mirror of
https://github.com/invoiceninja/invoiceninja.git
synced 2025-10-24 13:09:22 -04:00
583 lines
19 KiB
PHP
583 lines
19 KiB
PHP
<?php
|
|
/**
|
|
* Invoice Ninja (https://invoiceninja.com).
|
|
*
|
|
* @link https://github.com/invoiceninja/invoiceninja source repository
|
|
*
|
|
* @copyright Copyright (c) 2021. Invoice Ninja LLC (https://invoiceninja.com)
|
|
*
|
|
* @license https://www.elastic.co/licensing/elastic-license
|
|
*/
|
|
|
|
namespace Tests\Feature;
|
|
|
|
use App\DataMapper\ClientRegistrationFields;
|
|
use App\DataMapper\ClientSettings;
|
|
use App\DataMapper\CompanySettings;
|
|
use App\Factory\ClientGatewayTokenFactory;
|
|
use App\Factory\CompanyUserFactory;
|
|
use App\Factory\WebhookFactory;
|
|
use App\Models\BankIntegration;
|
|
use App\Models\BankTransaction;
|
|
use App\Models\BankTransactionRule;
|
|
use App\Models\Client;
|
|
use App\Models\ClientContact;
|
|
use App\Models\Company;
|
|
use App\Models\CompanyGateway;
|
|
use App\Models\CompanyToken;
|
|
use App\Models\CompanyUser;
|
|
use App\Models\Credit;
|
|
use App\Models\Document;
|
|
use App\Models\Expense;
|
|
use App\Models\ExpenseCategory;
|
|
use App\Models\GroupSetting;
|
|
use App\Models\Invoice;
|
|
use App\Models\Payment;
|
|
use App\Models\Product;
|
|
use App\Models\Project;
|
|
use App\Models\PurchaseOrder;
|
|
use App\Models\Quote;
|
|
use App\Models\RecurringExpense;
|
|
use App\Models\RecurringInvoice;
|
|
use App\Models\RecurringQuote;
|
|
use App\Models\Scheduler;
|
|
use App\Models\Subscription;
|
|
use App\Models\Task;
|
|
use App\Models\TaskStatus;
|
|
use App\Models\TaxRate;
|
|
use App\Models\User;
|
|
use App\Models\Vendor;
|
|
use App\Models\VendorContact;
|
|
use Illuminate\Routing\Middleware\ThrottleRequests;
|
|
use Illuminate\Support\Str;
|
|
use Illuminate\Testing\Fluent\AssertableJson;
|
|
use Tests\MockAccountData;
|
|
use Tests\TestCase;
|
|
|
|
/**
|
|
* @test
|
|
* @covers App\Http\Controllers\BaseController
|
|
*/
|
|
class BaseApiTest extends TestCase
|
|
{
|
|
use MockAccountData;
|
|
|
|
private $list_routes = [
|
|
'products',
|
|
'clients',
|
|
'invoices',
|
|
'recurring_invoices',
|
|
'payments',
|
|
'quotes',
|
|
'credits',
|
|
'projects',
|
|
'tasks',
|
|
'vendors',
|
|
'purchase_orders',
|
|
'expenses',
|
|
'recurring_expenses',
|
|
'task_schedulers',
|
|
'bank_integrations',
|
|
'bank_transactions',
|
|
'tax_rates',
|
|
'users',
|
|
'payment_terms',
|
|
'purchase_orders',
|
|
'subscriptions',
|
|
'webhooks',
|
|
'group_settings',
|
|
'designs',
|
|
'expense_categories',
|
|
'documents',
|
|
'company_gateways',
|
|
'client_gateway_tokens',
|
|
'bank_transaction_rules',
|
|
];
|
|
|
|
private string $low_token;
|
|
|
|
private string $owner_token;
|
|
|
|
protected function setUp() :void
|
|
{
|
|
parent::setUp();
|
|
|
|
$this->makeTestData();
|
|
|
|
$this->withoutMiddleware(
|
|
ThrottleRequests::class
|
|
);
|
|
|
|
$company = Company::factory()->create([
|
|
'account_id' => $this->account->id,
|
|
]);
|
|
|
|
$this->company = $company;
|
|
|
|
$company->client_registration_fields = ClientRegistrationFields::generate();
|
|
$settings = CompanySettings::defaults();
|
|
$settings->company_logo = 'https://pdf.invoicing.co/favicon-v2.png';
|
|
$settings->website = 'www.invoiceninja.com';
|
|
$settings->address1 = 'Address 1';
|
|
$settings->address2 = 'Address 2';
|
|
$settings->city = 'City';
|
|
$settings->state = 'State';
|
|
$settings->postal_code = 'Postal Code';
|
|
$settings->phone = '555-343-2323';
|
