diff --git a/src/app/Console/Commands/Data/Import/SignupTokensCommand.php b/src/app/Console/Commands/Data/Import/SignupTokensCommand.php new file mode 100644 index 00000000..28a3dac0 --- /dev/null +++ b/src/app/Console/Commands/Data/Import/SignupTokensCommand.php @@ -0,0 +1,110 @@ +getObject(Plan::class, $this->argument('plan'), 'title', false); + + if (!$plan) { + $this->error("Plan not found"); + return 1; + } + + if ($plan->mode != Plan::MODE_TOKEN) { + $this->error("The plan is not for tokens"); + return 1; + } + + $file = $this->argument('file'); + + if (!file_exists($file)) { + $this->error("File '$file' does not exist"); + return 1; + } + + $list = file($file); + + if (empty($list)) { + $this->error("File '$file' is empty"); + return 1; + } + + $bar = $this->createProgressBar(count($list), "Validating tokens"); + + $list = array_map('trim', $list); + $list = array_map('strtoupper', $list); + + // Validate tokens + foreach ($list as $idx => $token) { + if (!strlen($token)) { + // Skip empty lines + unset($list[$idx]); + } elseif (strlen($token) > 191) { + $bar->finish(); + $this->error("Token '$token' is too long"); + return 1; + } elseif (SignupToken::find($token)) { + // Skip existing tokens + unset($list[$idx]); + } + + $bar->advance(); + } + + $bar->finish(); + + $this->info("DONE"); + + if (empty($list)) { + $this->info("Nothing to import"); + return 0; + } + + $list = array_unique($list); // remove duplicated tokens + + $bar = $this->createProgressBar(count($list), "Importing tokens"); + + // Import tokens + foreach ($list as $token) { + $plan->signupTokens()->create([ + 'id' => $token, + // This allows us to update counter when importing old tokens in migration. + // It can be removed later + 'counter' => \App\UserSetting::where('key', 'signup_token') + ->whereRaw('UPPER(value) = ?', [$token])->count(), + ]); + + $bar->advance(); + } + + $bar->finish(); + + $this->info("DONE"); + } +} diff --git a/src/app/Http/Controllers/API/SignupController.php b/src/app/Http/Controllers/API/SignupController.php index 3f096250..afe8477b 100644 --- a/src/app/Http/Controllers/API/SignupController.php +++ b/src/app/Http/Controllers/API/SignupController.php @@ -1,631 +1,632 @@ where('hidden', false) ->orderBy('months')->orderByDesc('title') ->get() ->map(function ($plan) { $button = self::trans("app.planbutton-{$plan->title}"); if (strpos($button, 'app.planbutton') !== false) { $button = self::trans('app.planbutton', ['plan' => $plan->name]); } return [ 'title' => $plan->title, 'name' => $plan->name, 'button' => $button, 'description' => $plan->description, 'mode' => $plan->mode ?: Plan::MODE_EMAIL, 'isDomain' => $plan->hasDomain(), ]; }) ->all(); return response()->json(['status' => 'success', 'plans' => $plans]); } /** * Returns list of public domains for signup. * * @param \Illuminate\Http\Request $request HTTP request * * @return \Illuminate\Http\JsonResponse JSON response */ public function domains(Request $request) { return response()->json(['status' => 'success', 'domains' => Domain::getPublicDomains()]); } /** * Starts signup process. * * Verifies user name and email/phone, sends verification email/sms message. * Returns the verification code. * * @param \Illuminate\Http\Request $request HTTP request * * @return \Illuminate\Http\JsonResponse JSON response */ public function init(Request $request) { $rules = [ 'first_name' => 'max:128', 'last_name' => 'max:128', 'voucher' => 'max:32', ]; $plan = $this->getPlan(); if ($plan->mode == Plan::MODE_TOKEN) { - $rules['token'] = ['required', 'string', new SignupToken()]; + $rules['token'] = ['required', 'string', new SignupTokenRule($plan)]; } else { $rules['email'] = ['required', 'string', new SignupExternalEmail()]; } // Check required fields, validate input $v = Validator::make($request->all(), $rules); if ($v->fails()) { return response()->json(['status' => 'error', 'errors' => $v->errors()->toArray()], 422); } // Generate the verification code $code = SignupCode::create([ 'email' => $plan->mode == Plan::MODE_TOKEN ? $request->token : $request->email, 'first_name' => $request->first_name, 'last_name' => $request->last_name, 'plan' => $plan->title, 'voucher' => $request->voucher, ]); $response = [ 'status' => 'success', 'code' => $code->code, 'mode' => $plan->mode ?: 'email', ]; if ($plan->mode == Plan::MODE_TOKEN) { // Token verification, jump to the last step $has_domain = $plan->hasDomain(); $response['short_code'] = $code->short_code; $response['is_domain'] = $has_domain; $response['domains'] = $has_domain ? [] : Domain::getPublicDomains(); } else { // External email verification, send an email message SignupVerificationEmail::dispatch($code); } return response()->json($response); } /** * Returns signup invitation information. * * @param string $id Signup invitation identifier * * @return \Illuminate\Http\JsonResponse|void */ public function invitation($id) { $invitation = SignupInvitation::withEnvTenantContext()->find($id); if (empty($invitation) || $invitation->isCompleted()) { return $this->errorResponse(404); } $has_domain = $this->getPlan()->hasDomain(); $result = [ 'id' => $id, 'is_domain' => $has_domain, 'domains' => $has_domain ? [] : Domain::getPublicDomains(), ]; return response()->json($result); } /** * Validation of the verification code. * * @param \Illuminate\Http\Request $request HTTP request * @param bool $update Update the signup code record * * @return \Illuminate\Http\JsonResponse JSON response */ public function verify(Request $request, $update = true) { // Validate the request args $v = Validator::make( $request->all(), [ 'code' => 'required', 'short_code' => 'required', ] ); if ($v->fails()) { return response()->json(['status' => 'error', 'errors' => $v->errors()], 422); } // Validate the verification code $code = SignupCode::find($request->code); if ( empty($code) || $code->isExpired() || Str::upper($request->short_code) !== Str::upper($code->short_code) ) { $errors = ['short_code' => "The code is invalid or expired."]; return response()->json(['status' => 'error', 'errors' => $errors], 422); } // For signup last-step mode remember the code object, so we can delete it // with single SQL query (->delete()) instead of two $request->code = $code; if ($update) { $code->verify_ip_address = $request->ip(); $code->save(); } $has_domain = $this->getPlan()->hasDomain(); // Return user name and email/phone/voucher from the codes database, // domains list for selection and "plan type" flag return response()->json([ 'status' => 'success', 'email' => $code->email, 'first_name' => $code->first_name, 'last_name' => $code->last_name, 'voucher' => $code->voucher, 'is_domain' => $has_domain, 'domains' => $has_domain ? [] : Domain::getPublicDomains(), ]); } /** * Validates the input to the final signup request. * * @param \Illuminate\Http\Request $request HTTP request * * @return \Illuminate\Http\JsonResponse JSON response */ public function signupValidate(Request $request) { $rules = [ 'login' => 'required|min:2', 'password' => ['required', 'confirmed', new Password()], 'domain' => 'required', 'voucher' => 'max:32', ]; // Direct signup by token if ($request->token) { - $rules['token'] = ['required', 'string', new SignupToken()]; + // This will validate the token and the plan mode + $plan = $request->plan ? Plan::withEnvTenantContext()->where('title', $request->plan)->first() : null; + $rules['token'] = ['required', 'string', new SignupTokenRule($plan)]; } // Validate input $v = Validator::make($request->all(), $rules); if ($v->fails()) { return response()->json(['status' => 'error', 'errors' => $v->errors()], 422); } $settings = []; if (!empty($request->token)) { - // Token mode, check the plan - $plan = $request->plan ? Plan::withEnvTenantContext()->where('title', $request->plan)->first() : null; - - if (!$plan || $plan->mode != Plan::MODE_TOKEN) { - $msg = self::trans('validation.exists', ['attribute' => 'plan']); - return response()->json(['status' => 'error', 'errors' => ['plan' => $msg]], 422); - } + $settings = ['signup_token' => strtoupper($request->token)]; } elseif (!empty($request->plan) && empty($request->code) && empty($request->invitation)) { // Plan parameter is required/allowed in mandate mode $plan = Plan::withEnvTenantContext()->where('title', $request->plan)->first(); if (!$plan || $plan->mode != Plan::MODE_MANDATE) { $msg = self::trans('validation.exists', ['attribute' => 'plan']); return response()->json(['status' => 'error', 'errors' => ['plan' => $msg]], 422); } } elseif ($request->invitation) { // Signup via invitation $invitation = SignupInvitation::withEnvTenantContext()->find($request->invitation); if (empty($invitation) || $invitation->isCompleted()) { return $this->errorResponse(404); } // Check required fields $v = Validator::make( $request->all(), [ 'first_name' => 'max:128', 'last_name' => 'max:128', ] ); $errors = $v->fails() ? $v->errors()->toArray() : []; if (!empty($errors)) { return response()->json(['status' => 'error', 'errors' => $errors], 422); } $settings = [ 'external_email' => $invitation->email, 'first_name' => $request->first_name, 'last_name' => $request->last_name, ]; } else { // Validate verification codes (again) $v = $this->verify($request, false); if ($v->status() !== 200) { return $v; } $plan = $this->getPlan(); // Get user name/email from the verification code database $code_data = $v->getData(); $settings = [ 'first_name' => $code_data->first_name, 'last_name' => $code_data->last_name, ]; if ($plan->mode == Plan::MODE_TOKEN) { - $settings['signup_token'] = $code_data->email; + $settings['signup_token'] = strtoupper($code_data->email); } else { $settings['external_email'] = $code_data->email; } } // Find the voucher discount if ($request->voucher) { $discount = Discount::where('code', \strtoupper($request->voucher)) ->where('active', true)->first(); if (!$discount) { $errors = ['voucher' => self::trans('validation.voucherinvalid')]; return response()->json(['status' => 'error', 'errors' => $errors], 422); } } if (empty($plan)) { $plan = $this->getPlan(); } $is_domain = $plan->hasDomain(); // Validate login if ($errors = self::validateLogin($request->login, $request->domain, $is_domain)) { return response()->json(['status' => 'error', 'errors' => $errors], 422); } // Set some properties for signup() method $request->settings = $settings; $request->plan = $plan; $request->discount = $discount ?? null; $request->invitation = $invitation ?? null; $result = []; if ($plan->mode == Plan::MODE_MANDATE) { $result = $this->mandateForPlan($plan, $request->discount); } return response()->json($result + ['status' => 'success']); } /** * Finishes the signup process by creating the user account. * * @param \Illuminate\Http\Request $request HTTP request * * @return \Illuminate\Http\JsonResponse JSON response */ public function signup(Request $request) { $v = $this->signupValidate($request); if ($v->status() !