Merge pull request #369 from xibosignage/release18

Release 1.8.9

.dockerignore

@@ -32,8 +32,6 @@ CONTRIBUTING.md
 # Our own container's settings.php shouldn't be included
 web/settings.php
 
-# Package.json - note we will likely want to remove this in 2.0
-package.json
-
-# Our own build file
-build.sh
+# Our own build files
+build.sh
+build-composer.sh

.gitignore

@@ -11,4 +11,5 @@ custom
 web/theme/custom
 node_modules
 results.xml
-containers/
+containers/
+cypress/videos/

Dockerfile

@@ -23,7 +23,11 @@ RUN composer install --no-interaction --no-dev --ignore-platform-reqs --optimize
 # the next state
 RUN rm /app/composer.* && \
     rm -r /app/docker && \
-    rm .dockerignore
+    rm .dockerignore && \
+    rm package.json && \
+    rm package-lock.json && \
+    rm cypress.json && \
+    rm -r /app/cypress
 
 WORKDIR /app/vendor
 RUN find -type d -name '.git' -exec rm -r {} + && \
@@ -95,7 +99,7 @@ RUN sed -i "s/error_reporting = .*$/error_reporting = E_ERROR | E_WARNING | E_PA
 # Setup persistent environment variables
 ENV CMS_DEV_MODE=false \
     XMR_HOST=xmr \
-    CMS_DB_VERSION=139 \
+    CMS_DB_VERSION=140 \
     CMS_SERVER_NAME=localhost \
     MYSQL_HOST=mysql \
     MYSQL_USER=cms \

Dockerfile.cypress

@@ -0,0 +1,10 @@
+FROM cypress/base
+
+WORKDIR /app
+
+COPY cypress.json ./
+COPY cypress ./cypress
+
+RUN npm install --save-dev --slient cypress
+
+RUN $(npm bin)/cypress verify

cypress.json

@@ -0,0 +1,4 @@
+{
+  "baseUrl": "http://localhost",
+  "viewportWidth": 1200
+}

cypress/integration/dashboard_spec.js

@@ -0,0 +1,16 @@
+describe('Dashboard', function () {
+
+    beforeEach(function () {
+        cy.login();
+
+        cy.visit('/');
+    });
+
+    it('should be at the dashboard page', function() {
+        cy.url().should('include', '/dashboard');
+
+        cy.contains('xibo_admin');
+
+        cy.contains('Dashboard');
+    });
+});

cypress/integration/layout_designer_spec.js

@@ -0,0 +1,11 @@
+describe('Layout Designer', function() {
+    beforeEach(function() {
+        cy.login();
+    });
+
+    it('should navigate to the Layout Designer page and have a Layout with 2 regions', function() {
+        cy.visit('/layout/designer/1');
+
+
+    });
+});

cypress/integration/login_spec.js

@@ -0,0 +1,36 @@
+describe('Login', function() {
+
+    beforeEach(function() {
+        cy.visit('/');
+    });
+
+    it('should be able to login the default user', function () {
+
+        cy.get('input#username')
+            .type('xibo_admin');
+
+        cy.get('input#password')
+            .type('password');
+
+        cy.get('button[type=submit]')
+            .click();
+
+        cy.url().should('include', '/dashboard');
+
+        cy.contains('xibo_admin');
+    });
+
+    it('should fail to login an invalid user', function () {
+
+        cy.get('input#username')
+            .type('xibo_admin');
+
+        cy.get('input#password')
+            .type('wrongpassword');
+
+        cy.get('button[type=submit]')
+            .click();
+
+        cy.contains('Username or Password incorrect');
+    })
+});

cypress/integration/modules_spec.js

@@ -0,0 +1,14 @@
+describe('Modules Page', function () {
+    beforeEach(function () {
+        cy.login();
+    });
+
+    it('should load the modules page and show a complete table of modules', function () {
+        cy.visit('/module/view');
+
+        cy.contains('Modules');
+
+        // TODO: How many modules are we expecting by default?
+        cy.contains('Showing 1 to 10 of');
+    });
+});

cypress/integration/unauthed_spec.js

@@ -0,0 +1,15 @@
+describe('Unauthenticated CMS access', function () {
+    it('should visit the login page and check the version', function () {
+        cy.visit('/');
+
+        cy.url().should('include', '/login');
+
+        cy.contains('Version 1.8.9');
+    });
+
+    it('should redirect to login when an authenticated page is requested', function() {
+
+        cy.visit('/layout/view');
+        cy.url().should('include', '/login');
+    });
+});

cypress/plugins/index.js

@@ -0,0 +1,17 @@
+// ***********************************************************
+// This example plugins/index.js can be used to load plugins
+//
+// You can change the location of this file or turn off loading
+// the plugins file with the 'pluginsFile' configuration option.
+//
+// You can read more here:
+// https://on.cypress.io/plugins-guide
+// ***********************************************************
+
+// This function is called when a project is opened or re-opened (e.g. due to
+// the project's config changing)
+
+module.exports = (on, config) => {
+  // `on` is used to hook into various events Cypress emits
+  // `config` is the resolved Cypress config
+}

