2FAuth/tests/Api/v1/Controllers/QrCodeControllerTest.php

138 lines
3.7 KiB
PHP
Raw Normal View History

2021-11-14 01:52:46 +01:00
<?php
namespace Tests\Api\v1\Controllers;
2021-12-02 13:15:53 +01:00
use App\Models\TwoFAccount;
2022-11-22 15:15:52 +01:00
use App\Models\User;
2021-11-14 01:52:46 +01:00
use Tests\Classes\LocalFile;
2022-11-22 15:15:52 +01:00
use Tests\FeatureTestCase;
2021-11-22 01:09:54 +01:00
/**
* @covers \App\Api\v1\Controllers\QrCodeController
*/
class QrCodeControllerTest extends FeatureTestCase
2021-11-14 01:52:46 +01:00
{
/**
* @var \App\Models\User|\Illuminate\Contracts\Auth\Authenticatable
2022-11-22 15:15:52 +01:00
*/
protected $user, $anotherUser;
/**
* @var App\Models\TwoFAccount
*/
protected $twofaccount;
2021-11-14 01:52:46 +01:00
/**
* @test
*/
2022-11-22 15:15:52 +01:00
public function setUp() : void
2021-11-14 01:52:46 +01:00
{
parent::setUp();
2021-12-02 13:15:53 +01:00
$this->user = User::factory()->create();
$this->anotherUser = User::factory()->create();
2021-11-14 01:52:46 +01:00
$this->twofaccount = TwoFAccount::factory()->for($this->user)->create([
2022-11-22 15:15:52 +01:00
'otp_type' => 'totp',
'account' => 'account',
'service' => 'service',
'secret' => 'A4GRFHZVRBGY7UIW',
'algorithm' => 'sha1',
'digits' => 6,
'period' => 30,
2021-11-14 01:52:46 +01:00
'legacy_uri' => 'otpauth://hotp/service:account?secret=A4GRFHZVRBGY7UIW&issuer=service',
]);
}
2021-11-14 01:52:46 +01:00
/**
* @test
*/
public function test_show_qrcode_returns_base64_image()
{
2022-03-31 08:38:35 +02:00
$response = $this->actingAs($this->user, 'api-guard')
->json('GET', '/api/v1/twofaccounts/' . $this->twofaccount->id . '/qrcode')
2021-11-14 01:52:46 +01:00
->assertJsonStructure([
'qrcode',
])
->assertOk();
2022-11-22 15:15:52 +01:00
2021-11-14 01:52:46 +01:00
$this->assertStringStartsWith('data:image/png;base64', $response->getData()->qrcode);
}
/**
* @test
*/
public function test_show_missing_qrcode_returns_not_found()
{
2022-03-31 08:38:35 +02:00
$response = $this->actingAs($this->user, 'api-guard')
2021-11-14 01:52:46 +01:00
->json('GET', '/api/v1/twofaccounts/1000/qrcode')
->assertNotFound()
->assertJsonStructure([
2022-11-22 15:15:52 +01:00
'message',
2021-11-14 01:52:46 +01:00
]);
}
/**
* @test
*/
public function test_show_qrcode_of_another_user_is_forbidden()
{
$response = $this->actingAs($this->anotherUser, 'api-guard')
->json('GET', '/api/v1/twofaccounts/' . $this->twofaccount->id . '/qrcode')
->assertForbidden()
->assertJsonStructure([
'message',
]);
}
2021-11-14 01:52:46 +01:00
/**
* @test
*/
public function test_decode_qrcode_return_success()
{
$file = LocalFile::fake()->validQrcode();
$response = $this->withHeaders(['Content-Type' => 'multipart/form-data'])
2022-03-31 08:38:35 +02:00
->actingAs($this->user, 'api-guard')
2021-11-14 01:52:46 +01:00
->json('POST', '/api/v1/qrcode/decode', [
2022-11-22 15:15:52 +01:00
'qrcode' => $file,
'inputFormat' => 'fileUpload',
2021-11-14 01:52:46 +01:00
])
->assertOk()
->assertExactJson([
'data' => 'otpauth://totp/test@test.com?secret=A4GRFHVIRBGY7UIW',
]);
}
/**
* @test
*/
public function test_decode_missing_qrcode_return_validation_error()
{
2022-03-31 08:38:35 +02:00
$response = $this->actingAs($this->user, 'api-guard')
2021-11-14 01:52:46 +01:00
->json('POST', '/api/v1/qrcode/decode', [
'qrcode' => '',
])
2021-11-14 01:52:46 +01:00
->assertStatus(422);
}
/**
* @test
*/
public function test_decode_invalid_qrcode_return_bad_request()
{
$file = LocalFile::fake()->invalidQrcode();
$response = $this->withHeaders(['Content-Type' => 'multipart/form-data'])
2022-03-31 08:38:35 +02:00
->actingAs($this->user, 'api-guard')
2021-11-14 01:52:46 +01:00
->json('POST', '/api/v1/qrcode/decode', [
2022-11-22 15:15:52 +01:00
'qrcode' => $file,
'inputFormat' => 'fileUpload',
2021-11-14 01:52:46 +01:00
])
->assertStatus(400)
->assertJsonStructure([
'message',
]);
}
2022-11-22 15:15:52 +01:00
}