Changeset View
Changeset View
Standalone View
Standalone View
src/tests/Feature/Controller/Reseller/UsersTest.php
- This file was copied from src/tests/Feature/Controller/Admin/UsersTest.php.
<?php | <?php | ||||
namespace Tests\Feature\Controller\Admin; | namespace Tests\Feature\Controller\Reseller; | ||||
use App\Auth\SecondFactor; | use App\Tenant; | ||||
use App\Sku; | use App\Sku; | ||||
use App\User; | |||||
use Illuminate\Support\Facades\Queue; | use Illuminate\Support\Facades\Queue; | ||||
use Tests\TestCase; | use Tests\TestCase; | ||||
class UsersTest extends TestCase | class UsersTest extends TestCase | ||||
{ | { | ||||
/** | /** | ||||
* {@inheritDoc} | * {@inheritDoc} | ||||
*/ | */ | ||||
public function setUp(): void | public function setUp(): void | ||||
{ | { | ||||
parent::setUp(); | parent::setUp(); | ||||
self::useAdminUrl(); | self::useResellerUrl(); | ||||
\config(['app.tenant_id' => 1]); | |||||
$this->deleteTestUser('UsersControllerTest1@userscontroller.com'); | $this->deleteTestUser('UsersControllerTest1@userscontroller.com'); | ||||
$this->deleteTestUser('test@testsearch.com'); | $this->deleteTestUser('test@testsearch.com'); | ||||
$this->deleteTestDomain('testsearch.com'); | $this->deleteTestDomain('testsearch.com'); | ||||
$this->deleteTestGroup('group-test@kolab.org'); | |||||
$jack = $this->getTestUser('jack@kolab.org'); | |||||
$jack->setSetting('external_email', null); | |||||
} | } | ||||
/** | /** | ||||
* {@inheritDoc} | * {@inheritDoc} | ||||
*/ | */ | ||||
public function tearDown(): void | public function tearDown(): void | ||||
{ | { | ||||
$this->deleteTestUser('UsersControllerTest1@userscontroller.com'); | $this->deleteTestUser('UsersControllerTest1@userscontroller.com'); | ||||
$this->deleteTestUser('test@testsearch.com'); | $this->deleteTestUser('test@testsearch.com'); | ||||
$this->deleteTestDomain('testsearch.com'); | $this->deleteTestDomain('testsearch.com'); | ||||
$jack = $this->getTestUser('jack@kolab.org'); | \config(['app.tenant_id' => 1]); | ||||
$jack->setSetting('external_email', null); | |||||
parent::tearDown(); | parent::tearDown(); | ||||
} | } | ||||
/** | /** | ||||
* Test user deleting (DELETE /api/v4/users/<id>) | |||||
*/ | |||||
public function testDestroy(): void | |||||
{ | |||||
$reseller1 = $this->getTestUser('reseller@kolabnow.com'); | |||||
$user = $this->getTestUser('UsersControllerTest1@userscontroller.com'); | |||||
// Test unauth access | |||||
$response = $this->delete("api/v4/users/{$user->id}"); | |||||
$response->assertStatus(401); | |||||
// The end-point does not exist | |||||
$response = $this->actingAs($reseller1)->delete("api/v4/users/{$user->id}"); | |||||
$response->assertStatus(404); | |||||
} | |||||
/** | |||||
* Test users searching (/api/v4/users) | * Test users searching (/api/v4/users) | ||||
*/ | */ | ||||
public function testIndex(): void | public function testIndex(): void | ||||
{ | { | ||||
Queue::fake(); | |||||
$user = $this->getTestUser('john@kolab.org'); | $user = $this->getTestUser('john@kolab.org'); | ||||
$admin = $this->getTestUser('jeroen@jeroen.jeroen'); | $admin = $this->getTestUser('jeroen@jeroen.jeroen'); | ||||
$group = $this->getTestGroup('group-test@kolab.org'); | $reseller1 = $this->getTestUser('reseller@kolabnow.com'); | ||||
$group->assignToWallet($user->wallets->first()); | $reseller2 = $this->getTestUser('reseller@reseller.com'); | ||||
\config(['app.tenant_id' => 2]); | |||||
// Guess access | |||||
$response = $this->get("api/v4/users"); | |||||
$response->assertStatus(401); | |||||
// Non-admin user | // Normal user | ||||
