From eefe377159c8d3bd1ada5dff1fb4102dd8ed6115 Mon Sep 17 00:00:00 2001 From: Marcus Moore Date: Tue, 16 Apr 2024 10:51:33 -0700 Subject: [PATCH 1/8] Correct order of arguments --- tests/Feature/Api/Assets/AssetStoreTest.php | 4 ++-- tests/Feature/Api/Assets/AssetUpdateTest.php | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/tests/Feature/Api/Assets/AssetStoreTest.php b/tests/Feature/Api/Assets/AssetStoreTest.php index 02478640cb..d1f27cff52 100644 --- a/tests/Feature/Api/Assets/AssetStoreTest.php +++ b/tests/Feature/Api/Assets/AssetStoreTest.php @@ -498,7 +498,7 @@ class AssetStoreTest extends TestCase ->assertOk() ->json(); $asset->refresh(); - $this->assertEquals(\Crypt::decrypt($asset->{$field->db_column_name()}), 'This is encrypted field'); + $this->assertEquals('This is encrypted field', \Crypt::decrypt($asset->{$field->db_column_name()})); //next, test that a 'normal' user *cannot* change the encrypted custom field $response = $this->actingAsForApi($normal_user) @@ -510,7 +510,7 @@ class AssetStoreTest extends TestCase ->assertMessagesAre('Asset updated successfully, but encrypted custom fields were not due to permissions') ->json(); $asset->refresh(); - $this->assertEquals(\Crypt::decrypt($asset->{$field->db_column_name()}), 'This is encrypted field'); + $this->assertEquals('This is encrypted field', \Crypt::decrypt($asset->{$field->db_column_name()})); } } diff --git a/tests/Feature/Api/Assets/AssetUpdateTest.php b/tests/Feature/Api/Assets/AssetUpdateTest.php index 758417fb41..22c0d597f2 100644 --- a/tests/Feature/Api/Assets/AssetUpdateTest.php +++ b/tests/Feature/Api/Assets/AssetUpdateTest.php @@ -31,7 +31,7 @@ class AssetUpdateTest extends TestCase ->assertOk() ->json(); $asset->refresh(); - $this->assertEquals(\Crypt::decrypt($asset->{$field->db_column_name()}), 'This is encrypted field'); + $this->assertEquals('This is encrypted field', \Crypt::decrypt($asset->{$field->db_column_name()})); } public function testPermissionNeededToUpdateEncryptedField() @@ -53,7 +53,7 @@ class AssetUpdateTest extends TestCase ->assertMessagesAre('Asset updated successfully, but encrypted custom fields were not due to permissions') ->json(); $asset->refresh(); - $this->assertEquals(\Crypt::decrypt($asset->{$field->db_column_name()}), "encrypted value should not change"); + $this->assertEquals("encrypted value should not change", \Crypt::decrypt($asset->{$field->db_column_name()})); } } From ab561d1ce87c89faf8c80a669234e6d167834cc4 Mon Sep 17 00:00:00 2001 From: Marcus Moore Date: Tue, 16 Apr 2024 12:36:13 -0700 Subject: [PATCH 2/8] Simplify factory state --- database/factories/AssetFactory.php | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/database/factories/AssetFactory.php b/database/factories/AssetFactory.php index 174debb9cd..18fef95273 100644 --- a/database/factories/AssetFactory.php +++ b/database/factories/AssetFactory.php @@ -355,7 +355,9 @@ class AssetFactory extends Factory public function hasEncryptedCustomField() { - return $this->state(['model_id' => AssetModel::where('name', 'asset with encrypted field')->first() ?? AssetModel::factory()->withEncryptedField()]); + return $this->afterMaking(function (Asset $asset) { + $asset->model_id = AssetModel::factory()->withEncryptedField()->create()->id; + }); } From c6d9da15711ddb57b92cd8f0cddd1c234d499a07 Mon Sep 17 00:00:00 2001 From: Marcus Moore Date: Tue, 16 Apr 2024 12:36:41 -0700 Subject: [PATCH 3/8] Remove unneeded fields in factory state --- database/factories/AssetModelFactory.php | 12 ------------ 1 file changed, 12 deletions(-) diff --git a/database/factories/AssetModelFactory.php b/database/factories/AssetModelFactory.php