0
0
mirror of https://github.com/kevinpapst/kimai2.git synced 2024-10-31 06:08:11 +00:00
kevinpapst_kimai2/tests/API/UserControllerTest.php
Kevin Papst 38e37f1c2e
Release 2.1.0 (#4321)
* fix deprecations
* remove unused config
* replace invalid annotation type with attribute
* use AsDoctrineListener to fix deprecation
* new ModifiedSubscriber to support custom logic and fix deprecation
* removed inheritdoc comment
* new ModifiedSubscriber to support custom logic and fix deprecation
* cleanup event dispatcher interface
* re-order annotation params
* one more doctrine based deprecation
* fix query to count active timesheets
* link to "all times" to identify active timesheets
* link icon instead of text
* fix "skin" translation in wizard
* use duration filter to show duration
* added login link command and controller
* bump tabler theme to 1.0
* added wizard to force password reset by user
* allow to configure that new accounts need to reset their password
* prevent uploading twig templates by default
* bump composer packages
* enable sandbox and basic security measures for custom twig templates for invoice and export
* bump to symfony 6.3.5
* allow to export single user reports to excel
* removed broken method to reload twig cache
* added api parameter to fetch user collection fully serialized
* allow to replace or append description via timesheet batch update
* show api username above form
2023-10-19 11:21:50 +02:00

336 lines
12 KiB
PHP

<?php
/*
* This file is part of the Kimai time-tracking app.
*
* For the full copyright and license information, please view the LICENSE
* file that was distributed with this source code.
*/
namespace App\Tests\API;
use App\Entity\User;
/**
* @group integration
*/
class UserControllerTest extends APIControllerBaseTest
{
public function testIsSecure(): void
{
$this->assertUrlIsSecured('/api/users');
}
/**
* @return array<array<string>>
*/
public function getRoleTestData(): array
{
return [
[User::ROLE_USER],
[User::ROLE_TEAMLEAD],
[User::ROLE_ADMIN],
];
}
/**
* @dataProvider getRoleTestData
*/
public function testIsSecureForRole(string $role): void
{
$this->assertUrlIsSecuredForRole($role, '/api/users');
}
public function testGetCollection(): void
{
$client = $this->getClientForAuthenticatedUser(User::ROLE_SUPER_ADMIN);
$this->assertAccessIsGranted($client, '/api/users');
$content = $client->getResponse()->getContent();
$this->assertIsString($content);
$result = json_decode($content, true);
$this->assertIsArray($result);
$this->assertNotEmpty($result);
$this->assertEquals(7, \count($result));
foreach ($result as $user) {
self::assertApiResponseTypeStructure('UserCollection', $user);
}
}
public function testGetCollectionFull(): void
{
$client = $this->getClientForAuthenticatedUser(User::ROLE_SUPER_ADMIN);
$this->assertAccessIsGranted($client, '/api/users?full=true');
$content = $client->getResponse()->getContent();
$this->assertIsString($content);
$result = json_decode($content, true);
$this->assertIsArray($result);
$this->assertNotEmpty($result);
$this->assertEquals(7, \count($result));
foreach ($result as $user) {
self::assertApiResponseTypeStructure('UserEntity', $user);
}
}
public function testGetCollectionWithQuery(): void
{
$client = $this->getClientForAuthenticatedUser(User::ROLE_SUPER_ADMIN);
$this->assertAccessIsGranted($client, '/api/users', 'GET', ['visible' => 2, 'orderBy' => 'email', 'order' => 'DESC', 'term' => 'chris']);
$content = $client->getResponse()->getContent();
$this->assertIsString($content);
$result = json_decode($content, true);
$this->assertIsArray($result);
$this->assertNotEmpty($result);
$this->assertEquals(1, \count($result));
foreach ($result as $user) {
self::assertApiResponseTypeStructure('UserCollection', $user);
}
}
public function testGetCollectionWithQuery2(): void