== 200) { return $v; } $is_domain = $request->plan->hasDomain(); // We allow only ASCII, so we can safely lower-case the email address $login = Str::lower($request->login); $domain_name = Str::lower($request->domain); $domain = null; $user_status = User::STATUS_RESTRICTED; if ( $request->discount && $request->discount->discount == 100 && $request->plan->mode == Plan::MODE_MANDATE ) { $user_status = User::STATUS_ACTIVE; } DB::beginTransaction(); // Create domain record if ($is_domain) { $domain = Domain::create([ 'namespace' => $domain_name, 'type' => Domain::TYPE_EXTERNAL, ]); } // Create user record $user = User::create([ 'email' => $login . '@' . $domain_name, 'password' => $request->password, 'status' => $user_status, ]); if ($request->discount) { $wallet = $user->wallets()->first(); $wallet->discount()->associate($request->discount); $wallet->save(); } $user->assignPlan($request->plan, $domain); // Save the external email and plan in user settings $user->setSettings($request->settings); // Update the invitation if ($request->invitation) { $request->invitation->status = SignupInvitation::STATUS_COMPLETED; $request->invitation->user_id = $user->id; $request->invitation->save(); } // Soft-delete the verification code, and store some more info with it if ($request->code) { $request->code->user_id = $user->id; $request->code->submit_ip_address = $request->ip(); $request->code->deleted_at = \now(); $request->code->timestamps = false; $request->code->save(); } + // Bump up counter on the signup token + if (!empty($request->settings['signup_token'])) { + \App\SignupToken::where('id', $request->settings['signup_token'])->increment('counter'); + } + DB::commit(); $response = AuthController::logonResponse($user, $request->password); if ($request->plan->mode == Plan::MODE_MANDATE) { $data = $response->getData(true); $data['checkout'] = $this->mandateForPlan($request->plan, $request->discount, $user); $response->setData($data); } return $response; } /** * Collects some content to display to the user before redirect to a checkout page. * Optionally creates a recurrent payment mandate for specified user/plan. */ protected function mandateForPlan(Plan $plan, Discount $discount = null, User $user = null): array { $result = []; $min = \App\Payment::MIN_AMOUNT; $planCost = $cost = $plan->cost(); $disc = 0; if ($discount) { // Free accounts don't need the auto-payment mandate // Note: This means the voucher code is the only point of user verification if ($discount->discount == 100) { return [ 'content' => self::trans('app.signup-account-free'), 'cost' => 0, ]; } $planCost = (int) ($planCost * (100 - $discount->discount) / 100); $disc = $cost - $planCost; } if ($planCost > $min) { $min = $planCost; } if ($user) { $wallet = $user->wallets()->first(); $wallet->setSettings([ 'mandate_amount' => sprintf('%.2F', round($min / 100, 2)), 'mandate_balance' => 0, ]); $mandate = [ 'currency' => $wallet->currency, 'description' => \App\Tenant::getConfig($user->tenant_id, 'app.name') . ' ' . self::trans('app.mandate-description-suffix'), 'methodId' => PaymentProvider::METHOD_CREDITCARD, 'redirectUrl' => Utils::serviceUrl('/payment/status', $user->tenant_id), ]; $provider = PaymentProvider::factory($wallet); $result = $provider->createMandate($wallet, $mandate); } $country = Utils::countryForRequest(); $period = $plan->months == 12 ? 'yearly' : 'monthly'; $currency = \config('app.currency'); $rate = VatRate::where('country', $country) ->where('start', '<=', now()->format('Y-m-d h:i:s')) ->orderByDesc('start') ->limit(1) ->first(); $summary = '' . '' . self::trans("app.signup-subscription-{$period}") . '' . '' . Utils::money($cost, $currency) . '' . ''; if ($discount) { $summary .= '' . '' . self::trans('app.discount-code', ['code' => $discount->code]) . '' . '' . Utils::money(-$disc, $currency) . '' . ''; } $summary .= '' . '' . '' . self::trans('app.total') . '' . '' . Utils::money($planCost, $currency) . '' . ''; if ($rate && $rate->rate > 0) { // TODO: app.vat.mode $vat = round($planCost * $rate->rate / 100); $content = self::trans('app.vat-incl', [ 'rate' => Utils::percent($rate->rate), 'cost' => Utils::money($planCost - $vat, $currency), 'vat' => Utils::money($vat, $currency), ]); $summary .= '*' . $content . ''; } $trialEnd = $plan->free_months ? now()->copy()->addMonthsWithoutOverflow($plan->free_months) : now(); $params = [ 'cost' => Utils::money($planCost, $currency), 'date' => $trialEnd->toDateString(), ]; $result['title'] = self::trans("app.signup-plan-{$period}"); $result['content'] = self::trans('app.signup-account-mandate', $params); $result['summary'] = '' . $summary . '
'; $result['cost'] = $planCost; return $result; } /** * Returns plan for the signup process * * @returns \App\Plan Plan object selected for current signup process */ protected function getPlan() { $request = request(); if (!$request->plan || !$request->plan instanceof Plan) { // Get the plan if specified and exists... if (($request->code instanceof SignupCode) && $request->code->plan) { $plan = Plan::withEnvTenantContext()->where('title', $request->code->plan)->first(); } elseif ($request->plan) { $plan = Plan::withEnvTenantContext()->where('title', $request->plan)->first(); } // ...otherwise use the default plan if (empty($plan)) { // TODO: Get default plan title from config $plan = Plan::withEnvTenantContext()->where('title', 'individual')->first(); } $request->plan = $plan; } return $request->plan; } /** * Login (kolab identity) validation * * @param string $login Login (local part of an email address) * @param string $domain Domain name * @param bool $external Enables additional checks for domain part * * @return array Error messages on validation error */ protected static function validateLogin($login, $domain, $external = false): ?array { // Validate login part alone $v = Validator::make( ['login' => $login], ['login' => ['required', 'string', new UserEmailLocal($external)]] ); if ($v->fails()) { return ['login' => $v->errors()->toArray()['login'][0]]; } $domains = $external ? null : Domain::getPublicDomains(); // Validate the domain $v = Validator::make( ['domain' => $domain], ['domain' => ['required', 'string', new UserEmailDomain($domains)]] ); if ($v->fails()) { return ['domain' => $v->errors()->toArray()['domain'][0]]; } $domain = Str::lower($domain); // Check if domain is already registered with us if ($external) { if (Domain::withTrashed()->where('namespace', $domain)->exists()) { return ['domain' => self::trans('validation.domainexists')]; } } // Check if user with specified login already exists $email = $login . '@' . $domain; if (User::emailExists($email) || User::aliasExists($email) || \App\Group::emailExists($email)) { return ['login' => self::trans('validation.loginexists')]; } return null; } } diff --git a/src/app/Observers/SignupTokenObserver.php b/src/app/Observers/SignupTokenObserver.php new file mode 100644 index 00000000..bf25f0dd --- /dev/null +++ b/src/app/Observers/SignupTokenObserver.php @@ -0,0 +1,18 @@ +id = strtoupper(trim($token->id)); + } +} diff --git a/src/app/Plan.php b/src/app/Plan.php index 71cec5b2..89041cc6 100644 --- a/src/app/Plan.php +++ b/src/app/Plan.php @@ -1,139 +1,149 @@ The attributes that are mass assignable */ protected $fillable = [ 'title', 'hidden', 'mode', 'name', 'description', // a start and end datetime for this promotion 'promo_from', 'promo_to', // discounts start at this quantity 'discount_qty', // the rate of the discount for this plan 'discount_rate', // minimum number of months this plan is for 'months', // number of free months (trial) 'free_months', ]; /** @var array The attributes that should be cast */ protected $casts = [ 'promo_from' => 'datetime:Y-m-d H:i:s', 'promo_to' => 'datetime:Y-m-d H:i:s', 'discount_qty' => 'integer', 'discount_rate' => 'integer', 'hidden' => 'boolean', 'months' => 'integer', 'free_months' => 'integer' ]; /** @var array Translatable properties */ public $translatable = [ 'name', 'description', ]; /** * The list price for this plan at the minimum configuration. * * @return int The costs in cents. */ public function cost(): int { $costs = 0; // TODO: What about plan's discount_qty/discount_rate? foreach ($this->packages as $package) { $costs += $package->pivot->cost(); } // TODO: What about plan's free_months? return $costs * $this->months; } /** * The relationship to packages. * * The plan contains one or more packages. Each package may have its minimum number (for * billing) or its maximum (to allow topping out "enterprise" customers on a "small business" * plan). * * @return \Illuminate\Database\Eloquent\Relations\BelongsToMany */ public function packages() { return $this->belongsToMany(Package::class, 'plan_packages') ->using(PlanPackage::class) ->withPivot([ 'qty', 'qty_min', 'qty_max', 'discount_qty', 'discount_rate' ]); } /** * Checks if the plan has any type of domain SKU assigned. * * @return bool */ public function hasDomain(): bool { foreach ($this->packages as $package) { if ($package->isDomain()) { return true; } } return false; } + + /** + * The relationship to signup tokens. + * + * @return \Illuminate\Database\Eloquent\Relations\HasMany + */ + public function signupTokens() + { + return $this->hasMany(SignupToken::class); + } } diff --git a/src/app/Providers/AppServiceProvider.php b/src/app/Providers/AppServiceProvider.php index b4f2d564..95ee8dfb 100644 --- a/src/app/Providers/AppServiceProvider.php +++ b/src/app/Providers/AppServiceProvider.php @@ -1,153 +1,154 @@ 'overrideValue1', * 'queue.connections.database.table' => 'overrideValue2', * ]; */ private function applyOverrideConfig(): void { $overrideConfig = (array) \config('override'); foreach (array_keys($overrideConfig) as $key) { \config([$key => $overrideConfig[$key]]); } } /** * Bootstrap any application services. */ public function boot(): void { \App\Domain::observe(\App\Observers\DomainObserver::class); \App\Entitlement::observe(\App\Observers\EntitlementObserver::class); \App\EventLog::observe(\App\Observers\EventLogObserver::class); \App\Group::observe(\App\Observers\GroupObserver::class); \App\GroupSetting::observe(\App\Observers\GroupSettingObserver::class); \App\Meet\Room::observe(\App\Observers\Meet\RoomObserver::class); \App\PackageSku::observe(\App\Observers\PackageSkuObserver::class); \App\PlanPackage::observe(\App\Observers\PlanPackageObserver::class); \App\Resource::observe(\App\Observers\ResourceObserver::class); \App\ResourceSetting::observe(\App\Observers\ResourceSettingObserver::class); \App\SharedFolder::observe(\App\Observers\SharedFolderObserver::class); \App\SharedFolderAlias::observe(\App\Observers\SharedFolderAliasObserver::class); \App\SharedFolderSetting::observe(\App\Observers\SharedFolderSettingObserver::class); \App\SignupCode::observe(\App\Observers\SignupCodeObserver::class); \App\SignupInvitation::observe(\App\Observers\SignupInvitationObserver::class); + \App\SignupToken::observe(\App\Observers\SignupTokenObserver::class); \App\Transaction::observe(\App\Observers\TransactionObserver::class); \App\User::observe(\App\Observers\UserObserver::class); \App\UserAlias::observe(\App\Observers\UserAliasObserver::class); \App\UserSetting::observe(\App\Observers\UserSettingObserver::class); \App\VerificationCode::observe(\App\Observers\VerificationCodeObserver::class); \App\Wallet::observe(\App\Observers\WalletObserver::class); \App\PowerDNS\Domain::observe(\App\Observers\PowerDNS\DomainObserver::class); \App\PowerDNS\Record::observe(\App\Observers\PowerDNS\RecordObserver::class); Schema::defaultStringLength(191); // Register some template helpers Blade::directive( 'theme_asset', function ($path) { $path = trim($path, '/\'"'); return ""; } ); Builder::macro( 'withEnvTenantContext', function (string $table = null) { $tenantId = \config('app.tenant_id'); if ($tenantId) { /** @var Builder $this */ return $this->where(($table ? "$table." : "") . "tenant_id", $tenantId); } /** @var Builder $this */ return $this->whereNull(($table ? "$table." : "") . "tenant_id"); } ); Builder::macro( 'withObjectTenantContext', function (object $object, string $table = null) { $tenantId = $object->tenant_id; if ($tenantId) { /** @var Builder $this */ return $this->where(($table ? "$table." : "") . "tenant_id", $tenantId); } /** @var Builder $this */ return $this->whereNull(($table ? "$table." : "") . "tenant_id"); } ); Builder::macro( 'withSubjectTenantContext', function (string $table = null) { if ($user = auth()->user()) { $tenantId = $user->tenant_id; } else { $tenantId = \config('app.tenant_id'); } if ($tenantId) { /** @var Builder $this */ return $this->where(($table ? "$table." : "") . "tenant_id", $tenantId); } /** @var Builder $this */ return $this->whereNull(($table ? "$table." : "") . "tenant_id"); } ); // Query builder 'whereLike' mocro Builder::macro( 'whereLike', function (string $column, string $search, int $mode = 0) { $search = addcslashes($search, '%_'); switch ($mode) { case 2: $search .