diff --git a/app/Http/Controllers/Auth/AuthController.php b/app/Http/Controllers/Auth/AuthController.php index 0511fd4f..d70ca263 100644 --- a/app/Http/Controllers/Auth/AuthController.php +++ b/app/Http/Controllers/Auth/AuthController.php @@ -3,9 +3,9 @@ namespace App\Http\Controllers\Auth; use App\Http\Requests\Auth\CheckAccountRequest; -use App\Setting; -use App\User; -use App\UserSettings; +use App\Models\Setting; +use App\Models\User; +use App\Models\UserSettings; use Illuminate\Http\Request; use App\Http\Controllers\Controller; use Illuminate\Support\Facades\Auth; diff --git a/app/Http/Controllers/Auth/ForgotPasswordController.php b/app/Http/Controllers/Auth/ForgotPasswordController.php index 6dfc884d..d91d9e7f 100644 --- a/app/Http/Controllers/Auth/ForgotPasswordController.php +++ b/app/Http/Controllers/Auth/ForgotPasswordController.php @@ -6,7 +6,7 @@ use App\Http\Controllers\Controller; use App\Mail\TestMail; use App\Notifications\ResetPassword; use App\Notifications\ResetUserPasswordNotification; -use App\User; +use App\Models\User; use Illuminate\Foundation\Auth\SendsPasswordResetEmails; use Illuminate\Http\Request; use Illuminate\Support\Facades\Lang; diff --git a/app/Http/Controllers/Auth/RegisterController.php b/app/Http/Controllers/Auth/RegisterController.php index c6a6de67..92e24aa8 100644 --- a/app/Http/Controllers/Auth/RegisterController.php +++ b/app/Http/Controllers/Auth/RegisterController.php @@ -4,7 +4,7 @@ namespace App\Http\Controllers\Auth; use App\Http\Controllers\Controller; use App\Providers\RouteServiceProvider; -use App\User; +use App\Models\User; use Illuminate\Foundation\Auth\RegistersUsers; use Illuminate\Support\Facades\Hash; use Illuminate\Support\Facades\Validator; diff --git a/app/Http/Controllers/FileAccessController.php b/app/Http/Controllers/FileAccessController.php index df763ba4..010f4291 100644 --- a/app/Http/Controllers/FileAccessController.php +++ b/app/Http/Controllers/FileAccessController.php @@ -2,24 +2,14 @@ namespace App\Http\Controllers; -use App\Models\Folder; -use App\Http\Tools\Editor; use App\Http\Tools\Guardian; -use App\Models\Share; +use App\Models\User; use App\Models\Zip; -use Illuminate\Support\Arr; use Illuminate\Support\Facades\Auth; -use Illuminate\Support\Facades\DB; use Illuminate\Support\Facades\File; use Illuminate\Http\Request; use App\Models\File as UserFile; use Illuminate\Support\Facades\Storage; -use Illuminate\Support\Str; -use Illuminate\Http\Exceptions\HttpResponseException; -use Madnest\Madzipper\Facades\Madzipper; -use Response; -use League\Flysystem\FileNotFoundException; -use Symfony\Component\HttpKernel\Exception\HttpException; class FileAccessController extends Controller { @@ -157,12 +147,12 @@ class FileAccessController extends Controller $shared = get_shared($token); // Abort if shared is protected - if ((int)$shared->protected) { + if ((int) $shared->is_protected) { abort(403, "Sorry, you don't have permission"); } // Get file record - $file = File::where('user_id', $shared->user_id) + $file = UserFile::where('user_id', $shared->user_id) ->where('basename', $filename) ->firstOrFail(); @@ -170,9 +160,12 @@ class FileAccessController extends Controller $this->check_file_access($shared, $file); // Store user download size - User::find($shared->user_id)->record_download((int)$file->getRawOriginal('filesize')); + User::find($shared->user_id) + ->record_download( + (int) $file->getRawOriginal('filesize') + ); - return $this->download_file($file); + return $this->download_file($file, $shared->user_id); } /** @@ -243,7 +236,7 @@ class FileAccessController extends Controller // Check by single file permission if ($shared->type === 'file') { - if ($shared->item_id !== $file->unique_id) abort(403); + if ($shared->item_id !