BookStack Code Mirror - bookstack/blob - tests/Api/UsersApiTest.php

   1 <?php
   2
   3 namespace Tests\Api;
   4
   5 use BookStack\Auth\Role;
   6 use BookStack\Auth\User;
   7 use Illuminate\Support\Facades\Auth;
   8 use Illuminate\Support\Facades\Hash;
   9 use Tests\TestCase;
  10
  11 class UsersApiTest extends TestCase
  12 {
  13     use TestsApi;
  14
  15     protected $baseEndpoint = '/api/users';
  16
  17     public function test_users_manage_permission_needed_for_all_endpoints()
  18     {
  19         // TODO
  20     }
  21
  22     public function test_no_endpoints_accessible_in_demo_mode()
  23     {
  24         // TODO
  25         // $this->preventAccessInDemoMode();
  26         // Can't use directly in constructor as blocks access to docs
  27         // Maybe via route middleware
  28     }
  29
  30     public function test_index_endpoint_returns_expected_shelf()
  31     {
  32         $this->actingAsApiAdmin();
  33         /** @var User $firstUser */
  34         $firstUser = User::query()->orderBy('id', 'asc')->first();
  35
  36         $resp = $this->getJson($this->baseEndpoint . '?count=1&sort=+id');
  37         $resp->assertJson(['data' => [
  38             [
  39                 'id'   => $firstUser->id,
  40                 'name' => $firstUser->name,
  41                 'slug' => $firstUser->slug,
  42                 'email' => $firstUser->email,
  43                 'profile_url' => $firstUser->getProfileUrl(),
  44                 'edit_url' => $firstUser->getEditUrl(),
  45                 'avatar_url' => $firstUser->getAvatar(),
  46             ],
  47         ]]);
  48     }
  49
  50     public function test_read_endpoint()
  51     {
  52         $this->actingAsApiAdmin();
  53         /** @var User $user */
  54         $user = User::query()->first();
  55         /** @var Role $userRole */
  56         $userRole = $user->roles()->first();
  57
  58         $resp = $this->getJson($this->baseEndpoint . "/{$user->id}");
  59
  60         $resp->assertStatus(200);
  61         $resp->assertJson([
  62             'id'         => $user->id,
  63             'slug'       => $user->slug,
  64             'email'      => $user->email,
  65             'external_auth_id' => $user->external_auth_id,
  66             'roles' => [
  67                 [
  68                     'id' => $userRole->id,
  69                     'display_name' => $userRole->display_name,
  70                 ]
  71             ],
  72         ]);
  73     }
  74
  75     public function test_update_endpoint()
  76     {
  77         $this->actingAsApiAdmin();
  78         /** @var User $user */
  79         $user = $this->getAdmin();
  80         $roles = Role::query()->pluck('id');
  81         $resp = $this->putJson($this->baseEndpoint . "/{$user->id}", [
  82             'name' => 'My updated user',
  83             'email' => '[email protected]',
  84             'roles' => $roles,
  85             'external_auth_id' => 'btest',
  86             'password' => 'barrytester',
  87             'language' => 'fr',
  88         ]);
  89
  90         $resp->assertStatus(200);
  91         $resp->assertJson([
  92             'id' => $user->id,
  93             'name' => 'My updated user',
  94             'email' => '[email protected]',
  95             'external_auth_id' => 'btest',
  96         ]);
  97         $user->refresh();
  98         $this->assertEquals('fr', setting()->getUser($user, 'language'));
  99         $this->assertEquals(count($roles), $user->roles()->count());
 100         $this->assertNotEquals('barrytester', $user->password);
 101         $this->assertTrue(Hash::check('barrytester', $user->password));
 102     }
 103
 104     public function test_update_endpoint_does_not_remove_info_if_not_provided()
 105     {
 106         $this->actingAsApiAdmin();
 107         /** @var User $user */
 108         $user = $this->getAdmin();
 109         $roleCount = $user->roles()->count();
 110         $resp = $this->putJson($this->baseEndpoint . "/{$user->id}", []);
 111
 112         $resp->assertStatus(200);
 113         $this->assertDatabaseHas('users', [
 114             'id' => $user->id,
 115             'name' => $user->name,
 116             'email' => $user->email,
 117             'password' => $user->password,
 118         ]);
 119         $this->assertEquals($roleCount, $user->roles()->count());
 120     }
 121
 122     public function test_delete_endpoint()
 123     {
 124         $this->actingAsApiAdmin();
 125         /** @var User $user */
 126         $user = User::query()->where('id', '!=', $this->getAdmin()->id)
 127             ->whereNull('system_name')
 128             ->first();
 129
 130         $resp = $this->deleteJson($this->baseEndpoint . "/{$user->id}");
 131
 132         $resp->assertStatus(204);
 133         $this->assertActivityExists('user_delete', null, $user->logDescriptor());
 134     }
 135
 136     public function test_delete_endpoint_fails_deleting_only_admin()
 137     {
 138         $this->actingAsApiAdmin();
 139         $adminRole = Role::getSystemRole('admin');
 140         $adminToDelete = $adminRole->users()->first();
 141         $adminRole->users()->where('id', '!=', $adminToDelete->id)->delete();
 142
 143         $resp = $this->deleteJson($this->baseEndpoint . "/{$adminToDelete->id}");
 144
 145         $resp->assertStatus(500);
 146         $resp->assertJson($this->errorResponse('You cannot delete the only admin', 500));
 147     }
 148
 149     public function test_delete_endpoint_fails_deleting_public_user()
 150     {
 151         $this->actingAsApiAdmin();
 152         /** @var User $publicUser */
 153         $publicUser = User::query()->where('system_name', '=', 'public')->first();
 154
 155         $resp = $this->deleteJson($this->baseEndpoint . "/{$publicUser->id}");
 156
 157         $resp->assertStatus(500);
 158         $resp->assertJson($this->errorResponse('You cannot delete the guest user', 500));
 159     }
 160 }