webapp/bookstack
1
0
Fork 0
mirror of https://github.com/BookStackApp/BookStack.git synced 2025-12-23 23:02:08 +03:00
Code Activity

Merge branch 'webhooks'

Browse Source
This commit is contained in:
Dan Brown
2021-12-18 11:40:08 +00:00
parent 04d59763c3 24e29c523b
commit a3ead5062a
56 changed files with 1368 additions and 187 deletions
Download Patch File Download Diff File Expand all files Collapse all files

221
tests/Actions/AuditLogTest.php Normal file
View File

@@ -0,0 +1,221 @@
<?php
namespace Tests\Actions;
use BookStack\Actions\Activity;
use BookStack\Actions\ActivityLogger;
use BookStack\Actions\ActivityType;
use BookStack\Auth\UserRepo;
use BookStack\Entities\Models\Chapter;
use BookStack\Entities\Models\Page;
use BookStack\Entities\Repos\PageRepo;
use BookStack\Entities\Tools\TrashCan;
use Carbon\Carbon;
use Tests\TestCase;
use function app;
use function config;
class AuditLogTest extends TestCase
{
/** @var ActivityLogger */
protected $activityService;
protected function setUp(): void
{
parent::setUp();
$this->activityService = app(ActivityLogger::class);
}
public function test_only_accessible_with_right_permissions()
{
$viewer = $this->getViewer();
$this->actingAs($viewer);
$resp = $this->get('/settings/audit');
$this->assertPermissionError($resp);
$this->giveUserPermissions($viewer, ['settings-manage']);
$resp = $this->get('/settings/audit');
$this->assertPermissionError($resp);
$this->giveUserPermissions($viewer, ['users-manage']);
$resp = $this->get('/settings/audit');
$resp->assertStatus(200);
$resp->assertSeeText('Audit Log');
}
public function test_shows_activity()
{
$admin = $this->getAdmin();
$this->actingAs($admin);
$page = Page::query()->first();
$this->activityService->add(ActivityType::PAGE_CREATE, $page);
$activity = Activity::query()->orderBy('id', 'desc')->first();
$resp = $this->get('settings/audit');
$resp->assertSeeText($page->name);
$resp->assertSeeText('page_create');
$resp->assertSeeText($activity->created_at->toDateTimeString());
$resp->assertElementContains('.table-user-item', $admin->name);
}
public function test_shows_name_for_deleted_items()
{
$this->actingAs($this->getAdmin());
$page = Page::query()->first();
$pageName = $page->name;
$this->activityService->add(ActivityType::PAGE_CREATE, $page);
app(PageRepo::class)->destroy($page);
app(TrashCan::class)->empty();
$resp = $this->get('settings/audit');
$resp->assertSeeText('Deleted Item');
$resp->assertSeeText('Name: ' . $pageName);
}
public function test_shows_activity_for_deleted_users()
{
$viewer = $this->getViewer();
$this->actingAs($viewer);
$page = Page::query()->first();
$this->activityService->add(ActivityType::PAGE_CREATE, $page);
$this->actingAs($this->getAdmin());
app(UserRepo::class)->destroy($viewer);
$resp = $this->get('settings/audit');
$resp->assertSeeText("[ID: {$viewer->id}] Deleted User");
}
public function test_filters_by_key()
{
$this->actingAs($this->getAdmin());
$page = Page::query()->first();
$this->activityService->add(ActivityType::PAGE_CREATE, $page);
$resp = $this->get('settings/audit');
$resp->assertSeeText($page->name);
$resp = $this->get('settings/audit?event=page_delete');
$resp->assertDontSeeText($page->name);
}
public function test_date_filters()
