This repository has been archived by the owner on Apr 3, 2023. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 2
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Teddy Roncin
committed
Feb 3, 2023
1 parent
b2b9718
commit 7b353c7
Showing
4 changed files
with
64 additions
and
64 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -9,6 +9,7 @@ | |
|
|
||
| /** | ||
| * @internal | ||
| * | ||
| * @coversNothing | ||
| */ | ||
| final class GetGroups extends EtuUTTApiTestCase | ||
|
|
||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -2,30 +2,28 @@ | |
|
|
||
| namespace App\Tests\Users; | ||
|
|
||
| use App\DataFixtures\UserSeeder; | ||
| use App\Entity\User; | ||
| use App\Entity\UserAddress; | ||
| use App\Repository\UserRepository; | ||
| use App\Tests\EtuUTTApiTestCase; | ||
| use DateTimeInterface; | ||
| use Faker\Provider\Address; | ||
| use Faker\Provider\Uuid; | ||
| use Symfony\Component\HttpFoundation\Response; | ||
|
|
||
| class UpdateUser extends EtuUTTApiTestCase | ||
| /** | ||
| * @internal | ||
| * | ||
| * @coversNothing | ||
| */ | ||
| final class UpdateUser extends EtuUTTApiTestCase | ||
| { | ||
|
|
||
| public function testNormal() : void | ||
| public function testNormal(): void | ||
| { | ||
| $client = static::createClient(); | ||
| $client->setDefaultOptions([ 'headers' => [ 'CAS-LOGIN' => 'test', 'Content-Type' => 'application/merge-patch+json' ]]); | ||
| $client->setDefaultOptions(['headers' => ['CAS-LOGIN' => 'test', 'Content-Type' => 'application/merge-patch+json']]); | ||
| $testUser = $this->createUser('Foo', 'Bar', 'foobar'); | ||
| $testUserId = $testUser->getId(); | ||
| $testUserStudentId = $testUser->getStudentId(); | ||
| $testUserNationality = $testUser->getInfos()->getNationality(); | ||
| $testUserBirthday = $testUser->getInfos()->getBirthday()->format(DateTimeInterface::RFC3339); | ||
| $testUserBirthday = $testUser->getInfos()->getBirthday()->format(\DateTimeInterface::RFC3339); | ||
| $testUserAvatar = $testUser->getInfos()->getAvatar(); | ||
| $crawler = $client->request('PATCH', '/users/'.$testUser->getId(), [ 'body' => json_encode([ | ||
| $crawler = $client->request('PATCH', '/users/'.$testUser->getId(), ['body' => json_encode([ | ||
| 'socialNetwork' => [ | ||
| 'facebook' => 'https://facebook.com/foobar', | ||
| 'twitter' => 'https://twitter.com/foobar', | ||
|
|
@@ -61,97 +59,96 @@ public function testNormal() : void | |
| 'mailsPhones' => [ | ||
| 'mailPersonal' => '[email protected]', | ||
| 'phoneNumber' => '01 23 45 67 89', | ||
| ] | ||
| ], | ||
| ])]); | ||
| $this->assertResponseStatusCodeSame(Response::HTTP_OK); | ||
| $response = json_decode($crawler->getContent()); | ||
| // User checks | ||
| $this->assertEquals($testUserId->jsonSerialize(), $response->{'id'}); | ||
| $this->assertEquals('foobar', $response->{'login'}); | ||
| $this->assertEquals($testUserStudentId, $response->{'studentId'}); | ||
| $this->assertEquals('Foo', $response->{'firstName'}); | ||
| $this->assertEquals('Bar', $response->{'lastName'}); | ||
| static::assertSame($testUserId->jsonSerialize(), $response->{'id'}); | ||
| static::assertSame('foobar', $response->{'login'}); | ||
| static::assertSame($testUserStudentId, $response->{'studentId'}); | ||
| static::assertSame('Foo', $response->{'firstName'}); | ||
| static::assertSame('Bar', $response->{'lastName'}); | ||
| // socialNetwork checks | ||
| $this->assertEquals('https://facebook.com/foobar', $response->{'socialNetwork'}->{'facebook'}); | ||
| $this->assertEquals('https://twitter.com/foobar', $response->{'socialNetwork'}->{'twitter'}); | ||
| $this->assertEquals('https://instagram.com/foobar', $response->{'socialNetwork'}->{'instagram'}); | ||
| $this->assertEquals('https://linkedin.com/foobar', $response->{'socialNetwork'}->{'linkedin'}); | ||
| $this->assertEquals('FooBar', $response->{'socialNetwork'}->{'pseudoDiscord'}); | ||
| $this->assertEquals(true, $response->{'socialNetwork'}->{'wantDiscordUTT'}); | ||
| static::assertSame('https://facebook.com/foobar', $response->{'socialNetwork'}->{'facebook'}); | ||