index f7e33d4939..2d14db9aa8 100644 --- a/database/factories/AssetModelFactory.php +++ b/database/factories/AssetModelFactory.php @@ -436,18 +436,6 @@ class AssetModelFactory extends Factory return $this->state(function () { $field = CustomField::factory()->testEncrypted()->create(); // TODO - having to create and then 'find' the thing you just created is WEIRD return [ - 'name' => 'asset with encrypted field', - 'category_id' => function () { - return Category::where('name', 'Mobile Phones')->first() ?? Category::factory()->assetMobileCategory(); - }, - 'manufacturer_id' => function () { - return Manufacturer::where('name', 'Apple')->first() ?? Manufacturer::factory()->apple(); - }, - 'eol' => '12', - 'depreciation_id' => function () { - return Depreciation::where('name', 'Computer Depreciation')->first() ?? Depreciation::factory()->computer(); - }, - 'image' => 'iphone12.jpeg', 'fieldset_id' => function () use ($field) { return CustomFieldset::where('name', 'Has Encrypted Custom Field')->first() ?? CustomFieldset::factory()->has_encrypted_custom_field()->hasAttached(CustomField::where('name', 'Test Encrypted')->first(), ['order' => 1, 'required' => 0], 'fields'); }, From e47f64f62dcda2955c3df63624137ea0a64641b3 Mon Sep 17 00:00:00 2001 From: Marcus Moore Date: Tue, 16 Apr 2024 15:03:05 -0700 Subject: [PATCH 4/8] Separate test methods --- tests/Feature/Api/Assets/AssetStoreTest.php | 13 ++++++++++--- tests/Feature/Api/Assets/AssetUpdateTest.php | 1 - 2 files changed, 10 insertions(+), 4 deletions(-) diff --git a/tests/Feature/Api/Assets/AssetStoreTest.php b/tests/Feature/Api/Assets/AssetStoreTest.php index d1f27cff52..57563c432d 100644 --- a/tests/Feature/Api/Assets/AssetStoreTest.php +++ b/tests/Feature/Api/Assets/AssetStoreTest.php @@ -482,15 +482,15 @@ class AssetStoreTest extends TestCase }); } - public function testEncryptedCustomField() + public function testEncryptedCustomFieldCanBeStored() { $field = CustomField::factory()->testEncrypted()->create(); $asset = Asset::factory()->hasEncryptedCustomField()->create(); $superuser = User::factory()->superuser()->create(); - $normal_user = User::factory()->editAssets()->create(); //first, test that an Admin user can save the encrypted custom field $response = $this->actingAsForApi($superuser) + // @todo: target store method ->patchJson(route('api.assets.update', $asset->id), [ $field->db_column_name() => 'This is encrypted field' ]) @@ -499,9 +499,17 @@ class AssetStoreTest extends TestCase ->json(); $asset->refresh(); $this->assertEquals('This is encrypted field', \Crypt::decrypt($asset->{$field->db_column_name()})); + } + + public function testPermissionNeededToStoreEncryptedField() + { + $field = CustomField::factory()->testEncrypted()->create(); + $asset = Asset::factory()->hasEncryptedCustomField()->create(); + $normal_user = User::factory()->editAssets()->create(); //next, test that a 'normal' user *cannot* change the encrypted custom field $response = $this->actingAsForApi($normal_user) + // @todo: target store method ->patchJson(route('api.assets.update', $asset->id), [ $field->db_column_name() => 'Some Other Value Entirely!' ]) @@ -511,6 +519,5 @@ class AssetStoreTest extends TestCase ->json(); $asset->refresh(); $this->assertEquals('This is encrypted field', \Crypt::decrypt($asset->{$field->db_column_name()})); - } } diff --git a/tests/Feature/Api/Assets/AssetUpdateTest.php b/tests/Feature/Api/Assets/AssetUpdateTest.php index 22c0d597f2..d0f1cb0f92 100644 --- a/tests/Feature/Api/Assets/AssetUpdateTest.php +++ b/tests/Feature/Api/Assets/AssetUpdateTest.php @@ -54,6 +54,5 @@ class AssetUpdateTest extends TestCase ->json(); $asset->refresh(); $this->assertEquals("encrypted value should not change", \Crypt::decrypt($asset->{$field->db_column_name()})); - } } From ad99aa460b4802711cfa6a44a167f33d4bffcdcb Mon Sep 17 00:00:00 2001 From: Marcus Moore Date: Tue, 16 Apr 2024 15:09:49 -0700 Subject: [PATCH 5/8] Remove unneeded imports --- tests/Feature/Api/Assets/AssetUpdateTest.php | 7 ------- 1 file changed, 7 deletions(-) diff --git a/tests/Feature/Api/Assets/AssetUpdateTest.php b/tests/Feature/Api/Assets/AssetUpdateTest.php index d0f1cb0f92..593bd9b020 100644 --- a/tests/Feature/Api/Assets/AssetUpdateTest.php +++ b/tests/Feature/Api/Assets/AssetUpdateTest.php @@ -3,15 +3,8 @@ namespace Tests\Feature\Api\Assets; use App\Models\Asset; -use App\Models\AssetModel; -use App\Models\Company; use App\Models\CustomField; -use App\Models\CustomFieldset; -use App\Models\Location; -use App\Models\Statuslabel; -use App\Models\Supplier; use App\Models\User; -use Illuminate\Testing\Fluent\AssertableJson; use Tests\TestCase; class AssetUpdateTest extends TestCase From e16c04250e0d589cf401764b9e84bf84e99ea76c Mon Sep 17 00:00:00 2001 From: Marcus Moore Date: Tue, 16 Apr 2024 16:58:28 -0700 Subject: [PATCH 6/8] Improve model factories --- database/factories/AssetFactory.php | 11 ++++++++--- database/factories/AssetModelFactory.php | 10 +++------- database/factories/CustomFieldsetFactory.php | 10 +++++----- tests/Feature/Api/Assets/AssetStoreTest.php | 2 +- tests/Feature/Api/Assets/AssetUpdateTest.php | 4 ++-- 5 files changed, 19 insertions(+), 18 deletions(-) diff --git a/database/factories/AssetFactory.php b/database/factories/AssetFactory.php index 18fef95273..0916fea17d 100644 --- a/database/factories/AssetFactory.php +++ b/database/factories/AssetFactory.php @@ -4,6 +4,7 @@ namespace Database\Factories; use App\Models\Asset; use App\Models\AssetModel; +use App\Models\CustomField; use App\Models\Location; use App\Models\Statuslabel; use App\Models\Supplier; @@ -353,10 +354,14 @@ class AssetFactory extends Factory return $this->state(['requestable' => false]); } - public function hasEncryptedCustomField() + public function hasEncryptedCustomField(CustomField $field = null) { - return $this->afterMaking(function (Asset $asset) { - $asset->model_id = AssetModel::factory()->withEncryptedField()->create()->id; + // @todo: update this so existing asset model is used if present on the asset + // (may have been created in a test case) + return $this->state(function () use ($field) { + return [ + 'model_id' => AssetModel::factory()->hasEncryptedCustomField($field), + ]; }); } diff --git a/database/factories/AssetModelFactory.php b/database/factories/AssetModelFactory.php index 2d14db9aa8..ed3d478261 100644 --- a/database/factories/AssetModelFactory.php +++ b/database/factories/AssetModelFactory.php @@ -431,16 +431,12 @@ class AssetModelFactory extends Factory }); } - public function withEncryptedField() + public function hasEncryptedCustomField(CustomField $field = null) { - return $this->state(function () { - $field = CustomField::factory()->testEncrypted()->create(); // TODO - having to create and then 'find' the thing you just created is WEIRD + return $this->state(function () use ($field) { return [ - 'fieldset_id' => function () use ($field) { - return CustomFieldset::where('name', 'Has Encrypted Custom Field')->first() ?? CustomFieldset::factory()->has_encrypted_custom_field()->hasAttached(CustomField::where('name', 'Test Encrypted')->first(), ['order' => 1, 'required' => 0], 'fields'); - }, + 'fieldset_id' => CustomFieldset::factory()->hasEncryptedCustomField($field), ]; }); } - } diff --git a/database/factories/CustomFieldsetFactory.php