solocla/theloftstore
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

TRF Certest first commit

Browse Source
This commit is contained in:
Claudio
2025-02-26 08:57:46 +01:00
commit 3ce064a108
2524 changed files with 475404 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
tests/Feature/Api/Users/AvatarControllerTest.php
+130
View File
@@ -0,0 +1,130 @@
<?php
namespace Tests\Feature\Api\Users;
use Facades\Tests\Setup\UserFactory;
use Illuminate\Http\UploadedFile;
use Storage;
use Tests\Feature\ApiTestCase;
use Vanguard\Events\User\UpdatedByAdmin;
use Vanguard\User;
class AvatarControllerTest extends ApiTestCase
{
/** @test */
public function upload_user_avatar_unauthenticated()
{
$user = User::factory()->create();
$this->post("/api/users/{$user->id}/avatar")
->assertStatus(401);
}
/** @test */
public function upload_avatar_without_permission()
{
$user = User::factory()->create();
$this->actingAs($user, self::API_GUARD)
->post("/api/users/{$user->id}/avatar")
->assertForbidden();
}
/** @test */
public function upload_avatar_image()
{
\Event::fake([UpdatedByAdmin::class]);
Storage::fake('public');
$user = UserFactory::withPermissions('users.manage')->create();
$file = UploadedFile::fake()->image('avatar.png', 500, 500);
$response = $this->actingAs($user, self::API_GUARD)
->post("/api/users/{$user->id}/avatar", ['file' => $file])
->assertOk();
$avatar = $response->json('data.avatar');
$this->assertNotNull($avatar);
$uploadedFile = str_replace(url(''), '', $avatar);
$uploadedFile = ltrim($uploadedFile, '/');
Storage::disk('public')->assertExists($uploadedFile);
[$width, $height] = getimagesizefromstring(
Storage::disk('public')->get($uploadedFile)
);
$this->assertEquals(160, $width);
$this->assertEquals(160, $height);
\Event::assertDispatched(UpdatedByAdmin::class);
}
/** @test */
public function upload_invalid_image()
{
$user = UserFactory::withPermissions('users.manage')->create();
Storage::fake('public');
$file = UploadedFile::fake()->create('avatar.txt', 500);
$this->actingAs($user, self::API_GUARD)
->post("/api/users/{$user->id}/avatar", ['file' => $file])
->assertStatus(422)
->assertJsonFragment([
'file' => [
trans('validation.image', ['attribute' => 'file']),
],
]);
}
/** @test */
public function update_avatar_from_external_source()
{
\Event::fake([UpdatedByAdmin::class]);
$user = UserFactory::withPermissions('users.manage')->create();
$url = 'http://google.com';
$this->actingAs($user, self::API_GUARD)
->putJson("/api/users/{$user->id}/avatar/external", ['url' => $url])
->assertOk()
->assertJsonFragment(['avatar' => $url]);
\Event::assertDispatched(UpdatedByAdmin::class);
}
/** @test */
public function update_avatar_with_invalid_external_source()
{
$user = UserFactory::withPermissions('users.manage')->create();
$this->actingAs($user, self::API_GUARD)
->putJson("/api/users/{$user->id}/avatar/external", ['url' => 'foo'])
->assertStatus(422);
}
/** @test */
public function delete_user_avatar()
{
\Event::fake([UpdatedByAdmin::class]);
$user = UserFactory::withPermissions('users.manage')->create();
$user->forceFill(['avatar' => 'http://google.com'])->save();
$this->actingAs($user, self::API_GUARD)
->deleteJson("api/users/{$user->id}/avatar")