$response = $this->actingAs($user)->get("api/v4/users"); | $response = $this->actingAs($user)->get("api/v4/users"); | ||||
$response->assertStatus(403); | $response->assertStatus(403); | ||||
// Search with no search criteria | // Admin user | ||||
$response = $this->actingAs($admin)->get("api/v4/users"); | $response = $this->actingAs($admin)->get("api/v4/users"); | ||||
$response->assertStatus(403); | |||||
// Reseller from another tenant | |||||
$response = $this->actingAs($reseller1)->get("api/v4/users"); | |||||
$response->assertStatus(403); | |||||
// Search with no search criteria | |||||
$response = $this->actingAs($reseller2)->get("api/v4/users"); | |||||
$response->assertStatus(200); | $response->assertStatus(200); | ||||
$json = $response->json(); | $json = $response->json(); | ||||
$this->assertSame(0, $json['count']); | $this->assertSame(0, $json['count']); | ||||
$this->assertSame([], $json['list']); | $this->assertSame([], $json['list']); | ||||
// Search with no matches expected | // Search with no matches expected | ||||
$response = $this->actingAs($admin)->get("api/v4/users?search=abcd1234efgh5678"); | $response = $this->actingAs($reseller2)->get("api/v4/users?search=abcd1234efgh5678"); | ||||
$response->assertStatus(200); | $response->assertStatus(200); | ||||
$json = $response->json(); | $json = $response->json(); | ||||
$this->assertSame(0, $json['count']); | $this->assertSame(0, $json['count']); | ||||
$this->assertSame([], $json['list']); | $this->assertSame([], $json['list']); | ||||
// Search by domain in another tenant | |||||
$response = $this->actingAs($reseller2)->get("api/v4/users?search=kolab.org"); | |||||
$response->assertStatus(200); | |||||
$json = $response->json(); | |||||
$this->assertSame(0, $json['count']); | |||||
$this->assertSame([], $json['list']); | |||||
// Search by user ID in another tenant | |||||
$response = $this->actingAs($reseller2)->get("api/v4/users?search={$user->id}"); | |||||
$response->assertStatus(200); | |||||
$json = $response->json(); | |||||
$this->assertSame(0, $json['count']); | |||||
$this->assertSame([], $json['list']); | |||||
// Search by email (primary) - existing user in another tenant | |||||
$response = $this->actingAs($reseller2)->get("api/v4/users?search=john@kolab.org"); | |||||
$response->assertStatus(200); | |||||
$json = $response->json(); | |||||
$this->assertSame(0, $json['count']); | |||||
$this->assertSame([], $json['list']); | |||||
// Search by owner - existing user in another tenant | |||||
$response = $this->actingAs($reseller2)->get("api/v4/users?owner={$user->id}"); | |||||
$response->assertStatus(200); | |||||
$json = $response->json(); | |||||
$this->assertSame(0, $json['count']); | |||||
$this->assertSame([], $json['list']); | |||||
// Create a domain with some users in the Sample Tenant so we have anything to search for | |||||
$domain = $this->getTestDomain('testsearch.com', ['type' => \App\Domain::TYPE_EXTERNAL]); | |||||
$domain->tenant_id = 2; | |||||
$domain->save(); | |||||
$user = $this->getTestUser('test@testsearch.com'); | |||||
$user->tenant_id = 2; | |||||
$user->save(); | |||||
$plan = \App\Plan::where('title', 'group')->first(); | |||||
$user->assignPlan($plan, $domain); | |||||
$user->setAliases(['alias@testsearch.com']); | |||||
$user->setSetting('external_email', 'john.doe.external@gmail.com'); | |||||
// Search by domain | // Search by domain | ||||
$response = $this->actingAs($admin)->get("api/v4/users?search=kolab.org"); | $response = $this->actingAs($reseller2)->get("api/v4/users?search=testsearch.com"); | ||||
$response->assertStatus(200); | $response->assertStatus(200); | ||||
