tec3/five-for-the-future
tec3/five-for-the-future
1
0
Fork 0
mirror of https://github.com/WordPress/five-for-the-future.git synced 2025-04-12 06:53:44 +03:00
Code Issues Actions Packages Projects Releases Wiki Activity
five-for-the-future/plugins/wporg-5ftf/tests/test-email.php
Kelly Dwan 03949905c0
Tests: Update infrastructure & add travis config (#100) 
* Tests: Move tests infrastructure, set up travis

Consolidates the composer files so we can run install once in travis.

* Return empty array if no values are $_POST'ed to the form

Fixes an issue with tests + null values in logs

* Clean up some naming & create helper functions for tests

* Debug travis

* Remove debug

* Fix notices on form

* Turn on multisite flag
2019-11-15 17:40:53 -05:00

230 lines
7.6 KiB
PHP
Raw Blame History

<?php
use function WordPressDotOrg\FiveForTheFuture\Email\{ get_authentication_url, is_valid_authentication_token };
use const WordPressDotOrg\FiveForTheFuture\Email\{ TOKEN_PREFIX };
use const WordPressDotOrg\FiveForTheFuture\Pledge\CPT_ID as PLEDGE_POST_TYPE;
defined( 'WPINC' ) || die();
class Test_Email extends WP_UnitTestCase {
// phpcs:ignore PSR2.Classes.PropertyDeclaration.Multiple
protected static $pledge, $action, $page, $action_url, $token;
/**
* Setup fixtures that are shared across all tests.
*/
public static function wpSetUpBeforeClass() {
$pledge_id = self::factory()->post->create( array(
'post_type' => PLEDGE_POST_TYPE,
'post_title' => 'Valid Pledge',
'post_status' => 'publish',
) );
$page_id = self::factory()->post->create( array(
'post_type' => 'page',
'post_title' => 'For Organizers',
'post_status' => 'publish',
) );
self::$pledge = get_post( $pledge_id );
self::$page = get_post( $page_id );
self::$action = 'confirm_pledge_email';
self::verify_before_class_fixtures();
}
/**
* Verify whether or not the fixtures were setup correctly.
*
* @return void
*/
protected static function verify_before_class_fixtures() {
self::assertSame( 'object', gettype( self::$page ) );
self::assertSame( 'For Organizers', self::$page->post_title );
self::assertSame( 'object', gettype( self::$pledge ) );
self::assertSame( 'Valid Pledge', self::$pledge->post_title );
self::assertSame( PLEDGE_POST_TYPE, self::$pledge->post_type );
}
/**
* Setup fixtures that are unique for each test.
*/
public function setUp() {
parent::setUp();
/*
* `get_authentication_url()` should create a valid token in the database.
*
* This must be called before every test, because the process of verifying a valid token will delete it.
*/
self::$action_url = get_authentication_url( self::$pledge->ID, self::$action, self::$page->ID );
self::$token = get_post_meta( self::$pledge->ID, TOKEN_PREFIX . self::$action, true );
// Verify that the fixtures are setup correctly.
$action_url_args = wp_parse_args( wp_parse_url( self::$action_url, PHP_URL_QUERY ) );
$this->assertSame( 'array', gettype( self::$token ) );
$this->assertSame( $action_url_args['action'], self::$action );
$this->assertSame( $action_url_args['auth_token'], self::$token['value'] );
}
/**
* Helper function to create & get a token.
*/
private function _get_token( $pledge_id, $action, $page_id, $single = true ) {
get_authentication_url( $pledge_id, $action, $page_id, $single );
return get_post_meta( $pledge_id, TOKEN_PREFIX . $action, true );
}
/**
* @covers ::is_valid_authentication_token
*/
public function test_valid_token_accepted() {
$verified = is_valid_authentication_token( self::$pledge->ID, self::$action, self::$token['value'] );
$this->assertTrue( $verified );
}
/**
* @covers ::is_valid_authentication_token
* @dataProvider data_invalid_token_provider
*/
public function test_invalid_tokens_are_rejected( $token_to_validate ) {
$verified = is_valid_authentication_token(
self::$pledge->ID,
self::$action,
$token_to_validate
);
$this->assertSame( false, $verified );
}
/**
* Provide invalid tokens to be used by `test_invalid_tokens_are_rejected`.
*
* Note that data providers can't access fixtures.
* See https://phpunit.readthedocs.io/en/7.4/writing-tests-for-phpunit.html#data-providers.
*
