| 1 | <?php |
| 2 | /* |
| 3 | +--------------------------------------------------------------------+ |
| 4 | | CiviCRM version 4.7 | |
| 5 | +--------------------------------------------------------------------+ |
| 6 | | Copyright CiviCRM LLC (c) 2004-2017 | |
| 7 | +--------------------------------------------------------------------+ |
| 8 | | This file is a part of CiviCRM. | |
| 9 | | | |
| 10 | | CiviCRM is free software; you can copy, modify, and distribute it | |
| 11 | | under the terms of the GNU Affero General Public License | |
| 12 | | Version 3, 19 November 2007 and the CiviCRM Licensing Exception. | |
| 13 | | | |
| 14 | | CiviCRM is distributed in the hope that it will be useful, but | |
| 15 | | WITHOUT ANY WARRANTY; without even the implied warranty of | |
| 16 | | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. | |
| 17 | | See the GNU Affero General Public License for more details. | |
| 18 | | | |
| 19 | | You should have received a copy of the GNU Affero General Public | |
| 20 | | License along with this program; if not, contact CiviCRM LLC | |
| 21 | | at info[AT]civicrm[DOT]org. If you have questions about the | |
| 22 | | GNU Affero General Public License or the licensing of CiviCRM, | |
| 23 | | see the CiviCRM license FAQ at http://civicrm.org/licensing | |
| 24 | +--------------------------------------------------------------------+ |
| 25 | */ |
| 26 | |
| 27 | define('CIVICRM_WEBTEST', 1); |
| 28 | |
| 29 | /** |
| 30 | * Check that we handle redirects appropriately. |
| 31 | */ |
| 32 | class WebTest_Utils_RedirectTest extends PHPUnit_Framework_TestCase { |
| 33 | protected $url; |
| 34 | protected $ch; |
| 35 | |
| 36 | /** |
| 37 | * @param string|null $name |
| 38 | */ |
| 39 | public function __construct($name = NULL) { |
| 40 | parent::__construct($name); |
| 41 | |
| 42 | // TODO: Just use $GLOBALS['_CV'] and don't bother with CiviSeleniumSettings. |
| 43 | $this->settings = new CiviSeleniumSettings(); |
| 44 | if (property_exists($this->settings, 'serverStartupTimeOut') && $this->settings->serverStartupTimeOut) { |
| 45 | global $CiviSeleniumTestCase_polled; |
| 46 | if (!$CiviSeleniumTestCase_polled) { |
| 47 | $CiviSeleniumTestCase_polled = TRUE; |
| 48 | CRM_Utils_Network::waitForServiceStartup( |
| 49 | $this->drivers[0]->getHost(), |
| 50 | $this->drivers[0]->getPort(), |
| 51 | $this->settings->serverStartupTimeOut |
| 52 | ); |
| 53 | } |
| 54 | } |
| 55 | } |
| 56 | |
| 57 | protected function setUp() { |
| 58 | parent::setUp(); |
| 59 | //URL should eventually be adapted for multisite |
| 60 | $this->url = $this->settings->sandboxURL; |
| 61 | |
| 62 | $this->ch = curl_init(); |
| 63 | curl_setopt($this->ch, CURLOPT_HEADER, FALSE); |
| 64 | curl_setopt($this->ch, CURLOPT_FOLLOWLOCATION, FALSE); |
| 65 | // curl_setopt($this->ch, CURLOPT_ENCODING, 'gzip'); |
| 66 | // curl_setopt($this->ch, CURLOPT_VERBOSE, 0); |
| 67 | } |
| 68 | |
| 69 | /** |
| 70 | * Try redirect. |
| 71 | * |
| 72 | * @param string $input_url |
| 73 | * @param string $expected_url |
| 74 | */ |
| 75 | private function tryRedirect($input_url, $expected_url) { |
| 76 | // file_put_contents('php://stderr', $input_url . "\n", FILE_APPEND); |
| 77 | $url = $this->url . '/' . $input_url; |
| 78 | $expected_url = $this->url . '/' . $expected_url; |
| 79 | curl_setopt($this->ch, CURLOPT_URL, $url); |
| 80 | $req = curl_exec($this->ch); |
| 81 | $this->assertEquals(0, curl_errno($this->ch), 'cURL error: ' . curl_error($this->ch)); |
| 82 | if (!curl_errno($this->ch)) { |
| 83 | $info = curl_getinfo($this->ch); |
| 84 | // file_put_contents('php://stderr', print_r($info,1), FILE_APPEND); |
| 85 | $this->assertEquals($expected_url, $info['redirect_url']); |
| 86 | $this->assertEquals('302', $info['http_code']); |
| 87 | } |
| 88 | } |
| 89 | |
| 90 | /** |
| 91 | * Handle onsite redirects with absolute URL. |
| 92 | */ |
| 93 | public function testAbsoluteOnsiteRedirect() { |
| 94 | $this->tryRedirect("civicrm/contribute/transact?qfKey=xxx&entryURL={$this->url}/civicrm/contribute/transact%3Fid%3D1", 'civicrm/contribute/transact?id=1'); |
| 95 | } |
| 96 | |
| 97 | /** |
| 98 | * Handle onsite redirects with slash prefix and query params. |
| 99 | */ |
| 100 | public function testOnsiteRedirectWithSlashPrefixAndQueryParams() { |
| 101 | $this->tryRedirect('civicrm/contribute/transact?qfKey=xxx&entryURL=/civicrm/contribute/transact%3Fid%3D1', 'civicrm/contribute/transact?id=1'); |
| 102 | } |
| 103 | |
| 104 | /** |
| 105 | * Handle onsite redirects with non-CiviCRM paths. |
| 106 | */ |
| 107 | public function testOtherpathRedirect() { |
| 108 | $this->tryRedirect('civicrm/contribute/transact?qfKey=xxx&entryURL=asdf', 'asdf'); |
| 109 | } |
| 110 | |
| 111 | /** |
| 112 | * Handle offsite redirects without path as onsite redirects. |
| 113 | */ |
| 114 | public function testOffsiteRedirectNoPath() { |
| 115 | $this->tryRedirect('civicrm/contribute/transact?qfKey=xxx&entryURL=http://evil.example.com/', ''); |
| 116 | } |
| 117 | |
| 118 | /** |
| 119 | * Handle offsite redirects with paths as onsite redirects. |
| 120 | */ |
| 121 | public function testOffsiteRedirectWithPath() { |
| 122 | $this->tryRedirect('civicrm/contribute/transact?qfKey=xxx&entryURL=http://evil.example.com/civicrm', 'civicrm'); |
| 123 | } |
| 124 | |
| 125 | } |