X-Git-Url: http://source.bookstackapp.com/bookstack/blobdiff_plain/692fc46c7dfab76f4e9e28a9f1b4c419f60b5ded..refs/pull/4254/head:/tests/User/UserApiTokenTest.php diff --git a/tests/User/UserApiTokenTest.php b/tests/User/UserApiTokenTest.php index 012747296..93070b712 100644 --- a/tests/User/UserApiTokenTest.php +++ b/tests/User/UserApiTokenTest.php @@ -1,25 +1,27 @@ - 'My test API token', - 'expires_at' => '2099-04-01', + 'name' => 'My test API token', + 'expires_at' => '2050-04-01', ]; public function test_tokens_section_not_visible_without_access_api_permission() { - $user = $this->getEditor(); + $user = $this->users->viewer(); $resp = $this->actingAs($user)->get($user->getEditUrl()); $resp->assertDontSeeText('API Tokens'); - $this->giveUserPermissions($user, ['access-api']); + $this->permissions->grantUserRolePermissions($user, ['access-api']); $resp = $this->actingAs($user)->get($user->getEditUrl()); $resp->assertSeeText('API Tokens'); @@ -28,18 +30,18 @@ class UserApiTokenTest extends TestCase public function test_those_with_manage_users_can_view_other_user_tokens_but_not_create() { - $viewer = $this->getViewer(); - $editor = $this->getEditor(); - $this->giveUserPermissions($editor, ['users-manage']); + $viewer = $this->users->viewer(); + $editor = $this->users->editor(); + $this->permissions->grantUserRolePermissions($viewer, ['users-manage']); - $resp = $this->actingAs($editor)->get($viewer->getEditUrl()); + $resp = $this->actingAs($viewer)->get($editor->getEditUrl()); $resp->assertSeeText('API Tokens'); $resp->assertDontSeeText('Create Token'); } public function test_create_api_token() { - $editor = $this->getEditor(); + $editor = $this->users->editor(); $resp = $this->asAdmin()->get($editor->getEditUrl('/create-api-token')); $resp->assertStatus(200); @@ -50,8 +52,8 @@ class UserApiTokenTest extends TestCase $token = ApiToken::query()->latest()->first(); $resp->assertRedirect($editor->getEditUrl('/api-tokens/' . $token->id)); $this->assertDatabaseHas('api_tokens', [ - 'user_id' => $editor->id, - 'name' => $this->testTokenData['name'], + 'user_id' => $editor->id, + 'name' => $this->testTokenData['name'], 'expires_at' => $this->testTokenData['expires_at'], ]); @@ -67,38 +69,39 @@ class UserApiTokenTest extends TestCase $this->assertTrue(strlen($secret) === 32); $this->assertSessionHas('success'); + $this->assertActivityExists(ActivityType::API_TOKEN_CREATE); } public function test_create_with_no_expiry_sets_expiry_hundred_years_away() { - $editor = $this->getEditor(); - $this->asAdmin()->post($editor->getEditUrl('/create-api-token'), ['name' => 'No expiry token']); + $editor = $this->users->editor(); + $this->asAdmin()->post($editor->getEditUrl('/create-api-token'), ['name' => 'No expiry token', 'expires_at' => '']); $token = ApiToken::query()->latest()->first(); $over = Carbon::now()->addYears(101); $under = Carbon::now()->addYears(99); $this->assertTrue( ($token->expires_at < $over && $token->expires_at > $under), - "Token expiry set at 100 years in future" + 'Token expiry set at 100 years in future' ); } public function test_created_token_displays_on_profile_page() { - $editor = $this->getEditor(); + $editor = $this->users->editor(); $this->asAdmin()->post($editor->getEditUrl('/create-api-token'), $this->testTokenData); $token = ApiToken::query()->latest()->first(); $resp = $this->get($editor->getEditUrl()); - $resp->assertElementExists('#api_tokens'); - $resp->assertElementContains('#api_tokens', $token->name); - $resp->assertElementContains('#api_tokens', $token->token_id); - $resp->assertElementContains('#api_tokens', $token->expires_at->format('Y-m-d')); + $this->withHtml($resp)->assertElementExists('#api_tokens'); + $this->withHtml($resp)->assertElementContains('#api_tokens', $token->name); + $this->withHtml($resp)->assertElementContains('#api_tokens', $token->token_id); + $this->withHtml($resp)->assertElementContains('#api_tokens', $token->expires_at->format('Y-m-d')); } public function test_secret_shown_once_after_creation() { - $editor = $this->getEditor(); + $editor = $this->users->editor(); $resp = $this->asAdmin()->followingRedirects()->post($editor->getEditUrl('/create-api-token'), $this->testTokenData); $resp->assertSeeText('Token Secret'); @@ -111,11 +114,11 @@ class UserApiTokenTest extends TestCase public function test_token_update() { - $editor = $this->getEditor(); + $editor = $this->users->editor(); $this->asAdmin()->post($editor->getEditUrl('/create-api-token'), $this->testTokenData); $token = ApiToken::query()->latest()->first(); $updateData = [ - 'name' => 'My updated token', + 'name' => 'My updated token', 'expires_at' => '2011-01-01', ]; @@ -124,11 +127,32 @@ class UserApiTokenTest extends TestCase $this->assertDatabaseHas('api_tokens', array_merge($updateData, ['id' => $token->id])); $this->assertSessionHas('success'); + $this->assertActivityExists(ActivityType::API_TOKEN_UPDATE); + } + + public function test_token_update_with_blank_expiry_sets_to_hundred_years_away() + { + $editor = $this->users->editor(); + $this->asAdmin()->post($editor->getEditUrl('/create-api-token'), $this->testTokenData); + $token = ApiToken::query()->latest()->first(); + + $resp = $this->put($editor->getEditUrl('/api-tokens/' . $token->id), [ + 'name' => 'My updated token', + 'expires_at' => '', + ]); + $token->refresh(); + + $over = Carbon::now()->addYears(101); + $under = Carbon::now()->addYears(99); + $this->assertTrue( + ($token->expires_at < $over && $token->expires_at > $under), + 'Token expiry set at 100 years in future' + ); } public function test_token_delete() { - $editor = $this->getEditor(); + $editor = $this->users->editor(); $this->asAdmin()->post($editor->getEditUrl('/create-api-token'), $this->testTokenData); $token = ApiToken::query()->latest()->first(); @@ -137,18 +161,19 @@ class UserApiTokenTest extends TestCase $resp = $this->get($tokenUrl . '/delete'); $resp->assertSeeText('Delete Token'); $resp->assertSeeText($token->name); - $resp->assertElementExists('form[action="'.$tokenUrl.'"]'); + $this->withHtml($resp)->assertElementExists('form[action="' . $tokenUrl . '"]'); $resp = $this->delete($tokenUrl); $resp->assertRedirect($editor->getEditUrl('#api_tokens')); $this->assertDatabaseMissing('api_tokens', ['id' => $token->id]); + $this->assertActivityExists(ActivityType::API_TOKEN_DELETE); } public function test_user_manage_can_delete_token_without_api_permission_themselves() { - $viewer = $this->getViewer(); - $editor = $this->getEditor(); - $this->giveUserPermissions($editor, ['users-manage']); + $viewer = $this->users->viewer(); + $editor = $this->users->editor(); + $this->permissions->grantUserRolePermissions($editor, ['users-manage']); $this->asAdmin()->post($viewer->getEditUrl('/create-api-token'), $this->testTokenData); $token = ApiToken::query()->latest()->first(); @@ -161,5 +186,4 @@ class UserApiTokenTest extends TestCase $resp->assertRedirect($viewer->getEditUrl('#api_tokens')); $this->assertDatabaseMissing('api_tokens', ['id' => $token->id]); } - -} \ No newline at end of file +}