blessing-skin-server/tests/AdminControllerTest.php

<?php

namespace Tests;

use App\Models\User;
use App\Models\Player;
use App\Models\Texture;
use Illuminate\Support\Str;
use Illuminate\Foundation\Testing\WithoutMiddleware;
use Illuminate\Foundation\Testing\DatabaseTransactions;

class AdminControllerTest extends BrowserKitTestCase
{
    use DatabaseTransactions;

    protected function setUp(): void
    {
        // Do not use `WithoutMiddleware` trait
        parent::setUp();
        $this->actAs('admin');
    }

    public function testIndex()
    {
        $this->visit('/admin')->seePageIs('/admin');
    }

    public function testCustomize()
    {
        // Check if `color_scheme` is existed or not
        $this->get('/admin/customize?action=color', [
            'Accept' => 'application/json',
            'X-Requested-With' => 'XMLHttpRequest',
        ])->seeJson([
            'errno' => 1,
            'msg' => trans('validation.required', ['attribute' => 'color scheme']),
        ]);

        // Change color
        $this->get('/admin/customize?action=color&color_scheme=purple')
            ->seeJson([
                'errno' => 0,
                'msg' => trans('admin.customize.change-color.success'),
            ]);
        $this->assertEquals('purple', option('color_scheme'));

        $this->visit('/admin/customize')
            ->type('url', 'home_pic_url')
            ->type('url', 'favicon_url')
            ->select('1', 'copyright_prefer')
            ->type('copyright', 'copyright_text')
            ->press('submit_homepage');
        $this->assertEquals('url', option('home_pic_url'));
        $this->assertEquals('url', option('favicon_url'));
        $this->assertEquals('1', option('copyright_prefer'));
        $this->assertEquals('copyright', option('copyright_text'));

        $this->visit('/admin/customize')
            ->type('css', 'custom_css')
            ->type('js', 'custom_js')
            ->press('submit_customJsCss');
        $this->assertEquals('css', option('custom_css'));
        $this->assertEquals('js', option('custom_js'));
    }

    public function testScore()
    {
        $this->visit('/admin/score')
            ->type('4', 'score_per_storage')
            ->type('6', 'private_score_per_storage')
            ->type('8', 'score_per_closet_item')
            ->uncheck('return_score')
            ->type('12', 'score_per_player')
            ->type('500', 'user_initial_score')
            ->press('submit_rate');
        $this->assertEquals('4', option('score_per_storage'));
        $this->assertEquals('6', option('private_score_per_storage'));
        $this->assertEquals('8', option('score_per_closet_item'));
        $this->assertFalse(option('return_score'));
        $this->assertEquals('12', option('score_per_player'));
        $this->assertEquals('500', option('user_initial_score'));

        $this->visit('/admin/score')
            ->type('233', 'sign_score_from')
            ->type('666', 'sign_score_to')
            ->type('7', 'sign_gap_time')
            ->check('sign_after_zero')
            ->press('submit_sign');
        $this->assertEquals('233,666', option('sign_score'));
        $this->assertEquals('7', option('sign_gap_time'));
        $this->assertTrue(option('sign_after_zero'));
    }

    public function testOptions()
    {
        $this->visit('/admin/options')
            ->type('My Site', 'site_name')
            ->type('hi', 'site_description')
            ->type('http://blessing.skin/', 'site_url')
            ->uncheck('user_can_register')
            ->type('8', 'regs_per_ip')
            ->select('1', 'ip_get_method')
            ->type('2048', 'max_upload_file_size')
            ->see(trans(
                'options.general.max_upload_file_size.hint',
                ['size' => ini_get('upload_max_filesize')]
            ))
            ->select('cjk', 'player_name_rule')
            ->type('/^([0-9]+)$/', 'custom_player_name_regexp')
            ->select('1', 'api_type')
            ->check('auto_del_invalid_texture')
            ->type('code', 'comment_script')
            ->press('submit_general');
        $this->assertEquals('My Site', option_localized('site_name'));
        $this->assertEquals('hi', option_localized('site_description'));
        $this->assertEquals('http://blessing.skin', option('site_url'));
        $this->assertFalse(option('user_can_register'));
        $this->assertEquals('8', option('regs_per_ip'));
        $this->assertEquals('1', option('ip_get_method'));
        $this->assertEquals('2048', option('max_upload_file_size'));
        $this->assertEquals('cjk', option('player_name_rule'));
        $this->assertEquals('/^([0-9]+)$/', option('custom_player_name_regexp'));
        $this->assertEquals('1', option('api_type'));
        $this->assertTrue(option('auto_del_invalid_texture'));
        $this->assertEquals('code', option('comment_script'));

