2022-03-31 08:38:35 +02:00
|
|
|
<?php
|
|
|
|
|
2022-03-31 12:09:25 +02:00
|
|
|
namespace Tests\Feature\Http\Auth;
|
2022-03-31 08:38:35 +02:00
|
|
|
|
2023-08-01 11:28:27 +02:00
|
|
|
use App\Http\Controllers\Auth\UserController;
|
|
|
|
use App\Http\Middleware\RejectIfDemoMode;
|
|
|
|
use App\Http\Requests\UserUpdateRequest;
|
2023-03-10 16:03:42 +01:00
|
|
|
use App\Models\Group;
|
|
|
|
use App\Models\TwoFAccount;
|
2022-11-22 15:15:52 +01:00
|
|
|
use App\Models\User;
|
2024-01-29 08:46:09 +01:00
|
|
|
use App\Observers\UserObserver;
|
|
|
|
use App\Policies\UserPolicy;
|
2022-03-31 08:38:35 +02:00
|
|
|
use Illuminate\Support\Facades\Config;
|
2023-08-01 11:28:27 +02:00
|
|
|
use PHPUnit\Framework\Attributes\CoversClass;
|
2022-11-22 15:15:52 +01:00
|
|
|
use Tests\FeatureTestCase;
|
2022-03-31 08:38:35 +02:00
|
|
|
|
2022-12-09 10:52:17 +01:00
|
|
|
/**
|
2023-08-01 11:28:27 +02:00
|
|
|
* UserControllerTest test class
|
2022-12-09 10:52:17 +01:00
|
|
|
*/
|
2023-08-01 11:28:27 +02:00
|
|
|
#[CoversClass(UserController::class)]
|
2024-01-29 08:46:09 +01:00
|
|
|
#[CoversClass(UserObserver::class)]
|
|
|
|
#[CoversClass(UserPolicy::class)]
|
2023-08-01 11:28:27 +02:00
|
|
|
#[CoversClass(RejectIfDemoMode::class)]
|
|
|
|
#[CoversClass(UserUpdateRequest::class)]
|
2022-03-31 08:38:35 +02:00
|
|
|
class UserControllerTest extends FeatureTestCase
|
|
|
|
{
|
|
|
|
/**
|
2023-03-10 16:03:42 +01:00
|
|
|
* @var \App\Models\User|\Illuminate\Contracts\Auth\Authenticatable
|
2022-11-22 15:15:52 +01:00
|
|
|
*/
|
2022-03-31 08:38:35 +02:00
|
|
|
protected $user;
|
|
|
|
|
|
|
|
private const NEW_USERNAME = 'Jane DOE';
|
2022-11-22 15:15:52 +01:00
|
|
|
|
2022-03-31 08:38:35 +02:00
|
|
|
private const NEW_EMAIL = 'janedoe@example.org';
|
2022-11-22 15:15:52 +01:00
|
|
|
|
|
|
|
private const PASSWORD = 'password';
|
2022-03-31 08:38:35 +02:00
|
|
|
|
|
|
|
/**
|
|
|
|
* @test
|
|
|
|
*/
|
2022-12-13 12:07:29 +01:00
|
|
|
public function setUp() : void
|
2022-03-31 08:38:35 +02:00
|
|
|
{
|
|
|
|
parent::setUp();
|
|
|
|
|
|
|
|
$this->user = User::factory()->create();
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* @test
|
|
|
|
*/
|
|
|
|
public function test_update_user_returns_success()
|
|
|
|
{
|
|
|
|
$response = $this->actingAs($this->user, 'web-guard')
|
|
|
|
->json('PUT', '/user', [
|
2022-11-22 15:15:52 +01:00
|
|
|
'name' => self::NEW_USERNAME,
|
|
|
|
'email' => self::NEW_EMAIL,
|
2022-03-31 08:38:35 +02:00
|
|
|
'password' => self::PASSWORD,
|
|
|
|
])
|
|
|
|
->assertOk()
|
2023-12-05 16:32:20 +01:00
|
|
|
->assertJsonFragment([
|
2023-03-10 16:03:42 +01:00
|
|
|
'name' => self::NEW_USERNAME,
|
|
|
|
'id' => $this->user->id,
|
|
|
|
'email' => self::NEW_EMAIL,
|
|
|
|
'is_admin' => false,
|
2023-12-05 16:32:20 +01:00
|
|
|
])
|
|
|
|
->assertJsonStructure([
|
|
|
|
'preferences',
|
2022-03-31 08:38:35 +02:00
|
|
|
]);
|
2023-03-10 16:03:42 +01:00
|
|
|
|
|
|
|
$this->assertDatabaseHas('users', [
|
|
|
|
'name' => self::NEW_USERNAME,
