Jingga/oms-Admin
1
0
Fork 0
mirror of https://github.com/Karaka-Management/oms-Admin.git synced 2026-02-18 13:18:43 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

impl. tests and fix validation status code

Browse Source
This commit is contained in:
Dennis Eichhorn 2020-10-06 21:51:40 +02:00
parent 413a8239f2
commit 0524fcadfb
11 changed files with 207 additions and 77 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

40
Controller/ApiController.php
View File

@ -1,4 +1,5 @@
<?php
/**
* Orange Management
*
@ -10,6 +11,7 @@
* @version 1.0.0
* @link https://orange-management.org
*/
declare(strict_types=1);
namespace Modules\Admin\Controller;
@ -252,11 +254,20 @@ final class ApiController extends Controller
$requestAccount = $request->getHeader()->getAccount();
$accountId = (int) $request->getData('account_id');
if ($requestAccount !== $accountId
if (
$requestAccount !== $accountId
&& !$this->app->accountManager->get($accountId)->hasPermission(
PermissionType::MODIFY, $this->app->orgId, $this->app->appName, self::MODULE_NAME, PermissionState::ACCOUNT_SETTINGS, $accountId)
PermissionType::MODIFY,
$this->app->orgId,
$this->app->appName,
self::MODULE_NAME,
PermissionState::ACCOUNT_SETTINGS,
$accountId
)
) {
$this->fillJsonResponse($request, $response, NotificationLevel::HIDDEN, '', '', []);
$response->getHeader()->setStatusCode(RequestStatusCode::R_403);
return;
}
@ -386,6 +397,7 @@ final class ApiController extends Controller
$app = $request->getData('appSrc');
if (!\file_exists(__DIR__ . '/../../../' . $app)) {
$response->getHeader()->setStatusCode(RequestStatusCode::R_400);
return;
}
@ -525,6 +537,7 @@ final class ApiController extends Controller
{
if (!empty($val = $this->validateGroupCreate($request))) {
$response->set('group_create', new FormValidation($val));
$response->getHeader()->setStatusCode(RequestStatusCode::R_400);
return;
}
@ -727,6 +740,7 @@ final class ApiController extends Controller
{
if (!empty($val = $this->validateAccountCreate($request))) {
$response->set('account_create', new FormValidation($val));
$response->getHeader()->setStatusCode(RequestStatusCode::R_400);
return;
}
@ -810,8 +824,8 @@ final class ApiController extends Controller
} else {
$locale = \explode('_', $request->getData('locale') ?? '');
$l11n = $account->getL11n();
$l11n->loadFromLanguage(
$account->getL11n()
->loadFromLanguage(
$locale[0] ?? $this->app->l11nServer->getLanguage(),
$locale[1] ?? $this->app->l11nServer->getCountry()
);
@ -952,10 +966,19 @@ final class ApiController extends Controller
default:
$done = false;
$msg = 'Unknown module status change request.';
$response->getHeader()->setStatusCode(RequestStatusCode::R_400);
}
$this->app->eventManager->trigger('POST:Module:Admin-module-status', '', ['status' => $status, 'module' => $module]);
$this->fillJsonResponse($request, $response, $done ? NotificationLevel::OK : NotificationLevel::WARNING, 'Module', $msg, []);
if (!$done) {
$response->getHeader()->setStatusCode(RequestStatusCode::R_400);
}
$this->fillJsonResponse(
$request, $response,
$done ? NotificationLevel::OK : NotificationLevel::WARNING,
'Module', $msg, []
);
}
/**
@ -1078,6 +1101,7 @@ final class ApiController extends Controller
{
if (!empty($val = $this->validatePermissionCreate($request))) {
$response->set('permission_create', new FormValidation($val));
$response->getHeader()->setStatusCode(RequestStatusCode::R_400);
return;
}
@ -1086,6 +1110,7 @@ final class ApiController extends Controller
if (!($permission instanceof GroupPermission)) {
$response->set('permission_create', new FormValidation($val));
$response->getHeader()->setStatusCode(RequestStatusCode::R_400);
return;
}
@ -1111,6 +1136,7 @@ final class ApiController extends Controller
{
if (!empty($val = $this->validatePermissionCreate($request))) {
$response->set('permission_create', new FormValidation($val));
$response->getHeader()->setStatusCode(RequestStatusCode::R_400);
return;
}
@ -1119,6 +1145,7 @@ final class ApiController extends Controller
if (!($permission instanceof AccountPermission)) {
$response->set('permission_create', new FormValidation($val));
$response->getHeader()->setStatusCode(RequestStatusCode::R_400);
return;
}
@ -1268,8 +1295,7 @@ final class ApiController extends Controller
| (int) ($request->getData('permissionread') ?? 0)
| (int) ($request->getData('permissionupdate') ?? 0)
| (int) ($request->getData('permissiondelete') ?? 0)
| (int) ($request->getData('permissionpermission') ?? 0)
);
| (int) ($request->getData('permissionpermission') ?? 0));
return $permission;
}