        $this->visit('/admin/options')
            ->type('http://blessing.skin/index.php', 'site_url')
            ->press('submit_general');
        $this->assertEquals('http://blessing.skin', option('site_url'));

        $this->visit('/admin/options')
            ->type('announcement', 'announcement')
            ->press('submit_announ');
        $this->assertEquals('announcement', option('announcement'));

        $this->visit('/admin/options')
            ->check('force_ssl')
            ->uncheck('auto_detect_asset_url')
            ->check('return_204_when_notfound')
            ->type('0', 'cache_expire_time')
            ->press('submit_resources');
        $this->assertTrue(option('force_ssl'));
        $this->assertFalse(option('auto_detect_asset_url'));
        $this->assertTrue(option('return_204_when_notfound'));
        $this->assertEquals('0', option('cache_expire_time'));
    }

    public function testUsers()
    {
        $this->visit('/admin/users')->see(trans('general.user-manage'));
    }

    public function testGetUserData()
    {
        $this->getJson('/admin/user-data')
            ->seeJsonStructure([
                'data' => [[
                    'uid',
                    'email',
                    'nickname',
                    'score',
                    'permission',
                    'register_at',
                    'operations',
                    'players_count',
                ]],
            ]);

        $user = factory(User::class)->create();
        $this->getJson('/admin/user-data?uid='.$user->uid)
            ->seeJsonSubset([
                'data' => [[
                    'uid' => $user->uid,
                    'email' => $user->email,
                    'nickname' => $user->nickname,
                    'score' => $user->score,
                    'permission' => $user->permission,
                    'players_count' => 0,
                ]],
            ]);
    }

    public function testPlayers()
    {
        $this->visit('/admin/players')->see(trans('general.player-manage'));
    }

    public function testGetPlayerData()
    {
        $player = factory(Player::class)->create();
        $user = $player->user;

        $this->getJson('/admin/player-data')
            ->seeJsonStructure([
                'data' => [[
                    'pid',
                    'uid',
                    'player_name',
                    'tid_skin',
                    'tid_cape',
                    'last_modified',
                ]],
            ]);

        $this->getJson('/admin/player-data?uid='.$user->uid)
            ->seeJsonSubset([
                'data' => [[
                    'pid' => $player->pid,
                    'uid' => $user->uid,
                    'player_name' => $player->player_name,
                    'tid_skin' => $player->tid_skin,
                    'tid_cape' => $player->tid_cape,
                ]],
            ]);
    }

    public function testUserAjaxHandler()
    {
        // Operate on an not-existed user
        $this->postJson('/admin/users')
            ->seeJson([
                'errno' => 1,
                'msg' => trans('admin.users.operations.non-existent'),
            ]);

        $user = factory(User::class)->create();

        // Operate without `action` field
        $this->postJson('/admin/users', ['uid' => $user->uid])
            ->seeJson([
                'errno' => 1,
                'msg' => trans('admin.users.operations.invalid'),
            ]);

        // An admin operating on a super admin should be forbidden
        $superAdmin = factory(User::class, 'superAdmin')->create();
        $this->postJson('/admin/users', ['uid' => $superAdmin->uid])
            ->seeJson([
                'errno' => 1,
                'msg' => trans('admin.users.operations.no-permission'),
            ]);

        // Action is `email` but without `email` field
        $this->postJson(
            '/admin/users',
            ['uid' => $user->uid, 'action' => 'email'],
            ['Accept' => 'application/json']
        )->seeJson([
            'errno' => 1,
            'msg' => trans('validation.required', ['attribute' => 'email']),
        ]);

        // Action is `email` but with an invalid email address
        $this->postJson(
            '/admin/users',
            ['uid' => $user->uid, 'action' => 'email', 'email' => 'invalid'],
            ['Accept' => 'application/json']
        )->seeJson([
            'errno' => 1,
            'msg' => trans('validation.email', ['attribute' => 'email']),
        ]);

        // Using an existed email address
        $this->postJson(
            '/admin/users',
            ['uid' => $user->uid, 'action' => 'email', 'email' => $superAdmin->email]
        )->seeJson([
            'errno' => 1,
            'msg' => trans('admin.users.operations.email.existed', ['email' => $superAdmin->email]),
        ]);

