nexus/vuefilemanager
2
0
Fork 0
mirror of https://github.com/VueFileManager/vuefilemanager.git synced 2026-04-18 16:22:14 +00:00
Code Issues Packages Projects Releases Wiki Activity

- public sharing refactored part 2

Browse Source
This commit is contained in:
Peter Papp
2021-03-19 09:04:18 +01:00
parent db9900fcfb
commit ed8ab2978f
22 changed files with 1296 additions and 1190 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
app/Http/Controllers/App/AppFunctionsController.php
View File

@@ -88,7 +88,7 @@ class AppFunctionsController extends Controller
return view("vuefilemanager.crawler.og-view") return view("vuefilemanager.crawler.og-view")
->with('settings', get_settings_in_json()) ->with('settings', get_settings_in_json())
->with('metadata', [ ->with('metadata', [
'url' => url('/shared', ['token' => $shared->token]), 'url' => url('/share', ['token' => $shared->token]),
'is_protected' => $shared->is_protected, 'is_protected' => $shared->is_protected,
'user' => $shared->user->settings->name, 'user' => $shared->user->settings->name,
'name' => $item->name, 'name' => $item->name,

2
app/Http/Controllers/FileManager/BrowseController.php
View File

@@ -199,7 +199,7 @@ class BrowseController extends Controller
{ {
$user_id = Auth::id(); $user_id = Auth::id();
$query = remove_accents($request->input('query')); $query = remove_accents($request->query);
// Search files id db // Search files id db
$searched_files = File::search($query) $searched_files = File::search($query)

126
app/Http/Controllers/Sharing/BrowseShareController.php
View File

@@ -3,6 +3,9 @@
namespace App\Http\Controllers\Sharing; namespace App\Http\Controllers\Sharing;
use App\Http\Controllers\Controller; use App\Http\Controllers\Controller;
use App\Http\Requests\Share\AuthenticateShareRequest;
use App\Http\Resources\FileResource;
use App\Http\Resources\ShareResource;
use App\Models\File; use App\Models\File;
use App\Models\Folder; use App\Models\Folder;
use App\Models\Share; use App\Models\Share;
@@ -10,6 +13,8 @@ use App\Services\HelperService;
use Illuminate\Http\Request; use Illuminate\Http\Request;
use Illuminate\Support\Arr; use Illuminate\Support\Arr;
use Illuminate\Support\Collection; use Illuminate\Support\Collection;
use Illuminate\Support\Facades\Hash;
use Illuminate\Support\Facades\Storage;
class BrowseShareController extends Controller class BrowseShareController extends Controller
{ {
@@ -20,6 +25,64 @@ class BrowseShareController extends Controller
$this->helper = resolve(HelperService::class); $this->helper = resolve(HelperService::class);
} }
/**
* Show page index and delete access_token & shared_token cookie
* @param Share $shared
* @return \Illuminate\Contracts\Foundation\Application|\Illuminate\Contracts\View\Factory|\Illuminate\Contracts\View\View|\Symfony\Component\HttpFoundation\StreamedResponse
*/
public function index(Share $shared)
{
// Delete share_session if exist
if ($shared->is_protected) {
cookie()->queue('share_session', '', -1);
}
// Check if shared is image file and then show it
if ($shared->type === 'file' && !$shared->is_protected) {
$image = File::whereUserId($shared->user_id)
->whereType('image')
->whereId($shared->item_id)
->firstOrFail();
// Store user download size
$shared
->user
->record_download(
(int)$image->getRawOriginal('filesize')
);
return $this->get_single_image($image, $shared->user_id);
}
return view("index")
->with('settings', get_settings_in_json() ?? null);
}
/**
* Check Password for protected item
* @param AuthenticateShareRequest $request
* @param Share $shared
* @return \Illuminate\Contracts\Foundation\Application|\Illuminate\Contracts\Routing\ResponseFactory|\Illuminate\Http\Response
*/
public function authenticate(AuthenticateShareRequest $request, Share $shared)
{
// Check password
if (Hash::check($request->password, $shared->password)) {
$cookie = json_encode([
'token' => $shared->token,
'authenticated' => true,
]);
// Return authorize token with shared options
return response(new ShareResource($shared), 200)
->cookie('share_session', $cookie, 43200);
}
abort(401, __('vuefilemanager.incorrect_password'));
}
/** /**
* Browse public folders * Browse public folders
* *
@@ -60,11 +123,15 @@ class BrowseShareController extends Controller
// Check ability to access protected share record // Check ability to access protected share record
$this->helper->check_protected_share_record($shared); $this->helper->check_protected_share_record($shared);
$query = remove_accents(
$request->input('query')
);
// Search files id db // Search files id db
$searched_files = File::search($request->input('query')) $searched_files = File::search($query)
->where('user_id', $shared->user_id) ->where('user_id', $shared->user_id)
->get(); ->get();
$searched_folders = Folder::search($request->input('query')) $searched_folders = Folder::search($query)
->where('user_id', $shared->user_id) ->where('user_id', $shared->user_id)
->get(); ->get();
@@ -95,7 +162,8 @@ class BrowseShareController extends Controller
}); });
// Collect folders and files to single array // Collect folders and files to single array
return collect([$folders, $files])->collapse(); return collect([$folders, $files])
->collapse();
} }
/** /**
@@ -114,8 +182,8 @@ class BrowseShareController extends Controller
// Get folders // Get folders
$folders = Folder::with('folders:id,parent_id,name') $folders = Folder::with('folders:id,parent_id,name')
->where('parent_id', $shared->item_id) ->whereParentId($shared->item_id)
->where('user_id', $shared->user_id) ->whereUserId($shared->user_id)
->sortable() ->sortable()
->get(['id', 'parent_id', 'id', 'name']); ->get(['id', 'parent_id', 'id', 'name']);
@@ -128,4 +196,52 @@ class BrowseShareController extends Controller
] ]
]; ];
} }
/**
* Get shared public file record
*
* @param Share $shared
* @return mixed
*/
public function get_single_file(Share $shared)
{
// Check ability to access protected share files
$this->helper->check_protected_share_record($shared);
// Get file
$file = File::whereUserId($shared->user_id)
->whereId($shared->item_id)
->firstOrFail();
// Set access urls
$file->setPublicUrl($shared->token);
return response(new FileResource($file), 200);
}
/**
* Get image from storage and show it
*
* @param $file
* @param $user_id
* @return \Symfony\Component\HttpFoundation\StreamedResponse
*/
private function get_single_image($file, $user_id)
{
// Format pretty filename
$file_pretty_name = $file->name . '.' . $file->mimetype;
// Get file path
$path = "/files/$user_id/$file->basename";
// Check if file exist
if (!Storage::exists($path)) abort(404);
return Storage::response($path, $file_pretty_name, [
"Content-Type" => Storage::mimeType($path),
"Content-Length" => Storage::size($path),
"Accept-Ranges" => "bytes",
"Content-Range" => "bytes 0-600/" . Storage::size($path),
]);
}
} }

6
app/Http/Controllers/Sharing/EditShareItemsController.php
View File

@@ -228,6 +228,9 @@ class EditShareItemsController extends Controller
*/ */
public function zip_folder($id, Share $shared) public function zip_folder($id, Share $shared)
{ {
// Check ability to access protected share record
$this->helper->check_protected_share_record($shared);
// Check access to requested folder // Check access to requested folder
$this->helper->check_item_access($id, $shared); $this->helper->check_item_access($id, $shared);
@@ -261,6 +264,9 @@ class EditShareItemsController extends Controller
*/ */
public function zip_multiple_files(Request $request, Share $shared) public function zip_multiple_files(Request $request, Share $shared)
{ {
// Check ability to access protected share record
$this->helper->check_protected_share_record($shared);
$file_parent_folders = File::whereUserId($shared->user_id) $file_parent_folders = File::whereUserId($shared->user_id)
->whereIn('id', $request->items) ->whereIn('id', $request->items)
->get() ->get()

