2FAuth/tests/Api/v1/Controllers/TwoFAccountControllerTest.php

935 lines
28 KiB
PHP
Raw Normal View History

2021-11-14 01:52:46 +01:00
<?php
2021-11-30 17:39:33 +01:00
namespace Tests\Api\v1\Controllers;
2021-11-14 01:52:46 +01:00
2021-12-02 13:15:53 +01:00
use App\Models\User;
use App\Models\Group;
2022-07-30 17:51:02 +02:00
use App\Facades\Settings;
2021-11-14 01:52:46 +01:00
use Tests\FeatureTestCase;
use Tests\Classes\OtpTestData;
2021-12-02 13:15:53 +01:00
use App\Models\TwoFAccount;
2021-11-14 01:52:46 +01:00
use Illuminate\Support\Facades\DB;
use Illuminate\Support\Facades\Storage;
2021-11-22 01:09:54 +01:00
/**
* @covers \App\Api\v1\Controllers\TwoFAccountController
2021-11-30 17:39:33 +01:00
* @covers \App\Api\v1\Resources\TwoFAccountReadResource
* @covers \App\Api\v1\Resources\TwoFAccountStoreResource
2021-11-22 01:09:54 +01:00
*/
2021-11-14 01:52:46 +01:00
class TwoFAccountControllerTest extends FeatureTestCase
{
/**
2021-12-02 13:15:53 +01:00
* @var \App\Models\User
2021-11-14 01:52:46 +01:00
*/
protected $user;
2021-11-22 01:09:54 +01:00
/**
2021-12-02 13:15:53 +01:00
* @var \App\Models\Group
2021-11-22 01:09:54 +01:00
*/
protected $group;
private const VALID_RESOURCE_STRUCTURE_WITHOUT_SECRET = [
'id',
'group_id',
'service',
'account',
'icon',
'otp_type',
'digits',
'algorithm',
'period',
'counter'
];
private const VALID_RESOURCE_STRUCTURE_WITH_SECRET = [
'id',
'group_id',
'service',
'account',
'icon',
'otp_type',
'secret',
'digits',
'algorithm',
'period',
'counter'
];
private const VALID_OTP_RESOURCE_STRUCTURE_FOR_TOTP = [
'generated_at',
'otp_type',
'password',
'period',
];
private const VALID_OTP_RESOURCE_STRUCTURE_FOR_HOTP = [
'otp_type',
'password',
'counter',
];
private const JSON_FRAGMENTS_FOR_CUSTOM_TOTP = [
'service' => OtpTestData::SERVICE,
'account' => OtpTestData::ACCOUNT,
'otp_type' => 'totp',
'secret' => OtpTestData::SECRET,
'digits' => OtpTestData::DIGITS_CUSTOM,
'algorithm' => OtpTestData::ALGORITHM_CUSTOM,
'period' => OtpTestData::PERIOD_CUSTOM,
'counter' => null,
];
private const JSON_FRAGMENTS_FOR_DEFAULT_TOTP = [
'service' => null,
'account' => OtpTestData::ACCOUNT,
'otp_type' => 'totp',
'secret' => OtpTestData::SECRET,
'digits' => OtpTestData::DIGITS_DEFAULT,
'algorithm' => OtpTestData::ALGORITHM_DEFAULT,
'period' => OtpTestData::PERIOD_DEFAULT,
'counter' => null,
];
private const JSON_FRAGMENTS_FOR_CUSTOM_HOTP = [
'service' => OtpTestData::SERVICE,
'account' => OtpTestData::ACCOUNT,
'otp_type' => 'hotp',
'secret' => OtpTestData::SECRET,
'digits' => OtpTestData::DIGITS_CUSTOM,
'algorithm' => OtpTestData::ALGORITHM_CUSTOM,
'period' => null,
'counter' => OtpTestData::COUNTER_CUSTOM,
];
private const JSON_FRAGMENTS_FOR_DEFAULT_HOTP = [
'service' => null,
'account' => OtpTestData::ACCOUNT,
'otp_type' => 'hotp',
'secret' => OtpTestData::SECRET,
'digits' => OtpTestData::DIGITS_DEFAULT,
'algorithm' => OtpTestData::ALGORITHM_DEFAULT,
'period' => null,
'counter' => OtpTestData::COUNTER_DEFAULT,
];
private const ARRAY_OF_INVALID_PARAMETERS = [
'account' => null,
'otp_type' => 'totp',
'secret' => OtpTestData::SECRET,
];
2021-11-14 01:52:46 +01:00
/**
* @test
*/
public function setUp(): void
{
parent::setUp();
2021-12-02 13:15:53 +01:00
$this->user = User::factory()->create();
$this->group = Group::factory()->create();
2021-11-14 01:52:46 +01:00