cypress/support/commands.js

@@ -0,0 +1,38 @@
+// ***********************************************
+// This example commands.js shows you how to
+// create various custom commands and overwrite
+// existing commands.
+//
+// For more comprehensive examples of custom
+// commands please read more here:
+// https://on.cypress.io/custom-commands
+// ***********************************************
+//
+//
+// -- This is a parent command --
+// Cypress.Commands.add("login", (email, password) => { ... })
+//
+//
+// -- This is a child command --
+// Cypress.Commands.add("drag", { prevSubject: 'element'}, (subject, options) => { ... })
+//
+//
+// -- This is a dual command --
+// Cypress.Commands.add("dismiss", { prevSubject: 'optional'}, (subject, options) => { ... })
+//
+//
+// -- This is will overwrite an existing command --
+// Cypress.Commands.overwrite("visit", (originalFn, url, options) => { ... })
+Cypress.Commands.add('login', function() {
+    cy.request({
+        method: 'POST',
+        url: '/login',
+        form: true,
+        body: {
+            'username': 'xibo_admin',
+            'password': 'password'
+        }
+    });
+
+    cy.getCookie('PHPSESSID').should('exist');
+});

cypress/support/index.js

@@ -0,0 +1,20 @@
+// ***********************************************************
+// This example support/index.js is processed and
+// loaded automatically before your test files.
+//
+// This is a great place to put global configuration and
+// behavior that modifies Cypress.
+//
+// You can change the location of this file or turn off
+// automatically serving support files with the
+// 'supportFile' configuration option.
+//
+// You can read more here:
+// https://on.cypress.io/configuration
+// ***********************************************************
+
+// Import commands.js using ES2015 syntax:
+import './commands'
+
+// Alternatively you can use CommonJS syntax:
+// require('./commands')

docker/etc/apache2/conf.d/cms.conf

@@ -11,6 +11,7 @@ LoadModule rewrite_module modules/mod_rewrite.so
   PassEnv MYSQL_PORT
   PassEnv MYSQL_PASSWORD
   PassEnv CMS_SERVER_NAME
+  PassEnv CMS_DEV_MODE
 
   ServerName ${CMS_SERVER_NAME}
 

install/master/data.sql

@@ -1,5 +1,5 @@
 INSERT INTO `version` (`app_ver`, `XmdsVersion`, `XlfVersion`, `DBVersion`) VALUES
-('1.8.8', 5, 2, 139);
+('1.8.9', 5, 2, 140);
 
 INSERT INTO `group` (`groupID`, `group`, `IsUserSpecific`, `IsEveryone`, `isSystemNotification`) VALUES
 (1, 'Users', 0, 0, 0),

lib/Controller/Display.php

@@ -964,9 +964,6 @@ function edit($displayId)
         if (!$this->getUser()->checkEditable($display))
             throw new AccessDeniedException();
 
-        // Track the default layout
-        $defaultLayoutId = $display->defaultLayoutId;
-
         // Update properties
         if ($this->getConfig()->GetSetting('DISPLAY_LOCK_NAME_TO_DEVICENAME') == 0)
             $display->display = $this->getSanitizer()->getString('display');
@@ -996,7 +993,7 @@ function edit($displayId)
             $display->auditingUntil = $display->auditingUntil->format('U');
 
         // Should we invalidate this display?
-        if ($defaultLayoutId != $display->defaultLayoutId) {
+        if ($display->hasPropertyChanged('defaultLayoutId')) {
             $display->notify();
         } else if ($this->getSanitizer()->getCheckbox('clearCachedData', 1) == 1) {
             // Remove the cache if the display licenced state has changed
@@ -1538,6 +1535,8 @@ public function setDefaultLayout($displayId)
 
         $display->defaultLayoutId = $layoutId;
         $display->save(['validate' => false]);
+        if ($display->hasPropertyChanged('defaultLayoutId'))
+            $display->notify();
 
         // Return
         $this->getState()->hydrate([

lib/Controller/Stats.php

@@ -643,8 +643,15 @@ public function export()
         $out = fopen('php://output', 'w');
         fputcsv($out, ['Type', 'FromDT', 'ToDT', 'Layout', 'Display', 'Media', 'Tag']);
 
