blessing-skin-server/tests/MiddlewareTest.php

<?php

namespace Tests;

use Event;
use App\Models\User;
use App\Models\Player;
use App\Services\Facades\Option;
use Illuminate\Support\Facades\Schema;
use Illuminate\Foundation\Testing\DatabaseTransactions;

class MiddlewareTest extends TestCase
{
    use DatabaseTransactions;

    public function testAuthenticate()
    {
        $this->get('/user')->assertRedirect('auth/login');
        $this->actAs('normal')->assertAuthenticated();
    }

    public function testCheckUserVerified()
    {
        $unverified = factory(User::class)->create(['verified' => false]);

        option(['require_verification' => false]);
        $this->actingAs($unverified)
            ->get('/skinlib/upload')
            ->assertSuccessful();

        option(['require_verification' => true]);
        $this->actingAs($unverified)
            ->get('/skinlib/upload')
            ->assertStatus(403)
            ->assertSee(trans('auth.check.verified'));

        $this->actAs('normal')
            ->get('/skinlib/upload')
            ->assertSuccessful();
    }

    public function testCheckAdministrator()
    {
        // Without logged in
        $this->get('/admin')->assertRedirect('/auth/login');

        // Normal user
        $this->actAs('normal')
            ->get('/admin')
            ->assertStatus(403);

        // Admin
        $this->actAs('admin')
            ->get('/admin')
            ->assertSuccessful();

        // Super admin
        $this->actAs('superAdmin')
            ->get('/admin')
            ->assertSuccessful();
    }

    public function testCheckSuperAdmin()
    {
        // Admin
        $this->actAs('admin')
            ->get('/admin/plugins/manage')
            ->assertForbidden();

        // Super admin
        $this->actAs('superAdmin')
            ->get('/admin/plugins/manage')
            ->assertSuccessful();
    }

    public function testCheckInstallation()
    {
        $this->get('/setup')->assertSee('Already installed');

        $tables = [
            'user_closet', 'migrations', 'options', 'players', 'textures', 'users',
        ];
        array_walk($tables, function ($table) {
            Schema::dropIfExists($table);
        });
        $this->get('/setup')->assertSee(trans(
            'setup.wizard.welcome.text',
            ['version' => config('app.version')]
        ));
    }

    public function testCheckPlayerExist()
    {
        Event::fake();

        $this->getJson('/nope.json')
            ->assertStatus(404)
            ->assertSee(trans('general.unexistent-player'));

        $this->get('/skin/nope.png')
            ->assertStatus(404)
            ->assertSee(trans('general.unexistent-player'));

        Option::set('return_204_when_notfound', true);
        $this->getJson('/nope.json')->assertStatus(204);

        $player = factory(\App\Models\Player::class)->create();
        $this->getJson("/{$player->name}.json")
            ->assertJson(['username' => $player->name]);  // Default is CSL API

        $this->getJson("/{$player->name}.json");
        Event::assertDispatched(\App\Events\CheckPlayerExists::class);

        $player = factory(\App\Models\Player::class)->create();
        $user = $player->user;
        $this->actingAs($user)
            ->postJson('/user/player/rename/-1', ['name' => 'name'])
            ->assertJson([
                'code' => 1,
                'message' => trans('general.unexistent-player'),
            ]);
    }

    public function testCheckPlayerOwner()
    {
        $other_user = factory(\App\Models\User::class)->create();
        $player = factory(\App\Models\Player::class)->create();
        $owner = $player->user;

        $this->actingAs($other_user)
            ->get('/user/player')
            ->assertSuccessful();

        $this->actingAs($other_user)
            ->postJson('/user/player/rename/'.$player->pid)
            ->assertJson([
                'code' => 1,
                'message' => trans('admin.players.no-permission'),
            ]);
    }

    public function testEnsureEmailFilled()
    {
        $noEmailUser = factory(User::class)->create(['email' => '']);
        $this->actingAs($noEmailUser)->get('/user')->assertRedirect('/auth/bind');

        $normalUser = factory(User::class)->create();
        $this->actingAs($normalUser)->get('/auth/bind')->assertRedirect('/user');
    }

    public function testFireUserAuthenticated()
    {
        Event::fake();
        $user = factory(User::class)->create();
        $this->actingAs($user)->get('/user');
        Event::assertDispatched(\App\Events\UserAuthenticated::class, function ($event) use ($user) {
            $this->assertEquals($user->uid, $event->user->uid);
            return true;
        });
    }

    public function testRedirectIfAuthenticated()
    {
        $this->get('/auth/login')
            ->assertViewIs('auth.login')
            ->assertDontSee(trans('general.user-center'));

