From bccac55cf99fd4cd0d21bc1ad5e0ef16a762d74f Mon Sep 17 00:00:00 2001
From: Harald Eilertsen <haraldei@anduin.net>
Date: Sat, 15 Jun 2024 11:53:00 +0200
Subject: tests: Add some tests for the Zotlabs\Magic module.

Only tests the delegate functionality at the moment.

This patch also includes some minor fixes to the Magic module, triggered
by the tests with empty destination URL's.
---
 Zotlabs/Module/Magic.php        |   8 ++-
 tests/unit/Module/MagicTest.php | 109 ++++++++++++++++++++++++++++++++++++++++
 2 files changed, 115 insertions(+), 2 deletions(-)
 create mode 100644 tests/unit/Module/MagicTest.php

diff --git a/Zotlabs/Module/Magic.php b/Zotlabs/Module/Magic.php
index 8259f7d39..deda4255d 100644
--- a/Zotlabs/Module/Magic.php
+++ b/Zotlabs/Module/Magic.php
@@ -40,7 +40,11 @@ class Magic extends Controller {
 			goaway($dest);
 		}
 
-		$basepath = $parsed['scheme'] . '://' . $parsed['host'] . (isset($parsed['port']) ? ':' . $parsed['port'] : '');
+		$basepath = unparse_url(array_filter(
+			$parsed,
+			fn (string $key) => in_array($key, ['scheme', 'host', 'port']),
+			ARRAY_FILTER_USE_KEY
+		));
 		$owapath = SConfig::get($basepath,'system','openwebauth', $basepath . '/owa');
 
 		// This is ready-made for a plugin that provides a blacklist or "ask me" before blindly authenticating.
@@ -106,7 +110,7 @@ class Magic extends Controller {
 				$headers['Content-Type'] = 'application/x-zot+json' ;
 				$headers['X-Open-Web-Auth'] = random_string();
 				$headers['Host'] = $parsed['host'];
-				$headers['(request-target)'] = 'get ' . '/owa';
+				$headers['(request-target)'] = 'get /owa';
 
 				$headers = HTTPSig::create_sig($headers,$channel['channel_prvkey'], channel_url($channel),true,'sha512');
 				$redirects = 0;
diff --git a/tests/unit/Module/MagicTest.php b/tests/unit/Module/MagicTest.php
new file mode 100644
index 000000000..4d50412ee
--- /dev/null
+++ b/tests/unit/Module/MagicTest.php
@@ -0,0 +1,109 @@
+<?php
+/**
+ * Tests for the Magic module
+ *
+ * SPDX-FileCopyrightText: 2024 Hubzilla Community
+ * SPDX-FileContributor: Harald Eilertsen
+ *
+ * SPDX-License-Identifier: MIT
+ */
+
+namespace Zotlabs\Tests\Unit\Module;
+
+use PHPUnit\Framework\Attributes\BackupStaticProperties;
+use Zotlabs\Module\Magic;
+use App;
+
+class MagicTest extends TestCase {
+
+	public function test_init_with_no_args(): void {
+		// Since no parameters are passed, nothing will really be done.
+		// Neither the delegate nor the owa functionality will be invoked,
+		// but at the end the code will try to redirect to an empty
+		// URL.
+		//
+		// This should probably return a 400 Invalid Request instead.
+		$this->expectRedirectTo('');
+
+		$this->get('magic');
+	}
+
+	#[BackupStaticProperties(App::class)]
+	public function test_local_request_without_delegate(): void {
+		$baseurl = 'https://hubzilla.test';
+		$dest_url = $baseurl . '/channel/testuser';
+
+		App::set_baseurl($baseurl);
+
+		App::$observer = [
+			'xchan_hash' => 'the hash',
+		];
+
+		// We pass a local URL, and have a valid observer, but as the
+		// delegate param is not passed, nothing will be done except
+		// redirecting to the passed dest url.
+		//
+		// This should probably return a 400 Invalid Request instead.
+		$this->expectRedirectTo($dest_url);
+
+		$this->get('magic', [ 'bdest' => bin2hex($dest_url) ]);
+	}
+
+	#[BackupStaticProperties(App::class)]
+	public function test_delegate_request_switches_channel_when_allowed(): void {
+		$baseurl = 'https://hubzilla.test';
+		$dest_url = $baseurl . '/channel/testuser';
+
+		// Set the stage:
+		// Populate the global static App class with necessary values for the
+		// code under test
+		App::set_baseurl($baseurl);
+		App::$timezone = 'UTC';
+
+		// Simulate a foreign (to this hub) observer,
+		App::$observer = [
+			'xchan_hash' => 'foreign hash',
+		];
+
+		// Create the channel the foreign observer wants to access
+		$result = create_identity([
+			'account_id' => $this->fixtures['account'][0]['account_id'],
+			'nickname' => 'testuser',
+			'name' => 'Trish Testuser',
+		]);
+
+		// Shortcut the permission checks, by saying this observer is allowed
+		// the delegate privilege over the target channel
+		insert_hook('perm_is_allowed', function (array &$perm) {
+			$perm['result'] = true;
+		});
+
+		// Add some dummy session data, so we can check that it's being
+		// pushed to the delegate session.
+		$original_session = [
+			'data' => 'Just some test session data',
+		];
+
+		$_SESSION = $original_session;
+
+		// Handle redirects manually, since we want to be able to check some
+		// assertions after the redirect is thrown.
+		$this->stub_goaway();
+
+		try {
+			// Send a request to get delegate privileges for the `testuser` channel
+			// on the local hub.
+			$this->get('magic', [
+				'bdest' => bin2hex($dest_url),
+				'delegate' => 'testuser@hubzilla.test']
+			);
+		} catch (RedirectException $e) {
+			$this->assertEquals($dest_url, $e->getMessage());
+			$this->assertEquals($result['channel']['channel_id'], App::$channel['channel_id']);
+			$this->assertEquals($original_session, $_SESSION['delegate_push']);
+			$this->assertEquals($result['channel']['channel_id'], $_SESSION['delegate_channel']);
+			$this->assertEquals('foreign hash', $_SESSION['delegate']);
+			$this->assertEquals($this->fixtures['account'][0]['account_id'], $_SESSION['account_id']);
+		}
+	}
+}
-- 
cgit v1.2.3