Differential D1000 Diff 2548 src/tests/Feature/Controller/UsersTest.php

Changeset View

Standalone View

src/tests/Feature/Controller/UsersTest.php

<?php		<?php

namespace Tests\Feature\Controller;		namespace Tests\Feature\Controller;

use App\Http\Controllers\API\UsersController;
use App\Domain;		use App\Domain;
		use App\Http\Controllers\API\UsersController;
use App\User;		use App\User;
use Illuminate\Support\Facades\Queue;		use Illuminate\Support\Facades\Queue;
use Illuminate\Support\Str;		use Illuminate\Support\Str;
use Tests\TestCase;		use Tests\TestCase;

class UsersTest extends TestCase		class UsersTest extends TestCase
{		{
/**		/**
* {@inheritDoc}		* {@inheritDoc}
*/		*/
public function setUp(): void		public function setUp(): void
{		{
parent::setUp();		parent::setUp();

$this->deleteTestUser('UsersControllerTest1@userscontroller.com');		$this->deleteTestUser('UsersControllerTest1@userscontroller.com');
		$this->deleteTestUser('UsersControllerTest2@userscontroller.com');
		$this->deleteTestUser('UsersControllerTest3@userscontroller.com');
$this->deleteTestUser('UserEntitlement2A@UserEntitlement.com');		$this->deleteTestUser('UserEntitlement2A@UserEntitlement.com');
$this->deleteTestUser('john2.doe2@kolab.org');		$this->deleteTestUser('john2.doe2@kolab.org');
$this->deleteTestDomain('userscontroller.com');		$this->deleteTestDomain('userscontroller.com');
}		}

/**		/**
* {@inheritDoc}		* {@inheritDoc}
*/		*/
public function tearDown(): void		public function tearDown(): void
{		{
$this->deleteTestUser('UsersControllerTest1@userscontroller.com');		$this->deleteTestUser('UsersControllerTest1@userscontroller.com');
		$this->deleteTestUser('UsersControllerTest2@userscontroller.com');
		$this->deleteTestUser('UsersControllerTest3@userscontroller.com');
$this->deleteTestUser('UserEntitlement2A@UserEntitlement.com');		$this->deleteTestUser('UserEntitlement2A@UserEntitlement.com');
$this->deleteTestUser('john2.doe2@kolab.org');		$this->deleteTestUser('john2.doe2@kolab.org');
$this->deleteTestDomain('userscontroller.com');		$this->deleteTestDomain('userscontroller.com');

parent::tearDown();		parent::tearDown();
}		}

/**		/**
Show All 17 Lines	public function testInfo(): void
$this->assertEquals(User::STATUS_NEW, $json['status']);		$this->assertEquals(User::STATUS_NEW, $json['status']);
$this->assertTrue(is_array($json['statusInfo']));		$this->assertTrue(is_array($json['statusInfo']));
$this->assertTrue(is_array($json['settings']));		$this->assertTrue(is_array($json['settings']));
$this->assertTrue(is_array($json['aliases']));		$this->assertTrue(is_array($json['aliases']));

// Note: Details of the content are tested in testUserResponse()		// Note: Details of the content are tested in testUserResponse()
}		}

		/**
		* Test user deleting (DELETE /api/v4/users/<id>)
		*/
		public function testDestroy(): void
		{
		// First create some users/accounts to delete
		$package_kolab = \App\Package::where('title', 'kolab')->first();
		$package_domain = \App\Package::where('title', 'domain-hosting')->first();

		$john = $this->getTestUser('john@kolab.org');
		$user1 = $this->getTestUser('UsersControllerTest1@userscontroller.com');
		$user2 = $this->getTestUser('UsersControllerTest2@userscontroller.com');
		$user3 = $this->getTestUser('UsersControllerTest3@userscontroller.com');
		$domain = $this->getTestDomain('userscontroller.com', [
		'status' => Domain::STATUS_NEW,
		'type' => Domain::TYPE_PUBLIC,
		]);
		$user1->assignPackage($package_kolab);
		$domain->assignPackage($package_domain, $user1);
		$user1->assignPackage($package_kolab, $user2);
		$user1->assignPackage($package_kolab, $user3);