{
$this->actingAs($this->getAdmin());
$page = Page::query()->first();
$this->activityService->add(ActivityType::PAGE_CREATE, $page);
$yesterday = (Carbon::now()->subDay()->format('Y-m-d'));
$tomorrow = (Carbon::now()->addDay()->format('Y-m-d'));
$resp = $this->get('settings/audit?date_from=' . $yesterday);
$resp->assertSeeText($page->name);
$resp = $this->get('settings/audit?date_from=' . $tomorrow);
$resp->assertDontSeeText($page->name);
$resp = $this->get('settings/audit?date_to=' . $tomorrow);
$resp->assertSeeText($page->name);
$resp = $this->get('settings/audit?date_to=' . $yesterday);
$resp->assertDontSeeText($page->name);
}
public function test_user_filter()
{
$admin = $this->getAdmin();
$editor = $this->getEditor();
$this->actingAs($admin);
$page = Page::query()->first();
$this->activityService->add(ActivityType::PAGE_CREATE, $page);
$this->actingAs($editor);
$chapter = Chapter::query()->first();
$this->activityService->add(ActivityType::CHAPTER_UPDATE, $chapter);
$resp = $this->actingAs($admin)->get('settings/audit?user=' . $admin->id);
$resp->assertSeeText($page->name);
$resp->assertDontSeeText($chapter->name);
$resp = $this->actingAs($admin)->get('settings/audit?user=' . $editor->id);
$resp->assertSeeText($chapter->name);
$resp->assertDontSeeText($page->name);
}
public function test_ip_address_logged_and_visible()
{
config()->set('app.proxies', '*');
$editor = $this->getEditor();
/** @var Page $page */
$page = Page::query()->first();
$this->actingAs($editor)->put($page->getUrl(), [
'name' => 'Updated page',
'html' => '<p>Updated content</p>',
], [
'X-Forwarded-For' => '192.123.45.1',
])->assertRedirect($page->refresh()->getUrl());
$this->assertDatabaseHas('activities', [
'type' => ActivityType::PAGE_UPDATE,
'ip' => '192.123.45.1',
'user_id' => $editor->id,
'entity_id' => $page->id,
]);
$resp = $this->asAdmin()->get('/settings/audit');
$resp->assertSee('192.123.45.1');
}
public function test_ip_address_is_searchable()
{
config()->set('app.proxies', '*');
$editor = $this->getEditor();
/** @var Page $page */
$page = Page::query()->first();
$this->actingAs($editor)->put($page->getUrl(), [
'name' => 'Updated page',
'html' => '<p>Updated content</p>',
], [
'X-Forwarded-For' => '192.123.45.1',
])->assertRedirect($page->refresh()->getUrl());
$this->actingAs($editor)->put($page->getUrl(), [
'name' => 'Updated page',
'html' => '<p>Updated content</p>',
], [
'X-Forwarded-For' => '192.122.45.1',
])->assertRedirect($page->refresh()->getUrl());
$resp = $this->asAdmin()->get('/settings/audit?&ip=192.123');
$resp->assertSee('192.123.45.1');
$resp->assertDontSee('192.122.45.1');
}
public function test_ip_address_not_logged_in_demo_mode()
{
config()->set('app.proxies', '*');
config()->set('app.env', 'demo');
$editor = $this->getEditor();
/** @var Page $page */
$page = Page::query()->first();
$this->actingAs($editor)->put($page->getUrl(), [
'name' => 'Updated page',
'html' => '<p>Updated content</p>',
], [
'X-Forwarded-For' => '192.123.45.1',
'REMOTE_ADDR' => '192.123.45.2',
])->assertRedirect($page->refresh()->getUrl());
$this->assertDatabaseHas('activities', [
'type' => ActivityType::PAGE_UPDATE,
'ip' => '127.0.0.1',
'user_id' => $editor->id,
'entity_id' => $page->id,
]);
}
}

