Matthieu
55 lines
1.6 KiB
PHP
55 lines
1.6 KiB
PHP
<?php
|
|
|
|
declare(strict_types=1);
|
|
|
|
namespace App\Tests\Functional\Controller;
|
|
|
|
use App\Entity\User;
|
|
use Symfony\Bundle\FrameworkBundle\Test\WebTestCase;
|
|
|
|
/**
|
|
* @internal
|
|
*/
|
|
class ShareSettingsTest extends WebTestCase
|
|
{
|
|
public function testGetSettingsReturns401WhenNotAuthenticated(): void
|
|
{
|
|
$client = static::createClient();
|
|
$client->request('GET', '/api/settings/share');
|
|
|
|
self::assertResponseStatusCodeSame(401);
|
|
}
|
|
|
|
public function testGetSettingsReturns403ForRoleUser(): void
|
|
{
|
|
$client = static::createClient();
|
|
$container = static::getContainer();
|
|
$em = $container->get('doctrine.orm.entity_manager');
|
|
|
|
$user = $em->getRepository(User::class)->findOneBy(['username' => 'alice']);
|
|
$client->loginUser($user);
|
|
|
|
$client->request('GET', '/api/settings/share');
|
|
|
|
self::assertResponseStatusCodeSame(403);
|
|
}
|
|
|
|
public function testAdminCanReadSettingsWithoutPasswordLeak(): void
|
|
{
|
|
$client = static::createClient();
|
|
$container = static::getContainer();
|
|
$em = $container->get('doctrine.orm.entity_manager');
|
|
|
|
$admin = $em->getRepository(User::class)->findOneBy(['username' => 'admin']);
|
|
$client->loginUser($admin);
|
|
|
|
$client->request('GET', '/api/settings/share');
|
|
|
|
self::assertResponseIsSuccessful();
|
|
$data = json_decode($client->getResponse()->getContent(), true);
|
|
self::assertArrayHasKey('hasPassword', $data);
|
|
self::assertArrayNotHasKey('password', $data);
|
|
self::assertArrayNotHasKey('encryptedPassword', $data);
|
|
}
|
|
}
|