Skip to content
Permalink
Browse files Browse the repository at this point in the history
Merge pull request from GHSA-375w-q56h-h7qc
Check if the user is connected before using the back parameter
  • Loading branch information
PierreRambaud committed Apr 15, 2020
2 parents fc1d796 + 6652bb3 commit cd2219d
Show file tree
Hide file tree
Showing 3 changed files with 88 additions and 21 deletions.
Expand Up @@ -26,6 +26,8 @@

namespace PrestaShopBundle\EventListener;

use Employee;
use PrestaShop\PrestaShop\Adapter\LegacyContext;
use PrestaShop\PrestaShop\Core\Util\Url\BackUrlProvider;
use Symfony\Component\HttpFoundation\RedirectResponse;
use Symfony\Component\HttpFoundation\Request;
Expand All @@ -41,17 +43,32 @@ final class BackUrlRedirectResponseListener
*/
private $backUrlProvider;

/**
* @var int
*/
private $employeeId;

/**
* @param BackUrlProvider $backUrlProvider
*/
public function __construct(
BackUrlProvider $backUrlProvider
) {
BackUrlProvider $backUrlProvider,
LegacyContext $legacyContext
) {
$this->backUrlProvider = $backUrlProvider;
$context = $legacyContext->getContext();
if (null !== $context && $context->employee instanceof Employee) {
$this->employeeId = $context->employee->id;
}
}

public function onKernelResponse(FilterResponseEvent $event)
{
// No need to continue because the employee is not connected
if (empty($this->employeeId)) {
return;
}

$currentRequest = $event->getRequest();
$originalResponse = $event->getResponse();

Expand Down
Expand Up @@ -89,6 +89,7 @@ services:
class: PrestaShopBundle\EventListener\BackUrlRedirectResponseListener
arguments:
- '@prestashop.core.uti.back_url_provider'
- "@prestashop.adapter.legacy.context"
tags:
- { name: kernel.event_listener, event: kernel.response, method: onKernelResponse }

Expand Down
Expand Up @@ -26,7 +26,10 @@

namespace Tests\Unit\PrestaShopBundle\EventListener;

use Employee;
use Context;
use PHPUnit\Framework\TestCase;
use PrestaShop\PrestaShop\Adapter\LegacyContext;
use PrestaShop\PrestaShop\Core\Util\Url\BackUrlProvider;
use PrestaShopBundle\EventListener\BackUrlRedirectResponseListener;
use Symfony\Component\HttpFoundation\RedirectResponse;
Expand All @@ -51,19 +54,47 @@ protected function setUp()
;
}

public function testItSetsResponseWithBackUrl()
protected function getLegacyContextMock($isConnected = true)
{
$expectedUrl = 'http://localhost';
$legacyContextMock = $this->getMockBuilder(LegacyContext::class)
->setMethods(array(
'getContext',
))
->getMock();

$employeeMock = $this->getMockBuilder(Employee::class)->getMock();
$employeeMock->id = $isConnected ? 1 : null;

$contextMock = $this->getMockBuilder(Context::class)->getMock();
$contextMock->employee = $employeeMock;

$legacyContextMock->expects($this->any())->method('getContext')->willReturn($contextMock);

return $legacyContextMock;
}

$backUrlProvider = $this
protected function getBackUrlProviderMock($backUrl)
{
$backUrlProviderMock = $this
->getMockBuilder(BackUrlProvider::class)
->getMock()
;

$backUrlProvider
$backUrlProviderMock
->method('getBackUrl')
->willReturn($expectedUrl)
->willReturn($backUrl)
;
return $backUrlProviderMock;
}

public function testItSetsResponseWithBackUrl()
{
$expectedUrl = 'http://localhost';

$legacyContextMock = $this->getLegacyContextMock();
$backUrlProviderMock = $this->getBackUrlProviderMock(
$expectedUrl
);

$this->filterResponseEventMock
->method('getResponse')
Expand All @@ -75,7 +106,10 @@ public function testItSetsResponseWithBackUrl()
->willReturn(new Request())
;

$responseListener = new BackUrlRedirectResponseListener($backUrlProvider);
$responseListener = new BackUrlRedirectResponseListener(
$backUrlProviderMock,
$legacyContextMock
);

$responseListener->onKernelResponse($this->filterResponseEventMock);

Expand All @@ -87,19 +121,14 @@ public function testItSetsResponseWithBackUrl()

public function testWhenRequestAndResponseUrlsAreEqualItDoesNotModifyOriginalResponse()
{
$requestAndResponseUrl = 'http://localhost';

$backUrlProvider = $this
->getMockBuilder(BackUrlProvider::class)
->getMock()
;
$expectedUrl = 'http://localhost';

$backUrlProvider
->method('getBackUrl')
->willReturn('http://localhost-not-called.dev')
;
$legacyContextMock = $this->getLegacyContextMock();
$backUrlProviderMock = $this->getBackUrlProviderMock(
'http://localhost-not-called.dev'
);

$originalRedirectResponse = new RedirectResponse($requestAndResponseUrl);
$originalRedirectResponse = new RedirectResponse($expectedUrl);

$this->filterResponseEventMock
->method('getResponse')
Expand All @@ -112,20 +141,40 @@ public function testWhenRequestAndResponseUrlsAreEqualItDoesNotModifyOriginalRes

$currentRequest
->method('getRequestUri')
->willReturn($requestAndResponseUrl)
->willReturn($expectedUrl)
;

$this->filterResponseEventMock
->method('getRequest')
->willReturn($currentRequest)
;

$responseListener = new BackUrlRedirectResponseListener($backUrlProvider);
$responseListener = new BackUrlRedirectResponseListener(
$backUrlProviderMock,
$legacyContextMock
);

$responseListener->onKernelResponse($this->filterResponseEventMock);

$actual = $this->filterResponseEventMock->getResponse();

$this->assertEquals($originalRedirectResponse, $actual);
}

public function testWhenEmployeeIsNotConnected()
{
$expectedUrl = 'http://localhost';

$legacyContextMock = $this->getLegacyContextMock(false);
$backUrlProviderMock = $this->getBackUrlProviderMock(
'http://localhost-not-called.dev'
);

$responseListener = new BackUrlRedirectResponseListener(
$backUrlProviderMock,
$legacyContextMock
);

$this->assertNull($responseListener->onKernelResponse($this->filterResponseEventMock));
}
}

0 comments on commit cd2219d

Please sign in to comment.