Changeset View
Changeset View
Standalone View
Standalone View
src/tests/Feature/Controller/Reseller/DomainsTest.php
Show All 12 Lines | |||||
{ | { | ||||
/** | /** | ||||
* {@inheritDoc} | * {@inheritDoc} | ||||
*/ | */ | ||||
public function setUp(): void | public function setUp(): void | ||||
{ | { | ||||
parent::setUp(); | parent::setUp(); | ||||
self::useResellerUrl(); | self::useResellerUrl(); | ||||
\config(['app.tenant_id' => 1]); | |||||
$this->deleteTestDomain('domainscontroller.com'); | $this->deleteTestDomain('domainscontroller.com'); | ||||
} | } | ||||
/** | /** | ||||
* {@inheritDoc} | * {@inheritDoc} | ||||
*/ | */ | ||||
public function tearDown(): void | public function tearDown(): void | ||||
{ | { | ||||
\config(['app.tenant_id' => 1]); | |||||
$this->deleteTestDomain('domainscontroller.com'); | $this->deleteTestDomain('domainscontroller.com'); | ||||
parent::tearDown(); | parent::tearDown(); | ||||
} | } | ||||
/** | /** | ||||
* Test domain confirm request | * Test domain confirm request | ||||
*/ | */ | ||||
public function testConfirm(): void | public function testConfirm(): void | ||||
{ | { | ||||
$reseller1 = $this->getTestUser('reseller@kolabnow.com'); | $reseller1 = $this->getTestUser('reseller@' . \config('app.domain')); | ||||
$domain = $this->getTestDomain('domainscontroller.com', [ | $domain = $this->getTestDomain('domainscontroller.com', [ | ||||
'status' => Domain::STATUS_NEW, | 'status' => Domain::STATUS_NEW, | ||||
'type' => Domain::TYPE_EXTERNAL, | 'type' => Domain::TYPE_EXTERNAL, | ||||
]); | ]); | ||||
// THe end-point exists on the users controller, but not reseller's | // THe end-point exists on the users controller, but not reseller's | ||||
$response = $this->actingAs($reseller1)->get("api/v4/domains/{$domain->id}/confirm"); | $response = $this->actingAs($reseller1)->get("api/v4/domains/{$domain->id}/confirm"); | ||||
$response->assertStatus(404); | $response->assertStatus(404); | ||||
} | } | ||||
/** | /** | ||||
* Test domains searching (/api/v4/domains) | * Test domains searching (/api/v4/domains) | ||||
*/ | */ | ||||
public function testIndex(): void | public function testIndex(): void | ||||
{ | { | ||||
$user = $this->getTestUser('john@kolab.org'); | $user = $this->getTestUser('john@kolab.org'); | ||||
$admin = $this->getTestUser('jeroen@jeroen.jeroen'); | $admin = $this->getTestUser('jeroen@jeroen.jeroen'); | ||||
$reseller1 = $this->getTestUser('reseller@kolabnow.com'); | $reseller1 = $this->getTestUser('reseller@' . \config('app.domain')); | ||||
$reseller2 = $this->getTestUser('reseller@reseller.com'); | $reseller2 = $this->getTestUser('reseller@sample-tenant.dev-local'); | ||||
// Non-admin user | // Non-admin user | ||||
$response = $this->actingAs($user)->get("api/v4/domains"); | $response = $this->actingAs($user)->get("api/v4/domains"); | ||||
$response->assertStatus(403); | $response->assertStatus(403); | ||||
// Admin user | // Admin user | ||||
$response = $this->actingAs($admin)->get("api/v4/domains"); | $response = $this->actingAs($admin)->get("api/v4/domains"); | ||||
$response->assertStatus(403); | $response->assertStatus(403); | ||||
// Reseller from a different tenant | |||||
$response = $this->actingAs($reseller2)->get("api/v4/domains"); | |||||
$response->assertStatus(403); | |||||
// Search with no matches expected | // Search with no matches expected | ||||
$response = $this->actingAs($reseller1)->get("api/v4/domains?search=abcd12.org"); | $response = $this->actingAs($reseller1)->get("api/v4/domains?search=abcd12.org"); | ||||
$response->assertStatus(200); | $response->assertStatus(200); | ||||
$json = $response->json(); | $json = $response->json(); | ||||
$this->assertSame(0, $json['count']); | $this->assertSame(0, $json['count']); | ||||
$this->assertSame([], $json['list']); | $this->assertSame([], $json['list']); | ||||
