Merge branch 'develop' into odain

tests/php-unit-tests/unitary-tests/application/Helper/SearchHelperTest.php

@@ -0,0 +1,88 @@
+<?php
+
+/*
+ * @copyright   Copyright (C) 2010-2026 Combodo SAS
+ * @license     http://opensource.org/licenses/AGPL-3.0
+ */
+
+namespace Combodo\iTop\Test\UnitTest\Application\Helper;
+
+use Combodo\iTop\Application\Helper\SearchHelper;
+use Combodo\iTop\Application\WebPage\iTopWebPage;
+use Combodo\iTop\Test\UnitTest\ItopDataTestCase;
+use DBSearch;
+use MetaModel;
+
+class SearchHelperTest extends ItopDataTestCase
+{
+	protected static array $aHighCardinalityClasses = [];
+	protected static bool $bSearchManualSubmit = false;
+
+	protected function setUp(): void
+	{
+		parent::setUp();
+		self::$aHighCardinalityClasses = MetaModel::GetConfig()->Get('high_cardinality_classes');
+		self::$bSearchManualSubmit = MetaModel::GetConfig()->Get('search_manual_submit');
+	}
+
+	protected function tearDown(): void
+	{
+		parent::tearDown();
+		MetaModel::GetConfig()->Set('high_cardinality_classes', static::$aHighCardinalityClasses);
+		MetaModel::GetConfig()->Set('search_manual_submit', static::$bSearchManualSubmit);
+	}
+
+	public function testDisplaySearchSetWithNoHighCardinalityClassesAddsResultSubBlock(): void
+	{
+		MetaModel::GetConfig()->Set('high_cardinality_classes', []);
+		MetaModel::GetConfig()->Set('search_manual_submit', false);
+
+		$oP = new iTopWebPage('SearchHelperTest');
+		$oFilter = DBSearch::FromOQL('SELECT UserRequest');
+		SearchHelper::DisplaySearchSet($oP, $oFilter);
+		$oContentLayout = $oP->GetContentLayout();
+		$this->assertTrue($oContentLayout->HasSubBlock('search_1'));
+		$oSearchBlock = $oContentLayout->getSubBlock('search_1');
+		$this->assertTrue($oSearchBlock->HasSubBlock('result_1'));
+
+		if (ob_get_level() > 0) {
+			ob_end_clean();
+		}
+	}
+
+	public function testDisplaySearchSetWithHighCardinalityClassesDoesNotAddResultSubBlock(): void
+	{
+		MetaModel::GetConfig()->Set('high_cardinality_classes', ['UserRequest']);
+		MetaModel::GetConfig()->Set('search_manual_submit', false);
+
+		$oP = new iTopWebPage('SearchHelperTest');
+		$oFilter = DBSearch::FromOQL('SELECT UserRequest');
+		SearchHelper::DisplaySearchSet($oP, $oFilter);
+		$oContentLayout = $oP->GetContentLayout();
+		$this->assertTrue($oContentLayout->HasSubBlock('search_1'));
+		$oSearchBlock = $oContentLayout->getSubBlock('search_1');
+		$this->assertFalse($oSearchBlock->HasSubBlock('result_1'));
+
+		if (ob_get_level() > 0) {
+			ob_end_clean();
+		}
+	}
+
+	public function testDisplaySearchSetWithSearchManualSubmitAndWithoutHighCardinalityClassesDoesNotAddResultSubBlock(): void
+	{
+		MetaModel::GetConfig()->Set('high_cardinality_classes', []);
+		MetaModel::GetConfig()->Set('search_manual_submit', true);
+
+		$oP = new iTopWebPage('SearchHelperTest');
+		$oFilter = DBSearch::FromOQL('SELECT UserRequest');
+		SearchHelper::DisplaySearchSet($oP, $oFilter);
+		$oContentLayout = $oP->GetContentLayout();
+		$this->assertTrue($oContentLayout->HasSubBlock('search_1'));
+		$oSearchBlock = $oContentLayout->getSubBlock('search_1');
+		$this->assertFalse($oSearchBlock->HasSubBlock('result_1'));
+
+		if (ob_get_level() > 0) {
+			ob_end_clean();
+		}
+	}
+}

