Cutlery/invoiceninja
1
0
Fork 0
mirror of https://github.com/invoiceninja/invoiceninja.git synced 2025-05-24 02:14:21 -04:00
Code Issues Packages Projects Releases Wiki Activity

Add additional checks into check data script

Browse Source
This commit is contained in:
David Bomba 2023-01-21 11:33:41 +11:00
parent d97f80ecd0
commit 580868767c
3 changed files with 79 additions and 39 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

48
app/Console/Commands/CheckData.php
View File

@ -15,6 +15,7 @@ use App;
use App\DataMapper\ClientSettings;
use App\Factory\ClientContactFactory;
use App\Factory\VendorContactFactory;
use App\Jobs\Company\CreateCompanyToken;
use App\Models\Account;
use App\Models\Client;
use App\Models\ClientContact;
@ -124,7 +125,8 @@ class CheckData extends Command
$this->checkOauthSanity();
$this->checkVendorSettings();
$this->checkClientSettings();
$this->checkCompanyTokens();
if(Ninja::isHosted()){
$this->checkAccountStatuses();
$this->checkNinjaPortalUrls();
@ -157,6 +159,25 @@ class CheckData extends Command
$this->log .= $str."\n";
}
private function checkCompanyTokens()
{
CompanyUser::doesnthave('token')->cursor()->each(function ($cu){
if($cu->user){
$this->logMessage("Creating missing company token for user # {$cu->user->id} for company id # {$cu->company->id}");
(new CreateCompanyToken($cu->company, $cu->user, 'System'))->handle();
}
else {
$this->logMessage("Dangling User ID # {$cu->id}");
}
});
}
private function checkOauthSanity()
{
User::where('oauth_provider_id', '1')->cursor()->each(function ($user){
@ -422,17 +443,26 @@ class CheckData extends Command
$contact_class = VendorContact::class;
}
$invitation = new $entity_obj();
$invitation->company_id = $entity->company_id;
$invitation->user_id = $entity->user_id;
$invitation->{$entity_key} = $entity->id;
$invitation->{$contact_id} = $contact_class::where('company_id', $entity->company_id)->where($client_vendor_key,$entity->{$client_vendor_key})->first()->id;
$invitation->key = Str::random(config('ninja.key_length'));
$invitation = false;
$this->logMessage("Add invitation for {$entity_key} - {$entity->id}");
//check contact exists!
if($contact_class::where('company_id', $entity->company_id)->where($client_vendor_key,$entity->{$client_vendor_key})->exists())
{
$invitation = new $entity_obj();
$invitation->company_id = $entity->company_id;
$invitation->user_id = $entity->user_id;
$invitation->{$entity_key} = $entity->id;
$invitation->{$contact_id} = $contact_class::where('company_id', $entity->company_id)->where($client_vendor_key,$entity->{$client_vendor_key})->first()->id;
$invitation->key = Str::random(config('ninja.key_length'));
$this->logMessage("Add invitation for {$entity_key} - {$entity->id}");
}
else
$this->logMessage("No contact present, so cannot add invitation for {$entity_key} - {$entity->id}");
try{
$invitation->save();
if($invitation)
$invitation->save();
}
catch(\Exception $e){
$this->logMessage($e->getMessage());

4
app/Http/Controllers/BaseController.php
View File

@ -886,7 +886,7 @@ class BaseController extends Controller
}
*/
/*21-01-2023*/
/**/
// 10-01-2022 need to ensure we snake case properly here to ensure permissions work as expected
// 28-03-2022 this is definitely correct here, do not append _ to the view, it resolved correctly when snake cased
@ -908,8 +908,6 @@ class BaseController extends Controller
/**/
if (request()->has('updated_at') && request()->input('updated_at') > 0) {
$query->where('updated_at', '>=', date('Y-m-d H:i:s', intval(request()->input('updated_at'))));
}