// Search by a domain name | // Search by a domain name | ||||
$response = $this->actingAs($reseller1)->get("api/v4/domains?search=kolab.org"); | $response = $this->actingAs($reseller1)->get("api/v4/domains?search=kolab.org"); | ||||
$response->assertStatus(200); | $response->assertStatus(200); | ||||
$json = $response->json(); | $json = $response->json(); | ||||
$this->assertSame(1, $json['count']); | $this->assertSame(1, $json['count']); | ||||
$this->assertCount(1, $json['list']); | $this->assertCount(1, $json['list']); | ||||
$this->assertSame('kolab.org', $json['list'][0]['namespace']); | $this->assertSame('kolab.org', $json['list'][0]['namespace']); | ||||
// Search by owner | // Search by owner | ||||
$response = $this->actingAs($reseller1)->get("api/v4/domains?owner={$user->id}"); | $response = $this->actingAs($reseller1)->get("api/v4/domains?owner={$user->id}"); | ||||
$response->assertStatus(200); | $response->assertStatus(200); | ||||
$json = $response->json(); | $json = $response->json(); | ||||
$this->assertSame(1, $json['count']); | $this->assertSame(1, $json['count']); | ||||
$this->assertCount(1, $json['list']); | $this->assertCount(1, $json['list']); | ||||
$this->assertSame('kolab.org', $json['list'][0]['namespace']); | $this->assertSame('kolab.org', $json['list'][0]['namespace']); | ||||
// Search by owner (Ned is a controller on John's wallets, | // Search by owner (Ned is a controller on John's wallets, | ||||
// here we expect only domains assigned to Ned's wallet(s)) | // here we expect only domains assigned to Ned's wallet(s)) | ||||
$ned = $this->getTestUser('ned@kolab.org'); | $ned = $this->getTestUser('ned@kolab.org'); | ||||
$response = $this->actingAs($reseller1)->get("api/v4/domains?owner={$ned->id}"); | $response = $this->actingAs($reseller1)->get("api/v4/domains?owner={$ned->id}"); | ||||
$response->assertStatus(200); | $response->assertStatus(200); | ||||
$json = $response->json(); | $json = $response->json(); | ||||
$this->assertSame(0, $json['count']); | $this->assertSame(0, $json['count']); | ||||
$this->assertCount(0, $json['list']); | $this->assertCount(0, $json['list']); | ||||
// Test unauth access to other tenant's domains | // Test unauth access to other tenant's domains | ||||
\config(['app.tenant_id' => 2]); | |||||
$response = $this->actingAs($reseller2)->get("api/v4/domains?search=kolab.org"); | $response = $this->actingAs($reseller2)->get("api/v4/domains?search=kolab.org"); | ||||
$response->assertStatus(200); | $response->assertStatus(200); | ||||
$json = $response->json(); | $json = $response->json(); | ||||
$this->assertSame(0, $json['count']); | $this->assertSame(0, $json['count']); | ||||
$this->assertSame([], $json['list']); | $this->assertSame([], $json['list']); | ||||
$response = $this->actingAs($reseller2)->get("api/v4/domains?owner={$user->id}"); | $response = $this->actingAs($reseller2)->get("api/v4/domains?owner={$user->id}"); | ||||
$response->assertStatus(200); | $response->assertStatus(200); | ||||
$json = $response->json(); | $json = $response->json(); | ||||
$this->assertSame(0, $json['count']); | $this->assertSame(0, $json['count']); | ||||
$this->assertSame([], $json['list']); | $this->assertSame([], $json['list']); | ||||
} | } | ||||
/** | /** | ||||
* Test fetching domain info | * Test fetching domain info | ||||
*/ | */ | ||||
public function testShow(): void | public function testShow(): void | ||||
{ | { | ||||
$sku_domain = Sku::where('title', 'domain-hosting')->first(); | $sku_domain = Sku::withEnvTenantContext()->where('title', 'domain-hosting')->first(); | ||||
$admin = $this->getTestUser('jeroen@jeroen.jeroen'); | $admin = $this->getTestUser('jeroen@jeroen.jeroen'); | ||||
$user = $this->getTestUser('test1@domainscontroller.com'); | $user = $this->getTestUser('test1@domainscontroller.com'); | ||||
