Commit dc090d53 authored by Fabrice Gangler's avatar Fabrice Gangler 🎨 Committed by Matthieu FAURE
Browse files

TEST(mapping): add some unit tests + refactor

Refs: 788
parent a7d21f10
Pipeline #8492 passed with stage
in 2 minutes and 21 seconds
......@@ -26,7 +26,11 @@ abstract class ApiIntegrationTestCase extends IntegrationTestCase
}
public function login($email, $password)
/////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
//// Set session for a anonymous, connected user and admin /////////////////////////////////////////////////////
/////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
final public function login($email, $password)
{
$this->post("users/login", ["email" => $email, "password" => $password]);
......@@ -37,104 +41,253 @@ abstract class ApiIntegrationTestCase extends IntegrationTestCase
]);
}
/**
* Set session for a anonymous user
*/
final protected function setAnonymousUserSession()
{
$this->_session = [];
$this->session([]);
}
/**
* Set session for a connected user
*/
final protected function setConnectedUserSession()
{
$this->_session = [];
$this->session([
'Auth' => [
'User' => [
'id' => 2,
"user_type_id" => 2,
"role" => 'User',
]
]
]);
}
/**
* Set session for a admin user
*/
final protected function setAdminSession()
{
$this->_session = [];
$this->session([
'Auth' => [
'User' => [
'id' => 2,
"user_type_id" => 2,
"role" => 'admin',
]
]
]);
}
/////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
//// Common URL tests: codes HTTP 200, 302, 301, 404 and 403 /////////////////////////////////////////////////////
/////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
/**
* To be used when the HTTP GET request
* is allowed for the URL ---> HTTP code 200
* - format HTML ----> $url
* - format JSON ----> $url.'.json'
* Checking if a URL retun a HTTP code 200 "Found"
*
* return [ 'html' => [ 'headers' => $htmlHeaders,
'data' => $html ],
'json' => [ 'headers' => $jsonHeaders,
'data' => $json,
'obj' => $objJson ]]
* For each requested format, loads the HTTP GET request
* and expects a "200 Found" response consistent:
* - requested format: HTML ----> load "$url"
* - requested format: JSON ----> load "$url.json"
*
* This method return a array like this:
* [ 'html' => [ 'headers' => $htmlHeaders,
* 'data' => $html ],
* 'json' => [ 'headers' => $jsonHeaders,
* 'data' => $json,
* 'obj' => $objJson ]]
*
* @param string $url
* @return array
* @param array $requestFormats (optional) requested format, by default it's Array('html', 'json')
* @return array example: Array('html' => [], 'json' => [])
*/
protected function getUrlOk(string $url): Array
final protected function checkUrlOk(string $url, $requestFormats = ['html', 'json']): Array
{
// HTML
$this->get($url);
$this->assertResponseCode(200);
$html = $this->_response->body();
$htmlHeaders = $this->_response->header();
$this->assertEquals('text/html; charset=UTF-8', $htmlHeaders['Content-Type']);
$this->assertEquals('DENY', $htmlHeaders['X-Frame-Options']);
$this->assertEquals('nosniff', $htmlHeaders['X-Content-Type-Options']);
$this->assertEquals('1; mode=block', $htmlHeaders['X-XSS-Protection']);
$this->assertEquals('strict-origin-when-cross-origin', $htmlHeaders['Referrer-Policy']);
// Json
$this->get("$url .json");
$this->assertResponseCode(200);
$jsonHeaders = $this->_response->header();
$json = $this->_response->body();
$objJson = json_decode($json);
$this->assertEquals('application/json; charset=UTF-8', $jsonHeaders['Content-Type']);
return [
'html' => [
'headers' => $htmlHeaders,
'data' => $html,
],
'json' => [
$result = [];
if (in_array('html', $requestFormats)) { // HTML request
$this->get($url);
$this->assertResponseCode(200);
$html = $this->_response->body();
$htmlHeaders = $this->_response->header();
$this->assertEquals('text/html; charset=UTF-8', $htmlHeaders['Content-Type']);
$this->assertEquals('DENY', $htmlHeaders['X-Frame-Options']);
$this->assertEquals('nosniff', $htmlHeaders['X-Content-Type-Options']);
$this->assertEquals('1; mode=block', $htmlHeaders['X-XSS-Protection']);
$this->assertEquals('strict-origin-when-cross-origin', $htmlHeaders['Referrer-Policy']);
$result['html'] = [ 'headers' => $htmlHeaders, 'data' => $html ];
}
if (in_array('json', $requestFormats)) { // JSON request
$this->get("$url .json");
$this->assertResponseCode(200);
$jsonHeaders = $this->_response->header();
$json = $this->_response->body();
$objJson = json_decode($json);
$this->assertEquals('application/json; charset=UTF-8', $jsonHeaders['Content-Type']);
$result['json'] = [
'headers' => $jsonHeaders,
'data' => $json,
'obj' => $objJson,
],
];
];
}
return $result;
}
/**
* For anonymous user:
* - loads the HTTP GET request
* - expects a redirect to login form.