|
|
|
|
'id' => $this->user->id,
|
|
|
|
'email' => self::NEW_EMAIL,
|
|
|
|
'is_admin' => false,
|
|
|
|
]);
|
2022-03-31 08:38:35 +02:00
|
|
|
}
|
|
|
|
|
2023-03-25 00:20:39 +01:00
|
|
|
/**
|
|
|
|
* @test
|
|
|
|
*/
|
|
|
|
public function test_update_user_without_changing_email_returns_success()
|
|
|
|
{
|
|
|
|
$response = $this->actingAs($this->user, 'web-guard')
|
|
|
|
->json('PUT', '/user', [
|
|
|
|
'name' => self::NEW_USERNAME,
|
|
|
|
'email' => $this->user->email,
|
|
|
|
'password' => self::PASSWORD,
|
|
|
|
])
|
|
|
|
->assertOk()
|
2023-12-05 16:32:20 +01:00
|
|
|
->assertJsonFragment([
|
2023-03-25 00:20:39 +01:00
|
|
|
'name' => self::NEW_USERNAME,
|
|
|
|
'id' => $this->user->id,
|
|
|
|
'email' => $this->user->email,
|
|
|
|
'is_admin' => false,
|
|
|
|
]);
|
|
|
|
|
|
|
|
$this->assertDatabaseHas('users', [
|
|
|
|
'name' => self::NEW_USERNAME,
|
|
|
|
'id' => $this->user->id,
|
|
|
|
'email' => $this->user->email,
|
|
|
|
'is_admin' => false,
|
|
|
|
]);
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* @test
|
|
|
|
*/
|
|
|
|
public function test_update_user_without_changing_name_returns_success()
|
|
|
|
{
|
|
|
|
$response = $this->actingAs($this->user, 'web-guard')
|
|
|
|
->json('PUT', '/user', [
|
|
|
|
'name' => $this->user->name,
|
|
|
|
'email' => self::NEW_EMAIL,
|
|
|
|
'password' => self::PASSWORD,
|
|
|
|
])
|
|
|
|
->assertOk()
|
2023-12-05 16:32:20 +01:00
|
|
|
->assertJsonFragment([
|
2023-03-25 00:20:39 +01:00
|
|
|
'name' => $this->user->name,
|
|
|
|
'id' => $this->user->id,
|
|
|
|
'email' => self::NEW_EMAIL,
|
|
|
|
'is_admin' => false,
|
|
|
|
]);
|
|
|
|
|
|
|
|
$this->assertDatabaseHas('users', [
|
|
|
|
'name' => $this->user->name,
|
|
|
|
'id' => $this->user->id,
|
|
|
|
'email' => self::NEW_EMAIL,
|
|
|
|
'is_admin' => false,
|
|
|
|
]);
|
|
|
|
}
|
|
|
|
|
2023-03-18 17:33:43 +01:00
|
|
|
/**
|
|
|
|
* @test
|
|
|
|
*/
|
|
|
|
public function test_update_user_with_uppercased_email_returns_success()
|
|
|
|
{
|
|
|
|
$response = $this->actingAs($this->user, 'web-guard')
|
|
|
|
->json('PUT', '/user', [
|
|
|
|
'name' => self::NEW_USERNAME,
|
|
|
|
'email' => strtoupper(self::NEW_EMAIL),
|
|
|
|
'password' => self::PASSWORD,
|
|
|
|
])
|
|
|
|
->assertOk()
|
2023-12-05 16:32:20 +01:00
|
|
|
->assertJsonFragment([
|
2023-03-18 17:33:43 +01:00
|
|
|
'name' => self::NEW_USERNAME,
|
|
|
|
'id' => $this->user->id,
|
|
|
|
'email' => self::NEW_EMAIL,
|
|
|
|
'is_admin' => false,
|
|
|
|
]);
|
|
|
|
|
|
|
|
$this->assertDatabaseHas('users', [
|
|
|
|
'name' => self::NEW_USERNAME,
|
|
|
|
'id' => $this->user->id,
|
|
|
|
'email' => self::NEW_EMAIL,
|
|
|
|
'is_admin' => false,
|
|
|
|
]);
|
|
|
|
}
|
|
|
|
|
2022-03-31 08:38:35 +02:00
|
|
|
/**
|
|
|
|
* @test
|
|
|
|
*/
|
|
|
|
public function test_update_user_in_demo_mode_returns_unchanged_user()
|
|
|
|
{
|
2023-03-15 16:26:32 +01:00
|
|
|
Config::set('2fauth.config.isDemoApp', true);
|
|
|
|
|
2023-03-18 17:33:43 +01:00
|