$reseller1 = $this->getTestUser('reseller@kolabnow.com'); | $reseller1 = $this->getTestUser('reseller@' . \config('app.domain')); | ||||
$reseller2 = $this->getTestUser('reseller@reseller.com'); | $reseller2 = $this->getTestUser('reseller@sample-tenant.dev-local'); | ||||
$domain = $this->getTestDomain('domainscontroller.com', [ | $domain = $this->getTestDomain('domainscontroller.com', [ | ||||
'status' => Domain::STATUS_NEW, | 'status' => Domain::STATUS_NEW, | ||||
'type' => Domain::TYPE_EXTERNAL, | 'type' => Domain::TYPE_EXTERNAL, | ||||
]); | ]); | ||||
Entitlement::create([ | Entitlement::create([ | ||||
'wallet_id' => $user->wallets()->first()->id, | 'wallet_id' => $user->wallets()->first()->id, | ||||
'sku_id' => $sku_domain->id, | 'sku_id' => $sku_domain->id, | ||||
'entitleable_id' => $domain->id, | 'entitleable_id' => $domain->id, | ||||
'entitleable_type' => Domain::class | 'entitleable_type' => Domain::class | ||||
]); | ]); | ||||
// Unauthorized access (user) | // Unauthorized access (user) | ||||
$response = $this->actingAs($user)->get("api/v4/domains/{$domain->id}"); | $response = $this->actingAs($user)->get("api/v4/domains/{$domain->id}"); | ||||
$response->assertStatus(403); | $response->assertStatus(403); | ||||
// Unauthorized access (admin) | // Unauthorized access (admin) | ||||
$response = $this->actingAs($admin)->get("api/v4/domains/{$domain->id}"); | $response = $this->actingAs($admin)->get("api/v4/domains/{$domain->id}"); | ||||
$response->assertStatus(403); | $response->assertStatus(403); | ||||
// Unauthorized access (tenant != env-tenant) | // Unauthorized access (tenant != env-tenant) | ||||
$response = $this->actingAs($reseller2)->get("api/v4/domains/{$domain->id}"); | $response = $this->actingAs($reseller2)->get("api/v4/domains/{$domain->id}"); | ||||
$response->assertStatus(403); | $response->assertStatus(404); | ||||
$response = $this->actingAs($reseller1)->get("api/v4/domains/{$domain->id}"); | $response = $this->actingAs($reseller1)->get("api/v4/domains/{$domain->id}"); | ||||
$response->assertStatus(200); | $response->assertStatus(200); | ||||
$json = $response->json(); | $json = $response->json(); | ||||
$this->assertEquals($domain->id, $json['id']); | $this->assertEquals($domain->id, $json['id']); | ||||
$this->assertEquals($domain->namespace, $json['namespace']); | $this->assertEquals($domain->namespace, $json['namespace']); | ||||
$this->assertEquals($domain->status, $json['status']); | $this->assertEquals($domain->status, $json['status']); | ||||
$this->assertEquals($domain->type, $json['type']); | $this->assertEquals($domain->type, $json['type']); | ||||
// Note: Other properties are being tested in the user controller tests | // Note: Other properties are being tested in the user controller tests | ||||
// Unauthorized access (other domain's tenant) | |||||
\config(['app.tenant_id' => 2]); | |||||
$response = $this->actingAs($reseller2)->get("api/v4/domains/{$domain->id}"); | |||||
$response->assertStatus(404); | |||||
} | } | ||||
/** | /** | ||||
* Test fetching domain status (GET /api/v4/domains/<domain-id>/status) | * Test fetching domain status (GET /api/v4/domains/<domain-id>/status) | ||||
*/ | */ | ||||
public function testStatus(): void | public function testStatus(): void | ||||
{ | { | ||||
$reseller1 = $this->getTestUser('reseller@kolabnow.com'); | $reseller1 = $this->getTestUser('reseller@' . \config('app.domain')); | ||||
$domain = $this->getTestDomain('kolab.org'); | $domain = $this->getTestDomain('kolab.org'); | ||||
// This end-point does not exist for resellers | // This end-point does not exist for resellers | ||||
$response = $this->actingAs($reseller1)->get("/api/v4/domains/{$domain->id}/status"); | $response = $this->actingAs($reseller1)->get("/api/v4/domains/{$domain->id}/status"); | ||||
$response->assertStatus(404); | $response->assertStatus(404); | ||||