}
/**
* @test
*
* @dataProvider indexUrlParameterProvider
2021-11-14 01:52:46 +01:00
*/
public function test_index_returns_twofaccount_collection($urlParameter, $expected)
2021-11-14 01:52:46 +01:00
{
2021-12-02 13:15:53 +01:00
TwoFAccount::factory()->count(3)->create();
2021-11-14 01:52:46 +01:00
2022-03-31 08:38:35 +02:00
$response = $this->actingAs($this->user, 'api-guard')
->json('GET', '/api/v1/twofaccounts'.$urlParameter)
2021-11-14 01:52:46 +01:00
->assertOk()
->assertJsonCount(3, $key = null)
->assertJsonStructure([
'*' => $expected
]);
2021-11-14 01:52:46 +01:00
}
/**
* Provide data for index tests
2021-11-14 01:52:46 +01:00
*/
public function indexUrlParameterProvider()
2021-11-14 01:52:46 +01:00
{
return [
'VALID_RESOURCE_STRUCTURE_WITHOUT_SECRET' => [
'',
self::VALID_RESOURCE_STRUCTURE_WITHOUT_SECRET
],
'VALID_RESOURCE_STRUCTURE_WITH_SECRET' => [
'?withSecret=1',
self::VALID_RESOURCE_STRUCTURE_WITH_SECRET
],
];
2021-11-14 01:52:46 +01:00
}
/**
* @test
*/
public function test_show_twofaccount_returns_twofaccount_resource_with_secret()
2021-11-14 01:52:46 +01:00
{
2021-12-02 13:15:53 +01:00
$twofaccount = TwoFAccount::factory()->create();
2021-11-14 01:52:46 +01:00
2022-03-31 08:38:35 +02:00
$response = $this->actingAs($this->user, 'api-guard')
2021-11-14 01:52:46 +01:00
->json('GET', '/api/v1/twofaccounts/' . $twofaccount->id)
->assertOk()
->assertJsonStructure(self::VALID_RESOURCE_STRUCTURE_WITH_SECRET);
2021-11-14 01:52:46 +01:00
}
/**
* @test
*/
public function test_show_twofaccount_returns_twofaccount_resource_without_secret()
{
2021-12-02 13:15:53 +01:00
$twofaccount = TwoFAccount::factory()->create();
2021-11-14 01:52:46 +01:00
2022-03-31 08:38:35 +02:00
$response = $this->actingAs($this->user, 'api-guard')
2021-11-14 01:52:46 +01:00
->json('GET', '/api/v1/twofaccounts/' . $twofaccount->id . '?withSecret=0')
->assertOk()
->assertJsonStructure(self::VALID_RESOURCE_STRUCTURE_WITHOUT_SECRET);
}
/**
* @test
*/
2021-11-30 17:39:33 +01:00
// public function test_show_twofaccount_with_indeciphered_data_returns_replaced_data()
// {
// $dbEncryptionService = resolve('App\Services\DbEncryptionService');
// $dbEncryptionService->setTo(true);
2021-12-02 13:15:53 +01:00
// $twofaccount = TwoFAccount::factory()->create();
2021-11-30 17:39:33 +01:00
// DB::table('twofaccounts')
// ->where('id', $twofaccount->id)
// ->update([
// 'secret' => '**encrypted**',
// 'account' => '**encrypted**',
// ]);
2022-03-31 08:38:35 +02:00
// $response = $this->actingAs($this->user, 'api-guard')
2021-11-30 17:39:33 +01:00
// ->json('GET', '/api/v1/twofaccounts/' . $twofaccount->id)
// ->assertJsonFragment([
// 'secret' => '*indecipherable*',
// 'account' => '*indecipherable*',
// ]);
// }
2021-11-14 01:52:46 +01:00
/**
* @test
*/
public function test_show_missing_twofaccount_returns_not_found()
{
2022-03-31 08:38:35 +02:00
$response = $this->actingAs($this->user, 'api-guard')
2021-11-14 01:52:46 +01:00
->json('GET', '/api/v1/twofaccounts/1000')
->assertNotFound()
->assertJsonStructure([
'message'
]);
}
/**
* @dataProvider accountCreationProvider
2021-11-14 01:52:46 +01:00
* @test
*/
public function test_store_without_encryption_returns_success_with_consistent_resource_structure($payload, $expected)
2021-11-14 01:52:46 +01:00
{
Settings::set('useEncryption', false);