$json = $response->json(); | $json = $response->json(); | ||||
$this->assertSame(1, $json['count']); | $this->assertSame(1, $json['count']); | ||||
$this->assertCount(1, $json['list']); | $this->assertCount(1, $json['list']); | ||||
$this->assertSame($user->id, $json['list'][0]['id']); | $this->assertSame($user->id, $json['list'][0]['id']); | ||||
$this->assertSame($user->email, $json['list'][0]['email']); | $this->assertSame($user->email, $json['list'][0]['email']); | ||||
// Search by user ID | // Search by user ID | ||||
$response = $this->actingAs($admin)->get("api/v4/users?search={$user->id}"); | $response = $this->actingAs($reseller2)->get("api/v4/users?search={$user->id}"); | ||||
$response->assertStatus(200); | $response->assertStatus(200); | ||||
$json = $response->json(); | $json = $response->json(); | ||||
$this->assertSame(1, $json['count']); | $this->assertSame(1, $json['count']); | ||||
$this->assertCount(1, $json['list']); | $this->assertCount(1, $json['list']); | ||||
$this->assertSame($user->id, $json['list'][0]['id']); | $this->assertSame($user->id, $json['list'][0]['id']); | ||||
$this->assertSame($user->email, $json['list'][0]['email']); | $this->assertSame($user->email, $json['list'][0]['email']); | ||||
// Search by email (primary) | // Search by email (primary) - existing user in reseller's tenant | ||||
$response = $this->actingAs($admin)->get("api/v4/users?search=john@kolab.org"); | $response = $this->actingAs($reseller2)->get("api/v4/users?search=test@testsearch.com"); | ||||
$response->assertStatus(200); | $response->assertStatus(200); | ||||
$json = $response->json(); | $json = $response->json(); | ||||
$this->assertSame(1, $json['count']); | $this->assertSame(1, $json['count']); | ||||
$this->assertCount(1, $json['list']); | $this->assertCount(1, $json['list']); | ||||
$this->assertSame($user->id, $json['list'][0]['id']); | $this->assertSame($user->id, $json['list'][0]['id']); | ||||
$this->assertSame($user->email, $json['list'][0]['email']); | $this->assertSame($user->email, $json['list'][0]['email']); | ||||
// Search by email (alias) | // Search by email (alias) | ||||
$response = $this->actingAs($admin)->get("api/v4/users?search=john.doe@kolab.org"); | $response = $this->actingAs($reseller2)->get("api/v4/users?search=alias@testsearch.com"); | ||||
$response->assertStatus(200); | $response->assertStatus(200); | ||||
$json = $response->json(); | $json = $response->json(); | ||||
$this->assertSame(1, $json['count']); | $this->assertSame(1, $json['count']); | ||||
$this->assertCount(1, $json['list']); | $this->assertCount(1, $json['list']); | ||||
$this->assertSame($user->id, $json['list'][0]['id']); | $this->assertSame($user->id, $json['list'][0]['id']); | ||||
$this->assertSame($user->email, $json['list'][0]['email']); | $this->assertSame($user->email, $json['list'][0]['email']); | ||||
// Search by email (external), expect two users in a result | // Search by email (external), there are two users with this email, but only one | ||||
$jack = $this->getTestUser('jack@kolab.org'); | // in the reseller's tenant | ||||
$jack->setSetting('external_email', 'john.doe.external@gmail.com'); | $response = $this->actingAs($reseller2)->get("api/v4/users?search=john.doe.external@gmail.com"); | ||||
$response = $this->actingAs($admin)->get("api/v4/users?search=john.doe.external@gmail.com"); | |||||
$response->assertStatus(200); | $response->assertStatus(200); | ||||
$json = $response->json(); | $json = $response->json(); | ||||
$this->assertSame(2, $json['count']); | $this->assertSame(1, $json['count']); | ||||