== $file->id) abort(403); } } diff --git a/app/Http/Controllers/FileFunctions/ShareController.php b/app/Http/Controllers/FileFunctions/ShareController.php index 68f57127..7765fc31 100644 --- a/app/Http/Controllers/FileFunctions/ShareController.php +++ b/app/Http/Controllers/FileFunctions/ShareController.php @@ -28,7 +28,7 @@ class ShareController extends Controller public function show($token) { // Get record - $shared = Share::where(DB::raw('BINARY `token`'), $token) + $shared = Share::whereToken($token) ->firstOrFail(); return new ShareResource($shared); diff --git a/app/Http/Controllers/Sharing/FileSharingController.php b/app/Http/Controllers/Sharing/FileSharingController.php index 07c4d1b1..c1a75ec5 100644 --- a/app/Http/Controllers/Sharing/FileSharingController.php +++ b/app/Http/Controllers/Sharing/FileSharingController.php @@ -26,16 +26,21 @@ class FileSharingController extends Controller /** * Show page index and delete access_token & shared_token cookie * - * @return Factory|\Illuminate\View\View + * @return \Illuminate\Http\Response */ public function index($token) { // Get shared token - $shared = Share::where(\DB::raw('BINARY `token`'), $token) + $shared = Share::whereToken($token) ->first(); if (! $shared) { - return view("index"); + return response() + ->view('index', [ + 'settings' => null, + 'legal' => null, + 'installation' => null, + ], 404); } // Delete old access_token if exist @@ -196,16 +201,17 @@ class FileSharingController extends Controller public function file_public($token) { // Get sharing record - $shared = Share::where(DB::raw('BINARY `token`'), $token)->firstOrFail(); + $shared = Share::whereToken($token) + ->firstOrFail(); // Abort if file is protected - if ((int) $shared->protected) { + if ((int) $shared->is_protected) { abort(403, "Sorry, you don't have permission"); } // Get file $file = File::where('user_id', $shared->user_id) - ->where('unique_id', $shared->item_id) + ->where('id', $shared->item_id) ->firstOrFail(['name', 'basename', 'thumbnail', 'type', 'filesize', 'mimetype']); // Set urls diff --git a/app/Http/Controllers/User/AccountController.php b/app/Http/Controllers/User/AccountController.php index 709068a2..180b9ef6 100644 --- a/app/Http/Controllers/User/AccountController.php +++ b/app/Http/Controllers/User/AccountController.php @@ -2,8 +2,8 @@ namespace App\Http\Controllers\User; -use App\File; -use App\Folder; +use App\Models\File; +use App\Models\Folder; use App\Http\Resources\InvoiceCollection; use App\Http\Resources\StorageDetailResource; use App\Http\Resources\UserResource; @@ -16,7 +16,7 @@ use Illuminate\Support\Facades\Auth; use Illuminate\Support\Facades\Hash; use Illuminate\Http\Request; use ByteUnits\Metric; -use App\User; +use App\Models\User; class AccountController extends Controller { diff --git a/app/Http/Helpers/helpers.php b/app/Http/Helpers/helpers.php index 33888af8..89aa20fd 100644 --- a/app/Http/Helpers/helpers.php +++ b/app/Http/Helpers/helpers.php @@ -205,8 +205,7 @@ function get_item($type, $id) */ function get_shared($token) { - - return Share::where(DB::raw('BINARY `token`'), $token) + return Share::whereToken($token) ->firstOrFail(); } diff --git a/app/Http/Resources/UserResource.php b/app/Http/Resources/UserResource.php index dee831bc..73078816 100644 --- a/app/Http/Resources/UserResource.php +++ b/app/Http/Resources/UserResource.php @@ -3,7 +3,7 @@ namespace App\Http\Resources; use App\Services\StripeService; -use App\User; +use App\Models\User; use Cartalyst\Stripe\Api\PaymentMethods; use Faker\Factory; use Illuminate\Http\Resources\Json\JsonResource; diff --git a/app/Http/Tools/Demo.php b/app/Http/Tools/Demo.php index d5357f96..0f700128 100644 --- a/app/Http/Tools/Demo.php +++ b/app/Http/Tools/Demo.php @@ -3,11 +3,11 @@ namespace App\Http\Tools; use App; -use App\Share; -use App\File; -use App\Folder; +use App\Models\Share; +use App\Models\File; +use App\Models\Folder; use App\Http\Requests\FileFunctions\RenameItemRequest; -use App\User; +use App\Models\User; use ByteUnits\Metric; use Carbon\Carbon; use Illuminate\Contracts\Routing\ResponseFactory; diff --git