| static::assertSame('https://twitter.com/foobar', $response->{'socialNetwork'}->{'twitter'}); | ||
| static::assertSame('https://instagram.com/foobar', $response->{'socialNetwork'}->{'instagram'}); | ||
| static::assertSame('https://linkedin.com/foobar', $response->{'socialNetwork'}->{'linkedin'}); | ||
| static::assertSame('FooBar', $response->{'socialNetwork'}->{'pseudoDiscord'}); | ||
| static::assertTrue($response->{'socialNetwork'}->{'wantDiscordUTT'}); | ||
| // infos checks | ||
| $this->assertEquals('Féminin', $response->{'infos'}->{'sex'}); | ||
| $this->assertEquals($testUserNationality, $response->{'infos'}->{'nationality'}); | ||
| $this->assertEquals($testUserBirthday, $response->{'infos'}->{'birthday'}); | ||
| $this->assertEquals($testUserAvatar, $response->{'infos'}->{'avatar'}); | ||
| $this->assertEquals('foobar', $response->{'infos'}->{'nickname'}); | ||
| $this->assertEquals('I don\'t have passions :(', $response->{'infos'}->{'passions'}); | ||
| $this->assertEquals('https://foobar.com', $response->{'infos'}->{'website'}); | ||
| static::assertSame('Féminin', $response->{'infos'}->{'sex'}); | ||
| static::assertSame($testUserNationality, $response->{'infos'}->{'nationality'}); | ||
| static::assertSame($testUserBirthday, $response->{'infos'}->{'birthday'}); | ||
| static::assertSame($testUserAvatar, $response->{'infos'}->{'avatar'}); | ||
| static::assertSame('foobar', $response->{'infos'}->{'nickname'}); | ||
| static::assertSame('I don\'t have passions :(', $response->{'infos'}->{'passions'}); | ||
| static::assertSame('https://foobar.com', $response->{'infos'}->{'website'}); | ||
| // addresses checks | ||
| $this->assertCount(1, $response->{'addresses'}); | ||
| $this->assertEquals('Foobar Avenue', $response->{'addresses'}[0]->{'street'}); | ||
| $this->assertEquals('00 000', $response->{'addresses'}[0]->{'postalCode'}); | ||
| $this->assertEquals('Foobar City', $response->{'addresses'}[0]->{'city'}); | ||
| $this->assertEquals('United States of Foobar', $response->{'addresses'}[0]->{'country'}); | ||
| static::assertCount(1, $response->{'addresses'}); | ||
| static::assertSame('Foobar Avenue', $response->{'addresses'}[0]->{'street'}); | ||
| static::assertSame('00 000', $response->{'addresses'}[0]->{'postalCode'}); | ||
| static::assertSame('Foobar City', $response->{'addresses'}[0]->{'city'}); | ||
| static::assertSame('United States of Foobar', $response->{'addresses'}[0]->{'country'}); | ||
| // mailsPhones checks | ||
| $this->assertEquals('[email protected]', $response->{'mailsPhones'}->{'mailPersonal'}); | ||
| $this->assertEquals('01 23 45 67 89', $response->{'mailsPhones'}->{'phoneNumber'}); | ||
| static::assertSame('[email protected]', $response->{'mailsPhones'}->{'mailPersonal'}); | ||
| static::assertSame('01 23 45 67 89', $response->{'mailsPhones'}->{'phoneNumber'}); | ||
| } | ||
|
|
||
| public function testNotConnected() : void | ||
| public function testNotConnected(): void | ||
| { | ||
| $client = static::createClient(); | ||
| $client->setDefaultOptions([ 'headers' => ['Content-Type' => 'application/merge-patch+json' ]]); | ||
| $client->request('PATCH', '/users/'.$this->user->getId(), [ 'body' => []]); | ||
| $client->setDefaultOptions(['headers' => ['Content-Type' => 'application/merge-patch+json']]); | ||
| $client->request('PATCH', '/users/'.$this->user->getId(), ['body' => []]); | ||
| $this->assertResponseStatusCodeSame(Response::HTTP_UNAUTHORIZED); | ||
| $client->request('PATCH', '/users/'.Uuid::uuid(), [ 'body' => []]); | ||
| $client->request('PATCH', '/users/'.Uuid::uuid(), ['body' => []]); | ||
| // Strange this returns a 404, but it does not change much about security issues | ||
| $this->assertResponseStatusCodeSame(Response::HTTP_NOT_FOUND); | ||
| } | ||
|
|
||
| public function testNonExistingUser() : void | ||
| public function testNonExistingUser(): void | ||
| { | ||
| $client = static::createClient(); | ||