= '%'; break; case 1: $search = '%' . $search; break; default: $search = '%' . $search . '%'; } /** @var Builder $this */ return $this->where($column, 'like', $search); } ); $this->applyOverrideConfig(); } } diff --git a/src/app/Rules/SignupToken.php b/src/app/Rules/SignupToken.php index 30853a89..24817cf7 100644 --- a/src/app/Rules/SignupToken.php +++ b/src/app/Rules/SignupToken.php @@ -1,69 +1,63 @@ plan = $plan; + } /** * Determine if the validation rule passes. * * @param string $attribute Attribute name * @param mixed $token The value to validate * * @return bool */ public function passes($attribute, $token): bool { // Check the max length, according to the database column length if (!is_string($token) || strlen($token) > 191) { $this->message = \trans('validation.signuptokeninvalid'); return false; } - // Check the list of tokens for token existence - $file = storage_path('signup-tokens.txt'); - $list = []; - $token = \strtoupper($token); - - if (file_exists($file)) { - $list = file($file); - $list = array_map('trim', $list); - $list = array_map('strtoupper', $list); - } else { - \Log::error("Signup tokens file ({$file}) does not exist"); - } - - if (!in_array($token, $list)) { + // Sanity check on the plan + if (!$this->plan || $this->plan->mode != Plan::MODE_TOKEN) { $this->message = \trans('validation.signuptokeninvalid'); return false; } - // Check if the token has been already used for registration (exclude deleted users) - $used = \App\User::select() - ->join('user_settings', 'users.id', '=', 'user_settings.user_id') - ->where('user_settings.key', 'signup_token') - ->where('user_settings.value', $token) - ->exists(); - - if ($used) { + // Check the token existence + if (!$this->plan->signupTokens()->find($token)) { $this->message = \trans('validation.signuptokeninvalid'); return false; } return true; } /** * Get the validation error message. * * @return string */ public function message(): ?string { return $this->message; } } diff --git a/src/app/SignupToken.php b/src/app/SignupToken.php new file mode 100644 index 00000000..57d5a614 --- /dev/null +++ b/src/app/SignupToken.php @@ -0,0 +1,49 @@ + The attributes that are mass assignable */ + protected $fillable = [ + 'plan_id', + 'id', + 'counter', + ]; + + /** @var array The attributes that should be cast */ + protected $casts = [ + 'created_at' => 'datetime:Y-m-d H:i:s', + 'counter' => 'integer', + ]; + + /** @var bool Indicates if the model should be timestamped. */ + public $timestamps = false; + + /** + * The plan this token applies to + * + * @return \Illuminate\Database\Eloquent\Relations\BelongsTo + */ + public function plan() + { + return $this->belongsTo(Plan::class); + } +} diff --git a/src/database/migrations/2023_12_14_100000_create_signup_tokens_table.php b/src/database/migrations/2023_12_14_100000_create_signup_tokens_table.php new file mode 100644 index 00000000..03c3bd4a --- /dev/null +++ b/src/database/migrations/2023_12_14_100000_create_signup_tokens_table.php @@ -0,0 +1,38 @@ +string('id')->primary(); + $table->string('plan_id', 36); + $table->integer('counter')->unsigned()->default(0); + $table->timestamp('created_at')->useCurrent(); + + $table->index('plan_id'); + } + ); + } + + /** + * Reverse the migrations. + * + * @return void + */ + public function down() + { + Schema::dropIfExists('signup_tokens'); + } +}; diff --git a/src/tests/Browser/SignupTest.php b/src/tests/Browser/SignupTest.php index 1aef39b9..37a5981c 100644 --- a/src/tests/Browser/SignupTest.php +++ b/src/tests/Browser/SignupTest.php @@ -1,910 +1,913 @@ deleteTestUser('signuptestdusk@' . \config('app.domain')); $this->deleteTestUser('admin@user-domain-signup.com'); $this->deleteTestDomain('user-domain-signup.com'); Plan::whereNot('mode', Plan::MODE_EMAIL)->update(['mode' => Plan::MODE_EMAIL]); + SignupToken::truncate(); } /** * {@inheritDoc} */ public function tearDown(): void { $this->deleteTestUser('signuptestdusk@' . \config('app.domain')); $this->deleteTestUser('admin@user-domain-signup.com'); $this->deleteTestDomain('user-domain-signup.com'); SignupInvitation::truncate(); Plan::whereNot('mode', Plan::MODE_EMAIL)->update(['mode' => Plan::MODE_EMAIL]); Discount::where('discount', 100)->update(['code' => null]); - - @unlink(storage_path('signup-tokens.txt')); + SignupToken::truncate(); parent::tearDown(); } /** * Test signup code verification with a link */ public function testSignupCodeByLink(): void { // Test invalid code (invalid format) $this->browse(function (Browser $browser) { // Register Signup page element selectors we'll be using $browser->onWithoutAssert(new Signup()); // TODO: Test what happens if user is logged in $browser->visit('/signup/invalid-code'); // TODO: According to https://github.com/vuejs/vue-router/issues/977 // it is not yet easily possible to display error page component (route) // without changing the URL // TODO: Instead of css selector we should probably define page/component // and use it instead $browser->waitFor('#error-page'); }); // Test invalid code (valid format) $this->browse(function (Browser $browser) { $browser->visit('/signup/XXXXX-code'); // FIXME: User will not be able to continue anyway, so we should // either display 1st step or 404 error page $browser->waitFor('@step1') ->assertToast(Toast::TYPE_ERROR, 'Form validation error'); }); // Test valid code $this->browse(function (Browser $browser) { $code = SignupCode::create([ 'email' => 'User@example.org', 'first_name' => 'User', 'last_name' => 'Name', 'plan' => 'individual', 'voucher' => '', ]); $browser->visit('/signup/' . $code->short_code . '-' . $code->code) ->waitFor('@step3') ->assertMissing('@step1') ->assertMissing('@step2'); // FIXME: Find a nice way to read javascript data without using hidden inputs $this->assertSame($code->code, $browser->value('@step2 #signup_code')); // TODO: Test if the signup process can be completed }); } /** * Test signup "welcome" page */ public function testSignupStep0(): void { $this->browse(function (Browser $browser) { $browser->visit(new Signup()); $browser->assertVisible('@step0') ->assertMissing('@step1') ->assertMissing('@step2') ->assertMissing('@step3'); $browser->within(new Menu(), function ($browser) { $browser->assertMenuItems(['support', 'signup', 'login', 'lang'], 'signup'); }); $browser->waitFor('@step0 .plan-selector .card'); // Assert first plan box and press the button $browser->with('@step0 .plan-selector .plan-individual', function ($step) { $step->assertVisible('button') ->assertSeeIn('button', 'Individual Account') ->assertVisible('.plan-description') ->click('button'); }); $browser->waitForLocation('/signup/individual') ->assertVisible('@step1') ->assertSeeIn('.card-title', 'Sign Up - Step 1/3') ->assertMissing('@step0') ->assertMissing('@step2') ->assertMissing('@step3') ->assertFocused('@step1 #signup_first_name'); // Click Back button $browser->click('@step1 [type=button]') ->waitForLocation('/signup') ->assertVisible('@step0') ->assertMissing('@step1') ->assertMissing('@step2') ->assertMissing('@step3'); // Choose the group account plan $browser->click('@step0 .plan-selector .plan-group button') ->waitForLocation('/signup/group') ->assertVisible('@step1') ->assertMissing('@step0') ->assertMissing('@step2') ->assertMissing('@step3') ->assertFocused('@step1 #signup_first_name'); // TODO: Test if 'plan' variable is set properly in vue component }); } /** * Test 1st step of the signup process */ public function testSignupStep1(): void { $this->browse(function (Browser $browser) { $browser->visit('/signup/individual') ->onWithoutAssert(new Signup()); // Here we expect two text inputs and Back and Continue buttons $browser->with('@step1', function ($step) { $step->waitFor('#signup_last_name') ->assertSeeIn('.card-title', 'Sign Up - Step 1/3') ->assertVisible('#signup_first_name') ->assertFocused('#signup_first_name') ->assertVisible('#signup_email') ->assertVisible('[type=button]') ->assertVisible('[type=submit]'); }); // Submit empty form // Email is required, so after pressing Submit // we expect focus to be moved to the email input $browser->with('@step1', function ($step) { $step->click('[type=submit]'); $step->assertFocused('#signup_email'); }); $browser->within(new Menu(), function ($browser) { $browser->assertMenuItems(['support', 'signup', 'login', 'lang'], 'signup'); }); // Submit invalid email, and first_name // We expect both inputs to have is-invalid class added, with .invalid-feedback element $browser->with('@step1', function ($step) { $step->type('#signup_first_name', str_repeat('a', 250)) ->type('#signup_email', '@test') ->click('[type=submit]') ->waitFor('#signup_email.is-invalid') ->assertVisible('#signup_first_name.is-invalid') ->assertVisible('#signup_email + .invalid-feedback') ->assertVisible('#signup_last_name + .invalid-feedback') ->assertToast(Toast::TYPE_ERROR, 'Form validation error'); }); // Submit valid data // We expect error state on email input to be removed, and Step 2 form visible $browser->with('@step1', function ($step) { $step->type('#signup_first_name', 'Test') ->type('#signup_last_name', 'User') ->type('#signup_email', 'BrowserSignupTestUser1@kolab.org') ->click('[type=submit]') ->assertMissing('#signup_email.is-invalid') ->assertMissing('#signup_email + .invalid-feedback'); }); $browser->waitUntilMissing('@step2 #signup_code[value=""]'); $browser->waitFor('@step2'); $browser->assertMissing('@step1'); }); } /** * Test 2nd Step of the signup process * * @depends testSignupStep1 */ public function testSignupStep2(): void { $this->browse(function (Browser $browser) { $browser->assertVisible('@step2') ->assertSeeIn('@step2 .card-title', 'Sign Up - Step 2/3') ->assertMissing('@step0') ->assertMissing('@step1') ->assertMissing('@step3'); // Here we expect one text input, Back and Continue buttons $browser->with('@step2', function ($step) { $step->assertVisible('#signup_short_code') ->assertFocused('#signup_short_code') ->assertVisible('[type=button]') ->assertVisible('[type=submit]'); }); // Test Back button functionality $browser->click('@step2 [type=button]') ->waitFor('@step1') ->assertFocused('@step1 #signup_first_name') ->assertMissing('@step2'); // Submit valid Step 1 data (again) $browser->with('@step1', function ($step) { $step->type('#signup_first_name', 'User') ->type('#signup_last_name', 'User') ->type('#signup_email', 'BrowserSignupTestUser1@kolab.org') ->click('[type=submit]'); }); $browser->waitFor('@step2'); $browser->assertMissing('@step1'); // Submit invalid code // We expect code input to have is-invalid class added, with .invalid-feedback element $browser->with('@step2', function ($step) { $step->type('#signup_short_code', 'XXXXX'); $step->click('[type=submit]'); $step->waitFor('#signup_short_code.is-invalid') ->assertVisible('#signup_short_code + .invalid-feedback') ->assertFocused('#signup_short_code') ->assertToast(Toast::TYPE_ERROR, 'Form validation error'); }); // Submit valid code // We expect error state on code input to be removed, and Step 3 form visible $browser->with('@step2', function ($step) { // Get the code and short_code from database // FIXME: Find a nice way to read javascript data without using hidden inputs $code = $step->value('#signup_code'); $this->assertNotEmpty($code); $code = SignupCode::find($code); $step->type('#signup_short_code', $code->short_code); $step->click('[type=submit]'); $step->assertMissing('#signup_short_code.is-invalid'); $step->assertMissing('#signup_short_code + .invalid-feedback'); }); $browser->waitFor('@step3'); $browser->assertMissing('@step2'); }); } /** * Test 3rd Step of the signup process * * @depends testSignupStep2 */ public function testSignupStep3(): void { $this->browse(function (Browser $browser) { $browser->assertVisible('@step3'); // Here we