I want to write a program in my symfony1.4 project which can return/give the unsecured page's url, how can I write this?
I secured the actions with credentials and i used sfDoctrineGuard for security.
If user is not authorized for any pages then that pages show me 401 code from sfwebresponse.
I gave the credentials for every actions.My first question is
Now how can i test that the actions are secured.
I want to generate a report which contains the every pages url's and respective urls are secured or not?
my routing.yml is like follows:
annual_performance_appraisal_details:
class: sfDoctrineRouteCollection
options:
model: AnnualPerformanceAppraisalDetails
module: AnnualPerformanceAppraisalDetails
prefix_path: /AnnualPerformanceAppraisalDetails
column: id
with_wildcard_routes: true
annual_performance_appraisal:
class: sfDoctrineRouteCollection
options:
model: AnnualPerformanceAppraisal
module: AnnualPerformanceAppraisal
prefix_path: /AnnualPerformanceAppraisal
column: id
with_wildcard_routes: true
apa_question_answer:
class: sfDoctrineRouteCollection
options:
model: ApaQuestionAnswer
module: ApaQuestionAnswer
prefix_path: /ApaQuestionAnswer
column: id
with_wildcard_routes: true
In my Second(2) question i want a report like follows:
Url: ...../AnnualPerformanceAppraisalDetails
SecurityReport: 401(Athorization requried)
Url: ...../AnnualPerformanceAppraisal
SecurityReport: 401(Athorization requried) or 403 Forbidden
About 1 You can check the status code of the pages. You will need an explicit list of urls to test.
You can probably write something like this :
$secured_urls=array('default/index','myModule/index',...);
foreach ($secured_urls as $url) {
$browser->get($url)
->with('response')
->begin()
->isStatusCode(401)
->end();
}
About 2 are you trying to build that report from the tests results?
Related
I'm using Codeception/WP Browser to write tests for Wordpress. I had a method on a class that was making an outside http request whenever it was being loaded up and this was incorrect behavior. It's only supposed to make that request on a certain page, and on others it is not. I have rewritten the code so its fixed, but I dont know how to go about testing it. I've tried loading up the acceptance, functional and wpunit tester helpers but none of them seem to have anything that lets me grab a response from an outside http request on page load. Can anyone help?
Ive tried using the different modules, but I cant seem to find the magic combination or I am just lost.
heres some of my acceptance code that isnt doing it
<?php
// $ codecept run acceptance exampleExpectLoginByAdminCest
class expectLoginByAdminCest {
public function _before( AcceptanceTester $I ) {
}
public function _after( AcceptanceTester $I ) {
}
public function expectsAdminToLogin( AcceptanceTester $I ) {
// ARRANGE
$I->wantTo( 'log in as an Admin' );
$I->amGoingTo( 'log in as Admin' );
// ACT
$I->loginAsAdmin();
$I->amOnPage( "/wp-admin/admin.php?page=advisor-dashboard&course=8927" );
// ASSERT
// tokens shouldnt be available so bad response
$I->seeResponseCodeIs(401);
}
}
Heres a copy of my acceptance config
# Suite for acceptance tests.
actor: AcceptanceTester
modules:
enabled:
- WPDb
- WPWebDriver
- \Helper\Acceptance
config:
WPDb:
dsn: 'mysql:host=%TEST_SITE_DB_HOST%;dbname=%TEST_SITE_DB_NAME%'
user: '%TEST_SITE_DB_USER%'
password: '%TEST_SITE_DB_PASSWORD%'
dump: 'tests/_data/rwa-dump.sql'
#import the dump before the tests; this means the test site database will be repopulated before the tests.
populate: true
# re-import the dump between tests; this means the test site database will be repopulated between the tests.
cleanup: true
waitlock: 10
url: '%TEST_SITE_WP_URL%'
urlReplacement: true #replace the hardcoded dump URL with the one above
tablePrefix: '%TEST_SITE_TABLE_PREFIX%'
WPWebDriver:
url: '%CHROMEDRIVER_WP_URL%'
adminUsername: 'admin'
adminPassword: 'admin'
adminPath: '/wp-admin'
browser: chrome
host: %CHROMEDRIVER_HOST%
port: %CHROMEDRIVER_PORT%
capabilities:
# Used in more recent releases of Selenium.
"goog:chromeOptions":
args: ["--no-sandbox", "--disable-gpu", "--user-agent=wp-browser"]
w3c: false
# Support the old format for back-compatibility purposes.
"chromeOptions":
args: ["--no-sandbox", "--disable-gpu", "--user-agent=wp-browser"]
w3c: false
The api call should fail, and get a 401 because no token should be available to authenticate, but its getting a 200
In my scenario, I want everyone that visits our root URL to be auto-redirected to a url containing a document for collaboration and instant gratification.
Here, the router.coffee code is:
FlowRouter.route '/',
action: ->
console.log "I'm home!"
FlowRouter.go 'myProject'
name: 'myHome'
FlowRouter.route '/my/:projectId',
subscriptions: (params) ->
#register 'currentProject', Meteor.subscribe 'project', params.projectId
action: ->
BlazeLayout.render 'myBody'
name: 'myProject'
I want the root URL to redirect to /my/:projectId but I'm unsure of how to retrieve the auto-generated projectId and redirect using with either FlowRouter.go or FlowRouter.redirect.
Is this possible?
If yes, how?
Thanks for your help!