2021-11-14 01:52:46 +01:00
Storage::put('test.png', 'emptied to prevent missing resource replaced by null by the model getter');
2022-03-31 08:38:35 +02:00
$response = $this->actingAs($this->user, 'api-guard')
->json('POST', '/api/v1/twofaccounts', $payload)
2021-11-14 01:52:46 +01:00
->assertCreated()
->assertJsonStructure(self::VALID_RESOURCE_STRUCTURE_WITH_SECRET)
->assertJsonFragment($expected);
2021-11-14 01:52:46 +01:00
}
/**
* @dataProvider accountCreationProvider
2021-11-14 01:52:46 +01:00
* @test
*/
public function test_store_with_encryption_returns_success_with_consistent_resource_structure($payload, $expected)
2021-11-14 01:52:46 +01:00
{
Settings::set('useEncryption', true);
Storage::put('test.png', 'emptied to prevent missing resource replaced by null by the model getter');
2021-11-14 01:52:46 +01:00
2022-03-31 08:38:35 +02:00
$response = $this->actingAs($this->user, 'api-guard')
->json('POST', '/api/v1/twofaccounts', $payload)
->assertCreated()
->assertJsonStructure(self::VALID_RESOURCE_STRUCTURE_WITH_SECRET)
->assertJsonFragment($expected);
2021-11-14 01:52:46 +01:00
}
/**
* Provide data for TwoFAccount store tests
2021-11-14 01:52:46 +01:00
*/
public function accountCreationProvider()
2021-11-14 01:52:46 +01:00
{
return [
'TOTP_FULL_CUSTOM_URI' => [
[
'uri' => OtpTestData::TOTP_FULL_CUSTOM_URI,
],
self::JSON_FRAGMENTS_FOR_CUSTOM_TOTP
],
'TOTP_SHORT_URI' => [
[
'uri' => OtpTestData::TOTP_SHORT_URI,
],
self::JSON_FRAGMENTS_FOR_DEFAULT_TOTP
],
'ARRAY_OF_FULL_VALID_PARAMETERS_FOR_CUSTOM_TOTP' => [
OtpTestData::ARRAY_OF_FULL_VALID_PARAMETERS_FOR_CUSTOM_TOTP,
self::JSON_FRAGMENTS_FOR_CUSTOM_TOTP
],
'ARRAY_OF_MINIMUM_VALID_PARAMETERS_FOR_TOTP' => [
OtpTestData::ARRAY_OF_MINIMUM_VALID_PARAMETERS_FOR_TOTP,
self::JSON_FRAGMENTS_FOR_DEFAULT_TOTP
],
'HOTP_FULL_CUSTOM_URI' => [
[
'uri' => OtpTestData::HOTP_FULL_CUSTOM_URI,
],
self::JSON_FRAGMENTS_FOR_CUSTOM_HOTP
],
'HOTP_SHORT_URI' => [
[
'uri' => OtpTestData::HOTP_SHORT_URI,
],
self::JSON_FRAGMENTS_FOR_DEFAULT_HOTP
],
'ARRAY_OF_FULL_VALID_PARAMETERS_FOR_CUSTOM_HOTP' => [
OtpTestData::ARRAY_OF_FULL_VALID_PARAMETERS_FOR_CUSTOM_HOTP,
self::JSON_FRAGMENTS_FOR_CUSTOM_HOTP
],
'ARRAY_OF_MINIMUM_VALID_PARAMETERS_FOR_HOTP' => [
OtpTestData::ARRAY_OF_MINIMUM_VALID_PARAMETERS_FOR_HOTP,
self::JSON_FRAGMENTS_FOR_DEFAULT_HOTP
],
];
2021-11-14 01:52:46 +01:00
}
/**
* @test
*/
public function test_store_with_invalid_uri_returns_validation_error()
{
2022-03-31 08:38:35 +02:00
$response = $this->actingAs($this->user, 'api-guard')
2021-11-14 01:52:46 +01:00
->json('POST', '/api/v1/twofaccounts', [
'uri' => OtpTestData::INVALID_OTPAUTH_URI,
])
2021-11-14 01:52:46 +01:00
->assertStatus(422);
}
2021-11-22 01:09:54 +01:00
/**
* @test
*/
public function test_store_assigns_created_account_when_default_group_is_a_specific_one()
{
// Set the default group to a specific one
2022-07-30 17:51:02 +02:00
Settings::set('defaultGroup', $this->group->id);
2021-11-22 01:09:54 +01:00
2022-03-31 08:38:35 +02:00
$response = $this->actingAs($this->user, 'api-guard')
2021-11-22 01:09:54 +01:00
->json('POST', '/api/v1/twofaccounts', [
'uri' => OtpTestData::TOTP_SHORT_URI,
2021-11-22 01:09:54 +01:00
])
->assertJsonFragment([
'group_id' => $this->group->id
]);
}
/**
* @test
*/
public function test_store_assigns_created_account_when_default_group_is_the_active_one()
