2FAuth/tests/Feature/Http/Auth/UserControllerTest.php

229 lines
6.3 KiB
PHP
Raw Normal View History

2022-03-31 08:38:35 +02:00
<?php
2022-03-31 12:09:25 +02:00
namespace Tests\Feature\Http\Auth;
2022-03-31 08:38:35 +02:00
2022-07-30 17:51:02 +02:00
use App\Facades\Settings;
2023-03-10 16:03:42 +01:00
use App\Models\Group;
use App\Models\TwoFAccount;
2022-11-22 15:15:52 +01:00
use App\Models\User;
2022-03-31 08:38:35 +02:00
use Illuminate\Support\Facades\Config;
2022-11-22 15:15:52 +01:00
use Tests\FeatureTestCase;
2022-03-31 08:38:35 +02:00
2022-12-09 10:52:17 +01:00
/**
* @covers \App\Http\Controllers\Auth\UserController
* @covers \App\Http\Middleware\RejectIfDemoMode
*/
2022-03-31 08:38:35 +02:00
class UserControllerTest extends FeatureTestCase
{
/**
2023-03-10 16:03:42 +01:00
* @var \App\Models\User|\Illuminate\Contracts\Auth\Authenticatable
2022-11-22 15:15:52 +01:00
*/
2022-03-31 08:38:35 +02:00
protected $user;
private const NEW_USERNAME = 'Jane DOE';
2022-11-22 15:15:52 +01:00
2022-03-31 08:38:35 +02:00
private const NEW_EMAIL = 'janedoe@example.org';
2022-11-22 15:15:52 +01:00
private const PASSWORD = 'password';
2022-03-31 08:38:35 +02:00
/**
* @test
*/
2022-12-13 12:07:29 +01:00
public function setUp() : void
2022-03-31 08:38:35 +02:00
{
parent::setUp();
$this->user = User::factory()->create();
}
/**
* @test
*/
public function test_update_user_returns_success()
{
$response = $this->actingAs($this->user, 'web-guard')
->json('PUT', '/user', [
2022-11-22 15:15:52 +01:00
'name' => self::NEW_USERNAME,
'email' => self::NEW_EMAIL,
2022-03-31 08:38:35 +02:00
'password' => self::PASSWORD,
])
->assertOk()
->assertExactJson([
2023-03-10 16:03:42 +01:00
'name' => self::NEW_USERNAME,
'id' => $this->user->id,
'email' => self::NEW_EMAIL,
'is_admin' => false,
2022-03-31 08:38:35 +02:00
]);
2023-03-10 16:03:42 +01:00
$this->assertDatabaseHas('users', [
'name' => self::NEW_USERNAME,
'id' => $this->user->id,
'email' => self::NEW_EMAIL,
'is_admin' => false,
]);
2022-03-31 08:38:35 +02:00
}
/**
* @test
*/
public function test_update_user_in_demo_mode_returns_unchanged_user()
{
2022-07-30 17:51:02 +02:00
Settings::set('isDemoApp', true);
2022-03-31 08:38:35 +02:00
$response = $this->actingAs($this->user, 'web-guard')
->json('PUT', '/user', [
2022-11-22 15:15:52 +01:00
'name' => self::NEW_USERNAME,
'email' => self::NEW_EMAIL,
2022-03-31 08:38:35 +02:00
'password' => self::PASSWORD,
])
->assertOk()
->assertExactJson([
2023-03-10 16:03:42 +01:00
'name' => $this->user->name,
'id' => $this->user->id,
'email' => $this->user->email,
'is_admin' => $this->user->is_admin,
2022-03-31 08:38:35 +02:00
]);
2023-03-10 16:03:42 +01:00
$this->assertDatabaseHas('users', [
'name' => $this->user->name,
'id' => $this->user->id,
'email' => $this->user->email,
'is_admin' => $this->user->is_admin,
]);
2022-03-31 08:38:35 +02:00
}
/**
* @test
*/
public function test_update_user_passing_wrong_password_returns_bad_request()
{
$response = $this->actingAs($this->user, 'web-guard')
->json('PUT', '/user', [
2022-11-22 15:15:52 +01:00
'name' => self::NEW_USERNAME,
'email' => self::NEW_EMAIL,
2022-03-31 08:38:35 +02:00
'password' => 'wrongPassword',
])
->assertStatus(400);
}
/**
* @test
*/
public function test_update_user_with_invalid_data_returns_validation_error()
{
$response = $this->actingAs($this->user, 'web-guard')
->json('PUT', '/user', [