Since the data may not be available when the route action execute,
the best is to re-route at the template level.
It might be a good idea to use the Template.[name].onCreated() function
and put inside it something like the following code:
pID = ... // Get the user project ID from wherever you saved it
var params = {projectId: pID};
// Set the project URL including the :projectId parameter and re-route the user
FlowRouter.go("myProject", params);
i followed this to learn how ODataController works, everything is OK but when i changed the request uri
from
"localhost:49292/odata/Employees" //result: 200
to
"localhost:49292/odata/employees" //result: 404
to say one word: "odata" or "Odata" and "Employee" are all ok, but lowercase "employee" return 404. any explanation about this. Moreover, the routes in asp.net mvc is not case-sensitive afaik.
how about including a Route attribute and direct it to lower case. for Upper case web api will take care about it
[Route("odata/employees")]
add this on the top of the controller
if odata is common for every action then you can include [RoutePrefix] attribute
You can manually do it using the ODataModelBuilder instead of the ODataConventionModelBuilder
e.g
var builder = new ODataModelBuilder();
builder.EntitySet<Order>("Employees");
builder.EntitySet<Order>("employees");
this will work but your metadata will show 2 entity sets:
{
#odata.context: "http://localhost:62881/$metadata",
value: [
{
name: "Employees",
kind: "EntitySet",
url: "Employees"
},
{
name: "employees",
kind: "EntitySet",
url: "employees"
}
]
}
lowercase "employee" return 404.
I hope you probably didn't have the typo like that.
AFAIK, there is a case limitation on filter and properties. (You can vote there https://aspnetwebstack.codeplex.com/workitem/366 ) but not sure about the controller name..
You can create the REST server using web api without having oData as well..
I'm developing an app with Spring MVC and the view in extjs 4. At this point, i have to create a Grid which shows a list of users.
In my Spring MVC controller i have a Get method which returns the list of users in a jsonformat with "items" as a root.
#RequestMapping(method=RequestMethod.GET, value="/getUsers")
public #ResponseBody Users getUsersInJSON(){
Users users = new Users();
users.setItems(userService.getUsers());
return users;
}
If i try to access it with the browser i can see the jsondata correctly.
{"items":[{"username":"name1",".....
But my problem is relative to request of the Ext.data.Store
My Script is the following:
Ext.onReady(function(){
Ext.define('UsersList', {
extend: 'Ext.data.Model',
fields: [
{name:'username', type:'string'},
{name:'firstname', type:'string'}
]
});
var store = Ext.create('Ext.data.Store', {
storeId: 'users',
model: 'UsersList',
autoLoad: 'true',
proxy: {
type: 'ajax',
url : 'http://localhost:8080/MyApp/getUsers.html',
reader: {type: 'json', root: 'items'}
}
});
Ext.create('Ext.grid.Panel',{
store :store,
id : 'user',
title: 'Users',
columns : [
{header : 'Username', dataIndex : 'username'},
{header : 'Firstname', dataIndex: 'firstname'}
],
height :300,
width: 400,
renderTo:'center'
});
});
When the store tries to retrieve the data and launchs the http request, in my firebug console appears OPTIONS getUsers.html while the request in the browser launchs GET getUsers.html
As a result, Ext.data.Store has not elements and the grid appears with the columnames but without data. Maybe i've missed something
Thank you
You can change the HTTP methods that are used by the proxy for the different CRUD operations using actionMethods.
But, as you can see in the doc (and as should obviously be the case), GET is the default for read operations. So the OPTIONS request you are observing is quite puzzling. Are you sure that there's not another part of your code that overrides the default application-wide? Maybe do a search for 'OPTIONS' in all your project's JS files, to try and find a possible suspect. Apparently there's no match in the whole Ext code, so that probably doesn't come from the framework.
Edit:
Ok, I think I've got it. If your page is not accessed from the same domain (i.e. localhost:8080, the port is taken into account), the XHR object seems to resort to an OPTIONS request.
So, to fix your problem, either omit the domain name completely, using:
url: '/MyApp/getUsers.html'
Or double check that your using the same domain and port to access the page and make the requests.
I've set up my Symfony 1.4 project to route /admin in the URL to my backend app. This works fine until I want to edit a user or interact with the generated forms in any way. This is because the generated links are not aware of my /admin prefix.
Is there a smart way to prefix these links without copying the generated templates to my app folder structure?
UPDATE
Contents of generator.yml for the sfGuardUser module:
generator:
class: sfDoctrineGenerator
param:
model_class: sfGuardUser
theme: admin
non_verbose_templates: true
with_show: false
singular: ~
plural: ~
route_prefix: sf_guard_user
with_doctrine_route: true
config:
fields:
password_again: { label: "Password (again)" }
list:
title: User list
display: [=username, created_at, updated_at, last_login]
form:
class: sfGuardUserAdminForm
display:
"User": [first_name, last_name, email_address, username, password, password_again]
"Permissions and groups": [is_active, is_super_admin, groups_list, permissions_list]
edit:
title: Editing User "%%username%%"
new:
title: New User
I have added my own sf_guard_user in my routing.yml which works for new links I create but the generator doesn't pick this up.
Take a look at a sample configuration file for the admin generator (generator.yml): http://www.symfony-project.org/jobeet/1_4/Doctrine/en/12#chapter_12_final_configuration
Most specifically, look at the route_prefix: parameter.
Try setting the route_prefix to
route_prefix: admin