{
$client = $this->getClientForAuthenticatedUser(User::ROLE_SUPER_ADMIN);
$this->assertAccessIsGranted($client, '/api/users', 'GET', ['visible' => 3, 'orderBy' => 'email', 'order' => 'DESC']);
$content = $client->getResponse()->getContent();
$this->assertIsString($content);
$result = json_decode($content, true);
$this->assertIsArray($result);
$this->assertNotEmpty($result);
$this->assertEquals(8, \count($result));
foreach ($result as $user) {
self::assertApiResponseTypeStructure('UserCollection', $user);
}
}
public function testGetEntity(): void
{
$client = $this->getClientForAuthenticatedUser(User::ROLE_SUPER_ADMIN);
$this->assertAccessIsGranted($client, '/api/users/1');
$content = $client->getResponse()->getContent();
$this->assertIsString($content);
$result = json_decode($content, true);
$this->assertIsArray($result);
self::assertApiResponseTypeStructure('UserEntity', $result);
self::assertEquals('1', $result['id']);
self::assertEquals('CFO', $result['title']);
self::assertEquals('Clara Haynes', $result['alias']);
}
public function testGetMyProfile(): void
{
$client = $this->getClientForAuthenticatedUser(User::ROLE_SUPER_ADMIN);
$this->assertAccessIsGranted($client, '/api/users/me');
$content = $client->getResponse()->getContent();
$this->assertIsString($content);
$result = json_decode($content, true);
$this->assertIsArray($result);
self::assertApiResponseTypeStructure('UserEntity', $result);
self::assertEquals('6', $result['id']);
self::assertEquals('Super Administrator', $result['title']);
self::assertEquals('', $result['alias']);
}
public function testNotFound(): void
{
$this->assertEntityNotFound(User::ROLE_SUPER_ADMIN, '/api/users/99');
}
public function testGetEntityAccessDenied(): void
{
$client = $this->getClientForAuthenticatedUser(User::ROLE_USER);
$this->assertApiAccessDenied($client, '/api/users/4', 'You are not allowed to view this profile');
}
public function testGetEntityAccessAllowedForOwnProfile(): void
{
$client = $this->getClientForAuthenticatedUser(User::ROLE_USER);
$this->assertAccessIsGranted($client, '/api/users/2');
$content = $client->getResponse()->getContent();
$this->assertIsString($content);
$result = json_decode($content, true);
$this->assertIsArray($result);
self::assertApiResponseTypeStructure('UserEntity', $result);
}
public function testPostAction(): void
{
$client = $this->getClientForAuthenticatedUser(User::ROLE_SUPER_ADMIN);
$data = [
'username' => 'foo',
'email' => 'foo@example.com',
'title' => 'asdfghjkl',
'plainPassword' => 'foo@example.com',
'enabled' => true,
'supervisor' => 2,
'language' => 'ru',
'timezone' => 'Europe/Paris',
'roles' => [
'ROLE_TEAMLEAD',
'ROLE_ADMIN'
],
];
$this->request($client, '/api/users', 'POST', [], json_encode($data));
$this->assertTrue($client->getResponse()->isSuccessful());
$content = $client->getResponse()->getContent();
$this->assertIsString($content);
$result = json_decode($content, true);
$this->assertIsArray($result);
self::assertApiResponseTypeStructure('UserEntity', $result);
$this->assertNotEmpty($result['id']);
self::assertEquals('foo', $result['username']);
self::assertEquals('asdfghjkl', $result['title']);
self::assertTrue($result['enabled']);
self::assertEquals('ru', $result['language']);
self::assertEquals('Europe/Paris', $result['timezone']);
self::assertEquals(['ROLE_TEAMLEAD', 'ROLE_ADMIN'], $result['roles']);
}
public function testPostActionWithShortPassword(): void
{
$client = $this->getClientForAuthenticatedUser(User::ROLE_SUPER_ADMIN);
$data = [
'username' => 'foo',
'email' => 'foo@example.com',
'title' => 'asdfghjkl',
'plainPassword' => '1234567',
'enabled' => true,
'language' => 'ru',
'timezone' => 'Europe/Paris',
'roles' => [
'ROLE_TEAMLEAD',
'ROLE_ADMIN'
],
];
$this->request($client, '/api/users', 'POST', [], json_encode($data));
