Code cleanup, bug squashing

[bookstack] / tests / User / UserApiTokenTest.php

diff --git a/tests/User/UserApiTokenTest.php b/tests/User/UserApiTokenTest.php
index 86c2b7bcc580ecd0e378f830dc21492c05c4ac63..df686dd77df953423a103d8caa57313539dd832e 100644 (file)
--- a/tests/User/UserApiTokenTest.php
+++ b/tests/User/UserApiTokenTest.php
@@ -1,5 +1,6 @@
-<?php namespace Test;
+<?php namespace Tests\User;
 
+use BookStack\Actions\ActivityType;
 use BookStack\Api\ApiToken;
 use Carbon\Carbon;
 use Tests\TestCase;
@@ -9,12 +10,12 @@ class UserApiTokenTest extends TestCase
 
     protected $testTokenData = [
         'name' => 'My test API token',
-        'expires_at' => '2099-04-01',
+        'expires_at' => '2050-04-01',
     ];
 
     public function test_tokens_section_not_visible_without_access_api_permission()
     {
-        $user = $this->getEditor();
+        $user = $this->getViewer();
 
         $resp = $this->actingAs($user)->get($user->getEditUrl());
         $resp->assertDontSeeText('API Tokens');
@@ -30,9 +31,9 @@ class UserApiTokenTest extends TestCase
     {
         $viewer = $this->getViewer();
         $editor = $this->getEditor();
-        $this->giveUserPermissions($editor, ['users-manage']);
+        $this->giveUserPermissions($viewer, ['users-manage']);
 
-        $resp = $this->actingAs($editor)->get($viewer->getEditUrl());
+        $resp = $this->actingAs($viewer)->get($editor->getEditUrl());
         $resp->assertSeeText('API Tokens');
         $resp->assertDontSeeText('Create Token');
     }
@@ -44,7 +45,7 @@ class UserApiTokenTest extends TestCase
         $resp = $this->asAdmin()->get($editor->getEditUrl('/create-api-token'));
         $resp->assertStatus(200);
         $resp->assertSee('Create API Token');
-        $resp->assertSee('client secret');
+        $resp->assertSee('Token Secret');
 
         $resp = $this->post($editor->getEditUrl('/create-api-token'), $this->testTokenData);
         $token = ApiToken::query()->latest()->first();
@@ -59,20 +60,21 @@ class UserApiTokenTest extends TestCase
         $this->assertSessionHas('api-token-secret:' . $token->id);
         $secret = session('api-token-secret:' . $token->id);
         $this->assertDatabaseMissing('api_tokens', [
-            'client_secret' => $secret,
+            'secret' => $secret,
         ]);
-        $this->assertTrue(\Hash::check($secret, $token->client_secret));
+        $this->assertTrue(\Hash::check($secret, $token->secret));
 
-        $this->assertTrue(strlen($token->client_id) === 32);
+        $this->assertTrue(strlen($token->token_id) === 32);
         $this->assertTrue(strlen($secret) === 32);
 
         $this->assertSessionHas('success');
+        $this->assertActivityExists(ActivityType::API_TOKEN_CREATE);
     }
 
     public function test_create_with_no_expiry_sets_expiry_hundred_years_away()
     {
         $editor = $this->getEditor();
-        $this->asAdmin()->post($editor->getEditUrl('/create-api-token'), ['name' => 'No expiry token']);
+        $this->asAdmin()->post($editor->getEditUrl('/create-api-token'), ['name' => 'No expiry token', 'expires_at' => '']);
         $token = ApiToken::query()->latest()->first();
 
         $over = Carbon::now()->addYears(101);
@@ -92,15 +94,15 @@ class UserApiTokenTest extends TestCase
         $resp = $this->get($editor->getEditUrl());
         $resp->assertElementExists('#api_tokens');
         $resp->assertElementContains('#api_tokens', $token->name);
-        $resp->assertElementContains('#api_tokens', $token->client_id);
+        $resp->assertElementContains('#api_tokens', $token->token_id);
         $resp->assertElementContains('#api_tokens', $token->expires_at->format('Y-m-d'));
     }
 
-    public function test_client_secret_shown_once_after_creation()
+    public function test_secret_shown_once_after_creation()
     {
         $editor = $this->getEditor();
         $resp = $this->asAdmin()->followingRedirects()->post($editor->getEditUrl('/create-api-token'), $this->testTokenData);
-        $resp->assertSeeText('Client Secret');
+        $resp->assertSeeText('Token Secret');
 
         $token = ApiToken::query()->latest()->first();
         $this->assertNull(session('api-token-secret:' . $token->id));
@@ -124,6 +126,27 @@ class UserApiTokenTest extends TestCase
 
         $this->assertDatabaseHas('api_tokens', array_merge($updateData, ['id' => $token->id]));
         $this->assertSessionHas('success');
+        $this->assertActivityExists(ActivityType::API_TOKEN_UPDATE);
+    }
+
+    public function test_token_update_with_blank_expiry_sets_to_hundred_years_away()
+    {
+        $editor = $this->getEditor();
+        $this->asAdmin()->post($editor->getEditUrl('/create-api-token'), $this->testTokenData);
+        $token = ApiToken::query()->latest()->first();
+
+        $resp = $this->put($editor->getEditUrl('/api-tokens/' . $token->id), [
+            'name' => 'My updated token',
+            'expires_at' => '',
+        ]);
+        $token->refresh();
+
+        $over = Carbon::now()->addYears(101);
+        $under = Carbon::now()->addYears(99);
+        $this->assertTrue(
+            ($token->expires_at < $over && $token->expires_at > $under),
+            "Token expiry set at 100 years in future"
+        );
     }
 
     public function test_token_delete()
@@ -142,6 +165,7 @@ class UserApiTokenTest extends TestCase
         $resp = $this->delete($tokenUrl);
         $resp->assertRedirect($editor->getEditUrl('#api_tokens'));
         $this->assertDatabaseMissing('api_tokens', ['id' => $token->id]);
+        $this->assertActivityExists(ActivityType::API_TOKEN_DELETE);
     }
 
     public function test_user_manage_can_delete_token_without_api_permission_themselves()