tests/php-unit-tests/unitary-tests/application/LoginExternalTest.php

@@ -0,0 +1,95 @@
+<?php
+
+/**
+ * Copyright (C) 2010-2024 Combodo SAS
+ *
+ * This file is part of iTop.
+ *
+ * iTop is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * iTop is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with iTop. If not, see <http://www.gnu.org/licenses/>
+ */
+
+namespace Combodo\iTop\Test\UnitTest\Application;
+
+use Combodo\iTop\Test\UnitTest\ItopDataTestCase;
+use utils;
+
+class LoginExternalTest extends ItopDataTestCase
+{
+	private $oConfig;
+	private $sOriginalExtAuthVariable;
+
+	protected function setUp(): void
+	{
+		parent::setUp();
+		require_once APPROOT.'application/loginexternal.class.inc.php';
+		$this->oConfig = utils::GetConfig();
+		$this->sOriginalExtAuthVariable = $this->oConfig->Get('ext_auth_variable');
+	}
+
+	protected function tearDown(): void
+	{
+		$this->oConfig->SetExternalAuthenticationVariable($this->sOriginalExtAuthVariable);
+		parent::tearDown();
+	}
+
+	private function CallGetAuthUser()
+	{
+		$oLoginExternal = new \LoginExternal();
+		$oMethod = new \ReflectionMethod(\LoginExternal::class, 'GetAuthUser');
+		$oMethod->setAccessible(true);
+		return $oMethod->invoke($oLoginExternal);
+	}
+
+	public function testGetAuthUserFromServerVariable()
+	{
+		$_SERVER['REMOTE_USER'] = 'alice';
+		$this->oConfig->SetExternalAuthenticationVariable('$_SERVER[\'REMOTE_USER\']');
+
+		$this->assertSame('alice', $this->CallGetAuthUser());
+	}
+
+	public function testGetAuthUserFromCookie()
+	{
+		$_COOKIE['auth_user'] = 'bob';
+		$this->oConfig->SetExternalAuthenticationVariable('$_COOKIE[\'auth_user\']');
+
+		$this->assertSame('bob', $this->CallGetAuthUser());
+	}
+
+	public function testGetAuthUserFromRequest()
+	{
+		$_REQUEST['auth_user'] = 'carol';
+		$this->oConfig->SetExternalAuthenticationVariable('$_REQUEST[\'auth_user\']');
+
+		$this->assertSame('carol', $this->CallGetAuthUser());
+	}
+
+	public function testInvalidExpressionReturnsFalse()
+	{
+		$this->oConfig->SetExternalAuthenticationVariable('$_SERVER[\'HTTP_X_CMD\']) ? print(\'x\') : false; //');
+
+		$this->assertFalse($this->CallGetAuthUser());
+	}
+
+	public function testGetAuthUserFromHeaderWithoutAllowlist()
+	{
+		if (!function_exists('getallheaders')) {
+			$this->markTestSkipped('getallheaders() not available');
+		}
+		$_SERVER['HTTP_X_REMOTE_USER'] = 'CN=header-test';
+		$this->oConfig->SetExternalAuthenticationVariable('getallheaders()[\'X-Remote-User\']');
+
+		$this->assertSame('CN=header-test', $this->CallGetAuthUser());
+	}
+}