116
tests/Actions/WebhookCallTest.php Normal file
View File

@@ -0,0 +1,116 @@
<?php
namespace Tests\Actions;
use BookStack\Actions\ActivityLogger;
use BookStack\Actions\ActivityType;
use BookStack\Actions\DispatchWebhookJob;
use BookStack\Actions\Webhook;
use BookStack\Auth\User;
use BookStack\Entities\Models\Page;
use Illuminate\Http\Client\Request;
use Illuminate\Support\Facades\Bus;
use Illuminate\Support\Facades\Http;
use Tests\TestCase;
class WebhookCallTest extends TestCase
{
public function test_webhook_listening_to_all_called_on_event()
{
$this->newWebhook([], ['all']);
Bus::fake();
$this->runEvent(ActivityType::ROLE_CREATE);
Bus::assertDispatched(DispatchWebhookJob::class);
}
public function test_webhook_listening_to_specific_event_called_on_event()
{
$this->newWebhook([], [ActivityType::ROLE_UPDATE]);
Bus::fake();
$this->runEvent(ActivityType::ROLE_UPDATE);
Bus::assertDispatched(DispatchWebhookJob::class);
}
public function test_webhook_listening_to_specific_event_not_called_on_other_event()
{
$this->newWebhook([], [ActivityType::ROLE_UPDATE]);
Bus::fake();
$this->runEvent(ActivityType::ROLE_CREATE);
Bus::assertNotDispatched(DispatchWebhookJob::class);
}
public function test_inactive_webhook_not_called_on_event()
{
$this->newWebhook(['active' => false], ['all']);
Bus::fake();
$this->runEvent(ActivityType::ROLE_CREATE);
Bus::assertNotDispatched(DispatchWebhookJob::class);
}
public function test_failed_webhook_call_logs_error()
{
$logger = $this->withTestLogger();
Http::fake([
'*' => Http::response('', 500),
]);
$this->newWebhook(['active' => true, 'endpoint' => 'https://wh.example.com'], ['all']);
$this->runEvent(ActivityType::ROLE_CREATE);
$this->assertTrue($logger->hasError('Webhook call to endpoint https://wh.example.com failed with status 500'));
}
public function test_webhook_call_data_format()
{
Http::fake([
'*' => Http::response('', 200),
]);
$webhook = $this->newWebhook(['active' => true, 'endpoint' => 'https://wh.example.com'], ['all']);
/** @var Page $page */
$page = Page::query()->first();
$editor = $this->getEditor();
$this->runEvent(ActivityType::PAGE_UPDATE, $page, $editor);
Http::assertSent(function(Request $request) use ($editor, $page, $webhook) {
$reqData = $request->data();
return $request->isJson()
&& $reqData['event'] === 'page_update'
&& $reqData['text'] === ($editor->name . ' updated page "' . $page->name . '"')
&& is_string($reqData['triggered_at'])
&& $reqData['triggered_by']['name'] === $editor->name
&& $reqData['triggered_by_profile_url'] === $editor->getProfileUrl()
&& $reqData['webhook_id'] === $webhook->id
&& $reqData['webhook_name'] === $webhook->name
&& $reqData['url'] === $page->getUrl()
&& $reqData['related_item']['name'] === $page->name;
});
}
protected function runEvent(string $event, $detail = '', ?User $user = null)
{
if (is_null($user)) {
$user = $this->getEditor();
}
$this->actingAs($user);
$activityLogger = $this->app->make(ActivityLogger::class);
$activityLogger->add($event, $detail);
}
protected function newWebhook(array $attrs = [], array $events = ['all']): Webhook
{
/** @var Webhook $webhook */
$webhook = Webhook::factory()->create($attrs);
foreach ($events as $event) {
$webhook->trackedEvents()->create(['event' => $event]);
}
return $webhook;
}
}

173
tests/Actions/WebhookManagementTest.php Normal file
View File

@@ -0,0 +1,173 @@
<?php
namespace Tests\Actions;
use BookStack\Actions\ActivityType;
use BookStack\Actions\Webhook;
use Tests\TestCase;
class WebhookManagementTest extends TestCase
{
public function test_index_view()
{
$webhook = $this->newWebhook([
'name' => 'My awesome webhook',
'endpoint' => 'https://example.com/donkey/webhook',
], ['all']);
$resp = $this->asAdmin()->get('/settings/webhooks');
$resp->assertOk();
$resp->assertElementContains('a[href$="/settings/webhooks/create"]', 'Create New Webhook');
$resp->assertElementExists('a[href="' . $webhook->getUrl() . '"]', $webhook->name);
$resp->assertSee($webhook->endpoint);
$resp->assertSee('All system events');
$resp->assertSee('Active');
}
public function test_create_view()
{
$resp = $this->asAdmin()->get('/settings/webhooks/create');
$resp->assertOk();
$resp->assertSee('Create New Webhook');
$resp->assertElementContains('form[action$="/settings/webhooks/create"] button', 'Save Webhook');
}
public function test_store()
{
$resp = $this->asAdmin()->post('/settings/webhooks/create', [
'name' => 'My first webhook',
'endpoint' => 'https://example.com/webhook',
'events' => ['all'],
'active' => 'true'
]);
$resp->assertRedirect('/settings/webhooks');
$this->assertActivityExists(ActivityType::WEBHOOK_CREATE);
$resp = $this->followRedirects($resp);
$resp->assertSee('Webhook successfully created');
$this->assertDatabaseHas('webhooks', [
'name' => 'My first webhook',
'endpoint' => 'https://example.com/webhook',
'active' => true,
]);
/** @var Webhook $webhook */
$webhook = Webhook::query()->where('name', '=', 'My first webhook')->first();
$this->assertDatabaseHas('webhook_tracked_events', [
'webhook_id' => $webhook->id,
'event' => 'all',
]);
}
public function test_edit_view()
{
$webhook = $this->newWebhook();
$resp = $this->asAdmin()->get('/settings/webhooks/' . $webhook->id);
$resp->assertOk();
$resp->assertSee('Edit Webhook');
$resp->assertElementContains('form[action="' . $webhook->getUrl() . '"] button', 'Save Webhook');
$resp->assertElementContains('a[href="' . $webhook->getUrl('/delete') . '"]', 'Delete Webhook');
$resp->assertElementExists('input[type="checkbox"][value="all"][name="events[]"]');
}
public function test_update()
{
$webhook = $this->newWebhook();
$resp = $this->asAdmin()->put('/settings/webhooks/' . $webhook->id, [
'name' => 'My updated webhook',
'endpoint' => 'https://example.com/updated-webhook',
'events' => [ActivityType::PAGE_CREATE, ActivityType::PAGE_UPDATE],
'active' => 'true'
]);
$resp->assertRedirect('/settings/webhooks');
$resp = $this->followRedirects($resp);
$resp->assertSee('Webhook successfully updated');
$this->assertDatabaseHas('webhooks', [
'id' => $webhook->id,
'name' => 'My updated webhook',
'endpoint' => 'https://example.com/updated-webhook',
'active' => true,
]);
$trackedEvents = $webhook->trackedEvents()->get();
$this->assertCount(2, $trackedEvents);
$this->assertEquals(['page_create', 'page_update'], $trackedEvents->pluck('event')->values()->all());
$this->assertActivityExists(ActivityType::WEBHOOK_UPDATE);
}
public function test_delete_view()
{
$webhook = $this->newWebhook(['name' => 'Webhook to delete']);
$resp = $this->asAdmin()->get('/settings/webhooks/' . $webhook->id . '/delete');
$resp->assertOk();
$resp->assertSee('Delete Webhook');
$resp->assertSee('This will fully delete this webhook, with the name \'Webhook to delete\', from the system.');
$resp->assertElementContains('form[action$="/settings/webhooks/' . $webhook->id . '"]', 'Delete');
}
public function test_destroy()
{
$webhook = $this->newWebhook();
$resp = $this->asAdmin()->delete('/settings/webhooks/' . $webhook->id);
$resp->assertRedirect('/settings/webhooks');
$resp = $this->followRedirects($resp);
$resp->assertSee('Webhook successfully deleted');
$this->assertDatabaseMissing('webhooks', ['id' => $webhook->id]);
$this->assertDatabaseMissing('webhook_tracked_events', ['webhook_id' => $webhook->id]);
$this->assertActivityExists(ActivityType::WEBHOOK_DELETE);
}
public function test_settings_manage_permission_required_for_webhook_routes()
{
$editor = $this->getEditor();
$this->actingAs($editor);
$routes = [
['GET', '/settings/webhooks'],
['GET', '/settings/webhooks/create'],
['POST', '/settings/webhooks/create'],
['GET', '/settings/webhooks/1'],
['PUT', '/settings/webhooks/1'],
['DELETE', '/settings/webhooks/1'],
['GET', '/settings/webhooks/1/delete'],
];
foreach ($routes as [$method, $endpoint]) {
$resp = $this->call($method, $endpoint);
$this->assertPermissionError($resp);
}
$this->giveUserPermissions($editor, ['settings-manage']);
foreach ($routes as [$method, $endpoint]) {
$resp = $this->call($method, $endpoint);
$this->assertNotPermissionError($resp);
}
}
protected function newWebhook(array $attrs = [], array $events = ['all']): Webhook
{
/** @var Webhook $webhook */
$webhook = Webhook::factory()->create($attrs);
foreach ($events as $event) {
$webhook->trackedEvents()->create(['event' => $event]);
}
return $webhook;
}
}