        // Set email successfully
        $this->postJson(
            '/admin/users',
            ['uid' => $user->uid, 'action' => 'email', 'email' => 'a@b.c']
        )->seeJson([
            'errno' => 0,
            'msg' => trans('admin.users.operations.email.success'),
        ]);
        $this->seeInDatabase('users', [
            'uid' => $user->uid,
            'email' => 'a@b.c',
        ]);

        // Toggle verification
        $this->postJson(
            '/admin/users',
            ['uid' => $user->uid, 'action' => 'verification']
        )->seeJson([
            'errno' => 0,
            'msg' => trans('admin.users.operations.verification.success'),
        ]);
        $this->seeInDatabase('users', [
            'uid' => $user->uid,
            'verified' => 0,
        ]);

        // Action is `nickname` but without `nickname` field
        $this->postJson(
            '/admin/users',
            ['uid' => $user->uid, 'action' => 'nickname'],
            ['Accept' => 'application/json']
        )->seeJson([
            'errno' => 1,
            'msg' => trans('validation.required', ['attribute' => 'nickname']),
        ]);

        // Action is `nickname` but with an invalid nickname
        $this->postJson(
            '/admin/users',
            ['uid' => $user->uid, 'action' => 'nickname', 'nickname' => '\\'],
            ['Accept' => 'application/json']
        )->seeJson([
            'errno' => 1,
            'msg' => trans('validation.no_special_chars', ['attribute' => 'nickname']),
        ]);

        // Set nickname successfully
        $this->postJson(
            '/admin/users',
            ['uid' => $user->uid, 'action' => 'nickname', 'nickname' => 'nickname']
        )->seeJson([
            'errno' => 0,
            'msg' => trans('admin.users.operations.nickname.success', ['new' => 'nickname']),
        ]);
        $this->seeInDatabase('users', [
            'uid' => $user->uid,
            'nickname' => 'nickname',
        ]);

        // Action is `password` but without `password` field
        $this->postJson(
            '/admin/users',
            ['uid' => $user->uid, 'action' => 'password'],
            ['Accept' => 'application/json']
        )->seeJson([
            'errno' => 1,
            'msg' => trans('validation.required', ['attribute' => 'password']),
        ]);

        // Set a too short password
        $this->postJson(
            '/admin/users',
            ['uid' => $user->uid, 'action' => 'password', 'password' => '1'],
            ['Accept' => 'application/json']
        )->seeJson([
            'errno' => 1,
            'msg' => trans('validation.min.string', ['attribute' => 'password', 'min' => 8]),
        ]);

        // Set a too long password
        $this->postJson(
            '/admin/users',
            ['uid' => $user->uid, 'action' => 'password', 'password' => Str::random(17)],
            ['Accept' => 'application/json']
        )->seeJson([
            'errno' => 1,
            'msg' => trans('validation.max.string', ['attribute' => 'password', 'max' => 16]),
        ]);

        // Set password successfully
        $this->postJson(
            '/admin/users',
            ['uid' => $user->uid, 'action' => 'password', 'password' => '12345678']
        )->seeJson([
            'errno' => 0,
            'msg' => trans('admin.users.operations.password.success'),
        ]);
        $user = User::find($user->uid);
        $this->assertTrue($user->verifyPassword('12345678'));

        // Action is `score` but without `score` field
        $this->postJson(
            '/admin/users',
            ['uid' => $user->uid, 'action' => 'score'],
            ['Accept' => 'application/json']
        )->seeJson([
            'errno' => 1,
            'msg' => trans('validation.required', ['attribute' => 'score']),
        ]);

        // Action is `score` but with an not-an-integer value
        $this->postJson(
            '/admin/users',
            ['uid' => $user->uid, 'action' => 'score', 'score' => 'string'],
            ['Accept' => 'application/json']
        )->seeJson([
            'errno' => 1,
            'msg' => trans('validation.integer', ['attribute' => 'score']),
        ]);

        // Set score successfully
        $this->postJson(
            '/admin/users',
            ['uid' => $user->uid, 'action' => 'score', 'score' => 123]
        )->seeJson([
            'errno' => 0,
            'msg' => trans('admin.users.operations.score.success'),
        ]);
        $this->seeInDatabase('users', [
            'uid' => $user->uid,
            'score' => 123,
        ]);

        // Ban a user
        $this->postJson('/admin/users', ['uid' => $user->uid, 'action' => 'ban'])
            ->seeJson([
                'errno' => 0,
                'msg' => trans('admin.users.operations.ban.ban.success'),
                'permission' => User::BANNED,
            ]);
        $user = User::find($user->uid);
        $this->assertEquals(User::BANNED, $user->getPermission());

        // Unban a user
        $this->postJson('/admin/users', ['uid' => $user->uid, 'action' => 'ban'])
            ->seeJson([
                'errno' => 0,
                'msg' => trans('admin.users.operations.ban.unban.success'),
                'permission' => User::NORMAL,
            ]);
        $user = User::find($user->uid);
        $this->assertEquals(User::NORMAL, $user->getPermission());

        // Set a user to be an admin
        $this->postJson('/admin/users', ['uid' => $user->uid, 'action' => 'admin'])
            ->seeJson([
                'errno' => 0,
                'msg' => trans('admin.users.operations.admin.set.success'),
                'permission' => User::ADMIN,
            ]);
        $user = User::find($user->uid);
        $this->assertEquals(User::ADMIN, $user->getPermission());

        // An admin cannot set another admin to be a normal user
        $this->postJson('/admin/users', ['uid' => $user->uid])
            ->seeJson([
                'errno' => 1,
                'msg' => trans('admin.users.operations.no-permission'),
            ]);

        // Set an admin to be a normal user
        $this->actAs('superAdmin')
            ->postJson('/admin/users', ['uid' => $user->uid, 'action' => 'admin'])
            ->seeJson([
                'errno' => 0,
                'msg' => trans('admin.users.operations.admin.unset.success'),
                'permission' => User::NORMAL,
            ]);
        $user = User::find($user->uid);
        $this->assertEquals(User::NORMAL, $user->getPermission());

        // Delete a user
        $this->postJson('/admin/users', ['uid' => $user->uid, 'action' => 'delete'])
            ->seeJson([
                'errno' => 0,
                'msg' => trans('admin.users.operations.delete.success'),
            ]);
        $this->assertNull(User::find($user->uid));
    }

    public function testPlayerAjaxHandler()
    {
        $player = factory(Player::class)->create();

        // Operate on a not-existed player
        $this->postJson('/admin/players', ['pid' => -1])
            ->seeJson([
                'errno' => 1,
                'msg' => trans('general.unexistent-player'),
            ]);

        // An admin cannot operate another admin's player
        $admin = factory(User::class, 'admin')->create();
        $this->postJson(
            '/admin/players',
            ['pid' => factory(Player::class)->create(['uid' => $admin->uid])->pid]
        )->seeJson([
            'errno' => 1,
            'msg' => trans('admin.players.no-permission'),
        ]);
        $superAdmin = factory(User::class, 'superAdmin')->create();
        $this->postJson(
            '/admin/players',
            ['pid' => factory(Player::class)->create(['uid' => $superAdmin->uid])->pid]
        )->seeJson([
            'errno' => 1,
            'msg' => trans('admin.players.no-permission'),
        ]);
        // For self is OK
        $this->actAs($admin)->postJson(
            '/admin/players',
            ['pid' => factory(Player::class)->create(['uid' => $admin->uid])->pid]
        )->seeJson([
            'errno' => 1,
            'msg' => trans('admin.users.operations.invalid'),
        ]);

        // Change texture without `type` field
        $this->postJson('/admin/players', [
            'pid' => $player->pid,
            'action' => 'texture',
        ], [
            'Accept' => 'application/json',
        ])->seeJson([
            'errno' => 1,
            'msg' => trans('validation.required', ['attribute' => 'type']),
        ]);

        // Change texture without `tid` field
        $this->postJson('/admin/players', [
            'pid' => $player->pid,
            'action' => 'texture',
            'type' => 'skin',
        ], [
            'Accept' => 'application/json',
        ])->seeJson([
            'errno' => 1,
            'msg' => trans('validation.required', ['attribute' => 'tid']),
        ]);

        // Change texture with a not-integer value
        $this->postJson('/admin/players', [
            'pid' => $player->pid,
            'action' => 'texture',
            'type' => 'skin',
            'tid' => 'string',
        ], [
            'Accept' => 'application/json',
        ])->seeJson([
            'errno' => 1,
            'msg' => trans('validation.integer', ['attribute' => 'tid']),
        ]);

        // Invalid texture
        $this->postJson('/admin/players', [
            'pid' => $player->pid,
            'action' => 'texture',
            'type' => 'skin',
            'tid' => -1,
        ])->seeJson([
            'errno' => 1,
            'msg' => trans('admin.players.textures.non-existent', ['tid' => -1]),
        ]);

        $skin = factory(Texture::class)->create();
        $cape = factory(Texture::class, 'cape')->create();