{
// Set the default group to be the active one
2022-07-30 17:51:02 +02:00
Settings::set('defaultGroup', -1);
2021-11-22 01:09:54 +01:00
// Set the active group
2022-07-30 17:51:02 +02:00
Settings::set('activeGroup', $this->group->id);
2021-11-22 01:09:54 +01:00
2022-03-31 08:38:35 +02:00
$response = $this->actingAs($this->user, 'api-guard')
2021-11-22 01:09:54 +01:00
->json('POST', '/api/v1/twofaccounts', [
'uri' => OtpTestData::TOTP_SHORT_URI,
2021-11-22 01:09:54 +01:00
])
->assertJsonFragment([
2022-04-01 13:35:59 +02:00
'group_id' => $this->group->id
2021-11-22 01:09:54 +01:00
]);
}
/**
* @test
*/
public function test_store_assigns_created_account_when_default_group_is_no_group()
{
// Set the default group to No group
2022-07-30 17:51:02 +02:00
Settings::set('defaultGroup', 0);
2021-11-22 01:09:54 +01:00
2022-03-31 08:38:35 +02:00
$response = $this->actingAs($this->user, 'api-guard')
2021-11-22 01:09:54 +01:00
->json('POST', '/api/v1/twofaccounts', [
'uri' => OtpTestData::TOTP_SHORT_URI,
2021-11-22 01:09:54 +01:00
])
->assertJsonFragment([
'group_id' => null
]);
}
/**
* @test
*/
public function test_store_assigns_created_account_when_default_group_does_not_exist()
{
// Set the default group to a non-existing one
2022-07-30 17:51:02 +02:00
Settings::set('defaultGroup', 1000);
2021-11-22 01:09:54 +01:00
2022-03-31 08:38:35 +02:00
$response = $this->actingAs($this->user, 'api-guard')
2021-11-22 01:09:54 +01:00
->json('POST', '/api/v1/twofaccounts', [
'uri' => OtpTestData::TOTP_SHORT_URI,
2021-11-22 01:09:54 +01:00
])
->assertJsonFragment([
'group_id' => null
]);
}
2021-11-14 01:52:46 +01:00
/**
* @test
*/
public function test_update_totp_returns_success_with_updated_resource()
{
2021-12-02 13:15:53 +01:00
$twofaccount = TwoFAccount::factory()->create();
2021-11-14 01:52:46 +01:00
2022-03-31 08:38:35 +02:00
$response = $this->actingAs($this->user, 'api-guard')
->json('PUT', '/api/v1/twofaccounts/' . $twofaccount->id, OtpTestData::ARRAY_OF_FULL_VALID_PARAMETERS_FOR_CUSTOM_TOTP)
2021-11-14 01:52:46 +01:00
->assertOk()
->assertJsonFragment(self::JSON_FRAGMENTS_FOR_CUSTOM_TOTP);
2021-11-14 01:52:46 +01:00
}
/**
* @test
*/
public function test_update_hotp_returns_success_with_updated_resource()
{
2021-12-02 13:15:53 +01:00
$twofaccount = TwoFAccount::factory()->create();
2021-11-14 01:52:46 +01:00
2022-03-31 08:38:35 +02:00
$response = $this->actingAs($this->user, 'api-guard')
->json('PUT', '/api/v1/twofaccounts/' . $twofaccount->id, OtpTestData::ARRAY_OF_FULL_VALID_PARAMETERS_FOR_CUSTOM_HOTP)
2021-11-14 01:52:46 +01:00
->assertOk()
->assertJsonFragment(self::JSON_FRAGMENTS_FOR_CUSTOM_HOTP);
2021-11-14 01:52:46 +01:00
}
/**
* @test
*/
public function test_update_missing_twofaccount_returns_not_found()
{
2022-03-31 08:38:35 +02:00
$response = $this->actingAs($this->user, 'api-guard')
->json('PUT', '/api/v1/twofaccounts/1000', OtpTestData::ARRAY_OF_FULL_VALID_PARAMETERS_FOR_CUSTOM_TOTP)
2021-11-14 01:52:46 +01:00
->assertNotFound();
}
/**
* @test
*/
public function test_update_twofaccount_with_invalid_data_returns_validation_error()
{
2021-12-02 13:15:53 +01:00
$twofaccount = TwoFAccount::factory()->create();
2021-11-14 01:52:46 +01:00
2022-03-31 08:38:35 +02:00
$response = $this->actingAs($this->user, 'api-guard')
