From 22d20ea2a9ee97a1de7fd0b074107f2db00a20ba Mon Sep 17 00:00:00 2001 From: Ollie Date: Tue, 9 Jun 2026 17:44:18 +0100 Subject: [PATCH 1/3] Update PublicWikiController parameter validation and add unit tests * Validate `page` and `per_page` params as integers rather than numbers * Add `page` and `per_page` minimum limit of 1 * Add `per_page` maximum limit of 100 Bug: T421877 --- app/Http/Controllers/PublicWikiController.php | 4 +- .../Controllers/PublicWikiControllerTest.php | 41 +++++++++++++++++++ 2 files changed, 43 insertions(+), 2 deletions(-) diff --git a/app/Http/Controllers/PublicWikiController.php b/app/Http/Controllers/PublicWikiController.php index 15224b37..1875813d 100644 --- a/app/Http/Controllers/PublicWikiController.php +++ b/app/Http/Controllers/PublicWikiController.php @@ -24,8 +24,8 @@ public function index(Request $request) { 'direction' => 'in:desc,asc', 'is_featured' => 'boolean', 'is_active' => 'boolean', - 'per_page' => 'numeric', - 'page' => 'numeric', + 'per_page' => 'int|min:1|max:100', + 'page' => 'int|min:1', ]); $params = array_merge(self::$defaultParams, $request->input()); diff --git a/tests/Http/Controllers/PublicWikiControllerTest.php b/tests/Http/Controllers/PublicWikiControllerTest.php index 5ec79487..29e56028 100644 --- a/tests/Http/Controllers/PublicWikiControllerTest.php +++ b/tests/Http/Controllers/PublicWikiControllerTest.php @@ -6,10 +6,13 @@ use App\Http\Resources\PublicWikiResource; use App\Wiki; use App\WikiProfile; +use Generator; use Illuminate\Database\Events\QueryExecuted; use Illuminate\Foundation\Testing\DatabaseTransactions; use Illuminate\Http\Request; +use Illuminate\Http\Resources\Json\AnonymousResourceCollection; use Illuminate\Support\Facades\DB; +use Illuminate\Validation\ValidationException; use Tests\TestCase; class PublicWikiControllerTest extends TestCase { @@ -35,6 +38,44 @@ public function testShowLoadsWikiLatestProfileForResource(): void { $this->assertSame(true, $resource->toArray(new Request())['reuse_prototype']); } + public static function provideQueryParamsAndErrorExpected(): Generator { + yield 'default params' => [[], false]; + yield 'sort by sitename ascending' => [['sort' => 'sitename', 'direction' => 'asc'], false]; + yield 'sort by pages descending' => [['sort' => 'pages', 'direction' => 'desc'], false]; + yield 'sort by invalid value' => [['sort' => 'invalid'], true]; + yield 'sort by invalid direction' => [['direction' => 'invalid'], true]; + yield 'is_featured is boolean true' => [['is_featured' => true], false]; + yield 'is_featured is boolean 0' => [['is_featured' => 0], false]; + yield 'is_featured is invalid' => [['is_featured' => 'invalid'], true]; + yield 'is_active is boolean false' => [['is_active' => false], false]; + yield 'is_active is boolean 1' => [['is_active' => 1], false]; + yield 'is_active is invalid' => [['is_active' => 'invalid'], true]; + yield 'per_page is not int' => [['per_page' => 1.2], true]; + yield 'per_page is too low' => [['per_page' => 0], true]; + yield 'per_page is min value' => [['per_page' => 1], false]; + yield 'per_page is max value' => [['per_page' => 100], false]; + yield 'per_page is too high' => [['per_page' => 101], true]; + yield 'page is not int' => [['page' => 2.3], true]; + yield 'page is too low' => [['page' => 0], true]; + yield 'page is min value' => [['page' => 1], false]; + } + + /** + * @dataProvider provideQueryParamsAndErrorExpected + */ + public function testIndexQueryParamValidation(array $queryParams, bool $errorExpected): void { + $controller = new PublicWikiController; + $request = new Request($queryParams); + + if ($errorExpected) { + $this->expectException(ValidationException::class); + } + + $response = $controller->index($request); + + $this->assertInstanceOf(AnonymousResourceCollection::class, $response); + } + public function testIndexReusePrototypeOnlyRequiresOneAdditionalDatabaseQuery(): void { for ($i = 1; $i <= 3; $i++) { $wiki = Wiki::factory()->create([ From 0b720275b9f9583a3092c36444ddfcf74e20f927 Mon Sep 17 00:00:00 2001 From: Ollie Date: Wed, 10 Jun 2026 11:12:49 +0100 Subject: [PATCH 2/3] Add `per_page` default and remove superfluous conditional --- app/Http/Controllers/PublicWikiController.php | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/app/Http/Controllers/PublicWikiController.php b/app/Http/Controllers/PublicWikiController.php index 1875813d..2cc4d5b6 100644 --- a/app/Http/Controllers/PublicWikiController.php +++ b/app/Http/Controllers/PublicWikiController.php @@ -11,6 +11,7 @@ class PublicWikiController extends Controller { private static $defaultParams = [ 'sort' => 'sitename', 'direction' => 'asc', + 'per_page' => 15, ]; private static $activeThresholdPageCount = 2; @@ -61,12 +62,7 @@ public function index(Request $request) { break; } - $perPage = null; - if (array_key_exists('per_page', $params)) { - $perPage = intval($params['per_page']); - } - - return PublicWikiResource::collection($query->paginate($perPage)); + return PublicWikiResource::collection($query->paginate($params['per_page'])); } /** From 799491e738ec6120d12db3916b013f85fa74efbd Mon Sep 17 00:00:00 2001 From: Thomas Arrow Date: Thu, 11 Jun 2026 13:53:34 +0100 Subject: [PATCH 3/3] Update tests/Http/Controllers/PublicWikiControllerTest.php --- tests/Http/Controllers/PublicWikiControllerTest.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/Http/Controllers/PublicWikiControllerTest.php b/tests/Http/Controllers/PublicWikiControllerTest.php index 29e56028..f5748ff8 100644 --- a/tests/Http/Controllers/PublicWikiControllerTest.php +++ b/tests/Http/Controllers/PublicWikiControllerTest.php @@ -64,7 +64,7 @@ public static function provideQueryParamsAndErrorExpected(): Generator { * @dataProvider provideQueryParamsAndErrorExpected */ public function testIndexQueryParamValidation(array $queryParams, bool $errorExpected): void { - $controller = new PublicWikiController; + $controller = new PublicWikiController(); $request = new Request($queryParams); if ($errorExpected) {