DRCIT/snipe-it
1
0
Fork 0
mirror of https://github.com/snipe/snipe-it.git synced 2025-01-13 06:47:46 -08:00
Code Issues Actions 11 Packages Projects Releases Wiki Activity

Merge branch 'factory-refactors' into fix_saving_encrypted_custom_fields

Browse source
This commit is contained in:
Marcus Moore 2024-04-16 17:15:22 -07:00
parent 870612be1c 9d0ea857fe
commit 60a5afd752
No known key found for this signature in database
5 changed files with 62 additions and 62 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
database/factories/AssetFactory.php
View file

@ -4,6 +4,7 @@ namespace Database\Factories;
use App\Models\Asset; use App\Models\Asset;
use App\Models\AssetModel; use App\Models\AssetModel;
use App\Models\CustomField;
use App\Models\Location; use App\Models\Location;
use App\Models\Statuslabel; use App\Models\Statuslabel;
use App\Models\Supplier; use App\Models\Supplier;
@ -353,9 +354,15 @@ class AssetFactory extends Factory
return $this->state(['requestable' => false]); return $this->state(['requestable' => false]);
} }
public function hasEncryptedCustomField() public function hasEncryptedCustomField(CustomField $field = null)
{ {
return $this->state(['model_id' => AssetModel::where('name', 'asset with encrypted field')->first() ?? AssetModel::factory()->withEncryptedField()]); // @todo: update this so existing asset model is used if present on the asset
// (may have been created in a test case)
return $this->state(function () use ($field) {
return [
'model_id' => AssetModel::factory()->hasEncryptedCustomField($field),
];
});
} }

22
database/factories/AssetModelFactory.php
View file

@ -431,28 +431,12 @@ class AssetModelFactory extends Factory
}); });
} }
public function withEncryptedField() public function hasEncryptedCustomField(CustomField $field = null)
{ {
return $this->state(function () { return $this->state(function () use ($field) {
$field = CustomField::factory()->testEncrypted()->create(); // TODO - having to create and then 'find' the thing you just created is WEIRD
return [ return [
'name' => 'asset with encrypted field', 'fieldset_id' => CustomFieldset::factory()->hasEncryptedCustomField($field),
'category_id' => function () {
return Category::where('name', 'Mobile Phones')->first() ?? Category::factory()->assetMobileCategory();
},
'manufacturer_id' => function () {
return Manufacturer::where('name', 'Apple')->first() ?? Manufacturer::factory()->apple();
},
'eol' => '12',
'depreciation_id' => function () {
return Depreciation::where('name', 'Computer Depreciation')->first() ?? Depreciation::factory()->computer();
},
'image' => 'iphone12.jpeg',
'fieldset_id' => function () use ($field) {
return CustomFieldset::where('name', 'Has Encrypted Custom Field')->first() ?? CustomFieldset::factory()->has_encrypted_custom_field()->hasAttached(CustomField::where('name', 'Test Encrypted')->first(), ['order' => 1, 'required' => 0], 'fields');
},
]; ];
}); });
} }
} }

10
database/factories/CustomFieldsetFactory.php
View file

@ -45,12 +45,12 @@ class CustomFieldsetFactory extends Factory
}); });
} }
public function has_encrypted_custom_field() public function hasEncryptedCustomField(CustomField $field = null)
{ {
return $this->state(function () { return $this->afterCreating(function (CustomFieldset $fieldset) use ($field) {
return [ $field = $field ?? CustomField::factory()->testEncrypted()->create();
'name' => 'Has Encrypted Custom Field',
]; $fieldset->fields()->attach($field, ['order' => '1', 'required' => false]);
}); });
} }
} }

45
tests/Feature/Api/Assets/AssetStoreTest.php
View file

@ -6,11 +6,11 @@ use App\Models\Asset;
use App\Models\AssetModel; use App\Models\AssetModel;
use App\Models\Company; use App\Models\Company;
use App\Models\CustomField; use App\Models\CustomField;
use App\Models\CustomFieldset;
use App\Models\Location; use App\Models\Location;
use App\Models\Statuslabel; use App\Models\Statuslabel;
use App\Models\Supplier; use App\Models\Supplier;
use App\Models\User; use App\Models\User;
use Illuminate\Support\Facades\Crypt;
use Illuminate\Testing\Fluent\AssertableJson; use Illuminate\Testing\Fluent\AssertableJson;
use Tests\TestCase; use Tests\TestCase;
@ -482,35 +482,52 @@ class AssetStoreTest extends TestCase
}); });
} }
public function testEncryptedCustomField() public function testEncryptedCustomFieldCanBeStored()
{ {
$status = Statuslabel::factory()->create();
$field = CustomField::factory()->testEncrypted()->create(); $field = CustomField::factory()->testEncrypted()->create();
$asset = Asset::factory()->hasEncryptedCustomField()->create();
$superuser = User::factory()->superuser()->create(); $superuser = User::factory()->superuser()->create();
$normal_user = User::factory()->editAssets()->create(); $assetData = Asset::factory()->hasEncryptedCustomField($field)->make();
//first, test that an Admin user can save the encrypted custom field
$response = $this->actingAsForApi($superuser) $response = $this->actingAsForApi($superuser)
->patchJson(route('api.assets.update', $asset->id), [ ->postJson(route('api.assets.store'), [
$field->db_column_name() => 'This is encrypted field' $field->db_column_name() => 'This is encrypted field',
'model_id' => $assetData->model->id,
'status_id' => $status->id,
'asset_tag' => '1234',
]) ])
->assertStatusMessageIs('success') ->assertStatusMessageIs('success')
->assertOk() ->assertOk()
->json(); ->json();
$asset->refresh();
$this->assertEquals(\Crypt::decrypt($asset->{$field->db_column_name()}), 'This is encrypted field');
//next, test that a 'normal' user *cannot* change the encrypted custom field $asset = Asset::findOrFail($response['payload']['id']);
$this->assertEquals('This is encrypted field', Crypt::decrypt($asset->{$field->db_column_name()}));
}
public function testPermissionNeededToStoreEncryptedField()
{
// @todo:
$this->markTestIncomplete();
$status = Statuslabel::factory()->create();
$field = CustomField::factory()->testEncrypted()->create();
$normal_user = User::factory()->editAssets()->create();
$assetData = Asset::factory()->hasEncryptedCustomField($field)->make();
$response = $this->actingAsForApi($normal_user) $response = $this->actingAsForApi($normal_user)
->patchJson(route('api.assets.update', $asset->id), [ ->postJson(route('api.assets.store'), [
$field->db_column_name() => 'Some Other Value Entirely!' $field->db_column_name() => 'Some Other Value Entirely!',
'model_id' => $assetData->model->id,
'status_id' => $status->id,
'asset_tag' => '1234',
]) ])
// @todo: this is 403 unauthorized
->assertStatusMessageIs('success') ->assertStatusMessageIs('success')
->assertOk() ->assertOk()
->assertMessagesAre('Asset updated successfully, but encrypted custom fields were not due to permissions') ->assertMessagesAre('Asset updated successfully, but encrypted custom fields were not due to permissions')
->json(); ->json();
$asset->refresh();
$this->assertEquals(\Crypt::decrypt($asset->{$field->db_column_name()}), 'This is encrypted field');
$asset = Asset::findOrFail($response['payload']['id']);
$this->assertEquals('This is encrypted field', Crypt::decrypt($asset->{$field->db_column_name()}));
} }
} }

