# QDR Temporary Shared Storage - Testing Guide This document outlines a comprehensive testing strategy for the QDR Temporary Shared Storage plugin to ensure all components function correctly after refactoring. ## Manual Testing Procedures ### 1. Installation and Activation Testing - [ ] Upload plugin to a test WordPress site - [ ] Activate the plugin - [ ] Verify that activation creates: - [ ] The custom database table - [ ] The required upload directories - [ ] The download page - [ ] The default plugin settings ### 2. Admin Interface Testing #### 2.1 Settings Page - [ ] Navigate to Settings > Shared Storage - [ ] Verify all settings fields are displayed correctly - [ ] Test generating a new API key - [ ] Change settings values and save - [ ] Refresh page and verify settings were saved - [ ] Test the "Purge Expired Files" button #### 2.2 Media Page - [ ] Navigate to Media > Shared Storage - [ ] Verify the table loads correctly (initially empty) - [ ] Upload a file through the REST API (see REST API testing) - [ ] Verify the file appears in the table - [ ] Test sorting by different columns - [ ] Test pagination (upload multiple files if needed) - [ ] Test searching by filename and reference - [ ] Test the "View Details" functionality - [ ] Test the "Edit" functionality: - [ ] Change description, message, dates, reference - [ ] Save and verify changes are applied - [ ] Test the "Delete" functionality ### 3. REST API Testing #### 3.1 Authentication - [ ] Attempt API requests without an API key (should fail) - [ ] Attempt API requests with an invalid API key (should fail) - [ ] Attempt API requests with the correct API key (should succeed) #### 3.2 File Upload - [ ] Test the complete chunked upload process: - [ ] Initialize upload - [ ] Upload chunks - [ ] Finalize upload - [ ] Verify the file is stored in the correct location - [ ] Verify the database record is created correctly - [ ] Test with various file sizes: - [ ] Small file (< 1MB) - [ ] Medium file (1-10MB) - [ ] Large file (> 10MB) - [ ] Test with different file types: - [ ] PDF - [ ] Image (JPEG, PNG) - [ ] Office document (DOCX, XLSX) - [ ] ZIP archive #### 3.3 File Management - [ ] Test retrieving file details via API - [ ] Test updating file properties via API - [ ] Test deleting a file via API - [ ] Test retrieving file collections with various query parameters: - [ ] Pagination - [ ] Sorting - [ ] Filtering ### 4. Public Interface Testing - [ ] Verify the download page exists and functions correctly - [ ] Test the download process with correct password and reference - [ ] Test the download process with incorrect password (should fail) - [ ] Test the download process with incorrect reference (should fail) - [ ] Test with expired files (should not allow download) - [ ] Test with future activation date (should not allow download) - [ ] Verify download count and last download are updated correctly ### 5. Scheduled Tasks Testing - [ ] Manually trigger cron job to purge expired files - [ ] Verify expired files are deleted from storage - [ ] Verify expired records are deleted from database - [ ] Check that non-expired files are not affected ### 6. Edge Cases Testing - [ ] Test with storage limit reached - [ ] Test with malformed inputs in API requests - [ ] Test with special characters in filenames, descriptions, etc. - [ ] Test with concurrent uploads - [ ] Test with extremely large files - [ ] Test with slow network connections (simulate with throttling) ## Automated Testing To implement automated testing for this plugin, you can use the WordPress testing framework which is based on PHPUnit. ### Setting Up the Test Environment 1. **Install PHPUnit**: ```bash composer require --dev phpunit/phpunit ``` 2. **Install WordPress Test Library**: ```bash bash bin/install-wp-tests.sh wordpress_test root '' localhost latest ``` 3. **Create a PHPUnit Configuration File** (`phpunit.xml`): ```xml ./tests/ ``` 4. **Create Bootstrap File** (`tests/bootstrap.php`): ```php db_manager = QDR_TSS_DB_Manager::instance(); } /** * Test creating the database table */ public function test_create_table() { global $wpdb; // Delete table if it exists $table_name = $wpdb->prefix . QDR_TSS_PLUGIN_TABLE; $wpdb->query("DROP TABLE IF EXISTS $table_name"); // Create table $result = $this->db_manager->create_table(); // Check if table exists $table_exists = $wpdb->get_var("SHOW TABLES LIKE '$table_name'") === $table_name; $this->assertTrue($table_exists); } /** * Test inserting an item */ public function test_insert_item() { $data = array( 'media_id' => 123456789, 'original_file_name' => 'test.pdf', 'description' => 'Test description', 'message' => 'Test message', 'active_from' => current_time('mysql'), 'active_to' => date('Y-m-d H:i:s', strtotime('+30 days')), 'password' => wp_hash_password('test_password'), 'reference' => 'TEST123', 'file_path' => 'test/path/test.pdf', 'file_size' => 1024 ); $item_id = $this->db_manager->insert_item($data); $this->assertNotFalse($item_id); $this->assertGreaterThan(0, $item_id); // Get