		// Test unauth access
		$response = $this->delete("api/v4/users/{$user2->id}");
		$response->assertStatus(401);

		// Test access to other user/account
		$response = $this->actingAs($john)->delete("api/v4/users/{$user2->id}");
		$response->assertStatus(403);
		$response = $this->actingAs($john)->delete("api/v4/users/{$user1->id}");
		$response->assertStatus(403);
		$json = $response->json();

		$this->assertSame('error', $json['status']);
		$this->assertSame("Access denied", $json['message']);
		$this->assertCount(2, $json);

		// Test that non-controller cannot remove himself
		$response = $this->actingAs($user3)->delete("api/v4/users/{$user3->id}");
		$response->assertStatus(403);

		// Test removing a non-controller user
		$response = $this->actingAs($user1)->delete("api/v4/users/{$user3->id}");
		$response->assertStatus(200);

		$json = $response->json();

		$this->assertEquals('success', $json['status']);
		$this->assertEquals('User deleted successfully.', $json['message']);

		// Test removing self (an account with users)
		$response = $this->actingAs($user1)->delete("api/v4/users/{$user1->id}");
		$response->assertStatus(200);

		$json = $response->json();

		$this->assertEquals('success', $json['status']);
		$this->assertEquals('User deleted successfully.', $json['message']);
		}

		/**
		* Test user deleting (DELETE /api/v4/users/<id>)
		*/
		public function testDestroyByController(): void
		{
		// Create an account with additional controller - $user2
		$package_kolab = \App\Package::where('title', 'kolab')->first();
		$package_domain = \App\Package::where('title', 'domain-hosting')->first();
		$user1 = $this->getTestUser('UsersControllerTest1@userscontroller.com');
		$user2 = $this->getTestUser('UsersControllerTest2@userscontroller.com');
		$user3 = $this->getTestUser('UsersControllerTest3@userscontroller.com');
		$domain = $this->getTestDomain('userscontroller.com', [
		'status' => Domain::STATUS_NEW,
		'type' => Domain::TYPE_PUBLIC,
		]);
		$user1->assignPackage($package_kolab);
		$domain->assignPackage($package_domain, $user1);
		$user1->assignPackage($package_kolab, $user2);
		$user1->assignPackage($package_kolab, $user3);
		$user1->wallets()->first()->addController($user2);

		// TODO/FIXME:
		// For now controller can delete himself, as well as
		// the whole account he has control to, including the owner
		// Probably he should not be able to do either of those
		// However, this is not 0-regression scenario as we
		// do not fully support additional controllers.

		//$response = $this->actingAs($user2)->delete("api/v4/users/{$user2->id}");
		//$response->assertStatus(403);

		$response = $this->actingAs($user2)->delete("api/v4/users/{$user3->id}");
		$response->assertStatus(200);

		$response = $this->actingAs($user2)->delete("api/v4/users/{$user1->id}");
		$response->assertStatus(200);

		// Note: More detailed assertions in testDestroy() above

		$this->assertTrue($user1->fresh()->trashed());
		$this->assertTrue($user2->fresh()->trashed());
		$this->assertTrue($user3->fresh()->trashed());
		}

		/**
		* Test user listing (GET /api/v4/users)
		*/
public function testIndex(): void		public function testIndex(): void
{		{
// TODO		// Test unauth access
$this->markTestIncomplete();		$response = $this->get("api/v4/users");
		$response->assertStatus(401);

		$jack = $this->getTestUser('jack@kolab.org');
		$john = $this->getTestUser('john@kolab.org');
		$ned = $this->getTestUser('ned@kolab.org');

		$response = $this->actingAs($jack)->get("/api/v4/users");
		$response->assertStatus(200);

		$json = $response->json();

		$this->assertCount(0, $json);

		$response = $this->actingAs($john)->get("/api/v4/users");
		$response->assertStatus(200);

		$json = $response->json();