135
app/Http/Controllers/Sharing/ServeSharedController.php
View File

@@ -1,135 +0,0 @@
<?php
namespace App\Http\Controllers\Sharing;
use App\Http\Controllers\Controller;
use App\Http\Requests\Share\AuthenticateShareRequest;
use App\Http\Resources\FileResource;
use App\Http\Resources\ShareResource;
use App\Models\Share;
use App\Models\Setting;
use App\Services\HelperService;
use Illuminate\Support\Facades\Cookie;
use Illuminate\Support\Facades\Hash;
use Illuminate\Support\Collection;
use Illuminate\Http\Request;
use Illuminate\Support\Arr;
use App\Models\Folder;
use App\Models\File;
use App\Models\User;
use Illuminate\Support\Facades\Storage;
class ServeSharedController extends Controller
{
private $helper;
public function __construct()
{
$this->helper = resolve(HelperService::class);
}
/**
* Show page index and delete access_token & shared_token cookie
*
* @param Share $shared
* @return \Illuminate\Http\Response
*/
public function index(Share $shared)
{
// Delete share_session if exist
if ($shared->is_protected) {
cookie()->queue('share_session', '', -1);
}
// Check if shared is image file and then show it
if ($shared->type === 'file' && !$shared->is_protected) {
$image = File::whereUserId($shared->user_id)
->whereType('image')
->whereId($shared->item_id)
->firstOrFail();
// Store user download size
$shared
->user
->record_download(
(int)$image->getRawOriginal('filesize')
);
return $this->show_image($image, $shared->user_id);
}
return view("index")
->with('settings', get_settings_in_json() ?? null);
}
/**
* Check Password for protected item
*
* @param AuthenticateShareRequest $request
* @param Share $shared
* @return array|\Illuminate\Contracts\Foundation\Application|\Illuminate\Contracts\Routing\ResponseFactory|\Illuminate\Http\Response
*/
public function authenticate(AuthenticateShareRequest $request, Share $shared)
{
// Check password
if (!Hash::check($request->password, $shared->password)) {
abort(401, __('vuefilemanager.incorrect_password'));
}
// Return authorize token with shared options
return response(new ShareResource($shared), 200)
->cookie('share_session', json_encode([
'token' => $shared->token,
'authenticated' => true,
]), 43200);
}
/**
* Get image from storage and show it
*
* @param $file
* @param $user_id
* @return \Symfony\Component\HttpFoundation\StreamedResponse
*/
private function show_image($file, $user_id)
{
// Format pretty filename
$file_pretty_name = $file->name . '.' . $file->mimetype;
// Get file path
$path = "/files/$user_id/$file->basename";
// Check if file exist
if (!Storage::exists($path)) abort(404);
return Storage::response($path, $file_pretty_name, [
"Content-Type" => Storage::mimeType($path),
"Content-Length" => Storage::size($path),
"Accept-Ranges" => "bytes",
"Content-Range" => "bytes 0-600/" . Storage::size($path),
]);
}
/**
* Get shared public file record
*
* @param Share $shared
* @return mixed
*/
public function file_public(Share $shared)
{
// Check ability to access protected share files
$this->helper->check_protected_share_record($shared);
// Get file
$file = File::where('user_id', $shared->user_id)
->where('id', $shared->item_id)
->firstOrFail();
// Set access urls
$file->setPublicUrl($shared->token);
return response(new FileResource($file), 200);
}
}

4
app/Models/File.php
View File

@@ -12,6 +12,10 @@ use TeamTNT\TNTSearch\Indexer\TNTIndexer;
use \Illuminate\Database\Eloquent\SoftDeletes; use \Illuminate\Database\Eloquent\SoftDeletes;
use Kyslik\ColumnSortable\Sortable; use Kyslik\ColumnSortable\Sortable;
/**
* @method static whereUserId($user_id)
* @method static whereId($id)
*/
class File extends Model class File extends Model
{ {
use Searchable, SoftDeletes, Sortable, HasFactory; use Searchable, SoftDeletes, Sortable, HasFactory;

2
app/Models/Share.php
View File

@@ -32,7 +32,7 @@ class Share extends Model
*/ */
public function getLinkAttribute() public function getLinkAttribute()
{ {
return url('/shared', ['token' => $this->attributes['token']]); return url('/share', ['token' => $this->attributes['token']]);
} }
public function user() public function user()

2
app/Services/HelperService.php
View File

@@ -317,7 +317,7 @@ class HelperService
abort(403, $abort_message); abort(403, $abort_message);
} }
// Check if share record was authenticated previously via ServeSharedController@authenticate // Check if share record was authenticated previously via ShareController@authenticate
if (!$share_session->authenticated) { if (!$share_session->authenticated) {
abort(403, $abort_message); abort(403, $abort_message);
} }

3
public/mix-manifest.json
View File

@@ -96,5 +96,6 @@
"/js/main.7e6541d1cbf9901a3e5a.hot-update.js": "/js/main.7e6541d1cbf9901a3e5a.hot-update.js", "/js/main.7e6541d1cbf9901a3e5a.hot-update.js": "/js/main.7e6541d1cbf9901a3e5a.hot-update.js",
"/js/main.51418924870a080afea3.hot-update.js": "/js/main.51418924870a080afea3.hot-update.js", "/js/main.51418924870a080afea3.hot-update.js": "/js/main.51418924870a080afea3.hot-update.js",
"/js/main.869d3fad73dd6fe243f9.hot-update.js": "/js/main.869d3fad73dd6fe243f9.hot-update.js", "/js/main.869d3fad73dd6fe243f9.hot-update.js": "/js/main.869d3fad73dd6fe243f9.hot-update.js",
"/js/main.d7f2bec845fc64b7d5e4.hot-update.js": "/js/main.d7f2bec845fc64b7d5e4.hot-update.js" "/js/main.d7f2bec845fc64b7d5e4.hot-update.js": "/js/main.d7f2bec845fc64b7d5e4.hot-update.js",
"/js/main.c788f898c265d85a0089.hot-update.js": "/js/main.c788f898c265d85a0089.hot-update.js"
} }

8
resources/js/router.js vendored
View File

@@ -309,7 +309,7 @@ const routesAdmin = [
const routesShared = [ const routesShared = [
{ {
name: 'Shared', name: 'Shared',
path: '/shared/:token', path: '/share/:token',
component: () => component: () =>
import(/* webpackChunkName: "chunks/shared" */ './views/Shared'), import(/* webpackChunkName: "chunks/shared" */ './views/Shared'),
meta: { meta: {
@@ -318,7 +318,7 @@ const routesShared = [
children: [ children: [
{ {
name: 'SharedFileBrowser', name: 'SharedFileBrowser',
path: '/shared/:token/files', path: '/share/:token/files',
component: () => component: () =>
import(/* webpackChunkName: "chunks/shared/file-browser" */ './views/Shared/SharedFileBrowser'), import(/* webpackChunkName: "chunks/shared/file-browser" */ './views/Shared/SharedFileBrowser'),
meta: { meta: {
@@ -327,7 +327,7 @@ const routesShared = [
}, },
{ {
name: 'SharedSingleFile', name: 'SharedSingleFile',
path: '/shared/:token/file', path: '/share/:token/file',
component: () => component: () =>
import(/* webpackChunkName: "chunks/shared/single-file" */ './views/Shared/SharedSingleFile'), import(/* webpackChunkName: "chunks/shared/single-file" */ './views/Shared/SharedSingleFile'),
meta: { meta: {
@@ -336,7 +336,7 @@ const routesShared = [
}, },
{ {
name: 'SharedAuthentication', name: 'SharedAuthentication',
path: '/shared/:token/authenticate', path: '/share/:token/authenticate',
component: () => component: () =>
import(/* webpackChunkName: "chunks/shared/authenticate" */ './views/Shared/SharedAuthentication'), import(/* webpackChunkName: "chunks/shared/authenticate" */ './views/Shared/SharedAuthentication'),
meta: { meta: {

2
resources/js/store/modules/fileBrowser.js vendored
View File

@@ -97,7 +97,7 @@ const actions = {
commit('STORE_CURRENT_FOLDER', currentFolder) commit('STORE_CURRENT_FOLDER', currentFolder)
axios axios
.get(getters.api + '/browse/shared' + getters.sorting.URI) .get(getters.api + '/browse/share' + getters.sorting.URI)
.then(response => { .then(response => {
commit('LOADING_STATE', {loading: false, data: response.data}) commit('LOADING_STATE', {loading: false, data: response.data})
commit('STORE_PREVIOUS_FOLDER', currentFolder) commit('STORE_PREVIOUS_FOLDER', currentFolder)

2
routes/api.php
View File

@@ -29,7 +29,7 @@ Route::group(['middleware' => ['auth:sanctum']], function () {
Route::get('/participants', [BrowseController::class, 'participant_uploads']); Route::get('/participants', [BrowseController::class, 'participant_uploads']);
Route::get('/navigation', [BrowseController::class, 'navigation_tree']); Route::get('/navigation', [BrowseController::class, 'navigation_tree']);
Route::get('/folders/{id}', [BrowseController::class, 'folder']); Route::get('/folders/{id}', [BrowseController::class, 'folder']);
Route::get('/shared', [BrowseController::class, 'shared']); Route::get('/share', [BrowseController::class, 'shared']);
Route::get('/latest', [BrowseController::class, 'latest']); Route::get('/latest', [BrowseController::class, 'latest']);
Route::get('/search', [BrowseController::class, 'search']); Route::get('/search', [BrowseController::class, 'search']);
Route::get('/trash', [BrowseController::class, 'trash']); Route::get('/trash', [BrowseController::class, 'trash']);

