nexus/vuefilemanager
2
0
Fork 0
mirror of https://github.com/VueFileManager/vuefilemanager.git synced 2026-04-29 03:10:51 +00:00
Code Issues Packages Projects Releases Wiki Activity

added it_get_settings, it_try_get_secured_settings_via_public_api test

Browse Source
This commit is contained in:
Peter Papp
2021-03-12 17:17:53 +01:00
parent b837cc1906
commit b022cde9e0
4 changed files with 77 additions and 58 deletions
Download Patch File Download Diff File Expand all files Collapse all files
app/Http/Controllers/AppFunctionsController.php
+27 -53
View File
@@ -26,27 +26,10 @@ class AppFunctionsController extends Controller
* *
* @var array * @var array
*/ */
private $whitelist = [ private $blacklist = [
'section_features', 'contact_email',
'footer_content', 'purchase_code',
'get_started_description', 'license',
'get_started_title',
'pricing_description',
'pricing_title',
'feature_description_3',
'feature_title_3',
'feature_description_2',
'feature_title_2',
'feature_description_1',
'feature_title_1',
'features_description',
'features_title',
'header_description',
'header_title',
'section_get_started',
'section_pricing_content',
'section_feature_boxes',
'allow_homepage',
]; ];
/** /**
@@ -61,7 +44,7 @@ class AppFunctionsController extends Controller
\DB::getPdo(); \DB::getPdo();
// Get setup status // Get setup status
$setup_status = $this->get_setup_status(); $setup_status = get_setup_status();
// Get app pages // Get app pages
$pages = Page::all(); $pages = Page::all();
@@ -109,7 +92,7 @@ class AppFunctionsController extends Controller
} }
$metadata = [ $metadata = [
'is_protected' => $shared->protected, 'is_protected' => $shared->is_protected,
'url' => url('/shared', ['token' => $token]), 'url' => url('/shared', ['token' => $token]),
'user' => $user->name, 'user' => $user->name,
'name' => $file->name, 'name' => $file->name,
@@ -128,11 +111,11 @@ class AppFunctionsController extends Controller
$metadata = [ $metadata = [
'is_protected' => $shared->protected, 'is_protected' => $shared->protected,
'url' => url('/shared', ['token' => $token]), 'url' => url('/shared', ['token' => $token]),
'user' => $user->name, 'user' => $user->name,
'name' => $folder->name, 'name' => $folder->name,
'size' => $folder->items, 'size' => $folder->items,
'thumbnail' => null, 'thumbnail' => null,
]; ];
} }
@@ -142,18 +125,6 @@ class AppFunctionsController extends Controller
->with('metadata', $metadata); ->with('metadata', $metadata);
} }
/**
* Check if setup wizard was passed
*
* @return string
*/
private function get_setup_status(): string
{
$setup_success = get_setting('setup_wizard_success');
return boolval($setup_success) ? 'setup-done' : 'setup-disclaimer';
}
/** /**
* Send contact message from pages * Send contact message from pages
* *
@@ -188,24 +159,27 @@ class AppFunctionsController extends Controller
* @param Request $request * @param Request $request
* @return mixed * @return mixed
*/ */
public function get_settings(Request $request) public function get_setting_columns(Request $request)
{ {
$column = $request->get('column'); if (strpos($request->column, '|') !== false) {
if (strpos($column, '|') !== false) { $columns = collect(explode('|', $request->column))
->each(function ($column) {
if (in_array($column, $this->blacklist)) {
abort(401);
}
});
$columns = collect(explode('|', $column)); return Setting::whereIn('name', $columns)
->pluck('value', 'name');
$columns->each(function ($column) {
if (!in_array($column, $this->whitelist)) abort(401);
});
return Setting::whereIn('name', $columns)->pluck('value', 'name');
} }
if (!in_array($column, $this->whitelist)) abort(401); if (in_array($request->column, $this->blacklist)) {
abort(401);
}
return Setting::where('name', $column)->pluck('value', 'name'); return Setting::where('name', $request->column)
->pluck('value', 'name');
} }
/** /**
@@ -217,7 +191,7 @@ class AppFunctionsController extends Controller
return Demo::response_204(); return Demo::response_204();
} }
if (! app()->runningUnitTests()) { if (!app()->runningUnitTests()) {
Artisan::call('cache:clear'); Artisan::call('cache:clear');
Artisan::call('config:clear'); Artisan::call('config:clear');
Artisan::call('config:cache'); Artisan::call('config:cache');
app/Http/Helpers/helpers.php
+12
View File
@@ -50,6 +50,18 @@ function get_settings_in_json()
); );
} }
/**
* Check if setup wizard was passed
*
* @return string
*/
function get_setup_status()
{
$setup_success = get_setting('setup_wizard_success');
return boolval($setup_success) ? 'setup-done' : 'setup-disclaimer';
}
/** /**
* Create paragraph from text * Create paragraph from text
* *
routes/api.php
+1 -1
View File
@@ -14,7 +14,7 @@ use App\Http\Controllers\Sharing\FileSharingController;
// Pages // Pages
Route::post('/contact', [AppFunctionsController::class, 'contact_form']); Route::post('/contact', [AppFunctionsController::class, 'contact_form']);
Route::get('/page/{page}', [AppFunctionsController::class, 'get_page']); Route::get('/page/{page}', [AppFunctionsController::class, 'get_page']);
Route::get('/content', [AppFunctionsController::class, 'get_settings']); Route::get('/content', [AppFunctionsController::class, 'get_setting_columns']);
// Stripe // Stripe
Route::get('/pricing', [PricingController::class, 'index']); Route::get('/pricing', [PricingController::class, 'index']);
tests/Feature/App/AppTest.php
+37 -4
View File
@@ -4,12 +4,8 @@ namespace Tests\Feature\App;
use App\Http\Mail\SendContactMessage; use App\Http\Mail\SendContactMessage;
use App\Models\Setting; use App\Models\Setting;
use App\Notifications\SharedSendViaEmail;
use App\Services\SetupService; use App\Services\SetupService;
use Illuminate\Foundation\Testing\DatabaseMigrations; use Illuminate\Foundation\Testing\DatabaseMigrations;
use Illuminate\Foundation\Testing\RefreshDatabase;
use Illuminate\Foundation\Testing\WithFaker;
use Illuminate\Support\Facades\Notification;
use Mail; use Mail;
use Tests\TestCase; use Tests\TestCase;
@@ -70,4 +66,41 @@ class AppTest extends TestCase
Mail::assertSent(SendContactMessage::class); Mail::assertSent(SendContactMessage::class);
} }
/**
* @test
*/
public function it_get_settings()
{
Setting::create([
'name' => 'get_started_title',
'value' => 'Hello World!',
]);
Setting::create([
'name' => 'pricing_description',
'value' => 'Give me a money!',
]);
$this->getJson('/api/content?column=get_started_title|pricing_description')
->assertStatus(200)
->assertExactJson([
"get_started_title" => "Hello World!",
"pricing_description" => "Give me a money!",
]);
}
/**
* @test
*/
public function it_try_get_secured_settings_via_public_api()
{
Setting::create([
'name' => 'purchase_code',
'value' => '15a53561-d387-4e0a-8de1-5d1bff34c1ed',
]);
$this->getJson('/api/content?column=purchase_code')
->assertStatus(401);
}
} }