|
$settings->email = 'test@example.com';
|
|
$settings->country_id = '840';
|
|
$settings->vat_number = 'vat number';
|
|
$settings->id_number = 'id number';
|
|
$settings->use_credits_payment = 'always';
|
|
$settings->timezone_id = '1';
|
|
$settings->entity_send_time = 0;
|
|
$company->track_inventory = true;
|
|
$company->settings = $settings;
|
|
$company->save();
|
|
|
|
$this->account->default_company_id = $company->id;
|
|
$this->account->save();
|
|
|
|
$owner_user = User::factory()->create([
|
|
'account_id' => $this->account->id,
|
|
'confirmation_code' => $this->createDbHash(config('database.default')),
|
|
'email' => $this->faker->safeEmail(),
|
|
]);
|
|
|
|
$this->owner_cu = CompanyUserFactory::create($owner_user->id, $company->id, $this->account->id);
|
|
$this->owner_cu->is_owner = true;
|
|
$this->owner_cu->is_admin = true;
|
|
$this->owner_cu->is_locked = false;
|
|
$this->owner_cu->permissions = '[]';
|
|
$this->owner_cu->save();
|
|
|
|
$this->owner_token = \Illuminate\Support\Str::random(64);
|
|
|
|
$user_id = $owner_user->id;
|
|
|
|
$company_token = new CompanyToken;
|
|
$company_token->user_id = $owner_user->id;
|
|
$company_token->company_id = $company->id;
|
|
$company_token->account_id = $this->account->id;
|
|
$company_token->name = 'test token';
|
|
$company_token->token = $this->owner_token;
|
|
$company_token->is_system = true;
|
|
$company_token->save();
|
|
|
|
|
|
$lower_permission_user = User::factory()->create([
|
|
'account_id' => $this->account->id,
|
|
'confirmation_code' => $this->createDbHash(config('database.default')),
|
|
'email' => $this->faker->safeEmail(),
|
|
]);
|
|
|
|
$this->low_cu = CompanyUserFactory::create($lower_permission_user->id, $company->id, $this->account->id);
|
|
$this->low_cu->is_owner = false;
|
|
$this->low_cu->is_admin = false;
|
|
$this->low_cu->is_locked = false;
|
|
$this->low_cu->permissions = '["view_task"]';
|
|
$this->low_cu->save();
|
|
|
|
$this->low_token = \Illuminate\Support\Str::random(64);
|
|
|
|
$company_token = new CompanyToken;
|
|
$company_token->user_id = $lower_permission_user->id;
|
|
$company_token->company_id = $this->company->id;
|
|
$company_token->account_id = $this->account->id;
|
|
$company_token->name = 'test token';
|
|
$company_token->token = $this->low_token;
|
|
$company_token->is_system = true;
|
|
$company_token->save();
|
|
|
|
Product::factory()->create([
|
|
'user_id' => $user_id,
|
|
'company_id' => $company->id,
|
|
]);
|
|
|
|
$client = Client::factory()->create([
|
|
'user_id' => $user_id,
|
|
'company_id' => $company->id,
|
|
]);
|
|
|
|
$contact = ClientContact::factory()->create([
|
|
'user_id' => $user_id,
|
|
'client_id' => $client->id,
|
|
'company_id' => $company->id,
|
|
'is_primary' => 1,
|
|
'send_email' => true,
|
|
]);
|
|
|
|
$payment = Payment::factory()->create([
|
|
'user_id' => $user_id,
|
|
'client_id' => $client->id,
|
|
'company_id' => $company->id,
|
|
'amount' => 10,
|
|
]);
|
|
|
|
$contact2 = ClientContact::factory()->create([
|
|
'user_id' => $user_id,
|
|
'client_id' => $client->id,
|
|
'company_id' => $company->id,
|
|
'send_email' => true,
|
|
]);
|
|
|
|
$vendor = Vendor::factory()->create([
|
|
'user_id' => $user_id,
|
|
'company_id' => $company->id,
|
|
'currency_id' => 1,
|
|
]);
|
|
|
|
$vendor_contact = VendorContact::factory()->create([
|
|
'user_id' => $user_id,
|
|
'vendor_id' => $this->vendor->id,
|
|
'company_id' => $company->id,
|
|
'is_primary' => 1,
|
|
'send_email' => true,
|
|
]);
|
|
|
|
