Skip to content
This repository was archived by the owner on Apr 3, 2023. It is now read-only.

Commit 64c2a9d

Browse files
author
Teddy Roncin
committed
✅ (PATCH /users/{id}) Started tests
testing normal call, when not connected, when the user does not exist, when no body is provided, sql injections and invalid field contents
1 parent 2eafe87 commit 64c2a9d

File tree

1 file changed

+155
-0
lines changed

1 file changed

+155
-0
lines changed

tests/Users/UpdateUser.php

Lines changed: 155 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,155 @@
1+
<?php
2+
3+
namespace App\Tests\Users;
4+
5+
use App\DataFixtures\UserSeeder;
6+
use App\Entity\User;
7+
use App\Entity\UserAddress;
8+
use App\Repository\UserRepository;
9+
use App\Tests\EtuUTTApiTestCase;
10+
use DateTimeInterface;
11+
use Faker\Provider\Address;
12+
use Faker\Provider\Uuid;
13+
use Symfony\Component\HttpFoundation\Response;
14+
15+
class UpdateUser extends EtuUTTApiTestCase
16+
{
17+
18+
public function testNormal() : void
19+
{
20+
$client = static::createClient();
21+
$client->setDefaultOptions([ 'headers' => [ 'CAS-LOGIN' => 'test', 'Content-Type' => 'application/merge-patch+json' ]]);
22+
$testUser = $this->createUser('Foo', 'Bar', 'foobar');
23+
$testUserId = $testUser->getId();
24+
$testUserStudentId = $testUser->getStudentId();
25+
$testUserNationality = $testUser->getInfos()->getNationality();
26+
$testUserBirthday = $testUser->getInfos()->getBirthday()->format(DateTimeInterface::RFC3339);
27+
$testUserAvatar = $testUser->getInfos()->getAvatar();
28+
$crawler = $client->request('PATCH', '/users/'.$testUser->getId(), [ 'body' => json_encode([
29+
'socialNetwork' => [
30+
'facebook' => 'https://facebook.com/foobar',
31+
'twitter' => 'https://twitter.com/foobar',
32+
'instagram' => 'https://instagram.com/foobar',
33+
'linkedin' => 'https://linkedin.com/foobar',
34+
'pseudoDiscord' => 'FooBar',
35+
'wantDiscordUTT' => true,
36+
],
37+
'RGPD' => [
38+
'isKeepingAccount' => true,
39+
'isDeletingEverything' => true,
40+
],
41+
'preference' => [
42+
'birthdayDisplayOnlyAge' => false,
43+
'language' => 'en',
44+
'wantDaymail' => false,
45+
'wantDayNotif' => false,
46+
],
47+
'infos' => [
48+
'sex' => 'Féminin',
49+
'nickname' => 'foobar',
50+
'passions' => 'I don\'t have passions :(',
51+
'website' => 'https://foobar.com',
52+
],
53+
'addresses' => [
54+
'street' => 'Foobar Avenue',
55+
'postalCode' => '00 000',
56+
'city' => 'Foobar City',
57+
'country' => 'United States of Foobar',
58+
],
59+
'mailsPhone' => [
60+
'mailPersonal' => '[email protected]',
61+
'phoneNumber' => '01 23 45 67 89',
62+
]
63+
])]);
64+
$this->assertResponseStatusCodeSame(Response::HTTP_OK);
65+
$response = json_decode($crawler->getContent());
66+
// User checks
67+
print_r($response);
68+
$this->assertEquals($testUserId->jsonSerialize(), $response->{'id'});
69+
$this->assertEquals('foobar', $response->{'login'});
70+
$this->assertEquals($testUserStudentId, $response->{'studentId'});
71+
$this->assertEquals('Foo', $response->{'firstName'});
72+
$this->assertEquals('Bar', $response->{'lastName'});
73+
// socialNetwork checks
74+
$this->assertEquals('https://facebook.com/foobar', $response->{'socialNetwork'}->{'facebook'});
75+
$this->assertEquals('https://twitter.com/foobar', $response->{'socialNetwork'}->{'twitter'});
76+
$this->assertEquals('https://instagram.com/foobar', $response->{'socialNetwork'}->{'instagram'});
77+
$this->assertEquals('https://linkedin.com/foobar', $response->{'socialNetwork'}->{'linkedin'});
78+
$this->assertEquals('FooBar', $response->{'socialNetwork'}->{'pseudoDiscord'});
79+
$this->assertEquals(true, $response->{'socialNetwork'}->{'wantDiscordUTT'});
80+
// infos checks
81+
$this->assertEquals('Féminin', $response->{'infos'}->{'sex'});
82+
$this->assertEquals($testUserNationality, $response->{'infos'}->{'nationality'});
83+
$this->assertEquals($testUserBirthday, $response->{'infos'}->{'birthday'});
84+
$this->assertEquals($testUserAvatar, $response->{'infos'}->{'avatar'});
85+
