svc-admin01/snipe-it
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Added tests

Browse Source
This commit is contained in:
snipe
2026-05-26 13:31:33 +01:00
parent 39fbe98313
commit e00f7b5b67
3 changed files with 98 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
tests/Feature/Authentication/TwoFactorRateLimitTest.php
+31
View File
@@ -0,0 +1,31 @@
<?php
namespace Tests\Feature\Authentication;
use App\Models\User;
use PHPUnit\Framework\Attributes\Test;
use Tests\TestCase;
class TwoFactorRateLimitTest extends TestCase
{
#[Test]
public function post_two_factor_is_rate_limited(): void
{
config(['auth.two_factor.max_attempts_per_min' => 3]);
$user = User::factory()->create([
'two_factor_secret' => 'JBSWY3DPEHPK3PXP',
'two_factor_enrolled' => 1,
]);
$this->actingAs($user);
for ($i = 0; $i < 3; $i++) {
$this->post('/two-factor', ['two_factor_secret' => '000000'])
->assertRedirect();
}
$this->post('/two-factor', ['two_factor_secret' => '000000'])
->assertStatus(429);
}
}
tests/Feature/Importing/Api/GeneralImportTest.php
+23
View File
@@ -2,10 +2,16 @@
namespace Tests\Feature\Importing\Api;
use App\Models\Import;
use App\Models\User;
use PHPUnit\Framework\Attributes\Test;
use Tests\Support\Importing\CleansUpImportFiles;
use Tests\Support\Importing\UsersImportFileBuilder;
class GeneralImportTest extends ImportDataTestCase
{
use CleansUpImportFiles;
public function test_requires_existing_import()
{
$this->actingAsForApi(User::factory()->canImport()->create());
@@ -13,4 +19,21 @@ class GeneralImportTest extends ImportDataTestCase
$this->importFileResponse(['import' => 9999, 'import-type' => 'accessory'])
->assertStatusMessageIs('import-errors');
}
#[Test]
public function processing_another_users_import_does_not_overwrite_created_by(): void
{
$originalOwner = User::factory()->superuser()->create();
$otherUser = User::factory()->superuser()->create();
$import = Import::factory()->users()->create([
'file_path' => UsersImportFileBuilder::new()->saveToImportsDirectory(),
'created_by' => $originalOwner->id,
]);
$this->actingAsForApi($otherUser);
$this->importFileResponse(['import' => $import->id, 'import-type' => 'user'])->assertOk();
$this->assertEquals($originalOwner->id, $import->refresh()->created_by);
}
}
tests/Feature/Importing/Api/ImportUsersTest.php
+44
View File
@@ -390,4 +390,48 @@ class ImportUsersTest extends ImportDataTestCase implements TestsPermissionsRequ
$this->assertNull($newUser->reset_password_code);
$this->assertEquals(0, $newUser->activated);
}
#[Test]
public function import_only_user_cannot_overwrite_auth_fields_when_updating(): void
{
$victim = User::factory()->create([
'username' => 'victim_user',
'email' => 'original@example.com',
]);
$importFileBuilder = new ImportFileBuilder([
array_merge(ImportFileBuilder::new()->definition(), [
'username' => 'victim_user',
'email' => 'hijacked@evil.com',
]),
]);
$import = Import::factory()->users()->create(['file_path' => $importFileBuilder->saveToImportsDirectory()]);
$this->actingAsForApi(User::factory()->canImport()->create());
$this->importFileResponse(['import' => $import->id, 'import-update' => true])->assertOk();
$this->assertEquals('original@example.com', $victim->refresh()->email);
}
#[Test]
public function user_with_import_and_edit_users_permission_can_update_auth_fields(): void
{
$target = User::factory()->create([
'username' => 'target_user',
'email' => 'original@example.com',
]);
$importFileBuilder = new ImportFileBuilder([
array_merge(ImportFileBuilder::new()->definition(), [
'username' => 'target_user',
'email' => 'updated@example.com',
]),
]);
$import = Import::factory()->users()->create(['file_path' => $importFileBuilder->saveToImportsDirectory()]);
$this->actingAsForApi(User::factory()->canImport()->editUsers()->create());
$this->importFileResponse(['import' => $import->id, 'import-update' => true])->assertOk();
$this->assertEquals('updated@example.com', $target->refresh()->email);
}
}