b/database/factories/CustomFieldsetFactory.php index f0ace3f539..9a410ba25f 100644 --- a/database/factories/CustomFieldsetFactory.php +++ b/database/factories/CustomFieldsetFactory.php @@ -45,12 +45,12 @@ class CustomFieldsetFactory extends Factory }); } - public function has_encrypted_custom_field() + public function hasEncryptedCustomField(CustomField $field = null) { - return $this->state(function () { - return [ - 'name' => 'Has Encrypted Custom Field', - ]; + return $this->afterCreating(function (CustomFieldset $fieldset) use ($field) { + $field = $field ?? CustomField::factory()->testEncrypted()->create(); + + $fieldset->fields()->attach($field, ['order' => '1', 'required' => false]); }); } } diff --git a/tests/Feature/Api/Assets/AssetStoreTest.php b/tests/Feature/Api/Assets/AssetStoreTest.php index 57563c432d..36678fe05a 100644 --- a/tests/Feature/Api/Assets/AssetStoreTest.php +++ b/tests/Feature/Api/Assets/AssetStoreTest.php @@ -485,7 +485,7 @@ class AssetStoreTest extends TestCase public function testEncryptedCustomFieldCanBeStored() { $field = CustomField::factory()->testEncrypted()->create(); - $asset = Asset::factory()->hasEncryptedCustomField()->create(); + $asset = Asset::factory()->hasEncryptedCustomField($field)->create(); $superuser = User::factory()->superuser()->create(); //first, test that an Admin user can save the encrypted custom field diff --git a/tests/Feature/Api/Assets/AssetUpdateTest.php b/tests/Feature/Api/Assets/AssetUpdateTest.php index 593bd9b020..05adbb9fff 100644 --- a/tests/Feature/Api/Assets/AssetUpdateTest.php +++ b/tests/Feature/Api/Assets/AssetUpdateTest.php @@ -12,7 +12,7 @@ class AssetUpdateTest extends TestCase public function testEncryptedCustomFieldCanBeUpdated() { $field = CustomField::factory()->testEncrypted()->create(); - $asset = Asset::factory()->hasEncryptedCustomField()->create(); + $asset = Asset::factory()->hasEncryptedCustomField($field)->create(); $superuser = User::factory()->superuser()->create(); //first, test that an Admin user can save the encrypted custom field @@ -30,7 +30,7 @@ class AssetUpdateTest extends TestCase public function testPermissionNeededToUpdateEncryptedField() { $field = CustomField::factory()->testEncrypted()->create(); - $asset = Asset::factory()->hasEncryptedCustomField()->create(); + $asset = Asset::factory()->hasEncryptedCustomField($field)->create(); $normal_user = User::factory()->editAssets()->create(); $asset->{$field->db_column_name()} = \Crypt::encrypt("encrypted value should not change"); From f763aea4fc1549f6dbc44be8cfdec2a2096e1df1 Mon Sep 17 00:00:00 2001 From: Marcus Moore Date: Tue, 16 Apr 2024 17:13:18 -0700 Subject: [PATCH 7/8] Update tests to send post request --- tests/Feature/Api/Assets/AssetStoreTest.php | 39 ++++++++++++-------- tests/Feature/Api/Assets/AssetUpdateTest.php | 17 ++++----- 2 files changed, 32 insertions(+), 24 deletions(-) diff --git a/tests/Feature/Api/Assets/AssetStoreTest.php b/tests/Feature/Api/Assets/AssetStoreTest.php index 36678fe05a..e18a957e0f 100644 --- a/tests/Feature/Api/Assets/AssetStoreTest.php +++ b/tests/Feature/Api/Assets/AssetStoreTest.php @@ -6,7 +6,6 @@ use App\Models\Asset; use App\Models\AssetModel; use App\Models\Company; use App\Models\CustomField; -use App\Models\CustomFieldset; use App\Models\Location; use App\Models\Statuslabel; use App\Models\Supplier; @@ -484,40 +483,50 @@ class AssetStoreTest extends TestCase public function testEncryptedCustomFieldCanBeStored() { + $status = Statuslabel::factory()->create(); $field = CustomField::factory()->testEncrypted()->create(); - $asset = Asset::factory()->hasEncryptedCustomField($field)->create(); $superuser = User::factory()->superuser()->create(); + $assetData = Asset::factory()->hasEncryptedCustomField($field)->make(); - //first, test that an Admin user can save the encrypted custom field $response = $this->actingAsForApi($superuser) - // @todo: target store method - ->patchJson(route('api.assets.update', $asset->id), [ - $field->db_column_name() => 'This is encrypted field' + ->postJson(route('api.assets.store'), [ + $field->db_column_name() => 'This is encrypted field', + 'model_id' => $assetData->model->id, + 'status_id' => $status->id, + 'asset_tag' => '1234', ]) ->assertStatusMessageIs('success') ->assertOk() ->json(); - $asset->refresh(); + + $asset = Asset::findOrFail($response['payload']['id']); $this->assertEquals('This is encrypted field', \Crypt::decrypt($asset->{$field->db_column_name()})); } public function testPermissionNeededToStoreEncryptedField() { - $field = CustomField::factory()->testEncrypted()->create(); - $asset = Asset::factory()->hasEncryptedCustomField()->create(); - $normal_user = User::factory()->editAssets()->create(); + // @todo: + $this->markTestIncomplete(); + + $status = Statuslabel::factory()->create(); + $field = CustomField::factory()->testEncrypted()->create(); + $normal_user = User::factory()->editAssets()->create(); + $assetData = Asset::factory()->hasEncryptedCustomField($field)->make(); - //next, test that a 'normal' user *cannot* change the encrypted custom field $response = $this->actingAsForApi($normal_user) - // @todo: target store method - ->patchJson(route('api.assets.update', $asset->id), [ - $field->db_column_name() => 'Some Other Value Entirely!' + ->postJson(route('api.assets.store'), [ + $field->db_column_name() => 'Some Other Value Entirely!', + 'model_id' => $assetData->model->id, + 'status_id' => $status->id, + 'asset_tag' => '1234', ]) + // @todo: this is 403 unauthorized ->assertStatusMessageIs('success') ->assertOk() ->assertMessagesAre('Asset updated successfully, but encrypted custom fields were not due to permissions') ->json(); - $asset->refresh(); + + $asset = Asset::findOrFail($response['payload']['id']); $this->assertEquals('This is encrypted field', \Crypt::decrypt($asset->{$field->db_column_name()})); } } diff --git a/tests/Feature/Api/Assets/AssetUpdateTest.php b/tests/Feature/Api/Assets/AssetUpdateTest.php index 05adbb9fff..7a155e1b7f 100644 --- a/tests/Feature/Api/Assets/AssetUpdateTest.php +++ b/tests/Feature/Api/Assets/AssetUpdateTest.php @@ -15,14 +15,13 @@ class AssetUpdateTest extends TestCase $asset = Asset::factory()->hasEncryptedCustomField($field)->create(); $superuser = User::factory()->superuser()->create(); - //first, test that an Admin user can save the encrypted custom field - $response = $this->actingAsForApi($superuser) + $this->actingAsForApi($superuser) ->patchJson(route('api.assets.update', $asset->id), [ $field->db_column_name() => 'This is encrypted field' ]) ->assertStatusMessageIs('success') - ->assertOk() - ->json(); + ->assertOk(); + $asset->refresh(); $this->assertEquals('This is encrypted field', \Crypt::decrypt($asset->{$field->db_column_name()})); } @@ -34,17 +33,17 @@ class AssetUpdateTest extends TestCase $normal_user = User::factory()->editAssets()->create(); $asset->{$field->db_column_name()} = \Crypt::encrypt("encrypted value should not change"); - $asset->save(); //is this needed? + $asset->save(); - //test that a 'normal' user *cannot* change the encrypted custom field - $response = $this->actingAsForApi($normal_user) + // test that a 'normal' user *cannot* change the encrypted custom field + $this->actingAsForApi($normal_user) ->patchJson(route('api.assets.update', $asset->id), [ $field->db_column_name() => 