the item and verify data $item = $this->db_manager->get_item($item_id); $this->assertEquals($data['media_id'], $item->media_id); $this->assertEquals($data['original_file_name'], $item->original_file_name); $this->assertEquals($data['description'], $item->description); } // Additional tests for update, delete, get operations... } ``` #### File Manager Tests Create a file `tests/test-file-manager.php`: ```php file_manager = QDR_TSS_File_Manager::instance(); } /** * Test initializing the file system */ public function test_init_file_system() { $result = $this->file_manager->init_file_system(); $this->assertTrue($result); $this->assertTrue(file_exists(QDR_TSS_UPLOADS_DIR)); $this->assertTrue(file_exists(QDR_TSS_UPLOADS_DIR . 'tmp/')); $this->assertTrue(file_exists(QDR_TSS_UPLOADS_DIR . '.htaccess')); } /** * Test creating a dated directory */ public function test_create_dated_directory() { $date = date('Y/m/d'); $dir = $this->file_manager->create_dated_directory($date); $this->assertTrue(file_exists($dir)); } // Additional tests for chunked uploads, file deletion, etc... } ``` #### REST API Tests Create a file `tests/test-rest-api.php`: ```php server = $wp_rest_server = new WP_REST_Server; do_action('rest_api_init'); // Set up API key $settings = QDR_TSS_Settings::instance(); $this->api_key = $settings->generate_api_key(); $settings->update_setting('api_key', $this->api_key); } /** * Test unauthorized access */ public function test_unauthorized_access() { $request = new WP_REST_Request('GET', '/qdr-tss/v1/media'); $response = $this->server->dispatch($request); $this->assertEquals(403, $response->get_status()); } /** * Test authorized access */ public function test_authorized_access() { $request = new WP_REST_Request('GET', '/qdr-tss/v1/media'); $request->add_header('X-Api-Key', $this->api_key); $response = $this->server->dispatch($request); $this->assertEquals(200, $response->get_status()); } // Additional tests for other API endpoints... } ``` ### Running the Tests Run the tests using the PHPUnit command: ```bash ./vendor/bin/phpunit ``` ## Integration Testing with Client Applications To test integration with client applications, you can create simple client scripts in PHP, JavaScript, or other languages that communicate with your WordPress site's REST API. ### Example PHP Client ```php 'Updated message']); if (!isset($update_response['message']) || $update_response['message'] !== 'Updated message') { echo "FAIL: Update media\n"; return; } echo "PASS: Update media\n"; // Test delete media $delete_response = delete_media($media_id); if (!isset($delete_response['deleted']) || $delete_response['deleted'] !== true) { echo "FAIL: Delete media\n"; return; } echo "PASS: Delete media\n"; echo "All tests passed!\n"; } // API helper functions function initialize_upload($filename, $filesize) { global $api_url, $api_key; $ch = curl_init("$api_url/upload/init"); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_HTTPHEADER, [ "X-Api-Key: $api_key", 'Content-Type: application/json' ]); curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode([ 'original_file_name' => $filename, 'file_size' => $filesize ])); $response = curl_exec($ch); curl_close($ch); return json_decode($response, true); } // Implement other API helper functions... // Run tests test_api(); ``` ## Performance Testing To test the performance of the plugin, especially with large files and under high load, you can use tools like Apache JMeter or a simple script to simulate multiple concurrent uploads. ### Test Scenarios 1. **Large File Upload**: Test uploading a very large file (1GB+) and measure: - Total upload time - Memory usage - CPU usage 2. **Concurrent Uploads**: Test multiple clients uploading files simultaneously and measure: - Success rate - Average upload time - Server resource usage 3. **Storage Limit Testing**: Test behavior when approaching and exceeding storage limits. ## Security Testing ### Checklist 1. **API Authentication**: - [ ] Test API requests with missing API key - [ ] Test API requests with invalid API key - [ ] Test API requests with valid API key 2. **File Access**: - [ ] Verify direct access to uploaded files is blocked - [ ] Verify download requires valid password - [ ] Verify download respects active dates 3. **Input Validation**: - [ ] Test with malformed JSON requests - [ ] Test with malicious file uploads - [ ] Test SQL injection attempts - [ ] Test XSS attempts in file names and descriptions 4. **File Operations**: - [ ] Test upload paths for directory traversal - [ ] Test file type restrictions - [ ] Test file size limits ## Conclusion This comprehensive testing approach will help ensure that the refactored QDR Temporary Shared Storage plugin works correctly across all components and integrates properly with WordPress and client applications. By following this guide, you can identify and fix any issues before deploying the plugin to production environments.