a/app/Models/User.php b/app/Models/User.php index 75653ee1..91e43006 100644 --- a/app/Models/User.php +++ b/app/Models/User.php @@ -257,7 +257,7 @@ class User extends Authenticatable */ protected static function boot() { - parent::booted(); + parent::boot(); static::creating(function ($user) { $user->id = Str::uuid(); diff --git a/tests/Feature/FileAccessTest.php b/tests/Feature/ContentAccessTest.php similarity index 99% rename from tests/Feature/FileAccessTest.php rename to tests/Feature/ContentAccessTest.php index 2e64de2d..735568de 100644 --- a/tests/Feature/FileAccessTest.php +++ b/tests/Feature/ContentAccessTest.php @@ -15,7 +15,7 @@ use Laravel\Sanctum\Sanctum; use Storage; use Tests\TestCase; -class FileAccessTest extends TestCase +class ContentAccessTest extends TestCase { use DatabaseMigrations; diff --git a/tests/Feature/ShareContentAccessTest.php b/tests/Feature/ShareContentAccessTest.php new file mode 100644 index 00000000..9b100bb0 --- /dev/null +++ b/tests/Feature/ShareContentAccessTest.php @@ -0,0 +1,93 @@ +setup = app()->make(SetupService::class); + } + + /** + * @test + */ + public function it_get_public_file_record_and_download_them() + { + Storage::fake('local'); + + $this->setup->create_directories(); + + $user = User::factory(User::class) + ->create(); + + $document = UploadedFile::fake() + ->create(Str::random() . '-fake-file.pdf', 1000, 'application/pdf'); + + Storage::putFileAs("files/$user->id", $document, $document->name); + + $file = File::factory(File::class) + ->create([ + 'filesize' => $document->getSize(), + 'user_id' => $user->id, + 'basename' => $document->name, + 'name' => 'fake-file.pdf', + ]); + + $share = Share::factory(Share::class) + ->create([ + 'item_id' => $file->id, + 'user_id' => $user->id, + 'type' => 'file', + 'is_protected' => false, + ]); + + // Get share record + $this->get("/api/files/$share->token/public") + ->assertStatus(200) + ->assertJsonFragment([ + 'basename' => $document->name + ]); + + // Get shared file + $this->get("/file/$document->name/public/$share->token") + ->assertStatus(200); + + $this->assertDatabaseHas('traffic', [ + 'user_id' => $user->id, + 'download' => '1024000', + ]); + } + + /** + * @test + */ + public function it_try_to_get_protected_file_record() + { + $share = Share::factory(Share::class) + ->create([ + 'type' => 'file', + 'is_protected' => true, + ]); + + // Get share record + $this->get("/api/files/$share->token/public") + ->assertStatus(403); + } +} diff --git a/tests/Feature/ShareTest.php b/tests/Feature/ShareTest.php index c122944c..e101b717 100644 --- a/tests/Feature/ShareTest.php +++ b/tests/Feature/ShareTest.php @@ -237,5 +237,68 @@ class ShareTest extends TestCase ]); } - // TODO: napisat testy pre FileSharingController + /** + * @test + */ + public function it_get_shared_record() + { + $share = Share::factory(Share::class) + ->create([ + 'is_protected' => 0, + ]); + + $this->get("/api/shared/$share->token") + ->assertStatus(200) + ->assertExactJson([ + 'data' => [ + 'id' => $share->id, + 'type' => 'shares', + 'attributes' => [ + 'permission' => $share->permission, + 'is_protected' => '0', + 'item_id' => $share->item_id, + 'expire_in' => $share->expire_in, + 'token' => $share->token, + 'link' => $share->link, + 'type' => $share->type, + 'created_at' => $share->created_at->toJson(), + 'updated_at' => $share->updated_at->toJson(), + ], + ] + ]); + } + + /** + * @test + */ + public function it_get_deleted_shared_record() + { + $this->get("/api/shared/19ZMPNiass4ZqWwQ") + ->assertNotFound(); + } + + /** + * @test + */ + public function it_get_shared_page() + { + $share = Share::factory(Share::class) + ->create([ + 'type' => 'file', + 'is_protected' => false, + ]); + + $this->get("/shared/$share->token") + ->assertViewIs('index') + ->assertStatus(200); + } + + /** + * @test + */ + public function it_get_deleted_shared_page() + { + $this->get('/shared/19ZMPNiass4ZqWwQ') + ->assertNotFound(); + } }