'Some Other Value Entirely!' ]) ->assertStatusMessageIs('success') ->assertOk() - ->assertMessagesAre('Asset updated successfully, but encrypted custom fields were not due to permissions') - ->json(); + ->assertMessagesAre('Asset updated successfully, but encrypted custom fields were not due to permissions'); + $asset->refresh(); $this->assertEquals("encrypted value should not change", \Crypt::decrypt($asset->{$field->db_column_name()})); } From 9d0ea857fee6cdc8ac711175a47fd015c16d12a4 Mon Sep 17 00:00:00 2001 From: Marcus Moore Date: Tue, 16 Apr 2024 17:14:17 -0700 Subject: [PATCH 8/8] Import facade --- tests/Feature/Api/Assets/AssetStoreTest.php | 5 +++-- tests/Feature/Api/Assets/AssetUpdateTest.php | 7 ++++--- 2 files changed, 7 insertions(+), 5 deletions(-) diff --git a/tests/Feature/Api/Assets/AssetStoreTest.php b/tests/Feature/Api/Assets/AssetStoreTest.php index e18a957e0f..aee110976d 100644 --- a/tests/Feature/Api/Assets/AssetStoreTest.php +++ b/tests/Feature/Api/Assets/AssetStoreTest.php @@ -10,6 +10,7 @@ use App\Models\Location; use App\Models\Statuslabel; use App\Models\Supplier; use App\Models\User; +use Illuminate\Support\Facades\Crypt; use Illuminate\Testing\Fluent\AssertableJson; use Tests\TestCase; @@ -500,7 +501,7 @@ class AssetStoreTest extends TestCase ->json(); $asset = Asset::findOrFail($response['payload']['id']); - $this->assertEquals('This is encrypted field', \Crypt::decrypt($asset->{$field->db_column_name()})); + $this->assertEquals('This is encrypted field', Crypt::decrypt($asset->{$field->db_column_name()})); } public function testPermissionNeededToStoreEncryptedField() @@ -527,6 +528,6 @@ class AssetStoreTest extends TestCase ->json(); $asset = Asset::findOrFail($response['payload']['id']); - $this->assertEquals('This is encrypted field', \Crypt::decrypt($asset->{$field->db_column_name()})); + $this->assertEquals('This is encrypted field', Crypt::decrypt($asset->{$field->db_column_name()})); } } diff --git a/tests/Feature/Api/Assets/AssetUpdateTest.php b/tests/Feature/Api/Assets/AssetUpdateTest.php index 7a155e1b7f..f416645a8a 100644 --- a/tests/Feature/Api/Assets/AssetUpdateTest.php +++ b/tests/Feature/Api/Assets/AssetUpdateTest.php @@ -5,6 +5,7 @@ namespace Tests\Feature\Api\Assets; use App\Models\Asset; use App\Models\CustomField; use App\Models\User; +use Illuminate\Support\Facades\Crypt; use Tests\TestCase; class AssetUpdateTest extends TestCase @@ -23,7 +24,7 @@ class AssetUpdateTest extends TestCase ->assertOk(); $asset->refresh(); - $this->assertEquals('This is encrypted field', \Crypt::decrypt($asset->{$field->db_column_name()})); + $this->assertEquals('This is encrypted field', Crypt::decrypt($asset->{$field->db_column_name()})); } public function testPermissionNeededToUpdateEncryptedField() @@ -32,7 +33,7 @@ class AssetUpdateTest extends TestCase $asset = Asset::factory()->hasEncryptedCustomField($field)->create(); $normal_user = User::factory()->editAssets()->create(); - $asset->{$field->db_column_name()} = \Crypt::encrypt("encrypted value should not change"); + $asset->{$field->db_column_name()} = Crypt::encrypt("encrypted value should not change"); $asset->save(); // test that a 'normal' user *cannot* change the encrypted custom field @@ -45,6 +46,6 @@ class AssetUpdateTest extends TestCase ->assertMessagesAre('Asset updated successfully, but encrypted custom fields were not due to permissions'); $asset->refresh(); - $this->assertEquals("encrypted value should not change", \Crypt::decrypt($asset->{$field->db_column_name()})); + $this->assertEquals("encrypted value should not change", Crypt::decrypt($asset->{$field->db_column_name()})); } }