BookStack Code Mirror - bookstack/blobdiff - tests/User/UserApiTokenTest.php

index f738eb579e4f9a836bc7f818e7de39e59a78ace9..75de49aed9a25342bacb956b1f851cb4070a614b 100644 (file)

--- a/tests/User/UserApiTokenTest.php

+++ b/tests/User/UserApiTokenTest.php

@@ -1,25 +1,27 @@

-<?php namespace Test\User;

+<?php

+namespace Tests\User;

+use BookStack\Activity\ActivityType;

use BookStack\Api\ApiToken;

use Carbon\Carbon;

use Tests\TestCase;

class UserApiTokenTest extends TestCase

{

protected $testTokenData = [

- 'name' => 'My test API token',

+ 'name' => 'My test API token',

'expires_at' => '2050-04-01',

];

public function test_tokens_section_not_visible_without_access_api_permission()

{

- $user = $this->getViewer();

+ $user = $this->users->viewer();

$resp = $this->actingAs($user)->get($user->getEditUrl());

$resp->assertDontSeeText('API Tokens');

- $this->giveUserPermissions($user, ['access-api']);

+ $this->permissions->grantUserRolePermissions($user, ['access-api']);

$resp = $this->actingAs($user)->get($user->getEditUrl());

$resp->assertSeeText('API Tokens');

@@ -28,9 +30,9 @@ class UserApiTokenTest extends TestCase

public function test_those_with_manage_users_can_view_other_user_tokens_but_not_create()

{

- $viewer = $this->getViewer();

- $editor = $this->getEditor();

- $this->giveUserPermissions($viewer, ['users-manage']);

+ $viewer = $this->users->viewer();

+ $editor = $this->users->editor();

+ $this->permissions->grantUserRolePermissions($viewer, ['users-manage']);

$resp = $this->actingAs($viewer)->get($editor->getEditUrl());

$resp->assertSeeText('API Tokens');

@@ -39,7 +41,7 @@ class UserApiTokenTest extends TestCase

public function test_create_api_token()

{

- $editor = $this->getEditor();

+ $editor = $this->users->editor();

$resp = $this->asAdmin()->get($editor->getEditUrl('/create-api-token'));

$resp->assertStatus(200);

@@ -50,8 +52,8 @@ class UserApiTokenTest extends TestCase

$token = ApiToken::query()->latest()->first();

$resp->assertRedirect($editor->getEditUrl('/api-tokens/' . $token->id));

$this->assertDatabaseHas('api_tokens', [

- 'user_id' => $editor->id,

- 'name' => $this->testTokenData['name'],

+ 'user_id' => $editor->id,

+ 'name' => $this->testTokenData['name'],

'expires_at' => $this->testTokenData['expires_at'],

]);

@@ -67,11 +69,12 @@ class UserApiTokenTest extends TestCase

$this->assertTrue(strlen($secret) === 32);

$this->assertSessionHas('success');

+ $this->assertActivityExists(ActivityType::API_TOKEN_CREATE);

}

public function test_create_with_no_expiry_sets_expiry_hundred_years_away()

{

- $editor = $this->getEditor();

+ $editor = $this->users->editor();

$this->asAdmin()->post($editor->getEditUrl('/create-api-token'), ['name' => 'No expiry token', 'expires_at' => '']);

$token = ApiToken::query()->latest()->first();

@@ -79,26 +82,26 @@ class UserApiTokenTest extends TestCase

$under = Carbon::now()->addYears(99);

$this->assertTrue(

($token->expires_at < $over && $token->expires_at > $under),

- "Token expiry set at 100 years in future"

+ 'Token expiry set at 100 years in future'

);

}

public function test_created_token_displays_on_profile_page()

{

- $editor = $this->getEditor();

+ $editor = $this->users->editor();

$this->asAdmin()->post($editor->getEditUrl('/create-api-token'), $this->testTokenData);

$token = ApiToken::query()->latest()->first();

$resp = $this->get($editor->getEditUrl());

- $resp->assertElementExists('#api_tokens');

- $resp->assertElementContains('#api_tokens', $token->name);

- $resp->assertElementContains('#api_tokens', $token->token_id);