		$this->assertCount(3, $json);
		$this->assertSame($jack->email, $json[0]['email']);
		$this->assertSame($john->email, $json[1]['email']);
		$this->assertSame($ned->email, $json[2]['email']);

		$response = $this->actingAs($ned)->get("/api/v4/users");
		$response->assertStatus(200);

		$json = $response->json();

		$this->assertCount(3, $json);
		$this->assertSame($jack->email, $json[0]['email']);
		$this->assertSame($john->email, $json[1]['email']);
		$this->assertSame($ned->email, $json[2]['email']);
}		}

/**		/**
* Test /api/auth/login		* Test /api/auth/login
*/		*/
public function testLogin(): string		public function testLogin(): string
{		{
// Request with no data		// Request with no data
▲ Show 20 Lines • Show All 46 Lines • ▼ Show 20 Lines	public function testLogout($token): void

// Request with valid token		// Request with valid token
$response = $this->withHeaders(['Authorization' => 'Bearer ' . $token])->post("api/auth/logout");		$response = $this->withHeaders(['Authorization' => 'Bearer ' . $token])->post("api/auth/logout");
$response->assertStatus(200);		$response->assertStatus(200);

$json = $response->json();		$json = $response->json();

$this->assertEquals('success', $json['status']);		$this->assertEquals('success', $json['status']);
$this->assertEquals('Successfully logged out', $json['message']);		$this->assertEquals('Successfully logged out.', $json['message']);

// Check if it really destroyed the token?		// Check if it really destroyed the token?
$response = $this->withHeaders(['Authorization' => 'Bearer ' . $token])->get("api/auth/info");		$response = $this->withHeaders(['Authorization' => 'Bearer ' . $token])->get("api/auth/info");
$response->assertStatus(401);		$response->assertStatus(401);
}		}

public function testRefresh(): void		public function testRefresh(): void
{		{
▲ Show 20 Lines • Show All 71 Lines • ▼ Show 20 Lines	class UsersTest extends TestCase
}		}

/**		/**
* Test user data response used in show and info actions		* Test user data response used in show and info actions
*/		*/
public function testUserResponse(): void		public function testUserResponse(): void
{		{
$user = $this->getTestUser('john@kolab.org');		$user = $this->getTestUser('john@kolab.org');
		$wallet = $user->wallets()->first();
$result = $this->invokeMethod(new UsersController(), 'userResponse', [$user]);		$result = $this->invokeMethod(new UsersController(), 'userResponse', [$user]);

$this->assertEquals($user->id, $result['id']);		$this->assertEquals($user->id, $result['id']);
$this->assertEquals($user->email, $result['email']);		$this->assertEquals($user->email, $result['email']);
$this->assertEquals($user->status, $result['status']);		$this->assertEquals($user->status, $result['status']);
$this->assertTrue(is_array($result['statusInfo']));		$this->assertTrue(is_array($result['statusInfo']));

$this->assertTrue(is_array($result['aliases']));		$this->assertTrue(is_array($result['aliases']));
$this->assertCount(1, $result['aliases']);		$this->assertCount(1, $result['aliases']);
$this->assertSame('john.doe@kolab.org', $result['aliases'][0]);		$this->assertSame('john.doe@kolab.org', $result['aliases'][0]);

$this->assertTrue(is_array($result['settings']));		$this->assertTrue(is_array($result['settings']));
$this->assertSame('US', $result['settings']['country']);		$this->assertSame('US', $result['settings']['country']);
$this->assertSame('USD', $result['settings']['currency']);		$this->assertSame('USD', $result['settings']['currency']);

		$this->assertTrue(is_array($result['accounts']));
		$this->assertTrue(is_array($result['wallets']));
		$this->assertCount(0, $result['accounts']);
		$this->assertCount(1, $result['wallets']);
		$this->assertSame($wallet->id, $result['wallet']['id']);

		$ned = $this->getTestUser('ned@kolab.org');
		$ned_wallet = $ned->wallets()->first();
		$result = $this->invokeMethod(new UsersController(), 'userResponse', [$ned]);