2
Models/Account.php
View File

@ -32,6 +32,8 @@ class Account extends \phpOMS\Account\Account
*/
protected int $tries = 0;
/**
* Get remaining login tries
*

2
Models/AccountMapper.php
View File

@ -225,7 +225,7 @@ final class AccountMapper extends DataMapperAbstract
return LoginReturnType::WRONG_PASSWORD;
} catch (\Exception $e) {
return LoginReturnType::FAILURE;
return LoginReturnType::FAILURE; // @codeCoverageIgnore
}
}
}

24
tests/Controller/Api/ApiControllerAccountTrait.php
View File

@ -18,6 +18,7 @@ use phpOMS\Account\AccountStatus;
use phpOMS\Account\AccountType;
use phpOMS\Message\Http\HttpRequest;
use phpOMS\Message\Http\HttpResponse;
use phpOMS\Message\Http\RequestStatusCode;
use phpOMS\Uri\HttpUri;
trait ApiControllerAccountTrait
@ -54,6 +55,7 @@ trait ApiControllerAccountTrait
$request->getHeader()->setAccount(1);
$request->setData('id', 1);
$request->setData('email', 'oms@orange-management.de');
$request->setData('password', 'orange');
$this->module->apiAccountUpdate($request, $response);
$this->module->apiAccountGet($request, $response);
@ -104,6 +106,26 @@ trait ApiControllerAccountTrait
self::assertGreaterThan(0, $response->get('')['response']->getId());
}
public function testApiAccountCreateWithCustomLocale() : void
{
$response = new HttpResponse();
$request = new HttpRequest(new HttpUri(''));
$request->getHeader()->setAccount(1);
$request->setData('login', 'guest2');
$request->setData('password', 'guest2');
$request->setData('name1', 'Guest2');
$request->setData('email', 'guest2@email.com');
$request->setData('type', AccountType::USER);
$request->setData('status', AccountStatus::INACTIVE);
$request->setData('locale', 'de_DE');
$this->module->apiAccountCreate($request, $response);
self::assertEquals('guest2', $response->get('')['response']->getName());
self::assertGreaterThan(0, $response->get('')['response']->getId());
}
/**
* @testdox A user can be deleted
* @covers Modules\Admin\Controller\ApiController
@ -143,7 +165,7 @@ trait ApiControllerAccountTrait
$request->setData('description', 'test description');
$this->module->apiAccountCreate($request, $response);
self::assertEquals('validation', $response->get('account_create')::TYPE);
self::assertEquals(RequestStatusCode::R_400, $response->getHeader()->getStatusCode());
}
/**

35
tests/Controller/Api/ApiControllerApplicationTrait.php Normal file
View File

@ -0,0 +1,35 @@
<?php
/**
* Orange Management
*
* PHP Version 7.4
*
* @package tests
* @copyright Dennis Eichhorn
* @license OMS License 1.0
* @version 1.0.0
* @link https://orange-management.org
*/
declare(strict_types=1);
namespace Modules\Admin\tests\Controller\Api;
use phpOMS\Message\Http\HttpRequest;
use phpOMS\Message\Http\HttpResponse;
use phpOMS\Message\Http\RequestStatusCode;
use phpOMS\Uri\HttpUri;
trait ApiControllerApplicationTrait
{
public function testApiInvalidAppplicationPathInstall() : void
{
$response = new HttpResponse();
$request = new HttpRequest(new HttpUri(''));
$request->getHeader()->setAccount(1);
$request->setData('appSrc', 'invalid');
$this->module->apiInstallApplication($request, $response);
self::assertEquals(RequestStatusCode::R_400, $response->getHeader()->getStatusCode());
}
}

3
tests/Controller/Api/ApiControllerGroupTrait.php
View File

@ -17,6 +17,7 @@ namespace Modules\Admin\tests\Controller\Api;
use phpOMS\Account\GroupStatus;
use phpOMS\Message\Http\HttpRequest;
use phpOMS\Message\Http\HttpResponse;
use phpOMS\Message\Http\RequestStatusCode;
use phpOMS\Uri\HttpUri;
trait ApiControllerGroupTrait
@ -123,7 +124,7 @@ trait ApiControllerGroupTrait
$request->setData('description', 'test description');
$this->module->apiGroupCreate($request, $response);
self::assertEquals('validation', $response->get('group_create')::TYPE);
self::assertEquals(RequestStatusCode::R_400, $response->getHeader()->getStatusCode());
}
/**

11
tests/Controller/Api/ApiControllerModuleTrait.php
View File

@ -17,6 +17,7 @@ namespace Modules\Admin\tests\Controller\Api;
use Modules\Admin\Models\ModuleStatusUpdateType;
use phpOMS\Message\Http\HttpRequest;
use phpOMS\Message\Http\HttpResponse;
use phpOMS\Message\Http\RequestStatusCode;
use phpOMS\Uri\HttpUri;
trait ApiControllerModuleTrait
@ -65,6 +66,8 @@ trait ApiControllerModuleTrait
$request->setData('status', ModuleStatusUpdateType::INSTALL);
$this->module->apiModuleStatusUpdate($request, $response);
self::assertEquals(RequestStatusCode::R_403, $response->getHeader()->getStatusCode());
self::assertNull($response->get('module_stutus_update'));
}
@ -80,10 +83,10 @@ trait ApiControllerModuleTrait
$request->getHeader()->setAccount(1);
$request->setData('module', 'TestModule');
$request->setData('status', 99);
$this->module->apiModuleStatusUpdate($request, $response);
self::assertEquals('warning', $response->get('')['status']);
self::assertEquals(RequestStatusCode::R_400, $response->getHeader()->getStatusCode());
}
/**
@ -98,10 +101,10 @@ trait ApiControllerModuleTrait
$request->getHeader()->setAccount(1);
$request->setData('module', 'invalid');
$request->setData('status', ModuleStatusUpdateType::INSTALL);
$this->module->apiModuleStatusUpdate($request, $response);
self::assertEquals('warning', $response->get('')['status']);
self::assertEquals(RequestStatusCode::R_400, $response->getHeader()->getStatusCode());
}
/**

9
tests/Controller/Api/ApiControllerPermissionTrait.php
View File

@ -18,6 +18,7 @@ use phpOMS\Account\PermissionOwner;
use phpOMS\Account\PermissionType;
use phpOMS\Message\Http\HttpRequest;
use phpOMS\Message\Http\HttpResponse;
use phpOMS\Message\Http\RequestStatusCode;
use phpOMS\Uri\HttpUri;
trait ApiControllerPermissionTrait
@ -99,7 +100,7 @@ trait ApiControllerPermissionTrait
$request->setData('permissionowner', PermissionOwner::GROUP);
$this->module->apiAddGroupPermission($request, $response);
self::assertEquals('validation', $response->get('permission_create')::TYPE);
self::assertEquals(RequestStatusCode::R_400, $response->getHeader()->getStatusCode());
}
/**
@ -117,7 +118,7 @@ trait ApiControllerPermissionTrait
$request->setData('permissionref', 1);
$this->module->apiAddGroupPermission($request, $response);
self::assertEquals('validation', $response->get('permission_create')::TYPE);
self::assertEquals(RequestStatusCode::R_400, $response->getHeader()->getStatusCode());
}
/**
@ -224,7 +225,7 @@ trait ApiControllerPermissionTrait
$request->setData('permissionowner', PermissionOwner::ACCOUNT);
$this->module->apiAddAccountPermission($request, $response);
self::assertEquals('validation', $response->get('permission_create')::TYPE);
self::assertEquals(RequestStatusCode::R_400, $response->getHeader()->getStatusCode());
}
/**
@ -242,7 +243,7 @@ trait ApiControllerPermissionTrait
$request->setData('permissionref', 1);
$this->module->apiAddAccountPermission($request, $response);
self::assertEquals('validation', $response->get('permission_create')::TYPE);
self::assertEquals(RequestStatusCode::R_400, $response->getHeader()->getStatusCode());
}
/**

