framework/tests/integration/api/users/UpdateTest.php

<?php

/*
 * This file is part of Flarum.
 *
 * For detailed copyright and license information, please view the
 * LICENSE file that was distributed with this source code.
 */

namespace Flarum\Tests\integration\api\users;

use Flarum\Tests\integration\RetrievesAuthorizedUsers;
use Flarum\Tests\integration\TestCase;

class UpdateTest extends TestCase
{
    use RetrievesAuthorizedUsers;

    /**
     * @inheritDoc
     */
    protected function setUp(): void
    {
        parent::setUp();

        $this->prepareDatabase([
            'users' => [
                $this->normalUser(),
            ]
        ]);
    }

    /**
     * @test
     */
    public function users_can_see_their_private_information()
    {
        $response = $this->send(
            $this->request('PATCH', '/api/users/2', [
                'authenticatedAs' => 2,
                'json' => [],
            ])
        );

        // Test for successful response and that the email is included in the response
        $this->assertEquals(200, $response->getStatusCode());
        $this->assertStringContainsString('normal@machine.local', (string) $response->getBody());
    }

    /**
     * @test
     */
    public function users_can_not_see_other_users_private_information()
    {
        $response = $this->send(
            $this->request('PATCH', '/api/users/1', [
                'authenticatedAs' => 2,
                'json' => [],
            ])
        );

        // Make sure sensitive information is not made public
        $this->assertEquals(200, $response->getStatusCode());
        $this->assertStringNotContainsString('admin@machine.local', (string) $response->getBody());
    }
}
Add regression test for email crawling vulnerability Refs #1628. 2018-11-09 18:22:43 +08:00			`<?php`

			`/*`
			`* This file is part of Flarum.`
			`*`
Apply fixes from StyleCI [ci skip] [skip ci] 2019-11-28 08:16:50 +08:00			`* For detailed copyright and license information, please view the`
			`* LICENSE file that was distributed with this source code.`
Add regression test for email crawling vulnerability Refs #1628. 2018-11-09 18:22:43 +08:00			`*/`

Convert more controller tests to request tests 2020-03-27 19:22:22 +08:00			`namespace Flarum\Tests\integration\api\users;`
Add regression test for email crawling vulnerability Refs #1628. 2018-11-09 18:22:43 +08:00
Convert more controller tests to request tests 2020-03-27 19:22:22 +08:00			`use Flarum\Tests\integration\RetrievesAuthorizedUsers;`
			`use Flarum\Tests\integration\TestCase;`
Add regression test for email crawling vulnerability Refs #1628. 2018-11-09 18:22:43 +08:00
Convert more controller tests to request tests 2020-03-27 19:22:22 +08:00			`class UpdateTest extends TestCase`
Add regression test for email crawling vulnerability Refs #1628. 2018-11-09 18:22:43 +08:00			`{`
Convert more controller tests to request tests 2020-03-27 19:22:22 +08:00			`use RetrievesAuthorizedUsers;`
Add regression test for email crawling vulnerability Refs #1628. 2018-11-09 18:22:43 +08:00
Add @inheritDoc to all setUp and tearDown methods 2021-01-07 11:16:26 +08:00			`/**`
			`* @inheritDoc`
			`*/`
Make tests compatible with PHPUnit 8 2020-03-28 08:26:26 +08:00			`protected function setUp(): void`
Make integration tests independent This creates a dedicated test suite for integration tests. All of them can be run independently, and there is no order dependency - previously, all integration tests needed the installer test to run first, and they would fail if installation failed. Now, the developer will have to set up a Flarum database to be used by these tests. A setup script to make this simple will be added in the next commit. Small tradeoff: the installer is NOT tested in our test suite anymore, only implicitly through the setup script. If we decide that this is a problem, we can still set up separate, dedicated installer tests which should probably test the web installer. 2019-01-31 04:15:27 +08:00			`{`
			`parent::setUp();`

			`$this->prepareDatabase([`
			`'users' => [`
			`$this->normalUser(),`
			`]`
			`]);`
			`}`
Add regression test for email crawling vulnerability Refs #1628. 2018-11-09 18:22:43 +08:00
			`/**`
			`* @test`
			`*/`
			`public function users_can_see_their_private_information()`
			`{`
Convert more controller tests to request tests 2020-03-27 19:22:22 +08:00			`$response = $this->send(`
			`$this->request('PATCH', '/api/users/2', [`
			`'authenticatedAs' => 2,`
			`'json' => [],`
			`])`
			`);`
Add regression test for email crawling vulnerability Refs #1628. 2018-11-09 18:22:43 +08:00
			`// Test for successful response and that the email is included in the response`
			`$this->assertEquals(200, $response->getStatusCode());`
PHP 8 support, cookie unit tests (#2507) 2021-01-27 06:53:28 +08:00			`$this->assertStringContainsString('normal@machine.local', (string) $response->getBody());`
Add regression test for email crawling vulnerability Refs #1628. 2018-11-09 18:22:43 +08:00			`}`

			`/**`
			`* @test`
			`*/`
			`public function users_can_not_see_other_users_private_information()`
			`{`
Convert more controller tests to request tests 2020-03-27 19:22:22 +08:00			`$response = $this->send(`
			`$this->request('PATCH', '/api/users/1', [`
			`'authenticatedAs' => 2,`
			`'json' => [],`
			`])`
			`);`
Add regression test for email crawling vulnerability Refs #1628. 2018-11-09 18:22:43 +08:00
			`// Make sure sensitive information is not made public`
			`$this->assertEquals(200, $response->getStatusCode());`
PHP 8 support, cookie unit tests (#2507) 2021-01-27 06:53:28 +08:00			`$this->assertStringNotContainsString('admin@machine.local', (string) $response->getBody());`
Add regression test for email crawling vulnerability Refs #1628. 2018-11-09 18:22:43 +08:00			`}`
			`}`