swaggboi/PostText
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity
PostText/t/post.t
swaggboi 32393fd8f3 Implement CSRF for post_thread
2024-08-10 15:24:32 -04:00

134 lines
4 KiB
Perl
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

use Mojo::Base -strict;
use Test::More;
use Test::Mojo;
my $t = Test::Mojo->new('PostText');
# For CAPTCHA
my %good_captcha = (answer => 1, number => '');
my $bump_thread_url =
'/captcha/H4sIAImTzmQAA8soKSmw0tfPyU9OzMnILy6xMjYwMNDPKM1NzNMvyShKTUzRTyrNLdA3BAD5ek7T%0AKQAAAA==%0A';
my %valid_thread = (
author => 'Anonymous',
title => 'hi',
body => 'ayy... lmao'
);
my %invalid_title = (
author => 'Anonymous',
title => '',
body => 'ayy... lmao'
);
my %invalid_thread = (
author => 'Anonymous',
title => 'hi',
body => 'a'
);
my %valid_remark = (
author => 'Anonymous',
body => 'hi'
);
my %invalid_remark = (
author => 'Anonymous',
body => 'a'
);
# No CAPTCHA yet
$t->get_ok('/human/thread/post')->status_is(302)
->header_like(Location => qr/captcha/);
$t->get_ok('/human/remark/post/1')->status_is(302)
->header_like(Location => qr/captcha/);
# Do CAPTCHA
$t->post_ok($bump_thread_url, form => \%good_captcha)
->status_is(302)
->header_like(Location => qr{human/thread/bump/1});
$t->ua->max_redirects(1);
subtest 'Post new thread', sub {
my $csrf_token;
# GET
$t->get_ok('/human/thread/post')->status_is(200)
->element_exists('form input[name="author"]' )
->element_exists('form input[name="title"]' )
->element_exists('form textarea[name="body"]' )
->element_exists('form button[type="submit"]' )
->element_exists('form input[name="csrf_token"]')
->text_like(h2 => qr/New Thread/);
# POST
$t->post_ok('/human/thread/post')->status_is(200)
->element_exists('form input[name="author"]' )
->element_exists('form input[name="title"]' )
->element_exists('form textarea[name="body"]')
->element_exists('form button[type="submit"]')
->text_like(h2 => qr/New Thread/);
# No CSRF token
$t->post_ok('/human/thread/post', form => \%valid_thread)
->status_is(403)
->text_like(p => qr/Something went wrong/);
$invalid_title{'csrf_token'} =
$t->tx->res->dom->at('input[name="csrf_token"]')->val;
$t->post_ok('/human/thread/post', form => \%invalid_title)
->status_is(400)
->text_like(p => qr/Must be between/);
$invalid_thread{'csrf_token'} =
$t->tx->res->dom->at('input[name="csrf_token"]')->val;
$t->post_ok('/human/thread/post', form => \%invalid_thread)
->status_is(400)
->text_like(p => qr/Must be between/);
$valid_thread{'csrf_token'} =
$t->tx->res->dom->at('input[name="csrf_token"]')->val;
$t->post_ok('/human/thread/post', form => \%valid_thread)
->status_is(200)
->text_like(h2 => qr/Thread #\d+/);
};
subtest 'Post new remark', sub {
# GET
$t->get_ok('/human/remark/post/1')->status_is(200)
->element_exists('form input[name="author"]' )
->element_exists('form textarea[name="body"]')
->element_exists('form button[type="submit"]')
->text_like(h2 => qr/Remark on Thread #/);
$t->get_ok('/human/remark/post/65536')->status_is(404)
->text_like(p => qr/Thread not found/);
# Test the remark-to-remark thing
$t->get_ok('/human/remark/post/1/1')->status_is(200)
->element_exists('form input[name="author"]' )
->element_exists('form textarea[name="body"]' )
->element_exists('form button[type="submit"]' )
->element_exists('a[href$="/remark/single/1"]')
->text_like(h3 => qr/Last Remark/);
# POST
$t->post_ok('/human/remark/post/1')->status_is(200)
->element_exists('form input[name="author"]' )
->element_exists('form textarea[name="body"]' )
->element_exists('form button[type="submit"]' )
->text_like(h2 => qr/Remark on Thread #/);
$t->post_ok('/human/remark/post/1', form => \%valid_remark)
->status_is(200)
->text_like(h2 => qr/Thread #1/);
$t->post_ok('/human/remark/post/1', form => \%invalid_remark)
->status_is(400)
->text_like(p => qr/Must be between/);
};
done_testing;
Reference in a new issue View git blame Copy permalink