github-mirror/framework
2
0
Fork 0
mirror of https://github.com/flarum/framework.git synced 2025-02-19 16:02:45 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity
a0152ffb18
framework/tests/integration/api/users/CreateTest.php

387 lines
12 KiB
PHP
Raw Normal View History

Convert controller test to request test This further decouples these tests from the implementation (i.e. which controller are we calling?).
2019-09-04 07:27:24 +08:00
<?php
/*
* This file is part of Flarum.
*
Apply fixes from StyleCI [ci skip] [skip ci]
2019-11-28 08:16:50 +08:00
* For detailed copyright and license information, please view the
* LICENSE file that was distributed with this source code.
Convert controller test to request test This further decouples these tests from the implementation (i.e. which controller are we calling?).
2019-09-04 07:27:24 +08:00
*/
namespace Flarum\Tests\integration\api\users;
use Flarum\Settings\SettingsRepositoryInterface;
Use flarum/testing for test infrastructure (#2545)
2021-03-08 05:32:41 +08:00
use Flarum\Testing\integration\RetrievesAuthorizedUsers;
use Flarum\Testing\integration\TestCase;
Dw/huntr fix path traversal (#2931) * Fix Huntr vuln with possible directory traversal * Use `active_url` in Laravel validator
2021-06-21 16:14:15 +08:00
use Flarum\User\RegistrationToken;
Convert controller test to request test This further decouples these tests from the implementation (i.e. which controller are we calling?).
2019-09-04 07:27:24 +08:00
use Flarum\User\User;
Rename API tests for more consistency I could not come up with a noun for the new "UpdateTest" for users, so this is easier in terms of consistency.
2020-03-27 20:22:16 +08:00
class CreateTest extends TestCase
Convert controller test to request test This further decouples these tests from the implementation (i.e. which controller are we calling?).
2019-09-04 07:27:24 +08:00
{
use RetrievesAuthorizedUsers;
Add @inheritDoc to all setUp and tearDown methods
2021-01-07 11:16:26 +08:00
/**
* @inheritDoc
*/
Make tests compatible with PHPUnit 8
2020-03-28 08:26:26 +08:00
protected function setUp(): void
Convert controller test to request test This further decouples these tests from the implementation (i.e. which controller are we calling?).
2019-09-04 07:27:24 +08:00
{
parent::setUp();
Use latest version of settings package This allows us to get rid of hacks for configuring settings and config
2021-05-03 13:35:46 +08:00
$this->setting('mail_driver', 'log');
Convert controller test to request test This further decouples these tests from the implementation (i.e. which controller are we calling?).
2019-09-04 07:27:24 +08:00
}
/**
* @test
*/
public function cannot_create_user_without_data()
{
$response = $this->send(
$this->request(
Apply fixes from StyleCI [ci skip] [skip ci]
2020-03-06 21:55:39 +08:00
'POST',
'/api/users',
Convert controller test to request test This further decouples these tests from the implementation (i.e. which controller are we calling?).
2019-09-04 07:27:24 +08:00
[
'json' => ['data' => ['attributes' => []]],
]
)->withAttribute('bypassCsrfToken', true)
);
$this->assertEquals(422, $response->getStatusCode());
Restore error details in JSON-API error formatter Fixes #1865. Refs #1843.
2019-09-04 07:44:22 +08:00
// The response body should contain details about the failed validation
$body = (string) $response->getBody();
$this->assertJson($body);
$this->assertEquals([
'errors' => [
[
'status' => '422',
'code' => 'validation_error',
Move locale files from language pack to core (#2408)
2021-02-18 05:23:13 +08:00
'detail' => 'The username field is required.',
Restore error details in JSON-API error formatter Fixes #1865. Refs #1843.
2019-09-04 07:44:22 +08:00
'source' => ['pointer' => '/data/attributes/username'],
],
[
'status' => '422',
'code' => 'validation_error',
Move locale files from language pack to core (#2408)
2021-02-18 05:23:13 +08:00
'detail' => 'The email field is required.',
Restore error details in JSON-API error formatter Fixes #1865. Refs #1843.
2019-09-04 07:44:22 +08:00
'source' => ['pointer' => '/data/attributes/email'],
],
[
'status' => '422',
'code' => 'validation_error',
Move locale files from language pack to core (#2408)
2021-02-18 05:23:13 +08:00
'detail' => 'The password field is required.',
Restore error details in JSON-API error formatter Fixes #1865. Refs #1843.
2019-09-04 07:44:22 +08:00
'source' => ['pointer' => '/data/attributes/password'],
],
],
], json_decode($body, true));
Convert controller test to request test This further decouples these tests from the implementation (i.e. which controller are we calling?).
2019-09-04 07:27:24 +08:00
}
/**
* @test
*/
public function can_create_user()
{
$response = $this->send(
$this->request(
Apply fixes from StyleCI [ci skip] [skip ci]
2020-03-06 21:55:39 +08:00
'POST',
'/api/users',
Convert controller test to request test This further decouples these tests from the implementation (i.e. which controller are we calling?).
