-
-
Notifications
You must be signed in to change notification settings - Fork 366
Expand file tree
/
Copy pathSecureImageLinksTest.php
More file actions
104 lines (88 loc) · 2.97 KB
/
SecureImageLinksTest.php
File metadata and controls
104 lines (88 loc) · 2.97 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
<?php
/**
* SPDX-License-Identifier: MIT
* Copyright (c) 2017-2018 Tobias Reich
* Copyright (c) 2018-2025 LycheeOrg.
*/
/**
* We don't care for unhandled exceptions in tests.
* It is the nature of a test to throw an exception.
* Without this suppression we had 100+ Linter warning in this file which
* don't help anything.
*
* @noinspection PhpDocMissingThrowsInspection
* @noinspection PhpUnhandledExceptionInspection
*/
namespace Tests\Feature_v2;
use App\Models\Configs;
use Illuminate\Support\Facades\URL;
use Tests\Feature_v2\Base\BaseApiWithDataTest;
class SecureImageLinksTest extends BaseApiWithDataTest
{
private function setSecureLink()
{
Configs::set('secure_image_link_enabled', '1');
Configs::invalidateCache();
}
private function setTemporaryLink()
{
Configs::set('temporary_image_link_enabled', '1');
Configs::invalidateCache();
}
public function tearDown(): void
{
Configs::set('temporary_image_link_enabled', '0');
Configs::set('secure_image_link_enabled', '0');
Configs::invalidateCache();
parent::tearDown();
}
public function testSignedImage(): void
{
$this->setTemporaryLink();
$response = $this->getJsonWithData('Album', ['album_id' => $this->album4->id]);
$this->assertOk($response);
$url = $response->json('resource.photos.0.size_variants.medium.url');
$this->assertStringContainsString('/image/medium/', $url);
$response = $this->get($url);
$this->assertNotFound($response);
$response->assertSeeText('File not found'); // We mocked the file !
}
public function testExpiredSignature(): void
{
$this->setTemporaryLink();
$expired_url = URL::temporarySignedRoute('image', now()->subMinutes(10), ['path' => 'c3/3d/c661c594a5a781cd44db06828783.png']);
$response = $this->get($expired_url);
$this->assertForbidden($response);
$response->assertSeeText('Link expired');
}
public function testBrokenSignature(): void
{
$this->setTemporaryLink();
$response = $this->getJsonWithData('Album', ['album_id' => $this->album4->id]);
$this->assertOk($response);
$url = $response->json('resource.photos.0.size_variants.medium.url');
$this->assertStringContainsString('/image/medium/', $url);
$unsigned_url = explode('?', $url)[0];
$response = $this->get($unsigned_url);
$this->assertForbidden($response);
}
public function testEncryptedImages(): void
{
$this->setSecureLink();
$response = $this->getJsonWithData('Album', ['album_id' => $this->album4->id]);
$this->assertOk($response);
$url = $response->json('resource.photos.0.size_variants.medium.url');
$this->assertStringContainsString('/image/', $url);
$response = $this->get($url);
$this->assertNotFound($response);
$response->assertSeeText('File not found'); // We mocked the file !
}
public function testBrokenEncryption(): void
{
$this->setSecureLink();
$broken_url = URL::route('image', ['path' => 'broken_path']);
$response = $this->get($broken_url);
$this->assertForbidden($response);
$response->assertSeeText('Invalid payload');
}
}