expect 3 text inputs, Back and Continue buttons $browser->with('@step3', function ($step) { $domains = Domain::getPublicDomains(); $domains_count = count($domains); $step->assertSeeIn('.card-title', 'Sign Up - Step 3/3') ->assertMissing('#signup_last_name') ->assertMissing('#signup_first_name') ->assertVisible('#signup_login') ->assertVisible('#signup_password') ->assertVisible('#signup_password_confirmation') ->assertVisible('select#signup_domain') ->assertElementsCount('select#signup_domain option', $domains_count, false) ->assertText('select#signup_domain option:nth-child(1)', $domains[0]) ->assertValue('select#signup_domain option:nth-child(1)', $domains[0]) ->assertText('select#signup_domain option:nth-child(2)', $domains[1]) ->assertValue('select#signup_domain option:nth-child(2)', $domains[1]) ->assertVisible('[type=button]') ->assertVisible('[type=submit]') ->assertSeeIn('[type=submit]', 'Submit') ->assertFocused('#signup_login') ->assertSelected('select#signup_domain', \config('app.domain')) ->assertValue('#signup_login', '') ->assertValue('#signup_password', '') ->assertValue('#signup_password_confirmation', '') ->with('#signup_password_policy', function (Browser $browser) { $browser->assertElementsCount('li', 2) ->assertMissing('li:first-child svg.text-success') ->assertSeeIn('li:first-child small', "Minimum password length: 6 characters") ->assertMissing('li:last-child svg.text-success') ->assertSeeIn('li:last-child small', "Maximum password length: 255 characters"); }); // TODO: Test domain selector }); // Test Back button $browser->click('@step3 [type=button]'); $browser->waitFor('@step2'); $browser->assertFocused('@step2 #signup_short_code'); $browser->assertMissing('@step3'); // TODO: Test form reset when going back // Submit valid code again $browser->with('@step2', function ($step) { $code = $step->value('#signup_code'); $this->assertNotEmpty($code); $code = SignupCode::find($code); $step->type('#signup_short_code', $code->short_code); $step->click('[type=submit]'); }); $browser->waitFor('@step3'); // Submit invalid data $browser->with('@step3', function ($step) { $step->assertFocused('#signup_login') ->type('#signup_login', '*') ->type('#signup_password', '12345678') ->type('#signup_password_confirmation', '123456789') ->with('#signup_password_policy', function (Browser $browser) { $browser->waitFor('li:first-child svg.text-success') ->waitFor('li:last-child svg.text-success'); }) ->click('[type=submit]') ->waitFor('#signup_login.is-invalid') ->assertVisible('#signup_domain + .invalid-feedback') ->assertVisible('#signup_password.is-invalid') ->assertVisible('#signup_password_input .invalid-feedback') ->assertFocused('#signup_login') ->assertToast(Toast::TYPE_ERROR, 'Form validation error'); }); // Submit invalid data (valid login, invalid password) $browser->with('@step3', function ($step) { $step->type('#signup_login', 'SignupTestDusk') ->click('[type=submit]') ->waitFor('#signup_password.is-invalid') ->assertVisible('#signup_password_input .invalid-feedback') ->assertMissing('#signup_login.is-invalid') ->assertMissing('#signup_domain + .invalid-feedback') ->assertFocused('#signup_password') ->assertToast(Toast::TYPE_ERROR, 'Form validation error'); }); // Submit valid data $browser->with('@step3', function ($step) { $step->type('#signup_password_confirmation', '12345678'); $step->click('[type=submit]'); }); // At this point we should be auto-logged-in to dashboard $browser->waitUntilMissing('@step3') ->waitUntilMissing('.app-loader') ->on(new Dashboard()) ->assertUser('signuptestdusk@' . \config('app.domain')) ->assertVisible('@links a.link-settings') ->assertMissing('@links a.link-domains') ->assertVisible('@links a.link-users') ->assertVisible('@links a.link-wallet'); // Logout the user $browser->within(new Menu(), function ($browser) { $browser->clickMenuItem('logout'); }); }); } /** * Test signup for a group account */ public function testSignupGroup(): void { $this->browse(function (Browser $browser) { $browser->visit(new Signup()); // Choose the group account plan $browser->waitFor('@step0 .plan-group button') ->click('@step0 .plan-group button'); // Submit valid data // We expect error state on email input to be removed, and Step 2 form visible $browser->whenAvailable('@step1', function ($step) { $step->type('#signup_first_name', 'Test') ->type('#signup_last_name', 'User') ->type('#signup_email', 'BrowserSignupTestUser1@kolab.org') ->click('[type=submit]'); }); // Submit valid code $browser->whenAvailable('@step2', function ($step) { // Get the code and short_code from database // FIXME: Find a nice way to read javascript data without using hidden inputs $code = $step->value('#signup_code'); $code = SignupCode::find($code); $step->type('#signup_short_code', $code->short_code) ->click('[type=submit]'); }); // Here we expect 4 text inputs, Back and Continue buttons $browser->whenAvailable('@step3', function ($step) { $step->assertVisible('#signup_login') ->assertVisible('#signup_password') ->assertVisible('#signup_password_confirmation') ->assertVisible('input#signup_domain') ->assertVisible('[type=button]') ->assertVisible('[type=submit]') ->assertFocused('#signup_login') ->assertValue('input#signup_domain', '') ->assertValue('#signup_login', '') ->assertValue('#signup_password', '') ->assertValue('#signup_password_confirmation', ''); }); // Submit invalid login and password data $browser->with('@step3', function ($step) { $step->assertFocused('#signup_login') ->type('#signup_login', '*') ->type('#signup_domain', 'test.com') ->type('#signup_password', '12345678') ->type('#signup_password_confirmation', '123456789') ->click('[type=submit]') ->waitFor('#signup_login.is-invalid') ->assertVisible('#signup_domain + .invalid-feedback') ->assertVisible('#signup_password.is-invalid') ->assertVisible('#signup_password_input .invalid-feedback') ->assertFocused('#signup_login') ->assertToast(Toast::TYPE_ERROR, 'Form validation error'); }); // Submit invalid domain $browser->with('@step3', function ($step) { $step->type('#signup_login', 'admin') ->type('#signup_domain', 'aaa') ->type('#signup_password', '12345678') ->type('#signup_password_confirmation', '12345678') ->click('[type=submit]') ->waitUntilMissing('#signup_login.is-invalid') ->waitFor('#signup_domain.is-invalid + .invalid-feedback') ->assertMissing('#signup_password.is-invalid') ->assertMissing('#signup_password_input .invalid-feedback') ->assertFocused('#signup_domain') ->assertToast(Toast::TYPE_ERROR, 'Form validation error'); }); // Submit invalid domain $browser->with('@step3', function ($step) { $step->type('#signup_domain', 'user-domain-signup.com') ->click('[type=submit]'); }); // At this point we should be auto-logged-in to dashboard $browser->waitUntilMissing('@step3') ->waitUntilMissing('.app-loader') ->on(new Dashboard()) ->assertUser('admin@user-domain-signup.com') ->assertVisible('@links a.link-settings') ->assertVisible('@links a.link-domains') ->assertVisible('@links a.link-users') ->assertVisible('@links a.link-wallet'); $browser->within(new Menu(), function ($browser) { $browser->clickMenuItem('logout'); }); }); } /** * Test signup with a mandate plan, also the UI lock * * @group mollie */ public function testSignupMandate(): void { // Test the individual plan $plan = Plan::withEnvTenantContext()->where('title', 'individual')->first(); $plan->mode = Plan::MODE_MANDATE; $plan->save(); $this->browse(function (Browser $browser) { $browser->withConfig(['services.payment_provider' => 'mollie']) ->visit(new Signup()) ->waitFor('@step0 .plan-individual button') ->click('@step0 .plan-individual button') // Test Back button ->whenAvailable('@step3', function ($browser) { $browser->click('button[type=button]'); }) ->whenAvailable('@step0', function ($browser) { $browser->click('.plan-individual button'); }) // Test submit ->whenAvailable('@step3', function ($browser) { $domains = Domain::getPublicDomains(); $domains_count = count($domains); $browser->assertMissing('.card-title') ->assertElementsCount('select#signup_domain option', $domains_count, false) ->assertText('select#signup_domain option:nth-child(1)', $domains[0]) ->assertValue('select#signup_domain option:nth-child(1)', $domains[0]) ->type('#signup_login', 'signuptestdusk') ->type('#signup_password', '12345678') ->type('#signup_password_confirmation', '12345678') ->click('[type=submit]'); }) ->whenAvailable('@step4', function ($browser) { $browser->assertSeeIn('h4', 'The account is about to be created!') ->assertSeeIn('h5', 'You are choosing a monthly subscription') ->assertVisible('#summary-content') ->assertElementsCount('#summary-content + p.credit-cards img', 2) ->assertVisible('#summary-summary') ->assertSeeIn('button.btn-primary', 'Subscribe') ->assertSeeIn('button.btn-secondary', 'Back') ->click('button.btn-secondary'); }) ->whenAvailable('@step3', function ($browser) { $browser->assertValue('#signup_login', 'signuptestdusk') ->click('[type=submit]'); }) ->whenAvailable('@step4', function ($browser) { $browser->click('button.btn-primary'); }) ->on(new PaymentMollie()) ->assertSeeIn('@title', 'Auto-Payment Setup') ->assertMissing('@amount') ->submitPayment('open') ->on(new PaymentStatus()) ->assertSeeIn('@lock-alert', 'The account is locked') ->assertSeeIn('@content', 'Checking the status...') ->assertSeeIn('@button', 'Try again'); }); $user = User::where('email', 'signuptestdusk@' . \config('app.domain'))->first(); $this->assertSame($plan->id, $user->getSetting('plan_id')); $this->assertFalse($user->isActive()); // Refresh and see that the account is still locked $this->browse(function (Browser $browser) use ($user) { $browser->visit('/dashboard') ->on(new PaymentStatus()) ->assertSeeIn('@lock-alert', 'The account is locked') ->assertSeeIn('@content', 'Checking the status...'); // Mark the payment paid, and activate the user in background, // expect unlock and redirect to the dashboard // TODO: Move this to a separate tests file for PaymentStatus page $payment = $user->wallets()->first()->payments()->first(); $payment->credit('Test'); $payment->status = \App\Payment::STATUS_PAID; $payment->save(); $this->assertTrue($user->fresh()->isActive()); $browser->waitForLocation('/dashboard', 10) ->within(new Menu(), function ($browser) { $browser->clickMenuItem('logout'); }); }); // TODO: Test the 'Try again' button on /payment/status page } /** * Test signup with a mandate plan with a discount=100% */ public function testSignupMandateDiscount100Percent(): void { // Test the individual plan $plan = Plan::withEnvTenantContext()->where('title', 'individual')->first(); $plan->mode = Plan::MODE_MANDATE; $plan->save(); $discount = Discount::where('discount', 100)->first(); $discount->code = 'FREE'; $discount->save(); $this->browse(function (Browser $browser) { $browser->visit(new Signup()) ->waitFor('@step0 .plan-individual button') ->click('@step0 .plan-individual button') ->whenAvailable('@step3', function ($browser) { $browser->type('#signup_login', 'signuptestdusk') ->type('#signup_password', '12345678') ->type('#signup_password_confirmation', '12345678') ->type('#signup_voucher', 'FREE') ->click('[type=submit]'); }) ->whenAvailable('@step4', function ($browser) { $browser->assertSeeIn('h4', 'The account is about to be created!') ->assertSeeIn('#summary-content', 'You are signing up for an account with 100% discount.') ->assertMissing('#summary-summary') ->assertSeeIn('button.btn-primary', 'Subscribe') ->assertSeeIn('button.btn-secondary', 'Back') ->click('button.btn-primary'); }) ->waitUntilMissing('@step4') ->on(new Dashboard()) ->within(new Menu(), function ($browser) { $browser->clickMenuItem('logout'); }); }); $user = User::where('email', 'signuptestdusk@' . \config('app.domain'))->first(); $this->assertSame($plan->id, $user->getSetting('plan_id')); $this->assertTrue($user->isActive()); $this->assertFalse($user->isRestricted()); $this->assertSame($discount->id, $user->wallets->first()->discount_id); } /** * Test signup with a token plan */ public function testSignupToken(): void { // Test the individual plan - Plan::where('title', 'individual')->update(['mode' => Plan::MODE_TOKEN]); + $plan = Plan::withEnvTenantContext()->where('title', 'individual')->first(); + $plan->update(['mode' => Plan::MODE_TOKEN]); - // Register some valid tokens - $tokens = ['1234567890', 'abcdefghijk']; - file_put_contents(storage_path('signup-tokens.txt'), implode("\n", $tokens)); + // Register a valid token + $plan->signupTokens()->create(['id' => '1234567890']); - $this->browse(function (Browser $browser) use ($tokens) { + $this->browse(function (Browser $browser) { $browser->visit(new Signup()) ->waitFor('@step0 .plan-individual button') ->click('@step0 .plan-individual button') // Step 1 - ->whenAvailable('@step1', function ($browser) use ($tokens) { + ->whenAvailable('@step1', function ($browser) { $browser->assertSeeIn('.card-title', 'Sign Up - Step 1/2') ->type('#signup_first_name', 'Test') ->type('#signup_last_name', 'User') ->assertMissing('#signup_email') ->type('#signup_token', '1234') // invalid token ->click('[type=submit]') ->waitFor('#signup_token.is-invalid') ->assertVisible('#signup_token + .invalid-feedback') ->assertFocused('#signup_token') ->assertToast(Toast::TYPE_ERROR, 'Form validation error') // valid token - ->type('#signup_token', $tokens[0]) + ->type('#signup_token', '1234567890') ->click('[type=submit]'); }) // Step 2 ->whenAvailable('@step3', function ($browser) { $domains = Domain::getPublicDomains(); $domains_count = count($domains); $browser->assertSeeIn('.card-title', 'Sign Up - Step 2/2') ->assertElementsCount('select#signup_domain option', $domains_count, false) ->assertText('select#signup_domain option:nth-child(1)', $domains[0]) ->assertValue('select#signup_domain option:nth-child(1)', $domains[0]) ->type('#signup_login', 'signuptestdusk') ->type('#signup_password', '12345678') ->type('#signup_password_confirmation', '12345678') ->click('[type=submit]'); }) ->waitUntilMissing('@step3') ->on(new Dashboard()) ->within(new Menu(), function ($browser) { $browser->clickMenuItem('logout'); }); }); $user = User::where('email', 'signuptestdusk@' . \config('app.domain'))->first(); - $this->assertSame($tokens[0], $user->getSetting('signup_token')); $this->assertSame(null, $user->getSetting('external_email')); // Test the group plan - Plan::where('title', 'group')->update(['mode' => Plan::MODE_TOKEN]); + $plan = Plan::withEnvTenantContext()->where('title', 'group')->first(); + $plan->update(['mode' => Plan::MODE_TOKEN]); - $this->browse(function (Browser $browser) use ($tokens) { + // Register a valid token + $plan->signupTokens()->create(['id' => 'abcdefghijk']); + + $this->browse(function (Browser $browser) { $browser->visit(new Signup()) ->waitFor('@step0 .plan-group button') ->click('@step0 .plan-group button') // Step 1 - ->whenAvailable('@step1', function ($browser) use ($tokens) { + ->whenAvailable('@step1', function ($browser) { $browser->assertSeeIn('.card-title', 'Sign Up - Step 1/2') ->type('#signup_first_name', 'Test') ->type('#signup_last_name', 'User') ->assertMissing('#signup_email') ->type('#signup_token', '1234') // invalid token ->click('[type=submit]') ->waitFor('#signup_token.is-invalid') ->assertVisible('#signup_token + .invalid-feedback') ->assertFocused('#signup_token') ->assertToast(Toast::TYPE_ERROR, 'Form validation error') // valid token - ->type('#signup_token', $tokens[1]) + ->type('#signup_token', 'abcdefghijk') ->click('[type=submit]'); }) // Step 2 ->whenAvailable('@step3', function ($browser) { $browser->assertSeeIn('.card-title', 'Sign Up - Step 2/2') ->type('input#signup_domain', 'user-domain-signup.com') ->type('#signup_login', 'admin') ->type('#signup_password', '12345678') ->type('#signup_password_confirmation', '12345678') ->click('[type=submit]'); }) ->waitUntilMissing('@step3') ->on(new Dashboard()) ->within(new Menu(), function ($browser) { $browser->clickMenuItem('logout'); }); }); $user = User::where('email', 'admin@user-domain-signup.com')->first(); - $this->assertSame($tokens[1], $user->getSetting('signup_token')); $this->assertSame(null, $user->getSetting('external_email')); } /** * Test signup with voucher */ public function testSignupVoucherLink(): void { $this->browse(function (Browser $browser) { $browser->visit('/signup/voucher/TEST') ->onWithoutAssert(new Signup()) ->waitUntilMissing('.app-loader') ->waitFor('@step0') ->click('.plan-individual button') ->whenAvailable('@step1', function (Browser $browser) { $browser->type('#signup_first_name', 'Test') ->type('#signup_last_name', 'User') ->type('#signup_email', 'BrowserSignupTestUser1@kolab.org') ->click('[type=submit]'); }) ->whenAvailable('@step2', function (Browser $browser) { // Get the code and short_code from database // FIXME: Find a nice way to read javascript data without using hidden inputs $code = $browser->value('#signup_code'); $this->assertNotEmpty($code); $code = SignupCode::find($code); $browser->type('#signup_short_code', $code->short_code) ->click('[type=submit]'); }) ->whenAvailable('@step3', function (Browser $browser) { // Assert that the code is filled in the input // Change it and test error handling $browser->assertValue('#signup_voucher', 'TEST') ->type('#signup_voucher', 'TESTXX') ->type('#signup_login', 'signuptestdusk') ->type('#signup_password', '123456789') ->type('#signup_password_confirmation', '123456789') ->click('[type=submit]') ->waitFor('#signup_voucher.is-invalid') ->assertVisible('#signup_voucher + .invalid-feedback') ->assertFocused('#signup_voucher') ->assertToast(Toast::TYPE_ERROR, 'Form validation error') // Submit the correct code ->type('#signup_voucher', 'TEST') ->click('[type=submit]'); }) ->waitUntilMissing('@step3') ->waitUntilMissing('.app-loader') ->on(new Dashboard()) ->assertUser('signuptestdusk@' . \config('app.domain')) // Logout the user ->within(new Menu(), function ($browser) { $browser->clickMenuItem('logout'); }); }); $user = $this->getTestUser('signuptestdusk@' . \config('app.domain')); $discount = Discount::where('code', 'TEST')->first(); $this->assertSame($discount->id, $user->wallets()->first()->discount_id); } /** * Test signup via invitation link */ public function testSignupInvitation(): void { // Test non-existing invitation $this->browse(function (Browser $browser) { $browser->visit('/signup/invite/TEST') ->onWithoutAssert(new Signup()) ->waitFor('#app > #error-page') ->assertErrorPage(404); }); $invitation = SignupInvitation::create(['email' => 'test@domain.org']); $this->browse(function (Browser $browser) use ($invitation) { $browser->visit('/signup/invite/' . $invitation->id) ->onWithoutAssert(new Signup()) ->waitUntilMissing('.app-loader') ->with('@step3', function ($step) { $domains_count = count(Domain::getPublicDomains()); $step->assertMissing('.card-title') ->assertVisible('#signup_last_name') ->assertVisible('#signup_first_name') ->assertVisible('#signup_login') ->assertVisible('#signup_password') ->assertVisible('#signup_password_confirmation') ->assertVisible('select#signup_domain') ->assertElementsCount('select#signup_domain option', $domains_count, false) ->assertVisible('[type=submit]') ->assertMissing('[type=button]') // Back button ->assertSeeIn('[type=submit]', 'Sign Up') ->assertFocused('#signup_first_name') ->assertValue('select#signup_domain', \config('app.domain')) ->assertValue('#signup_first_name', '') ->assertValue('#signup_last_name', '') ->assertValue('#signup_login', '') ->assertValue('#signup_password', '') ->assertValue('#signup_password_confirmation', ''); // Submit invalid data $step->type('#signup_login', '*') ->type('#signup_password', '12345678') ->type('#signup_password_confirmation', '123456789') ->click('[type=submit]') ->waitFor('#signup_login.is-invalid') ->assertVisible('#signup_domain + .invalid-feedback') ->assertVisible('#signup_password.is-invalid') ->assertVisible('#signup_password_input .invalid-feedback') ->assertFocused('#signup_login') ->assertToast(Toast::TYPE_ERROR, 'Form validation error'); // Submit valid data $step->type('#signup_password_confirmation', '12345678') ->type('#signup_login', 'signuptestdusk') ->type('#signup_first_name', 'First') ->type('#signup_last_name', 'Last') ->click('[type=submit]'); }) // At this point we should be auto-logged-in to dashboard ->waitUntilMissing('@step3') ->waitUntilMissing('.app-loader') ->on(new Dashboard()) ->assertUser('signuptestdusk@' . \config('app.domain')) // Logout the user ->within(new Menu(), function ($browser) { $browser->clickMenuItem('logout'); }); }); $invitation->refresh(); $user = User::where('email', 'signuptestdusk@' . \config('app.domain'))->first(); $this->assertTrue($invitation->isCompleted()); $this->assertSame($user->id, $invitation->user_id); $this->assertSame('First', $user->getSetting('first_name')); $this->assertSame('Last', $user->getSetting('last_name')); $this->assertSame($invitation->email, $user->getSetting('external_email')); } } diff --git a/src/tests/Feature/Console/Data/Import/SignupTokensTest.php b/src/tests/Feature/Console/Data/Import/SignupTokensTest.php new file mode 100644 index 00000000..5c9b0988 --- /dev/null +++ b/src/tests/Feature/Console/Data/Import/SignupTokensTest.php @@ -0,0 +1,97 @@ +delete(); + SignupToken::truncate(); + } + + /** + * {@inheritDoc} + */ + public function tearDown(): void + { + Plan::where('title', 'test')->delete(); + SignupToken::truncate(); + + @unlink(storage_path('test-tokens.txt')); + + parent::tearDown(); + } + + /** + * Test the command + */ + public function testHandle(): void + { + $file = storage_path('test-tokens.txt'); + file_put_contents($file, ''); + + // Unknown plan + $code = \Artisan::call("data:import:signup-tokens unknown {$file}"); + $output = trim(\Artisan::output()); + + $this->assertSame(1, $code); + $this->assertSame("Plan not found", $output); + + // Plan not for tokens + $code = \Artisan::call("data:import:signup-tokens individual {$file}"); + $output = trim(\Artisan::output()); + + $this->assertSame(1, $code); + $this->assertSame("The plan is not for tokens", $output); + + $plan = Plan::create([ + 'title' => 'test', + 'name' => 'Test Account', + 'description' => 'Test', + 'mode' => Plan::MODE_TOKEN, + ]); + + // Non-existent input file + $code = \Artisan::call("data:import:signup-tokens {$plan->title} nofile.txt"); + $output = trim(\Artisan::output()); + + $this->assertSame(1, $code); + $this->assertSame("File 'nofile.txt' does not exist", $output); + + // Empty input file + $code = \Artisan::call("data:import:signup-tokens {$plan->title} {$file}"); + $output = trim(\Artisan::output()); + + $this->assertSame(1, $code); + $this->assertSame("File '{$file}' is empty", $output); + + // Valid tokens + file_put_contents($file, "12345\r\nabcde"); + $code = \Artisan::call("data:import:signup-tokens {$plan->id} {$file}"); + $output = trim(\Artisan::output()); + + $this->assertSame(0, $code); + $this->assertStringContainsString("Validating tokens... DONE", $output); + $this->assertStringContainsString("Importing tokens... DONE", $output); + $this->assertSame(['12345', 'ABCDE'], $plan->signupTokens()->orderBy('id')->pluck('id')->all()); + + // Attempt the same tokens again + $code = \Artisan::call("data:import:signup-tokens {$plan->id} {$file}"); + $output = trim(\Artisan::output()); + + $this->assertSame(0, $code); + $this->assertStringContainsString("Validating tokens... DONE", $output); + $this->assertStringContainsString("Nothing to import", $output); + $this->assertStringNotContainsString("Importing tokens...", $output); + } +} diff --git a/src/tests/Feature/Controller/SignupTest.php b/src/tests/Feature/Controller/SignupTest.php index bddf2eca..cb825855 100644 --- a/src/tests/Feature/Controller/SignupTest.php +++ b/src/tests/Feature/Controller/SignupTest.php @@ -1,1192 +1,1189 @@ domain = $this->getPublicDomain(); $this->deleteTestUser("SignupControllerTest1@$this->domain"); $this->deleteTestUser("signuplogin@$this->domain"); $this->deleteTestUser("admin@external.com"); $this->deleteTestUser("test-inv@kolabnow.com"); $this->deleteTestDomain('external.com'); $this->deleteTestDomain('signup-domain.com'); $this->deleteTestGroup('group-test@kolabnow.com'); + SI::truncate(); + SignupToken::truncate(); Plan::where('title', 'test')->delete(); IP4Net::where('net_number', inet_pton('127.0.0.0'))->delete(); VatRate::query()->delete(); } /** * {@inheritDoc} */ public function tearDown(): void { $this->deleteTestUser("SignupControllerTest1@$this->domain"); $this->deleteTestUser("signuplogin@$this->domain"); $this->deleteTestUser("admin@external.com"); $this->deleteTestUser("test-inv@kolabnow.com"); $this->deleteTestDomain('external.com'); $this->deleteTestDomain('signup-domain.com'); $this->deleteTestGroup('group-test@kolabnow.com'); + SI::truncate(); + SignupToken::truncate(); Plan::where('title', 'test')->delete(); IP4Net::where('net_number', inet_pton('127.0.0.0'))->delete(); VatRate::query()->delete(); - @unlink(storage_path('signup-tokens.txt')); - parent::tearDown(); } /** * Return a public domain for signup tests */ private function getPublicDomain(): string { if (!