2019-09-04 07:27:24 +08:00
[
'json' => [
'data' => [
'attributes' => [
'username' => 'test',
'password' => 'too-obscure',
'email' => 'test@machine.local',
],
]
],
]
)->withAttribute('bypassCsrfToken', true)
);
$this->assertEquals(201, $response->getStatusCode());
/** @var User $user */
$user = User::where('username', 'test')->firstOrFail();
Rename dead is_activated references with the new is_email_confirmed (#1974)
2020-02-14 22:34:32 +08:00
$this->assertEquals(0, $user->is_email_confirmed);
Convert controller test to request test This further decouples these tests from the implementation (i.e. which controller are we calling?).
2019-09-04 07:27:24 +08:00
$this->assertEquals('test', $user->username);
$this->assertEquals('test@machine.local', $user->email);
}
/**
* @test
*/
public function admins_can_create_activated_users()
{
$response = $this->send(
$this->request(
Apply fixes from StyleCI [ci skip] [skip ci]
2020-03-06 21:55:39 +08:00
'POST',
'/api/users',
Convert controller test to request test This further decouples these tests from the implementation (i.e. which controller are we calling?).
2019-09-04 07:27:24 +08:00
[
Tests: Use new authenticatedAs option where useful There are two more API integration tests that explicitly add the "Authorization" header right now: - `Flarum\Tests\integration\api\authentication\WithApiKeyTest` - `Flarum\Tests\integration\api\csrf_protection\RequireCsrfTokenTest` These two specifically test authentication, so in those cases the explicitness seems desirable.
2020-03-21 01:28:28 +08:00
'authenticatedAs' => 1,
Convert controller test to request test This further decouples these tests from the implementation (i.e. which controller are we calling?).
2019-09-04 07:27:24 +08:00
'json' => [
'data' => [
'attributes' => [
'username' => 'test',
'password' => 'too-obscure',
'email' => 'test@machine.local',
'isEmailConfirmed' => 1,
],
]
],
]
Tests: Use new authenticatedAs option where useful There are two more API integration tests that explicitly add the "Authorization" header right now: - `Flarum\Tests\integration\api\authentication\WithApiKeyTest` - `Flarum\Tests\integration\api\csrf_protection\RequireCsrfTokenTest` These two specifically test authentication, so in those cases the explicitness seems desirable.
2020-03-21 01:28:28 +08:00
)
Convert controller test to request test This further decouples these tests from the implementation (i.e. which controller are we calling?).
2019-09-04 07:27:24 +08:00
);
$this->assertEquals(201, $response->getStatusCode());
/** @var User $user */
$user = User::where('username', 'test')->firstOrFail();
$this->assertEquals(1, $user->is_email_confirmed);
}
/**
* @test
*/
public function disabling_sign_up_prevents_user_creation()
{
/** @var SettingsRepositoryInterface $settings */
Stop using app() helper in tests
2020-05-23 07:55:58 +08:00
$settings = $this->app()->getContainer()->make(SettingsRepositoryInterface::class);
Convert controller test to request test This further decouples these tests from the implementation (i.e. which controller are we calling?).
2019-09-04 07:27:24 +08:00
$settings->set('allow_sign_up', false);
$response = $this->send(
$this->request(
Apply fixes from StyleCI [ci skip] [skip ci]
2020-03-06 21:55:39 +08:00
'POST',
'/api/users',
Convert controller test to request test This further decouples these tests from the implementation (i.e. which controller are we calling?).
