extern/2FAuth
1
0
Fork 0
mirror of https://github.com/Bubka/2FAuth.git synced 2025-06-20 11:47:53 +02:00
Code Issues Packages Projects Releases Wiki Activity

Restore 403 response in case of authorization exception & Fix test

Browse Source
This commit is contained in:
Bubka 2025-03-26 17:04:52 +01:00
parent 764b687904
commit 2a728a2e8d
2 changed files with 24 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
app/Api/v1/Controllers/GroupController.php
View File

@ -10,6 +10,7 @@ use App\Facades\Groups;
use App\Http\Controllers\Controller;
use App\Models\Group;
use App\Models\User;
use Illuminate\Auth\Access\AuthorizationException;
use Illuminate\Database\Eloquent\ModelNotFoundException;
use Illuminate\Http\Request;
@ -107,6 +108,8 @@ class GroupController extends Controller
$group->loadCount('twofaccounts');
} catch (ModelNotFoundException $exc) {
abort(404);
} catch (AuthorizationException $exc) {
abort(403);
} catch (\Throwable $th) {
abort(409, 'Conflict');
}

39
tests/Unit/Api/v1/Controllers/GroupControllerTest.php
View File

@ -3,7 +3,6 @@
namespace Tests\Unit\Api\v1\Controllers;
use App\Api\v1\Controllers\GroupController;
use App\Api\v1\Requests\GroupAssignRequest;
use App\Api\v1\Requests\GroupStoreRequest;
use App\Api\v1\Resources\GroupResource;
use App\Api\v1\Resources\TwoFAccountReadResource;
@ -114,27 +113,31 @@ class GroupControllerTest extends TestCase
$this->assertInstanceOf(GroupResource::class, $response);
}
#[Test]
public function test_assignAccounts_returns_api_resource_assigned_using_groupService()
{
$request = Mockery::mock(GroupAssignRequest::class);
$controller = Mockery::mock(GroupController::class)->makePartial();
$group = Group::factory()->make();
$validated = ['ids' => $group->id];
// 26/03/25: Cannot be tested as a Unit test anymore because of the call to $group->loadCount()
// in the assignAccounts() controller method. The loadCount() has been introduced
// in the controller by commit 19f3a71c "Move group->loadCount from the Assign void method to the caller"
// on Feb 24-2025 as part of the CWE-362 fix.
// #[Test]
// public function test_assignAccounts_returns_api_resource_assigned_using_groupService()
// {
// $request = Mockery::mock(GroupAssignRequest::class);
// $controller = Mockery::mock(GroupController::class)->makePartial();
// $group = Group::factory()->make();
// $validated = ['ids' => $group->id];
$request->shouldReceive([
'validated' => $validated,
'user' => $this->user,
]);
// $request->shouldReceive([
// 'validated' => $validated,
// 'user' => $this->user,
// ]);
Groups::shouldReceive('assign')
->with($group->id, $this->user, $group)
->once();
// Groups::shouldReceive('assign')
// ->with($group->id, $this->user, $group)
// ->once();
$response = $controller->assignAccounts($request, $group);
// $response = $controller->assignAccounts($request, $group);
$this->assertInstanceOf(GroupResource::class, $response);
}
// $this->assertInstanceOf(GroupResource::class, $response);
// }
#[Test]
public function test_accounts_returns_api_resources()