6
routes/share.php
View File

@@ -4,7 +4,6 @@ use App\Http\Controllers\App\AppFunctionsController;
use App\Http\Controllers\Sharing\BrowseShareController; use App\Http\Controllers\Sharing\BrowseShareController;
use App\Http\Controllers\Sharing\EditShareItemsController; use App\Http\Controllers\Sharing\EditShareItemsController;
use App\Http\Controllers\FileManager\ShareController; use App\Http\Controllers\FileManager\ShareController;
use App\Http\Controllers\Sharing\ServeSharedController;
// Browse functions // Browse functions
Route::group(['prefix' => 'editor'], function () { Route::group(['prefix' => 'editor'], function () {
@@ -23,12 +22,11 @@ Route::group(['prefix' => 'zip'], function () {
// Browse share content // Browse share content
Route::group(['prefix' => 'browse'], function () { Route::group(['prefix' => 'browse'], function () {
Route::post('/authenticate/{shared}', [BrowseShareController::class, 'authenticate']);
Route::get('/navigation/{shared}', [BrowseShareController::class, 'navigation_tree']); Route::get('/navigation/{shared}', [BrowseShareController::class, 'navigation_tree']);
Route::get('/folders/{id}/{shared}', [BrowseShareController::class, 'browse_folder']); Route::get('/folders/{id}/{shared}', [BrowseShareController::class, 'browse_folder']);
Route::get('/file/{shared}', [BrowseShareController::class, 'get_single_file']);
Route::get('/search/{shared}', [BrowseShareController::class, 'search']); Route::get('/search/{shared}', [BrowseShareController::class, 'search']);
Route::post('/authenticate/{shared}', [ServeSharedController::class, 'authenticate']);
Route::get('/file/{shared}', [ServeSharedController::class, 'file_public']);
Route::get('/share/{shared}', [ShareController::class, 'show']); Route::get('/share/{shared}', [ShareController::class, 'show']);
}); });

6
routes/web.php
View File

@@ -3,7 +3,7 @@
use App\Http\Controllers\Admin\InvoiceController; use App\Http\Controllers\Admin\InvoiceController;
use App\Http\Controllers\App\SetupWizardController; use App\Http\Controllers\App\SetupWizardController;
use App\Http\Controllers\App\AppFunctionsController; use App\Http\Controllers\App\AppFunctionsController;
use App\Http\Controllers\Sharing\ServeSharedController; use App\Http\Controllers\Sharing\BrowseShareController;
use App\Http\Controllers\Subscription\StripeWebhookController; use App\Http\Controllers\Subscription\StripeWebhookController;
Route::post('/stripe/webhook', [StripeWebhookController::class, 'handleWebhook']); Route::post('/stripe/webhook', [StripeWebhookController::class, 'handleWebhook']);
@@ -14,9 +14,9 @@ Route::get('/invoice/{customer}/{token}', [InvoiceController::class, 'show'])->m
// Get og site for web crawlers // Get og site for web crawlers
if (Crawler::isCrawler()) { if (Crawler::isCrawler()) {
Route::get('/shared/{shared}', [AppFunctionsController::class, 'og_site']); Route::get('/share/{shared}', [AppFunctionsController::class, 'og_site']);
} else { } else {
Route::get('/shared/{shared}', [ServeSharedController::class, 'index']); Route::get('/share/{shared}', [BrowseShareController::class, 'index']);
} }
// Show index.blade // Show index.blade

2
tests/Feature/FileManager/BrowseTest.php
View File

@@ -433,7 +433,7 @@ class BrowseTest extends TestCase
collect([$folder, $file]) collect([$folder, $file])
->each(function ($item) use ($user) { ->each(function ($item) use ($user) {
$this->getJson("/api/browse/shared") $this->getJson("/api/browse/share")
->assertStatus(200) ->assertStatus(200)
->assertJsonFragment([ ->assertJsonFragment([
'id' => $item->id 'id' => $item->id

71
tests/Feature/Share/PrivateFilesAccessTest.php
View File

@@ -1,71 +0,0 @@
<?php
namespace Tests\Feature\Share;
use App\Models\File;
use App\Models\Share;
use App\Services\SetupService;
use Illuminate\Foundation\Testing\DatabaseMigrations;
use Tests\TestCase;
class PrivateFilesAccessTest extends TestCase
{
use DatabaseMigrations;
public function __construct()
{
parent::__construct();
$this->setup = app()->make(SetupService::class);
}
/**
* @test
*/
public function it_authenticate_protected_file_with_correct_password()
{
$file = File::factory(File::class)
->create();
$share = Share::factory(Share::class)
->create([
'item_id' => $file->id,
'user_id' => $file->user_id,
'type' => 'file',
'is_protected' => true,
'password' => \Hash::make('secret'),
]);
$this->postJson("/api/browse/authenticate/$share->token", [
'password' => 'secret'
])
->assertStatus(200)
->assertCookie('share_session', json_encode([
'token' => $share->token,
'authenticated' => true,
]), false);
}
/**
* @test
*/
public function it_authenticate_protected_file_with_incorrect_password()
{
$file = File::factory(File::class)
->create();
$share = Share::factory(Share::class)
->create([
'item_id' => $file->id,
'user_id' => $file->user_id,
'type' => 'file',
'is_protected' => true,
'password' => \Hash::make('secret'),
]);
$this->postJson("/api/browse/authenticate/$share->token", [
'password' => 'bad-password'
])
->assertStatus(401)
->assertCookieMissing('share_session');
}
}

106
tests/Feature/Share/PrivateVisitorTest.php
View File

@@ -1,106 +0,0 @@
<?php
namespace Tests\Feature\Share;
use App\Models\File;
use App\Models\Folder;
use App\Models\Share;
use App\Models\User;
use App\Services\SetupService;
use Illuminate\Foundation\Testing\DatabaseMigrations;
use Tests\TestCase;
class PrivateVisitorTest extends TestCase
{
use DatabaseMigrations;
public function __construct()
{
parent::__construct();
$this->setup = app()->make(SetupService::class);
}
/**
* @test
*/
public function authenticated_visitor_get_folder_content()
{
$user = User::factory(User::class)
->create();
$root = Folder::factory(Folder::class)
->create([
'name' => 'root',
'user_id' => $user->id,
]);
$share = Share::factory(Share::class)
->create([
'item_id' => $root->id,
'user_id' => $user->id,
'type' => 'folder',
'is_protected' => true,
'permission' => 'editor',
]);
$folder = Folder::factory(Folder::class)
->create([
'parent_id' => $root->id,
'name' => 'Documents',
"user_scope" => "master",
'user_id' => $user->id,
]);
$file = File::factory(File::class)
->create([
'folder_id' => $root->id,
'name' => 'Document',
'basename' => 'document.pdf',
"mimetype" => "application/pdf",
"user_scope" => "master",
"type" => "file",
'user_id' => $user->id,
]);
$this->withUnencryptedCookie('share_session', json_encode([
'token' => $share->token,
'authenticated' => true,
]))
->get("/api/browse/folders/$root->id/private/$share->token")
->assertStatus(200)
->assertExactJson([
[
"id" => $folder->id,
"user_id" => $user->id,
"parent_id" => $root->id,
"name" => "Documents",
"color" => null,
"emoji" => null,
"user_scope" => "master",
"deleted_at" => null,
"created_at" => $folder->created_at,
"updated_at" => $folder->updated_at->toJson(),
"items" => 0,
"trashed_items" => 0,
"type" => "folder",
],
[
"id" => $file->id,
"user_id" => $user->id,
"folder_id" => $root->id,
"thumbnail" => null,
"name" => "Document",
"basename" => "document.pdf",
"mimetype" => "application/pdf",
"filesize" => $file->filesize,
"type" => "file",
"metadata" => null,
"user_scope" => "master",
"deleted_at" => null,
"created_at" => $file->created_at,
"updated_at" => $file->updated_at->toJson(),
"file_url" => "http://localhost/file/document.pdf/private/$share->token",
]
]);
}
}