->assertOk()
->assertJsonFragment([
'avatar' => url('assets/img/profile.png'), // default profile image
]);
\Event::assertDispatched(UpdatedByAdmin::class);
}
}
tests/Feature/Api/Users/SessionsControllerTest.php
+70
View File
@@ -0,0 +1,70 @@
<?php
namespace Tests\Feature\Api\Users;
use Facades\Tests\Setup\UserFactory;
use Illuminate\Support\Str;
use Tests\Feature\ApiTestCase;
use Vanguard\Http\Resources\SessionResource;
use Vanguard\Repositories\Session\SessionRepository;
use Vanguard\User;
class SessionsControllerTest extends ApiTestCase
{
/** @test */
public function get_sessions_unauthenticated()
{
$user = User::factory()->create();
$this->getJson("/api/users/{$user->id}/sessions")->assertStatus(401);
}
/** @test */
public function get_user_sessions_without_permission()
{
$user = User::factory()->create();
$this->actingAs($user, self::API_GUARD)
->getJson("/api/users/{$user->id}/sessions")
->assertForbidden();
}
/** @test */
public function get_user_sessions()
{
config(['session.driver' => 'database']);
$user = UserFactory::withPermissions('users.manage')->create();
$sessions = $this->generateNonExpiredSessions($user);
$this->actingAs($user, self::API_GUARD)
->getJson("/api/users/{$user->id}/sessions")
->assertOk()
->assertJson([
'data' => SessionResource::collection($sessions)->resolve(),
]);
}
private function generateNonExpiredSessions(User $user, $count = 5)
{
$sessions = [];
$faker = $this->app->make(\Faker\Generator::class);
$lifetime = config('session.lifetime') - 1;
for ($i = 0; $i < $count; $i++) {
array_push($sessions, [
'id' => Str::random(40),
'user_id' => $user->id,
'ip_address' => $faker->ipv4,
'user_agent' => $faker->userAgent,
'payload' => Str::random(),
'last_activity' => $faker->dateTimeBetween("-{$lifetime} minutes")->getTimestamp(),
]);
}
\DB::table('sessions')->insert($sessions);
return app(SessionRepository::class)->getUserSessions($user->id);
}
}
tests/Feature/Api/Users/TwoFactorControllerTest.php
+179
View File
@@ -0,0 +1,179 @@
<?php
namespace Tests\Feature\Api\Users;
use Carbon\Carbon;
use Facades\Tests\Setup\UserFactory;
use PragmaRX\Google2FA\Google2FA;
use Tests\Feature\ApiTestCase;
use Vanguard\Events\User\TwoFactorDisabledByAdmin;
use Vanguard\Events\User\TwoFactorEnabledByAdmin;
use Vanguard\Http\Resources\UserResource;
use Vanguard\User;
class TwoFactorControllerTest extends ApiTestCase
{
/** @test */
public function update_2fa_unathenticated()
{
$this->setSettings(['2fa.enabled' => true]);
$user = User::factory()->create();
$this->putJson("api/users/{$user->id}/2fa")
->assertStatus(401);
}
/** @test */
public function update_2fa_without_permission()
{
$this->setSettings(['2fa.enabled' => true]);
$user = User::factory()->create();
$this->actingAs($user, self::API_GUARD)
->putJson("api/users/{$user->id}/2fa")
->assertForbidden();
}
/** @test */
public function enable_two_factor_auth_for_user()
{
$this->setSettings(['2fa.enabled' => true]);
\Event::fake([TwoFactorEnabledByAdmin::class]);
$user = UserFactory::withPermissions('users.manage')->create();
$this->actingAs($user, self::API_GUARD)->putJson("api/users/{$user->id}/2fa")
->assertOk()
->assertJson(['message' => 'Verification token sent.'])