        // Skin
        $this->postJson('/admin/players', [
            'pid' => $player->pid,
            'action' => 'texture',
            'type' => 'skin',
            'tid' => $skin->tid,
        ])->seeJson([
            'errno' => 0,
            'msg' => trans('admin.players.textures.success', ['player' => $player->player_name]),
        ]);
        $player = Player::find($player->pid);
        $this->assertEquals($skin->tid, $player->tid_skin);

        // Cape
        $this->postJson('/admin/players', [
            'pid' => $player->pid,
            'action' => 'texture',
            'type' => 'cape',
            'tid' => $cape->tid,
        ])->seeJson([
            'errno' => 0,
            'msg' => trans('admin.players.textures.success', ['player' => $player->player_name]),
        ]);
        $player = Player::find($player->pid);
        $this->assertEquals($cape->tid, $player->tid_cape);

        // Reset texture
        $this->postJson('/admin/players', [
            'pid' => $player->pid,
            'action' => 'texture',
            'type' => 'skin',
            'tid' => 0,
        ])->seeJson([
            'errno' => 0,
            'msg' => trans('admin.players.textures.success', ['player' => $player->player_name]),
        ]);
        $player = Player::find($player->pid);
        $this->assertEquals(0, $player->tid_skin);
        $this->assertNotEquals(0, $player->tid_cape);

        $this->postJson('/admin/players', [
            'pid' => $player->pid,
            'action' => 'texture',
            'type' => 'cape',
            'tid' => 0,
        ])->seeJson([
            'errno' => 0,
            'msg' => trans('admin.players.textures.success', ['player' => $player->player_name]),
        ]);
        $player = Player::find($player->pid);
        $this->assertEquals(0, $player->tid_cape);

        // Change owner without `uid` field
        $this->postJson('/admin/players', [
            'pid' => $player->pid,
            'action' => 'owner',
        ], [
            'Accept' => 'application/json',
        ])->seeJson([
            'errno' => 1,
            'msg' => trans('validation.required', ['attribute' => 'uid']),
        ]);

        // Change owner with a not-integer `uid` value
        $this->postJson('/admin/players', [
            'pid' => $player->pid,
            'action' => 'owner',
            'uid' => 'string',
        ], [
            'Accept' => 'application/json',
        ])->seeJson([
            'errno' => 1,
            'msg' => trans('validation.integer', ['attribute' => 'uid']),
        ]);

        // Change owner to a not-existed user
        $this->postJson('/admin/players', [
            'pid' => $player->pid,
            'action' => 'owner',
            'uid' => -1,
        ])->seeJson([
            'errno' => 1,
            'msg' => trans('admin.users.operations.non-existent'),
        ]);

        // Change owner successfully
        $user = factory(User::class)->create();
        $this->postJson('/admin/players', [
            'pid' => $player->pid,
            'action' => 'owner',
            'uid' => $user->uid,
        ])->seeJson([
            'errno' => 0,
            'msg' => trans(
                'admin.players.owner.success',
                ['player' => $player->player_name, 'user' => $user->nickname]
            ),
        ]);

        // Rename a player without `name` field
        $this->postJson('/admin/players', [
            'pid' => $player->pid,
            'action' => 'name',
        ], [
            'Accept' => 'application/json',
        ])->seeJson([
            'errno' => 1,
            'msg' => trans('validation.required', ['attribute' => 'name']),
        ]);

        // Rename a player successfully
        $this->postJson('/admin/players', [
            'pid' => $player->pid,
            'action' => 'name',
            'name' => 'new_name',
        ])->seeJson([
            'errno' => 0,
            'msg' => trans('admin.players.name.success', ['player' => 'new_name']),
            'name' => 'new_name',
        ]);

        // Delete a player
        $this->postJson('/admin/players', [
            'pid' => $player->pid,
            'action' => 'delete',
        ])->seeJson([
            'errno' => 0,
            'msg' => trans('admin.players.delete.success'),
        ]);
        $this->assertNull(Player::find($player->pid));
    }

    public function testGetOneUser()
    {
        $user = factory(User::class)->create();
        $this->get('/admin/user/'.$user->uid)
            ->seeJson([
                'errno' => 0,
                'msg' => 'success',
                'user' => [
                    'uid' => $user->uid,
                    'email' => $user->email,
                    'nickname' => $user->nickname,
                    'score' => $user->score,
                    'avatar' => $user->avatar,
                    'permission' => $user->permission,
                    'verified' => (bool) $user->verified,
                    'verification_token' => (string) $user->verification_token,
                ],
            ]);

        $this->get('/admin/user/-1')
            ->seeJson([
                'errno' => 1,
                'msg' => 'No such user.',
            ]);
    }
}