From b71797c7a3dd454ddf53ee6c14af5c5a22be9272 Mon Sep 17 00:00:00 2001 From: Florian Pritz Date: Mon, 14 Sep 2015 13:46:40 +0200 Subject: API 2.0: Remove private fields from file/history Since this is a breaking change bump the api version to 2. The private fields are user_id and multipaste_id which where leaked via the multipaste_items field. This commit also adds a test case to both api versions that checks the returned fields. NOTE: Most of this commit is copied from the files of api v1 so when viewing the diff use --find-copies-harder for an easy to read diff. Signed-off-by: Florian Pritz --- application/test/tests/test_api_v1.php | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) (limited to 'application/test/tests/test_api_v1.php') diff --git a/application/test/tests/test_api_v1.php b/application/test/tests/test_api_v1.php index bc311f8e5..f0a2096d6 100644 --- a/application/test/tests/test_api_v1.php +++ b/application/test/tests/test_api_v1.php @@ -298,6 +298,28 @@ class test_api_v1 extends \test\Test { $this->t->is($ret["data"]["total_size"], $expected_filesize, "total_size == uploaded files"); } + public function test_history_notEmptyAfterMultipaste() + { + $apikey = $this->createUserAndApikey(); + $uploadid = $this->uploadFile($apikey, "data/tests/small-file")['data']['ids'][0]; + $multipasteid = $this->CallEndpoint("POST", "file/create_multipaste", array( + "apikey" => $apikey, + 'ids[1]' => $uploadid, + ))['data']['url_id']; + + $ret = $this->CallEndpoint("POST", "file/history", array( + "apikey" => $apikey, + )); + $this->expectSuccess("history not empty after multipaste", $ret); + + $this->t->ok(!empty($ret["data"]["items"]), "history not empty after multipaste (items)"); + $this->t->is($ret['data']["multipaste_items"][$multipasteid]['items'][$uploadid]['id'], $uploadid, "multipaste contains correct id"); + $this->t->is_deeply(array( + 'url_id', 'multipaste_id', 'user_id', 'date', 'items' + ), array_keys($ret['data']["multipaste_items"][$multipasteid]), "multipaste info only lists correct keys"); + $this->t->is_deeply(array('id'), array_keys($ret['data']["multipaste_items"][$multipasteid]['items'][$uploadid]), "multipaste item info only lists correct keys"); + } + public function test_history_notEmptyAfterUpload() { $apikey = $this->createUserAndApikey(); -- cgit v1.2.3-24-g4f1b