->json('PUT', '/api/v1/twofaccounts/' . $twofaccount->id, self::ARRAY_OF_INVALID_PARAMETERS)
2021-11-14 01:52:46 +01:00
->assertStatus(422);
}
/**
* @test
*/
public function test_import_valid_gauth_data_returns_success_with_consistent_resources()
{
$response = $this->actingAs($this->user, 'api-guard')
->json('POST', '/api/v1/twofaccounts/import', [
'uri' => OtpTestData::GOOGLE_AUTH_MIGRATION_URI,
])
->assertOk()
->assertJsonCount(2, $key = null)
->assertJsonFragment([
'id' => 0,
'service' => OtpTestData::SERVICE,
'account' => OtpTestData::ACCOUNT,
'otp_type' => 'totp',
'secret' => OtpTestData::SECRET,
'digits' => OtpTestData::DIGITS_DEFAULT,
'algorithm' => OtpTestData::ALGORITHM_DEFAULT,
'period' => OtpTestData::PERIOD_DEFAULT,
'counter' => null
])
->assertJsonFragment([
'id' => 0,
'service' => OtpTestData::SERVICE . '_bis',
'account' => OtpTestData::ACCOUNT . '_bis',
'otp_type' => 'totp',
'secret' => OtpTestData::SECRET,
'digits' => OtpTestData::DIGITS_DEFAULT,
'algorithm' => OtpTestData::ALGORITHM_DEFAULT,
'period' => OtpTestData::PERIOD_DEFAULT,
'counter' => null
]);
}
/**
* @test
*/
public function test_import_with_invalid_uri_returns_validation_error()
{
$response = $this->actingAs($this->user, 'api-guard')
->json('POST', '/api/v1/twofaccounts', [
'uri' => OtpTestData::INVALID_GOOGLE_AUTH_MIGRATION_URI,
])
->assertStatus(422);
}
/**
* @test
*/
public function test_import_gauth_data_with_duplicates_returns_negative_ids()
{
$twofaccount = TwoFAccount::factory()->create([
'otp_type' => 'totp',
'account' => OtpTestData::ACCOUNT,
'service' => OtpTestData::SERVICE,
'secret' => OtpTestData::SECRET,
'algorithm' => OtpTestData::ALGORITHM_DEFAULT,
'digits' => OtpTestData::DIGITS_DEFAULT,
'period' => OtpTestData::PERIOD_DEFAULT,
'legacy_uri' => OtpTestData::TOTP_SHORT_URI,
'icon' => '',
]);
$response = $this->actingAs($this->user, 'api-guard')
->json('POST', '/api/v1/twofaccounts/import', [
'uri' => OtpTestData::GOOGLE_AUTH_MIGRATION_URI,
])
->assertOk()
->assertJsonFragment([
'id' => -1,
'service' => OtpTestData::SERVICE,
'account' => OtpTestData::ACCOUNT,
]);
}
/**
* @test
*/
public function test_import_invalid_gauth_data_returns_bad_request()
{
$response = $this->actingAs($this->user, 'api-guard')
->json('POST', '/api/v1/twofaccounts/import', [
'uri' => OtpTestData::GOOGLE_AUTH_MIGRATION_URI_WITH_INVALID_DATA,
])
->assertStatus(400)
->assertJsonStructure([
'message'
]);
}
/**
* @test
*/
public function test_reorder_returns_success()
{
2021-12-02 13:15:53 +01:00
TwoFAccount::factory()->count(3)->create();
2021-11-14 01:52:46 +01:00
2022-03-31 08:38:35 +02:00
$response = $this->actingAs($this->user, 'api-guard')
->json('POST', '/api/v1/twofaccounts/reorder', [
'orderedIds' => [3,2,1]])
->assertStatus(200)
->assertJsonStructure([
'message'
]);
}
2021-11-14 01:52:46 +01:00
/**
* @test
*/
public function test_reorder_with_invalid_data_returns_validation_error()
{
2021-12-02 13:15:53 +01:00
TwoFAccount::factory()->count(3)->create();
2021-11-14 01:52:46 +01:00
2022-03-31 08:38:35 +02:00
$response = $this->actingAs($this->user, 'api-guard')
->json('POST', '/api/v1/twofaccounts/reorder', [
'orderedIds' => '3,2,1'])
->assertStatus(422);
}
2021-11-14 01:52:46 +01:00
/**
* @test
*/
public function test_preview_returns_success_with_resource()
{
2022-03-31 08:38:35 +02:00
$response = $this->actingAs($this->user, 'api-guard')