|
|
$name = $this->user->name;
|
2023-03-15 16:26:32 +01:00
|
|
|
$email = $this->user->email;
|
2022-03-31 08:38:35 +02:00
|
|
|
|
|
|
|
$response = $this->actingAs($this->user, 'web-guard')
|
|
|
|
->json('PUT', '/user', [
|
2022-11-22 15:15:52 +01:00
|
|
|
'name' => self::NEW_USERNAME,
|
|
|
|
'email' => self::NEW_EMAIL,
|
2022-03-31 08:38:35 +02:00
|
|
|
'password' => self::PASSWORD,
|
|
|
|
])
|
|
|
|
->assertOk()
|
2023-12-05 16:32:20 +01:00
|
|
|
->assertJsonFragment([
|
2023-03-15 16:26:32 +01:00
|
|
|
'name' => $name,
|
2023-03-10 16:03:42 +01:00
|
|
|
'id' => $this->user->id,
|
2023-03-15 16:26:32 +01:00
|
|
|
'email' => $email,
|
2023-03-10 16:03:42 +01:00
|
|
|
'is_admin' => $this->user->is_admin,
|
2022-03-31 08:38:35 +02:00
|
|
|
]);
|
2023-03-10 16:03:42 +01:00
|
|
|
|
|
|
|
$this->assertDatabaseHas('users', [
|
2023-03-18 17:33:43 +01:00
|
|
|
'name' => $name,
|
|
|
|
'id' => $this->user->id,
|
|
|
|
'email' => $email,
|
2023-03-10 16:03:42 +01:00
|
|
|
]);
|
2022-03-31 08:38:35 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* @test
|
|
|
|
*/
|
|
|
|
public function test_update_user_passing_wrong_password_returns_bad_request()
|
|
|
|
{
|
|
|
|
$response = $this->actingAs($this->user, 'web-guard')
|
|
|
|
->json('PUT', '/user', [
|
2022-11-22 15:15:52 +01:00
|
|
|
'name' => self::NEW_USERNAME,
|
|
|
|
'email' => self::NEW_EMAIL,
|
2022-03-31 08:38:35 +02:00
|
|
|
'password' => 'wrongPassword',
|
|
|
|
])
|
|
|
|
->assertStatus(400);
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* @test
|
|
|
|
*/
|
|
|
|
public function test_update_user_with_invalid_data_returns_validation_error()
|
|
|
|
{
|
|
|
|
$response = $this->actingAs($this->user, 'web-guard')
|
|
|
|
->json('PUT', '/user', [
|
2022-11-22 15:15:52 +01:00
|
|
|
'name' => '',
|
|
|
|
'email' => '',
|
2022-03-31 08:38:35 +02:00
|
|
|
'password' => self::PASSWORD,
|
|
|
|
])
|
|
|
|
->assertStatus(422);
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* @test
|
|
|
|
*/
|
|
|
|
public function test_delete_user_returns_success()
|
|
|
|
{
|
2023-03-10 16:03:42 +01:00
|
|
|
TwoFAccount::factory()->for($this->user)->create();
|
|
|
|
Group::factory()->for($this->user)->create();
|
|
|
|
|
|
|
|
$admin = User::factory()->administrator()->create();
|
|
|
|
$this->assertDatabaseCount('users', 2);
|
|
|
|
|
|
|
|
$this->actingAs($this->user, 'web-guard')
|
2022-03-31 08:38:35 +02:00
|
|
|
->json('DELETE', '/user', [
|
|
|
|
'password' => self::PASSWORD,
|
|
|
|
])
|
|
|
|
->assertNoContent();
|
2023-03-10 22:59:46 +01:00
|
|
|
|
2023-03-10 16:03:42 +01:00
|
|
|
$this->assertDatabaseMissing('users', [
|
2023-03-10 22:59:46 +01:00
|
|
|
'id' => $this->user->id,
|
2023-03-10 16:03:42 +01:00
|
|
|
]);
|
|
|
|
$this->assertDatabaseHas('users', [
|
2023-03-10 22:59:46 +01:00
|
|
|
'id' => $admin->id,
|
2023-03-10 16:03:42 +01:00
|
|
|
]);
|
|
|
|
$this->assertDatabaseCount('users', 1);
|
|
|
|
$this->assertDatabaseMissing('twofaccounts', [
|
2023-03-10 22:59:46 +01:00
