mirror of
https://github.com/Bubka/2FAuth.git
synced 2024-12-03 22:01:45 +01:00
129 lines
3.7 KiB
PHP
129 lines
3.7 KiB
PHP
<?php
|
|
|
|
namespace Tests\Api\v1\Controllers;
|
|
|
|
use App\Api\v1\Controllers\QrCodeController;
|
|
use App\Models\TwoFAccount;
|
|
use App\Models\User;
|
|
use PHPUnit\Framework\Attributes\CoversClass;
|
|
use PHPUnit\Framework\Attributes\Test;
|
|
use Tests\Classes\LocalFile;
|
|
use Tests\FeatureTestCase;
|
|
|
|
/**
|
|
* QrCodeController test class
|
|
*/
|
|
#[CoversClass(QrCodeController::class)]
|
|
class QrCodeControllerTest extends FeatureTestCase
|
|
{
|
|
/**
|
|
* @var \App\Models\User|\Illuminate\Contracts\Auth\Authenticatable
|
|
*/
|
|
protected $user;
|
|
|
|
protected $anotherUser;
|
|
|
|
/**
|
|
* @var App\Models\TwoFAccount
|
|
*/
|
|
protected $twofaccount;
|
|
|
|
public function setUp() : void
|
|
{
|
|
parent::setUp();
|
|
|
|
$this->user = User::factory()->create();
|
|
$this->anotherUser = User::factory()->create();
|
|
|
|
$this->twofaccount = TwoFAccount::factory()->for($this->user)->create([
|
|
'otp_type' => 'totp',
|
|
'account' => 'account',
|
|
'service' => 'service',
|
|
'secret' => 'A4GRFHZVRBGY7UIW',
|
|
'algorithm' => 'sha1',
|
|
'digits' => 6,
|
|
'period' => 30,
|
|
'legacy_uri' => 'otpauth://hotp/service:account?secret=A4GRFHZVRBGY7UIW&issuer=service',
|
|
]);
|
|
}
|
|
|
|
#[Test]
|
|
public function test_show_qrcode_returns_base64_image()
|
|
{
|
|
$response = $this->actingAs($this->user, 'api-guard')
|
|
->json('GET', '/api/v1/twofaccounts/' . $this->twofaccount->id . '/qrcode')
|
|
->assertJsonStructure([
|
|
'qrcode',
|
|
])
|
|
->assertOk();
|
|
|
|
$this->assertStringStartsWith('data:image/svg+xml;base64', $response->getData()->qrcode);
|
|
}
|
|
|
|
#[Test]
|
|
public function test_show_missing_qrcode_returns_not_found()
|
|
{
|
|
$response = $this->actingAs($this->user, 'api-guard')
|
|
->json('GET', '/api/v1/twofaccounts/1000/qrcode')
|
|
->assertNotFound()
|
|
->assertJsonStructure([
|
|
'message',
|
|
]);
|
|
}
|
|
|
|
#[Test]
|
|
public function test_show_qrcode_of_another_user_is_forbidden()
|
|
{
|
|
$response = $this->actingAs($this->anotherUser, 'api-guard')
|
|
->json('GET', '/api/v1/twofaccounts/' . $this->twofaccount->id . '/qrcode')
|
|
->assertForbidden()
|
|
->assertJsonStructure([
|
|
'message',
|
|
]);
|
|
}
|
|
|
|
#[Test]
|
|
public function test_decode_qrcode_return_success()
|
|
{
|
|
$file = LocalFile::fake()->validQrcode();
|
|
|
|
$response = $this->withHeaders(['Content-Type' => 'multipart/form-data'])
|
|
->actingAs($this->user, 'api-guard')
|
|
->json('POST', '/api/v1/qrcode/decode', [
|
|
'qrcode' => $file,
|
|
'inputFormat' => 'fileUpload',
|
|
])
|
|
->assertOk()
|
|
->assertExactJson([
|
|
'data' => 'otpauth://totp/test@test.com?secret=A4GRFHVIRBGY7UIW',
|
|
]);
|
|
}
|
|
|
|
#[Test]
|
|
public function test_decode_missing_qrcode_return_validation_error()
|
|
{
|
|
$response = $this->actingAs($this->user, 'api-guard')
|
|
->json('POST', '/api/v1/qrcode/decode', [
|
|
'qrcode' => '',
|
|
])
|
|
->assertStatus(422);
|
|
}
|
|
|
|
#[Test]
|
|
public function test_decode_invalid_qrcode_return_bad_request()
|
|
{
|
|
$file = LocalFile::fake()->invalidQrcode();
|
|
|
|
$response = $this->withHeaders(['Content-Type' => 'multipart/form-data'])
|
|
->actingAs($this->user, 'api-guard')
|
|
->json('POST', '/api/v1/qrcode/decode', [
|
|
'qrcode' => $file,
|
|
'inputFormat' => 'fileUpload',
|
|
])
|
|
->assertStatus(400)
|
|
->assertJsonStructure([
|
|
'message',
|
|
]);
|
|
}
|
|
}
|