784
tests/Feature/Share/PublicVisitorTest.php
View File

@@ -1,784 +0,0 @@
<?php
namespace Tests\Feature\Share;
use App\Models\File;
use App\Models\Folder;
use App\Models\Share;
use App\Models\User;
use App\Models\Zip;
use Illuminate\Foundation\Testing\DatabaseMigrations;
use App\Services\SetupService;
use Illuminate\Http\UploadedFile;
use Illuminate\Support\Str;
use Laravel\Sanctum\Sanctum;
use Storage;
use Tests\TestCase;
class PrivateVisitorTest extends TestCase
{
use DatabaseMigrations;
public function __construct()
{
parent::__construct();
$this->setup = app()->make(SetupService::class);
}
/**
* @test
*/
public function editor_rename_shared_file()
{
$user = User::factory(User::class)
->create();
$folder = Folder::factory(Folder::class)
->create([
'user_id' => $user->id
]);
$file = File::factory(File::class)
->create([
'folder_id' => $folder->id
]);
$share = Share::factory(Share::class)
->create([
'item_id' => $folder->id,
'user_id' => $user->id,
'type' => 'folder',
'is_protected' => false,
'permission' => 'editor',
]);
$this->patchJson("/api/editor/rename/{$file->id}/public/$share->token", [
'name' => 'Renamed Item',
'type' => 'file',
])
->assertStatus(201)
->assertJsonFragment([
'name' => 'Renamed Item',
]);
$this->assertDatabaseHas('files', [
'name' => 'Renamed Item'
]);
}
/**
* @test
*/
public function editor_rename_shared_folder()
{
$user = User::factory(User::class)
->create();
$root = Folder::factory(Folder::class)
->create([
'user_id' => $user->id
]);
$children = Folder::factory(Folder::class)
->create([
'user_id' => $user->id,
'parent_id' => $root->id
]);
$share = Share::factory(Share::class)
->create([
'item_id' => $root->id,
'user_id' => $user->id,
'type' => 'folder',
'is_protected' => false,
'permission' => 'editor',
]);
$this->patchJson("/api/editor/rename/{$children->id}/public/$share->token", [
'name' => 'Renamed Folder',
'type' => 'folder',
])
->assertStatus(201)
->assertJsonFragment([
'name' => 'Renamed Folder',
]);
$this->assertDatabaseHas('folders', [
'name' => 'Renamed Folder'
]);
}
/**
* @test
*/
public function editor_create_new_folder_in_shared_folder()
{
$user = User::factory(User::class)
->create();
$folder = Folder::factory(Folder::class)
->create([
'user_id' => $user->id,
]);
$share = Share::factory(Share::class)
->create([
'item_id' => $folder->id,
'user_id' => $user->id,
'type' => 'folder',
'is_protected' => false,
'permission' => 'editor',
]);
$this->postJson("/api/editor/create-folder/public/$share->token", [
'name' => 'Awesome New Folder',
'parent_id' => $folder->id,
])
->assertStatus(201)
->assertJsonFragment([
'name' => 'Awesome New Folder',
]);
$this->assertDatabaseHas('folders', [
'name' => 'Awesome New Folder',
'parent_id' => $folder->id,
'user_scope' => 'editor',
]);
}
/**
* @test
*/
public function editor_delete_multiple_files_in_shared_folder()
{
$user = User::factory(User::class)
->create();
$folder = Folder::factory(Folder::class)
->create([
'user_id' => $user->id,
]);
$share = Share::factory(Share::class)
->create([
'item_id' => $folder->id,
'user_id' => $user->id,
'type' => 'folder',
'is_protected' => false,
'permission' => 'editor',
]);
$files = File::factory(File::class)
->count(2)
->create([
'folder_id' => $folder->id
]);
$this->postJson("/api/editor/remove/public/$share->token", [
'items' => [
[
'id' => $files[0]->id,
'type' => 'file',
'force_delete' => false,
],
[
'id' => $files[1]->id,
'type' => 'file',
'force_delete' => false,
],
],
])->assertStatus(204);
$files
->each(function ($file) {
$this->assertSoftDeleted('files', [
'id' => $file->id,
]);
});
}
/**
* @test
*/
public function editor_upload_file_into_shared_folder()
{
Storage::fake('local');
$this->setup->create_directories();
$user = User::factory(User::class)
->create();
$folder = Folder::factory(Folder::class)
->create([
'user_id' => $user->id,
'user_scope' => 'master',
]);
$share = Share::factory(Share::class)
->create([
'item_id' => $folder->id,
'user_id' => $user->id,
'type' => 'folder',
'is_protected' => false,
'permission' => 'editor',
]);
$file = UploadedFile::fake()
->create('fake-file.pdf', 1000, 'application/pdf');
$this->postJson("/api/editor/upload/public/$share->token", [
'file' => $file,
'folder_id' => $folder->id,
'is_last' => true,
])->assertStatus(201);
$this->assertDatabaseHas('traffic', [
'user_id' => $user->id,
]);
$this->assertDatabaseHas('files', [
'user_scope' => 'editor',
]);
Storage::disk('local')
->assertExists(
"files/$user->id/fake-file.pdf"
);
}
/**
* @test
*/
public function editor_move_file_to_another_folder()
{
$user = User::factory(User::class)
->create();
$root = Folder::factory(Folder::class)
->create([
'user_id' => $user->id
]);
$children = Folder::factory(Folder::class)
->create([
'user_id' => $user->id,
'parent_id' => $root->id,
]);
$file = File::factory(File::class)
->create([
'user_id' => $user->id,
'folder_id' => $root->id
]);
$share = Share::factory(Share::class)
->create([
'item_id' => $root->id,
'user_id' => $user->id,
'type' => 'folder',
'is_protected' => false,
'permission' => 'editor',
]);
$this->postJson("/api/editor/move/public/$share->token", [
'to_id' => $children->id,
'items' => [
[
'type' => 'file',
'id' => $file->id,
]
],
])->assertStatus(204);
$this->assertDatabaseHas('files', [
'id' => $file->id,
'folder_id' => $children->id,
]);
}
/**
* @test
*/
public function editor_move_folder_to_another_folder()
{
$user = User::factory(User::class)
->create();
$root = Folder::factory(Folder::class)
->create([
'user_id' => $user->id
]);
$brother = Folder::factory(Folder::class)
->create([
'user_id' => $user->id,
'parent_id' => $root->id,
]);
$sister = Folder::factory(Folder::class)
->create([
'user_id' => $user->id,
'parent_id' => $root->id,
]);
$share = Share::factory(Share::class)
->create([
'item_id' => $root->id,
'user_id' => $user->id,
'type' => 'folder',
'is_protected' => false,
'permission' => 'editor',
]);
$this->postJson("/api/editor/move/public/$share->token", [
'to_id' => $brother->id,
'items' => [
[
'type' => 'folder',
'id' => $sister->id,
]
],
])->assertStatus(204);
$this->assertDatabaseHas('folders', [
'id' => $sister->id,
'parent_id' => $brother->id,
]);
}
/**
* @test
*/
public function guest_zip_shared_multiple_files()
{
Storage::fake('local');
$this->setup->create_directories();
$user = User::factory(User::class)
->create();
$folder = Folder::factory(Folder::class)
->create([
'user_id' => $user->id
]);
collect([0, 1])
->each(function ($index) use ($folder, $user) {
$file = UploadedFile::fake()
->create(Str::random() . "-fake-file-$index.pdf", 1000, 'application/pdf');
Storage::putFileAs("files/$user->id", $file, $file->name);
File::factory(File::class)
->create([
'filesize' => $file->getSize(),
'folder_id' => $folder->id,
'user_id' => $user->id,
'basename' => $file->name,
'name' => "fake-file-$index.pdf",
]);
});
$share = Share::factory(Share::class)
->create([
'item_id' => $folder->id,
'user_id' => $user->id,
'type' => 'folder',
'is_protected' => false,
]);
$this->postJson("/api/zip/files/public/$share->token", [
'items' => File::all()->pluck('id')
])->assertStatus(201);
$this->assertDatabaseHas('zips', [
'user_id' => $user->id,
'shared_token' => $share->token,
]);
Storage::assertExists("zip/" . Zip::first()->basename);
}
/**
* @test
*/
public function guest_try_zip_non_shared_file_with_already_shared_multiple_files()
{
$user = User::factory(User::class)
->create();
$folder = Folder::factory(Folder::class)
->create([
'user_id' => $user->id
]);
File::factory(File::class)
->create([
'folder_id' => $folder->id,
'user_id' => $user->id,
]);
File::factory(File::class)
->create([
'user_id' => $user->id,
]);
$share = Share::factory(Share::class)
->create([
'item_id' => $folder->id,
'user_id' => $user->id,
'type' => 'folder',
'is_protected' => false,
]);
$this->postJson("/api/zip/files/public/$share->token", [
'items' => File::all()->pluck('id')
])->assertStatus(403);
}
/**
* @test
*/
public function guest_zip_shared_folder()
{
Storage::fake('local');
$this->setup->create_directories();
$user = User::factory(User::class)
->create();
$root = Folder::factory(Folder::class)
->create([
'user_id' => $user->id
]);
$children = Folder::factory(Folder::class)
->create([
'user_id' => $user->id,
'parent_id' => $root->id
]);
collect([0, 1])
->each(function ($index) use ($children, $user) {
$file = UploadedFile::fake()
->create(Str::random() . "-fake-file-$index.pdf", 1000, 'application/pdf');
Storage::putFileAs("files/$user->id", $file, $file->name);
File::factory(File::class)
->create([
'filesize' => $file->getSize(),
'folder_id' => $children->id,
'user_id' => $user->id,
'basename' => $file->name,
'name' => "fake-file-$index.pdf",
]);
});
$share = Share::factory(Share::class)
->create([
'item_id' => $children->id,
'user_id' => $user->id,
'type' => 'folder',
'is_protected' => false,
]);
$this->getJson("/api/zip/folder/$children->id/public/$share->token")
->assertStatus(201);
$this->assertDatabaseHas('zips', [
'user_id' => $user->id,
'shared_token' => $share->token,
]);
Storage::assertExists("zip/" . Zip::first()->basename);
}
/**
* @test
*/
public function guest_try_zip_non_shared_folder()
{
Storage::fake('local');
$this->setup->create_directories();
$user = User::factory(User::class)
->create();
$folder = Folder::factory(Folder::class)
->create([
'user_id' => $user->id
]);
$share = Share::factory(Share::class)
->create([
'user_id' => $user->id,
'type' => 'folder',
'is_protected' => false,
]);
$this->getJson("/api/zip/folder/$folder->id/public/$share->token")
->assertStatus(403);
}
/**
* @test
*/
public function guest_get_folder_content()
{
$user = User::factory(User::class)
->create();
$root = Folder::factory(Folder::class)
->create([
'name' => 'root',
'user_id' => $user->id,
]);
$share = Share::factory(Share::class)
->create([
'item_id' => $root->id,
'user_id' => $user->id,
'type' => 'folder',
'is_protected' => false,
'permission' => 'editor',
]);
$folder = Folder::factory(Folder::class)
->create([
'parent_id' => $root->id,
'name' => 'Documents',
"user_scope" => "master",
'user_id' => $user->id,
]);
$file = File::factory(File::class)
->create([
'folder_id' => $root->id,
'name' => 'Document',
'basename' => 'document.pdf',
"mimetype" => "application/pdf",
"user_scope" => "master",
"type" => "file",
'user_id' => $user->id,
]);
$this->getJson("/api/browse/folders/$root->id/public/$share->token")
->assertStatus(200)
->assertExactJson([
[
"id" => $folder->id,
"user_id" => $user->id,
"parent_id" => $root->id,
"name" => "Documents",
"color" => null,
"emoji" => null,
"user_scope" => "master",
"deleted_at" => null,
"created_at" => $folder->created_at,
"updated_at" => $folder->updated_at->toJson(),
"items" => 0,
"trashed_items" => 0,
"type" => "folder",
],
[
"id" => $file->id,
"user_id" => $user->id,
"folder_id" => $root->id,
"thumbnail" => null,
"name" => "Document",
"basename" => "document.pdf",
"mimetype" => "application/pdf",
"filesize" => $file->filesize,
"type" => "file",
"metadata" => null,
"user_scope" => "master",
"deleted_at" => null,
"created_at" => $file->created_at,
"updated_at" => $file->updated_at->toJson(),
"file_url" => "http://localhost/file/document.pdf/public/$share->token",
]
]);
}
/**
* @test
*/
public function guest_get_navigator_tree()
{
$user = User::factory(User::class)
->create();
$folder_level_1 = Folder::factory(Folder::class)
->create([
'name' => 'level 1',
'user_scope' => 'master',
'user_id' => $user->id,
]);
$share = Share::factory(Share::class)
->create([
'item_id' => $folder_level_1->id,
'user_id' => $user->id,
'type' => 'folder',
'is_protected' => false,
'permission' => 'editor',
]);
$folder_level_2 = Folder::factory(Folder::class)
->create([
'name' => 'level 2',
'parent_id' => $folder_level_1->id,
'user_scope' => 'master',
'user_id' => $user->id,
]);
$folder_level_3 = Folder::factory(Folder::class)
->create([
'name' => 'level 3',
'parent_id' => $folder_level_2->id,
'user_scope' => 'master',
'user_id' => $user->id,
]);
$folder_level_2_sibling = Folder::factory(Folder::class)
->create([
'name' => 'level 2 Sibling',
'parent_id' => $folder_level_1->id,
'user_scope' => 'master',
'user_id' => $user->id,
]);
$this->getJson("/api/browse/navigation/public/$share->token")
->assertStatus(200)
->assertExactJson([
[
'id' => $share->item_id,
"name" => "Home",
"location" => "public",
"folders" => [
[
"id" => $folder_level_2->id,
"parent_id" => $folder_level_1->id,
"name" => "level 2",
"items" => 1,
"trashed_items" => 1,
"type" => "folder",
"folders" => [
[
"id" => $folder_level_3->id,
"parent_id" => $folder_level_2->id,
"name" => "level 3",
"items" => 0,
"trashed_items" => 0,
"type" => "folder",
"folders" => [],
],
],
],
[
"id" => $folder_level_2_sibling->id,
"parent_id" => $folder_level_1->id,
"name" => "level 2 Sibling",
"items" => 0,
"trashed_items" => 0,
"type" => "folder",
"folders" => []
]
]
]
]);
}
/**
* @test
*/
public function guest_search_file()
{
$folder = Folder::factory(Folder::class)
->create();
$share = Share::factory(Share::class)
->create([
'item_id' => $folder->id,
'user_id' => $folder->user_id,
'type' => 'folder',
'is_protected' => false,
'permission' => 'editor',
]);
$file = File::factory(File::class)
->create([
'name' => 'Document',
'folder_id' => $folder->id,
'user_id' => $folder->user_id,
]);
$this->getJson("/api/browse/search/public/$share->token?query=doc")
->assertStatus(200)
->assertJsonFragment([
'id' => $file->id
]);
}
/**
* @test
*/
public function guest_try_search_non_shared_user_file()
{
$folder = Folder::factory(Folder::class)
->create();
$share = Share::factory(Share::class)
->create([
'item_id' => $folder->id,
'user_id' => $folder->user_id,
'type' => 'folder',
'is_protected' => false,
'permission' => 'editor',
]);
File::factory(File::class)
->create([
'name' => 'Document',
'user_id' => $folder->user_id,
]);
$this->getJson("/api/browse/search/public/$share->token?query=doc")
->assertStatus(200)
->assertJsonFragment([]);
}
/**
* @test
*/
public function guest_get_file_detail()
{
$file = File::factory(File::class)
->create([
'name' => 'Document',
]);
$share = Share::factory(Share::class)
->create([
'item_id' => $file->id,
'user_id' => $file->user_id,
'type' => 'file',
'is_protected' => false,
'permission' => 'editor',
]);
$this->getJson("/api/browse/file/$share->token/public")
->assertStatus(200)
->assertJsonFragment([
'name' => 'Document'
]);
}
}