$this->domain) { $this->refreshApplication(); $public_domains = Domain::getPublicDomains(); $this->domain = reset($public_domains); if (empty($this->domain)) { $this->domain = 'signup-domain.com'; Domain::create([ 'namespace' => $this->domain, 'status' => Domain::STATUS_ACTIVE, 'type' => Domain::TYPE_PUBLIC, ]); } } return $this->domain; } /** * Test fetching public domains for signup */ public function testSignupDomains(): void { $response = $this->get('/api/auth/signup/domains'); $json = $response->json(); $response->assertStatus(200); $this->assertCount(2, $json); $this->assertSame('success', $json['status']); $this->assertSame(Domain::getPublicDomains(), $json['domains']); } /** * Test fetching plans for signup */ public function testSignupPlans(): void { $individual = Plan::withEnvTenantContext()->where('title', 'individual')->first(); $group = Plan::withEnvTenantContext()->where('title', 'group')->first(); $hidden = Plan::create([ 'title' => 'test', 'name' => 'Test Account', 'description' => 'Test', 'hidden' => true, 'mode' => Plan::MODE_MANDATE, ]); $response = $this->get('/api/auth/signup/plans'); $json = $response->json(); $response->assertStatus(200); $this->assertSame('success', $json['status']); $this->assertCount(2, $json['plans']); $this->assertSame($individual->title, $json['plans'][0]['title']); $this->assertSame($individual->name, $json['plans'][0]['name']); $this->assertSame($individual->description, $json['plans'][0]['description']); $this->assertFalse($json['plans'][0]['isDomain']); $this->assertArrayHasKey('button', $json['plans'][0]); $this->assertSame($group->title, $json['plans'][1]['title']); $this->assertSame($group->name, $json['plans'][1]['name']); $this->assertSame($group->description, $json['plans'][1]['description']); $this->assertTrue($json['plans'][1]['isDomain']); $this->assertArrayHasKey('button', $json['plans'][1]); } /** * Test fetching invitation */ public function testSignupInvitations(): void { Queue::fake(); $invitation = SI::create(['email' => 'email1@ext.com']); // Test existing invitation $response = $this->get("/api/auth/signup/invitations/{$invitation->id}"); $response->assertStatus(200); $json = $response->json(); $this->assertSame($invitation->id, $json['id']); // Test non-existing invitation $response = $this->get("/api/auth/signup/invitations/abc"); $response->assertStatus(404); // Test completed invitation SI::where('id', $invitation->id)->update(['status' => SI::STATUS_COMPLETED]); $response = $this->get("/api/auth/signup/invitations/{$invitation->id}"); $response->assertStatus(404); } /** * Test signup initialization with invalid input */ public function testSignupInitInvalidInput(): void { // Empty input data $data = []; $response = $this->post('/api/auth/signup/init', $data); $json = $response->json(); $response->assertStatus(422); $this->assertSame('error', $json['status']); $this->assertCount(1, $json['errors']); $this->assertArrayHasKey('email', $json['errors']); // Data with missing name $data = [ 'email' => 'UsersApiControllerTest1@UsersApiControllerTest.com', 'first_name' => str_repeat('a', 250), 'last_name' => str_repeat('a', 250), ]; $response = $this->post('/api/auth/signup/init', $data); $json = $response->json(); $response->assertStatus(422); $this->assertSame('error', $json['status']); $this->assertCount(2, $json['errors']); $this->assertArrayHasKey('first_name', $json['errors']); $this->assertArrayHasKey('last_name', $json['errors']); // Data with invalid email (but not phone number) $data = [ 'email' => '@example.org', 'first_name' => 'Signup', 'last_name' => 'User', ]; $response = $this->post('/api/auth/signup/init', $data); $json = $response->json(); $response->assertStatus(422); $this->assertSame('error', $json['status']); $this->assertCount(1, $json['errors']); $this->assertArrayHasKey('email', $json['errors']); // Sanity check on voucher code, last/first name is optional $data = [ 'voucher' => '123456789012345678901234567890123', 'email' => 'valid@email.com', ]; $response = $this->post('/api/auth/signup/init', $data); $json = $response->json(); $response->assertStatus(422); $this->assertSame('error', $json['status']); $this->assertCount(1, $json['errors']); $this->assertArrayHasKey('voucher', $json['errors']); // Email address too long $data = [ 'email' => str_repeat('a', 190) . '@example.org', 'first_name' => 'Signup', 'last_name' => 'User', ]; $response = $this->post('/api/auth/signup/init', $data); $json = $response->json(); $response->assertStatus(422); $this->assertSame('error', $json['status']); $this->assertCount(1, $json['errors']); $this->assertSame(["The specified email address is invalid."], $json['errors']['email']); SignupCode::truncate(); // Email address limit check $data = [ 'email' => 'test@example.org', 'first_name' => 'Signup', 'last_name' => 'User', ]; \config(['app.signup.email_limit' => 0]); $response = $this->post('/api/auth/signup/init', $data); $json = $response->json(); $response->assertStatus(200); \config(['app.signup.email_limit' => 1]); $response = $this->post('/api/auth/signup/init', $data); $json = $response->json(); $response->assertStatus(422); $this->assertSame('error', $json['status']); $this->assertCount(1, $json['errors']); // TODO: This probably should be a different message? $this->assertSame(["The specified email address is invalid."], $json['errors']['email']); // IP address limit check $data = [ 'email' => 'ip@example.org', 'first_name' => 'Signup', 'last_name' => 'User', ]; \config(['app.signup.email_limit' => 0]); \config(['app.signup.ip_limit' => 0]); $response = $this->post('/api/auth/signup/init', $data, ['REMOTE_ADDR' => '10.1.1.1']); $json = $response->json(); $response->assertStatus(200); \config(['app.signup.ip_limit' => 1]); $response = $this->post('/api/auth/signup/init', $data, ['REMOTE_ADDR' => '10.1.1.1']); $json = $response->json(); $response->assertStatus(422); $this->assertSame('error', $json['status']); $this->assertCount(1, $json['errors']); // TODO: This probably should be a different message? $this->assertSame(["The specified email address is invalid."], $json['errors']['email']); // TODO: Test phone validation } /** * Test signup initialization with valid input */ public function testSignupInitValidInput(): array { Queue::fake(); // Assert that no jobs were pushed... Queue::assertNothingPushed(); $data = [ 'email' => 'testuser@external.com', 'first_name' => 'Signup', 'last_name' => 'User', 'plan' => 'individual', ]; $response = $this->post('/api/auth/signup/init', $data, ['REMOTE_ADDR' => '10.1.1.2']); $json = $response->json(); $response->assertStatus(200); $this->assertCount(3, $json); $this->assertSame('success', $json['status']); $this->assertSame('email', $json['mode']); $this->assertNotEmpty($json['code']); $code = SignupCode::find($json['code']); $this->assertSame('10.1.1.2', $code->ip_address); $this->assertSame(null, $code->verify_ip_address); $this->assertSame(null, $code->submit_ip_address); // Assert the email sending job was pushed once Queue::assertPushed(\App\Jobs\SignupVerificationEmail::class, 1); // Assert the job has proper data assigned Queue::assertPushed(\App\Jobs\SignupVerificationEmail::class, function ($job) use ($data, $json) { $code = TestCase::getObjectProperty($job, 'code'); return $code->code === $json['code'] && $code->plan === $data['plan'] && $code->email === $data['email'] && $code->first_name === $data['first_name'] && $code->last_name === $data['last_name']; }); // Try the same with voucher $data['voucher'] = 'TEST'; $response = $this->post('/api/auth/signup/init', $data); $json = $response->json(); $response->assertStatus(200); $this->assertCount(3, $json); $this->assertSame('success', $json['status']); $this->assertSame('email', $json['mode']); $this->assertNotEmpty($json['code']); // Assert the job has proper data assigned Queue::assertPushed(\App\Jobs\SignupVerificationEmail::class, function ($job) use ($data, $json) { $code = TestCase::getObjectProperty($job, 'code'); return $code->code === $json['code'] && $code->plan === $data['plan'] && $code->email === $data['email'] && $code->voucher === $data['voucher'] && $code->first_name === $data['first_name'] && $code->last_name === $data['last_name']; }); return [ 'code' => $json['code'], 'email' => $data['email'], 'first_name' => $data['first_name'], 'last_name' => $data['last_name'], 'plan' => $data['plan'], 'voucher' => $data['voucher'] ]; } /** * Test signup code verification with invalid input * * @depends testSignupInitValidInput */ public function testSignupVerifyInvalidInput(array $result): void { // Empty data $data = []; $response = $this->post('/api/auth/signup/verify', $data); $json = $response->json(); $response->assertStatus(422); $this->assertSame('error', $json['status']); $this->assertCount(2, $json['errors']); $this->assertArrayHasKey('code', $json['errors']); $this->assertArrayHasKey('short_code', $json['errors']); // Data with existing code but missing short_code $data = [ 'code' => $result['code'], ]; $response = $this->post('/api/auth/signup/verify', $data); $json = $response->json(); $response->assertStatus(422); $this->assertSame('error', $json['status']); $this->assertCount(1, $json['errors']); $this->assertArrayHasKey('short_code', $json['errors']); // Data with invalid short_code $data = [ 'code' => $result['code'], 'short_code' => 'XXXX', ]; $response = $this->post('/api/auth/signup/verify', $data); $json = $response->json(); $response->assertStatus(422); $this->assertSame('error', $json['status']); $this->assertCount(1, $json['errors']); $this->assertArrayHasKey('short_code', $json['errors']); // TODO: Test expired code } /** * Test signup code verification with valid input * * @depends testSignupInitValidInput */ public function testSignupVerifyValidInput(array $result): array { $code = SignupCode::find($result['code']); $code->ip_address = '10.1.1.2'; $code->save(); $data = [ 'code' => $code->code, 'short_code' => $code->short_code, ]; $response = $this->post('/api/auth/signup/verify', $data, ['REMOTE_ADDR' => '10.1.1.3']); $json = $response->json(); $response->assertStatus(200); $this->assertCount(7, $json); $this->assertSame('success', $json['status']); $this->assertSame($result['email'], $json['email']); $this->assertSame($result['first_name'], $json['first_name']); $this->assertSame($result['last_name'], $json['last_name']); $this->assertSame($result['voucher'], $json['voucher']); $this->assertSame(false, $json['is_domain']); $this->assertTrue(is_array($json['domains']) && !empty($json['domains'])); $code->refresh(); $this->assertSame('10.1.1.2', $code->ip_address); $this->assertSame('10.1.1.3', $code->verify_ip_address); $this->assertSame(null, $code->submit_ip_address); return $result; } /** * Test last signup step with invalid input * * @depends testSignupVerifyValidInput */ public function testSignupInvalidInput(array $result): void { // Empty data $data = []; $response = $this->post('/api/auth/signup', $data); $json = $response->json(); $response->assertStatus(422); $this->assertSame('error', $json['status']); $this->assertCount(3, $json['errors']); $this->assertArrayHasKey('login', $json['errors']); $this->assertArrayHasKey('password', $json['errors']); $this->assertArrayHasKey('domain', $json['errors']); $domain = $this->getPublicDomain(); // Passwords do not match and missing domain $data = [ 'login' => 'test', 'password' => 'test', 'password_confirmation' => 'test2', ]; $response = $this->post('/api/auth/signup', $data); $json = $response->json(); $response->assertStatus(422); $this->assertSame('error', $json['status']); $this->assertCount(2, $json['errors']); $this->assertArrayHasKey('password', $json['errors']); $this->assertArrayHasKey('domain', $json['errors']); $domain = $this->getPublicDomain(); // Login too short, password too short $data = [ 'login' => '1', 'domain' => $domain, 'password' => 'test', 'password_confirmation' => 'test', ]; $response = $this->post('/api/auth/signup', $data); $json = $response->json(); $response->assertStatus(422); $this->assertSame('error', $json['status']); $this->assertCount(2, $json['errors']); $this->assertArrayHasKey('login', $json['errors']); $this->assertArrayHasKey('password', $json['errors']); // Missing codes $data = [ 'login' => 'login-valid', 'domain' => $domain, 'password' => 'testtest', 'password_confirmation' => 'testtest', ]; $response = $this->post('/api/auth/signup', $data); $json = $response->json(); $response->assertStatus(422); $this->assertSame('error', $json['status']); $this->assertCount(2, $json['errors']); $this->assertArrayHasKey('code', $json['errors']); $this->assertArrayHasKey('short_code', $json['errors']); // Data with invalid short_code $data = [ 'login' => 'TestLogin', 'domain' => $domain, 'password' => 'testtest', 'password_confirmation' => 'testtest', 'code' => $result['code'], 'short_code' => 'XXXX', ]; $response = $this->post('/api/auth/signup', $data); $json = $response->json(); $response->assertStatus(422); $this->assertSame('error', $json['status']); $this->assertCount(1, $json['errors']); $this->assertArrayHasKey('short_code', $json['errors']); $code = SignupCode::find($result['code']); // Data with invalid voucher $data = [ 'login' => 'TestLogin', 'domain' => $domain, 'password' => 'testtest', 'password_confirmation' => 'testtest', 'code' => $result['code'], 'short_code' => $code->short_code, 'voucher' => 'XXX', ]; $response = $this->post('/api/auth/signup', $data); $json = $response->json(); $response->assertStatus(422); $this->assertSame('error', $json['status']); $this->assertCount(1, $json['errors']); $this->assertArrayHasKey('voucher', $json['errors']); // Valid code, invalid login $data = [ 'login' => 'żżżżżż', 'domain' => $domain, 'password' => 'testtest', 'password_confirmation' => 'testtest', 'code' => $result['code'], 'short_code' => $code->short_code, ]; $response = $this->post('/api/auth/signup', $data); $json = $response->json(); $response->assertStatus(422); $this->assertSame('error', $json['status']); $this->assertCount(1, $json['errors']); $this->assertArrayHasKey('login', $json['errors']); } /** * Test last signup step with valid input (user creation) * * @depends testSignupVerifyValidInput */ public function testSignupValidInput(array $result): void { $queue = Queue::fake(); $domain = $this->getPublicDomain(); $identity = \strtolower('SignupLogin@') . $domain; $code = SignupCode::find($result['code']); $code->ip_address = '10.1.1.2'; $code->verify_ip_address = '10.1.1.3'; $code->save(); $data = [ 'login' => 'SignupLogin', 'domain' => $domain, 'password' => 'testtest', 'password_confirmation' => 'testtest', 'code' => $code->code, 'short_code' => $code->short_code, 'voucher' => 'TEST', ]; $response = $this->post('/api/auth/signup', $data, ['REMOTE_ADDR' => '10.1.1.4']); $json = $response->json(); $response->assertStatus(200); $this->assertSame('success', $json['status']); $this->assertSame('bearer', $json['token_type']); $this->assertTrue(!empty($json['expires_in']) && is_int($json['expires_in']) && $json['expires_in'] > 0); $this->assertNotEmpty($json['access_token']); $this->assertSame($identity, $json['email']); Queue::assertPushed(\App\Jobs\User\CreateJob::class, 1); Queue::assertPushed( \App\Jobs\User\CreateJob::class, function ($job) use ($data) { $userEmail = TestCase::getObjectProperty($job, 'userEmail'); return $userEmail === \strtolower($data['login'] . '@' . $data['domain']); } ); $code->refresh(); // Check if the user has been created $user = User::where('email', $identity)->first(); $this->assertNotEmpty($user); $this->assertSame($identity, $user->email); $this->assertTrue($user->isRestricted()); // Check if the code has been updated and soft-deleted $this->assertTrue($code->trashed()); $this->assertSame('10.1.1.2', $code->ip_address); $this->assertSame('10.1.1.3', $code->verify_ip_address); $this->assertSame('10.1.1.4', $code->submit_ip_address); $this->assertSame($user->id, $code->user_id); // Check user settings $this->assertSame($result['first_name'], $user->getSetting('first_name')); $this->assertSame($result['last_name'], $user->getSetting('last_name')); $this->assertSame($result['email'], $user->getSetting('external_email')); // Discount $discount = Discount::where('code', 'TEST')->first(); $this->assertSame($discount->id, $user->wallets()->first()->discount_id); // TODO: Check SKUs/Plan // TODO: Check if the access token works } /** * Test signup for a group (custom domain) account */ public function testSignupGroupAccount(): void { Queue::fake(); // Initial signup request $user_data = $data = [ 'email' => 'testuser@external.com', 'first_name' => 'Signup', 'last_name' => 'User', 'plan' => 'group', ]; $response = $this->withoutMiddleware()->post('/api/auth/signup/init', $data); $json = $response->json(); $response->assertStatus(200); $this->assertCount(3, $json); $this->assertSame('success', $json['status']); $this->assertSame('email', $json['mode']); $this->assertNotEmpty($json['code']); // Assert the email sending job was pushed once Queue::assertPushed(\App\Jobs\SignupVerificationEmail::class, 1); // Assert the job has proper data assigned Queue::assertPushed(\App\Jobs\SignupVerificationEmail::class, function ($job) use ($data, $json) { $code = TestCase::getObjectProperty($job, 'code'); return $code->code === $json['code'] && $code->plan === $data['plan'] && $code->email === $data['email'] && $code->first_name === $data['first_name'] && $code->last_name === $data['last_name']; }); // Verify the code $code = SignupCode::find($json['code']); $data = [ 'code' => $code->code, 'short_code' => $code->short_code, ]; $response = $this->post('/api/auth/signup/verify', $data); $result = $response->json(); $response->assertStatus(200); $this->assertCount(7, $result); $this->assertSame('success', $result['status']); $this->assertSame($user_data['email'], $result['email']); $this->assertSame($user_data['first_name'], $result['first_name']); $this->assertSame($user_data['last_name'], $result['last_name']); $this->assertSame(null, $result['voucher']); $this->assertSame(true, $result['is_domain']); $this->assertSame([], $result['domains']); // Final signup request $login = 'admin'; $domain = 'external.com'; $data = [ 'login' => $login, 'domain' => $domain, 'password' => 'testtest', 'password_confirmation' => 'testtest', 'code' => $code->code, 'short_code' => $code->short_code, ]; $response = $this->post('/api/auth/signup', $data); $result = $response->json(); $response->assertStatus(200); $this->assertSame('success', $result['status']); $this->assertSame('bearer', $result['token_type']); $this->assertTrue(!empty($result['expires_in']) && is_int($result['expires_in']) && $result['expires_in'] > 0); $this->assertNotEmpty($result['access_token']); $this->assertSame("$login@$domain", $result['email']); Queue::assertPushed(\App\Jobs\Domain\CreateJob::class, 1); Queue::assertPushed( \App\Jobs\Domain\CreateJob::class, function ($job) use ($domain) { $domainNamespace = TestCase::getObjectProperty($job, 'domainNamespace'); return $domainNamespace === $domain; } ); Queue::assertPushed(\App\Jobs\User\CreateJob::class, 1); Queue::assertPushed( \App\Jobs\User\CreateJob::class, function ($job) use ($data) { $userEmail = TestCase::getObjectProperty($job, 'userEmail'); return $userEmail === $data['login'] . '@' . $data['domain']; } ); // Check if the code has been removed $code->refresh(); $this->assertTrue($code->trashed()); // Check if the user has been created $user = User::where('email', $login . '@' . $domain)->first(); $this->assertNotEmpty($user); $this->assertTrue($user->isRestricted()); // Check user settings $this->assertSame($user_data['email'], $user->getSetting('external_email')); $this->assertSame($user_data['first_name'], $user->getSetting('first_name')); $this->assertSame($user_data['last_name'], $user->getSetting('last_name')); // TODO: Check domain record // TODO: Check SKUs/Plan // TODO: Check if the access token works } /** * Test signup with mode=mandate * * @group mollie */ public function testSignupMandateMode(): void { Queue::fake(); \config(['services.payment_provider' => 'mollie']); $plan = Plan::create([ 'title' => 'test', 'name' => 'Test Account', 'description' => 'Test', 'free_months' => 1, 'discount_qty' => 0, 'discount_rate' => 0, 'mode' => Plan::MODE_MANDATE, ]); $packages = [ Package::where(['title' => 'kolab', 'tenant_id' => \config('app.tenant_id')])->first() ]; $plan->packages()->saveMany($packages); $post = [ 'plan' => 'abc', 'login' => 'test-inv', 'domain' => 'kolabnow.com', 'password' => 'testtest', 'password_confirmation' => 'testtest', ]; // Test invalid plan identifier $response = $this->post('/api/auth/signup', $post); $response->assertStatus(422); $json = $response->json(); $this->assertSame('error', $json['status']); $this->assertCount(1, $json['errors']); $this->assertSame("The selected plan is invalid.", $json['errors']['plan']); // Test valid input $post['plan'] = $plan->title; $response = $this->post('/api/auth/signup', $post); $json = $response->json(); $response->assertStatus(200); $this->assertSame('success', $json['status']); $this->assertNotEmpty($json['access_token']); $this->assertSame('test-inv@kolabnow.com', $json['email']); $this->assertTrue($json['isLocked']); $user = User::where('email', 'test-inv@kolabnow.com')->first(); $this->assertNotEmpty($user); $this->assertSame($plan->id, $user->getSetting('plan_id')); $this->assertSame('You are choosing a monthly subscription.', $json['checkout']['title']); $this->assertTrue(!empty($json['checkout']['id'])); } /** * Test signup via invitation */ public function testSignupInvitation(): void { Queue::fake(); $invitation = SI::create(['email' => 'email1@ext.com']); $post = [ 'invitation' => 'abc', 'first_name' => 'Signup', 'last_name' => 'User', 'login' => 'test-inv', 'domain' => 'kolabnow.com', 'password' => 'testtest', 'password_confirmation' => 'testtest', ]; // Test invalid invitation identifier $response = $this->post('/api/auth/signup', $post); $response->assertStatus(404); // Test valid input $post['invitation'] = $invitation->id; $response = $this->post('/api/auth/signup', $post); $result = $response->json(); $response->assertStatus(200); $this->assertSame('success', $result['status']); $this->assertSame('bearer', $result['token_type']); $this->assertTrue(!empty($result['expires_in']) && is_int($result['expires_in']) && $result['expires_in'] > 