3 # This file is part of Koha.
5 # Koha is free software; you can redistribute it and/or modify it
6 # under the terms of the GNU General Public License as published by
7 # the Free Software Foundation; either version 3 of the License, or
8 # (at your option) any later version.
10 # Koha is distributed in the hope that it will be useful, but
11 # WITHOUT ANY WARRANTY; without even the implied warranty of
12 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 # GNU General Public License for more details.
15 # You should have received a copy of the GNU General Public License
16 # along with Koha; if not, see <http://www.gnu.org/licenses>.
23 use Test::More tests => 7;
27 use C4::Biblio qw( AddBiblio );
32 use t::lib::TestBuilder;
35 eval { require Selenium::Remote::Driver; };
36 skip "Selenium::Remote::Driver is needed for selenium tests.", 7 if $@;
38 my $s = t::lib::Selenium->new;
40 my $driver = $s->driver;
41 my $opac_base_url = $s->opac_base_url;
42 my $base_url = $s->base_url;
43 my $builder = t::lib::TestBuilder->new;
45 # It seems that we do not have enough records indexed with ES
46 my $SearchEngine_value = C4::Context->preference('SearchEngine');
47 C4::Context->set_preference('SearchEngine', 'Zebra');
49 my $AudioAlerts_value = C4::Context->preference('AudioAlerts');
50 C4::Context->set_preference('AudioAlerts', '1');
53 subtest 'OPAC - borrowernumber, branchcode and categorycode as html attributes' => sub {
56 my $patron = $builder->build_object(
57 { class => 'Koha::Patrons', value => { flags => 1 } } );
58 my $password = Koha::AuthUtils::generate_password($patron->category);
59 t::lib::Mocks::mock_preference( 'RequireStrongPassword', 0 );
60 $patron->set_password({ password => $password });
61 $s->opac_auth( $patron->userid, $password );
62 my $elt = $driver->find_element('//span[@class="loggedinusername"]');
63 is( $elt->get_attribute('data-branchcode', 1), $patron->library->branchcode,
64 "Since bug 20921 span.loggedinusername should contain data-branchcode"
65 # No idea why we need the second param of get_attribute(). As
66 # data-branchcode is still there after page finished loading.
68 is( $elt->get_attribute('data-borrowernumber', 1), $patron->borrowernumber,
69 "Since bug 20921 span.loggedinusername should contain data-borrowernumber"
71 is( $elt->get_attribute('data-categorycode', 1), $patron->categorycode,
72 "Since bug 26847 span.loggedinusername should contain data-categorycode"
74 push @cleanup, $patron, $patron->category, $patron->library;
77 subtest 'OPAC - Bibliographic record detail page must contain the data-biblionumber' => sub {
80 my $builder = t::lib::TestBuilder->new;
82 my ( $biblionumber, $biblioitemnumber ) = add_biblio();
83 my $biblio = Koha::Biblios->find($biblionumber);
85 $driver->get( $opac_base_url . "opac-detail.pl?biblionumber=$biblionumber" );
87 my $elt = $driver->find_element('//div[@id="catalogue_detail_biblio"]');
88 is( $elt->get_attribute( 'data-biblionumber', 1 ),
89 $biblionumber, "#catalogue_detail_biblio contains data-biblionumber" );
91 push @cleanup, $biblio;
94 subtest 'OPAC - Remove from cart' => sub {
97 # We need to prevent scrolling to prevent the floating toolbar from overlapping buttons we are testing
98 my $window_size = $driver->get_window_size();
99 $driver->set_window_size(1920,10800);
101 $driver->get( $opac_base_url . "opac-search.pl?q=d" );
103 # A better way to do that would be to modify the way we display the basket count
104 # We should show/hide the count instead or recreate the node
105 my @basket_count_elts = $driver->find_elements('//span[@id="basketcount"]/span');
106 is( scalar(@basket_count_elts), 0, 'Basket should be empty');
108 # This will fail if nothing is indexed, but at this point we should have everything setup correctly
109 my @checkboxes = $driver->find_elements('//input[@type="checkbox"][@name="biblionumber"]');
110 my $biblionumber1 = $checkboxes[0]->get_value();
111 my $biblionumber3 = $checkboxes[2]->get_value();
112 my $biblionumber5 = $checkboxes[4]->get_value();
114 $driver->find_element('//a[@class="btn btn-link btn-sm addtocart cart cart'.$biblionumber1.'"]')->click;