$this->assertCount(2, $json['list']); | $this->assertCount(1, $json['list']); | ||||
$this->assertSame($user->id, $json['list'][0]['id']); | |||||
$emails = array_column($json['list'], 'email'); | $this->assertSame($user->email, $json['list'][0]['email']); | ||||
$this->assertContains($user->email, $emails); | |||||
$this->assertContains($jack->email, $emails); | |||||
// Search by owner | // Search by owner | ||||
$response = $this->actingAs($admin)->get("api/v4/users?owner={$user->id}"); | $response = $this->actingAs($reseller2)->get("api/v4/users?owner={$user->id}"); | ||||
$response->assertStatus(200); | |||||
$json = $response->json(); | |||||
$this->assertSame(4, $json['count']); | |||||
$this->assertCount(4, $json['list']); | |||||
// Search by owner (Ned is a controller on John's wallets, | |||||
// here we expect only users assigned to Ned's wallet(s)) | |||||
$ned = $this->getTestUser('ned@kolab.org'); | |||||
$response = $this->actingAs($admin)->get("api/v4/users?owner={$ned->id}"); | |||||
$response->assertStatus(200); | |||||
$json = $response->json(); | |||||
$this->assertSame(0, $json['count']); | |||||
$this->assertCount(0, $json['list']); | |||||
// Search by distribution list email | |||||
$response = $this->actingAs($admin)->get("api/v4/users?search=group-test@kolab.org"); | |||||
$response->assertStatus(200); | $response->assertStatus(200); | ||||
$json = $response->json(); | $json = $response->json(); | ||||
$this->assertSame(1, $json['count']); | $this->assertSame(1, $json['count']); | ||||
$this->assertCount(1, $json['list']); | $this->assertCount(1, $json['list']); | ||||
$this->assertSame($user->id, $json['list'][0]['id']); | $this->assertSame($user->id, $json['list'][0]['id']); | ||||
$this->assertSame($user->email, $json['list'][0]['email']); | $this->assertSame($user->email, $json['list'][0]['email']); | ||||
// Deleted users/domains | // Deleted users/domains | ||||
$domain = $this->getTestDomain('testsearch.com', ['type' => \App\Domain::TYPE_EXTERNAL]); | |||||
$user = $this->getTestUser('test@testsearch.com'); | |||||
$plan = \App\Plan::where('title', 'group')->first(); | |||||
$user->assignPlan($plan, $domain); | |||||
$user->setAliases(['alias@testsearch.com']); | |||||
Queue::fake(); | |||||
$user->delete(); | $user->delete(); | ||||
$response = $this->actingAs($admin)->get("api/v4/users?search=test@testsearch.com"); | $response = $this->actingAs($reseller2)->get("api/v4/users?search=test@testsearch.com"); | ||||
$response->assertStatus(200); | $response->assertStatus(200); | ||||
$json = $response->json(); | $json = $response->json(); | ||||
$this->assertSame(1, $json['count']); | $this->assertSame(1, $json['count']); | ||||
$this->assertCount(1, $json['list']); | $this->assertCount(1, $json['list']); | ||||
$this->assertSame($user->id, $json['list'][0]['id']); | $this->assertSame($user->id, $json['list'][0]['id']); | ||||
$this->assertSame($user->email, $json['list'][0]['email']); | $this->assertSame($user->email, $json['list'][0]['email']); | ||||
$this->assertTrue($json['list'][0]['isDeleted']); | $this->assertTrue($json['list'][0]['isDeleted']); | ||||
$response = $this->actingAs($admin)->get("api/v4/users?search=alias@testsearch.com"); | $response = $this->actingAs($reseller2)->get("api/v4/users?search=alias@testsearch.com"); | ||||
$response->assertStatus(200); | $response->assertStatus(200); | ||||
$json = $response->json(); | $json = $response->json(); | ||||
$this->assertSame(1, $json['count']); | $this->assertSame(1, $json['count']); | ||||
$this->assertCount(1, $json['list']); | $this->assertCount(1, $json['list']); | ||||