} | } | ||||
/** | /** | ||||
* Test domain suspending (POST /api/v4/domains/<domain-id>/suspend) | * Test domain suspending (POST /api/v4/domains/<domain-id>/suspend) | ||||
*/ | */ | ||||
public function testSuspend(): void | public function testSuspend(): void | ||||
{ | { | ||||
Queue::fake(); // disable jobs | Queue::fake(); // disable jobs | ||||
$admin = $this->getTestUser('jeroen@jeroen.jeroen'); | $admin = $this->getTestUser('jeroen@jeroen.jeroen'); | ||||
$reseller1 = $this->getTestUser('reseller@kolabnow.com'); | $reseller1 = $this->getTestUser('reseller@' . \config('app.domain')); | ||||
$reseller2 = $this->getTestUser('reseller@reseller.com'); | $reseller2 = $this->getTestUser('reseller@sample-tenant.dev-local'); | ||||
\config(['app.tenant_id' => 2]); | \config(['app.tenant_id' => 2]); | ||||
$domain = $this->getTestDomain('domainscontroller.com', [ | $domain = $this->getTestDomain('domainscontroller.com', [ | ||||
'status' => Domain::STATUS_NEW, | 'status' => Domain::STATUS_NEW, | ||||
'type' => Domain::TYPE_EXTERNAL, | 'type' => Domain::TYPE_EXTERNAL, | ||||
]); | ]); | ||||
$user = $this->getTestUser('test@domainscontroller.com'); | $user = $this->getTestUser('test@domainscontroller.com'); | ||||
// Test unauthorized access to the reseller API (user) | // Test unauthorized access to the reseller API (user) | ||||
$response = $this->actingAs($user)->post("/api/v4/domains/{$domain->id}/suspend", []); | $response = $this->actingAs($user)->post("/api/v4/domains/{$domain->id}/suspend", []); | ||||
$response->assertStatus(403); | $response->assertStatus(403); | ||||
$this->assertFalse($domain->fresh()->isSuspended()); | $this->assertFalse($domain->fresh()->isSuspended()); | ||||
// Test unauthorized access to the reseller API (admin) | // Test unauthorized access to the reseller API (admin) | ||||
$response = $this->actingAs($admin)->post("/api/v4/domains/{$domain->id}/suspend", []); | $response = $this->actingAs($admin)->post("/api/v4/domains/{$domain->id}/suspend", []); | ||||
$response->assertStatus(403); | $response->assertStatus(403); | ||||
$this->assertFalse($domain->fresh()->isSuspended()); | $this->assertFalse($domain->fresh()->isSuspended()); | ||||
// Test unauthorized access to the reseller API (reseller in another tenant) | // Test unauthorized access to the reseller API (reseller in another tenant) | ||||
$response = $this->actingAs($reseller1)->post("/api/v4/domains/{$domain->id}/suspend", []); | $response = $this->actingAs($reseller1)->post("/api/v4/domains/{$domain->id}/suspend", []); | ||||
$response->assertStatus(403); | $response->assertStatus(404); | ||||
$this->assertFalse($domain->fresh()->isSuspended()); | $this->assertFalse($domain->fresh()->isSuspended()); | ||||
// Test suspending the domain | // Test suspending the domain | ||||
$response = $this->actingAs($reseller2)->post("/api/v4/domains/{$domain->id}/suspend", []); | $response = $this->actingAs($reseller2)->post("/api/v4/domains/{$domain->id}/suspend", []); | ||||
$response->assertStatus(200); | $response->assertStatus(200); | ||||
$json = $response->json(); | $json = $response->json(); | ||||
$this->assertSame('success', $json['status']); | $this->assertSame('success', $json['status']); | ||||
$this->assertSame("Domain suspended successfully.", $json['message']); | $this->assertSame("Domain suspended successfully.", $json['message']); | ||||
$this->assertCount(2, $json); | $this->assertCount(2, $json); | ||||
$this->assertTrue($domain->fresh()->isSuspended()); | $this->assertTrue($domain->fresh()->isSuspended()); | ||||
// Test authenticated reseller, but domain belongs to another tenant | |||||
\config(['app.tenant_id' => 1]); | |||||
$response = $this->actingAs($reseller1)->post("/api/v4/domains/{$domain->id}/suspend", []); | |||||
$response->assertStatus(404); | |||||
} | } | ||||