71
tests/Feature/Share/ShareTest.php → tests/Feature/Share/UserShareTest.php
View File

@@ -14,7 +14,7 @@ use Illuminate\Support\Facades\Notification;
use Laravel\Sanctum\Sanctum; use Laravel\Sanctum\Sanctum;
use Tests\TestCase; use Tests\TestCase;
class ShareTest extends TestCase class UserShareTest extends TestCase
{ {
use DatabaseMigrations; use DatabaseMigrations;
@@ -149,7 +149,7 @@ class ShareTest extends TestCase
/** /**
* @test * @test
*/ */
public function it_share_folder_for_multiple_email() public function it_share_folder_and_send_link_for_multiple_email()
{ {
Notification::fake(); Notification::fake();
@@ -210,7 +210,7 @@ class ShareTest extends TestCase
* *
* TODO: pridat test na zmazanie zip * TODO: pridat test na zmazanie zip
*/ */
public function it_revoke_single_sharing() public function it_revoke_single_share_record()
{ {
$folder = Folder::factory(Folder::class) $folder = Folder::factory(Folder::class)
->create(); ->create();
@@ -236,69 +236,4 @@ class ShareTest extends TestCase
'item_id' => $folder->id 'item_id' => $folder->id
]); ]);
} }
/**
* @test
*/
public function it_get_shared_record()
{
$share = Share::factory(Share::class)
->create([
'is_protected' => 0,
]);
$this->get("/api/browse/shared/$share->token")
->assertStatus(200)
->assertExactJson([
'data' => [
'id' => $share->id,
'type' => 'shares',
'attributes' => [
'permission' => $share->permission,
'is_protected' => false,
'item_id' => $share->item_id,
'expire_in' => $share->expire_in,
'token' => $share->token,
'link' => $share->link,
'type' => $share->type,
'created_at' => $share->created_at->toJson(),
'updated_at' => $share->updated_at->toJson(),
],
]
]);
}
/**
* @test
*/
public function it_get_deleted_shared_record()
{
$this->get("/api/browse/shared/19ZMPNiass4ZqWwQ")
->assertNotFound();
}
/**
* @test
*/
public function it_get_shared_page()
{
$share = Share::factory(Share::class)
->create([
'type' => 'folder',
'is_protected' => false,
]);
$this->get("/shared/$share->token")
->assertViewIs('index')
->assertStatus(200);
}
/**
* @test
*/
public function it_get_deleted_shared_page()
{
$this->get('/shared/19ZMPNiass4ZqWwQ')
->assertNotFound();
}
} }

4
tests/Feature/Share/PublicFilesAccessTest.php → tests/Feature/Share/VisitorAccessToItemsTest.php
View File

@@ -14,7 +14,7 @@ use Illuminate\Support\Str;
use Storage; use Storage;
use Tests\TestCase; use Tests\TestCase;
class PublicFilesAccessTest extends TestCase class VisitorAccessToItemsTest extends TestCase
{ {
use DatabaseMigrations; use DatabaseMigrations;
@@ -151,7 +151,7 @@ class PublicFilesAccessTest extends TestCase
'is_protected' => false, 'is_protected' => false,
]); ]);
$this->get("/shared/$share->token") $this->get("/share/$share->token")
->assertStatus(200); ->assertStatus(200);
} }

