2FAuth/tests/Api/v1/Controllers/IconControllerTest.php

181 lines
5.2 KiB
PHP
Raw Normal View History

2021-11-14 01:52:46 +01:00
<?php
namespace Tests\Api\v1\Controllers;
2023-08-01 11:28:27 +02:00
use App\Api\v1\Controllers\IconController;
2024-10-18 14:28:45 +02:00
use App\Facades\IconStore;
use App\Models\TwoFAccount;
use App\Models\User;
2024-10-18 14:28:45 +02:00
use App\Services\LogoService;
use Illuminate\Http\Testing\FileFactory;
2022-11-22 15:15:52 +01:00
use Illuminate\Http\UploadedFile;
2024-10-18 14:28:45 +02:00
use Illuminate\Support\Facades\Http;
use Illuminate\Support\Facades\Storage;
2023-08-01 11:28:27 +02:00
use PHPUnit\Framework\Attributes\CoversClass;
use PHPUnit\Framework\Attributes\Test;
2024-11-15 10:39:29 +01:00
use Tests\Classes\LocalFile;
2024-10-18 14:28:45 +02:00
use Tests\Data\HttpRequestTestData;
use Tests\Data\OtpTestData;
2021-11-30 17:39:33 +01:00
use Tests\FeatureTestCase;
2021-11-14 01:52:46 +01:00
2021-11-22 01:09:54 +01:00
/**
2023-08-01 11:28:27 +02:00
* IconController test class
2021-11-22 01:09:54 +01:00
*/
2023-08-01 11:28:27 +02:00
#[CoversClass(IconController::class)]
2021-11-30 17:39:33 +01:00
class IconControllerTest extends FeatureTestCase
2021-11-14 01:52:46 +01:00
{
/**
* @var \App\Models\User|\Illuminate\Contracts\Auth\Authenticatable
*/
protected $user;
public function setUp() : void
{
parent::setUp();
2024-10-18 14:28:45 +02:00
Storage::fake('icons');
Storage::fake('logos');
2024-11-09 10:18:45 +01:00
2024-10-18 14:28:45 +02:00
Http::preventStrayRequests();
Http::fake([
LogoService::TFA_IMG_URL . '*' => Http::response(HttpRequestTestData::SVG_LOGO_BODY, 200),
LogoService::TFA_URL => Http::response(HttpRequestTestData::TFA_JSON_BODY, 200),
]);
Http::fake([
2024-11-17 23:26:40 +01:00
OtpTestData::EXTERNAL_IMAGE_URL_DECODED => Http::response((new FileFactory)->image('file.png', 10, 10)->tempFile, 200),
2024-10-18 14:28:45 +02:00
]);
$this->user = User::factory()->create();
}
2021-11-14 01:52:46 +01:00
#[Test]
2024-10-18 14:28:45 +02:00
public function test_upload_icon_returns_filename_using_the_iconStore()
2021-11-14 01:52:46 +01:00
{
2024-10-18 14:28:45 +02:00
$iconName = 'testIcon.jpg';
2024-11-09 10:18:45 +01:00
$file = UploadedFile::fake()->image($iconName);
2021-11-14 01:52:46 +01:00
$response = $this->actingAs($this->user, 'api-guard')
->json('POST', '/api/v1/icons', [
'icon' => $file,
])
2021-11-14 01:52:46 +01:00
->assertCreated()
->assertJsonStructure([
2022-11-22 15:15:52 +01:00
'filename',
2021-11-14 01:52:46 +01:00
]);
}
2024-10-18 14:28:45 +02:00
#[Test]
public function test_upload_icon_stores_it_to_database()
{
$file = UploadedFile::fake()->image('testIcon.jpg');
$response = $this->actingAs($this->user, 'api-guard')
->json('POST', '/api/v1/icons', [
'icon' => $file,
]);
}
#[Test]
2021-11-14 01:52:46 +01:00
public function test_upload_with_invalid_data_returns_validation_error()
{
$response = $this->actingAs($this->user, 'api-guard')
->json('POST', '/api/v1/icons', [
'icon' => null,
])
2021-11-14 01:52:46 +01:00
->assertStatus(422);
}
2024-11-15 10:39:29 +01:00
#[Test]
public function test_upload_infected_svg_data_stores_stores_sanitized_svg_content()
{
$file = LocalFile::fake()->infectedSvgIconFile();
$response = $this->actingAs($this->user, 'api-guard')
->json('POST', '/api/v1/icons', [
'icon' => $file,
])
->assertCreated();
$svgContent = IconStore::get($response->getData()->filename);
$this->assertStringNotContainsString(OtpTestData::ICON_SVG_MALICIOUS_CODE, $svgContent);
}
#[Test]
2022-12-09 10:52:17 +01:00
public function test_fetch_logo_returns_filename()
{
$response = $this->actingAs($this->user, 'api-guard')
->json('POST', '/api/v1/icons/default', [
2024-10-18 14:28:45 +02:00
'service' => 'service',
])
2022-12-09 10:52:17 +01:00
->assertStatus(201)
->assertJsonStructure([
'filename',
]);
}
2024-11-15 10:39:29 +01:00
#[Test]
public function test_fetch_logo_with_infected_svg_data_stores_sanitized_svg_content()
{
$response = $this->actingAs($this->user, 'api-guard')
->json('POST', '/api/v1/icons/default', [
'service' => 'service',
])
->assertStatus(201)
->assertJsonStructure([
'filename',
]);
$svgContent = IconStore::get($response->getData()->filename);
$this->assertStringNotContainsString(OtpTestData::ICON_SVG_MALICIOUS_CODE, $svgContent);
}
#[Test]
2022-12-09 10:52:17 +01:00
public function test_fetch_unknown_logo_returns_nothing()
{
$response = $this->actingAs($this->user, 'api-guard')
->json('POST', '/api/v1/icons/default', [
'service' => 'unknown_company',
])
2022-12-09 10:52:17 +01:00
->assertNoContent();
}
#[Test]
2024-10-18 14:28:45 +02:00
public function test_delete_icon_returns_success_using_the_iconStore()
2021-11-14 01:52:46 +01:00
{
2024-10-18 14:28:45 +02:00
IconStore::spy();
2024-11-09 10:18:45 +01:00
2024-10-18 14:28:45 +02:00
$iconName = 'testIcon.jpg';
$response = $this->actingAs($this->user, 'api-guard')
2024-10-18 14:28:45 +02:00
->json('DELETE', '/api/v1/icons/' . $iconName)
2021-11-14 01:52:46 +01:00
->assertNoContent(204);
2024-10-18 14:28:45 +02:00
IconStore::shouldHaveReceived('delete')->once()->with($iconName);
2021-11-14 01:52:46 +01:00
}
#[Test]
2021-11-14 01:52:46 +01:00
public function test_delete_invalid_icon_returns_success()
{
$response = $this->actingAs($this->user, 'api-guard')
->json('DELETE', '/api/v1/icons/null')
2021-11-14 01:52:46 +01:00
->assertNoContent(204);
}
#[Test]
public function test_delete_icon_of_another_user_is_forbidden()
{
$anotherUser = User::factory()->create();
TwoFAccount::factory()->for($anotherUser)->create([
'icon' => 'testIcon.jpg',
]);
$response = $this->actingAs($this->user, 'api-guard')
->json('DELETE', '/api/v1/icons/testIcon.jpg')
->assertForbidden()
->assertJsonStructure([
'message',
]);
}
2022-11-22 15:15:52 +01:00
}