->json('POST', '/api/v1/twofaccounts/preview', [
'uri' => OtpTestData::TOTP_FULL_CUSTOM_URI,
])
->assertOk()
->assertJsonFragment(self::JSON_FRAGMENTS_FOR_CUSTOM_TOTP);
}
2021-11-14 01:52:46 +01:00
/**
* @test
*/
public function test_preview_with_invalid_data_returns_validation_error()
{
2022-03-31 08:38:35 +02:00
$response = $this->actingAs($this->user, 'api-guard')
->json('POST', '/api/v1/twofaccounts/preview', [
'uri' => OtpTestData::INVALID_OTPAUTH_URI,
])
->assertStatus(422);
}
2021-11-14 01:52:46 +01:00
/**
* @test
*/
public function test_preview_with_unreachable_image_returns_success()
{
2022-03-31 08:38:35 +02:00
$response = $this->actingAs($this->user, 'api-guard')
->json('POST', '/api/v1/twofaccounts/preview', [
'uri' => OtpTestData::TOTP_URI_WITH_UNREACHABLE_IMAGE,
])
->assertOk()
->assertJsonFragment([
'icon' => null
]);
}
2021-11-14 01:52:46 +01:00
/**
* @test
*/
public function test_get_otp_using_totp_twofaccount_id_returns_consistent_resource()
2021-11-14 01:52:46 +01:00
{
2021-12-02 13:15:53 +01:00
$twofaccount = TwoFAccount::factory()->create([
'otp_type' => 'totp',
'account' => OtpTestData::ACCOUNT,
'service' => OtpTestData::SERVICE,
'secret' => OtpTestData::SECRET,
'algorithm' => OtpTestData::ALGORITHM_DEFAULT,
'digits' => OtpTestData::DIGITS_DEFAULT,
'period' => OtpTestData::PERIOD_DEFAULT,
'legacy_uri' => OtpTestData::TOTP_SHORT_URI,
'icon' => '',
2021-11-14 01:52:46 +01:00
]);
2022-03-31 08:38:35 +02:00
$response = $this->actingAs($this->user, 'api-guard')
->json('GET', '/api/v1/twofaccounts/' . $twofaccount->id . '/otp')
->assertOk()
->assertJsonStructure(self::VALID_OTP_RESOURCE_STRUCTURE_FOR_TOTP)
->assertJsonFragment([
'otp_type' => 'totp',
'period' => OtpTestData::PERIOD_DEFAULT,
]);
}
2021-11-14 01:52:46 +01:00
/**
* @test
*/
public function test_get_otp_by_posting_totp_uri_returns_consistent_resource()
{
2022-03-31 08:38:35 +02:00
$response = $this->actingAs($this->user, 'api-guard')
->json('POST', '/api/v1/twofaccounts/otp', [
'uri' => OtpTestData::TOTP_FULL_CUSTOM_URI,
2021-11-14 01:52:46 +01:00
])
->assertOk()
->assertJsonStructure(self::VALID_OTP_RESOURCE_STRUCTURE_FOR_TOTP)
->assertJsonFragment([
'otp_type' => 'totp',
'period' => OtpTestData::PERIOD_CUSTOM,
2021-11-14 01:52:46 +01:00
]);
}
/**
* @test
*/
public function test_get_otp_by_posting_totp_parameters_returns_consistent_resource()
2021-11-14 01:52:46 +01:00
{
2022-03-31 08:38:35 +02:00
$response = $this->actingAs($this->user, 'api-guard')
->json('POST', '/api/v1/twofaccounts/otp', OtpTestData::ARRAY_OF_FULL_VALID_PARAMETERS_FOR_CUSTOM_TOTP)
->assertOk()
->assertJsonStructure(self::VALID_OTP_RESOURCE_STRUCTURE_FOR_TOTP)
2021-11-14 01:52:46 +01:00
->assertJsonFragment([
'otp_type' => 'totp',
'period' => OtpTestData::PERIOD_CUSTOM,
2021-11-14 01:52:46 +01:00
]);
}
/**
* @test
*/
public function test_get_otp_using_hotp_twofaccount_id_returns_consistent_resource()
2021-11-14 01:52:46 +01:00
{
2021-12-02 13:15:53 +01:00
$twofaccount = TwoFAccount::factory()->create([
'otp_type' => 'hotp',
'account' => OtpTestData::ACCOUNT,
'service' => OtpTestData::SERVICE,
'secret' => OtpTestData::SECRET,
'algorithm' => OtpTestData::ALGORITHM_DEFAULT,
'digits' => OtpTestData::DIGITS_DEFAULT,
'period' => null,
'legacy_uri' => OtpTestData::HOTP_SHORT_URI,
'icon' => '',
]);
