nexus/vuefilemanager
2
0
Fork 0
mirror of https://github.com/VueFileManager/vuefilemanager.git synced 2026-04-05 18:23:48 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
19cc01131b93d27bb6343b85943ce06f3cb93c24
vuefilemanager/tests/Domain/Sharing/VisitorBrowseTest.php
Čarodej 19cc01131b - gate implementation 
- protected shared view fix
2021-09-24 10:52:19 +02:00

466 lines
16 KiB
PHP
Raw Blame History

<?php
namespace Tests\Domain\Sharing;
use Tests\TestCase;
use App\Users\Models\User;
use Domain\Files\Models\File;
use Domain\Sharing\Models\Share;
use Domain\Folders\Models\Folder;
class VisitorBrowseTest extends TestCase
{
/**
* @test
*/
public function it_get_share_record()
{
$share = Share::factory(Share::class)
->create([
'is_protected' => 0,
]);
$this->get("/api/browse/share/$share->token")
->assertStatus(200)
->assertExactJson([
'data' => [
'id' => $share->id,
'type' => 'shared',
'attributes' => [
'permission' => $share->permission,
'protected' => false,
'item_id' => $share->item_id,
'expire_in' => $share->expire_in,
'token' => $share->token,
'link' => $share->link,
'type' => $share->type,
],
],
]);
}
/**
* @test
*/
public function it_get_share_page()
{
$share = Share::factory(Share::class)
->create([
'type' => 'folder',
'is_protected' => false,
]);
$this->get("/share/$share->token")
->assertViewIs('index')
->assertStatus(200);
}
/**
* @test
*/
public function it_try_to_get_deleted_share_record()
{
$this->get('/api/browse/share/19ZMPNiass4ZqWwQ')
->assertNotFound();
}
/**
* @test
*/
public function it_try_to_get_deleted_share_page()
{
$this->get('/share/19ZMPNiass4ZqWwQ')
->assertNotFound(404);
}
/**
* @test
*/
public function it_authenticate_protected_file_with_correct_password()
{
$file = File::factory(File::class)
->create();
$share = Share::factory(Share::class)
->create([
'item_id' => $file->id,
'user_id' => $file->user_id,
'type' => 'file',
'is_protected' => true,
'password' => bcrypt('secret'),
]);
$this->postJson("/api/browse/authenticate/$share->token", [
'password' => 'secret',
])
->assertStatus(200)
->assertCookie('share_session', json_encode([
'token' => $share->token,
'authenticated' => true,
]), false);
}
/**
* @test
*/
public function it_authenticate_protected_file_with_incorrect_password()
{
$file = File::factory(File::class)
->create();
$share = Share::factory(Share::class)
->create([
'item_id' => $file->id,
'user_id' => $file->user_id,
'type' => 'file',
'is_protected' => true,
'password' => bcrypt('secret'),
]);
$this->postJson("/api/browse/authenticate/$share->token", [
'password' => 'bad-password',
])
->assertStatus(401)
->assertCookieMissing('share_session');
}
/**
* @test
*/
public function visitor_get_folder_content()
{
// check private or public share record
collect([true, false])
->each(function ($is_protected) {
$user = User::factory(User::class)
->create();
$root = Folder::factory(Folder::class)
->create([
'name' => 'root',
'user_id' => $user->id,
]);
$share = Share::factory(Share::class)
->create([
'item_id' => $root->id,
'user_id' => $user->id,
'type' => 'folder',
'is_protected' => $is_protected,
'permission' => 'editor',
]);
$folder = Folder::factory(Folder::class)
->create([
'parent_id' => $root->id,
'name' => 'Documents',
'author' => 'user',
'user_id' => $user->id,
]);
$file = File::factory(File::class)
->create([
'parent_id' => $root->id,
'name' => 'Document',
'basename' => 'document.pdf',
'mimetype' => 'application/pdf',
'author' => 'user',
'type' => 'file',
'user_id' => $user->id,
]);
// Check shared item protected by password
if ($is_protected) {
$cookie = ['share_session' => json_encode([
'token' => $share->token,
'authenticated' => true,
])];
$this
->withUnencryptedCookies($cookie)
->get("/api/browse/folders/$root->id/$share->token")
->assertStatus(200)
->assertJsonFragment([
'id' => $file->id,
])
->assertJsonFragment([
'id' => $folder->id,
]);
}
// Check public shared item
if (! $is_protected) {
$this->getJson("/api/browse/folders/$root->id/$share->token")
->assertStatus(200)
->assertJsonFragment([
'id' => $file->id,
])
->assertJsonFragment([
'id' => $folder->id,
]);
}
});
}
/**
* @test
*/
public function visitor_get_navigator_tree()
{
// check private or public share record
collect([true, false])
->each(function ($is_protected) {
$user = User::factory(User::class)
->create();
$folder_level_1 = Folder::factory(Folder::class)
->create([
'name' => 'level 1',
'author' => 'user',
'user_id' => $user->id,
]);
$share = Share::factory(Share::class)
->create([
'item_id' => $folder_level_1->id,
'user_id' => $user->id,
'type' => 'folder',
'permission' => 'editor',
'is_protected' => $is_protected,
