Cutlery/invoiceninja
1
0
Fork 0
mirror of https://github.com/invoiceninja/invoiceninja.git synced 2025-06-03 15:24:34 -04:00
Code Issues Packages Projects Releases Wiki Activity

Add additional checks into check data script

Browse Source
This commit is contained in:
David Bomba 2023-01-21 11:33:41 +11:00
parent d97f80ecd0
commit 580868767c
3 changed files with 79 additions and 39 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

48
app/Console/Commands/CheckData.php
View File

@ -15,6 +15,7 @@ use App;
use App\DataMapper\ClientSettings; use App\DataMapper\ClientSettings;
use App\Factory\ClientContactFactory; use App\Factory\ClientContactFactory;
use App\Factory\VendorContactFactory; use App\Factory\VendorContactFactory;
use App\Jobs\Company\CreateCompanyToken;
use App\Models\Account; use App\Models\Account;
use App\Models\Client; use App\Models\Client;
use App\Models\ClientContact; use App\Models\ClientContact;
@ -124,7 +125,8 @@ class CheckData extends Command
$this->checkOauthSanity(); $this->checkOauthSanity();
$this->checkVendorSettings(); $this->checkVendorSettings();
$this->checkClientSettings(); $this->checkClientSettings();
$this->checkCompanyTokens();
if(Ninja::isHosted()){ if(Ninja::isHosted()){
$this->checkAccountStatuses(); $this->checkAccountStatuses();
$this->checkNinjaPortalUrls(); $this->checkNinjaPortalUrls();
@ -157,6 +159,25 @@ class CheckData extends Command
$this->log .= $str."\n"; $this->log .= $str."\n";
} }
private function checkCompanyTokens()
{
CompanyUser::doesnthave('token')->cursor()->each(function ($cu){
if($cu->user){
$this->logMessage("Creating missing company token for user # {$cu->user->id} for company id # {$cu->company->id}");
(new CreateCompanyToken($cu->company, $cu->user, 'System'))->handle();
}
else {
$this->logMessage("Dangling User ID # {$cu->id}");
}
});
}
private function checkOauthSanity() private function checkOauthSanity()
{ {
User::where('oauth_provider_id', '1')->cursor()->each(function ($user){ User::where('oauth_provider_id', '1')->cursor()->each(function ($user){
@ -422,17 +443,26 @@ class CheckData extends Command
$contact_class = VendorContact::class; $contact_class = VendorContact::class;
} }
$invitation = new $entity_obj(); $invitation = false;
$invitation->company_id = $entity->company_id;
$invitation->user_id = $entity->user_id;
$invitation->{$entity_key} = $entity->id;
$invitation->{$contact_id} = $contact_class::where('company_id', $entity->company_id)->where($client_vendor_key,$entity->{$client_vendor_key})->first()->id;
$invitation->key = Str::random(config('ninja.key_length'));
$this->logMessage("Add invitation for {$entity_key} - {$entity->id}"); //check contact exists!
if($contact_class::where('company_id', $entity->company_id)->where($client_vendor_key,$entity->{$client_vendor_key})->exists())
{
$invitation = new $entity_obj();
$invitation->company_id = $entity->company_id;
$invitation->user_id = $entity->user_id;
$invitation->{$entity_key} = $entity->id;
$invitation->{$contact_id} = $contact_class::where('company_id', $entity->company_id)->where($client_vendor_key,$entity->{$client_vendor_key})->first()->id;
$invitation->key = Str::random(config('ninja.key_length'));
$this->logMessage("Add invitation for {$entity_key} - {$entity->id}");
}
else
$this->logMessage("No contact present, so cannot add invitation for {$entity_key} - {$entity->id}");
try{ try{
$invitation->save();
if($invitation)
$invitation->save();
} }
catch(\Exception $e){ catch(\Exception $e){
$this->logMessage($e->getMessage()); $this->logMessage($e->getMessage());

4
app/Http/Controllers/BaseController.php
View File

@ -886,7 +886,7 @@ class BaseController extends Controller
} }
*/ */
/*21-01-2023*/
/**/ /**/
// 10-01-2022 need to ensure we snake case properly here to ensure permissions work as expected // 10-01-2022 need to ensure we snake case properly here to ensure permissions work as expected
// 28-03-2022 this is definitely correct here, do not append _ to the view, it resolved correctly when snake cased // 28-03-2022 this is definitely correct here, do not append _ to the view, it resolved correctly when snake cased
@ -908,8 +908,6 @@ class BaseController extends Controller
/**/ /**/
if (request()->has('updated_at') && request()->input('updated_at') > 0) { if (request()->has('updated_at') && request()->input('updated_at') > 0) {
$query->where('updated_at', '>=', date('Y-m-d H:i:s', intval(request()->input('updated_at')))); $query->where('updated_at', '>=', date('Y-m-d H:i:s', intval(request()->input('updated_at'))));
} }