$this->assertSame($user->id, $json['list'][0]['id']); | $this->assertSame($user->id, $json['list'][0]['id']); | ||||
$this->assertSame($user->email, $json['list'][0]['email']); | $this->assertSame($user->email, $json['list'][0]['email']); | ||||
$this->assertTrue($json['list'][0]['isDeleted']); | $this->assertTrue($json['list'][0]['isDeleted']); | ||||
$response = $this->actingAs($admin)->get("api/v4/users?search=testsearch.com"); | $response = $this->actingAs($reseller2)->get("api/v4/users?search=testsearch.com"); | ||||
$response->assertStatus(200); | $response->assertStatus(200); | ||||
$json = $response->json(); | $json = $response->json(); | ||||
$this->assertSame(1, $json['count']); | $this->assertSame(1, $json['count']); | ||||
$this->assertCount(1, $json['list']); | $this->assertCount(1, $json['list']); | ||||
$this->assertSame($user->id, $json['list'][0]['id']); | $this->assertSame($user->id, $json['list'][0]['id']); | ||||
$this->assertSame($user->email, $json['list'][0]['email']); | $this->assertSame($user->email, $json['list'][0]['email']); | ||||
$this->assertTrue($json['list'][0]['isDeleted']); | $this->assertTrue($json['list'][0]['isDeleted']); | ||||
} | } | ||||
/** | /** | ||||
* Test reseting 2FA (POST /api/v4/users/<user-id>/reset2FA) | * Test reseting 2FA (POST /api/v4/users/<user-id>/reset2FA) | ||||
*/ | */ | ||||
public function testReset2FA(): void | public function testReset2FA(): void | ||||
{ | { | ||||
$user = $this->getTestUser('UsersControllerTest1@userscontroller.com'); | $user = $this->getTestUser('UsersControllerTest1@userscontroller.com'); | ||||
$admin = $this->getTestUser('jeroen@jeroen.jeroen'); | $admin = $this->getTestUser('jeroen@jeroen.jeroen'); | ||||
$reseller1 = $this->getTestUser('reseller@kolabnow.com'); | |||||
$reseller2 = $this->getTestUser('reseller@reseller.com'); | |||||
$sku2fa = Sku::firstOrCreate(['title' => '2fa']); | $sku2fa = \App\Sku::firstOrCreate(['title' => '2fa']); | ||||
$user->assignSku($sku2fa); | $user->assignSku($sku2fa); | ||||
SecondFactor::seed('userscontrollertest1@userscontroller.com'); | \App\Auth\SecondFactor::seed('userscontrollertest1@userscontroller.com'); | ||||
// Test unauthorized access to admin API | // Test unauthorized access | ||||
$response = $this->actingAs($user)->post("/api/v4/users/{$user->id}/reset2FA", []); | $response = $this->actingAs($user)->post("/api/v4/users/{$user->id}/reset2FA", []); | ||||
$response->assertStatus(403); | $response->assertStatus(403); | ||||
$response = $this->actingAs($admin)->post("/api/v4/users/{$user->id}/reset2FA", []); | |||||
$response->assertStatus(403); | |||||
$response = $this->actingAs($reseller2)->post("/api/v4/users/{$user->id}/reset2FA", []); | |||||
$response->assertStatus(403); | |||||
// Touching admins is forbidden | |||||
$response = $this->actingAs($reseller1)->post("/api/v4/users/{$admin->id}/reset2FA", []); | |||||
$response->assertStatus(404); | |||||
$entitlements = $user->fresh()->entitlements()->where('sku_id', $sku2fa->id)->get(); | $entitlements = $user->fresh()->entitlements()->where('sku_id', $sku2fa->id)->get(); | ||||
$this->assertCount(1, $entitlements); | $this->assertCount(1, $entitlements); | ||||
$sf = new SecondFactor($user); | $sf = new \App\Auth\SecondFactor($user); | ||||
$this->assertCount(1, $sf->factors()); | $this->assertCount(1, $sf->factors()); | ||||
// Test reseting 2FA | // Test reseting 2FA | ||||
$response = $this->actingAs($admin)->post("/api/v4/users/{$user->id}/reset2FA", []); | $response = $this->actingAs($reseller1)->post("/api/v4/users/{$user->id}/reset2FA", []); | ||||