tests/php-unit-tests/unitary-tests/application/ThemeHandlerTest.php

@@ -645,4 +645,54 @@ SCSS;
 			[ '/var/www/html/iTop/css/ui-lightness/images/ui-icons_222222_256x240.png', '/var/www/html/iTop/env-production//branding/themes/light-grey//../../../../css/ui-lightness/images/ui-icons_222222_256x240.png' ],
 		];
 	}
+
+	/**
+	 * @param $aThemeParameters
+	 * @param $bSetupCompilationTimestamp
+	 * @param $aExpectedClonedParameters
+	 * @dataProvider CloneParameterParameterOverloadProvider
+	 */
+	public function testCloneParameterParameterOverload($aThemeParameters, $bSetupCompilationTimestamp, $aExpectedClonedParameters)
+	{
+		$aClonedParameters = ThemeHandler::CloneThemeParameterAndIncludeVersion($aThemeParameters, $bSetupCompilationTimestamp, [APPROOT.'tests/php-unit-tests/unitary-tests/application/theme-handler/imports/']);
+		$this->assertEquals($aExpectedClonedParameters, $aClonedParameters);
+	}
+
+	public function CloneParameterParameterOverloadProvider()
+	{
+		return [
+			"empty parameters" => [
+				'parameters' => [],
+				'timestamp' => '1',
+				'expected' => [
+					'$version' => '1',
+				],
+			],
+			"parameters without variables" => [
+				'parameters' => [
+					'variable_imports' => ['file1' => 'variable_imports.scss'],
+					'utility_imports' => ['util1' => 'path2'],
+					'stylesheets' => ['style1' => 'path3'],
+				],
+				'timestamp' =>  '2',
+				'expected' => [
+					'var1' => 'value1',
+					'var2' => 'value2',
+					'$version' => '2',
+				],
+			],
+			"parameters with variables overload" => [
+				'parameters' => [
+					'variables' => ['var1' => 'value2'],
+					'variable_imports' => ['file1' => 'variable_imports.scss'],
+				],
+				'timestamp' => '3',
+				'expected' => [
+					'var1' => 'value2',
+					'var2' => 'value2',
+					'$version' => '3',
+				],
+			],
+		];
+	}
 }

tests/php-unit-tests/unitary-tests/application/theme-handler/imports/variable_imports.scss

@@ -0,0 +1,2 @@
+$var1: value1;
+$var2: value2;

tests/php-unit-tests/unitary-tests/application/utilsTest.php

@@ -774,6 +774,11 @@ class utilsTest extends ItopTestCase
 			'good element_identifier' => [utils::ENUM_SANITIZATION_FILTER_ELEMENT_IDENTIFIER, 'AD05nb', 'AD05nb'],
 			'bad element_identifier' => [utils::ENUM_SANITIZATION_FILTER_ELEMENT_IDENTIFIER, 'AD05nb+', 'AD05nb'],
 			'array' => [utils::ENUM_SANITIZATION_FILTER_ELEMENT_IDENTIFIER, ['AD05nb+','apply_modify'], ['AD05nb','apply_modify']],
+			'good module code' => [utils::ENUM_SANITIZATION_FILTER_MODULE_CODE, 'some-module-code', 'some-module-code'],
+			'good module code with capitalized letters' => [utils::ENUM_SANITIZATION_FILTER_MODULE_CODE, 'SOME-module-code', 'SOME-module-code'],
+			'good module code with dot' => [utils::ENUM_SANITIZATION_FILTER_MODULE_CODE, 'some-module-code-for-3.2-version', 'some-module-code-for-3.2-version'],
+			'bad module code with underscores' => [utils::ENUM_SANITIZATION_FILTER_MODULE_CODE, 'some_module_code', null],
+			'bad module code with slashes' => [utils::ENUM_SANITIZATION_FILTER_MODULE_CODE, 'some-module/code', null],
 			'good url' => [utils::ENUM_SANITIZATION_FILTER_URL, 'https://www.w3schools.com', 'https://www.w3schools.com'],
 			'bad url' => [utils::ENUM_SANITIZATION_FILTER_URL, 'https//www.w3schools.com', null],
 			'url with injection' => [utils::ENUM_SANITIZATION_FILTER_URL, 'https://demo.combodo.com/simple/pages/UI.php?operation=full_text&text=<img zzz src=x onerror=alert(1) //>', 'https://demo.combodo.com/simple/pages/UI.php?operation=full_text&text=<imgzzzsrc=xonerror=alert(1)//>'],