$this->assertEquals('foobar', $response->{'infos'}->{'nickname'});
86+
$this->assertEquals('I don\'t have passions :(', $response->{'infos'}->{'passions'});
87+
$this->assertEquals('https://foobar.com', $response->{'infos'}->{'website'});
88+
// addresses checks
89+
$this->assertEquals(1, $response->{'addresses'}->length());
90+
$this->assertEquals('Foobar Avenue', $response->{'addresses'}[0]->{'street'});
91+
$this->assertEquals('00 000', $response->{'addresses'}[0]->{'postalCode'});
92+
$this->assertEquals('Foobar City', $response->{'addresses'}[0]->{'city'});
93+
$this->assertEquals('United States of Foobar', $response->{'addresses'}[0]->{'country'});
94+
// mailsPhones checks
95+
$this->assertEquals('[email protected]', $response->{'mailsPhones'}->{'mailPersonal'});
96+
$this->assertEquals('01 23 45 67 89', $response->{'mailsPhones'}->{'phoneNumber'});
97+
}
98+
99+
public function testNotConnected() : void
100+
{
101+
$client = static::createClient();
102+
$client->setDefaultOptions([ 'headers' => ['Content-Type' => 'application/merge-patch+json' ]]);
103+
$client->request('PATCH', '/users/'.$this->user->getId(), [ 'body' => []]);
104+
$this->assertResponseStatusCodeSame(Response::HTTP_UNAUTHORIZED);
105+
$client->request('PATCH', '/users/'.Uuid::uuid(), [ 'body' => []]);
106+
$this->assertResponseStatusCodeSame(Response::HTTP_UNAUTHORIZED);
107+
}
108+
109+
public function testNonExistingUser() : void
110+
{
111+
$client = static::createClient();
112+
$client->setDefaultOptions([ 'headers' => [ 'CAS-LOGIN' => 'test', 'Content-Type' => 'application/merge-patch+json' ]]);
113+
$client->request('PATCH', '/users/'.Uuid::uuid(), [ 'body' => []]);
114+
$this->assertResponseStatusCodeSame(Response::HTTP_NOT_FOUND);
115+
}
116+
117+
public function testNoParameter() : void
118+
{
119+
$client = static::createClient();
120+
$client->setDefaultOptions([ 'headers' => [ 'CAS-LOGIN' => 'test', 'Content-Type' => 'application/merge-patch+json' ]]);
121+
$client->request('PATCH', '/users/'.$this->user->getId());
122+
$this->assertResponseStatusCodeSame(Response::HTTP_BAD_REQUEST);
123+
}
124+
125+
public function testSQLInjection() : void
126+
{
127+
$client = static::createClient();
128+
$client->setDefaultOptions([ 'headers' => [ 'CAS-LOGIN' => 'test', 'Content-Type' => 'application/merge-patch+json' ]]);
129+
$testUser = $this->createUser('foo', 'bar', 'foobar');
130+
$client->request('PATCH', '/users/\'', [ 'body' => [] ]);
131+
$this->assertResponseStatusCodeSame(Response::HTTP_NOT_FOUND);
132+
$client->request('PATCH', '/users/"', [ 'body' => [] ]);
133+
$this->assertResponseStatusCodeSame(Response::HTTP_NOT_FOUND);
134+
$client->request('PATCH', '/users/'.$testUser->getId(), [ 'body' => [ 'socialNetwork' => ['facebook' => '\''] ]]);
135+
$this->assertResponseStatusCodeSame(Response::HTTP_UNPROCESSABLE_ENTITY);
136+
$client->request('PATCH', '/users/'.$testUser->getId(), [ 'body' => [ 'socialNetwork' => ['facebook' => '"'] ]]);
137+
$this->assertResponseStatusCodeSame(Response::HTTP_UNPROCESSABLE_ENTITY);
138+
}
139+
140+
public function testInvalidFieldContent() : void
141+
{
142+
$client = static::createClient();
143+
$client->setDefaultOptions([ 'headers' => [ 'CAS-LOGIN' => 'test', 'Content-Type' => 'application/merge-patch+json' ]]);
144+
$testUser = $this->createUser('foo', 'bar', 'foobar');
145+
$client->request('PATCH', '/users/\'', [ 'body' => [] ]);
146+
$this->assertResponseStatusCodeSame(Response::HTTP_NOT_FOUND);
147+
$client->request('PATCH', '/users/"', [ 'body' => [] ]);
148+
$this->assertResponseStatusCodeSame(Response::HTTP_NOT_FOUND);
149+
$client->request('PATCH', '/users/'.$testUser->getId(), [ 'body' => [ 'socialNetwork' => ['facebook' => '\''] ]]);
150+
$this->assertResponseStatusCodeSame(Response::HTTP_UNPROCESSABLE_ENTITY);
151+
$client->request('PATCH', '/users/'.$testUser->getId(), [ 'body' => [ 'socialNetwork' => ['facebook' => '"'] ]]);
152+
$this->assertResponseStatusCodeSame(Response::HTTP_UNPROCESSABLE_ENTITY);
153+
}
154+
155+
}

0 commit comments

Comments
 (0)