$response->assertStatus(200); | $response->assertStatus(200); | ||||
$json = $response->json(); | $json = $response->json(); | ||||
$this->assertSame('success', $json['status']); | $this->assertSame('success', $json['status']); | ||||
$this->assertSame("2-Factor authentication reset successfully.", $json['message']); | $this->assertSame("2-Factor authentication reset successfully.", $json['message']); | ||||
$this->assertCount(2, $json); | $this->assertCount(2, $json); | ||||
$entitlements = $user->fresh()->entitlements()->where('sku_id', $sku2fa->id)->get(); | $entitlements = $user->fresh()->entitlements()->where('sku_id', $sku2fa->id)->get(); | ||||
$this->assertCount(0, $entitlements); | $this->assertCount(0, $entitlements); | ||||
$sf = new SecondFactor($user); | $sf = new \App\Auth\SecondFactor($user); | ||||
$this->assertCount(0, $sf->factors()); | $this->assertCount(0, $sf->factors()); | ||||
// Other tenant's user | |||||
\config(['app.tenant_id' => 2]); | |||||
$response = $this->actingAs($reseller2)->post("/api/v4/users/{$user->id}/reset2FA", []); | |||||
$response->assertStatus(404); | |||||
} | |||||
/** | |||||
* Test user creation (POST /api/v4/users) | |||||
*/ | |||||
public function testStore(): void | |||||
{ | |||||
$reseller1 = $this->getTestUser('reseller@kolabnow.com'); | |||||
// The end-point does not exist | |||||
$response = $this->actingAs($reseller1)->post("/api/v4/users", []); | |||||
$response->assertStatus(404); | |||||
} | } | ||||
/** | /** | ||||
* Test user suspending (POST /api/v4/users/<user-id>/suspend) | * Test user suspending (POST /api/v4/users/<user-id>/suspend) | ||||
*/ | */ | ||||
public function testSuspend(): void | public function testSuspend(): void | ||||
{ | { | ||||
Queue::fake(); // disable jobs | Queue::fake(); // disable jobs | ||||
$user = $this->getTestUser('UsersControllerTest1@userscontroller.com'); | $user = $this->getTestUser('UsersControllerTest1@userscontroller.com'); | ||||
$admin = $this->getTestUser('jeroen@jeroen.jeroen'); | $admin = $this->getTestUser('jeroen@jeroen.jeroen'); | ||||
$reseller1 = $this->getTestUser('reseller@kolabnow.com'); | |||||
$reseller2 = $this->getTestUser('reseller@reseller.com'); | |||||
// Test unauthorized access to admin API | // Test unauthorized access | ||||
$response = $this->actingAs($user)->post("/api/v4/users/{$user->id}/suspend", []); | $response = $this->actingAs($user)->post("/api/v4/users/{$user->id}/suspend", []); | ||||
$response->assertStatus(403); | $response->assertStatus(403); | ||||
$response = $this->actingAs($admin)->post("/api/v4/users/{$user->id}/suspend", []); | |||||
$response->assertStatus(403); | |||||
$response = $this->actingAs($reseller2)->post("/api/v4/users/{$user->id}/suspend", []); | |||||
$response->assertStatus(403); | |||||
$response = $this->actingAs($reseller1)->post("/api/v4/users/{$admin->id}/suspend", []); | |||||
$response->assertStatus(404); | |||||
$this->assertFalse($user->isSuspended()); | $this->assertFalse($user->isSuspended()); | ||||
// Test suspending the user | // Test suspending the user | ||||
$response = $this->actingAs($admin)->post("/api/v4/users/{$user->id}/suspend", []); | $response = $this->actingAs($reseller1)->post("/api/v4/users/{$user->id}/suspend", []); | ||||
$response->assertStatus(200); | $response->assertStatus(200); | ||||
$json = $response->json(); | $json = $response->json(); | ||||
$this->assertSame('success', $json['status']); | $this->assertSame('success', $json['status']); | ||||
$this->assertSame("User suspended successfully.", $json['message']); | $this->assertSame("User suspended successfully.", $json['message']); | ||||