* Checking if a URL retun a HTTP code 403 "Not authorized"
*
* For each requested format, loads the HTTP GET request
* and expects a "403 Forbidden" response consistent:
* - requested format: HTML ----> load "$url"
* - requested format: JSON ----> load "$url.json"
*
* This method return a array like this:
* [ 'html' => [ 'headers' => $htmlHeaders,
* 'data' => $html ],
* 'json' => [ 'headers' => $jsonHeaders,
* 'data' => $json,
* 'obj' => $objJson ]]
*
* @param string $url
* @param string $redirectTo
* @param int $httpCode
* @param array $requestFormats (optional) requested format, by default it's Array('html', 'json')
* @return array example: Array('html' => [], 'json' => [])
*/
protected function getUrlRedirectToAnotherUrl(string $url, string $redirectTo, int $httpCode = 302)
final protected function checkUrlNotAuthorized(string $url, $requestFormats = ['html', 'json']): Array
{
// HTML
$this->get("$url");
$this->assertResponseCode($httpCode);
$headers = $this->_response->header();
$this->assertEquals($redirectTo, $headers['Location']);
// Json
$this->get("$url.json");
$this->assertResponseCode($httpCode);
$headers = $this->_response->header();
$this->assertEquals($redirectTo, $headers['Location']);
$result = [];
if (in_array('html', $requestFormats)) { // HTML request
$this->get($url);
$html = $this->_response->body();
$htmlHeaders = $this->_response->header();
$this->assertResponseCode(403);
$this->assertContains("<title>Error-400</title>", $html);
$result['html'] = [ 'headers' => $htmlHeaders, 'data' => $html ];
}
if (in_array('json', $requestFormats)) { // JSON request
$this->get("$url .json");
$jsonHeaders = $this->_response->header();
$json = $this->_response->body();
$objJson = json_decode($json);
$this->assertResponseCode(403);
$this->assertEquals("You are not authorized to access that location.", $objJson->message);
$this->assertEquals(403, $objJson->code);
$result['json'] = [
'headers' => $jsonHeaders,
'data' => $json,
'obj' => $objJson,
];
}
return $result;
}
/**
* To be used when the HTTP GET request
* is not allowed for the URL ---> HTTP code 403 - Not authorized
* - format HTML ----> $url
* - format JSON ----> $url.'.json'
* Checking if a URL retun a HTTP code 404 "Not Found"
*
* For each requested format, loads the HTTP GET request
* and expects a "404 Not Found" response consistent:
* - requested format: HTML ----> load "$url"
* - requested format: JSON ----> load "$url.json"
*
* This method return a array like this:
* [ 'html' => [ 'headers' => $htmlHeaders,
* 'data' => $html ],
* 'json' => [ 'headers' => $jsonHeaders,
* 'data' => $json,
* 'obj' => $objJson ]]
*
* @param string $url
* @return Array
* @param array $requestFormats (optional) requested format, by default it's Array('html', 'json')
* @return array example: Array('html' => [], 'json' => [])
*/
final protected function checkUrlNotFound(string $url, $requestFormats = ['html', 'json']): Array
{
$result = [];
if (in_array('html', $requestFormats)) { // HTML request
$this->get($url);
$html = $this->_response->body();
$htmlHeaders = $this->_response->header();
$this->assertResponseCode(404);
$this->assertContains("<title>Error-400</title>", $html);
$result['html'] = [ 'headers' => $htmlHeaders, 'data' => $html ];
}
if (in_array('json', $requestFormats)) { // JSON request
$this->get("$url .json");
$jsonHeaders = $this->_response->header();
$json = $this->_response->body();
$objJson = json_decode($json);
$this->assertResponseCode(404);
$this->assertEquals("Not Found", $objJson->message);
$this->assertEquals(404, $objJson->code);
$result['json'] = [
'headers' => $jsonHeaders,
'data' => $json,
'obj' => $objJson,
];
}
return $result;
}
/**
* Checking if a URL redirects to another URL
*
* For each requested format, loads the HTTP GET request
* and expects a redirect to the new URL:
* - requested format: HTML ----> load "$url"
* - requested format: JSON ----> load "$url.json"
*
* @param string $url
* @param string $redirectTo
* @param array $requestFormats (optional) requested format, by default it's Array('html', 'json')
* @param int $httpCode optional, by default it's 302
* @return void
*/
final protected function checkUrlRedirectToAnotherUrl(
string $url,
string $redirectTo,
$requestFormats = ['html', 'json'],
int $httpCode = 302
) {
// HTML request
if (in_array('html', $requestFormats)) {
$this->get("$url");
$this->assertResponseCode($httpCode);
$headers = $this->_response->header();
$this->assertEquals($redirectTo, $headers['Location']);
}
// JSON request
if (in_array('json', $requestFormats)) {
$this->get("$url.json");
$this->assertResponseCode($httpCode);
$headers = $this->_response->header();
$this->assertEquals($redirectTo, $headers['Location']);
}
}
/**
* Checking if a URL redirects to the login form
*
* For each requested format, loads the HTTP GET request
* and expects a redirect to login form:
* - requested format: HTML ----> load "$url"
* - requested format: JSON ----> load "$url.json"
*
* @param array $requestFormats (optional) requested format, by default it's Array('html', 'json')
* @param string $url
* @return void
*/
protected function getUrlNotAuthorized(string $url): Array
final protected function checkUrlRedirectToLogin(string $url, $requestFormats = ['html', 'json'])
{
// HTML
$this->get($url);
$html = $this->_response->body();
$this->assertResponseCode(403);
$this->assertContains("<title>Error-400</title>", $html);
// Json
$this->get($url.'.json');
$json = json_decode($this->_response->body());
$this->assertResponseCode(403);
$this->assertEquals("You are not authorized to access that location.", $json->message);
$this->assertEquals(403, $json->code);
return ['html' => $html, 'json' => $json];
$redirectTo = '/users/login';
$this->checkUrlRedirectToAnotherUrl($url, $redirectTo, $requestFormats);
}
}
......@@ -48,45 +48,124 @@ class TaxonomysControllerTest extends ApiIntegrationTestCase
];
/////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
//// Public actions /////////////////////////////////////////////////////////////////////////////////////////////////
/////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
/**
* Test mapping method
*
* URL: /api/v1/taxonomys/mapping
*
* @group taxonomy
* @return void
*/
public function testMapping()
{
$url = '/api/v1/taxonomys/mapping';
// Admin user
$this->setAdminSession();
// @todo refactor
$this->checkUrlNotFound($url, ['json']);
$r = $this->checkUrlOk($url, ['html']);
$headers = $r['html']['data'];
$html = $r['html']['data']; // @todo check content or TF ?
$this->assertContains("mapping", $html);
// Connected user
$this->setConnectedUserSession();
$this->checkUrlNotFound($url, ['json']);
$this->checkUrlNotAuthorized($url, ['html']);
// Anonymous user
$this->setAnonymousUserSession();
$this->checkUrlNotFound($url, ['json']);
$this->checkUrlRedirectToLogin($url, ['html']);
}
// Admin user
/////////////////////////////////////////////////////////////////////////////////////////
/**
* Set session for a admin user
* Test mappingPrimaryLevel method
*
* URL: /api/v1/taxonomys/mappingPrimaryLevel/<id>
*
* @todo refactor
* @group taxonomy
* @return void
*/
private function setAdminSession()
public function testMappingPrimaryLevel()
{
$this->session([
'Auth' => [
'User' => [
'id' => 2,
"user_type_id" => 2,
"role" => 'admin',
]
]
]);
$url = '/api/v1/taxonomys/mappingPrimaryLevel/1';
// Admin user
$this->setAdminSession();
// @todo refactor
$this->checkUrlNotFound($url, ['json']);
$r = $this->checkUrlOk($url, ['html']);
$headers = $r['html']['data'];
$html = $r['html']['data']; // @todo check content or TF ?
$this->assertContains("mappingPrimaryLevel", $html);
// Connected user
$this->setConnectedUserSession();
$this->checkUrlNotFound($url, ['json']);
$this->checkUrlNotAuthorized($url, ['html']);
// Anonymous user
$this->setAnonymousUserSession();
$this->checkUrlNotFound($url, ['json']);
$this->checkUrlRedirectToLogin($url, ['html']);
}
/**
* For a connected user
* - loads the HTTP GET request
* - expects a "not authorized" response.
