Merge branch 'fraud-prevention-mechanism'

# Conflicts:
#	public/chunks/admin.js
#	public/chunks/payments/settings.js
#	public/chunks/platform.js
#	public/chunks/settings.js
#	public/chunks/status-check.js
#	public/css/tailwind.css
#	public/js/main.js
#	public/mix-manifest.json
#	src/App/Providers/AppServiceProvider.php
#	tests/Domain/Admin/AdminTest.php

tests/App/Restrictions/MeteredBillingRestrictionsTest.php

@@ -1,4 +1,5 @@
 <?php
+
 namespace Tests\App\Restrictions;
 
 use Illuminate\Http\UploadedFile;
@@ -9,6 +10,7 @@ use App\Users\Models\User;
 use Domain\Files\Models\File;
 use Domain\Sharing\Models\Share;
 use Domain\Settings\Models\Setting;
+use VueFileManager\Subscription\Domain\DunningEmails\Models\Dunning;
 
 class MeteredBillingRestrictionsTest extends TestCase
 {
@@ -17,7 +19,7 @@ class MeteredBillingRestrictionsTest extends TestCase
         parent::setUp();
 
         Setting::updateOrCreate([
-            'name'  => 'subscription_type',
+            'name' => 'subscription_type',
         ], [
             'value' => 'metered',
         ]);
@@ -32,6 +34,13 @@ class MeteredBillingRestrictionsTest extends TestCase
             ->hasFailedpayments(2)
             ->create();
 
+        Dunning::factory()
+            ->createOneQuietly([
+                'type'     => 'limit_usage_in_new_accounts',
+                'user_id'  => $user->id,
+                'sequence' => 2,
+            ]);
+
         $this->assertEquals(true, $user->canUpload());
     }
 
@@ -47,6 +56,24 @@ class MeteredBillingRestrictionsTest extends TestCase
         $this->assertEquals(false, $user->canUpload());
     }
 
+    /**
+     * @test
+     */
+    public function it_cant_upload_because_user_has_3_dunning_mails()
+    {
+        $user = User::factory()
+            ->create();
+
+        Dunning::factory()
+            ->createOneQuietly([
+                'type'     => 'limit_usage_in_new_accounts',
+                'user_id'  => $user->id,
+                'sequence' => 3,
+            ]);
+
+        $this->assertEquals(false, $user->canUpload());
+    }
+
     /**
      * @test
      */
@@ -117,6 +144,47 @@ class MeteredBillingRestrictionsTest extends TestCase
         $this->assertDatabaseCount('folders', 0);
     }
 
+    /**
+     * @test
+     */
+    public function it_cant_create_new_folder_because_user_has_3_dunning_mails()
+    {
+        $user = User::factory()
+            ->create();
+
+        Dunning::factory()
+            ->createOneQuietly([
+                'type'     => 'limit_usage_in_new_accounts',
+                'user_id'  => $user->id,
+                'sequence' => 3,
+            ]);
+
+        // Create basic folder
+        $this
+            ->actingAs($user)
+            ->postJson('/api/create-folder', [
+                'name' => 'New Folder',
+            ])
+            ->assertStatus(401);
+
+        // Create team folder
+        $this
+            ->actingAs($user)
+            ->postJson('/api/teams/folders', [
+                'name'        => 'New Folder',
+                'invitations' => [
+                    [
+                        'email'      => 'john@doe.com',
+                        'permission' => 'can-edit',
+                        'type'       => 'invitation',
+                    ],
+                ],
+            ])
+            ->assertStatus(401);
+
+        $this->assertDatabaseCount('folders', 0);
+    }
+
     /**
      * @test
      */
@@ -139,6 +207,34 @@ class MeteredBillingRestrictionsTest extends TestCase
             ->assertStatus(401);
     }
 
+    /**
+     * @test
+     */
+    public function it_cant_get_private_file_because_user_has_3_dunning_mails()
+    {
+        $user = User::factory()
+            ->create();
+
+        Dunning::factory()
+            ->createOneQuietly([
+                'type'     => 'limit_usage_in_new_accounts',
+                'user_id'  => $user->id,
+                'sequence' => 3,
+            ]);
+
+        $file = File::factory()
+            ->create([
+                'user_id'  => $user->id,
+                'basename' => 'fake-file.pdf',
+                'name'     => 'fake-file.pdf',
+            ]);
+
+        $this
+            ->actingAs($user)
+            ->get("file/$file->name")
+            ->assertStatus(401);
+    }
+
     /**
      * @test
      */
@@ -160,11 +256,10 @@ class MeteredBillingRestrictionsTest extends TestCase
                 'name'     => 'fake-file.pdf',
             ]);
 
-        // 404 but, ok, because there is not stored temporary file in test
         $this
             ->actingAs($user)
-            ->get("file/$file->name")
-            ->assertStatus(404);
+            ->get("file/$file->basename")
+            ->assertStatus(200);
     }
 