$vendor_contact2 = VendorContact::factory()->create([
|
|
'user_id' => $user_id,
|
|
'vendor_id' => $this->vendor->id,
|
|
'company_id' => $company->id,
|
|
'send_email' => true,
|
|
]);
|
|
|
|
$project = Project::factory()->create([
|
|
'user_id' => $user_id,
|
|
'company_id' => $company->id,
|
|
'client_id' => $client->id,
|
|
]);
|
|
|
|
$expense = Expense::factory()->create([
|
|
'user_id' => $user_id,
|
|
'company_id' => $company->id,
|
|
]);
|
|
|
|
$recurring_expense = RecurringExpense::factory()->create([
|
|
'user_id' => $user_id,
|
|
'company_id' => $company->id,
|
|
'frequency_id' => 5,
|
|
'remaining_cycles' => 5,
|
|
]);
|
|
|
|
$recurring_quote = RecurringQuote::factory()->create([
|
|
'user_id' => $user_id,
|
|
'company_id' => $company->id,
|
|
'client_id' => $client->id,
|
|
]);
|
|
|
|
$task = Task::factory()->create([
|
|
'user_id' => $user_id,
|
|
'company_id' => $company->id,
|
|
]);
|
|
|
|
$invoice = Invoice::factory()->create([
|
|
'user_id' => $user_id,
|
|
'company_id' => $company->id,
|
|
'client_id' => $client->id,
|
|
]);
|
|
|
|
$quote = Quote::factory()->create([
|
|
'user_id' => $user_id,
|
|
'company_id' => $company->id,
|
|
'client_id' => $client->id,
|
|
]);
|
|
|
|
$credit = Credit::factory()->create([
|
|
'user_id' => $user_id,
|
|
'company_id' => $company->id,
|
|
'client_id' => $client->id,
|
|
]);
|
|
|
|
$po = PurchaseOrder::factory()->create([
|
|
'user_id' => $user_id,
|
|
'company_id' => $company->id,
|
|
'vendor_id' => $vendor->id,
|
|
]);
|
|
|
|
|
|
$recurring_invoice = RecurringInvoice::factory()->create([
|
|
'user_id' => $user_id,
|
|
'company_id' => $company->id,
|
|
'client_id' => $client->id,
|
|
]);
|
|
|
|
$task_status = TaskStatus::factory()->create([
|
|
'user_id' => $user_id,
|
|
'company_id' => $company->id,
|
|
]);
|
|
|
|
$task->status_id = TaskStatus::where('company_id', $company->id)->first()->id;
|
|
$task->save();
|
|
|
|
$expense_category = ExpenseCategory::factory()->create([
|
|
'user_id' => $user_id,
|
|
'company_id' => $company->id,
|
|
]);
|
|
|
|
$tax_rate = TaxRate::factory()->create([
|
|
'user_id' => $user_id,
|
|
'company_id' => $company->id,
|
|
]);
|
|
|
|
$gs = new GroupSetting;
|
|
$gs->name = 'Test';
|
|
$gs->company_id = $client->company_id;
|
|
$gs->settings = ClientSettings::buildClientSettings($company->settings, $client->settings);
|
|
|
|
$gs_settings = $gs->settings;
|
|
$gs_settings->website = 'http://staging.invoicing.co';
|
|
$gs->settings = $gs_settings;
|
|
$gs->save();
|
|
|
|
$scheduler = Scheduler::factory()->create([
|
|
'user_id' => $user_id,
|
|
'company_id' => $company->id,
|
|
]);
|
|
|
|
$bank_integration = BankIntegration::factory()->create([
|
|
'user_id' => $user_id,
|
|
'company_id' => $company->id,
|
|
'account_id' => $this->account->id,
|
|
]);
|
|
|
|
$bank_transaction = BankTransaction::factory()->create([
|
|
'user_id' => $user_id,
|
|
'company_id' => $company->id,
|
|
'bank_integration_id' => $bank_integration->id,
|
|
]);
|
|
|
|
$bank_transaction_rule = BankTransactionRule::factory()->create([
|
|
'user_id' => $user_id,
|
|
'company_id' => $company->id,
|
|
]);
|
|
|
|
|
|
$subscription = Subscription::factory()->create([
|
|
'user_id' => $user_id,
|
|
'company_id' => $company->id,
|
|
]);
|
|
|
|
$webhook = WebhookFactory::create($company->id, $user_id);
|
|
$webhook->save();
|
|
|
|
$document = Document::factory()->create([
|
|
'user_id' => $user_id,
|
|
'company_id' => $company->id,
|
|
]);
|
|
|
|
$cg = new CompanyGateway;
|