$response = $client->getResponse();
$this->assertEquals(400, $response->getStatusCode());
$this->assertApiCallValidationError($response, ['plainPassword']);
}
public function testPostActionWithValidationErrors(): void
{
$client = $this->getClientForAuthenticatedUser(User::ROLE_SUPER_ADMIN);
$data = [
'username' => '',
'email' => '',
'plainPassword' => '123456',
'language' => 'xx',
'timezone' => 'XXX/YYY',
'roles' => [
'ABC',
],
];
$this->request($client, '/api/users', 'POST', [], json_encode($data));
$response = $client->getResponse();
$this->assertEquals(400, $response->getStatusCode());
$this->assertApiCallValidationError($response, ['username', 'email', 'plainPassword', 'language', 'timezone', 'roles']);
}
public function testPostActionWithInvalidUser(): void
{
$client = $this->getClientForAuthenticatedUser(User::ROLE_ADMIN);
$data = [
'username' => 'foo',
'email' => 'foo@example.com',
'plainPassword' => 'foo@example.com',
'enabled' => true,
'language' => 'ru',
'timezone' => 'Europe/Paris',
];
$this->request($client, '/api/users', 'POST', [], json_encode($data));
$response = $client->getResponse();
$this->assertApiResponseAccessDenied($response, 'Access denied.');
}
public function testPatchAction(): void
{
$client = $this->getClientForAuthenticatedUser(User::ROLE_SUPER_ADMIN);
$data = [
'username' => 'foo',
'email' => 'foo@example.com',
'title' => 'asdfghjkl',
'plainPassword' => 'foo@example.com',
'language' => 'ru',
'timezone' => 'Europe/Paris',
'roles' => [
'ROLE_TEAMLEAD',
'ROLE_ADMIN'
],
];
$this->request($client, '/api/users', 'POST', [], json_encode($data));
$this->assertTrue($client->getResponse()->isSuccessful());
$content = $client->getResponse()->getContent();
$this->assertIsString($content);
$result = json_decode($content, true);
self::assertFalse($result['enabled']);
$data = [
'title' => 'qwertzui',
'enabled' => true,
'language' => 'it',
'timezone' => 'America/New_York',
'roles' => [
'ROLE_TEAMLEAD',
],
];
$this->request($client, '/api/users/' . $result['id'], 'PATCH', [], json_encode($data));
$this->assertTrue($client->getResponse()->isSuccessful());
$content = $client->getResponse()->getContent();
$this->assertIsString($content);
$result = json_decode($content, true);
$this->assertIsArray($result);
self::assertApiResponseTypeStructure('UserEntity', $result);
$this->assertNotEmpty($result['id']);
self::assertEquals('foo', $result['username']);
self::assertEquals('qwertzui', $result['title']);
self::assertTrue($result['enabled']);
self::assertEquals('it', $result['language']);
self::assertEquals('America/New_York', $result['timezone']);
self::assertEquals(['ROLE_TEAMLEAD'], $result['roles']);
}
public function testPatchActionWithUnknownUser(): void
{
$this->assertEntityNotFoundForPatch(User::ROLE_SUPER_ADMIN, '/api/users/255', []);
}
public function testPatchActionWithInvalidUser(): void
{
$client = $this->getClientForAuthenticatedUser(User::ROLE_USER);
$this->request($client, '/api/users/1', 'PATCH', [], json_encode(['language' => 'hu']));
$this->assertApiResponseAccessDenied($client->getResponse(), 'Not allowed to edit user');
}
public function testPatchActionWithValidationErrors(): void
{
$client = $this->getClientForAuthenticatedUser(User::ROLE_SUPER_ADMIN);
$data = [
'username' => '1', // not existing in form
'email' => '',
'plainPassword' => '123456', // not existing in form
'plainApiToken' => '123456', // not existing in form
'language' => 'xx',
'timezone' => 'XXX/YYY',
'roles' => [
'ABC',
],
];
$this->request($client, '/api/users/1', 'PATCH', [], json_encode($data));
$response = $client->getResponse();
$this->assertEquals(400, $response->getStatusCode());
$this->assertApiCallValidationError($response, ['email', 'language', 'timezone', 'roles'], true);
}
}