     /**
@@ -196,6 +291,41 @@ class MeteredBillingRestrictionsTest extends TestCase
             ->assertStatus(401);
     }
 
+    /**
+     * @test
+     */
+    public function it_cant_get_shared_file_because_user_has_3_dunning_mails()
+    {
+        $user = User::factory()
+            ->create();
+
+        Dunning::factory()
+            ->createOneQuietly([
+                'type'     => 'limit_usage_in_new_accounts',
+                'user_id'  => $user->id,
+                'sequence' => 3,
+            ]);
+
+        $file = File::factory()
+            ->create([
+                'user_id'  => $user->id,
+                'basename' => 'fake-file.pdf',
+                'name'     => 'fake-file.pdf',
+            ]);
+
+        $share = Share::factory()
+            ->create([
+                'item_id'      => $file->id,
+                'user_id'      => $user->id,
+                'type'         => 'file',
+                'is_protected' => false,
+            ]);
+
+        $this
+            ->get("file/$file->name/shared/$share->token")
+            ->assertStatus(401);
+    }
+
     /**
      * @test
      */
@@ -234,7 +364,7 @@ class MeteredBillingRestrictionsTest extends TestCase
     /**
      * @test
      */
-    public function it_cant_get_share_page()
+    public function it_cant_get_share_page_because_user_has_3_failed_payments()
     {
         $user = User::factory()
             ->hasFailedpayments(3)
@@ -250,4 +380,30 @@ class MeteredBillingRestrictionsTest extends TestCase
         $this->get("/share/$share->token")
             ->assertRedirect('/temporary-unavailable');
     }
+
+    /**
+     * @test
+     */
+    public function it_cant_get_share_page_because_user_has_3_dunning_mails()
+    {
+        $user = User::factory()
+            ->create();
+
+        Dunning::factory()
+            ->createOneQuietly([
+                'type'     => 'limit_usage_in_new_accounts',
+                'user_id'  => $user->id,
+                'sequence' => 3,
+            ]);
+
+        $share = Share::factory()
+            ->create([
+                'user_id'      => $user->id,
+                'type'         => 'folder',
+                'is_protected' => false,
+            ]);
+
+        $this->get("/share/$share->token")
+            ->assertRedirect('/temporary-unavailable');
+    }
 }

tests/Domain/Admin/AdminTest.php

@@ -1,5 +1,4 @@
 <?php
-
 namespace Tests\Domain\Admin;
 
 use Storage;
@@ -46,7 +45,8 @@ class AdminTest extends TestCase
             ->create(['role' => 'admin']);
 
         $users->each(
-            fn($user) => $this
+            fn ($user) =>
+            $this
                 ->actingAs($admin)
                 ->getJson('/api/admin/users?page=1')
                 ->assertStatus(200)
@@ -170,7 +170,7 @@ class AdminTest extends TestCase
             ])->assertStatus(200);
 
         $this->assertDatabaseHas('user_settings', [
-            'user_id' => $user->id,
+            'user_id'            => $user->id,
         ])->assertDatabaseHas('user_limitations', [
             'max_storage_amount' => 10,
         ]);
@@ -215,13 +215,13 @@ class AdminTest extends TestCase
         $this
             ->actingAs($admin)
             ->postJson('/api/admin/users', [
-                'name'                  => 'John Doe',
-                'role'                  => 'user',
-                'email'                 => 'john@doe.com',
-                'password'              => 'VerySecretPassword',
-                'max_storage_amount'    => 15,
-                'password_confirmation' => 'VerySecretPassword',
-                'avatar'                => $avatar,
+                'name'                    => 'John Doe',
+                'role'                    => 'user',
+                'email'                   => 'john@doe.com',
+                'password'                => 'VerySecretPassword',
+                'max_storage_amount'      => 15,
+                'password_confirmation'   => 'VerySecretPassword',
+                'avatar'                  => $avatar,
             ])->assertStatus(201);
 
         $this->assertDatabaseHas('users', [
@@ -292,10 +292,10 @@ class AdminTest extends TestCase
                     ->create("fake-file-$index.pdf", 1200, 'application/pdf');
 
                 $this->postJson('/api/upload/chunks', [
-                    'name'          => $file->name,
-                    'extension'     => 'pdf',
-                    'chunk'         => $file,
-                    'is_last_chunk' => 1,
+                    'name'            => $file->name,
+                    'extension'       => 'pdf',
+                    'chunk'           => $file,
+                    'is_last_chunk'   => 1,
                 ])->assertStatus(201);
             });
 
@@ -317,6 +317,8 @@ class AdminTest extends TestCase
         $admin = User::factory()
             ->create(['role' => 'admin']);
 
+        Sanctum::actingAs($admin);
+
         // Delete user
         $this
             ->actingAs($admin)
@@ -359,6 +361,6 @@ class AdminTest extends TestCase
             });
 
         Storage::disk('local')
-            ->assertMissing($user->settings->avatar);
+            ->assertMissing($user->settings->getRawOriginal('avatar'));
     }
 }