| $client->setDefaultOptions([ 'headers' => [ 'CAS-LOGIN' => 'test', 'Content-Type' => 'application/merge-patch+json' ]]); | ||
| $client->request('PATCH', '/users/'.Uuid::uuid(), [ 'body' => []]); | ||
| $client->setDefaultOptions(['headers' => ['CAS-LOGIN' => 'test', 'Content-Type' => 'application/merge-patch+json']]); | ||
| $client->request('PATCH', '/users/'.Uuid::uuid(), ['body' => []]); | ||
| $this->assertResponseStatusCodeSame(Response::HTTP_NOT_FOUND); | ||
| } | ||
|
|
||
| public function testNoParameter() : void | ||
| public function testNoParameter(): void | ||
| { | ||
| $client = static::createClient(); | ||
| $client->setDefaultOptions([ 'headers' => [ 'CAS-LOGIN' => 'test', 'Content-Type' => 'application/merge-patch+json' ]]); | ||
| $client->setDefaultOptions(['headers' => ['CAS-LOGIN' => 'test', 'Content-Type' => 'application/merge-patch+json']]); | ||
| $client->request('PATCH', '/users/'.$this->user->getId()); | ||
| $this->assertResponseStatusCodeSame(Response::HTTP_BAD_REQUEST); | ||
| } | ||
|
|
||
| public function testSQLInjection() : void | ||
| public function testSQLInjection(): void | ||
| { | ||
| $client = static::createClient(); | ||
| $client->setDefaultOptions([ 'headers' => [ 'CAS-LOGIN' => 'test', 'Content-Type' => 'application/merge-patch+json' ]]); | ||
| $client->setDefaultOptions(['headers' => ['CAS-LOGIN' => 'test', 'Content-Type' => 'application/merge-patch+json']]); | ||
| $testUser = $this->createUser('foo', 'bar', 'foobar'); | ||
| $client->request('PATCH', '/users/\'', [ 'body' => [] ]); | ||
| $client->request('PATCH', '/users/\'', ['body' => []]); | ||
| $this->assertResponseStatusCodeSame(Response::HTTP_NOT_FOUND); | ||
| $client->request('PATCH', '/users/"', [ 'body' => [] ]); | ||
| $client->request('PATCH', '/users/"', ['body' => []]); | ||
| $this->assertResponseStatusCodeSame(Response::HTTP_NOT_FOUND); | ||
| $client->request('PATCH', '/users/'.$testUser->getId(), [ 'body' => [ 'socialNetwork' => ['facebook' => '\''] ]]); | ||
| $client->request('PATCH', '/users/'.$testUser->getId(), ['body' => ['socialNetwork' => ['facebook' => '\'']]]); | ||
| $this->assertResponseStatusCodeSame(Response::HTTP_UNSUPPORTED_MEDIA_TYPE); | ||
| $client->request('PATCH', '/users/'.$testUser->getId(), [ 'body' => [ 'socialNetwork' => ['facebook' => '"'] ]]); | ||
| $client->request('PATCH', '/users/'.$testUser->getId(), ['body' => ['socialNetwork' => ['facebook' => '"']]]); | ||
| $this->assertResponseStatusCodeSame(Response::HTTP_UNSUPPORTED_MEDIA_TYPE); | ||
| } | ||
|
|
||
| public function testInvalidFieldContent() : void | ||
| public function testInvalidFieldContent(): void | ||
| { | ||
| $client = static::createClient(); | ||
| $client->setDefaultOptions([ 'headers' => [ 'CAS-LOGIN' => 'test', 'Content-Type' => 'application/merge-patch+json' ]]); | ||
| $client->setDefaultOptions(['headers' => ['CAS-LOGIN' => 'test', 'Content-Type' => 'application/merge-patch+json']]); | ||
| $testUser = $this->createUser('foo', 'bar', 'foobar'); | ||
| $client->request('PATCH', '/users/\'', [ 'body' => [] ]); | ||
| $client->request('PATCH', '/users/\'', ['body' => []]); | ||
| $this->assertResponseStatusCodeSame(Response::HTTP_NOT_FOUND); | ||
| $client->request('PATCH', '/users/"', [ 'body' => [] ]); | ||
| $client->request('PATCH', '/users/"', ['body' => []]); | ||
| $this->assertResponseStatusCodeSame(Response::HTTP_NOT_FOUND); | ||
| $client->request('PATCH', '/users/'.$testUser->getId(), [ 'body' => [ 'socialNetwork' => ['facebook' => '\''] ]]); | ||
| $client->request('PATCH', '/users/'.$testUser->getId(), ['body' => ['socialNetwork' => ['facebook' => '\'']]]); | ||
| $this->assertResponseStatusCodeSame(Response::HTTP_UNSUPPORTED_MEDIA_TYPE); | ||
| $client->request('PATCH', '/users/'.$testUser->getId(), [ 'body' => [ 'socialNetwork' => ['facebook' => '"'] ]]); | ||
| $client->request('PATCH', '/users/'.$testUser->getId(), ['body' => ['socialNetwork' => ['facebook' => '"']]]); | ||
| $this->assertResponseStatusCodeSame(Response::HTTP_UNSUPPORTED_MEDIA_TYPE); | ||
| } | ||
|
|
||
| } | ||