extern/2FAuth
1
0
Fork 0
mirror of https://github.com/Bubka/2FAuth.git synced 2025-06-20 11:47:53 +02:00
Code Issues Packages Projects Releases Wiki Activity

Restore 403 response in case of authorization exception & Fix test

Browse Source
This commit is contained in:
Bubka 2025-03-26 17:04:52 +01:00
parent 764b687904
commit 2a728a2e8d
2 changed files with 24 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
app/Api/v1/Controllers/GroupController.php
View File

@ -10,6 +10,7 @@ use App\Facades\Groups;
use App\Http\Controllers\Controller; use App\Http\Controllers\Controller;
use App\Models\Group; use App\Models\Group;
use App\Models\User; use App\Models\User;
use Illuminate\Auth\Access\AuthorizationException;
use Illuminate\Database\Eloquent\ModelNotFoundException; use Illuminate\Database\Eloquent\ModelNotFoundException;
use Illuminate\Http\Request; use Illuminate\Http\Request;
@ -107,6 +108,8 @@ class GroupController extends Controller
$group->loadCount('twofaccounts'); $group->loadCount('twofaccounts');
} catch (ModelNotFoundException $exc) { } catch (ModelNotFoundException $exc) {
abort(404); abort(404);
} catch (AuthorizationException $exc) {
abort(403);
} catch (\Throwable $th) { } catch (\Throwable $th) {
abort(409, 'Conflict'); abort(409, 'Conflict');
} }

39
tests/Unit/Api/v1/Controllers/GroupControllerTest.php
View File

@ -3,7 +3,6 @@
namespace Tests\Unit\Api\v1\Controllers; namespace Tests\Unit\Api\v1\Controllers;
use App\Api\v1\Controllers\GroupController; use App\Api\v1\Controllers\GroupController;
use App\Api\v1\Requests\GroupAssignRequest;
use App\Api\v1\Requests\GroupStoreRequest; use App\Api\v1\Requests\GroupStoreRequest;
use App\Api\v1\Resources\GroupResource; use App\Api\v1\Resources\GroupResource;
use App\Api\v1\Resources\TwoFAccountReadResource; use App\Api\v1\Resources\TwoFAccountReadResource;
@ -114,27 +113,31 @@ class GroupControllerTest extends TestCase
$this->assertInstanceOf(GroupResource::class, $response); $this->assertInstanceOf(GroupResource::class, $response);
} }
#[Test] // 26/03/25: Cannot be tested as a Unit test anymore because of the call to $group->loadCount()
public function test_assignAccounts_returns_api_resource_assigned_using_groupService() // in the assignAccounts() controller method. The loadCount() has been introduced
{ // in the controller by commit 19f3a71c "Move group->loadCount from the Assign void method to the caller"
$request = Mockery::mock(GroupAssignRequest::class); // on Feb 24-2025 as part of the CWE-362 fix.
$controller = Mockery::mock(GroupController::class)->makePartial(); // #[Test]
$group = Group::factory()->make(); // public function test_assignAccounts_returns_api_resource_assigned_using_groupService()
$validated = ['ids' => $group->id]; // {
// $request = Mockery::mock(GroupAssignRequest::class);
// $controller = Mockery::mock(GroupController::class)->makePartial();
// $group = Group::factory()->make();
// $validated = ['ids' => $group->id];
$request->shouldReceive([ // $request->shouldReceive([
'validated' => $validated, // 'validated' => $validated,
'user' => $this->user, // 'user' => $this->user,
]); // ]);
Groups::shouldReceive('assign') // Groups::shouldReceive('assign')
->with($group->id, $this->user, $group) // ->with($group->id, $this->user, $group)
->once(); // ->once();
$response = $controller->assignAccounts($request, $group); // $response = $controller->assignAccounts($request, $group);
$this->assertInstanceOf(GroupResource::class, $response); // $this->assertInstanceOf(GroupResource::class, $response);
} // }
#[Test] #[Test]
public function test_accounts_returns_api_resources() public function test_accounts_returns_api_resources()