|
|
|
'user_id' => $this->user->id,
|
2023-03-10 16:03:42 +01:00
|
|
|
]);
|
|
|
|
$this->assertDatabaseMissing('groups', [
|
2023-03-10 22:59:46 +01:00
|
|
|
'user_id' => $this->user->id,
|
2023-03-10 16:03:42 +01:00
|
|
|
]);
|
|
|
|
$this->assertDatabaseMissing('webauthn_credentials', [
|
2023-03-10 22:59:46 +01:00
|
|
|
'authenticatable_id' => $this->user->id,
|
2023-03-10 16:03:42 +01:00
|
|
|
]);
|
|
|
|
$this->assertDatabaseMissing('webauthn_recoveries', [
|
2023-03-10 22:59:46 +01:00
|
|
|
'email' => $this->user->email,
|
2023-03-10 16:03:42 +01:00
|
|
|
]);
|
|
|
|
$this->assertDatabaseMissing('oauth_access_tokens', [
|
2023-03-10 22:59:46 +01:00
|
|
|
'user_id' => $this->user->id,
|
2023-03-10 16:03:42 +01:00
|
|
|
]);
|
|
|
|
$this->assertDatabaseMissing('password_resets', [
|
2023-03-10 22:59:46 +01:00
|
|
|
'email' => $this->user->email,
|
2023-03-10 16:03:42 +01:00
|
|
|
]);
|
2022-03-31 08:38:35 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* @test
|
|
|
|
*/
|
|
|
|
public function test_delete_user_in_demo_mode_returns_unauthorized()
|
|
|
|
{
|
|
|
|
Config::set('2fauth.config.isDemoApp', true);
|
|
|
|
|
|
|
|
$response = $this->actingAs($this->user, 'web-guard')
|
|
|
|
->json('DELETE', '/user', [
|
|
|
|
'password' => self::PASSWORD,
|
|
|
|
])
|
|
|
|
->assertUnauthorized()
|
|
|
|
->assertJsonStructure([
|
2022-11-22 15:15:52 +01:00
|
|
|
'message',
|
2022-03-31 08:38:35 +02:00
|
|
|
]);
|
2023-03-10 16:03:42 +01:00
|
|
|
|
|
|
|
$this->assertDatabaseHas('users', [
|
2023-03-10 22:59:46 +01:00
|
|
|
'id' => $this->user->id,
|
2023-03-10 16:03:42 +01:00
|
|
|
]);
|
2022-03-31 08:38:35 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* @test
|
|
|
|
*/
|
|
|
|
public function test_delete_user_passing_wrong_password_returns_bad_request()
|
|
|
|
{
|
|
|
|
$response = $this->actingAs($this->user, 'web-guard')
|
|
|
|
->json('DELETE', '/user', [
|
|
|
|
'password' => 'wrongPassword',
|
|
|
|
])
|
|
|
|
->assertStatus(400);
|
2023-03-10 16:03:42 +01:00
|
|
|
|
|
|
|
$this->assertDatabaseHas('users', [
|
2023-03-10 22:59:46 +01:00
|
|
|
'id' => $this->user->id,
|
2023-03-10 16:03:42 +01:00
|
|
|
]);
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* @test
|
|
|
|
*/
|
|
|
|
public function test_delete_the_only_admin_returns_bad_request()
|
|
|
|
{
|
|
|
|
/**
|
|
|
|
* @var \App\Models\User|\Illuminate\Contracts\Auth\Authenticatable
|
|
|
|
*/
|
|
|
|
$admin = User::factory()->administrator()->create();
|
|
|
|
|
|
|
|
$this->assertDatabaseCount('users', 2);
|
|
|
|
$this->assertEquals(1, User::admins()->count());
|
|
|
|
|
|
|
|
$response = $this->actingAs($admin, 'web-guard')
|
|
|
|
->json('DELETE', '/user', [
|
|
|
|
'password' => self::PASSWORD,
|
|
|
|
])
|
|
|
|
->assertStatus(400);
|
|
|
|
|
|
|
|
$this->assertDatabaseHas('users', [
|
2023-03-10 22:59:46 +01:00
|
|
|
'id' => $admin->id,
|
2023-03-10 16:03:42 +01:00
|
|
|
]);
|
2022-03-31 08:38:35 +02:00
|
|
|
}
|
2022-11-22 15:15:52 +01:00
|
|
|
}
|