        $this->actingAs(factory(User::class)->create())
            ->get('/auth/login')
            ->assertRedirect('/user');
    }

    public function testRejectBannedUser()
    {
        $user = factory(User::class, 'banned')->create();
        $this->actingAs($user)->get('/user')->assertForbidden();
        $this->get('/user', ['accept' => 'application/json'])
            ->assertForbidden()
            ->assertJson(['code' => -1, 'message' => trans('auth.check.banned')]);
    }

    public function testRequireBindPlayer()
    {
        $user = factory(User::class)->create();
        $this->actingAs($user)->get('/user')->assertViewIs('user.index');
        $this->get('/user/player/bind')->assertRedirect('/user');

        option(['single_player' => true]);

        $this->getJson('/user/player/list')->assertHeader('content-type', 'application/json');

        $this->get('/user/player/bind')->assertViewIs('user.bind');
        $this->get('/user')->assertRedirect('/user/player/bind');

        factory(Player::class)->create(['uid' => $user->uid]);
        $this->get('/user')->assertViewIs('user.index');
        $this->get('/user/player/bind')->assertRedirect('/user');
    }

    public function testForbiddenIE()
    {
        $this->get('/', ['user-agent' => 'MSIE'])->assertSee(trans('errors.http.ie'));
        $this->get('/', ['user-agent' => 'Trident'])->assertSee(trans('errors.http.ie'));
    }
}
Add tests for middleware and `HomeController` 2017-10-29 09:19:02 +08:00			`<?php`

Update tests and composer autoload 2018-08-17 15:25:08 +08:00			`namespace Tests;`

Refactor middlewares 2019-04-25 13:01:39 +08:00			`use Event;`
Update tests for middleware 2017-11-30 10:02:29 +08:00			`use App\Models\User;`
Support limiting single player 2019-03-22 21:40:12 +08:00			`use App\Models\Player;`
Add tests for middleware and `HomeController` 2017-10-29 09:19:02 +08:00			`use App\Services\Facades\Option;`
Update tests and composer autoload 2018-08-17 15:25:08 +08:00			`use Illuminate\Support\Facades\Schema;`
Add tests for middleware and `HomeController` 2017-10-29 09:19:02 +08:00			`use Illuminate\Foundation\Testing\DatabaseTransactions;`

			`class MiddlewareTest extends TestCase`
			`{`
			`use DatabaseTransactions;`

Refactor middlewares 2019-04-25 13:01:39 +08:00			`public function testAuthenticate()`
Add tests for middleware and `HomeController` 2017-10-29 09:19:02 +08:00			`{`
fix tests of middlewares 2018-07-13 16:05:20 +08:00			`$this->get('/user')->assertRedirect('auth/login');`
Refactor middlewares 2019-04-25 13:01:39 +08:00			`$this->actAs('normal')->assertAuthenticated();`
Add tests for middleware and `HomeController` 2017-10-29 09:19:02 +08:00			`}`

Support email verification 2018-08-17 12:32:44 +08:00			`public function testCheckUserVerified()`
			`{`
			`$unverified = factory(User::class)->create(['verified' => false]);`

			`option(['require_verification' => false]);`
			`$this->actingAs($unverified)`
			`->get('/skinlib/upload')`
			`->assertSuccessful();`

			`option(['require_verification' => true]);`
			`$this->actingAs($unverified)`
			`->get('/skinlib/upload')`
			`->assertStatus(403)`
			`->assertSee(trans('auth.check.verified'));`

			`$this->actAs('normal')`
			`->get('/skinlib/upload')`
			`->assertSuccessful();`
			`}`

Add tests for middleware and `HomeController` 2017-10-29 09:19:02 +08:00			`public function testCheckAdministrator()`
			`{`
			`// Without logged in`
fix tests of middlewares 2018-07-13 16:05:20 +08:00			`$this->get('/admin')->assertRedirect('/auth/login');`
Add tests for middleware and `HomeController` 2017-10-29 09:19:02 +08:00
			`// Normal user`
			`$this->actAs('normal')`
			`->get('/admin')`
fix tests of middlewares 2018-07-13 16:05:20 +08:00			`->assertStatus(403);`
Add tests for middleware and `HomeController` 2017-10-29 09:19:02 +08:00
			`// Admin`
			`$this->actAs('admin')`
fix tests of middlewares 2018-07-13 16:05:20 +08:00			`->get('/admin')`
			`->assertSuccessful();`
Add tests for middleware and `HomeController` 2017-10-29 09:19:02 +08:00
			`// Super admin`
			`$this->actAs('superAdmin')`
fix tests of middlewares 2018-07-13 16:05:20 +08:00			`->get('/admin')`
			`->assertSuccessful();`
Add tests for middleware and `HomeController` 2017-10-29 09:19:02 +08:00			`}`