		$this->assertEquals($ned->id, $result['id']);
		$this->assertEquals($ned->email, $result['email']);
		$this->assertTrue(is_array($result['accounts']));
		$this->assertTrue(is_array($result['wallets']));
		$this->assertCount(1, $result['accounts']);
		$this->assertCount(1, $result['wallets']);
		$this->assertSame($wallet->id, $result['wallet']['id']);
		$this->assertSame($wallet->id, $result['accounts'][0]['id']);
		$this->assertSame($ned_wallet->id, $result['wallets'][0]['id']);
}		}

/**		/**
* Test fetching user data/profile (GET /api/v4/users/<user-id>)		* Test fetching user data/profile (GET /api/v4/users/<user-id>)
*/		*/
public function testShow(): void		public function testShow(): void
{		{
$userA = $this->getTestUser('UserEntitlement2A@UserEntitlement.com');		$userA = $this->getTestUser('UserEntitlement2A@UserEntitlement.com');

// Test getting profile of self		// Test getting profile of self
$response = $this->actingAs($userA, 'api')->get("/api/v4/users/{$userA->id}");		$response = $this->actingAs($userA, 'api')->get("/api/v4/users/{$userA->id}");

$json = $response->json();		$json = $response->json();

$response->assertStatus(200);		$response->assertStatus(200);
$this->assertEquals($userA->id, $json['id']);		$this->assertEquals($userA->id, $json['id']);
$this->assertEquals($userA->email, $json['email']);		$this->assertEquals($userA->email, $json['email']);
$this->assertTrue(is_array($json['statusInfo']));		$this->assertTrue(is_array($json['statusInfo']));
$this->assertTrue(is_array($json['settings']));		$this->assertTrue(is_array($json['settings']));
$this->assertTrue(is_array($json['aliases']));		$this->assertTrue(is_array($json['aliases']));

		$john = $this->getTestUser('john@kolab.org');
		$jack = $this->getTestUser('jack@kolab.org');
		$ned = $this->getTestUser('ned@kolab.org');

// Test unauthorized access to a profile of other user		// Test unauthorized access to a profile of other user
$user = $this->getTestUser('jack@kolab.org');		$response = $this->actingAs($jack)->get("/api/v4/users/{$userA->id}");
$response = $this->actingAs($user)->get("/api/v4/users/{$userA->id}");
$response->assertStatus(403);		$response->assertStatus(403);

// TODO: Test authorized access to a profile of other user		// Test authorized access to a profile of other user
$this->markTestIncomplete();		// Ned: Additional account controller
		$response = $this->actingAs($ned)->get("/api/v4/users/{$john->id}");
		$response->assertStatus(200);
		$response = $this->actingAs($ned)->get("/api/v4/users/{$jack->id}");
		$response->assertStatus(200);

		// John: Account owner
		$response = $this->actingAs($john)->get("/api/v4/users/{$jack->id}");
		$response->assertStatus(200);
		$response = $this->actingAs($john)->get("/api/v4/users/{$ned->id}");
		$response->assertStatus(200);
}		}

/**		/**
* Test user creation (POST /api/v4/users)		* Test user creation (POST /api/v4/users)
*/		*/
public function testStore(): void		public function testStore(): void
{		{
$jack = $this->getTestUser('jack@kolab.org');		$jack = $this->getTestUser('jack@kolab.org');
▲ Show 20 Lines • Show All 62 Lines • ▼ Show 20 Lines	public function testStore(): void
];		];

$response = $this->actingAs($john)->post("/api/v4/users", $post);		$response = $this->actingAs($john)->post("/api/v4/users", $post);
$json = $response->json();		$json = $response->json();

$response->assertStatus(200);		$response->assertStatus(200);

$this->assertSame('success', $json['status']);		$this->assertSame('success', $json['status']);
$this->assertSame("User created successfully", $json['message']);		$this->assertSame("User created successfully.", $json['message']);
$this->assertCount(2, $json);		$this->assertCount(2, $json);

