestCase
$user
=
[
'username'
=>
'Administration'
,
'logo_directory'
=>
''
,
'url'
=>
'
url
'
,
'url'
=>
'
http://example.com
'
,
'user_type_id'
=>
1
,
'description'
=>
'A description'
,
'role'
=>
'admin'
,
...
...
@@ -570,7 +718,7 @@ class UsersControllerTest extends ApiIntegrationTestCase
$user
=
[
'username'
=>
'Toto'
,
'logo_directory'
=>
''
,
'url'
=>
'
url
'
,
'url'
=>
'
http://example.com
'
,
'user_type_id'
=>
1
,
'description'
=>
'A description'
,
'role'
=>
'admin'
,
...
...
@@ -613,7 +761,7 @@ class UsersControllerTest extends ApiIntegrationTestCase
$user
=
[
'username'
=>
'Toto'
,
'logo_directory'
=>
''
,
'url'
=>
'
url
'
,
'url'
=>
'
http://example.com
'
,
'user_type_id'
=>
1
,
'description'
=>
'A description'
,
'role'
=>
'user'
,
...
...
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment