Created
April 4, 2018 17:02
-
-
Save tgalopin/d628ad6afaf90af004077d0f3d811335 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| namespace App\Tests\Controller; | |
| use Symfony\Component\HttpFoundation\Response; | |
| /** | |
| * @group functional | |
| */ | |
| class SecurityControllerTest extends AbstractControllerTest | |
| { | |
| /** | |
| * List of public pages to check accessibility. | |
| */ | |
| public function providePublicPages(): array | |
| { | |
| return [ | |
| ['/'], | |
| ['/about/why'], | |
| ['/about/team'], | |
| ['/user/login'], | |
| ['/user/register'], | |
| ['/user/forgotten-password'], | |
| ]; | |
| } | |
| /** | |
| * List of user pages to check accessibility as user and inaccessibility as anonymous. | |
| */ | |
| public function provideUserPages(): array | |
| { | |
| return [ | |
| ['/account/informations'], | |
| ['/account/change-password'], | |
| ['/account/notifications'], | |
| ]; | |
| } | |
| /** | |
| * List of admin pages to check accessibility as admin and inaccessibility as anonymous or user. | |
| */ | |
| public function provideAdminPages(): array | |
| { | |
| return [ | |
| ['/admin/?action=list&entity=User'], | |
| ]; | |
| } | |
| /* | |
| * Intermediate providers for security tests | |
| */ | |
| public function providePagesAccessibleAsAnonymous(): array | |
| { | |
| return $this->providePublicPages(); | |
| } | |
| public function providePagesForbiddenAsAnonymous(): array | |
| { | |
| return array_merge($this->provideUserPages(), $this->provideUserPages()); | |
| } | |
| public function providePagesAccessibleAsUser(): array | |
| { | |
| return array_merge($this->providePublicPages(), $this->provideUserPages()); | |
| } | |
| public function providePagesForbiddenAsUser(): array | |
| { | |
| return $this->provideAdminPages(); | |
| } | |
| public function providePagesAccessibleAsAdmin(): array | |
| { | |
| return array_merge($this->providePublicPages(), $this->provideUserPages(), $this->provideAdminPages()); | |
| } | |
| public function testLogin(): void | |
| { | |
| $crawler = $this->client->request('GET', '/user/login'); | |
| $this->assertSame(Response::HTTP_OK, $this->client->getResponse()->getStatusCode()); | |
| $form = $crawler->selectButton('Se connecter')->form(); | |
| $this->client->enableProfiler(); | |
| $this->client->submit($form, [ | |
| '_username' => 'user@example.org', | |
| '_password' => 'password', | |
| ]); | |
| $this->assertTrue($this->client->getResponse()->isRedirect()); | |
| $crawler = $this->client->followRedirect(); | |
| $this->assertSame(Response::HTTP_OK, $this->client->getResponse()->getStatusCode()); | |
| $this->assertSame(1, $crawler->filter('title:contains("MyProject")')->count()); | |
| $this->assertSame(1, $crawler->filter('.header__user .navbar-link span:contains("Bertha Barrett")')->count()); | |
| } | |
| /** | |
| * @dataProvider providePagesAccessibleAsAnonymous | |
| */ | |
| public function testPagesAccessibleAsAnonymous(string $url): void | |
| { | |
| $crawler = $this->client->request('GET', $url); | |
| $this->assertSame(Response::HTTP_OK, $this->client->getResponse()->getStatusCode()); | |
| $this->assertSame(1, $crawler->filter('title:contains("MyProject")')->count()); | |
| $this->assertSame(1, $crawler->filter('.header__primary-item__button span:contains("Se connecter")')->count()); | |
| $this->assertSame(1, $crawler->filter('.header__primary-item__button span:contains("S\'inscrire")')->count()); | |
| } | |
| /** | |
| * @dataProvider providePagesForbiddenAsAnonymous | |
| */ | |
| public function testPagesForbiddenAsAnonymous(string $url): void | |
| { | |
| $this->client->request('GET', $url); | |
| $this->assertSame(Response::HTTP_FOUND, $this->client->getResponse()->getStatusCode()); | |
| } | |
| /** | |
| * @dataProvider providePagesAccessibleAsUser | |
| */ | |
| public function testPagesAccessibleAsUser(string $url): void | |
| { | |
| $this->authenticate('user@MyProject.io'); | |
| $crawler = $this->client->request('GET', $url); | |
| $this->assertSame(Response::HTTP_OK, $this->client->getResponse()->getStatusCode()); | |
| $this->assertSame(1, $crawler->filter('title:contains("MyProject")')->count()); | |
| $this->assertSame(1, $crawler->filter('.header__user .navbar-link span:contains("Bertha Barrett")')->count()); | |
| } | |
| /** | |
| * @dataProvider providePagesForbiddenAsUser | |
| */ | |
| public function testPagesForbiddenAsUser(string $url): void | |
| { | |
| $this->authenticate('user@MyProject.io'); | |
| $this->client->request('GET', $url); | |
| $this->assertSame(Response::HTTP_FORBIDDEN, $this->client->getResponse()->getStatusCode()); | |
| } | |
| /** | |
| * @dataProvider providePagesAccessibleAsAdmin | |
| */ | |
| public function testPagesAccessibleAsAdmin(string $url): void | |
| { | |
| $this->authenticate('admin@MyProject.io'); | |
| $crawler = $this->client->request('GET', $url); | |
| $this->assertSame(Response::HTTP_OK, $this->client->getResponse()->getStatusCode()); | |
| if (strpos($url, '/admin') === 0) { | |
| $this->assertSame(1, $crawler->filter('.logo:contains("MyProject")')->count()); | |
| } else { | |
| $this->assertSame(1, $crawler->filter('title:contains("MyProject")')->count()); | |
| $this->assertSame(1, $crawler->filter('.header__user .navbar-link span:contains("Titouan Galopin")')->count()); | |
| } | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment