create([ 'is_protected' => 0, ]); $this->get("/api/browse/share/$share->token") ->assertStatus(200) ->assertExactJson([ 'data' => [ 'id' => $share->id, 'type' => 'shared', 'attributes' => [ 'permission' => $share->permission, 'protected' => false, 'item_id' => $share->item_id, 'expire_in' => $share->expire_in, 'token' => $share->token, 'link' => $share->link, 'type' => $share->type, ], ], ]); } /** * @test */ public function it_get_share_page() { $share = Share::factory(Share::class) ->create([ 'type' => 'folder', 'is_protected' => false, ]); $this->get("/share/$share->token") ->assertViewIs('index') ->assertStatus(200); } /** * @test */ public function it_try_to_get_deleted_share_record() { $this->get('/api/browse/share/19ZMPNiass4ZqWwQ') ->assertNotFound(); } /** * @test */ public function it_try_to_get_deleted_share_page() { $this->get('/share/19ZMPNiass4ZqWwQ') ->assertNotFound(404); } /** * @test */ public function it_authenticate_protected_file_with_correct_password() { $file = File::factory(File::class) ->create(); $share = Share::factory(Share::class) ->create([ 'item_id' => $file->id, 'user_id' => $file->user_id, 'type' => 'file', 'is_protected' => true, 'password' => bcrypt('secret'), ]); $this->postJson("/api/browse/authenticate/$share->token", [ 'password' => 'secret', ]) ->assertStatus(200) ->assertCookie('share_session', json_encode([ 'token' => $share->token, 'authenticated' => true, ]), false); } /** * @test */ public function it_authenticate_protected_file_with_incorrect_password() { $file = File::factory(File::class) ->create(); $share = Share::factory(Share::class) ->create([ 'item_id' => $file->id, 'user_id' => $file->user_id, 'type' => 'file', 'is_protected' => true, 'password' => bcrypt('secret'), ]); $this->postJson("/api/browse/authenticate/$share->token", [ 'password' => 'bad-password', ]) ->assertStatus(401) ->assertCookieMissing('share_session'); } /** * @test */ public function visitor_get_folder_content() { // check private or public share record collect([true, false]) ->each(function ($is_protected) { $user = User::factory(User::class) ->create(); $root = Folder::factory(Folder::class) ->create([ 'name' => 'root', 'user_id' => $user->id, ]); $share = Share::factory(Share::class) ->create([ 'item_id' => $root->id, 'user_id' => $user->id, 'type' => 'folder', 'is_protected' => $is_protected, 'permission' => 'editor', ]); $folder = Folder::factory(Folder::class) ->create([ 'parent_id' => $root->id, 'name' => 'Documents', 'author' => 'user', 'user_id' => $user->id, ]); $file = File::factory(File::class) ->create([ 'parent_id' => $root->id, 'name' => 'Document', 'basename' => 'document.pdf', 'mimetype' => 'application/pdf', 'author' => 'user', 'type' => 'file', 'user_id' => $user->id, ]); // Check shared item protected by password if ($is_protected) { $cookie = ['share_session' => json_encode([ 'token' => $share->token, 'authenticated' => true, ])]; $this ->withUnencryptedCookies($cookie) ->get("/api/browse/folders/$root->id/$share->token") ->assertStatus(200) ->assertJsonFragment([ 'id' => $file->id, ]) ->assertJsonFragment([ 'id' => $folder->id, ]); } // Check public shared item if (! $is_protected) { $this->getJson("/api/browse/folders/$root->id/$share->token") ->assertStatus(200) ->assertJsonFragment([ 'id' => $file->id, ]) ->assertJsonFragment([ 'id' => $folder->id, ]); } }); } /** * @test */ public function visitor_get_navigator_tree() { // check private or public share record collect([true, false]) ->each(function ($is_protected) { $user = User::factory(User::class) ->create(); $folder_level_1 = Folder::factory(Folder::class) ->create([ 'name' => 'level 1', 'author' => 'user', 'user_id' => $user->id, ]); $share = Share::factory(Share::class) ->create([ 'item_id' => $folder_level_1->id, 'user_id' => $user->id, 'type' => 'folder', 'permission' => 'editor', 'is_protected' => $is_protected, 'password' => bcrypt('secret'), ]); $folder_level_2 = Folder::factory(Folder::class) ->create([ 'name' => 'level 2', 'parent_id' => $folder_level_1->id, 'author' => 'user', 'user_id' => $user->id, ]); $folder_level_3 = Folder::factory(Folder::class) ->create([ 'name' => 'level 3', 'parent_id' => $folder_level_2->id, 'author' => 'user', 'user_id' => $user->id, ]); $folder_level_2_sibling = Folder::factory(Folder::class) ->create([ 'name' => 'level 2 Sibling', 'parent_id' => $folder_level_1->id, 'author' => 'user', 'user_id' => $user->id, ]); $tree = [ [ 'id' => $share->item_id, 'name' => 'Home', 'location' => 'public', 'folders' => [ [ 'id' => $folder_level_2->id, 'parent_id' => $folder_level_1->id, 'name' => 'level 2', 'items' => 1, 'trashed_items' => 1, 'folders' => [ [ 'id' => $folder_level_3->id, 'parent_id' => $folder_level_2->id, 'name' => 'level 3', 'items' => 0, 'trashed_items' => 0, 'folders' => [], ], ], ], [ 'id' => $folder_level_2_sibling->id, 'parent_id' => $folder_level_1->id, 'name' => 'level 2 Sibling', 'items' => 0, 'trashed_items' => 0, 'folders' => [], ], ], ], ]; // Check shared item protected by password if ($is_protected) { $cookie = ['share_session' => json_encode([ 'token' => $share->token, 'authenticated' => true, ])]; $this ->withUnencryptedCookies($cookie) ->get("/api/browse/navigation/$share->token") ->assertStatus(200) ->assertExactJson($tree); } // Check public shared item if (! $is_protected) { $this->getJson("/api/browse/navigation/$share->token") ->assertStatus(200) ->assertExactJson($tree); } }); } /** * @test */ public function visitor_search_file() { // check private or public share record collect([true, false]) ->each(function ($is_protected) { $folder = Folder::factory(Folder::class) ->create(); $share = Share::factory(Share::class) ->create([ 'item_id' => $folder->id, 'user_id' => $folder->user_id, 'type' => 'folder', 'permission' => 'editor', 'is_protected' => $is_protected, 'password' => bcrypt('secret'), ]); $file = File::factory(File::class) ->create([ 'name' => 'Document', 'parent_id' => $folder->id, 'user_id' => $folder->user_id, ]); // Check shared item protected by password if ($is_protected) { $cookie = ['share_session' => json_encode([ 'token' => $share->token, 'authenticated' => true, ])]; $this->withUnencryptedCookies($cookie) ->get("/api/browse/search/$share->token?query=doc") ->assertStatus(200) ->assertJsonFragment([ 'id' => $file->id, ]); } // Check public shared item if (! $is_protected) { $this->getJson("/api/browse/search/$share->token?query=doc") ->assertStatus(200) ->assertJsonFragment([ 'id' => $file->id, ]); } }); } /** * @test */ public function visitor_try_search_not_shared_user_file() { // check private or public share record collect([true, false]) ->each(function ($is_protected) { $folder = Folder::factory(Folder::class) ->create(); $share = Share::factory(Share::class) ->create([ 'item_id' => $folder->id, 'user_id' => $folder->user_id, 'type' => 'folder', 'permission' => 'editor', 'is_protected' => $is_protected, 'password' => bcrypt('secret'), ]); File::factory(File::class) ->create([ 'name' => 'Document', 'user_id' => $folder->user_id, ]); // Check shared item protected by password if ($is_protected) { $cookie = ['share_session' => json_encode([ 'token' => $share->token, 'authenticated' => true, ])]; $this->withUnencryptedCookies($cookie) ->get("/api/browse/search/$share->token?query=doc") ->assertStatus(200) ->assertJsonFragment([]); } // Check public shared item if (! $is_protected) { $this->getJson("/api/browse/search/$share->token?query=doc") ->assertStatus(200) ->assertJsonFragment([]); } }); } /** * @test */ public function visitor_get_file_detail() { // check private or public share record collect([true, false]) ->each(function ($is_protected) { $file = File::factory(File::class) ->create([ 'name' => 'Document', ]); $share = Share::factory(Share::class) ->create([ 'item_id' => $file->id, 'user_id' => $file->user_id, 'type' => 'file', 'permission' => 'editor', 'is_protected' => $is_protected, 'password' => bcrypt('secret'), ]); // Check shared item protected by password if ($is_protected) { $cookie = ['share_session' => json_encode([ 'token' => $share->token, 'authenticated' => true, ])]; $this->withUnencryptedCookies($cookie) ->get("/api/browse/file/$share->token") ->assertStatus(200) ->assertJsonFragment([ 'name' => 'Document', ]); } // Check public shared item if (! $is_protected) { $this->getJson("/api/browse/file/$share->token") ->assertStatus(200) ->assertJsonFragment([ 'name' => 'Document', ]); } }); } }