|
$cg->company_id = $company->id;
|
|
$cg->user_id = $user_id;
|
|
$cg->gateway_key = 'd14dd26a37cecc30fdd65700bfb55b23';
|
|
$cg->require_cvv = true;
|
|
$cg->require_billing_address = true;
|
|
$cg->require_shipping_address = true;
|
|
$cg->update_details = true;
|
|
$cg->config = encrypt('{"publishableKey":"pk_test_P1riKDKD0p","apiKey":"sk_test_Yorqvz45"}');
|
|
$cg->fees_and_limits = [];
|
|
$cg->save();
|
|
|
|
$cgt = ClientGatewayTokenFactory::create($company->id);
|
|
$cgt->save();
|
|
}
|
|
|
|
// public function testGeneratingClassName()
|
|
// {
|
|
|
|
// $this->assertEquals('user', Str::snake(User::class));
|
|
|
|
// $this->assertEquals('user',lcfirst(class_basename(Str::snake(User::class))));
|
|
|
|
|
|
// }
|
|
|
|
/**
|
|
* Tests admin/owner facing routes respond with the correct status and/or data set
|
|
*/
|
|
public function testOwnerRoutes()
|
|
{
|
|
$response = $this->withHeaders([
|
|
'X-API-SECRET' => config('ninja.api_secret'),
|
|
'X-API-TOKEN' => $this->owner_token,
|
|
])->get('/api/v1/users/');
|
|
|
|
$response->assertStatus(200)
|
|
->assertJson(fn (AssertableJson $json) => $json->has('data', 2)->etc());
|
|
|
|
/*does not test the number of records however*/
|
|
collect($this->list_routes)->filter(function ($route) {
|
|
return !in_array($route, ['users','designs','payment_terms']);
|
|
})->each(function ($route) {
|
|
// nlog($route);
|
|
$response = $this->withHeaders([
|
|
'X-API-SECRET' => config('ninja.api_secret'),
|
|
'X-API-TOKEN' => $this->owner_token,
|
|
])->get("/api/v1/{$route}/")
|
|
->assertJson(
|
|
fn (AssertableJson $json) =>
|
|
$json->has('meta')
|
|
->has('data', 1)
|
|
);
|
|
});
|
|
}
|
|
|
|
public function testOwnerAccessCompany()
|
|
{
|
|
$response = $this->withHeaders([
|
|
'X-API-SECRET' => config('ninja.api_secret'),
|
|
'X-API-TOKEN' => $this->low_token,
|
|
])->get('/api/v1/companies/'.$this->company->hashed_id)
|
|
->assertStatus(403);
|
|
}
|
|
|
|
|
|
public function testAdminRoutes()
|
|
{
|
|
$this->owner_cu = CompanyUser::where('user_id', $this->owner_cu->user_id)->where('company_id', $this->owner_cu->company_id)->first();
|
|
$this->owner_cu->is_owner = false;
|
|
$this->owner_cu->is_admin = true;
|
|
$this->owner_cu->is_locked = false;
|
|
$this->owner_cu->permissions = '[]';
|
|
$this->owner_cu->save();
|
|
|
|
$response = $this->withHeaders([
|
|
'X-API-SECRET' => config('ninja.api_secret'),
|
|
'X-API-TOKEN' => $this->owner_token,
|
|
])->get('/api/v1/users/');
|
|
|
|
$response->assertStatus(200)
|
|
->assertJson(fn (AssertableJson $json) => $json->has('data', 2)->etc());
|
|
|
|
collect($this->list_routes)->filter(function ($route) {
|
|
return !in_array($route, ['users','designs','payment_terms']);
|
|
})->each(function ($route) {
|
|
// nlog($route);
|
|
$response = $this->withHeaders([
|
|
'X-API-SECRET' => config('ninja.api_secret'),
|
|
'X-API-TOKEN' => $this->owner_token,
|
|
])->get("/api/v1/{$route}/")
|
|
->assertStatus(200)
|
|
->assertJson(
|
|
fn (AssertableJson $json) =>
|
|
$json->has('meta')
|
|
->has('data', 1)
|
|
);
|
|
});
|
|
}
|
|
|
|
public function testAdminAccessCompany()
|
|
{
|
|
$response = $this->withHeaders([
|
|
'X-API-SECRET' => config('ninja.api_secret'),
|
|
'X-API-TOKEN' => $this->owner_token,
|
|
])->get('/api/v1/companies/'.$this->company->hashed_id)
|
|
->assertStatus(200);
|
|
}
|
|
|
|
public function testAdminLockedRoutes()
|
|
{
|
|
$this->owner_cu = CompanyUser::where('user_id', $this->owner_cu->user_id)->where('company_id', $this->owner_cu->company_id)->first();
