3 # This file is part of Koha.
5 # Koha is free software; you can redistribute it and/or modify it
6 # under the terms of the GNU General Public License as published by
7 # the Free Software Foundation; either version 3 of the License, or
8 # (at your option) any later version.
10 # Koha is distributed in the hope that it will be useful, but
11 # WITHOUT ANY WARRANTY; without even the implied warranty of
12 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 # GNU General Public License for more details.
15 # You should have received a copy of the GNU General Public License
16 # along with Koha; if not, see <http://www.gnu.org/licenses>.
22 use Test::More tests => 4;
26 use C4::Biblio qw( AddBiblio );
30 use t::lib::TestBuilder;
32 eval { require Selenium::Remote::Driver; };
33 skip "Selenium::Remote::Driver is needed for selenium tests.", 1 if $@;
35 my $s = t::lib::Selenium->new;
37 my $driver = $s->driver;
38 my $opac_base_url = $s->opac_base_url;
39 my $base_url = $s->base_url;
40 my $builder = t::lib::TestBuilder->new;
42 # It seems that we do not have enough records indexed with ES
43 my $SearchEngine_value = C4::Context->preference('SearchEngine');
44 C4::Context->set_preference('SearchEngine', 'Zebra');
46 my $AudioAlerts_value = C4::Context->preference('AudioAlerts');
47 C4::Context->set_preference('AudioAlerts', '1');
51 subtest 'OPAC - Remove from cart' => sub {
54 $driver->get( $opac_base_url . "opac-search.pl?q=d" );
56 # A better way to do that would be to modify the way we display the basket count
57 # We should show/hide the count instead or recreate the node
58 my @basket_count_elts = $driver->find_elements('//span[@id="basketcount"]/span');
59 is( scalar(@basket_count_elts), 0, 'Basket should be empty');
61 # This will fail if nothing is indexed, but at this point we should have everything setup correctly
62 my @checkboxes = $driver->find_elements('//input[@type="checkbox"][@name="biblionumber"]');
63 my $biblionumber1 = $checkboxes[0]->get_value();
64 my $biblionumber3 = $checkboxes[2]->get_value();
65 my $biblionumber5 = $checkboxes[4]->get_value();
67 $driver->find_element('//a[@class="addtocart cart'.$biblionumber1.'"]')->click;
68 my $basket_count_elt = $driver->find_element('//span[@id="basketcount"]/span');
69 is( $basket_count_elt->get_text(),
70 1, 'One element should have been added to the cart' );
72 $driver->find_element('//a[@class="addtocart cart'.$biblionumber3.'"]')->click;
73 $driver->find_element('//a[@class="addtocart cart'.$biblionumber5.'"]')->click;
74 $basket_count_elt = $driver->find_element('//span[@id="basketcount"]/span');
75 is( $basket_count_elt->get_text(),
76 3, '3 elements should have been added to the cart' );
78 $driver->find_element('//a[@class="cartRemove cartR'.$biblionumber3.'"]')->click;
79 $basket_count_elt = $driver->find_element('//span[@id="basketcount"]/span');
80 is( $basket_count_elt->get_text(),
81 2, '1 element should have been removed from the cart' );
84 subtest 'Play sound on the circulation page' => sub {
87 my $builder = t::lib::TestBuilder->new;
88 my $patron = $builder->build_object({ class => 'Koha::Patrons', value => { flags => 0 }});
90 my $mainpage = $s->base_url . q|mainpage.pl|;
91 $driver->get($mainpage . q|?logout.x=1|);
92 like( $driver->get_title(), qr(Log in to Koha), );
95 $driver->get( $base_url . "/circ/circulation.pl?borrowernumber=" . $patron->borrowernumber );
97 my $audio_node = $driver->find_element('//span[@id="audio-alert"]/audio[@src="/intranet-tmpl/prog/sound/beep.ogg"]');
99 push @data_to_cleanup, $patron, $patron->category, $patron->library;
102 subtest 'Display circulation table correctly' => sub {
105 my $builder = t::lib::TestBuilder->new;
106 my $library = $builder->build_object( { class => 'Koha::Libraries' } );
107 my $patron = $builder->build_object(
109 class => 'Koha::Patrons',
110 value => { branchcode => $library->branchcode, flags => 0 }
114 my ( $biblionumber, $biblioitemnumber ) = add_biblio();
115 my $item = $builder->build_object(