* @covers ::is_valid_authentication_token
*/
public function data_invalid_token_provider() {
return array(
'non-existent-token' => array( false ), // Simulates `get_post_meta()` return value.
'wrong-data-type' => array( 'this string is not an array' ),
'wrong-array-items' => array( 'this' => "doesn't have `value` and `expiration` items" ),
'invalid-value' => array( 'Valid tokens will never contain special characters like !@#$%^&*()' ),
);
}
/**
* @covers ::is_valid_authentication_token
*/
public function test_expired_tokens_are_rejected() {
$expired_token = self::$token;
$expired_token['expiration'] = time() - 1;
update_post_meta( self::$pledge->ID, TOKEN_PREFIX . self::$action, $expired_token );
$verified = is_valid_authentication_token(
self::$pledge->ID,
self::$action,
self::$token['value']
);
$this->assertSame( false, $verified );
}
/**
* @covers ::is_valid_authentication_token
*/
public function test_used_tokens_are_rejected() {
// The token should be deleted once it's used/verified for the first time.
$first_verification = is_valid_authentication_token( self::$pledge->ID, self::$action, self::$token['value'] );
$second_verification = is_valid_authentication_token( self::$pledge->ID, self::$action, self::$token['value'] );
$this->assertSame( true, $first_verification );
$this->assertSame( false, $second_verification );
}
/**
* @covers ::is_valid_authentication_token
*/
public function test_valid_tokens_are_rejected_for_other_pages() {
$verified = is_valid_authentication_token( self::$page->ID, self::$action, self::$token['value'] );
$this->assertSame( false, $verified );
}
/**
* @covers ::is_valid_authentication_token
*/
public function test_valid_tokens_are_rejected_for_other_actions() {
// Generate new token on pledge.
$new_action = 'confirm_contributor_participation';
self::_get_token( self::$pledge->ID, $new_action, self::$page->ID );
// Intentionally mismatch the token and action.
$verified = is_valid_authentication_token(
self::$pledge->ID,
$new_action,
self::$token['value']
);
$this->assertSame( false, $verified );
}
/**
* @covers ::is_valid_authentication_token
*/
public function test_valid_tokens_are_rejected_for_other_pledges() {
$new_pledge_id = self::factory()->post->create( array(
'post_type' => PLEDGE_POST_TYPE,
'post_title' => 'Other Valid Pledge',
'post_status' => 'publish',
) );
$new_pledge = get_post( $new_pledge_id );
$new_token = self::_get_token( $new_pledge->ID, self::$action, self::$page->ID );
// Intentionally mismatch the pledge and token.
$verified = is_valid_authentication_token( $new_pledge_id, self::$action, self::$token['value'] );
$this->assertSame( 'Other Valid Pledge', $new_pledge->post_title );
$this->assertSame( 'array', gettype( $new_token ) );
$this->assertArrayHasKey( 'value', $new_token );
$this->assertNotSame( $new_token['value'], self::$token['value'] );
$this->assertSame( false, $verified );
}
/**
* @covers ::is_valid_authentication_token
*/
public function test_reusable_token_is_reusable() {
$action = 'manage_pledge';
$token = self::_get_token( self::$pledge->ID, $action, self::$page->ID, false );
// The token should be usable multiple times.
$first_verification = is_valid_authentication_token( self::$pledge->ID, $action, $token['value'] );
$second_verification = is_valid_authentication_token( self::$pledge->ID, $action, $token['value'] );
$third_verification = is_valid_authentication_token( self::$pledge->ID, $action, $token['value'] );
$this->assertSame( true, $first_verification );
$this->assertSame( true, $second_verification );
$this->assertSame( true, $third_verification );
}
/**
* @covers ::is_valid_authentication_token
*/
public function test_expired_reusable_tokens_are_rejected() {
$action = 'manage_pledge';
$token = self::_get_token( self::$pledge->ID, $action, self::$page->ID, false );
$token['expiration'] = time() - 1;
update_post_meta( self::$pledge->ID, TOKEN_PREFIX . $action, $token );
$verified = is_valid_authentication_token( self::$pledge->ID, $action, $token['value'] );
$this->assertSame( false, $verified );
}
}
Reference in a new issue View git blame Copy permalink