2022-11-22 15:15:52 +01:00
'name' => '',
'email' => '',
2022-03-31 08:38:35 +02:00
'password' => self::PASSWORD,
])
->assertStatus(422);
}
/**
* @test
*/
public function test_delete_user_returns_success()
{
2023-03-10 16:03:42 +01:00
TwoFAccount::factory()->for($this->user)->create();
Group::factory()->for($this->user)->create();
$admin = User::factory()->administrator()->create();
$this->assertDatabaseCount('users', 2);
$this->actingAs($this->user, 'web-guard')
2022-03-31 08:38:35 +02:00
->json('DELETE', '/user', [
'password' => self::PASSWORD,
])
->assertNoContent();
2023-03-10 22:59:46 +01:00
2023-03-10 16:03:42 +01:00
$this->assertDatabaseMissing('users', [
2023-03-10 22:59:46 +01:00
'id' => $this->user->id,
2023-03-10 16:03:42 +01:00
]);
$this->assertDatabaseHas('users', [
2023-03-10 22:59:46 +01:00
'id' => $admin->id,
2023-03-10 16:03:42 +01:00
]);
$this->assertDatabaseCount('users', 1);
$this->assertDatabaseMissing('twofaccounts', [
2023-03-10 22:59:46 +01:00
'user_id' => $this->user->id,
2023-03-10 16:03:42 +01:00
]);
$this->assertDatabaseMissing('groups', [
2023-03-10 22:59:46 +01:00
'user_id' => $this->user->id,
2023-03-10 16:03:42 +01:00
]);
$this->assertDatabaseMissing('webauthn_credentials', [
2023-03-10 22:59:46 +01:00
'authenticatable_id' => $this->user->id,
2023-03-10 16:03:42 +01:00
]);
$this->assertDatabaseMissing('webauthn_recoveries', [
2023-03-10 22:59:46 +01:00
'email' => $this->user->email,
2023-03-10 16:03:42 +01:00
]);
$this->assertDatabaseMissing('oauth_access_tokens', [
2023-03-10 22:59:46 +01:00
'user_id' => $this->user->id,
2023-03-10 16:03:42 +01:00
]);
$this->assertDatabaseMissing('password_resets', [
2023-03-10 22:59:46 +01:00
'email' => $this->user->email,
2023-03-10 16:03:42 +01:00
]);
2022-03-31 08:38:35 +02:00
}
/**
* @test
*/
public function test_delete_user_in_demo_mode_returns_unauthorized()
{
Config::set('2fauth.config.isDemoApp', true);
2022-07-30 17:51:02 +02:00
Settings::set('isDemoApp', true);
2022-03-31 08:38:35 +02:00
$response = $this->actingAs($this->user, 'web-guard')
->json('DELETE', '/user', [
'password' => self::PASSWORD,
])
->assertUnauthorized()
->assertJsonStructure([
2022-11-22 15:15:52 +01:00
'message',
2022-03-31 08:38:35 +02:00
]);
2023-03-10 16:03:42 +01:00
$this->assertDatabaseHas('users', [
2023-03-10 22:59:46 +01:00
'id' => $this->user->id,
2023-03-10 16:03:42 +01:00
]);
2022-03-31 08:38:35 +02:00
}
/**
* @test
*/
public function test_delete_user_passing_wrong_password_returns_bad_request()
{
$response = $this->actingAs($this->user, 'web-guard')
->json('DELETE', '/user', [
'password' => 'wrongPassword',
])
->assertStatus(400);
2023-03-10 16:03:42 +01:00
$this->assertDatabaseHas('users', [
2023-03-10 22:59:46 +01:00
'id' => $this->user->id,
2023-03-10 16:03:42 +01:00
]);
}
/**
* @test
*/
public function test_delete_the_only_admin_returns_bad_request()
{
/**
* @var \App\Models\User|\Illuminate\Contracts\Auth\Authenticatable
*/
$admin = User::factory()->administrator()->create();
$this->assertDatabaseCount('users', 2);
$this->assertEquals(1, User::admins()->count());
$response = $this->actingAs($admin, 'web-guard')
->json('DELETE', '/user', [
'password' => self::PASSWORD,
])
->assertStatus(400);
$this->assertDatabaseHas('users', [
2023-03-10 22:59:46 +01:00
'id' => $admin->id,
2023-03-10 16:03:42 +01:00
]);
2022-03-31 08:38:35 +02:00
}
2022-11-22 15:15:52 +01:00
}