36
tests/Feature/Api/Assets/AssetUpdateTest.php
View file

@ -3,15 +3,9 @@
namespace Tests\Feature\Api\Assets; namespace Tests\Feature\Api\Assets;
use App\Models\Asset; use App\Models\Asset;
use App\Models\AssetModel;
use App\Models\Company;
use App\Models\CustomField; use App\Models\CustomField;
use App\Models\CustomFieldset;
use App\Models\Location;
use App\Models\Statuslabel;
use App\Models\Supplier;
use App\Models\User; use App\Models\User;
use Illuminate\Testing\Fluent\AssertableJson; use Illuminate\Support\Facades\Crypt;
use Tests\TestCase; use Tests\TestCase;
class AssetUpdateTest extends TestCase class AssetUpdateTest extends TestCase
@ -19,41 +13,39 @@ class AssetUpdateTest extends TestCase
public function testEncryptedCustomFieldCanBeUpdated() public function testEncryptedCustomFieldCanBeUpdated()
{ {
$field = CustomField::factory()->testEncrypted()->create(); $field = CustomField::factory()->testEncrypted()->create();
$asset = Asset::factory()->hasEncryptedCustomField()->create(); $asset = Asset::factory()->hasEncryptedCustomField($field)->create();
$superuser = User::factory()->superuser()->create(); $superuser = User::factory()->superuser()->create();
//first, test that an Admin user can save the encrypted custom field $this->actingAsForApi($superuser)
$response = $this->actingAsForApi($superuser)
->patchJson(route('api.assets.update', $asset->id), [ ->patchJson(route('api.assets.update', $asset->id), [
$field->db_column_name() => 'This is encrypted field' $field->db_column_name() => 'This is encrypted field'
]) ])
->assertStatusMessageIs('success') ->assertStatusMessageIs('success')
->assertOk() ->assertOk();
->json();
$asset->refresh(); $asset->refresh();
$this->assertEquals(\Crypt::decrypt($asset->{$field->db_column_name()}), 'This is encrypted field'); $this->assertEquals('This is encrypted field', Crypt::decrypt($asset->{$field->db_column_name()}));
} }
public function testPermissionNeededToUpdateEncryptedField() public function testPermissionNeededToUpdateEncryptedField()
{ {
$field = CustomField::factory()->testEncrypted()->create(); $field = CustomField::factory()->testEncrypted()->create();
$asset = Asset::factory()->hasEncryptedCustomField()->create(); $asset = Asset::factory()->hasEncryptedCustomField($field)->create();
$normal_user = User::factory()->editAssets()->create(); $normal_user = User::factory()->editAssets()->create();
$asset->{$field->db_column_name()} = \Crypt::encrypt("encrypted value should not change"); $asset->{$field->db_column_name()} = Crypt::encrypt("encrypted value should not change");
$asset->save(); //is this needed? $asset->save();
//test that a 'normal' user *cannot* change the encrypted custom field // test that a 'normal' user *cannot* change the encrypted custom field
$response = $this->actingAsForApi($normal_user) $this->actingAsForApi($normal_user)
->patchJson(route('api.assets.update', $asset->id), [ ->patchJson(route('api.assets.update', $asset->id), [
$field->db_column_name() => 'Some Other Value Entirely!' $field->db_column_name() => 'Some Other Value Entirely!'
]) ])
->assertStatusMessageIs('success') ->assertStatusMessageIs('success')
->assertOk() ->assertOk()
->assertMessagesAre('Asset updated successfully, but encrypted custom fields were not due to permissions') ->assertMessagesAre('Asset updated successfully, but encrypted custom fields were not due to permissions');
->json();
$asset->refresh();
$this->assertEquals(\Crypt::decrypt($asset->{$field->db_column_name()}), "encrypted value should not change");
$asset->refresh();
$this->assertEquals("encrypted value should not change", Crypt::decrypt($asset->{$field->db_column_name()}));
} }
} }