Skip to content

Commit

Permalink
Merge pull request #376 from WebPageTest/private-tests
Browse files Browse the repository at this point in the history 
Private tests
  • Loading branch information
@jefflembeck
jefflembeck authored May 31, 2022
2 parents cd03d13 + c8bd04d commit 55f872d
Show file tree
Hide file tree
Showing 5 changed files with 77 additions and 31 deletions.
24 changes: 18 additions & 6 deletions www/common.inc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,7 @@ use WebPageTest\Util;
use WebPageTest\User;
use WebPageTest\RequestContext;
use WebPageTest\Exception\ClientException;
use WebPageTest\Exception\ForbiddenException;

if (Util::getSetting('php_sessions')) {
// Start session handling for this request
Expand All @@ -23,7 +24,10 @@ if (Util::getSetting('cp_auth')) {
unset($_SESSION['client_error']);

set_exception_handler(function($e) {
if(is_a($e, ClientException::class)) {
if(is_a($e, ForbiddenException::class)) {
http_response_code(404);
die();
} else if(is_a($e, ClientException::class)) {
$route = $e->getRoute();
$message = $e->getMessage();
$host = Util::getSetting('host');
Expand Down Expand Up @@ -357,12 +361,20 @@ if (strlen($id)) {
$cachedText = $cached ? '_Cached' : '';
$testDate = null;
if ($test['testinfo']) {
if( array_key_exists('completed', $test['testinfo']))
if( array_key_exists('completed', $test['testinfo'])) {
$testDate = strftime('%x %X', (int)$test['testinfo']['completed'] + ($tz_offset * 60));
if (array_key_exists('owner', $test['testinfo']) && strlen($owner) && $owner == $test['testinfo']['owner'])
$isOwner = true;
elseif (array_key_exists('uid', $test['testinfo']) && strlen($uid) && $uid == $test['testinfo']['uid'])
$isOwner = true;
}

// $owner is set by CP details in AttachUser middleware if loaded
$owner_id_matches_test = array_key_exists('owner', $test['testinfo']) && strlen($owner) && $owner == $test['testinfo']['owner'];
$uid_matches_test = array_key_exists('uid', $test['testinfo']) && strlen($uid) && $uid == $test['testinfo']['uid'];

$isOwner = $owner_id_matches_test || $uid_matches_test;
$test_is_private = array_key_exists('private', $test['testinfo']) && !!$test['testinfo']['private'];

if ($test_is_private && !$isOwner) {
throw new ForbiddenException();
}

$url = array_key_exists('url', $test['testinfo']) ? htmlspecialchars($test['testinfo']['url']) : null;
$dom = array_key_exists('domElement', $test['testinfo']) ? htmlspecialchars($test['testinfo']['domElement']) : null;
Expand Down
14 changes: 8 additions & 6 deletions www/common/AttachUser.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -85,18 +85,20 @@
}
}

// TEMP FLAG TEMP FLAG
$user->setPaid(true);
if (isset($_REQUEST['unpaid'])) {
$user->setPaid(false);
// In a dev environment, default to showing paid content, use a flag for unpaid
if (Util::getSetting('environment') == 'dev') {
$user->setPaid(true);
if (isset($_REQUEST['unpaid'])) {
$user->setPaid(false);
}
}

$isPaid = $user->isPaid();
if ($isPaid) {
//calculate based on paid priority
$user->setUserPriority(Util::getSetting('paid_priority', 0));
$user->setUserPriority((int)Util::getSetting('paid_priority', 0));
} else {
$user->setUserPriority(Util::getSetting('user_priority', 0));
$user->setUserPriority((int)Util::getSetting('user_priority', 0));
}

$user_email = $user->getEmail();
Expand Down
34 changes: 21 additions & 13 deletions www/index.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -76,6 +76,9 @@
$locations = LoadLocations();
$loc = ParseLocations($locations);

// Is the user a logged in and paid user?
$is_paid = isset($request_context) && !is_null($request_context->getUser()) && $request_context->getUser()->isPaid();