66
tests/Feature/BaseApiTest.php
View File

@ -191,8 +191,6 @@ class BaseApiTest extends TestCase
$company_token->is_system = true; $company_token->is_system = true;
$company_token->save(); $company_token->save();
Product::factory()->create([ Product::factory()->create([
'user_id' => $user_id, 'user_id' => $user_id,
'company_id' => $company->id, 'company_id' => $company->id,
@ -203,7 +201,6 @@ class BaseApiTest extends TestCase
'company_id' => $company->id, 'company_id' => $company->id,
]); ]);
$contact = ClientContact::factory()->create([ $contact = ClientContact::factory()->create([
'user_id' => $user_id, 'user_id' => $user_id,
'client_id' => $client->id, 'client_id' => $client->id,
@ -307,7 +304,6 @@ class BaseApiTest extends TestCase
'client_id' => $client->id, 'client_id' => $client->id,
]); ]);
$task_status = TaskStatus::factory()->create([ $task_status = TaskStatus::factory()->create([
'user_id' => $user_id, 'user_id' => $user_id,
'company_id' => $company->id, 'company_id' => $company->id,
@ -321,7 +317,6 @@ class BaseApiTest extends TestCase
'company_id' => $company->id, 'company_id' => $company->id,
]); ]);
$tax_rate = TaxRate::factory()->create([ $tax_rate = TaxRate::factory()->create([
'user_id' => $user_id, 'user_id' => $user_id,
'company_id' => $company->id, 'company_id' => $company->id,
@ -388,7 +383,6 @@ class BaseApiTest extends TestCase
$cgt = ClientGatewayTokenFactory::create($company->id); $cgt = ClientGatewayTokenFactory::create($company->id);
$cgt->save(); $cgt->save();
} }
// public function testGeneratingClassName() // public function testGeneratingClassName()
@ -430,14 +424,20 @@ class BaseApiTest extends TestCase
); );
}); });
$response = $this->withHeaders([ }
'X-API-SECRET' => config('ninja.api_secret'),
'X-API-TOKEN' => $this->low_token, public function testOwnerAccessCompany()
])->get('/api/v1/companies/'.$this->company->hashed_id) {
->assertStatus(401);
$response = $this->withHeaders([
'X-API-SECRET' => config('ninja.api_secret'),
'X-API-TOKEN' => $this->low_token,
])->get('/api/v1/companies/'.$this->company->hashed_id)
->assertStatus(401);
} }
public function testAdminRoutes() public function testAdminRoutes()
{ {
$this->owner_cu = CompanyUser::where('user_id', $this->owner_cu->user_id)->where('company_id', $this->owner_cu->company_id)->first(); $this->owner_cu = CompanyUser::where('user_id', $this->owner_cu->user_id)->where('company_id', $this->owner_cu->company_id)->first();
@ -447,7 +447,6 @@ class BaseApiTest extends TestCase
$this->owner_cu->permissions = '[]'; $this->owner_cu->permissions = '[]';
$this->owner_cu->save(); $this->owner_cu->save();
$response = $this->withHeaders([ $response = $this->withHeaders([
'X-API-SECRET' => config('ninja.api_secret'), 'X-API-SECRET' => config('ninja.api_secret'),
'X-API-TOKEN' => $this->owner_token, 'X-API-TOKEN' => $this->owner_token,
@ -456,7 +455,6 @@ class BaseApiTest extends TestCase
$response->assertStatus(200) $response->assertStatus(200)
->assertJson(fn (AssertableJson $json) => $json->has('data',2)->etc()); ->assertJson(fn (AssertableJson $json) => $json->has('data',2)->etc());
/*does not test the number of records however*/
collect($this->list_routes)->filter(function ($route){ collect($this->list_routes)->filter(function ($route){
return !in_array($route, ['users','designs','payment_terms']); return !in_array($route, ['users','designs','payment_terms']);
})->each(function($route){ })->each(function($route){
@ -472,11 +470,16 @@ class BaseApiTest extends TestCase
); );
}); });
}
public function testAdminAccessCompany()
{
$response = $this->withHeaders([ $response = $this->withHeaders([
'X-API-SECRET' => config('ninja.api_secret'), 'X-API-SECRET' => config('ninja.api_secret'),
'X-API-TOKEN' => $this->owner_token, 'X-API-TOKEN' => $this->owner_token,
])->get('/api/v1/companies/'.$this->company->hashed_id) ])->get('/api/v1/companies/'.$this->company->hashed_id)
->assertStatus(200); ->assertStatus(200);
} }
@ -492,11 +495,9 @@ class BaseApiTest extends TestCase
$response = $this->withHeaders([ $response = $this->withHeaders([
'X-API-SECRET' => config('ninja.api_secret'), 'X-API-SECRET' => config('ninja.api_secret'),
'X-API-TOKEN' => $this->owner_token, 'X-API-TOKEN' => $this->owner_token,
])->get('/api/v1/users/'); ])->get('/api/v1/users/')
->assertStatus(403);
$response->assertStatus(403);
/*does not test the number of records however*/
collect($this->list_routes)->filter(function ($route){ collect($this->list_routes)->filter(function ($route){
return !in_array($route, ['users','designs','payment_terms']); return !in_array($route, ['users','designs','payment_terms']);
})->each(function($route){ })->each(function($route){
@ -508,14 +509,25 @@ class BaseApiTest extends TestCase
->assertStatus(403); ->assertStatus(403);
}); });
$response = $this->withHeaders([
'X-API-SECRET' => config('ninja.api_secret'),
'X-API-TOKEN' => $this->owner_token,
])->get('/api/v1/companies/'.$this->company->hashed_id)
->assertStatus(403);
} }
public function testAdminLockedCompany()
{
$this->owner_cu = CompanyUser::where('user_id', $this->owner_cu->user_id)->where('company_id', $this->owner_cu->company_id)->first();
$this->owner_cu->is_owner = false;
$this->owner_cu->is_admin = true;
$this->owner_cu->is_locked = true;
$this->owner_cu->permissions = '[]';
$this->owner_cu->save();
$response = $this->withHeaders([
'X-API-SECRET' => config('ninja.api_secret'),
'X-API-TOKEN' => $this->owner_token,
])->get('/api/v1/companies/'.$this->company->hashed_id)
->assertStatus(403);
}
/** /**