* Test mappingTaxon method
*
* URL: /api/v1/taxonomys/mappingTaxon/<id>
*
* @param string $url
* @return Array
* @todo refactor
* @group taxonomy
* @return void
*/
private function getUrlOkForAdminUser(string $url): Array
public function testMappingTaxon()
{
$url = '/api/v1/taxonomys/mappingTaxon/1';
// Admin user
$this->setAdminSession();
return $this->getUrlOk($url);
// @todo refactor
$this->checkUrlNotFound($url, ['json']);
$r = $this->checkUrlOk($url, ['html']);
$headers = $r['html']['data'];
$html = $r['html']['data']; // @todo check content or TF ?
$this->assertContains("mappingTaxon", $html);
// Connected user
$this->setConnectedUserSession();
$this->checkUrlNotFound($url, ['json']);
$this->checkUrlNotAuthorized($url, ['html']);
// Anonymous user
$this->setAnonymousUserSession();
$this->checkUrlNotFound($url, ['json']);
$this->checkUrlRedirectToLogin($url, ['html']);
}
/////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
//// Admin actions ---> self-generated by CakePHP //////////////////////////////////////////////////////////////////
/////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
// Admin user
/////////////////////////////////////////////////////////////////////////////////////////
/**
* Test index method for admin user ---> allowed
*
......@@ -99,7 +178,8 @@ class TaxonomysControllerTest extends ApiIntegrationTestCase
*/
public function testIndexForAdminUser()
{
$result = $this->getUrlOkForAdminUser('/api/v1/taxonomys');
$this->setAdminSession();
$result = $this->checkUrlOk('/api/v1/taxonomys');
$json = $result['json'];
$html = $result['html'];
}
......@@ -116,7 +196,8 @@ class TaxonomysControllerTest extends ApiIntegrationTestCase
*/
public function testViewForAdminUser()
{
$result = $this->getUrlOkForAdminUser('/api/v1/taxonomys/view/1');
$this->setAdminSession();
$result = $this->checkUrlOk('/api/v1/taxonomys/view/1');
}
/**
......@@ -125,6 +206,7 @@ class TaxonomysControllerTest extends ApiIntegrationTestCase
* URL: /api/v1/taxonomys/add
* ----> allowed only for user with "admin" role
*
* @todo Not implemented yet.
* @group admin
* @group taxonomy
* @return void
......@@ -132,6 +214,8 @@ class TaxonomysControllerTest extends ApiIntegrationTestCase
public function testAddForAdminUser()
{
$this->setAdminSession();
$result = $this->checkUrlOk('/api/v1/taxonomys/add');
$this->markTestIncomplete('Not implemented yet.');
}
......@@ -141,6 +225,7 @@ class TaxonomysControllerTest extends ApiIntegrationTestCase
* URL: /api/v1/taxonomys
* ----> allowed only for user with "admin" role
*
* @todo not implemented yet.
* @group admin
* @group taxonomy
* @return void
......@@ -148,6 +233,8 @@ class TaxonomysControllerTest extends ApiIntegrationTestCase
public function testEditForAdminUser()
{
$this->setAdminSession();
$result = $this->checkUrlOk('/api/v1/taxonomys/edit/1');
$this->markTestIncomplete('Not implemented yet.');
}
......@@ -157,6 +244,7 @@ class TaxonomysControllerTest extends ApiIntegrationTestCase
* URL: /api/v1/taxonomys
* ----> allowed only for user with "admin" role
*
* @todo not implemented yet.
* @group admin
* @group taxonomy
* @return void
......@@ -164,45 +252,14 @@ class TaxonomysControllerTest extends ApiIntegrationTestCase
public function testDeleteForAdminUser()
{
$this->setAdminSession();
$this->markTestIncomplete('Not implemented yet.');
}
// Connected user
/////////////////////////////////////////////////////////////////////////////////////////
/**
* Set session for a connected user
*/
private function setConnectedUserSession()
{
$this->session([
'Auth' => [
'User' => [
'id' => 2,
"user_type_id" => 2,
"role" => 'User',
]
]
]);
}
/**
* For a connected user
* - loads the HTTP GET request
* - expects a "not authorized" response.
*
* @param string $url
*/
private function getUrlNotAuthorizedForConnectedUser(string $url)
{
$this->setConnectedUserSession();
$this->getUrlNotAuthorized($url);
}
/**
* Test index method for connected user ---> not authorized
*
......@@ -215,7 +272,8 @@ class TaxonomysControllerTest extends ApiIntegrationTestCase
*/
public function testFailIndexForConnectedUser()
{
$this->getUrlNotAuthorizedForConnectedUser('/api/v1/taxonomys');
$this->setConnectedUserSession();