$user = User::where('email', 'john2.doe2@kolab.org')->first();		$user = User::where('email', 'john2.doe2@kolab.org')->first();
$this->assertInstanceOf(User::class, $user);		$this->assertInstanceOf(User::class, $user);
$this->assertSame('John2', $user->getSetting('first_name'));		$this->assertSame('John2', $user->getSetting('first_name'));
$this->assertSame('Doe2', $user->getSetting('last_name'));		$this->assertSame('Doe2', $user->getSetting('last_name'));
$aliases = $user->aliases()->orderBy('alias')->get();		$aliases = $user->aliases()->orderBy('alias')->get();
$this->assertCount(2, $aliases);		$this->assertCount(2, $aliases);
$this->assertSame('useralias1@kolab.org', $aliases[0]->alias);		$this->assertSame('useralias1@kolab.org', $aliases[0]->alias);
$this->assertSame('useralias2@kolab.org', $aliases[1]->alias);		$this->assertSame('useralias2@kolab.org', $aliases[1]->alias);

// TODO: Test assigning a package to new user		// TODO: Test assigning a package to new user
		// TODO: Test the wallet to which the new user should be assigned to

		// Test acting as account controller (not owner)
		/*
		// FIXME: How do we know to which wallet the new user should be assigned to?

		$this->deleteTestUser('john2.doe2@kolab.org');
		$response = $this->actingAs($ned)->post("/api/v4/users", $post);
		$json = $response->json();

		$response->assertStatus(200);

		$this->assertSame('success', $json['status']);
		*/

		$this->markTestIncomplete();
}		}

/**		/**
* Test user update (PUT /api/v4/users/<user-id>)		* Test user update (PUT /api/v4/users/<user-id>)
*/		*/
public function testUpdate(): void		public function testUpdate(): void
{		{
$userA = $this->getTestUser('UsersControllerTest1@userscontroller.com');		$userA = $this->getTestUser('UsersControllerTest1@userscontroller.com');
$jack = $this->getTestUser('jack@kolab.org');		$jack = $this->getTestUser('jack@kolab.org');
		$john = $this->getTestUser('john@kolab.org');
		$ned = $this->getTestUser('ned@kolab.org');
$domain = $this->getTestDomain(		$domain = $this->getTestDomain(
'userscontroller.com',		'userscontroller.com',
['status' => Domain::STATUS_NEW, 'type' => Domain::TYPE_EXTERNAL]		['status' => Domain::STATUS_NEW, 'type' => Domain::TYPE_EXTERNAL]
);		);

// Test unauthorized update of other user profile		// Test unauthorized update of other user profile
$response = $this->actingAs($jack)->get("/api/v4/users/{$userA->id}", []);		$response = $this->actingAs($jack)->get("/api/v4/users/{$userA->id}", []);
$response->assertStatus(403);		$response->assertStatus(403);

		// Test authorized update of account owner by account controller
		$response = $this->actingAs($ned)->get("/api/v4/users/{$john->id}", []);
		$response->assertStatus(200);

// Test updating of self (empty request)		// Test updating of self (empty request)
$response = $this->actingAs($userA)->put("/api/v4/users/{$userA->id}", []);		$response = $this->actingAs($userA)->put("/api/v4/users/{$userA->id}", []);
$response->assertStatus(200);		$response->assertStatus(200);

$json = $response->json();		$json = $response->json();

$this->assertSame('success', $json['status']);		$this->assertSame('success', $json['status']);
$this->assertSame("User data updated successfully", $json['message']);		$this->assertSame("User data updated successfully.", $json['message']);
$this->assertCount(2, $json);		$this->assertCount(2, $json);

// Test some invalid data		// Test some invalid data
$post = ['password' => '12345678', 'currency' => 'invalid'];		$post = ['password' => '12345678', 'currency' => 'invalid'];
$response = $this->actingAs($userA)->put("/api/v4/users/{$userA->id}", $post);		$response = $this->actingAs($userA)->put("/api/v4/users/{$userA->id}", $post);
$response->assertStatus(422);		$response->assertStatus(422);

