ouyang/snipe-it
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Added/updated tests

Browse Source 
Signed-off-by: snipe <snipe@snipe.net>
This commit is contained in:
snipe
2025-07-17 20:08:32 +01:00
parent 3d9d18a0d5
commit c7280953dd
2 changed files with 122 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

39
tests/Feature/Users/Api/UpdateUserTest.php
View File

@@ -109,7 +109,7 @@ class UpdateUserTest extends TestCase
'password' => 'super-secret',
'password_confirmation' => 'super-secret',
'email' => 'mabel@onlymurderspod.com',
'permissions' => '{"a.new.permission":"1"}',
//'permissions' => '{"a.new.permission":"1"}',
'activated' => true,
'phone' => '619-555-5555',
'jobtitle' => 'Host',
@@ -136,7 +136,7 @@ class UpdateUserTest extends TestCase
$this->assertEquals('mabel', $user->username, 'Username was not updated');
$this->assertTrue(Hash::check('super-secret', $user->password), 'Password was not updated');
$this->assertEquals('mabel@onlymurderspod.com', $user->email, 'Email was not updated');
$this->assertArrayHasKey('a.new.permission', $user->decodePermissions(), 'Permissions were not updated');
//$this->assertArrayHasKey('a.new.permission', $user->decodePermissions(), 'Permissions were not updated');
$this->assertTrue((bool) $user->activated, 'User not marked as activated');
$this->assertEquals('619-555-5555', $user->phone, 'Phone was not updated');
$this->assertEquals('Host', $user->jobtitle, 'Job title was not updated');
@@ -162,7 +162,7 @@ class UpdateUserTest extends TestCase
public function testApiUsersCanBeActivatedWithNumber()
{
$admin = User::factory()->superuser()->create();
$admin = User::factory()->editUsers()->create();
$user = User::factory()->create(['activated' => 0]);
$this->actingAsForApi($admin)
@@ -175,7 +175,7 @@ class UpdateUserTest extends TestCase
public function testApiUsersCanBeActivatedWithBooleanTrue()
{
$admin = User::factory()->superuser()->create();
$admin = User::factory()->editUsers()->create();
$user = User::factory()->create(['activated' => false]);
$this->actingAsForApi($admin)
@@ -188,7 +188,7 @@ class UpdateUserTest extends TestCase
public function testApiUsersCanBeDeactivatedWithNumber()
{
$admin = User::factory()->superuser()->create();
$admin = User::factory()->editUsers()->create();
$user = User::factory()->create(['activated' => true]);
$this->actingAsForApi($admin)
@@ -201,7 +201,7 @@ class UpdateUserTest extends TestCase
public function testApiUsersCanBeDeactivatedWithBooleanFalse()
{
$admin = User::factory()->superuser()->create();
$admin = User::factory()->editUsers()->create();
$user = User::factory()->create(['activated' => true]);
$this->actingAsForApi($admin)
@@ -212,6 +212,33 @@ class UpdateUserTest extends TestCase
$this->assertEquals(0, $user->refresh()->activated);
}
public function testEditingUsersCannotEditEscalationFieldsForAdmins()
{
$hashed_original = Hash::make('!!094850394680980380kfejlskjfl');
$hashed_new = Hash::make('!ABCDEFGIJKL123!!!');
$admin = User::factory()->editUsers()->create();
$user = User::factory()->admin()->create(['username' => 'brandnewuser', 'email'=> 'brandnewemail@example.org', 'password' => $hashed_original, 'activated' => 1]);
$this->assertDatabaseHas('users', [
'id' => $user->id,
'username' => 'brandnewuser',
'email' => 'brandnewemail@example.org',
'activated' => 1,
'password' => $hashed_original,
]);
$this->actingAsForApi($admin)
->patch(route('api.users.update', $user), [
'username' => 'testnewusername',
'email' => 'testnewemail@example.org',
'activated' => 0,
'password' => $hashed_new,
]);
$this->assertEquals(0, $user->refresh()->activated);
}
public function testUsersScopedToCompanyDuringUpdateWhenMultipleFullCompanySupportEnabled()
{
$this->settings->enableMultipleFullCompanySupport();