Restrict PluginController access to super admin only 2018-08-21 09:05:29 +08:00			`public function testCheckSuperAdmin()`
			`{`
			`// Admin`
			`$this->actAs('admin')`
			`->get('/admin/plugins/manage')`
			`->assertForbidden();`

			`// Super admin`
			`$this->actAs('superAdmin')`
			`->get('/admin/plugins/manage')`
			`->assertSuccessful();`
			`}`

Add tests for middleware and `HomeController` 2017-10-29 09:19:02 +08:00			`public function testCheckInstallation()`
			`{`
fix tests of middlewares 2018-07-13 16:05:20 +08:00			`$this->get('/setup')->assertSee('Already installed');`
Add tests for middleware and `HomeController` 2017-10-29 09:19:02 +08:00
			`$tables = [`
Reimplementing closet 2019-03-14 23:55:49 +08:00			`'user_closet', 'migrations', 'options', 'players', 'textures', 'users',`
Add tests for middleware and `HomeController` 2017-10-29 09:19:02 +08:00			`];`
			`array_walk($tables, function ($table) {`
			`Schema::dropIfExists($table);`
			`});`
fix tests of middlewares 2018-07-13 16:05:20 +08:00			`$this->get('/setup')->assertSee(trans(`
Add tests for middleware and `HomeController` 2017-10-29 09:19:02 +08:00			`'setup.wizard.welcome.text',`
			`['version' => config('app.version')]`
			`));`
			`}`

			`public function testCheckPlayerExist()`
			`{`
Use formal event assertion 2019-05-01 10:38:50 +08:00			`Event::fake();`

fix tests of middlewares 2018-07-13 16:05:20 +08:00			`$this->getJson('/nope.json')`
			`->assertStatus(404)`
Update translations 2018-08-14 01:00:02 +08:00			`->assertSee(trans('general.unexistent-player'));`
Add tests for middleware and `HomeController` 2017-10-29 09:19:02 +08:00
			`$this->get('/skin/nope.png')`
fix tests of middlewares 2018-07-13 16:05:20 +08:00			`->assertStatus(404)`
Update translations 2018-08-14 01:00:02 +08:00			`->assertSee(trans('general.unexistent-player'));`
Add tests for middleware and `HomeController` 2017-10-29 09:19:02 +08:00
Return 204 instead of 200 for CDN cache 2018-07-22 16:42:58 +08:00			`Option::set('return_204_when_notfound', true);`
			`$this->getJson('/nope.json')->assertStatus(204);`
Add tests for middleware and `HomeController` 2017-10-29 09:19:02 +08:00
Update tests and composer autoload 2018-08-17 15:25:08 +08:00			`$player = factory(\App\Models\Player::class)->create();`
Rename column `player_name` to `name` 2019-03-13 13:16:51 +08:00			`$this->getJson("/{$player->name}.json")`
			`->assertJson(['username' => $player->name]); // Default is CSL API`
Add tests for middleware and `HomeController` 2017-10-29 09:19:02 +08:00
Rename column `player_name` to `name` 2019-03-13 13:16:51 +08:00			`$this->getJson("/{$player->name}.json");`
Use formal event assertion 2019-05-01 10:38:50 +08:00			`Event::assertDispatched(\App\Events\CheckPlayerExists::class);`
Do some checks before updating player profile 2017-11-15 14:00:11 +08:00
			`$player = factory(\App\Models\Player::class)->create();`
refactor tests 2018-07-16 10:22:19 +08:00			`$user = $player->user;`
Refactor tests 2019-04-04 09:50:48 +08:00			`$this->actingAs($user)`
Add RESTful APIs about players 2019-04-24 13:10:03 +08:00			`->postJson('/user/player/rename/-1', ['name' => 'name'])`
			`->assertJson([`
Normalize JSON response structure 2019-04-23 11:47:45 +08:00			`'code' => 1,`
			`'message' => trans('general.unexistent-player'),`
Do some checks before updating player profile 2017-11-15 14:00:11 +08:00			`]);`
			`}`

			`public function testCheckPlayerOwner()`
			`{`
			`$other_user = factory(\App\Models\User::class)->create();`
			`$player = factory(\App\Models\Player::class)->create();`
refactor tests 2018-07-16 10:22:19 +08:00			`$owner = $player->user;`
Do some checks before updating player profile 2017-11-15 14:00:11 +08:00
Refactor tests 2019-04-04 09:50:48 +08:00			`$this->actingAs($other_user)`
fix tests of middlewares 2018-07-13 16:05:20 +08:00			`->get('/user/player')`
			`->assertSuccessful();`
Do some checks before updating player profile 2017-11-15 14:00:11 +08:00
Refactor tests 2019-04-04 09:50:48 +08:00			`$this->actingAs($other_user)`
Add RESTful APIs about players 2019-04-24 13:10:03 +08:00			`->postJson('/user/player/rename/'.$player->pid)`
			`->assertJson([`
Normalize JSON response structure 2019-04-23 11:47:45 +08:00			`'code' => 1,`
			`'message' => trans('admin.players.no-permission'),`
Do some checks before updating player profile 2017-11-15 14:00:11 +08:00			`]);`
Add tests for middleware and `HomeController` 2017-10-29 09:19:02 +08:00			`}`

Refactor middlewares 2019-04-25 13:01:39 +08:00			`public function testEnsureEmailFilled()`
			`{`
			`$noEmailUser = factory(User::class)->create(['email' => '']);`
			`$this->actingAs($noEmailUser)->get('/user')->assertRedirect('/auth/bind');`

			`$normalUser = factory(User::class)->create();`
			`$this->actingAs($normalUser)->get('/auth/bind')->assertRedirect('/user');`
			`}`

			`public function testFireUserAuthenticated()`
			`{`
			`Event::fake();`
			`$user = factory(User::class)->create();`
			`$this->actingAs($user)->get('/user');`
			`Event::assertDispatched(\App\Events\UserAuthenticated::class, function ($event) use ($user) {`
			`$this->assertEquals($user->uid, $event->user->uid);`
			`return true;`
			`});`
			`}`

Add tests for middleware and `HomeController` 2017-10-29 09:19:02 +08:00			`public function testRedirectIfAuthenticated()`
			`{`
fix tests of middlewares 2018-07-13 16:05:20 +08:00			`$this->get('/auth/login')`
			`->assertViewIs('auth.login')`
Update translations 2018-08-14 01:00:02 +08:00			`->assertDontSee(trans('general.user-center'));`
Add tests for middleware and `HomeController` 2017-10-29 09:19:02 +08:00
Use Laravel's auth system and use another captcha generator 2018-07-20 14:42:43 +08:00			`$this->actingAs(factory(User::class)->create())`
fix tests of middlewares 2018-07-13 16:05:20 +08:00			`->get('/auth/login')`
			`->assertRedirect('/user');`
Add tests for middleware and `HomeController` 2017-10-29 09:19:02 +08:00			`}`
Support limiting single player 2019-03-22 21:40:12 +08:00
Refactor middlewares 2019-04-25 13:01:39 +08:00			`public function testRejectBannedUser()`
			`{`
			`$user = factory(User::class, 'banned')->create();`
			`$this->actingAs($user)->get('/user')->assertForbidden();`
			`$this->get('/user', ['accept' => 'application/json'])`
			`->assertForbidden()`
			`->assertJson(['code' => -1, 'message' => trans('auth.check.banned')]);`
			`}`

Support limiting single player 2019-03-22 21:40:12 +08:00			`public function testRequireBindPlayer()`
			`{`
			`$user = factory(User::class)->create();`
Refactor tests 2019-04-04 09:50:48 +08:00			`$this->actingAs($user)->get('/user')->assertViewIs('user.index');`
Support limiting single player 2019-03-22 21:40:12 +08:00			`$this->get('/user/player/bind')->assertRedirect('/user');`

			`option(['single_player' => true]);`

			`$this->getJson('/user/player/list')->assertHeader('content-type', 'application/json');`

			`$this->get('/user/player/bind')->assertViewIs('user.bind');`
			`$this->get('/user')->assertRedirect('/user/player/bind');`

			`factory(Player::class)->create(['uid' => $user->uid]);`
			`$this->get('/user')->assertViewIs('user.index');`
			`$this->get('/user/player/bind')->assertRedirect('/user');`
			`}`
Add `ForbiddenIE` middleware 2019-04-22 21:09:36 +08:00
			`public function testForbiddenIE()`
			`{`
			`$this->get('/', ['user-agent' => 'MSIE'])->assertSee(trans('errors.http.ie'));`
			`$this->get('/', ['user-agent' => 'Trident'])->assertSee(trans('errors.http.ie'));`
			`}`
Add tests for middleware and `HomeController` 2017-10-29 09:19:02 +08:00			`}`