0); $this->assertNotEmpty($result['access_token']); $this->assertSame('test-inv@kolabnow.com', $result['email']); // Check if the user has been created $user = User::where('email', 'test-inv@kolabnow.com')->first(); $this->assertNotEmpty($user); // Check user settings $this->assertSame($invitation->email, $user->getSetting('external_email')); $this->assertSame($post['first_name'], $user->getSetting('first_name')); $this->assertSame($post['last_name'], $user->getSetting('last_name')); $invitation->refresh(); $this->assertSame($user->id, $invitation->user_id); $this->assertTrue($invitation->isCompleted()); // TODO: Test POST params validation } /** * Test signup via token */ public function testSignupToken(): void { Queue::fake(); $plan = Plan::create([ 'title' => 'test', 'name' => 'Test Account', 'description' => 'Test', 'free_months' => 1, 'discount_qty' => 0, 'discount_rate' => 0, 'mode' => Plan::MODE_TOKEN, ]); $post = [ 'plan' => $plan->title, 'token' => 'abc', 'login' => 'test-inv', 'domain' => 'kolabnow.com', 'password' => 'testtest', 'password_confirmation' => 'testtest', ]; // Test invalid token $response = $this->post('/api/auth/signup', $post); $response->assertStatus(422); $json = $response->json(); $this->assertSame('error', $json['status']); $this->assertSame(['token' => ["The signup token is invalid."]], $json['errors']); - file_put_contents(storage_path('signup-tokens.txt'), "abc\n"); - - // Test invalid plan (existing plan with another mode) - $post['plan'] = 'individual'; - $response = $this->post('/api/auth/signup', $post); - $response->assertStatus(422); - $json = $response->json(); - - $this->assertSame('error', $json['status']); - $this->assertSame(['plan' => "The selected plan is invalid."], $json['errors']); - - // Test valid input + // Test valid token + $plan->signupTokens()->create(['id' => 'abc']); $post['plan'] = $plan->title; $response = $this->post('/api/auth/signup', $post); $response->assertStatus(200); $json = $response->json(); $this->assertSame('success', $json['status']); $this->assertSame('test-inv@kolabnow.com', $json['email']); // Check if the user has been created $user = User::where('email', 'test-inv@kolabnow.com')->first(); - $this->assertNotEmpty($user); $this->assertSame($plan->id, $user->getSetting('plan_id')); + $this->assertSame($plan->signupTokens()->first()->id, $user->getSetting('signup_token')); + $this->assertSame(null, $user->getSetting('external_email')); + + // Token's counter bumped up + $this->assertSame(1, $plan->signupTokens()->first()->counter); } /** * Test signup validation (POST /signup/validate) */ public function testSignupValidate(): void { Queue::fake(); $plan = Plan::create([ 'title' => 'test', 'name' => 'Test Account', 'description' => 'Test', 'free_months' => 1, 'months' => 12, 'discount_qty' => 0, 'discount_rate' => 0, 'mode' => Plan::MODE_MANDATE, ]); $packages = [ Package::where(['title' => 'kolab', 'tenant_id' => \config('app.tenant_id')])->first() ]; $plan->packages()->saveMany($packages); $post = [ 'login' => 'i', 'password' => 'testtest', 'password_confirmation' => 'testtest1', 'voucher' => str_repeat('a', 33), ]; // Test basic input validation $response = $this->post('/api/auth/signup/validate', $post); $response->assertStatus(422); $json = $response->json(); $this->assertSame('error', $json['status']); $this->assertCount(4, $json['errors']); $this->assertSame(["The login must be at least 2 characters."], $json['errors']['login']); $this->assertSame(["The password confirmation does not match."], $json['errors']['password']); $this->assertSame(["The domain field is required."], $json['errors']['domain']); $this->assertSame(["The voucher may not be greater than 32 characters."], $json['errors']['voucher']); // Test with mode=mandate plan, but invalid voucher code $post = [ 'login' => 'test-inv', 'domain' => 'kolabnow.com', 'password' => 'testtest', 'password_confirmation' => 'testtest', 'plan' => $plan->title, 'voucher' => 'non-existing', ]; $response = $this->post('/api/auth/signup/validate', $post); $response->assertStatus(422); $json = $response->json(); $this->assertSame('error', $json['status']); $this->assertCount(1, $json['errors']); $this->assertSame("The voucher code is invalid or expired.", $json['errors']['voucher']); // Prepare VAT rate and network entries, so we can test the VAT related output VatRate::create([ 'country' => 'CH', 'rate' => 7.7, 'start' => now()->copy()->subDay(), ]); IP4Net::create([ 'net_number' => '127.0.0.0', 'net_broadcast' => '127.255.255.255', 'net_mask' => 8, 'country' => 'CH', 'rir_name' => 'test', 'serial' => 1, ]); // Test with mode=mandate plan, and valid voucher code $post['voucher'] = 'TEST'; $headers = ['X-Client-IP' => '127.0.0.2']; $response = $this->withHeaders($headers)->post('/api/auth/signup/validate', $post); $response->assertStatus(200); $json = $response->json(); $this->assertSame('success', $json['status']); $this->assertTrue(empty($json['id'])); $this->assertTrue(!empty($json['content'])); $this->assertSame('You are choosing a yearly subscription.', $json['title']); $this->assertSame( '' . '' . '' . '' . '' . '' . '
Yearly subscription118,80 CHF
Discount: TEST-11,88 CHF
Total106,92 CHF
*Incl. VAT 8,23 CHF (7,7 % of 98,69 CHF)
', $json['summary'] ); // TODO: Test other plan modes } /** * List of login/domain validation cases for testValidateLogin() * * @return array Arguments for testValidateLogin() */ public function dataValidateLogin(): array { $domain = $this->getPublicDomain(); return [ // Individual account ['', $domain, false, ['login' => 'The login field is required.']], ['test123456', 'localhost', false, ['domain' => 'The specified domain is invalid.']], ['test123456', 'unknown-domain.org', false, ['domain' => 'The specified domain is invalid.']], ['test.test', $domain, false, null], ['test_test', $domain, false, null], ['test-test', $domain, false, null], ['admin', $domain, false, ['login' => 'The specified login is not available.']], ['administrator', $domain, false, ['login' => 'The specified login is not available.']], ['sales', $domain, false, ['login' => 'The specified login is not available.']], ['root', $domain, false, ['login' => 'The specified login is not available.']], // Domain account ['admin', 'kolabsys.com', true, null], ['testnonsystemdomain', 'invalid', true, ['domain' => 'The specified domain is invalid.']], ['testnonsystemdomain', '.com', true, ['domain' => 'The specified domain is invalid.']], ]; } /** * Signup login/domain validation. * * Note: Technically these include unit tests, but let's keep it here for now. * FIXME: Shall we do a http request for each case? * * @dataProvider dataValidateLogin */ public function testValidateLogin($login, $domain, $external, $expected_result): void { $result = $this->invokeMethod(new SignupController(), 'validateLogin', [$login, $domain, $external]); $this->assertSame($expected_result, $result); } /** * Signup login/domain validation, more cases */ public function testValidateLoginMore(): void { Queue::fake(); // Test registering for an email of an existing group $login = 'group-test'; $domain = 'kolabnow.com'; $group = $this->getTestGroup("{$login}@{$domain}"); $external = false; $result = $this->invokeMethod(new SignupController(), 'validateLogin', [$login, $domain, $external]); $this->assertSame(['login' => 'The specified login is not available.'], $result); // Test registering for an email of an existing, but soft-deleted group $group->delete(); $result = $this->invokeMethod(new SignupController(), 'validateLogin', [$login, $domain, $external]); $this->assertSame(['login' => 'The specified login is not available.'], $result); // Test registering for an email of an existing user $domain = $this->getPublicDomain(); $login = 'signuplogin'; $user = $this->getTestUser("{$login}@{$domain}"); $external = false; $result = $this->invokeMethod(new SignupController(), 'validateLogin', [$login, $domain, $external]); $this->assertSame(['login' => 'The specified login is not available.'], $result); // Test registering for an email of an existing, but soft-deleted user $user->delete(); $result = $this->invokeMethod(new SignupController(), 'validateLogin', [$login, $domain, $external]); $this->assertSame(['login' => 'The specified login is not available.'], $result); // Test registering for a domain that exists $external = true; $domain = $this->getTestDomain( 'external.com', ['status' => Domain::STATUS_NEW, 'type' => Domain::TYPE_EXTERNAL] ); $result = $this->invokeMethod(new SignupController(), 'validateLogin', [$login, $domain->namespace, $external]); $this->assertSame(['domain' => 'The specified domain is not available.'], $result); // Test registering for a domain that exists but is soft-deleted $domain->delete(); $result = $this->invokeMethod(new SignupController(), 'validateLogin', [$login, $domain->namespace, $external]); $this->assertSame(['domain' => 'The specified domain is not available.'], $result); } } diff --git a/src/tests/Unit/Rules/SignupTokenTest.php b/src/tests/Unit/Rules/SignupTokenTest.php index f48fb946..b4cd19b0 100644 --- a/src/tests/Unit/Rules/SignupTokenTest.php +++ b/src/tests/Unit/Rules/SignupTokenTest.php @@ -1,60 +1,87 @@ getTestUser('john@kolab.org'); - $john->settings()->where('key', 'signup_token')->delete(); + Plan::where('title', 'test-plan')->delete(); + SignupToken::truncate(); + } + + /** + * {@inheritDoc} + */ + public function tearDown(): void + { + Plan::where('title', 'test-plan')->delete(); + SignupToken::truncate(); parent::tearDown(); } /** - * Tests the resource name validator + * Tests the signup token validator */ public function testValidation(): void { - $tokens = ['1234567890', 'abcdefghijk']; - file_put_contents(storage_path('signup-tokens.txt'), implode("\n", $tokens)); + $tokens = ['abcdefghijk', 'T-abcdefghijk']; + + $plan = Plan::where('title', 'individual')->first(); + $tokenPlan = Plan::create([ + 'title' => 'test-plan', + 'description' => 'test', + 'name' => 'Test', + 'mode' => Plan::MODE_TOKEN, + ]); - $rules = ['token' => [new SignupToken()]]; + $plan->signupTokens()->create(['id' => $tokens[0]]); + $tokenPlan->signupTokens()->create(['id' => $tokens[1]]); + + $rules = ['token' => [new SignupTokenRule(null)]]; // Empty input $v = Validator::make(['token' => null], $rules); $this->assertSame(['token' => ["The signup token is invalid."]], $v->errors()->toArray()); // Length limit $v = Validator::make(['token' => str_repeat('a', 192)], $rules); $this->assertSame(['token' => ["The signup token is invalid."]], $v->errors()->toArray()); + // Valid token, but no plan + $v = Validator::make(['token' => $tokens[1]], $rules); + $this->assertSame(['token' => ["The signup token is invalid."]], $v->errors()->toArray()); + + $rules = ['token' => [new SignupTokenRule($plan)]]; + + // Plan that does not support tokens + $v = Validator::make(['token' => $tokens[0]], $rules); + $this->assertSame(['token' => ["The signup token is invalid."]], $v->errors()->toArray()); + + $rules = ['token' => [new SignupTokenRule($tokenPlan)]]; + // Non-existing token $v = Validator::make(['token' => '123'], $rules); $this->assertSame(['token' => ["The signup token is invalid."]], $v->errors()->toArray()); - // Valid tokens - $v = Validator::make(['token' => $tokens[0]], $rules); + // Valid token + $v = Validator::make(['token' => $tokens[1]], $rules); $this->assertSame([], $v->errors()->toArray()); + // Valid token (uppercase) $v = Validator::make(['token' => strtoupper($tokens[1])], $rules); $this->assertSame([], $v->errors()->toArray()); - - // Tokens already used - $john = $this->getTestUser('john@kolab.org'); - $john->setSetting('signup_token', $tokens[0]); - - $v = Validator::make(['token' => $tokens[0]], $rules); - $this->assertSame(['token' => ["The signup token is invalid."]], $v->errors()->toArray()); } }