115 my $basket_count_elt = $driver->find_element('//span[@id="basketcount"]/span');
116 is( $basket_count_elt->get_text(),
117 1, 'One element should have been added to the cart' );
119 $driver->find_element('//a[@class="btn btn-link btn-sm addtocart cart cart'.$biblionumber3.'"]')->click;
120 $driver->find_element('//a[@class="btn btn-link btn-sm addtocart cart cart'.$biblionumber5.'"]')->click;
121 $basket_count_elt = $driver->find_element('//span[@id="basketcount"]/span');
122 is( $basket_count_elt->get_text(),
123 3, '3 elements should have been added to the cart' );
125 $driver->find_element('//a[@class="btn btn-link btn-sm remove cartRemove cartR'.$biblionumber3.'"]')->click;
126 $basket_count_elt = $driver->find_element('//span[@id="basketcount"]/span');
127 is( $basket_count_elt->get_text(),
128 2, '1 element should have been removed from the cart' );
131 $driver->set_window_size($window_size->{'height'}, $window_size->{'width'});
134 subtest 'Play sound on the circulation page' => sub {
137 my $builder = t::lib::TestBuilder->new;
138 my $patron = $builder->build_object({ class => 'Koha::Patrons', value => { flags => 0 }});
140 my $mainpage = $s->base_url . q|mainpage.pl|;
141 $driver->get($mainpage . q|?logout.x=1|);
142 like( $driver->get_title(), qr(Log in to Koha), );
145 $driver->get( $base_url . "/circ/circulation.pl?borrowernumber=" . $patron->borrowernumber );
147 my $audio_node = $driver->find_element('//span[@id="audio-alert"]/audio[@src="/intranet-tmpl/prog/sound/beep.ogg"]');
149 push @cleanup, $patron, $patron->category, $patron->library;
152 subtest 'Display circulation table correctly' => sub {
155 my $builder = t::lib::TestBuilder->new;
156 my $library = $builder->build_object( { class => 'Koha::Libraries' } );
157 my $patron = $builder->build_object(
159 class => 'Koha::Patrons',
160 value => { branchcode => $library->branchcode, flags => 0 }
164 my ( $biblionumber, $biblioitemnumber ) = add_biblio();
165 my $item = $builder->build_sample_item(
167 biblionumber => $biblionumber,
168 library => $library->branchcode,
171 my $context = Test::MockModule->new('C4::Context');
175 return { branch => $library->branchcode };
179 C4::Circulation::AddIssue( $patron->unblessed, $item->barcode );
181 my $mainpage = $s->base_url . q|mainpage.pl|;
182 $driver->get($mainpage . q|?logout.x=1|);
185 $driver->get( $base_url
186 . "/circ/circulation.pl?borrowernumber="
187 . $patron->borrowernumber );
189 # Display the table clicking on the "Show checkouts" button
190 $driver->find_element('//a[@id="issues-table-load-now-button"]')->click;
192 my @thead_th = $driver->find_elements('//table[@id="issues-table"]/thead/tr/th');
193 my $thead_length = 0;
194 $thead_length += $_->get_attribute('colspan', 1) || 0 for @thead_th;
196 my @tfoot_td = $driver->find_elements('//table[@id="issues-table"]/tfoot/tr/td');
197 my $tfoot_length = 0;
198 $tfoot_length += $_->get_attribute('colspan', 1) || 0 for @tfoot_td;
200 my @tbody_td = $driver->find_elements('//table[@id="issues-table"]/tbody/tr[2]/td');
201 my $tbody_length = 0;
202 $tbody_length += 1 for @tbody_td;
204 is( $thead_length == $tfoot_length && $tfoot_length == $tbody_length,
205 1, "Checkouts table must be correctly aligned" )
207 "thead: $thead_length ; tfoot: $tfoot_length ; tbody: $tbody_length");
209 push @cleanup, $patron->checkouts, $item, $item->biblio, $patron,
210 $patron->category, $library;
213 subtest 'XSS vulnerabilities in pagination' => sub {
216 my $patron = $builder->build_object({ class => 'Koha::Patrons' });
217 for ( 1 .. 30 ) { # We want the pagination to be displayed
218 push @cleanup, $builder->build_object(
220 class => 'Koha::Virtualshelves',
223 allow_change_from_owner => 1,
224 allow_change_from_others => 0,
225 owner => $patron->borrowernumber
231 my $password = Koha::AuthUtils::generate_password($patron->category);
232 t::lib::Mocks::mock_preference( 'RequireStrongPassword', 0 );
233 $patron->set_password({ password => $password });
234 $s->opac_auth( $patron->userid, $password );
236 my $public_lists = $s->opac_base_url . q|opac-shelves.pl?op=list&category=2|;