$this->assertCount(2, $json); | $this->assertCount(2, $json); | ||||
$this->assertTrue($user->fresh()->isSuspended()); | $this->assertTrue($user->fresh()->isSuspended()); | ||||
// Access to other tenant's users | |||||
\config(['app.tenant_id' => 2]); | |||||
$response = $this->actingAs($reseller2)->post("/api/v4/users/{$user->id}/suspend", []); | |||||
$response->assertStatus(404); | |||||
} | } | ||||
/** | /** | ||||
* Test user un-suspending (POST /api/v4/users/<user-id>/unsuspend) | * Test user un-suspending (POST /api/v4/users/<user-id>/unsuspend) | ||||
*/ | */ | ||||
public function testUnsuspend(): void | public function testUnsuspend(): void | ||||
{ | { | ||||
Queue::fake(); // disable jobs | Queue::fake(); // disable jobs | ||||
$user = $this->getTestUser('UsersControllerTest1@userscontroller.com'); | $user = $this->getTestUser('UsersControllerTest1@userscontroller.com'); | ||||
$admin = $this->getTestUser('jeroen@jeroen.jeroen'); | $admin = $this->getTestUser('jeroen@jeroen.jeroen'); | ||||
$reseller1 = $this->getTestUser('reseller@kolabnow.com'); | |||||
$reseller2 = $this->getTestUser('reseller@reseller.com'); | |||||
// Test unauthorized access to admin API | // Test unauthorized access to admin API | ||||
$response = $this->actingAs($user)->post("/api/v4/users/{$user->id}/unsuspend", []); | $response = $this->actingAs($user)->post("/api/v4/users/{$user->id}/unsuspend", []); | ||||
$response->assertStatus(403); | $response->assertStatus(403); | ||||
$response = $this->actingAs($admin)->post("/api/v4/users/{$user->id}/unsuspend", []); | |||||
$response->assertStatus(403); | |||||
$response = $this->actingAs($reseller2)->post("/api/v4/users/{$user->id}/unsuspend", []); | |||||
$response->assertStatus(403); | |||||
$response = $this->actingAs($reseller1)->post("/api/v4/users/{$admin->id}/unsuspend", []); | |||||
$response->assertStatus(404); | |||||
$this->assertFalse($user->isSuspended()); | $this->assertFalse($user->isSuspended()); | ||||
$user->suspend(); | $user->suspend(); | ||||
$this->assertTrue($user->isSuspended()); | $this->assertTrue($user->isSuspended()); | ||||
// Test suspending the user | // Test suspending the user | ||||
$response = $this->actingAs($admin)->post("/api/v4/users/{$user->id}/unsuspend", []); | $response = $this->actingAs($reseller1)->post("/api/v4/users/{$user->id}/unsuspend", []); | ||||
$response->assertStatus(200); | $response->assertStatus(200); | ||||
$json = $response->json(); | $json = $response->json(); | ||||
$this->assertSame('success', $json['status']); | $this->assertSame('success', $json['status']); | ||||
$this->assertSame("User unsuspended successfully.", $json['message']); | $this->assertSame("User unsuspended successfully.", $json['message']); | ||||
$this->assertCount(2, $json); | $this->assertCount(2, $json); | ||||
$this->assertFalse($user->fresh()->isSuspended()); | $this->assertFalse($user->fresh()->isSuspended()); | ||||
// Access to other tenant's users | |||||
\config(['app.tenant_id' => 2]); | |||||
$response = $this->actingAs($reseller2)->post("/api/v4/users/{$user->id}/unsuspend", []); | |||||
$response->assertStatus(404); | |||||
} | } | ||||
/** | /** | ||||
* Test user update (PUT /api/v4/users/<user-id>) | * Test user update (PUT /api/v4/users/<user-id>) | ||||
*/ | */ | ||||
public function testUpdate(): void | public function testUpdate(): void | ||||
{ | { | ||||
$user = $this->getTestUser('UsersControllerTest1@userscontroller.com'); | $user = $this->getTestUser('UsersControllerTest1@userscontroller.com'); | ||||
