From 1fb212b55330cc5c80fd539fb7a0c17bd5711617 Mon Sep 17 00:00:00 2001 From: philipp lang Date: Tue, 23 Nov 2021 01:02:18 +0100 Subject: [PATCH] Add filter for member id --- app/Providers/AppServiceProvider.php | 10 ++++-- app/Setting/GeneralSettings.php | 3 ++ ...3113_create_allowed_nami_login_setting.php | 11 +++++++ packages/laravel-nami | 2 +- tests/Feature/Course/DeleteTest.php | 3 +- tests/Feature/Course/StoreTest.php | 3 +- tests/Feature/Course/UpdateTest.php | 5 ++- tests/Feature/Initialize/InitializeTest.php | 21 +++--------- tests/Feature/LoginTest.php | 32 +++++++++++++++++++ tests/Feature/Pdf/GenerateTest.php | 4 +-- tests/Feature/Settings/GlobalSettingTest.php | 2 +- tests/TestCase.php | 3 +- 12 files changed, 68 insertions(+), 31 deletions(-) create mode 100644 database/settings/2021_11_22_233113_create_allowed_nami_login_setting.php diff --git a/app/Providers/AppServiceProvider.php b/app/Providers/AppServiceProvider.php index 6109d728..9e262a1f 100644 --- a/app/Providers/AppServiceProvider.php +++ b/app/Providers/AppServiceProvider.php @@ -2,9 +2,12 @@ namespace App\Providers; +use App\Setting\GeneralSettings; use Illuminate\Http\RedirectResponse; use Illuminate\Http\Resources\Json\JsonResource; +use Illuminate\Support\Facades\Event; use Illuminate\Support\ServiceProvider; +use Zoomyboy\LaravelNami\Authentication\NamiGuard; class AppServiceProvider extends ServiceProvider { @@ -24,7 +27,6 @@ class AppServiceProvider extends ServiceProvider return $this; }); - } /** @@ -34,6 +36,10 @@ class AppServiceProvider extends ServiceProvider */ public function boot() { - // + NamiGuard::beforeLogin(function(array $credentials) { + return in_array($credentials['mglnr'], app(GeneralSettings::class)->allowed_nami_accounts) + ? null + : false; + }); } } diff --git a/app/Setting/GeneralSettings.php b/app/Setting/GeneralSettings.php index a4cbc89c..0504989d 100644 --- a/app/Setting/GeneralSettings.php +++ b/app/Setting/GeneralSettings.php @@ -12,6 +12,9 @@ class GeneralSettings extends Settings public bool $single_view; + /** @var array */ + public array $allowed_nami_accounts; + /** * @return array */ diff --git a/database/settings/2021_11_22_233113_create_allowed_nami_login_setting.php b/database/settings/2021_11_22_233113_create_allowed_nami_login_setting.php new file mode 100644 index 00000000..5629864b --- /dev/null +++ b/database/settings/2021_11_22_233113_create_allowed_nami_login_setting.php @@ -0,0 +1,11 @@ +migrator->add('general.allowed_nami_accounts', []); + } +} diff --git a/packages/laravel-nami b/packages/laravel-nami index d96457dd..6d6aa603 160000 --- a/packages/laravel-nami +++ b/packages/laravel-nami @@ -1 +1 @@ -Subproject commit d96457dd338857306b6ffb14da5444b8cf08417a +Subproject commit 6d6aa60363554c7f049ff91691302c7ef5c92d79 diff --git a/tests/Feature/Course/DeleteTest.php b/tests/Feature/Course/DeleteTest.php index 94049e76..8a396893 100644 --- a/tests/Feature/Course/DeleteTest.php +++ b/tests/Feature/Course/DeleteTest.php @@ -23,9 +23,8 @@ class DeleteTest extends TestCase app(CourseFake::class)->deleteSuccessful(123, 999); $member = Member::factory()->defaults()->inNami(123)->has(CourseMember::factory()->inNami(999)->for(Course::factory()), 'courses')->createOne(); - $response = $this->delete("/member/{$member->id}/course/{$member->courses->first()->id}"); + $this->delete("/member/{$member->id}/course/{$member->courses->first()->id}"); - $response->assertRedirect("/member"); $this->assertDatabaseCount('course_members', 0); app(CourseFake::class)->assertDeleted(123, 999); } diff --git a/tests/Feature/Course/StoreTest.php b/tests/Feature/Course/StoreTest.php index 7e69c6db..67de9402 100644 --- a/tests/Feature/Course/StoreTest.php +++ b/tests/Feature/Course/StoreTest.php @@ -77,14 +77,13 @@ class StoreTest extends TestCase $course = Course::factory()->inNami(456)->createOne(); app(CourseFake::class)->createsSuccessful(123, 999); - $response = $this->post("/member/{$member->id}/course", [ + $this->post("/member/{$member->id}/course", [ 'course_id' => $course->id, 'completed_at' => '2021-01-02', 'event_name' => '::event::', 'organizer' => '::org::', ]); - $response->assertRedirect("/member"); $this->assertDatabaseHas('course_members', [ 'member_id' => $member->id, 'course_id' => $course->id, diff --git a/tests/Feature/Course/UpdateTest.php b/tests/Feature/Course/UpdateTest.php index 928c8279..2aa754a7 100644 --- a/tests/Feature/Course/UpdateTest.php +++ b/tests/Feature/Course/UpdateTest.php @@ -78,14 +78,13 @@ class UpdateTest extends TestCase $member = Member::factory()->defaults()->inNami(123)->has(CourseMember::factory()->inNami(999)->for(Course::factory()), 'courses')->createOne(); $newCourse = Course::factory()->inNami(789)->create(); - $response = $this->patch("/member/{$member->id}/course/{$member->courses->first()->id}", array_merge([ + $this->patch("/member/{$member->id}/course/{$member->courses->first()->id}", array_merge([ 'course_id' => $newCourse->id, 'completed_at' => '1999-02-03', 'event_name' => '::newevent::', 'organizer' => '::neworg::', ])); - $response->assertRedirect("/member"); $this->assertDatabaseHas('course_members', [ 'member_id' => $member->id, 'course_id' => $newCourse->id, @@ -115,7 +114,7 @@ class UpdateTest extends TestCase 'event_name' => '::event::', 'organizer' => '::org::', ]); - + $response->assertSessionHasErrors(['id' => 'Unbekannter Fehler']); } diff --git a/tests/Feature/Initialize/InitializeTest.php b/tests/Feature/Initialize/InitializeTest.php index 8400d47c..c7457732 100644 --- a/tests/Feature/Initialize/InitializeTest.php +++ b/tests/Feature/Initialize/InitializeTest.php @@ -65,10 +65,7 @@ class InitializeTest extends TestCase { $this->withoutExceptionHandling(); $this->initializeProvider(); - $this->post('/login', [ - 'mglnr' => 123, - 'password' => 'secret', - ]); + $this->login(); $this->post('/initialize'); @@ -129,10 +126,7 @@ class InitializeTest extends TestCase $this->member(['courses' => [ ['bausteinId' => 506, 'id' => 788, 'veranstalter' => 'KJA', 'vstgName' => 'eventname', 'vstgTag' => '2021-11-12 00:00:00'] ]]) ]); }); - $this->post('/login', [ - 'mglnr' => 123, - 'password' => 'secret', - ]); + $this->login(); $this->post('/initialize'); @@ -152,10 +146,7 @@ class InitializeTest extends TestCase $this->initializeProvider(function($backend) { $backend->fakeMembers([$this->member(['eintrittsdatum' => null])]); }); - $this->post('/login', [ - 'mglnr' => 123, - 'password' => 'secret', - ]); + $this->login(); $this->post('/initialize'); @@ -192,11 +183,7 @@ class InitializeTest extends TestCase $backend->fakeMembers($members->toArray()); }); - - $this->post('/login', [ - 'mglnr' => 123, - 'password' => 'secret', - ]); + $this->login(); $this->post('/initialize'); diff --git a/tests/Feature/LoginTest.php b/tests/Feature/LoginTest.php index dd4c5762..c4e373c5 100644 --- a/tests/Feature/LoginTest.php +++ b/tests/Feature/LoginTest.php @@ -2,6 +2,7 @@ namespace Tests\Feature; +use App\Setting\GeneralSettings; use Illuminate\Foundation\Testing\RefreshDatabase; use Illuminate\Foundation\Testing\WithFaker; use Illuminate\Support\Facades\Cache; @@ -13,6 +14,8 @@ use Zoomyboy\LaravelNami\Backend\FakeBackend; class LoginTest extends TestCase { + use RefreshDatabase; + public function setUp(): void { parent::setUp(); @@ -21,6 +24,7 @@ class LoginTest extends TestCase public