+        // Run our query using a connection object (to save memory)
+        $connection = $this->store->getConnection();
+        $statement = $connection->prepare($sql);
+
+        // Execute
+        $statement->execute($params);
+
         // Do some post processing
-        foreach ($this->store->select($sql, $params) as $row) {
+        while ($row = $statement->fetch(\PDO::FETCH_ASSOC)) {
             // Read the columns
             $type = $this->getSanitizer()->string($row['Type']);
             $fromDt = $this->getSanitizer()->string($row['start']);

lib/Entity/Layout.php

@@ -829,7 +829,7 @@ public function toXlf()
         }
 
         if ($layoutHasEmptyRegion)
-            $this->getLog()->alert('Layout has empty region');
+            $this->getLog()->alert('Layout ID ' . $this->layoutId . ' has an empty region');
 
         foreach ($this->regions as $region) {
             /* @var Region $region */

lib/Helper/Environment.php

@@ -11,8 +11,8 @@
 
 class Environment
 {
-    public static $WEBSITE_VERSION_NAME = '1.8.8';
-    public static $WEBSITE_VERSION = 139;
+    public static $WEBSITE_VERSION_NAME = '1.8.9';
+    public static $WEBSITE_VERSION = 140;
 
     public static $VERSION_REQUIRED = '5.5';
     public static $VERSION_UNSUPPORTED = '8.0';
@@ -244,4 +244,13 @@ public static function checkUrl($url)
     {
         return (stripos($url, '/web/') === false);
     }
+
+    /**
+     * Is the CMS in DEV mode?
+     * @return bool
+     */
+    public static function isDevMode()
+    {
+        return (isset($_SERVER['CMS_DEV_MODE']) && $_SERVER['CMS_DEV_MODE'] === 'true');
+    }
 }

lib/Middleware/Actions.php

@@ -106,20 +106,27 @@ public function call()
                     /** @var UserNotificationFactory $factory */
                     $factory = $app->userNotificationFactory;
 
-                    if ($app->user->userTypeId == 1 && file_exists(PROJECT_ROOT . '/web/install/index.php')) {
-                        $app->logService->notice('Install.php exists and shouldn\'t');
-
-                        $notifications[] = $factory->create(__('There is a problem with this installation. "install.php" should be deleted.'));
+                    // Is the CMS Docker stack in DEV mode? (this will be true for dev and test)
+                    if (Environment::isDevMode()) {
+                        $notifications[] = $factory->create('CMS IN DEV MODE');
                         $extraNotifications++;
+                    } else {
+                        // We're not in DEV mode and therefore install/index.php shouldn't be there.
+                        if ($app->user->userTypeId == 1 && file_exists(PROJECT_ROOT . '/web/install/index.php')) {
+                            $app->logService->notice('Install.php exists and shouldn\'t');
 
-                        // Test for web in the URL.
-                        $url = $app->request()->getUrl() . $app->request()->getPathInfo();
+                            $notifications[] = $factory->create(__('There is a problem with this installation. "install.php" should be deleted.'));
+                            $extraNotifications++;
 
-                        if (!Environment::checkUrl($url)) {
-                            $app->logService->notice('Suspicious URL detected - it is very unlikely that /web/ should be in the URL. URL is ' . $url);
+                            // Test for web in the URL.
+                            $url = $app->request()->getUrl() . $app->request()->getPathInfo();
 
-                            $notifications[] = $factory->create(__('CMS configuration warning, it is very unlikely that /web/ should be in the URL. This usually means that the DocumentRoot of the web server is wrong and may put your CMS at risk if not corrected.'));
-                            $extraNotifications++;
+                            if (!Environment::checkUrl($url)) {
+                                $app->logService->notice('Suspicious URL detected - it is very unlikely that /web/ should be in the URL. URL is ' . $url);
+
+                                $notifications[] = $factory->create(__('CMS configuration warning, it is very unlikely that /web/ should be in the URL. This usually means that the DocumentRoot of the web server is wrong and may put your CMS at risk if not corrected.'));
+                                $extraNotifications++;
+                            }
                         }
                     }
 

lib/Middleware/CsrfGuard.php

@@ -24,6 +24,7 @@
 
 use Slim\Middleware;
 use Xibo\Exception\TokenExpiredException;
+use Xibo\Helper\Environment;
 
 class CsrfGuard extends Middleware
 {
@@ -82,8 +83,13 @@ public function check()
             // Validate the token unless we are on an excluded route
             $route = $this->app->router()->getCurrentRoute()->getPattern();
 
-            if ($this->app->excludedCsrfRoutes == null || ($route != null && !in_array($route, $this->app->excludedCsrfRoutes))) {
-
+            $excludedRoutes = $this->app->excludedCsrfRoutes;
+            if (($excludedRoutes !== null && is_array($excludedRoutes) && in_array($route, $excludedRoutes))
+                || (Environment::isDevMode() && $route === '/login')
+            ) {
+                $this->app->getLog()->info('Route excluded from CSRF: ' . $route);
+            } else {
+                // Checking CSRF
                 $userToken = $this->app->request()->headers('X-XSRF-TOKEN');
                 if ($userToken == '') {
                     $userToken = $this->app->request()->params($this->key);