/** | /** | ||||
* Test user un-suspending (POST /api/v4/users/<user-id>/unsuspend) | * Test user un-suspending (POST /api/v4/users/<user-id>/unsuspend) | ||||
*/ | */ | ||||
public function testUnsuspend(): void | public function testUnsuspend(): void | ||||
{ | { | ||||
Queue::fake(); // disable jobs | Queue::fake(); // disable jobs | ||||
$admin = $this->getTestUser('jeroen@jeroen.jeroen'); | $admin = $this->getTestUser('jeroen@jeroen.jeroen'); | ||||
$reseller1 = $this->getTestUser('reseller@kolabnow.com'); | $reseller1 = $this->getTestUser('reseller@' . \config('app.domain')); | ||||
$reseller2 = $this->getTestUser('reseller@reseller.com'); | $reseller2 = $this->getTestUser('reseller@sample-tenant.dev-local'); | ||||
\config(['app.tenant_id' => 2]); | \config(['app.tenant_id' => 2]); | ||||
$domain = $this->getTestDomain('domainscontroller.com', [ | $domain = $this->getTestDomain('domainscontroller.com', [ | ||||
'status' => Domain::STATUS_NEW | Domain::STATUS_SUSPENDED, | 'status' => Domain::STATUS_NEW | Domain::STATUS_SUSPENDED, | ||||
'type' => Domain::TYPE_EXTERNAL, | 'type' => Domain::TYPE_EXTERNAL, | ||||
]); | ]); | ||||
$user = $this->getTestUser('test@domainscontroller.com'); | $user = $this->getTestUser('test@domainscontroller.com'); | ||||
// Test unauthorized access to reseller API (user) | // Test unauthorized access to reseller API (user) | ||||
$response = $this->actingAs($user)->post("/api/v4/domains/{$domain->id}/unsuspend", []); | $response = $this->actingAs($user)->post("/api/v4/domains/{$domain->id}/unsuspend", []); | ||||
$response->assertStatus(403); | $response->assertStatus(403); | ||||
$this->assertTrue($domain->fresh()->isSuspended()); | $this->assertTrue($domain->fresh()->isSuspended()); | ||||
// Test unauthorized access to reseller API (admin) | // Test unauthorized access to reseller API (admin) | ||||
$response = $this->actingAs($admin)->post("/api/v4/domains/{$domain->id}/unsuspend", []); | $response = $this->actingAs($admin)->post("/api/v4/domains/{$domain->id}/unsuspend", []); | ||||
$response->assertStatus(403); | $response->assertStatus(403); | ||||
$this->assertTrue($domain->fresh()->isSuspended()); | $this->assertTrue($domain->fresh()->isSuspended()); | ||||
// Test unauthorized access to reseller API (another tenant) | // Test unauthorized access to reseller API (another tenant) | ||||
$response = $this->actingAs($reseller1)->post("/api/v4/domains/{$domain->id}/unsuspend", []); | $response = $this->actingAs($reseller1)->post("/api/v4/domains/{$domain->id}/unsuspend", []); | ||||
$response->assertStatus(403); | $response->assertStatus(404); | ||||
$this->assertTrue($domain->fresh()->isSuspended()); | $this->assertTrue($domain->fresh()->isSuspended()); | ||||
// Test suspending the user | // Test suspending the user | ||||
$response = $this->actingAs($reseller2)->post("/api/v4/domains/{$domain->id}/unsuspend", []); | $response = $this->actingAs($reseller2)->post("/api/v4/domains/{$domain->id}/unsuspend", []); | ||||
$response->assertStatus(200); | $response->assertStatus(200); | ||||
$json = $response->json(); | $json = $response->json(); | ||||
$this->assertSame('success', $json['status']); | $this->assertSame('success', $json['status']); | ||||
$this->assertSame("Domain unsuspended successfully.", $json['message']); | $this->assertSame("Domain unsuspended successfully.", $json['message']); | ||||
$this->assertCount(2, $json); | $this->assertCount(2, $json); | ||||
$this->assertFalse($domain->fresh()->isSuspended()); | $this->assertFalse($domain->fresh()->isSuspended()); | ||||
// Test unauthorized access to reseller API (another tenant) | |||||
\config(['app.tenant_id' => 1]); | |||||
$response = $this->actingAs($reseller1)->post("/api/v4/domains/{$domain->id}/unsuspend", []); | |||||
$response->assertStatus(404); | |||||
} | } | ||||
} | } |