$json = $response->json();		$json = $response->json();
Show All 18 Lines	public function testUpdate(): void
];		];

$response = $this->actingAs($userA)->put("/api/v4/users/{$userA->id}", $post);		$response = $this->actingAs($userA)->put("/api/v4/users/{$userA->id}", $post);
$json = $response->json();		$json = $response->json();

$response->assertStatus(200);		$response->assertStatus(200);

$this->assertSame('success', $json['status']);		$this->assertSame('success', $json['status']);
$this->assertSame("User data updated successfully", $json['message']);		$this->assertSame("User data updated successfully.", $json['message']);
$this->assertCount(2, $json);		$this->assertCount(2, $json);
$this->assertTrue($userA->password != $userA->fresh()->password);		$this->assertTrue($userA->password != $userA->fresh()->password);
unset($post['password'], $post['password_confirmation'], $post['aliases']);		unset($post['password'], $post['password_confirmation'], $post['aliases']);
foreach ($post as $key => $value) {		foreach ($post as $key => $value) {
$this->assertSame($value, $userA->getSetting($key));		$this->assertSame($value, $userA->getSetting($key));
}		}
$aliases = $userA->aliases()->orderBy('alias')->get();		$aliases = $userA->aliases()->orderBy('alias')->get();
$this->assertCount(2, $aliases);		$this->assertCount(2, $aliases);
Show All 13 Lines	public function testUpdate(): void
];		];

$response = $this->actingAs($userA)->put("/api/v4/users/{$userA->id}", $post);		$response = $this->actingAs($userA)->put("/api/v4/users/{$userA->id}", $post);
$json = $response->json();		$json = $response->json();

$response->assertStatus(200);		$response->assertStatus(200);

$this->assertSame('success', $json['status']);		$this->assertSame('success', $json['status']);
$this->assertSame("User data updated successfully", $json['message']);		$this->assertSame("User data updated successfully.", $json['message']);
$this->assertCount(2, $json);		$this->assertCount(2, $json);
unset($post['aliases']);		unset($post['aliases']);
foreach ($post as $key => $value) {		foreach ($post as $key => $value) {
$this->assertNull($userA->getSetting($key));		$this->assertNull($userA->getSetting($key));
}		}
$aliases = $userA->aliases()->get();		$aliases = $userA->aliases()->get();
$this->assertCount(1, $aliases);		$this->assertCount(1, $aliases);
$this->assertSame('useralias2@' . \config('app.domain'), $aliases[0]->alias);		$this->assertSame('useralias2@' . \config('app.domain'), $aliases[0]->alias);
Show All 11 Lines	public function testUpdate(): void
$response->assertStatus(422);		$response->assertStatus(422);

$this->assertSame('error', $json['status']);		$this->assertSame('error', $json['status']);
$this->assertCount(2, $json['errors']);		$this->assertCount(2, $json['errors']);
$this->assertCount(1, $json['errors']['aliases']);		$this->assertCount(1, $json['errors']['aliases']);
$this->assertSame("The specified domain is not available.", $json['errors']['aliases'][1]);		$this->assertSame("The specified domain is not available.", $json['errors']['aliases'][1]);
$this->assertSame("The password confirmation does not match.", $json['errors']['password'][0]);		$this->assertSame("The password confirmation does not match.", $json['errors']['password'][0]);

		// Test authorized update of other user
		$response = $this->actingAs($ned)->get("/api/v4/users/{$jack->id}", []);
		$response->assertStatus(200);

// TODO: Test error on aliases with invalid/non-existing/other-user's domain		// TODO: Test error on aliases with invalid/non-existing/other-user's domain
// TODO: Test authorized update of other user
$this->markTestIncomplete();
}		}

/**		/**
* List of alias validation cases for testValidateEmail()		* List of alias validation cases for testValidateEmail()
*		*
* @return array Arguments for testValidateEmail()		* @return array Arguments for testValidateEmail()
*/		*/
public function dataValidateEmail(): array		public function dataValidateEmail(): array
▲ Show 20 Lines • Show All 55 Lines • Show Last 20 Lines