96
tests/Feature/Users/Ui/UpdateUserTest.php
View File

@@ -7,17 +7,18 @@ use App\Models\Company;
use App\Models\User;
use Error;
use Tests\TestCase;
use Illuminate\Support\Facades\Hash;
class UpdateUserTest extends TestCase
{
public function testPageRenders()
{
$this->actingAs(User::factory()->superuser()->create())
$this->actingAs(User::factory()->editUsers()->create())
->get(route('users.edit', User::factory()->create()->id))
->assertOk();
}
public function testCannotViewEditPageForSoftDeletedUser()
public function testCanViewEditPageForSoftDeletedUser()
{
$user = User::factory()->trashed()->create();
@@ -28,7 +29,7 @@ class UpdateUserTest extends TestCase
public function testUsersCanBeActivatedWithNumber()
{
$admin = User::factory()->superuser()->create();
$admin = User::factory()->editUsers()->create();
$user = User::factory()->create(['activated' => 0]);
$this->actingAs($admin)
@@ -43,7 +44,7 @@ class UpdateUserTest extends TestCase
public function testUsersCanBeActivatedWithBooleanTrue()
{
$admin = User::factory()->superuser()->create();
$admin = User::factory()->editUsers()->create();
$user = User::factory()->create(['activated' => false]);
$this->actingAs($admin)
@@ -58,7 +59,7 @@ class UpdateUserTest extends TestCase
public function testUsersCanBeDeactivatedWithNumber()
{
$admin = User::factory()->superuser()->create();
$admin = User::factory()->editUsers()->create();
$user = User::factory()->create(['activated' => true]);
$this->actingAs($admin)
@@ -73,7 +74,7 @@ class UpdateUserTest extends TestCase
public function testUsersCanBeDeactivatedWithBooleanFalse()
{
$admin = User::factory()->superuser()->create();
$admin = User::factory()->editUsers()->create();
$user = User::factory()->create(['activated' => true]);
$this->actingAs($admin)
@@ -88,7 +89,7 @@ class UpdateUserTest extends TestCase
public function testUsersUpdatingThemselvesDoNotDeactivateTheirAccount()
{
$admin = User::factory()->superuser()->create(['activated' => true]);
$admin = User::factory()->editUsers()->create(['activated' => true]);
$this->actingAs($admin)
->put(route('users.update', $admin), [
@@ -99,6 +100,87 @@ class UpdateUserTest extends TestCase
$this->assertEquals(1, $admin->refresh()->activated);
}
public function testEditingUsersCannotEditEscalationFieldsForAdmins()
{
$admin = User::factory()->editUsers()->create(['activated' => true]);
$hashed_original = Hash::make('!!094850394680980380kfejlskjfl');
$hashed_new = Hash::make('!ABCDEFGIJKL123!!!');
$user = User::factory()->admin()->create(['username' => 'brandnewuser', 'email'=> 'brandnewemail@example.org', 'password' => $hashed_original, 'activated' => true]);
$this->assertDatabaseHas('users', [
'id' => $user->id,
'username' => 'brandnewuser',
'email' => 'brandnewemail@example.org',
'activated' => 1,
'password' => $hashed_original,
]);
$this->actingAs($admin)
->put(route('users.update', $user), [
'username' => 'testnewusername',
'email' => 'testnewemail@example.org',
'activated' => 0,
'password' => 'super-secret',
]);
$this->assertDatabaseHas('users', [
'id' => $user->id,
'username' => $user->username,
'email' => $user->email,
'activated' => $user->activated,
'password' => $hashed_original,
]);
$this->assertEquals('brandnewuser', $user->refresh()->username);
$this->assertEquals('brandnewemail@example.org', $user->refresh()->email);
$this->assertEquals(1, $user->refresh()->activated);
$this->assertNotEquals(Hash::check('super-secret', $user->password), $user->refresh()->password);
$this->assertNotEquals('testnewusername', $user->refresh()->username);
$this->assertNotEquals('testnewemail@example.org', $user->refresh()->email);
$this->assertNotEquals(0, $user->refresh()->activated);
$this->assertNotEquals(Hash::check('super-secret', $user->password), $user->refresh()->password);
}
public function testAdminUsersCannotEditFieldsForSuperAdmins()
{
$admin = User::factory()->admin()->create(['activated' => true]);
$hashed_original = Hash::make('my-awesome-password');
$user = User::factory()->superuser()->create(['username' => 'brandnewuser', 'email'=> 'brandnewemail@example.org', 'password' => $hashed_original, 'activated' => true]);
$this->assertDatabaseHas('users', [
'id' => $user->id,
'username' => 'brandnewuser',
'email' => 'brandnewemail@example.org',
'activated' => 1,
'password' => $hashed_original,
]);
$this->actingAs($admin)
->put(route('users.update', $user), [
'username' => 'testnewusername',
'email' => 'testnewemail@example.org',
'activated' => 0,
'password' => 'super-secret-new-password',
]);
$this->assertDatabaseHas('users', [
'id' => $user->id,
'username' => $user->username,
'email' => $user->email,
'activated' => $user->activated,
'password' => $hashed_original,
]);
$this->assertEquals('brandnewuser', $user->refresh()->username);
$this->assertEquals('brandnewemail@example.org', $user->refresh()->email);
$this->assertEquals(1, $user->refresh()->activated);
$this->assertTrue(Hash::check('my-awesome-password', $user->password), $user->refresh()->password);
$this->assertNotEquals('testnewusername', $user->refresh()->username);
$this->assertNotEquals('testnewemail@example.org', $user->refresh()->email);
$this->assertNotTrue(Hash::check('super-secret-new-password', $user->password), $user->refresh()->password);
}
public function testMultiCompanyUserCannotBeMovedIfHasAssetInDifferentCompany()
{
$this->settings->enableMultipleFullCompanySupport();