tests:adds testing to portfolio access policy

2024-10-22 22:24:39 -05:00
parent 5a04c33f13
commit d53d1a3ed3
8 changed files with 287 additions and 5 deletions
@@ -0,0 +1,168 @@
+<?php
+
+namespace Tests;
+
+use Tests\TestCase;
+use App\Models\User;
+use App\Models\ConnectedAccount;
+use Illuminate\Support\Facades\Auth;
+use Laravel\Socialite\Facades\Socialite;
+use Illuminate\Foundation\Testing\RefreshDatabase;
+use App\Http\Controllers\ConnectedAccountController;
+
+class ConnectedAccountTest extends TestCase
+{
+    use RefreshDatabase;
+
+    protected $controller;
+
+    protected function setUp(): void
+    {
+        parent::setUp();
+        $this->controller = new ConnectedAccountController();
+    }
+
+    public function test_handle_provider_callback_with_already_connected_account()
+    {
+        $provider = 'github';
+        config(['services.enabled_login_providers' => 'github,google']);
+
+        // Create a user and a connected account for the provider
+        $user = User::create([
+            'name' => 'Alice Smith',
+            'email' => 'alice@example.com',
+            'email_verified_at' => now(),
+        ]);
+        $providerUser = (object)[
+            'id' => '67890',
+            'name' => 'Alice Smith',
+            'email' => 'alice@example.com',
+            'token' => '15932t8',
+            'tokenSecret' => null,
+            'refreshToken' => null,
+            'expiresIn' => null,
+        ];
+        ConnectedAccount::forceCreate([
+            'provider' => $provider,
+            'provider_id' => $providerUser->id,
+            'user_id' => $user->id,
+            'token' => $providerUser->token,
+            'verified_at' => now()
+        ]);
+        
+        Socialite::shouldReceive('driver')
+            ->with($provider)
+            ->andReturnSelf()
+            ->shouldReceive('user')
+            ->andReturn($providerUser);
+
+        $response = $this->get(route('oauth.callback', ['provider' => $provider]));
+
+        $this->assertTrue(Auth::check());
+        $this->assertEquals($user->id, Auth::id());
+
+        $response->assertRedirect(route('dashboard'));
+    }
+
+    public function test_handle_provider_callback_with_new_user()
+    {
+        $provider = 'github';
+        config(['services.enabled_login_providers' => 'github,google']);
+        $providerUser = (object)[
+            'id' => '12345',
+            'name' => 'John Doe',
+            'email' => 'john@example.com',
+            'token' => 'token',
+            'tokenSecret' => null,
+            'refreshToken' => null,
+            'expiresIn' => null,
+        ];
+
+        Socialite::shouldReceive('driver')
+            ->with($provider)
+            ->andReturnSelf()
+            ->shouldReceive('user')
+            ->andReturn($providerUser);
+
+        $response = $this->get(route('oauth.callback', ['provider' => $provider]));
+
+        $user = User::where('email', 'john@example.com')->first();
+        $this->assertNotNull($user);
+        $this->assertEquals('John Doe', $user->name);
+
+        $connectedAccount = ConnectedAccount::first();
+        $this->assertNotNull($connectedAccount);
+        $this->assertEquals('github', $connectedAccount->provider);
+        $this->assertEquals('12345', $connectedAccount->provider_id);
+        $this->assertNotNull($connectedAccount->verified_at);
+
+        $this->assertTrue(Auth::check());
+        $response->assertRedirect(route('dashboard'));
+    }
+
+    public function test_handle_provider_callback_with_existing_account()
+    {
+        $provider = 'github';
+        config(['services.enabled_login_providers' => 'github,google']);
+        User::create([
+            'name' => 'Jane Doe',
+            'email' => 'jane@example.com',
+            'email_verified_at' => now(),
+        ]);
+        $providerUser = (object)[
+            'id' => '54321',
+            'name' => 'Jane Doe',
+            'email' => 'jane@example.com',
+            'token' => 'token',
+            'tokenSecret' => null,
+            'refreshToken' => null,
+            'expiresIn' => null,
+        ];
+
+        Socialite::shouldReceive('driver')
+            ->with($provider)
+            ->andReturnSelf()
+            ->shouldReceive('user')
+            ->andReturn($providerUser);
+
+        $response = $this->get(route('oauth.callback', ['provider' => $provider]));
+
+        $connectedAccount = ConnectedAccount::first();
+        $this->assertNotNull($connectedAccount);
+        $this->assertEquals('github', $connectedAccount->provider);
+        $this->assertEquals('54321', $connectedAccount->provider_id);
