mirror of
synced 2025-02-21 03:15:45 -08:00
238 lines
8.4 KiB
238 lines
8.4 KiB
namespace Tests\Feature\Settings;
use Illuminate\Database\Events\QueryExecuted;
use Illuminate\Http\Client\ConnectionException;
use Illuminate\Http\Client\Request;
use Illuminate\Http\Client\Response;
use Illuminate\Log\Events\MessageLogged;
use Illuminate\Support\Facades\DB;
use Illuminate\Support\Facades\Event;
use Illuminate\Support\Facades\Http;
use Illuminate\Support\Facades\Log;
use Illuminate\Support\Facades\URL;
use Illuminate\Testing\TestResponse;
use PDOException;
use Tests\TestCase;
class ShowSetUpPageTest extends TestCase
* We do not want to make actual http request on every test to check .env file
* visibility because that can be really slow especially in some cases where an
* actual server is not running.
protected bool $preventStrayRequest = true;
protected function setUp(): void
$_SERVER['REQUEST_URI'] = '/setup';
protected function getSetUpPageResponse(): TestResponse
if ($this->preventStrayRequest) {
Http::fake([URL::to('.env') => Http::response(null, 404)]);
return $this->get('/setup');
public function testView(): void
public function testWillShowErrorMessageWhenDatabaseConnectionCannotBeEstablished(): void
Event::listen(function (QueryExecuted $query) {
if ($query->sql === 'select 2 + 2') {
throw new PDOException("SQLSTATE[HY000] [1045] Access denied for user ''@'localhost' (using password: NO)");
protected function assertSeeDatabaseConnectionErrorMessage(bool $shouldSee = true): void
$errorMessage = "D'oh! Looks like we can't connect to your database. Please update your database settings in your <code>.env</code> file.";
$successMessage = sprintf('Great work! Connected to <code>%s</code>', DB::connection()->getDatabaseName());
if ($shouldSee) {
self::$latestResponse->assertSee($errorMessage, false)->assertDontSee($successMessage, false);
self::$latestResponse->assertSee($successMessage, false)->assertDontSee($errorMessage, false);
public function testWillNotShowErrorMessageWhenDatabaseIsConnected(): void
public function testWillShowErrorMessageWhenDebugModeIsEnabledAndAppEnvironmentIsSetToProduction(): void
config(['app.debug' => true]);
$this->app->bind('env', fn () => 'production');
protected function assertSeeDebugModeMisconfigurationErrorMessage(bool $shouldSee = true): void
$errorMessage = 'Yikes! You should turn off debug mode unless you encounter any issues. Please update your <code>APP_DEBUG</code> settings in your <code>.env</code> file';
$successMessage = "Awesomesauce. Debug is either turned off, or you're running this in a non-production environment. (Don't forget to turn it off when you're ready to go live.)";
if ($shouldSee) {
self::$latestResponse->assertSee($errorMessage, false)->assertDontSee($successMessage, false);
self::$latestResponse->assertSee($successMessage, false)->assertDontSee($errorMessage, false);
public function testWillNotShowErrorWhenDebugModeIsEnabledAndAppEnvironmentIsSetToLocal(): void
config(['app.debug' => true]);
$this->app->bind('env', fn () => 'local');
public function testWillNotShowErrorWhenDebugModeIsDisabledAndAppEnvironmentIsSetToProduction(): void
config(['app.debug' => false]);
$this->app->bind('env', fn () => 'production');
public function testWillShowErrorWhenEnvironmentIsLocal(): void
$this->app->bind('env', fn () => 'local');
protected function assertSeeEnvironmentMisconfigurationErrorMessage(bool $shouldSee = true): void
$errorMessage = 'Your app is set <code>local</code> instead of <code>production</code> mode.';
$successMessage = 'Your app is set to production mode. Rock on!';
if ($shouldSee) {
self::$latestResponse->assertSee($errorMessage, false)->assertDontSee($successMessage, false);
self::$latestResponse->assertSee($successMessage, false)->assertDontSee($errorMessage, false);
public function testWillNotShowErrorWhenEnvironmentIsProduction(): void
$this->app->bind('env', fn () => 'production');
public function testWillCheckDotEnvFileVisibility(): void
Http::assertSent(function (Request $request) {
$this->assertEquals('GET', $request->method());
$this->assertEquals(URL::to('.env'), $request->url());
return true;
* @dataProvider willShowErrorWhenDotEnvFileIsAccessibleViaHttpData
public function testWillShowErrorWhenDotEnvFileIsAccessibleViaHttp(int $statusCode): void
$this->preventStrayRequest = false;
Http::fake([URL::to('.env') => Http::response(null, $statusCode)]);
Http::assertSent(function (Request $request, Response $response) use ($statusCode) {
$this->assertEquals($statusCode, $response->status());
return true;
public static function willShowErrorWhenDotEnvFileIsAccessibleViaHttpData(): array
return collect([200, 202, 204, 206])
->mapWithKeys(fn (int $code) => ["StatusCode: {$code}" => [$code]])
protected function assertSeeDotEnvFileExposedErrorMessage(bool $shouldSee = true): void
$errorMessage = "We cannot determine if your config file is exposed to the outside world, so you will have to manually verify this. You don't ever want anyone able to see that file. Ever. Ever ever. An exposed <code>.env</code> file can disclose sensitive data about your system and database.";
$successMessage = "Sweet. It doesn't look like your <code>.env</code> file is exposed to the outside world. (You should double check this in a browser though. You don't ever want anyone able to see that file. Ever. Ever ever.) <a href=\"../../.env\">Click here to check now</a> (This should return a file not found or forbidden error.)";
if ($shouldSee) {
self::$latestResponse->assertSee($errorMessage, false)->assertDontSee($successMessage, false);
self::$latestResponse->assertSee($successMessage, false)->assertDontSee($errorMessage, false);
public function testWillNotShowErrorWhenDotEnvFileIsNotAccessibleViaHttp(): void
public function testWillShowErrorWhenDotEnvFileVisibilityCheckRequestFails(): void
$this->preventStrayRequest = false;
Http::fake([URL::to('.env') => fn () => throw new ConnectionException('Some curl error message.')]);
Event::assertDispatched(function (MessageLogged $event) {
$this->assertEquals('debug', $event->level);
$this->assertEquals('Some curl error message.', $event->message);
return true;