2021-11-14 01:52:46 +01:00
2022-03-31 08:38:35 +02:00
$response = $this->actingAs($this->user, 'api-guard')
->json('GET', '/api/v1/twofaccounts/' . $twofaccount->id . '/otp')
->assertOk()
->assertJsonStructure(self::VALID_OTP_RESOURCE_STRUCTURE_FOR_HOTP)
->assertJsonFragment([
'otp_type' => 'hotp',
'counter' => OtpTestData::COUNTER_DEFAULT + 1,
2021-11-14 01:52:46 +01:00
]);
}
/**
* @test
*/
public function test_get_otp_by_posting_hotp_uri_returns_consistent_resource()
2021-11-14 01:52:46 +01:00
{
2022-03-31 08:38:35 +02:00
$response = $this->actingAs($this->user, 'api-guard')
->json('POST', '/api/v1/twofaccounts/otp', [
'uri' => OtpTestData::HOTP_FULL_CUSTOM_URI,
])
->assertOk()
->assertJsonStructure(self::VALID_OTP_RESOURCE_STRUCTURE_FOR_HOTP)
->assertJsonFragment([
'otp_type' => 'hotp',
'counter' => OtpTestData::COUNTER_CUSTOM + 1,
2021-11-14 01:52:46 +01:00
]);
}
2021-11-14 01:52:46 +01:00
/**
* @test
*/
public function test_get_otp_by_posting_hotp_parameters_returns_consistent_resource()
{
2022-03-31 08:38:35 +02:00
$response = $this->actingAs($this->user, 'api-guard')
->json('POST', '/api/v1/twofaccounts/otp', OtpTestData::ARRAY_OF_FULL_VALID_PARAMETERS_FOR_CUSTOM_HOTP)
->assertOk()
->assertJsonStructure(self::VALID_OTP_RESOURCE_STRUCTURE_FOR_HOTP)
2021-11-14 01:52:46 +01:00
->assertJsonFragment([
'otp_type' => 'hotp',
'counter' => OtpTestData::COUNTER_CUSTOM + 1,
2021-11-14 01:52:46 +01:00
]);
}
/**
* @test
*/
public function test_get_otp_by_posting_multiple_inputs_returns_bad_request()
2021-11-14 01:52:46 +01:00
{
2022-03-31 08:38:35 +02:00
$response = $this->actingAs($this->user, 'api-guard')
->json('POST', '/api/v1/twofaccounts/otp', [
'uri' => OtpTestData::HOTP_FULL_CUSTOM_URI,
'key' => 'value',
])
->assertStatus(400)
2021-11-14 01:52:46 +01:00
->assertJsonStructure([
'message',
'reason',
2021-11-14 01:52:46 +01:00
]);
}
/**
* @test
*/
public function test_get_otp_using_indecipherable_twofaccount_id_returns_bad_request()
2021-11-14 01:52:46 +01:00
{
2022-07-30 17:51:02 +02:00
Settings::set('useEncryption', true);
2021-12-02 13:15:53 +01:00
$twofaccount = TwoFAccount::factory()->create();
DB::table('twofaccounts')
->where('id', $twofaccount->id)
->update([
'secret' => '**encrypted**',
]);
2021-11-14 01:52:46 +01:00
2022-03-31 08:38:35 +02:00
$response = $this->actingAs($this->user, 'api-guard')
->json('GET', '/api/v1/twofaccounts/' . $twofaccount->id . '/otp')
->assertStatus(400)
2021-11-14 01:52:46 +01:00
->assertJsonStructure([
'message',
2021-11-14 01:52:46 +01:00
]);
}
/**
* @test
*/
public function test_get_otp_using_missing_twofaccount_id_returns_not_found()
2021-11-14 01:52:46 +01:00
{
2022-03-31 08:38:35 +02:00
$response = $this->actingAs($this->user, 'api-guard')
->json('GET', '/api/v1/twofaccounts/1000/otp')
->assertNotFound();
2021-11-14 01:52:46 +01:00
}
/**
* @test
*/
public function test_get_otp_by_posting_invalid_uri_returns_validation_error()
2021-11-14 01:52:46 +01:00
{
2022-03-31 08:38:35 +02:00
$response = $this->actingAs($this->user, 'api-guard')
->json('POST', '/api/v1/twofaccounts/otp', [
'uri' => OtpTestData::INVALID_OTPAUTH_URI,
])
->assertStatus(422);
2021-11-14 01:52:46 +01:00
}
/**
* @test
*/
public function test_get_otp_by_posting_invalid_parameters_returns_validation_error()
2021-11-14 01:52:46 +01:00
{
2022-03-31 08:38:35 +02:00