->assertJsonStructure([
'message',
'qrcode',
]);
$this->assertTrue(
\DB::table('users')
->where('id', $user->id)
->whereNotNull('two_factor_secret')
->exists()
);
\Event::assertNotDispatched(TwoFactorEnabledByAdmin::class);
}
/** @test */
public function verify_user_app_with_correct_code()
{
$google2fa = new Google2FA();
$secret = encrypt($google2fa->generateSecretKey());
$this->setSettings(['2fa.enabled' => true]);
\Event::fake([TwoFactorEnabledByAdmin::class]);
$user = UserFactory::withPermissions('users.manage')->create();
$user->two_factor_secret = $secret;
$user->save();
$validCode = $google2fa->getCurrentOtp(decrypt($user->two_factor_secret));
$response = $this->actingAs($user, self::API_GUARD)
->postJson("api/users/{$user->id}/2fa/verify", ['code' => $validCode]);
$updatedUser = (new UserResource($user->fresh()))->resolve();
$response->assertOk()
->assertJsonFragment($updatedUser);
$this->assertTrue($user->fresh()->twoFactorEnabled());
\Event::assertDispatched(TwoFactorEnabledByAdmin::class);
}
/** @test */
public function verify_user_app_with_invalid_token()
{
$this->setSettings(['2fa.enabled' => true]);
$user = UserFactory::withPermissions('users.manage')->create();
$this->actingAs($user, self::API_GUARD)
->postJson("api/users/{$user->id}/2fa/verify", ['code' => '123123'])
->assertStatus(422)
->assertJson([
'message' => 'Invalid 2FA token.',
]);
$this->assertTrue(
\DB::table('users')
->where('id', $user->id)
->whereNull('two_factor_confirmed_at')
->exists()
);
}
/** @test */
public function enable_two_factor_auth_for_user_when_it_is_already_enabled()
{
$google2fa = new Google2FA();
$secret = encrypt($google2fa->generateSecretKey());
$this->setSettings(['2fa.enabled' => true]);
$user = UserFactory::withPermissions('users.manage')->create();
$user->two_factor_secret = $secret;
$user->two_factor_confirmed_at = Carbon::now();
$user->save();
$this->actingAs($user, self::API_GUARD)
->putJson("api/users/{$user->id}/2fa")
->assertStatus(422)
->assertJson([
'message' => '2FA is already enabled for this user.',
]);
}
/** @test */
public function disable_two_factor_auth_for_user()
{
$google2fa = new Google2FA();
$secret = encrypt($google2fa->generateSecretKey());
$this->setSettings(['2fa.enabled' => true]);
\Event::fake([TwoFactorDisabledByAdmin::class]);
$user = UserFactory::withPermissions('users.manage')->create();
$user->two_factor_secret = $secret;
$user->two_factor_confirmed_at = Carbon::now();
$user->save();
$this->be($user, self::API_GUARD);
$response = $this->deleteJson("api/users/{$user->id}/2fa");
$user = (new UserResource($user->fresh()))->resolve();
$response->assertOk()
->assertJsonFragment($user);
\Event::assertDispatched(TwoFactorDisabledByAdmin::class);
}
/** @test */
public function disable_2fa_for_user_when_it_is_already_disabled()
{
$this->setSettings(['2fa.enabled' => true]);
$user = UserFactory::withPermissions('users.manage')->create();
$this->actingAs($user, self::API_GUARD)
->deleteJson("api/users/{$user->id}/2fa")
->assertStatus(422)
->assertJson([
'message' => '2FA is not enabled for this user.',
]);
}
}
tests/Feature/Api/Users/UsersControllerTest.php
+260
View File
@@ -0,0 +1,260 @@
<?php
namespace Tests\Feature\Api\Users;
use Event;
use Facades\Tests\Setup\UserFactory;
use Illuminate\Support\Arr;
use Tests\Feature\ApiTestCase;
use Vanguard\Country;
use Vanguard\Events\User\Deleted;
use Vanguard\Events\User\UpdatedByAdmin;
use Vanguard\Http\Resources\UserResource;
use Vanguard\Role;
use Vanguard\Support\Enum\UserStatus;
use Vanguard\User;
class UsersControllerTest extends ApiTestCase
{
/** @test */
public function only_authenticated_users_can_list_all_users()
{
$this->getJson('/api/users')->assertStatus(401);
}
/** @test */
public function get_users_without_permission()
{
$user = User::factory()->create();
$this->actingAs($user, self::API_GUARD)
->getJson('/api/users')
->assertStatus(403);
}
/** @test */
public function paginate_all_users()
{
\DB::table('users')->delete();
$user = $this->login();
$users = User::factory()->times(20)->create();
$users->push($user);
$response = $this->getJson('/api/users');
$transformed = UserResource::collection($users->sortBy('id')->take(20))->resolve();
$this->assertEquals($response->json('data'), $transformed);
}
/** @test */
public function paginate_users_with_country_included()
{
$this->login();
