extern/2FAuth
1
0
Fork 0
mirror of https://github.com/Bubka/2FAuth.git synced 2025-06-25 22:41:57 +02:00
Code Issues Packages Projects Releases Wiki Activity

Restrict system routes to administrators

Browse Source
This commit is contained in:
Bubka 2025-02-27 08:41:06 +01:00
parent f3945463b7
commit 47a13b891d
2 changed files with 35 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
routes/web.php
View File

@ -90,12 +90,11 @@ Route::group(['middleware' => ['behind-auth', 'rejectIfReverseProxy']], function
Route::group(['middleware' => ['behind-auth', 'admin']], function () { Route::group(['middleware' => ['behind-auth', 'admin']], function () {
Route::get('system/infos', [SystemController::class, 'infos'])->name('system.infos'); Route::get('system/infos', [SystemController::class, 'infos'])->name('system.infos');
Route::post('system/test-email', [SystemController::class, 'testEmail'])->name('system.testEmail'); Route::post('system/test-email', [SystemController::class, 'testEmail'])->name('system.testEmail');
Route::get('system/latestRelease', [SystemController::class, 'latestRelease'])->name('system.latestRelease');
Route::get('system/optimize', [SystemController::class, 'optimize'])->name('system.optimize');
Route::get('system/clear-cache', [SystemController::class, 'clear'])->name('system.clear');
}); });
Route::get('system/optimize', [SystemController::class, 'optimize'])->name('system.optimize');
Route::get('system/clear-cache', [SystemController::class, 'clear'])->name('system.clear');
Route::get('system/latestRelease', [SystemController::class, 'latestRelease'])->name('system.latestRelease');
Route::get('refresh-csrf', function () { Route::get('refresh-csrf', function () {
return csrf_token(); return csrf_token();
}); });

35
tests/Feature/Http/SystemControllerTest.php
View File

@ -103,13 +103,22 @@ class SystemControllerTest extends FeatureTestCase
->once() ->once()
->andReturn('new_release'); ->andReturn('new_release');
$response = $this->json('GET', '/system/latestRelease') $response = $this->actingAs($this->admin, 'web-guard')
->json('GET', '/system/latestRelease')
->assertOk() ->assertOk()
->assertJson([ ->assertJson([
'newRelease' => 'new_release', 'newRelease' => 'new_release',
]); ]);
} }
#[Test]
public function test_latestrelease_is_forbidden_to_user()
{
$response = $this->actingAs($this->user, 'web-guard')
->json('GET', '/system/latestRelease')
->assertForbidden();
}
#[Test] #[Test]
public function test_testEmail_sends_a_notification() public function test_testEmail_sends_a_notification()
{ {
@ -156,16 +165,36 @@ class SystemControllerTest extends FeatureTestCase
#[Test] #[Test]
public function test_clearCache_returns_success() public function test_clearCache_returns_success()
{ {
$response = $this->json('GET', '/system/clear-cache'); $response = $this->actingAs($this->admin, 'web-guard')
->json('GET', '/system/clear-cache');
$response->assertStatus(200); $response->assertStatus(200);
} }
#[Test]
public function test_clearCache_is_forbidden_to_user()
{
$response = $this->actingAs($this->user, 'web-guard')
->json('GET', '/system/clear-cache');
$response->assertForbidden();
}
#[Test] #[Test]
public function test_optimize_returns_success() public function test_optimize_returns_success()
{ {
$response = $this->json('GET', '/system/optimize'); $response = $this->actingAs($this->admin, 'web-guard')
->json('GET', '/system/optimize');
$response->assertStatus(200); $response->assertStatus(200);
} }
#[Test]
public function test_optimize_is_forbidden_to_user()
{
$response = $this->actingAs($this->user, 'web-guard')
->json('GET', '/system/optimize');
$response->assertForbidden();
}
} }