237 $driver->get($public_lists);
239 $s->remove_error_handler;
240 my $alert_text = eval { $driver->get_alert_text() };
241 $s->add_error_handler;
242 is( $alert_text, undef, 'No alert box displayed' );
244 my $booh_alert = 'booh!';
245 $public_lists = $s->opac_base_url . qq|opac-shelves.pl?op=list&category=2"><script>alert('$booh_alert')</script>|;
246 $driver->get($public_lists);
248 $s->remove_error_handler;
249 $alert_text = eval { $driver->get_alert_text() };
250 $s->add_error_handler;
251 is( $alert_text, undef, 'No alert box displayed, even if evil intent' );
253 my $second_page = $driver->find_element('//div[@class="pages"]/span[@class="currentPage"]/following-sibling::a');
254 like( $second_page->get_attribute('href'), qr{(?|&)category=2(&|$)}, 'The second page should display category without the invalid value' );
256 push @cleanup, $patron, $patron->category, $patron->library;
260 subtest 'Encoding in session variables' => sub {
263 my $builder = t::lib::TestBuilder->new;
264 my $library = $builder->build_object( { class => 'Koha::Libraries' } );
265 my $patron = $builder->build_object(
267 class => 'Koha::Patrons',
268 value => { branchcode => $library->branchcode, flags => 0 }
272 my $biblio = $builder->build_sample_biblio;
273 my $item = $builder->build_sample_item(
275 biblionumber => $biblio->biblionumber,
276 library => $library->branchcode,
280 my $original_SessionStorage = C4::Context->preference('SessionStorage');
281 for my $SessionStorage ( qw( memcached mysql tmp ) ) {
282 C4::Context->set_preference( 'SessionStorage', $SessionStorage );
283 for my $branchname (qw( Test1 Test2❤️ Test3ä )) {
285 Koha::Libraries->find($branchname) || $builder->build_object(
287 class => 'Koha::Libraries',
289 branchcode => $branchname,
290 branchname => $branchname,
294 # Make sure we are logged in
295 $driver->get( $base_url . q|mainpage.pl?logout.x=1| );
297 # Switch to the new library
298 $driver->get( $base_url . 'circ/set-library.pl' );
299 $s->fill_form( { branch => $branchname } );
302 $driver->get( $base_url
303 . 'circ/circulation.pl?borrowernumber='
304 . $patron->borrowernumber );
305 # We must have the logged-in-branch-name displayed, or we got a 500
307 $driver->find_element( '//span[@class="logged-in-branch-name"]')->get_text(),
309 sprintf( "logged-in-branch-name set - SessionStorage=%s, branchname=%s", $SessionStorage, $branchname
313 $driver->find_element('//input[@id="barcode"]')->send_keys( $item->barcode );
314 $driver->find_element('//fieldset[@id="circ_circulation_issue"]/button[@type="submit"]')->click;
316 # Display the table clicking on the "Show checkouts" button
317 $driver->find_element('//a[@id="issues-table-load-now-button"]')
320 my @tds = $driver->find_elements(
321 '//table[@id="issues-table"]/tbody/tr[2]/td');
323 # Select the td for "Checked out from" (FIXME this is not robust and could be improved
324 my $td_checked_out_from = $tds[8];
326 $td_checked_out_from->get_text(),
328 sprintf( "'Checked out from' column should contain the branchname - SessionStorage=%s, branchname=%s", $SessionStorage, $branchname )
331 # Remove the check in
332 Koha::Checkouts->find({ itemnumber => $item->itemnumber })->delete;
336 C4::Context->set_preference('SessionStorage', $original_SessionStorage);
337 push @cleanup, $item, $biblio, $patron, $patron->category, $patron->library;
338 push @cleanup, Koha::Libraries->find($_) for qw( Test1 Test2❤️ Test3ä );
345 C4::Context->set_preference('SearchEngine', $SearchEngine_value);
346 C4::Context->set_preference('AudioAlerts', $AudioAlerts_value);
347 $_->delete for @cleanup;
351 my ($title, $author) = @_;
353 my $marcflavour = C4::Context->preference('marcflavour');
355 my $biblio = MARC::Record->new();
357 $tag = $marcflavour eq 'UNIMARC' ? '200' : '245';
358 $biblio->append_fields(
359 MARC::Field->new($tag, ' ', ' ', a => $title || 'a title'),
362 ($tag, $code) = $marcflavour eq 'UNIMARC' ? (200, 'f') : (100, 'a');
363 $biblio->append_fields(
364 MARC::Field->new($tag, ' ', ' ', $code => $author || 'an author'),
367 return C4::Biblio::AddBiblio($biblio, '');