66
tests/Feature/BaseApiTest.php
View File

@ -191,8 +191,6 @@ class BaseApiTest extends TestCase
$company_token->is_system = true;
$company_token->save();
Product::factory()->create([
'user_id' => $user_id,
'company_id' => $company->id,
@ -203,7 +201,6 @@ class BaseApiTest extends TestCase
'company_id' => $company->id,
]);
$contact = ClientContact::factory()->create([
'user_id' => $user_id,
'client_id' => $client->id,
@ -307,7 +304,6 @@ class BaseApiTest extends TestCase
'client_id' => $client->id,
]);
$task_status = TaskStatus::factory()->create([
'user_id' => $user_id,
'company_id' => $company->id,
@ -321,7 +317,6 @@ class BaseApiTest extends TestCase
'company_id' => $company->id,
]);
$tax_rate = TaxRate::factory()->create([
'user_id' => $user_id,
'company_id' => $company->id,
@ -388,7 +383,6 @@ class BaseApiTest extends TestCase
$cgt = ClientGatewayTokenFactory::create($company->id);
$cgt->save();
}
// public function testGeneratingClassName()
@ -430,14 +424,20 @@ class BaseApiTest extends TestCase
);
});
$response = $this->withHeaders([
'X-API-SECRET' => config('ninja.api_secret'),
'X-API-TOKEN' => $this->low_token,
])->get('/api/v1/companies/'.$this->company->hashed_id)
->assertStatus(401);
}
public function testOwnerAccessCompany()
{
$response = $this->withHeaders([
'X-API-SECRET' => config('ninja.api_secret'),
'X-API-TOKEN' => $this->low_token,
])->get('/api/v1/companies/'.$this->company->hashed_id)
->assertStatus(401);
}
public function testAdminRoutes()
{
$this->owner_cu = CompanyUser::where('user_id', $this->owner_cu->user_id)->where('company_id', $this->owner_cu->company_id)->first();
@ -447,7 +447,6 @@ class BaseApiTest extends TestCase
$this->owner_cu->permissions = '[]';
$this->owner_cu->save();
$response = $this->withHeaders([
'X-API-SECRET' => config('ninja.api_secret'),
'X-API-TOKEN' => $this->owner_token,
@ -456,7 +455,6 @@ class BaseApiTest extends TestCase
$response->assertStatus(200)
->assertJson(fn (AssertableJson $json) => $json->has('data',2)->etc());
/*does not test the number of records however*/
collect($this->list_routes)->filter(function ($route){
return !in_array($route, ['users','designs','payment_terms']);
})->each(function($route){
@ -472,11 +470,16 @@ class BaseApiTest extends TestCase
);
});
}
public function testAdminAccessCompany()
{
$response = $this->withHeaders([
'X-API-SECRET' => config('ninja.api_secret'),
'X-API-TOKEN' => $this->owner_token,
])->get('/api/v1/companies/'.$this->company->hashed_id)
->assertStatus(200);
'X-API-SECRET' => config('ninja.api_secret'),
'X-API-TOKEN' => $this->owner_token,
])->get('/api/v1/companies/'.$this->company->hashed_id)
->assertStatus(200);
}
@ -492,11 +495,9 @@ class BaseApiTest extends TestCase
$response = $this->withHeaders([
'X-API-SECRET' => config('ninja.api_secret'),
'X-API-TOKEN' => $this->owner_token,
])->get('/api/v1/users/');
])->get('/api/v1/users/')
->assertStatus(403);
$response->assertStatus(403);
/*does not test the number of records however*/
collect($this->list_routes)->filter(function ($route){
return !in_array($route, ['users','designs','payment_terms']);
})->each(function($route){
@ -508,14 +509,25 @@ class BaseApiTest extends TestCase
->assertStatus(403);
});
$response = $this->withHeaders([
'X-API-SECRET' => config('ninja.api_secret'),
'X-API-TOKEN' => $this->owner_token,
])->get('/api/v1/companies/'.$this->company->hashed_id)
->assertStatus(403);
}
public function testAdminLockedCompany()
{
$this->owner_cu = CompanyUser::where('user_id', $this->owner_cu->user_id)->where('company_id', $this->owner_cu->company_id)->first();
$this->owner_cu->is_owner = false;
$this->owner_cu->is_admin = true;
$this->owner_cu->is_locked = true;
$this->owner_cu->permissions = '[]';
$this->owner_cu->save();
$response = $this->withHeaders([
'X-API-SECRET' => config('ninja.api_secret'),
'X-API-TOKEN' => $this->owner_token,
])->get('/api/v1/companies/'.$this->company->hashed_id)
->assertStatus(403);
}
/**