117 class => 'Koha::Items',
119 biblionumber => $biblionumber,
120 homebranch => $library->branchcode,
121 holdingbranch => $library->branchcode,
128 my $context = Test::MockModule->new('C4::Context');
132 return { branch => $library->branchcode };
136 C4::Circulation::AddIssue( $patron->unblessed, $item->barcode );
138 my $mainpage = $s->base_url . q|mainpage.pl|;
139 $driver->get($mainpage . q|?logout.x=1|);
142 $driver->get( $base_url
143 . "/circ/circulation.pl?borrowernumber="
144 . $patron->borrowernumber );
146 # Display the table clicking on the "Show checkouts" button
147 $driver->find_element('//a[@id="issues-table-load-now-button"]')->click;
149 my @thead_th = $driver->find_elements('//table[@id="issues-table"]/thead/tr/th');
150 my $thead_length = 0;
151 $thead_length += $_->get_attribute('colspan') || 0 for @thead_th;
153 my @tfoot_td = $driver->find_elements('//table[@id="issues-table"]/tfoot/tr/td');
154 my $tfoot_length = 0;
155 $tfoot_length += $_->get_attribute('colspan') || 0 for @tfoot_td;
157 my @tbody_td = $driver->find_elements('//table[@id="issues-table"]/tbody/tr/td');
158 my $tbody_length = 0;
159 $tbody_length += $_->get_attribute('colspan') || 0 for @tbody_td;
161 is( $thead_length == $tfoot_length && $tfoot_length == $tbody_length,
162 1, "Checkouts table must be correctly aligned" )
164 "thead: $thead_length ; tfoot: $tfoot_length ; tbody: $tbody_length");
166 push @data_to_cleanup, $patron->checkouts, $item->biblio, $item, $patron,
167 $patron->category, $library;
170 subtest 'XSS vulnerabilities in pagination' => sub {
173 my $patron = $builder->build_object({ class => 'Koha::Patrons' });
174 for ( 1 .. 30 ) { # We want the pagination to be displayed
175 push @data_to_cleanup, $builder->build_object(
177 class => 'Koha::Virtualshelves',
180 allow_change_from_owner => 1,
181 allow_change_from_others => 0,
182 owner => $patron->borrowernumber
188 my $password = Koha::AuthUtils::generate_password();
189 t::lib::Mocks::mock_preference( 'RequireStrongPassword', 0 );
190 $patron->set_password({ password => $password });
191 $s->opac_auth( $patron->userid, $password );
193 my $public_lists = $s->opac_base_url . q|opac-shelves.pl?op=list&category=2|;
194 $driver->get($public_lists);
196 $s->remove_error_handler;
197 my $alert_text = eval { $driver->get_alert_text() };
198 $s->add_error_handler;
199 is( $alert_text, undef, 'No alert box displayed' );
201 my $booh_alert = 'booh!';
202 $public_lists = $s->opac_base_url . qq|opac-shelves.pl?op=list&category=2"><script>alert('$booh_alert')</script>|;
203 $driver->get($public_lists);
205 $s->remove_error_handler;
206 $alert_text = eval { $driver->get_alert_text() };
207 $s->add_error_handler;
208 is( $alert_text, undef, 'No alert box displayed, even if evil intent' );
210 my $second_page = $driver->find_element('//div[@class="pages"]/span[@class="currentPage"]/following-sibling::a');
211 unlike( $second_page->get_attribute('href'), qr{%22%3E%3Cscript%3Ealert%28%27booh%21%27%29%3C%2Fscript%3E}, 'The second page link should not contain any script tags (escaped or otherwise)' );
212 unlike( $second_page->get_attribute('href'), qr{"<script>alert('booh!')</script>}, 'The second page link should not contain any script tags (escaped or otherwise)' );
214 push @data_to_cleanup, $patron, $patron->category, $patron->library;
218 C4::Context->preference('SearchEngine', $SearchEngine_value);
219 C4::Context->preference('AudioAlerts', $AudioAlerts_value);
220 $_->delete for @data_to_cleanup;
224 my ($title, $author) = @_;
226 my $marcflavour = C4::Context->preference('marcflavour');
228 my $biblio = MARC::Record->new();
230 $tag = $marcflavour eq 'UNIMARC' ? '200' : '245';
231 $biblio->append_fields(
232 MARC::Field->new($tag, ' ', ' ', a => $title || 'a title'),
235 ($tag, $code) = $marcflavour eq 'UNIMARC' ? (200, 'f') : (100, 'a');
236 $biblio->append_fields(
237 MARC::Field->new($tag, ' ', ' ', $code => $author || 'an author'),
240 return C4::Biblio::AddBiblio($biblio, '');