- $resp->assertElementContains('#api_tokens', $token->expires_at->format('Y-m-d'));

+ $this->withHtml($resp)->assertElementExists('#api_tokens');

+ $this->withHtml($resp)->assertElementContains('#api_tokens', $token->name);

+ $this->withHtml($resp)->assertElementContains('#api_tokens', $token->token_id);

+ $this->withHtml($resp)->assertElementContains('#api_tokens', $token->expires_at->format('Y-m-d'));

}

public function test_secret_shown_once_after_creation()

{

- $editor = $this->getEditor();

+ $editor = $this->users->editor();

$resp = $this->asAdmin()->followingRedirects()->post($editor->getEditUrl('/create-api-token'), $this->testTokenData);

$resp->assertSeeText('Token Secret');

@@ -111,11 +114,11 @@ class UserApiTokenTest extends TestCase

public function test_token_update()

{

- $editor = $this->getEditor();

+ $editor = $this->users->editor();

$this->asAdmin()->post($editor->getEditUrl('/create-api-token'), $this->testTokenData);

$token = ApiToken::query()->latest()->first();

$updateData = [

- 'name' => 'My updated token',

+ 'name' => 'My updated token',

'expires_at' => '2011-01-01',

];

@@ -124,16 +127,17 @@ class UserApiTokenTest extends TestCase

$this->assertDatabaseHas('api_tokens', array_merge($updateData, ['id' => $token->id]));

$this->assertSessionHas('success');

+ $this->assertActivityExists(ActivityType::API_TOKEN_UPDATE);

}

public function test_token_update_with_blank_expiry_sets_to_hundred_years_away()

{

- $editor = $this->getEditor();

+ $editor = $this->users->editor();

$this->asAdmin()->post($editor->getEditUrl('/create-api-token'), $this->testTokenData);

$token = ApiToken::query()->latest()->first();

$resp = $this->put($editor->getEditUrl('/api-tokens/' . $token->id), [

- 'name' => 'My updated token',

+ 'name' => 'My updated token',

'expires_at' => '',

]);

$token->refresh();

@@ -142,13 +146,13 @@ class UserApiTokenTest extends TestCase

$under = Carbon::now()->addYears(99);

$this->assertTrue(

($token->expires_at < $over && $token->expires_at > $under),

- "Token expiry set at 100 years in future"

+ 'Token expiry set at 100 years in future'

);

}

public function test_token_delete()

{

- $editor = $this->getEditor();

+ $editor = $this->users->editor();

$this->asAdmin()->post($editor->getEditUrl('/create-api-token'), $this->testTokenData);

$token = ApiToken::query()->latest()->first();

@@ -157,18 +161,19 @@ class UserApiTokenTest extends TestCase

$resp = $this->get($tokenUrl . '/delete');

$resp->assertSeeText('Delete Token');

$resp->assertSeeText($token->name);

- $resp->assertElementExists('form[action="'.$tokenUrl.'"]');

+ $this->withHtml($resp)->assertElementExists('form[action="' . $tokenUrl . '"]');

$resp = $this->delete($tokenUrl);

$resp->assertRedirect($editor->getEditUrl('#api_tokens'));

$this->assertDatabaseMissing('api_tokens', ['id' => $token->id]);

+ $this->assertActivityExists(ActivityType::API_TOKEN_DELETE);

}

public function test_user_manage_can_delete_token_without_api_permission_themselves()

{

- $viewer = $this->getViewer();

- $editor = $this->getEditor();

- $this->giveUserPermissions($editor, ['users-manage']);

+ $viewer = $this->users->viewer();

+ $editor = $this->users->editor();

+ $this->permissions->grantUserRolePermissions($editor, ['users-manage']);

$this->asAdmin()->post($viewer->getEditUrl('/create-api-token'), $this->testTokenData);

$token = ApiToken::query()->latest()->first();

@@ -181,5 +186,4 @@ class UserApiTokenTest extends TestCase

$resp->assertRedirect($viewer->getEditUrl('#api_tokens'));

$this->assertDatabaseMissing('api_tokens', ['id' => $token->id]);

}

\ No newline at end of file