function testItCanLoginWithANamiAccount(): void { $this->withoutExceptionHandling(); + $this->setLoginId(123); app(FakeBackend::class) ->fakeLogin('123') ->addSearch(123, ['entries_vorname' => '::firstname::', 'entries_nachname' => '::lastname::', 'entries_gruppierungId' => 1000]); @@ -43,6 +47,7 @@ class LoginTest extends TestCase public function testItDoesntLoginTwoTimes(): void { $this->withoutExceptionHandling(); + $this->setLoginId(123); app(FakeBackend::class) ->fakeLogin('123') ->addSearch(123, ['entries_vorname' => '::firstname::', 'entries_nachname' => '::lastname::', 'entries_gruppierungId' => 1000]); @@ -65,6 +70,7 @@ class LoginTest extends TestCase public function testItResolvesTheLoginFromTheCache(): void { $this->withoutExceptionHandling(); + $this->setLoginId(123); app(FakeBackend::class) ->fakeLogin('123') ->addSearch(123, ['entries_vorname' => '::firstname::', 'entries_nachname' => '::lastname::', 'entries_gruppierungId' => 1000]); @@ -86,6 +92,7 @@ class LoginTest extends TestCase public function testItThrowsExceptionWhenLoginFailed(): void { + $this->setLoginId(123); app(FakeBackend::class)->fakeFailedLogin(); $this->post('/login', [ @@ -98,4 +105,29 @@ class LoginTest extends TestCase Http::assertSentCount(2); } + public function testItCannotLoginWithAWrongNamiId(): void + { + app(FakeBackend::class) + ->fakeLogin('123') + ->addSearch(123, ['entries_vorname' => '::firstname::', 'entries_nachname' => '::lastname::', 'entries_gruppierungId' => 1000]); + + $this->post('/login', [ + 'mglnr' => 123, + 'password' => 'secret' + ])->assertRedirect('/'); + + $this->assertTrue(auth()->guest()); + + Http::assertSentCount(0); + } + + private function setLoginId(int $mglNr): self + { + GeneralSettings::fake([ + 'allowed_nami_accounts' => [$mglNr] + ]); + + return $this; + } + } diff --git a/tests/Feature/Pdf/GenerateTest.php b/tests/Feature/Pdf/GenerateTest.php index 073efd9e..6a75fe31 100644 --- a/tests/Feature/Pdf/GenerateTest.php +++ b/tests/Feature/Pdf/GenerateTest.php @@ -151,7 +151,7 @@ class GenerateTest extends TestCase ?array $output = null ): void { $this->withoutExceptionHandling(); - $this->login(); + $this->login()->init(); $members = $this->setupMembers($members); $urlId = call_user_func($urlCallable, $members); @@ -180,7 +180,7 @@ class GenerateTest extends TestCase ?array $output = null ): void { $this->withoutExceptionHandling(); - $this->login(); + $this->login()->init(); $members = $this->setupMembers($members); $urlId = call_user_func($urlCallable, $members); diff --git a/tests/Feature/Settings/GlobalSettingTest.php b/tests/Feature/Settings/GlobalSettingTest.php index 67bdec36..f18a61f6 100644 --- a/tests/Feature/Settings/GlobalSettingTest.php +++ b/tests/Feature/Settings/GlobalSettingTest.php @@ -15,7 +15,7 @@ class GlobalSettingTest extends TestCase public function testItLoadsGeneralSettings(): void { GeneralSettings::fake([ - 'modules' => ['bill'] + 'modules' => ['bill'], ]); $this->withoutExceptionHandling(); $this->login()->init(); diff --git a/tests/TestCase.php b/tests/TestCase.php index 681c584f..2fde3cc7 100644 --- a/tests/TestCase.php +++ b/tests/TestCase.php @@ -3,6 +3,7 @@ namespace Tests; use App\Member\Member; +use App\Setting\GeneralSettings; use Illuminate\Foundation\Testing\TestCase as BaseTestCase; use Illuminate\Testing\TestResponse; use Tests\Lib\InertiaMixin; @@ -25,7 +26,7 @@ abstract class TestCase extends BaseTestCase app(FakeBackend::class) ->fakeLogin('123') ->addSearch(123, ['entries_vorname' => '::firstname::', 'entries_nachname' => '::lastname::', 'entries_gruppierungId' => 1000]); - $this->post('/login', [ + auth()->login([ 'mglnr' => 123, 'password' => 'secret', ]);