797
tests/Feature/Share/VisitorBrowseTest.php Normal file
View File

@@ -0,0 +1,797 @@
<?php
namespace Tests\Feature\Share;
use App\Models\File;
use App\Models\Folder;
use App\Models\Share;
use App\Models\User;
use App\Models\Zip;
use Hash;
use Illuminate\Foundation\Testing\DatabaseMigrations;
use App\Services\SetupService;
use Illuminate\Http\UploadedFile;
use Illuminate\Support\Str;
use Storage;
use Tests\TestCase;
class VisitorBrowseTest extends TestCase
{
use DatabaseMigrations;
public function __construct()
{
parent::__construct();
$this->setup = app()->make(SetupService::class);
}
/**
* @test
*/
public function it_get_share_record()
{
$share = Share::factory(Share::class)
->create([
'is_protected' => 0,
]);
$this->get("/api/browse/share/$share->token")
->assertStatus(200)
->assertExactJson([
'data' => [
'id' => $share->id,
'type' => 'shares',
'attributes' => [
'permission' => $share->permission,
'is_protected' => false,
'item_id' => $share->item_id,
'expire_in' => $share->expire_in,
'token' => $share->token,
'link' => $share->link,
'type' => $share->type,
'created_at' => $share->created_at->toJson(),
'updated_at' => $share->updated_at->toJson(),
],
]
]);
}
/**
* @test
*/
public function it_get_share_page()
{
$share = Share::factory(Share::class)
->create([
'type' => 'folder',
'is_protected' => false,
]);
$this->get("/share/$share->token")
->assertViewIs('index')
->assertStatus(200);
}
/**
* @test
*/
public function it_try_to_get_deleted_share_record()
{
$this->get("/api/browse/share/19ZMPNiass4ZqWwQ")
->assertNotFound();
}
/**
* @test
*/
public function it_try_to_get_deleted_share_page()
{
$this->get('/share/19ZMPNiass4ZqWwQ')
->assertNotFound(404);
}
/**
* @test
*/
public function it_authenticate_protected_file_with_correct_password()
{
$file = File::factory(File::class)
->create();
$share = Share::factory(Share::class)
->create([
'item_id' => $file->id,
'user_id' => $file->user_id,
'type' => 'file',
'is_protected' => true,
'password' => Hash::make('secret'),
]);
$this->postJson("/api/browse/authenticate/$share->token", [
'password' => 'secret'
])
->assertStatus(200)
->assertCookie('share_session', json_encode([
'token' => $share->token,
'authenticated' => true,
]), false);
}
/**
* @test
*/
public function it_authenticate_protected_file_with_incorrect_password()
{
$file = File::factory(File::class)
->create();
$share = Share::factory(Share::class)
->create([
'item_id' => $file->id,
'user_id' => $file->user_id,
'type' => 'file',
'is_protected' => true,
'password' => Hash::make('secret'),
]);
$this->postJson("/api/browse/authenticate/$share->token", [
'password' => 'bad-password'
])
->assertStatus(401)
->assertCookieMissing('share_session');
}
/**
* @test
*/
public function visitor_zip_shared_multiple_files()
{
Storage::fake('local');
$this->setup->create_directories();
// check private or public share record
collect([true, false])
->each(function ($is_protected) {
$user = User::factory(User::class)
->create();
$folder = Folder::factory(Folder::class)
->create([
'user_id' => $user->id
]);
collect([0, 1])
->each(function ($index) use ($folder, $user) {
$file = UploadedFile::fake()
->create(Str::random() . "-fake-file-$index.pdf", 1000, 'application/pdf');
Storage::putFileAs("files/$user->id", $file, $file->name);
File::factory(File::class)
->create([
'filesize' => $file->getSize(),
'folder_id' => $folder->id,
'user_id' => $user->id,
'basename' => $file->name,
'name' => "fake-file-$index.pdf",
]);
});
$share = Share::factory(Share::class)
->create([
'item_id' => $folder->id,
'user_id' => $user->id,
'type' => 'folder',
'is_protected' => $is_protected,
]);
// Check shared item protected by password
if ($is_protected) {
$cookie = ['share_session' => json_encode([
'token' => $share->token,
'authenticated' => true,
])];
$this
->withUnencryptedCookies($cookie)
->post("/api/zip/files/$share->token", [
'items' => File::all()->pluck('id')
])->assertStatus(201);
}
// Check public shared item
if (!$is_protected) {
$this->postJson("/api/zip/files/$share->token", [
'items' => File::all()->pluck('id')
])->assertStatus(201);
}
$this->assertDatabaseHas('zips', [
'user_id' => $user->id,
'shared_token' => $share->token,
]);
Storage::assertExists("zip/" . Zip::first()->basename);
});
}
/**
* @test
*/
public function visitor_try_zip_not_shared_file_with_already_shared_multiple_files()
{
// check private or public share record
collect([true, false])
->each(function ($is_protected) {
$user = User::factory(User::class)
->create();
$folder = Folder::factory(Folder::class)
->create([
'user_id' => $user->id
]);
File::factory(File::class)
->create([
'folder_id' => $folder->id,
'user_id' => $user->id,
]);
File::factory(File::class)
->create([
'user_id' => $user->id,
]);
$share = Share::factory(Share::class)
->create([
'item_id' => $folder->id,
'user_id' => $user->id,
'type' => 'folder',
'is_protected' => $is_protected,
]);
// Check shared item protected by password
if ($is_protected) {
$cookie = ['share_session' => json_encode([
'token' => $share->token,
'authenticated' => true,
])];
$this
->withUnencryptedCookies($cookie)
->post("/api/zip/files/$share->token", [
'items' => File::all()->pluck('id')
])->assertStatus(403);
}
// Check public shared item
if (!$is_protected) {
$this->postJson("/api/zip/files/$share->token", [
'items' => File::all()->pluck('id')
])->assertStatus(403);
}
});
}
/**
* @test
*/
public function visitor_zip_shared_folder()
{
Storage::fake('local');
$this->setup->create_directories();
// check private or public share record
collect([true, false])
->each(function ($is_protected) {
$user = User::factory(User::class)
->create();
$root = Folder::factory(Folder::class)
->create([
'user_id' => $user->id
]);
$children = Folder::factory(Folder::class)
->create([
'user_id' => $user->id,
'parent_id' => $root->id
]);
collect([0, 1])
->each(function ($index) use ($children, $user) {
$file = UploadedFile::fake()
->create(Str::random() . "-fake-file-$index.pdf", 1000, 'application/pdf');
Storage::putFileAs("files/$user->id", $file, $file->name);
File::factory(File::class)
->create([
'filesize' => $file->getSize(),
'folder_id' => $children->id,
'user_id' => $user->id,
'basename' => $file->name,
'name' => "fake-file-$index.pdf",
]);
});
$share = Share::factory(Share::class)
->create([
'item_id' => $children->id,
'user_id' => $user->id,
'type' => 'folder',
'is_protected' => $is_protected,
]);
// Check shared item protected by password
if ($is_protected) {
$cookie = ['share_session' => json_encode([
'token' => $share->token,
'authenticated' => true,
])];
$this
->withUnencryptedCookies($cookie)
->get("/api/zip/folder/$children->id/$share->token")
->assertStatus(201);
}
// Check public shared item
if (!$is_protected) {
$this->getJson("/api/zip/folder/$children->id/$share->token")
->assertStatus(201);
}
$this->assertDatabaseHas('zips', [
'user_id' => $user->id,
'shared_token' => $share->token,
]);
Zip::all()
->each(function ($zip) {
Storage::assertExists("zip/$zip->basename");
});
});
}
/**
* @test
*/
public function visitor_try_zip_not_shared_folder()
{
Storage::fake('local');
$this->setup->create_directories();
// check private or public share record
collect([true, false])
->each(function ($is_protected) {
$user = User::factory(User::class)
->create();
$folder = Folder::factory(Folder::class)
->create([
'user_id' => $user->id
]);
$share = Share::factory(Share::class)
->create([
'user_id' => $user->id,
'type' => 'folder',
'is_protected' => $is_protected,
]);
// Check shared item protected by password
if ($is_protected) {
$cookie = ['share_session' => json_encode([