$admin = $this->getTestUser('jeroen@jeroen.jeroen'); | $admin = $this->getTestUser('jeroen@jeroen.jeroen'); | ||||
$reseller1 = $this->getTestUser('reseller@kolabnow.com'); | |||||
$reseller2 = $this->getTestUser('reseller@reseller.com'); | |||||
// Test unauthorized access to admin API | // Test unauthorized access | ||||
$response = $this->actingAs($user)->put("/api/v4/users/{$user->id}", []); | $response = $this->actingAs($user)->put("/api/v4/users/{$user->id}", []); | ||||
$response->assertStatus(403); | $response->assertStatus(403); | ||||
// Test updatig the user data (empty data) | |||||
$response = $this->actingAs($admin)->put("/api/v4/users/{$user->id}", []); | $response = $this->actingAs($admin)->put("/api/v4/users/{$user->id}", []); | ||||
$response->assertStatus(403); | |||||
$response = $this->actingAs($reseller2)->put("/api/v4/users/{$user->id}", []); | |||||
$response->assertStatus(403); | |||||
$response = $this->actingAs($reseller1)->put("/api/v4/users/{$admin->id}", []); | |||||
$response->assertStatus(404); | |||||
// Test updatig the user data (empty data) | |||||
$response = $this->actingAs($reseller1)->put("/api/v4/users/{$user->id}", []); | |||||
$response->assertStatus(200); | $response->assertStatus(200); | ||||
$json = $response->json(); | $json = $response->json(); | ||||
$this->assertSame('success', $json['status']); | $this->assertSame('success', $json['status']); | ||||
$this->assertSame("User data updated successfully.", $json['message']); | $this->assertSame("User data updated successfully.", $json['message']); | ||||
$this->assertCount(2, $json); | $this->assertCount(2, $json); | ||||
// Test error handling | // Test error handling | ||||
$post = ['external_email' => 'aaa']; | $post = ['external_email' => 'aaa']; | ||||
$response = $this->actingAs($admin)->put("/api/v4/users/{$user->id}", $post); | $response = $this->actingAs($reseller1)->put("/api/v4/users/{$user->id}", $post); | ||||
$response->assertStatus(422); | $response->assertStatus(422); | ||||
$json = $response->json(); | $json = $response->json(); | ||||
$this->assertSame('error', $json['status']); | $this->assertSame('error', $json['status']); | ||||
$this->assertSame("The external email must be a valid email address.", $json['errors']['external_email'][0]); | $this->assertSame("The external email must be a valid email address.", $json['errors']['external_email'][0]); | ||||
$this->assertCount(2, $json); | $this->assertCount(2, $json); | ||||
// Test real update | // Test real update | ||||
$post = ['external_email' => 'modified@test.com']; | $post = ['external_email' => 'modified@test.com']; | ||||
$response = $this->actingAs($admin)->put("/api/v4/users/{$user->id}", $post); | $response = $this->actingAs($reseller1)->put("/api/v4/users/{$user->id}", $post); | ||||
$response->assertStatus(200); | $response->assertStatus(200); | ||||
$json = $response->json(); | $json = $response->json(); | ||||
$this->assertSame('success', $json['status']); | $this->assertSame('success', $json['status']); | ||||
$this->assertSame("User data updated successfully.", $json['message']); | $this->assertSame("User data updated successfully.", $json['message']); | ||||
$this->assertCount(2, $json); | $this->assertCount(2, $json); | ||||
$this->assertSame('modified@test.com', $user->getSetting('external_email')); | $this->assertSame('modified@test.com', $user->getSetting('external_email')); | ||||
// Access to other tenant's users | |||||
\config(['app.tenant_id' => 2]); | |||||
$response = $this->actingAs($reseller2)->put("/api/v4/users/{$user->id}", $post); | |||||
$response->assertStatus(404); | |||||
} | } | ||||
} | } |