3
tests/Controller/Api/ApiControllerSettingsTrait.php
View File

@ -17,6 +17,7 @@ namespace Modules\Admin\tests\Controller\Api;
use Model\SettingsEnum;
use phpOMS\Message\Http\HttpRequest;
use phpOMS\Message\Http\HttpResponse;
use phpOMS\Message\Http\RequestStatusCode;
use phpOMS\Uri\HttpUri;
trait ApiControllerSettingsTrait
@ -110,6 +111,6 @@ trait ApiControllerSettingsTrait
$request->setData('account_id', 1);
$this->module->apiSettingsAccountLocalizationSet($request, $response);
self::assertEquals([], $response->get('')['response']);
self::assertEquals(RequestStatusCode::R_403, $response->getHeader()->getStatusCode());
}
}

2
tests/Controller/ApiControllerTest.php
View File

@ -31,6 +31,7 @@ use phpOMS\Module\ModuleAbstract;
use phpOMS\Module\ModuleManager;
use phpOMS\Router\WebRouter;
use phpOMS\Utils\TestUtils;
use Modules\Admin\tests\Controller\Api\ApiControllerApplicationTrait;
/**
* @testdox Modules\Admin\tests\Controller\ApiControllerTest: Admin api controller
@ -89,4 +90,5 @@ class ApiControllerTest extends \PHPUnit\Framework\TestCase
use ApiControllerGroupTrait;
use ApiControllerPermissionTrait;
use ApiControllerModuleTrait;
use ApiControllerApplicationTrait;
}

37
tests/Models/AccountMapperTest.php
View File

@ -19,6 +19,7 @@ use Modules\Admin\Models\AccountMapper;
use phpOMS\Account\AccountStatus;
use phpOMS\Account\AccountType;
use phpOMS\Auth\LoginReturnType;
use phpOMS\Utils\TestUtils;
/**
* @testdox Modules\Admin\tests\Models\AccountMapperTest: Account database mapper
@ -100,4 +101,40 @@ class AccountMapperTest extends \PHPUnit\Framework\TestCase
{
self::assertGreaterThan(0, AccountMapper::login('admin', 'orange'));
}
public function testInvalidLoginTries() : void
{
$accountR = AccountMapper::get(1);
$accountR->setLoginTries(0);
AccountMapper::update($accountR);
self::assertEquals(LoginReturnType::WRONG_INPUT_EXCEEDED, AccountMapper::login($accountR->getName(), 'orange'));
$accountR->setLoginTries(3);
AccountMapper::update($accountR);
}
public function testInvalidLoginAccountStatus() : void
{
$accountR = AccountMapper::get(1);
$accountR->setStatus(AccountStatus::BANNED);
AccountMapper::update($accountR);
self::assertEquals(LoginReturnType::INACTIVE, AccountMapper::login($accountR->getName(), 'orange'));
$accountR->setStatus(AccountStatus::ACTIVE);
AccountMapper::update($accountR);
}
public function testEmptyLoginPassword() : void
{
$accountR = AccountMapper::get(1);
TestUtils::setMember($accountR, 'password', '');
AccountMapper::update($accountR);
self::assertEquals(LoginReturnType::EMPTY_PASSWORD, AccountMapper::login($accountR->getName(), 'orange'));
$accountR->generatePassword('orange');
AccountMapper::update($accountR);
}
}