'token' => $share->token,
'authenticated' => true,
])];
$this
->withUnencryptedCookies($cookie)
->get("/api/zip/folder/$folder->id/$share->token")
->assertStatus(403);
}
// Check public shared item
if (!$is_protected) {
$this->getJson("/api/zip/folder/$folder->id/$share->token")
->assertStatus(403);
}
});
}
/**
* @test
*/
public function visitor_get_folder_content()
{
// check private or public share record
collect([true, false])
->each(function ($is_protected) {
$user = User::factory(User::class)
->create();
$root = Folder::factory(Folder::class)
->create([
'name' => 'root',
'user_id' => $user->id,
]);
$share = Share::factory(Share::class)
->create([
'item_id' => $root->id,
'user_id' => $user->id,
'type' => 'folder',
'is_protected' => $is_protected,
'permission' => 'editor',
]);
$folder = Folder::factory(Folder::class)
->create([
'parent_id' => $root->id,
'name' => 'Documents',
"user_scope" => "master",
'user_id' => $user->id,
]);
$file = File::factory(File::class)
->create([
'folder_id' => $root->id,
'name' => 'Document',
'basename' => 'document.pdf',
"mimetype" => "application/pdf",
"user_scope" => "master",
"type" => "file",
'user_id' => $user->id,
]);
$json = [
[
"id" => $folder->id,
"user_id" => $user->id,
"parent_id" => $root->id,
"name" => "Documents",
"color" => null,
"emoji" => null,
"user_scope" => "master",
"deleted_at" => null,
"created_at" => $folder->created_at,
"updated_at" => $folder->updated_at->toJson(),
"items" => 0,
"trashed_items" => 0,
"type" => "folder",
],
[
"id" => $file->id,
"user_id" => $user->id,
"folder_id" => $root->id,
"thumbnail" => null,
"name" => "Document",
"basename" => "document.pdf",
"mimetype" => "application/pdf",
"filesize" => $file->filesize,
"type" => "file",
"metadata" => null,
"user_scope" => "master",
"deleted_at" => null,
"created_at" => $file->created_at,
"updated_at" => $file->updated_at->toJson(),
"file_url" => "http://localhost/file/document.pdf/$share->token",
]
];
// Check shared item protected by password
if ($is_protected) {
$cookie = ['share_session' => json_encode([
'token' => $share->token,
'authenticated' => true,
])];
$this
->withUnencryptedCookies($cookie)
->get("/api/browse/folders/$root->id/$share->token")
->assertStatus(200)
->assertExactJson($json);
}
// Check public shared item
if (!$is_protected) {
$this->getJson("/api/browse/folders/$root->id/$share->token")
->assertStatus(200)
->assertExactJson($json);
}
});
}
/**
* @test
*/
public function visitor_get_navigator_tree()
{
// check private or public share record
collect([true, false])
->each(function ($is_protected) {
$user = User::factory(User::class)
->create();
$folder_level_1 = Folder::factory(Folder::class)
->create([
'name' => 'level 1',
'user_scope' => 'master',
'user_id' => $user->id,
]);
$share = Share::factory(Share::class)
->create([
'item_id' => $folder_level_1->id,
'user_id' => $user->id,
'type' => 'folder',
'permission' => 'editor',
'is_protected' => $is_protected,
'password' => Hash::make('secret'),
]);
$folder_level_2 = Folder::factory(Folder::class)
->create([
'name' => 'level 2',
'parent_id' => $folder_level_1->id,
'user_scope' => 'master',
'user_id' => $user->id,
]);
$folder_level_3 = Folder::factory(Folder::class)
->create([
'name' => 'level 3',
'parent_id' => $folder_level_2->id,
'user_scope' => 'master',
'user_id' => $user->id,
]);
$folder_level_2_sibling = Folder::factory(Folder::class)
->create([
'name' => 'level 2 Sibling',
'parent_id' => $folder_level_1->id,
'user_scope' => 'master',
'user_id' => $user->id,
]);
$tree = [
[
'id' => $share->item_id,
"name" => "Home",
"location" => "public",
"folders" => [
[
"id" => $folder_level_2->id,
"parent_id" => $folder_level_1->id,
"name" => "level 2",
"items" => 1,
"trashed_items" => 1,
"type" => "folder",
"folders" => [
[
"id" => $folder_level_3->id,
"parent_id" => $folder_level_2->id,
"name" => "level 3",
"items" => 0,
"trashed_items" => 0,
"type" => "folder",
"folders" => [],
],
],
],
[
"id" => $folder_level_2_sibling->id,
"parent_id" => $folder_level_1->id,
"name" => "level 2 Sibling",
"items" => 0,
"trashed_items" => 0,
"type" => "folder",
"folders" => []
]
]
]
];
// Check shared item protected by password
if ($is_protected) {
$cookie = ['share_session' => json_encode([
'token' => $share->token,
'authenticated' => true,
])];
$this
->withUnencryptedCookies($cookie)
->get("/api/browse/navigation/$share->token")
->assertStatus(200)
->assertExactJson($tree);
}
// Check public shared item
if (!$is_protected) {
$this->getJson("/api/browse/navigation/$share->token")
->assertStatus(200)
->assertExactJson($tree);
}
});
}
/**
* @test
*/
public function visitor_search_file()
{
// check private or public share record
collect([true, false])
->each(function ($is_protected) {
$folder = Folder::factory(Folder::class)
->create();
$share = Share::factory(Share::class)
->create([
'item_id' => $folder->id,
'user_id' => $folder->user_id,
'type' => 'folder',
'permission' => 'editor',
'is_protected' => $is_protected,
'password' => Hash::make('secret'),
]);
$file = File::factory(File::class)
->create([
'name' => 'Document',
'folder_id' => $folder->id,
'user_id' => $folder->user_id,
]);
// Check shared item protected by password
if ($is_protected) {
$cookie = ['share_session' => json_encode([
'token' => $share->token,
'authenticated' => true,
])];
$this->withUnencryptedCookies($cookie)
->get("/api/browse/search/$share->token?query=doc")
->assertStatus(200)
->assertJsonFragment([
'id' => $file->id
]);
}
// Check public shared item
if (!$is_protected) {
$this->getJson("/api/browse/search/$share->token?query=doc")
->assertStatus(200)
->assertJsonFragment([
'id' => $file->id
]);
}
});
}
/**
* @test
*/
public function visitor_try_search_not_shared_user_file()
{
// check private or public share record
collect([true, false])
->each(function ($is_protected) {
$folder = Folder::factory(Folder::class)
->create();
$share = Share::factory(Share::class)
->create([
'item_id' => $folder->id,
'user_id' => $folder->user_id,
'type' => 'folder',
'permission' => 'editor',
'is_protected' => $is_protected,
'password' => Hash::make('secret'),
]);
File::factory(File::class)
->create([
'name' => 'Document',
'user_id' => $folder->user_id,
]);
// Check shared item protected by password
if ($is_protected) {
$cookie = ['share_session' => json_encode([
'token' => $share->token,
'authenticated' => true,
])];
$this->withUnencryptedCookies($cookie)
->get("/api/browse/search/$share->token?query=doc")
->assertStatus(200)
->assertJsonFragment([]);
}
// Check public shared item
if (!$is_protected) {
$this->getJson("/api/browse/search/$share->token?query=doc")
->assertStatus(200)
->assertJsonFragment([]);
}
});
}
/**
* @test
*/
public function visitor_get_file_detail()
{
// check private or public share record
collect([true, false])
->each(function ($is_protected) {
$file = File::factory(File::class)
->create([
'name' => 'Document',
]);
$share = Share::factory(Share::class)
->create([
'item_id' => $file->id,
'user_id' => $file->user_id,
'type' => 'file',
'permission' => 'editor',
'is_protected' => $is_protected,
'password' => Hash::make('secret'),
]);
// Check shared item protected by password
if ($is_protected) {
$cookie = ['share_session' => json_encode([
'token' => $share->token,
'authenticated' => true,
])];
$this->withUnencryptedCookies($cookie)
->get("/api/browse/file/$share->token")
->assertStatus(200)
->assertJsonFragment([
'name' => 'Document'
]);
}
// Check public shared item
if (!$is_protected) {
$this->getJson("/api/browse/file/$share->token")
->assertStatus(200)
->assertJsonFragment([
'name' => 'Document'
]);
}
});
}
}