$country = Country::factory()->create();
User::factory()->create(['country_id' => null]);
User::factory()->create(['country_id' => $country->id]);
$response = $this->getJson('/api/users?include=country')
->assertOk()
->json();
$this->assertNull($response['data'][0]['country']);
$this->assertNotNull($response['data'][1]['country_id']);
}
/** @test */
public function paginate_users_by_status()
{
$this->login();
User::factory()->times(2)->create(['status' => UserStatus::ACTIVE]);
User::factory()->times(5)->create(['status' => UserStatus::BANNED]);
$response = $this->getJson('/api/users?filter[status]='.UserStatus::BANNED->value);
$this->assertCount(5, $response->json('data'));
}
/** @test */
public function paginate_users_on_search()
{
$user = $this->login();
$user1 = User::factory()->create([
'first_name' => 'John',
'last_name' => 'Doe',
'email' => 'john.doe@vanguardapp.io',
]);
$user2 = User::factory()->create([
'first_name' => 'Jane',
'last_name' => 'Doe',
'email' => 'jane.doe@vanguardapp.io',
]);
$user3 = User::factory()->create([
'first_name' => 'Brad',
'last_name' => 'Pitt',
'email' => 'b.pitt@vanguardapp.io',
]);
$response = $this->getJson('/api/users?filter[search]=doe');
$this->assertCount(2, $response->json('data'));
}
/** @test */
public function create_user()
{
$this->login();
$newUser = User::factory()->make();
$data = array_merge($newUser->toArray(), [
'birthday' => $newUser->birthday->format('Y-m-d'),
'role' => $newUser->role_id,
'password' => '123123123',
'password_confirmation' => '123123123',
]);
$response = $this->postJson('api/users', $data);
$expected = [
'first_name' => $newUser->first_name,
'last_name' => $newUser->last_name,
'email' => $newUser->email,
'username' => $newUser->username,
'country_id' => $newUser->country_id,
'birthday' => $newUser->birthday->format('Y-m-d'),
'phone' => $newUser->phone,
'address' => $newUser->address,
'status' => UserStatus::ACTIVE,
'role_id' => $newUser->role_id,
];
$response->assertStatus(201)
->assertJsonFragment($expected);
$this->assertDatabaseHas('users', $expected);
}
/** @test */
public function get_user()
{
$user = $this->login();
$this->getJson("api/users/{$user->id}")
->assertOk()
->assertJson([
'data' => (new UserResource($user->fresh()))->resolve(),
]);
}
/** @test */
public function get_user_which_does_not_exist()
{
$this->login();
$this->getJson('api/users/222')->assertStatus(404);
}
/** @test */
public function update_user()
{
Event::fake([UpdatedByAdmin::class]);
$user = $this->login();
$data = [
'email' => 'john.doe@test.com',
'username' => 'john.doe',
'password' => '123123123',
'password_confirmation' => '123123123',
'first_name' => 'John',
'last_name' => 'Doe',
'phone' => '+38123456789',
'address' => 'Some random address',
'country_id' => Country::first()->id,
'birthday' => '1990-10-18',
'status' => UserStatus::BANNED,
'role_id' => Role::whereName('User')->first()->id,
];
$expected = Arr::except($data, ['password', 'password_confirmation']);
$expected += ['id' => $user->id];
$this->patchJson("api/users/{$user->id}", $data)
->assertOk()
->assertJsonFragment($expected);
$this->assertDatabaseHas('users', $expected);
Event::assertDispatched(UpdatedByAdmin::class);
}
/** @test */
public function update_only_specific_field()
{
Event::fake([UpdatedByAdmin::class]);
$user = $this->login();
$data = ['email' => 'john.doe@test.com'];
$expected = array_merge(
$user->toArray(),
$data,
['birthday' => $user->birthday->format('Y-m-d')]
);
$expected = Arr::except($expected, ['created_at', 'updated_at', 'avatar', 'role']);
$this->patchJson("api/users/{$user->id}", $data)
->assertOk()
->assertJsonFragment($expected);
$this->assertDatabaseHas('users', $expected);
Event::assertDispatched(UpdatedByAdmin::class);
}
/** @test */
public function delete_user()
{
Event::fake([Deleted::class]);
$user = $this->login();
$user2 = User::factory()->create();
$this->deleteJson("api/users/{$user2->id}")
->assertOk()
->assertJson(['success' => true]);
Event::assertDispatched(Deleted::class);
}
/** @test */
public function delete_yourself()
{
$user = $this->login();
$this->deleteJson("api/users/{$user->id}")
->assertStatus(403)
->assertJson(['message' => 'You cannot delete yourself.']);
}
protected function login()
{
$user = UserFactory::withPermissions('users.manage')->create();
$this->be($user, self::API_GUARD);
return $user;
}
}