Add Wpxf::WordPress::Comments mixin

rastating · rastating · commit 3092f98bbd89 · 2017-10-29T18:20:24.000Z
diff --git a/lib/wpxf/core.rb b/lib/wpxf/core.rb
@@ -74,5 +74,6 @@ def self.change_stdout_sync(enabled)
 require 'wpxf/wordpress/stored_xss'
 require 'wpxf/wordpress/shell_upload'
 require 'wpxf/wordpress/file_download'
+require 'wpxf/wordpress/comments'
 
 require 'wpxf/core/module'
diff --git a/lib/wpxf/wordpress/comments.rb b/lib/wpxf/wordpress/comments.rb
@@ -0,0 +1,78 @@
+# frozen_string_literal: true
+
+# Provides functionality for gathering and posting comments.
+module Wpxf::WordPress::Comments
+  include Wpxf
+
+  def initialize
+    super
+  end
+
+  # Register the comment posting options.
+  def wordpress_comments_register_options
+    register_options([
+      StringOption.new(
+        name: 'comment_author',
+        desc: 'The author name to use when posting a comment',
+        default: Utility::Text.rand_alpha(5),
+        required: true
+      ),
+      StringOption.new(
+        name: 'comment_content',
+        desc: 'The static text to use as the comment content',
+        default: Utility::Text.rand_alpha(20),
+        required: true
+      ),
+      StringOption.new(
+        name: 'comment_email',
+        desc: 'The e-mail address to use when posting a comment',
+        default: Utility::Text.rand_email,
+        required: true
+      ),
+      StringOption.new(
+        name: 'comment_website',
+        desc: 'The website address to use when posting a comment',
+        required: false
+      ),
+      IntegerOption.new(
+        name: 'comment_post_id',
+        desc: 'The ID of the post to comment on',
+        required: true
+      )
+    ])
+  end
+
+  # Post a comment.
+  # @param post_id [Integer] the post ID to comment on.
+  # @param content [String] the content of the comment.
+  # @param author [String] the author's name.
+  # @param email [String] the author's e-mail address.
+  # @param website [String] the author's website.
+  # @return [Integer] the ID of the comment, or -1 if the comment failed to post.
+  def wordpress_comments_post(post_id, content, author, email, website)
+    comment_id = -1
+
+    scoped_option_change('follow_http_redirection', false) do
+      res = execute_post_request(
+        url: wordpress_url_comments_post,
+        cookie: session_cookie,
+        body: {
+          author: author,
+          comment: content,
+          email: email,
+          url: website,
+          submit: 'Post Comment',
+          comment_post_ID: post_id,
+          comment_parent: 0
+        }
+      )
+
+      if res&.code == 302
+        id = res.headers['Location'][/#comment-([0-9]+)/i, 1]
+        comment_id = id.to_i if id
+      end
+    end
+
+    comment_id
+  end
+end
diff --git a/spec/wordpress/comments_spec.rb b/spec/wordpress/comments_spec.rb
@@ -0,0 +1,77 @@
+# frozen_string_literal: true
+
+require_relative '../spec_helper'
+
+describe Wpxf::WordPress::Comments do
+  let(:body) { '' }
+  let(:headers) { [] }
+  let(:code) { 200 }
+  let(:subject) do
+    subject = Class.new(Wpxf::Module) do
+      include Wpxf::Net::HttpClient
+      include Wpxf::WordPress::Urls
+      include Wpxf::WordPress::Comments
+    end.new
+
+    subject.set_option_value('host', '127.0.0.1')
+    subject.set_option_value('target_uri', '/wp/')
+    subject
+  end
+
+  before :each do
+    res = Wpxf::Net::HttpResponse.new(nil)
+    res.body = body
+    res.code = code
+    res.headers = headers
+    allow(subject).to receive(:execute_get_request).and_return(res)
+    allow(subject).to receive(:execute_post_request).and_return(res)
+  end
+
+  describe '#wordpress_comments_register_options' do
+    it 'registers a set of comment posting related options' do
+      subject.wordpress_comments_register_options
+
+      options = [
+        'comment_author',
+        'comment_content',
+        'comment_email',
+        'comment_website',
+        'comment_post_id'
+      ]
+
+      options.each do |o|
+        expect(subject.get_option(o)).to_not be_nil
+      end
+    end
+  end
+
+  describe '#wordpress_comments_post?' do
+    context 'if the comment ID can be found in the location header' do
+      let(:code) { 302 }
+      let(:headers) { { 'Location' => 'http://127.0.0.1/wp/hello-world/#comment-3' } }
+
+      it 'returns the comment ID' do
+        res = subject.wordpress_comments_post(1, 'content', 'author', 'user@localhost', '')
+        expect(res).to eq 3
+      end
+    end
+
+    context 'if the comment ID was not in the location header' do
+      let(:code) { 302 }
+      let(:headers) { { 'Location' => 'http://127.0.0.1/wp/hello-world/' } }
+
+      it 'returns -1' do
+        res = subject.wordpress_comments_post(1, 'content', 'author', 'user@localhost', '')
+        expect(res).to eq(-1)
+      end
+    end
+
+    context 'if the status code is not 302' do
+      let(:code) { 200 }
+      it 'returns -1' do
+        res = subject.wordpress_comments_post(1, 'content', 'author', 'user@localhost', '')
+        expect(res).to eq(-1)
+      end
+    end
+  end
+end