345
tests/Feature/Share/VisitorManipulatingTest.php Normal file
View File

@@ -0,0 +1,345 @@
<?php
namespace Tests\Feature\Share;
use App\Models\File;
use App\Models\Folder;
use App\Models\Share;
use App\Models\User;
use App\Services\SetupService;
use Illuminate\Foundation\Testing\DatabaseMigrations;
use Illuminate\Http\UploadedFile;
use Tests\TestCase;
class VisitorManipulatingTest extends TestCase
{
use DatabaseMigrations;
public function __construct()
{
parent::__construct();
$this->setup = app()->make(SetupService::class);
}
/**
* @test
*/
public function editor_rename_shared_file()
{
$user = User::factory(User::class)
->create();
$folder = Folder::factory(Folder::class)
->create([
'user_id' => $user->id
]);
$file = File::factory(File::class)
->create([
'folder_id' => $folder->id
]);
$share = Share::factory(Share::class)
->create([
'item_id' => $folder->id,
'user_id' => $user->id,
'type' => 'folder',
'is_protected' => false,
'permission' => 'editor',
]);
$this->patchJson("/api/editor/rename/{$file->id}/public/$share->token", [
'name' => 'Renamed Item',
'type' => 'file',
])
->assertStatus(201)
->assertJsonFragment([
'name' => 'Renamed Item',
]);
$this->assertDatabaseHas('files', [
'name' => 'Renamed Item'
]);
}
/**
* @test
*/
public function editor_rename_shared_folder()
{
$user = User::factory(User::class)
->create();
$root = Folder::factory(Folder::class)
->create([
'user_id' => $user->id
]);
$children = Folder::factory(Folder::class)
->create([
'user_id' => $user->id,
'parent_id' => $root->id
]);
$share = Share::factory(Share::class)
->create([
'item_id' => $root->id,
'user_id' => $user->id,
'type' => 'folder',
'is_protected' => false,
'permission' => 'editor',
]);
$this->patchJson("/api/editor/rename/{$children->id}/public/$share->token", [
'name' => 'Renamed Folder',
'type' => 'folder',
])
->assertStatus(201)
->assertJsonFragment([
'name' => 'Renamed Folder',
]);
$this->assertDatabaseHas('folders', [
'name' => 'Renamed Folder'
]);
}
/**
* @test
*/
public function editor_create_new_folder_in_shared_folder()
{
$user = User::factory(User::class)
->create();
$folder = Folder::factory(Folder::class)
->create([
'user_id' => $user->id,
]);
$share = Share::factory(Share::class)
->create([
'item_id' => $folder->id,
'user_id' => $user->id,
'type' => 'folder',
'is_protected' => false,
'permission' => 'editor',
]);
$this->postJson("/api/editor/create-folder/public/$share->token", [
'name' => 'Awesome New Folder',
'parent_id' => $folder->id,
])
->assertStatus(201)
->assertJsonFragment([
'name' => 'Awesome New Folder',
]);
$this->assertDatabaseHas('folders', [
'name' => 'Awesome New Folder',
'parent_id' => $folder->id,
'user_scope' => 'editor',
]);
}
/**
* @test
*/
public function editor_delete_multiple_files_in_shared_folder()
{
$user = User::factory(User::class)
->create();
$folder = Folder::factory(Folder::class)
->create([
'user_id' => $user->id,
]);
$share = Share::factory(Share::class)
->create([
'item_id' => $folder->id,
'user_id' => $user->id,
'type' => 'folder',
'is_protected' => false,
'permission' => 'editor',
]);
$files = File::factory(File::class)
->count(2)
->create([
'folder_id' => $folder->id
]);
$this->postJson("/api/editor/remove/public/$share->token", [
'items' => [
[
'id' => $files[0]->id,
'type' => 'file',
'force_delete' => false,
],
[
'id' => $files[1]->id,
'type' => 'file',
'force_delete' => false,
],
],
])->assertStatus(204);
$files
->each(function ($file) {
$this->assertSoftDeleted('files', [
'id' => $file->id,
]);
});
}
/**
* @test
*/
public function editor_upload_file_into_shared_folder()
{
Storage::fake('local');
$this->setup->create_directories();
$user = User::factory(User::class)
->create();
$folder = Folder::factory(Folder::class)
->create([
'user_id' => $user->id,
'user_scope' => 'master',
]);
$share = Share::factory(Share::class)
->create([
'item_id' => $folder->id,
'user_id' => $user->id,
'type' => 'folder',
'is_protected' => false,
'permission' => 'editor',
]);
$file = UploadedFile::fake()
->create('fake-file.pdf', 1000, 'application/pdf');
$this->postJson("/api/editor/upload/public/$share->token", [
'file' => $file,
'folder_id' => $folder->id,
'is_last' => true,
])->assertStatus(201);
$this->assertDatabaseHas('traffic', [
'user_id' => $user->id,
]);
$this->assertDatabaseHas('files', [
'user_scope' => 'editor',
]);
Storage::disk('local')
->assertExists(
"files/$user->id/fake-file.pdf"
);
}
/**
* @test
*/
public function editor_move_file_to_another_folder()
{
$user = User::factory(User::class)
->create();
$root = Folder::factory(Folder::class)
->create([
'user_id' => $user->id
]);
$children = Folder::factory(Folder::class)
->create([
'user_id' => $user->id,
'parent_id' => $root->id,
]);
$file = File::factory(File::class)
->create([
'user_id' => $user->id,
'folder_id' => $root->id
]);
$share = Share::factory(Share::class)
->create([
'item_id' => $root->id,
'user_id' => $user->id,
'type' => 'folder',
'is_protected' => false,
'permission' => 'editor',
]);
$this->postJson("/api/editor/move/public/$share->token", [
'to_id' => $children->id,
'items' => [
[
'type' => 'file',
'id' => $file->id,
]
],
])->assertStatus(204);
$this->assertDatabaseHas('files', [
'id' => $file->id,
'folder_id' => $children->id,
]);
}
/**
* @test
*/
public function editor_move_folder_to_another_folder()
{
$user = User::factory(User::class)
->create();
$root = Folder::factory(Folder::class)
->create([
'user_id' => $user->id
]);
$brother = Folder::factory(Folder::class)
->create([
'user_id' => $user->id,
'parent_id' => $root->id,
]);
$sister = Folder::factory(Folder::class)
->create([
'user_id' => $user->id,
'parent_id' => $root->id,
]);
$share = Share::factory(Share::class)
->create([
'item_id' => $root->id,
'user_id' => $user->id,
'type' => 'folder',
'is_protected' => false,
'permission' => 'editor',
]);
$this->postJson("/api/editor/move/public/$share->token", [
'to_id' => $brother->id,
'items' => [
[
'type' => 'folder',
'id' => $sister->id,
]
],
])->assertStatus(204);
$this->assertDatabaseHas('folders', [
'id' => $sister->id,
'parent_id' => $brother->id,
]);
}
}