From 05e8d21fd7c818bbc3559c965bf8155910576aff Mon Sep 17 00:00:00 2001 From: Andrew Newton Date: Mon, 23 Sep 2024 16:51:24 +0100 Subject: [PATCH] fix: Resolves vehicle search being accessible incorrectly to logged out users (#348) --- .../Controller/Search/SearchController.php | 6 ++ .../Search/SearchControllerTest.php | 75 +++++++++++++++++-- 2 files changed, 73 insertions(+), 8 deletions(-) diff --git a/app/selfserve/module/Olcs/src/Controller/Search/SearchController.php b/app/selfserve/module/Olcs/src/Controller/Search/SearchController.php index 962237e28c..2bbae0ac38 100644 --- a/app/selfserve/module/Olcs/src/Controller/Search/SearchController.php +++ b/app/selfserve/module/Olcs/src/Controller/Search/SearchController.php @@ -66,6 +66,12 @@ public function indexAction() { $index = $this->params()->fromRoute('index'); + if ($index === 'vehicle-external') { + if (!$this->authService->isGranted('selfserve-search-vehicle-external')) { + return $this->redirect()->toRoute('auth/login/GET'); + } + } + if (empty($index)) { // show index page if index empty $view = new ViewModel(); diff --git a/app/selfserve/test/Olcs/src/Controller/Search/SearchControllerTest.php b/app/selfserve/test/Olcs/src/Controller/Search/SearchControllerTest.php index 14c5986eb4..5dca901270 100644 --- a/app/selfserve/test/Olcs/src/Controller/Search/SearchControllerTest.php +++ b/app/selfserve/test/Olcs/src/Controller/Search/SearchControllerTest.php @@ -1,39 +1,98 @@ sut = m::mock(Sut::class) + $niTextTranslationUtil = m::mock(NiTextTranslation::class); + $this->authService = m::mock(AuthorizationService::class); + $scriptFactory = m::mock(ScriptFactory::class); + $formHelper = m::mock(FormHelperService::class); + $navigation = m::mock(); + $formElementManager = m::mock(FormElementManager::class); + $viewHelperManager = m::mock(); + $dataServiceManager = m::mock(); + $translationHelper = m::mock(TranslationHelperService::class); + + $this->sut = m::mock(Sut::class, [ + $niTextTranslationUtil, + $this->authService, + $scriptFactory, + $formHelper, + $navigation, + $formElementManager, + $viewHelperManager, + $dataServiceManager, + $translationHelper + ]) ->makePartial() ->shouldAllowMockingProtectedMethods(); } public function testIndexActionWithoutIndex(): void { - $this->sut->shouldReceive('params->fromRoute') + $params = m::mock(); + $params->shouldReceive('fromRoute') ->with('index') ->once() ->andReturn(null); + $this->sut->shouldReceive('params')->andReturn($params); + $view = $this->sut->indexAction(); - $this->assertInstanceOf(\Laminas\View\Model\ViewModel::class, $view); + $this->assertInstanceOf(ViewModel::class, $view); $this->assertEquals('search/index', $view->getTemplate()); } + + public function testIndexActionRedirectsWhenNotAuthorizedForVehicleExternal() + { + $params = m::mock(); + $params->shouldReceive('fromRoute') + ->with('index') + ->once() + ->andReturn('vehicle-external'); + + $this->sut->shouldReceive('params')->andReturn($params); + + $this->authService->shouldReceive('isGranted') + ->with('selfserve-search-vehicle-external') + ->once() + ->andReturn(false); + + $redirectMock = m::mock(Redirect::class); + $redirectMock->shouldReceive('toRoute') + ->with('auth/login/GET') + ->once() + ->andReturn('redirectResponse'); + + $this->sut->shouldReceive('redirect')->andReturn($redirectMock); + + $result = $this->sut->indexAction(); + + $this->assertEquals('redirectResponse', $result); + } }