?>
<!DOCTYPE html>
<html lang="en-us">
Expand Down Expand Up @@ -241,17 +244,20 @@
</div>
</div>
<div class="test_presets_easy_checks">
<div class="fieldrow" id="description"></div>
<div class="fieldrow">
<label for="rv"><input type="checkbox" name="rv" id="rv" class="checkbox" onclick="rvChanged()"> Include Repeat View <small>(Loads the page, closes the browser and then loads the page again)</small></label>
</div>
<div class="fieldrow">
<label for="lighthouse-simple"><input type="checkbox" name="lighthouse" id="lighthouse-simple" class="checkbox"> Run Lighthouse Audit <small>(Runs on Chrome, emulated Moto G4 device, over simulated 3G Fast connection)</small></label>
<div class="fieldrow" id="description"></div>
<div class="fieldrow">
<label for="rv"><input type="checkbox" name="rv" id="rv" class="checkbox" onclick="rvChanged()"> Include Repeat View <small>(Loads the page, closes the browser and then loads the page again)</small></label>
</div>
<div class="fieldrow">
<label for="lighthouse-simple"><input type="checkbox" name="lighthouse" id="lighthouse-simple" class="checkbox"> Run Lighthouse Audit <small>(Runs on Chrome, emulated Moto G4 device, over simulated 3G Fast connection)</small></label>
</div>
<?php if($is_paid): ?>
<div class="fieldrow">
<label for="private-simple"><input type="checkbox" name="private" id="private-simple" class="checkbox"> Make Test Private <small>Private tests are only visible to your account</small></label>
</div>
<?php endif; ?>
</div>
</div>



<div class="test_presets_easy_submit">
<input type="submit" name="submit" value="Start Test &#8594;" class="start_test">
</div>
Expand Down Expand Up @@ -495,6 +501,9 @@
<li>
<label for="videoCheck"><input type="checkbox" name="video" id="videoCheck" class="checkbox" checked=checked> Capture Video</label>
</li>
<li>
<label for="private-advanced"><input type="checkbox" name="private" id="private-advanced" class="checkbox"> Make Test Private</label>
</li>
<li>
<label for="label">Label</label>
<?php
Expand Down Expand Up @@ -766,10 +775,9 @@
</li>
</ul>
<div class="notification-container">
<div class="notification"><div class="warning">
PLEASE USE A TEST ACCOUNT! as your credentials may be available to anyone viewing the results.<br><br>
Using this feature will make this test Private. Thus, it will *not* appear in Test History.
</div></div>
<div class="notification">
<div class="warning">PLEASE USE A TEST ACCOUNT! as your credentials may be available to anyone viewing the results.</div>
</div>
</div>
</div>
<?php } ?>
Expand Down
17 changes: 11 additions & 6 deletions www/runtest.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -206,12 +206,17 @@ function DealWithMagicQuotes(&$arr) {
if ($run_time_limit)
$test['run_time_limit'] = (int)$run_time_limit;
$test['connections'] = isset($req_connections) ? (int)$req_connections : 0;
// Currently, we do nothing to designate the difference between public and private tests
// This creates a problem in that people assume their tests are actually private.
// But they're more private in the way that github gists are private, we don't advertise
// them, but they're accessible to those that know the url. Until we can create a truly
// private test, we are going to treat all tests as public
$test['private'] = 0;

/**
* True private tests are a paid feature (we formerly said we had
* private tests, but they weren't actually private
*/
$is_private = 0;
if ($isPaid) {
$is_private ??= $req_private;
}
$test['private'] = $is_private;

if (isset($req_web10))
$test['web10'] = $req_web10;
if (isset($req_ignoreSSL))
Expand Down
19 changes: 19 additions & 0 deletions www/src/Exception/ForbiddenException.php
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
<?php

declare(strict_types=1);

namespace WebPageTest\Exception;

use WebPageTest\Exception\ClientException;

class ForbiddenException extends ClientException
{
public function __construct(
string $route = '/'
) {
$message = "Forbidden";
$code = 403;
$previous = null;
parent::__construct($message, $route, $code, $previous);
}
}

0 comments on commit 55f872d

Please sign in to comment.