mirror of
https://github.com/Bubka/2FAuth.git
synced 2024-12-01 12:43:46 +01:00
181 lines
5.2 KiB
PHP
181 lines
5.2 KiB
PHP
<?php
|
|
|
|
namespace Tests\Api\v1\Controllers;
|
|
|
|
use App\Api\v1\Controllers\IconController;
|
|
use App\Facades\IconStore;
|
|
use App\Models\TwoFAccount;
|
|
use App\Models\User;
|
|
use App\Services\LogoService;
|
|
use Illuminate\Http\Testing\FileFactory;
|
|
use Illuminate\Http\UploadedFile;
|
|
use Illuminate\Support\Facades\Http;
|
|
use Illuminate\Support\Facades\Storage;
|
|
use PHPUnit\Framework\Attributes\CoversClass;
|
|
use PHPUnit\Framework\Attributes\Test;
|
|
use Tests\Classes\LocalFile;
|
|
use Tests\Data\HttpRequestTestData;
|
|
use Tests\Data\OtpTestData;
|
|
use Tests\FeatureTestCase;
|
|
|
|
/**
|
|
* IconController test class
|
|
*/
|
|
#[CoversClass(IconController::class)]
|
|
class IconControllerTest extends FeatureTestCase
|
|
{
|
|
/**
|
|
* @var \App\Models\User|\Illuminate\Contracts\Auth\Authenticatable
|
|
*/
|
|
protected $user;
|
|
|
|
public function setUp() : void
|
|
{
|
|
parent::setUp();
|
|
|
|
Storage::fake('icons');
|
|
Storage::fake('logos');
|
|
|
|
Http::preventStrayRequests();
|
|
Http::fake([
|
|
LogoService::TFA_IMG_URL . '*' => Http::response(HttpRequestTestData::SVG_LOGO_BODY, 200),
|
|
LogoService::TFA_URL => Http::response(HttpRequestTestData::TFA_JSON_BODY, 200),
|
|
]);
|
|
Http::fake([
|
|
OtpTestData::EXTERNAL_IMAGE_URL_DECODED => Http::response((new FileFactory)->image('file.png', 10, 10)->tempFile, 200),
|
|
]);
|
|
|
|
$this->user = User::factory()->create();
|
|
}
|
|
|
|
#[Test]
|
|
public function test_upload_icon_returns_filename_using_the_iconStore()
|
|
{
|
|
$iconName = 'testIcon.jpg';
|
|
$file = UploadedFile::fake()->image($iconName);
|
|
|
|
$response = $this->actingAs($this->user, 'api-guard')
|
|
->json('POST', '/api/v1/icons', [
|
|
'icon' => $file,
|
|
])
|
|
->assertCreated()
|
|
->assertJsonStructure([
|
|
'filename',
|
|
]);
|
|
}
|
|
|
|
#[Test]
|
|
public function test_upload_icon_stores_it_to_database()
|
|
{
|
|
$file = UploadedFile::fake()->image('testIcon.jpg');
|
|
|
|
$response = $this->actingAs($this->user, 'api-guard')
|
|
->json('POST', '/api/v1/icons', [
|
|
'icon' => $file,
|
|
]);
|
|
}
|
|
|
|
#[Test]
|
|
public function test_upload_with_invalid_data_returns_validation_error()
|
|
{
|
|
$response = $this->actingAs($this->user, 'api-guard')
|
|
->json('POST', '/api/v1/icons', [
|
|
'icon' => null,
|
|
])
|
|
->assertStatus(422);
|
|
}
|
|
|
|
#[Test]
|
|
public function test_upload_infected_svg_data_stores_stores_sanitized_svg_content()
|
|
{
|
|
$file = LocalFile::fake()->infectedSvgIconFile();
|
|
|
|
$response = $this->actingAs($this->user, 'api-guard')
|
|
->json('POST', '/api/v1/icons', [
|
|
'icon' => $file,
|
|
])
|
|
->assertCreated();
|
|
|
|
$svgContent = IconStore::get($response->getData()->filename);
|
|
$this->assertStringNotContainsString(OtpTestData::ICON_SVG_MALICIOUS_CODE, $svgContent);
|
|
}
|
|
|
|
#[Test]
|
|
public function test_fetch_logo_returns_filename()
|
|
{
|
|
$response = $this->actingAs($this->user, 'api-guard')
|
|
->json('POST', '/api/v1/icons/default', [
|
|
'service' => 'service',
|
|
])
|
|
->assertStatus(201)
|
|
->assertJsonStructure([
|
|
'filename',
|
|
]);
|
|
}
|
|
|
|
#[Test]
|
|
public function test_fetch_logo_with_infected_svg_data_stores_sanitized_svg_content()
|
|
{
|
|
$response = $this->actingAs($this->user, 'api-guard')
|
|
->json('POST', '/api/v1/icons/default', [
|
|
'service' => 'service',
|
|
])
|
|
->assertStatus(201)
|
|
->assertJsonStructure([
|
|
'filename',
|
|
]);
|
|
|
|
$svgContent = IconStore::get($response->getData()->filename);
|
|
$this->assertStringNotContainsString(OtpTestData::ICON_SVG_MALICIOUS_CODE, $svgContent);
|
|
}
|
|
|
|
#[Test]
|
|
public function test_fetch_unknown_logo_returns_nothing()
|
|
{
|
|
$response = $this->actingAs($this->user, 'api-guard')
|
|
->json('POST', '/api/v1/icons/default', [
|
|
'service' => 'unknown_company',
|
|
])
|
|
->assertNoContent();
|
|
}
|
|
|
|
#[Test]
|
|
public function test_delete_icon_returns_success_using_the_iconStore()
|
|
{
|
|
IconStore::spy();
|
|
|
|
$iconName = 'testIcon.jpg';
|
|
|
|
$response = $this->actingAs($this->user, 'api-guard')
|
|
->json('DELETE', '/api/v1/icons/' . $iconName)
|
|
->assertNoContent(204);
|
|
|
|
IconStore::shouldHaveReceived('delete')->once()->with($iconName);
|
|
}
|
|
|
|
#[Test]
|
|
public function test_delete_invalid_icon_returns_success()
|
|
{
|
|
$response = $this->actingAs($this->user, 'api-guard')
|
|
->json('DELETE', '/api/v1/icons/null')
|
|
->assertNoContent(204);
|
|
}
|
|
|
|
#[Test]
|
|
public function test_delete_icon_of_another_user_is_forbidden()
|
|
{
|
|
$anotherUser = User::factory()->create();
|
|
|
|
TwoFAccount::factory()->for($anotherUser)->create([
|
|
'icon' => 'testIcon.jpg',
|
|
]);
|
|
|
|
$response = $this->actingAs($this->user, 'api-guard')
|
|
->json('DELETE', '/api/v1/icons/testIcon.jpg')
|
|
->assertForbidden()
|
|
->assertJsonStructure([
|
|
'message',
|
|
]);
|
|
}
|
|
}
|