2019-09-04 07:27:24 +08:00
[
'json' => [
'data' => [
'attributes' => [
'username' => 'test',
'password' => 'too-obscure',
'email' => 'test@machine.local',
],
]
],
]
)->withAttribute('bypassCsrfToken', true)
);
$this->assertEquals(403, $response->getStatusCode());
$settings->set('allow_sign_up', true);
}
Dw/huntr fix path traversal (#2931) * Fix Huntr vuln with possible directory traversal * Use `active_url` in Laravel validator
2021-06-21 16:14:15 +08:00
/**
* @test
*/
public function cannot_create_user_with_invalid_avatar_uri_scheme()
{
// Boot app
$this->app();
$regTokens = [];
// Add registration tokens that should cause a failure
$regTokens[] = [
'token' => RegistrationToken::generate('flarum', '1', [
'username' => 'test',
'email' => 'test@machine.local',
'is_email_confirmed' => 1,
'avatar_url' => 'file://localhost/etc/passwd'
], []),
'scheme' => 'file'
];
$regTokens[] = [
'token' => RegistrationToken::generate('flarum', '1', [
'username' => 'test',
'email' => 'test@machine.local',
'is_email_confirmed' => 1,
'avatar_url' => 'ftp://localhost/image.png'
], []),
'scheme' => 'ftp'
];
// Test each reg token
foreach ($regTokens as $regToken) {
$regToken['token']->saveOrFail();
// Call the registration endpoint
$response = $this->send(
$this->request(
'POST',
'/api/users',
[
'json' => [
'data' => [
'attributes' => [
'token' => $regToken['token']->token,
],
]
],
]
)->withAttribute('bypassCsrfToken', true)
);
// The response body should contain details about the invalid URI
$body = (string) $response->getBody();
$this->assertJson($body);
$decodedBody = json_decode($body, true);
$this->assertEquals(500, $response->getStatusCode());
$firstError = $decodedBody['errors'][0];
// Check that the error is an invalid URI
$this->assertStringStartsWith('InvalidArgumentException: Provided avatar URL must have scheme http or https. Scheme provided was '.$regToken['scheme'].'.', $firstError['detail']);
}
}
/**
* @test
*/
public function cannot_create_user_with_invalid_avatar_uri()
{
// Boot app
$this->app();
$regTokens = [];
// Add registration tokens that should cause a failure
$regTokens[] = RegistrationToken::generate('flarum', '1', [
'username' => 'test',
'email' => 'test@machine.local',
'is_email_confirmed' => 1,
'avatar_url' => 'https://127.0.0.1/image.png'
], []);
$regTokens[] = RegistrationToken::generate('flarum', '1', [
'username' => 'test',
'email' => 'test@machine.local',
'is_email_confirmed' => 1,
'avatar_url' => 'https://192.168.0.1/image.png'
], []);
$regTokens[] = RegistrationToken::generate('flarum', '1', [
'username' => 'test',
'email' => 'test@machine.local',
'is_email_confirmed' => 1,
'avatar_url' => '../image.png'
], []);
$regTokens[] = RegistrationToken::generate('flarum', '1', [
'username' => 'test',
'email' => 'test@machine.local',
'is_email_confirmed' => 1,
'avatar_url' => 'image.png'
], []);
// Test each reg token
foreach ($regTokens as $regToken) {
$regToken->saveOrFail();
// Call the registration endpoint
$response = $this->send(
$this->request(
'POST',
'/api/users',
[
'json' => [
'data' => [
'attributes' => [
'token' => $regToken->token,
],
]
],
]
)->withAttribute('bypassCsrfToken', true)
);
// The response body should contain details about the invalid URI
$body = (string) $response->getBody();
$this->assertJson($body);
$decodedBody = json_decode($body, true);
$this->assertEquals(500, $response->getStatusCode());
$firstError = $decodedBody['errors'][0];
// Check that the error is an invalid URI
$this->assertStringStartsWith('InvalidArgumentException: Provided avatar URL must be a valid URI.', $firstError['detail']);
}
}
/**
* @test
*/
public function can_create_user_with_valid_avatar_uri()
{
// Boot app
$this->app();
$regTokens = [];
// Add registration tokens that should work fine
$regTokens[] = RegistrationToken::generate('flarum', '1', [
'username' => 'test1',
'email' => 'test1@machine.local',
'is_email_confirmed' => 1,
'avatar_url' => 'https://via.placeholder.com/150.png'
], []);
$regTokens[] = RegistrationToken::generate('flarum', '2', [
'username' => 'test2',
'email' => 'test2@machine.local',
'is_email_confirmed' => 1,
'avatar_url' => 'https://via.placeholder.com/150.jpg'
], []);
$regTokens[] = RegistrationToken::generate('flarum', '3', [
'username' => 'test3',
'email' => 'test3@machine.local',
'is_email_confirmed' => 1,
'avatar_url' => 'https://via.placeholder.com/150.gif'
], []);
$regTokens[] = RegistrationToken::generate('flarum', '4', [
'username' => 'test4',
'email' => 'test4@machine.local',
'is_email_confirmed' => 1,
'avatar_url' => 'http://via.placeholder.com/150.png'
], []);
/**
* Test each reg token.
*
* @var RegistrationToken $regToken
*/
foreach ($regTokens as $regToken) {
$regToken->saveOrFail();
// Call the registration endpoint
$response = $this->send(
$this->request(
'POST',
'/api/users',
[
'json' => [
'data' => [
'attributes' => [
'token' => $regToken->token,
],
]
],
]
)->withAttribute('bypassCsrfToken', true)
);
$this->assertEquals(201, $response->getStatusCode());
$user = User::where('username', $regToken->user_attributes['username'])->firstOrFail();
$this->assertEquals($regToken->user_attributes['is_email_confirmed'], $user->is_email_confirmed);
$this->assertEquals($regToken->user_attributes['username'], $user->username);
$this->assertEquals($regToken->user_attributes['email'], $user->email);
}
}
Convert controller test to request test This further decouples these tests from the implementation (i.e. which controller are we calling?).
2019-09-04 07:27:24 +08:00
}
Reference in New Issue Copy Permalink