|
|
$this->owner_cu->is_owner = false;
|
|
$this->owner_cu->is_admin = true;
|
|
$this->owner_cu->is_locked = true;
|
|
$this->owner_cu->permissions = '[]';
|
|
$this->owner_cu->save();
|
|
|
|
$response = $this->withHeaders([
|
|
'X-API-SECRET' => config('ninja.api_secret'),
|
|
'X-API-TOKEN' => $this->owner_token,
|
|
])->get('/api/v1/users/')
|
|
->assertStatus(403);
|
|
|
|
collect($this->list_routes)->filter(function ($route) {
|
|
return !in_array($route, ['users','designs','payment_terms']);
|
|
})->each(function ($route) {
|
|
// nlog($route);
|
|
$response = $this->withHeaders([
|
|
'X-API-SECRET' => config('ninja.api_secret'),
|
|
'X-API-TOKEN' => $this->owner_token,
|
|
])->get("/api/v1/{$route}/")
|
|
->assertStatus(403);
|
|
});
|
|
}
|
|
|
|
public function testAdminLockedCompany()
|
|
{
|
|
$this->owner_cu = CompanyUser::where('user_id', $this->owner_cu->user_id)->where('company_id', $this->owner_cu->company_id)->first();
|
|
$this->owner_cu->is_owner = false;
|
|
$this->owner_cu->is_admin = true;
|
|
$this->owner_cu->is_locked = true;
|
|
$this->owner_cu->permissions = '[]';
|
|
$this->owner_cu->save();
|
|
|
|
$response = $this->withHeaders([
|
|
'X-API-SECRET' => config('ninja.api_secret'),
|
|
'X-API-TOKEN' => $this->owner_token,
|
|
])->get('/api/v1/companies/'.$this->company->hashed_id)
|
|
->assertStatus(403);
|
|
}
|
|
|
|
/**
|
|
* Tests user facing routes respond with the correct status and/or data set
|
|
*/
|
|
public function testRestrictedUserRoute()
|
|
{
|
|
$response = $this->withHeaders([
|
|
'X-API-SECRET' => config('ninja.api_secret'),
|
|
'X-API-TOKEN' => $this->token,
|
|
])->get('/api/v1/tasks/')
|
|
->assertStatus(200)
|
|
->assertJson(fn (AssertableJson $json) => $json->has('data', 1)->etc());
|
|
|
|
$response = $this->withHeaders([
|
|
'X-API-SECRET' => config('ninja.api_secret'),
|
|
'X-API-TOKEN' => $this->token,
|
|
])->get('/api/v1/group_settings/')
|
|
->assertStatus(200)
|
|
->assertJson(fn (AssertableJson $json) => $json->has('data', 2)->etc());
|
|
|
|
$response = $this->withHeaders([
|
|
'X-API-SECRET' => config('ninja.api_secret'),
|
|
'X-API-TOKEN' => $this->token,
|
|
])->get('/api/v1/designs/')
|
|
->assertStatus(200)
|
|
->assertJson(fn (AssertableJson $json) => $json->has('data', 11)->etc());
|
|
|
|
|
|
$response = $this->withHeaders([
|
|
'X-API-SECRET' => config('ninja.api_secret'),
|
|
'X-API-TOKEN' => $this->low_token,
|
|
])->get('/api/v1/users/');
|
|
|
|
$response->assertStatus(200)
|
|
->assertJson(fn (AssertableJson $json) => $json->has('data', 1)->etc());
|
|
|
|
collect($this->list_routes)->filter(function ($route) {
|
|
return !in_array($route, ['tasks', 'users', 'group_settings','designs','client_gateway_tokens']);
|
|
})->each(function ($route) {
|
|
$response = $this->withHeaders([
|
|
'X-API-SECRET' => config('ninja.api_secret'),
|
|
'X-API-TOKEN' => $this->low_token,
|
|
])->get("/api/v1/{$route}/")
|
|
->assertJson(
|
|
fn (AssertableJson $json) =>
|
|
$json->has('meta')
|
|
->has('data', 0)
|
|
);
|
|
});
|
|
|
|
$response = $this->withHeaders([
|
|
'X-API-SECRET' => config('ninja.api_secret'),
|
|
'X-API-TOKEN' => $this->low_token,
|
|
])->get('/api/v1/companies/'.$this->company->hashed_id)
|
|
->assertStatus(403);
|
|
|
|
$response = $this->withHeaders([
|
|
'X-API-SECRET' => config('ninja.api_secret'),
|
|
'X-API-TOKEN' => $this->low_token,
|
|
])->get('/api/v1/client_gateway_tokens/')
|
|
->assertStatus(403);
|
|
}
|
|
}
|