From b5a8c60db5b149a943656e23b6844f9323bee287 Mon Sep 17 00:00:00 2001
From: David Bomba <turbo124@gmail.com>
Date: Sat, 24 Jul 2021 10:25:48 +1000
Subject: [PATCH] Improve Company Gateway validation

---
 .../StoreCompanyGatewayRequest.php            |  7 ++--
 tests/Feature/CompanyGatewayApiTest.php       | 37 +++++++++++++++++++
 2 files changed, 40 insertions(+), 4 deletions(-)

diff --git a/app/Http/Requests/CompanyGateway/StoreCompanyGatewayRequest.php b/app/Http/Requests/CompanyGateway/StoreCompanyGatewayRequest.php
index 8b4a9109e25a..cfb39c44885a 100644
--- a/app/Http/Requests/CompanyGateway/StoreCompanyGatewayRequest.php
+++ b/app/Http/Requests/CompanyGateway/StoreCompanyGatewayRequest.php
@@ -34,7 +34,7 @@ class StoreCompanyGatewayRequest extends Request
     public function rules()
     {
         $rules = [
-            'gateway_key' => 'required',
+            'gateway_key' => 'required|alpha_num',
             'fees_and_limits' => new ValidCompanyGatewayFeesAndLimitsRule(),
         ];
 
@@ -45,9 +45,8 @@ class StoreCompanyGatewayRequest extends Request
     {
         $input = $this->all();
 
-        $gateway = Gateway::where('key', $input['gateway_key'])->first();
-
-        if($gateway);
+        
+        if($gateway = Gateway::where('key', $input['gateway_key'])->first())
         {
 
             $default_gateway_fields = json_decode($gateway->fields);
diff --git a/tests/Feature/CompanyGatewayApiTest.php b/tests/Feature/CompanyGatewayApiTest.php
index 33f7bd55e442..4896a3837c9d 100644
--- a/tests/Feature/CompanyGatewayApiTest.php
+++ b/tests/Feature/CompanyGatewayApiTest.php
@@ -45,6 +45,43 @@ class CompanyGatewayApiTest extends TestCase
         Model::reguard();
     }
 
+    public function testCompanyGatewayEndPointsWithIncorrectFields()
+    {
+        $data = [
+            'config' => 'random config',
+            'gateway_key' => '',
+        ];
+
+        /* POST */
+        $response = $this->withHeaders([
+                'X-API-SECRET' => config('ninja.api_secret'),
+                'X-API-TOKEN' => $this->token,
+            ])->post('/api/v1/company_gateways', $data);
+
+        $response->assertStatus(302);
+
+    }
+
+
+    public function testCompanyGatewayEndPointsWithInvalidFields()
+    {
+        $data = [
+            'config' => 'random config',
+            'gateway_key' => '$#%^&*(',
+        ];
+
+        /* POST */
+        $response = $this->withHeaders([
+                'X-API-SECRET' => config('ninja.api_secret'),
+                'X-API-TOKEN' => $this->token,
+            ])->post('/api/v1/company_gateways', $data);
+
+        $response->assertStatus(302);
+
+    }
+
+
+
     public function testCompanyGatewayEndPoints()
     {
         $data = [