$response = $this->actingAs($this->user, 'api-guard')
->json('POST', '/api/v1/twofaccounts/otp', self::ARRAY_OF_INVALID_PARAMETERS)
->assertStatus(422);
2021-11-14 01:52:46 +01:00
}
/**
* @test
*/
public function test_count_returns_right_number_of_twofaccount()
2021-11-14 01:52:46 +01:00
{
2021-12-02 13:15:53 +01:00
TwoFAccount::factory()->count(3)->create();
2022-03-31 08:38:35 +02:00
$response = $this->actingAs($this->user, 'api-guard')
->json('GET', '/api/v1/twofaccounts/count')
->assertStatus(200)
->assertExactJson([
'count' => 3
2021-11-14 01:52:46 +01:00
]);
}
/**
* @test
*/
public function test_withdraw_returns_success()
2021-11-14 01:52:46 +01:00
{
2021-12-02 13:15:53 +01:00
TwoFAccount::factory()->count(3)->create();
$ids = DB::table('twofaccounts')->pluck('id')->implode(',');
2022-03-31 08:38:35 +02:00
$response = $this->actingAs($this->user, 'api-guard')
->json('PATCH', '/api/v1/twofaccounts/withdraw?ids=1,2,3' . $ids)
->assertOk()
2021-11-14 01:52:46 +01:00
->assertJsonStructure([
'message',
2021-11-14 01:52:46 +01:00
]);
}
/**
* @test
*/
public function test_withdraw_too_many_ids_returns_bad_request()
2021-11-14 01:52:46 +01:00
{
2021-12-02 13:15:53 +01:00
TwoFAccount::factory()->count(102)->create();
$ids = DB::table('twofaccounts')->pluck('id')->implode(',');
2022-03-31 08:38:35 +02:00
$response = $this->actingAs($this->user, 'api-guard')
->json('PATCH', '/api/v1/twofaccounts/withdraw?ids=' . $ids)
->assertStatus(400)
2021-11-14 01:52:46 +01:00
->assertJsonStructure([
'message',
'reason',
2021-11-14 01:52:46 +01:00
]);
}
/**
* @test
*/
public function test_destroy_twofaccount_returns_success()
2021-11-14 01:52:46 +01:00
{
2021-12-02 13:15:53 +01:00
$twofaccount = TwoFAccount::factory()->create();
2021-11-14 01:52:46 +01:00
2022-03-31 08:38:35 +02:00
$response = $this->actingAs($this->user, 'api-guard')
->json('DELETE', '/api/v1/twofaccounts/' . $twofaccount->id)
->assertNoContent();
2021-11-14 01:52:46 +01:00
}
/**
* @test
*/
public function test_destroy_missing_twofaccount_returns_not_found()
2021-11-14 01:52:46 +01:00
{
2021-12-02 13:15:53 +01:00
$twofaccount = TwoFAccount::factory()->create();
2021-11-14 01:52:46 +01:00
2022-03-31 08:38:35 +02:00
$response = $this->actingAs($this->user, 'api-guard')
->json('DELETE', '/api/v1/twofaccounts/1000')
->assertNotFound();
2021-11-14 01:52:46 +01:00
}
/**
* @test
*/
public function test_batch_destroy_twofaccount_returns_success()
2021-11-14 01:52:46 +01:00
{
2021-12-02 13:15:53 +01:00
TwoFAccount::factory()->count(3)->create();
$ids = DB::table('twofaccounts')->pluck('id')->implode(',');
2021-11-14 01:52:46 +01:00
2022-03-31 08:38:35 +02:00
$response = $this->actingAs($this->user, 'api-guard')
->json('DELETE', '/api/v1/twofaccounts?ids=' . $ids)
->assertNoContent();
2021-11-14 01:52:46 +01:00
}
/**
* @test
*/
public function test_batch_destroy_too_many_twofaccounts_returns_bad_request()
2021-11-14 01:52:46 +01:00
{
2021-12-02 13:15:53 +01:00
TwoFAccount::factory()->count(102)->create();
$ids = DB::table('twofaccounts')->pluck('id')->implode(',');
2021-11-14 01:52:46 +01:00
2022-03-31 08:38:35 +02:00
$response = $this->actingAs($this->user, 'api-guard')
->json('DELETE', '/api/v1/twofaccounts?ids=' . $ids)
->assertStatus(400)
->assertJsonStructure([
'message',
'reason',
]);
2021-11-14 01:52:46 +01:00
}
}