'password' => bcrypt('secret'),
]);
$folder_level_2 = Folder::factory(Folder::class)
->create([
'name' => 'level 2',
'parent_id' => $folder_level_1->id,
'author' => 'user',
'user_id' => $user->id,
]);
$folder_level_3 = Folder::factory(Folder::class)
->create([
'name' => 'level 3',
'parent_id' => $folder_level_2->id,
'author' => 'user',
'user_id' => $user->id,
]);
$folder_level_2_sibling = Folder::factory(Folder::class)
->create([
'name' => 'level 2 Sibling',
'parent_id' => $folder_level_1->id,
'author' => 'user',
'user_id' => $user->id,
]);
$tree = [
[
'id' => $share->item_id,
'name' => 'Home',
'location' => 'public',
'folders' => [
[
'id' => $folder_level_2->id,
'parent_id' => $folder_level_1->id,
'name' => 'level 2',
'items' => 1,
'trashed_items' => 1,
'folders' => [
[
'id' => $folder_level_3->id,
'parent_id' => $folder_level_2->id,
'name' => 'level 3',
'items' => 0,
'trashed_items' => 0,
'folders' => [],
],
],
],
[
'id' => $folder_level_2_sibling->id,
'parent_id' => $folder_level_1->id,
'name' => 'level 2 Sibling',
'items' => 0,
'trashed_items' => 0,
'folders' => [],
],
],
],
];
// Check shared item protected by password
if ($is_protected) {
$cookie = ['share_session' => json_encode([
'token' => $share->token,
'authenticated' => true,
])];
$this
->withUnencryptedCookies($cookie)
->get("/api/browse/navigation/$share->token")
->assertStatus(200)
->assertExactJson($tree);
}
// Check public shared item
if (! $is_protected) {
$this->getJson("/api/browse/navigation/$share->token")
->assertStatus(200)
->assertExactJson($tree);
}
});
}
/**
* @test
*/
public function visitor_search_file()
{
// check private or public share record
collect([true, false])
->each(function ($is_protected) {
$folder = Folder::factory(Folder::class)
->create();
$share = Share::factory(Share::class)
->create([
'item_id' => $folder->id,
'user_id' => $folder->user_id,
'type' => 'folder',
'permission' => 'editor',
'is_protected' => $is_protected,
'password' => bcrypt('secret'),
]);
$file = File::factory(File::class)
->create([
'name' => 'Document',
'parent_id' => $folder->id,
'user_id' => $folder->user_id,
]);
// Check shared item protected by password
if ($is_protected) {
$cookie = ['share_session' => json_encode([
'token' => $share->token,
'authenticated' => true,
])];
$this->withUnencryptedCookies($cookie)
->get("/api/browse/search/$share->token?query=doc")
->assertStatus(200)
->assertJsonFragment([
'id' => $file->id,
]);
}
// Check public shared item
if (! $is_protected) {
$this->getJson("/api/browse/search/$share->token?query=doc")
->assertStatus(200)
->assertJsonFragment([
'id' => $file->id,
]);
}
});
}
/**
* @test
*/
public function visitor_try_search_not_shared_user_file()
{
// check private or public share record
collect([true, false])
->each(function ($is_protected) {
$folder = Folder::factory(Folder::class)
->create();
$share = Share::factory(Share::class)
->create([
'item_id' => $folder->id,
'user_id' => $folder->user_id,
'type' => 'folder',
'permission' => 'editor',
'is_protected' => $is_protected,
'password' => bcrypt('secret'),
]);
File::factory(File::class)
->create([
'name' => 'Document',
'user_id' => $folder->user_id,
]);
// Check shared item protected by password
if ($is_protected) {
$cookie = ['share_session' => json_encode([
'token' => $share->token,
'authenticated' => true,
])];
$this->withUnencryptedCookies($cookie)
->get("/api/browse/search/$share->token?query=doc")
->assertStatus(200)
->assertJsonFragment([]);
}
// Check public shared item
if (! $is_protected) {
$this->getJson("/api/browse/search/$share->token?query=doc")
->assertStatus(200)
->assertJsonFragment([]);
}
});
}
/**
* @test
*/
public function visitor_get_file_detail()
{
// check private or public share record
collect([true, false])
->each(function ($is_protected) {
$file = File::factory(File::class)
->create([
'name' => 'Document',
]);
$share = Share::factory(Share::class)
->create([
'item_id' => $file->id,
'user_id' => $file->user_id,
'type' => 'file',
'permission' => 'editor',
'is_protected' => $is_protected,
'password' => bcrypt('secret'),
]);
// Check shared item protected by password
if ($is_protected) {
$cookie = ['share_session' => json_encode([
'token' => $share->token,
'authenticated' => true,
])];
$this->withUnencryptedCookies($cookie)
->get("/api/browse/file/$share->token")
->assertStatus(200)
->assertJsonFragment([
'name' => 'Document',
]);
}
// Check public shared item
if (! $is_protected) {
$this->getJson("/api/browse/file/$share->token")
->assertStatus(200)
->assertJsonFragment([
'name' => 'Document',
]);
}
});
}
}
Reference in New Issue View Git Blame Copy Permalink