+        $this->assertNull($connectedAccount->verified_at);
+
+        $response->assertRedirect(route('login'));
+        $response->assertSessionHas('status', 'Account already exists. Check your email to connect your GitHub account.');
+    }
+
+    public function test_verify_connected_account()
+    {
+        $user = User::create([
+            'name' => 'Alice Smith',
+            'email' => 'alice@example.com',
+            'email_verified_at' => null,
+        ]);
+        $connectedAccount = ConnectedAccount::forceCreate([
+            'provider' => 'github',
+            'provider_id' => '12345',
+            'token' => '0283523',
+            'user_id' => $user->id,
+            'verified_at' => null,
+        ]);
+
+        $this->assertNull($connectedAccount->verified_at);
+
+        $response = $this->get(route('oauth.verify_connected_account', ['connected_account' => $connectedAccount->id]));
+
+        $connectedAccount->refresh();
+
+        $this->assertNotNull($connectedAccount->verified_at);
+        $this->assertNotNull($connectedAccount->user);
+
+        $response->assertRedirect(route('dashboard'));
+        $response->assertSessionHas('toast');
+    }
+
+}
@@ -0,0 +1,112 @@
+<?php
+
+namespace Tests;
+
+use Tests\TestCase;
+use App\Models\User;
+use App\Models\Portfolio;
+use App\Policies\PortfolioPolicy;
+use Illuminate\Support\Facades\Auth;
+use Illuminate\Foundation\Testing\RefreshDatabase;
+
+class PortfolioPolicyTest extends TestCase
+{
+    use RefreshDatabase;
+
+    protected $policy;
+    protected $user;
+    protected $portfolio;
+
+    protected function setUp(): void
+    {
+        parent::setUp();
+
+        $this->policy = new PortfolioPolicy();
+
+        $this->user = User::factory()->create();
+
+        Auth::login($this->user);
+        $this->portfolio = Portfolio::factory()->create();
+
+        // Attach the users to the portfolio
+        $this->portfolio->users()->syncWithoutDetaching([
+            $this->user->id => [
+                'full_access' => false,
+                'owner' => false,
+            ]
+        ]);
+    }
+
+    public function test_stranger_access_viaweb()
+    {
+        $user = User::factory()->create();
+
+        $result = $this->actingAs($user)->get(route('portfolio.show', ['portfolio' => $this->portfolio]));
+
+        $result->assertStatus(403);
+    }
+
+    public function test_stranger_access_via_policy()
+    {
+        $user = User::factory()->create();
+
+        $result = $this->policy->readOnly($user, $this->portfolio);
+        $this->assertFalse($result, 'User should not have readonly access');
+
+        $result = $this->policy->fullAccess($user, $this->portfolio);
+        $this->assertFalse($result, 'User should not have full access');
+
+        $result = $this->policy->owner($user, $this->portfolio);
+        $this->assertFalse($result, 'User should not have owner access');
+    }
+
+    public function test_read_only_policy()
+    {
+        $result = $this->policy->readOnly($this->user, $this->portfolio);
+        $this->assertTrue($result, 'User should have read-only access');
+    }
+
+    public function test_read_only_via_web()
+    {
+        $result = $this->actingAs($this->user)->get(route('portfolio.show', ['portfolio' => $this->portfolio]));
+
+        $result->assertStatus(200);
+    }
+
+    public function test_full_access_policy_with_full_access()
+    {
+        // Update pivot table to give full access
+        $this->portfolio->users()->updateExistingPivot($this->user->id, [
+            'full_access' => true,
+        ]);
+
+        $result = $this->policy->fullAccess($this->user, $this->portfolio);
+        $this->assertTrue($result, 'User should have full access');
+    }
+
+    public function test_full_access_policy_without_full_access()
+    {
+        // Check that the user doesn't have full access
+        $result = $this->policy->fullAccess($this->user, $this->portfolio);
+        $this->assertFalse($result, 'User should not have full access');
+    }
+
+    public function test_owner_policy_when_user_is_owner()
+    {
+        // Update pivot table to make the user the owner
+        $this->portfolio->users()->updateExistingPivot($this->user->id, [
+            'owner' => true,
+        ]);
+
+        $result = $this->policy->owner($this->user, $this->portfolio);
+        $this->assertTrue($result, 'User should be the owner');
+    }
+
+    public function test_owner_policy_when_user_is_not_owner()
+    {
+        // Check that the user is not the owner
+        $result = $this->policy->owner($this->user, $this->portfolio);
+        $this->assertFalse($result, 'User should not be the owner');
+    }
+
+}