Elgato_dark/appwrite
1
0
Fork 0
mirror of https://github.com/appwrite/appwrite synced 2026-05-04 05:48:22 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 6
appwrite/tests/e2e/Services/Teams/TeamsCustomClientTest.php

175 lines
6.6 KiB
PHP
Raw Normal View History

Added e2e tests to teams service
2020-01-16 14:06:28 +00:00
<?php
namespace Tests\E2E\Services\Teams;
fixes: Clean URL variables
2024-07-22 13:37:28 +00:00
use Tests\E2E\Client;
Added e2e tests to teams service
2020-01-16 14:06:28 +00:00
use Tests\E2E\Scopes\ProjectCustom;
chore: run formatter
2024-03-06 17:34:21 +00:00
use Tests\E2E\Scopes\Scope;
Added e2e tests to teams service
2020-01-16 14:06:28 +00:00
use Tests\E2E\Scopes\SideClient;
Upgrade utopia-php dependencies and fix namespace changes - Upgrade utopia-php/cli from 0.15 to 0.22 - Upgrade utopia-php/analytics from 0.10 to 0.15 - Upgrade utopia-php/orchestration from 0.9 to 0.19 - Use dev branches for utopia-php/framework and utopia-php/platform - Remove utopia-php/swoole dependency (merged into framework) - Migrate Utopia\CLI\Console to Utopia\Console across all files - Migrate Utopia\Http to Utopia\Http\Http namespace - Migrate Utopia\Swoole\Files to Utopia\Http\Files (now instance-based) - Convert static CLI::setResource() calls to instance-based Dependency API - Fix StatsResources task named parameter mismatch
2026-02-10 05:04:24 +00:00
use Utopia\Console;
Added e2e tests to teams service
2020-01-16 14:06:28 +00:00
class TeamsCustomClientTest extends Scope
{
use TeamsBase;
use TeamsBaseClient;
use ProjectCustom;
use SideClient;
fixes: Clean URL variables
2024-07-22 13:37:28 +00:00
fix: tests
2024-11-06 15:35:31 +00:00
/**
* @depends testGetTeamMemberships
*/
fix: tests
2024-11-07 10:13:20 +00:00
public function testGetMembershipPrivacy($data)
fix: tests
2024-11-06 15:35:31 +00:00
{
$teamUid = $data['teamUid'] ?? '';
$projectId = $this->getProject()['$id'];
feat: memberships privacy
2024-11-06 20:15:31 +00:00
$response = $this->client->call(Client::METHOD_PATCH, '/projects/' . $projectId . '/auth/memberships-privacy', array_merge([
fix: tests
2024-11-06 15:35:31 +00:00
'content-type' => 'application/json',
'x-appwrite-project' => 'console',
'cookie' => 'a_session_console=' . $this->getRoot()['session'],
]), [
feat: memberships privacy
2024-11-06 20:15:31 +00:00
'userName' => false,
'userEmail' => false,
'mfa' => false,
fix: tests
2024-11-06 15:35:31 +00:00
]);
$this->assertEquals(200, $response['headers']['status-code']);
/**
* Test that sensitive fields are hidden
*/
$response = $this->client->call(Client::METHOD_GET, '/teams/' . $teamUid . '/memberships', array_merge([
'content-type' => 'application/json',
'x-appwrite-project' => $projectId,
], $this->getHeaders()));
$this->assertEquals(200, $response['headers']['status-code']);
$this->assertIsInt($response['body']['total']);
$this->assertNotEmpty($response['body']['memberships'][0]['$id']);
// Assert that sensitive fields are not present
$this->assertEmpty($response['body']['memberships'][0]['userName']);
$this->assertEmpty($response['body']['memberships'][0]['userEmail']);
$this->assertFalse($response['body']['memberships'][0]['mfa']);
/**
* Update project settings to show sensitive fields
*/
feat: memberships privacy
2024-11-06 20:15:31 +00:00
$response = $this->client->call(Client::METHOD_PATCH, '/projects/' . $projectId . '/auth/memberships-privacy', array_merge([
fix: tests
2024-11-06 15:35:31 +00:00
'content-type' => 'application/json',
'x-appwrite-project' => 'console',
'cookie' => 'a_session_console=' . $this->getRoot()['session'],
]), [
feat: memberships privacy
2024-11-06 20:15:31 +00:00
'userName' => true,
'userEmail' => true,
'mfa' => true,
fix: tests
2024-11-06 15:35:31 +00:00
]);
$this->assertEquals(200, $response['headers']['status-code']);
/**
* Test that sensitive fields are shown
*/
$response = $this->client->call(Client::METHOD_GET, '/teams/' . $teamUid . '/memberships', array_merge([
'content-type' => 'application/json',
'x-appwrite-project' => $projectId,
], $this->getHeaders()));
$this->assertEquals(200, $response['headers']['status-code']);
$this->assertIsInt($response['body']['total']);
$this->assertNotEmpty($response['body']['memberships'][0]['$id']);
// Assert that sensitive fields are present
fix: tests
2024-11-06 16:54:02 +00:00
$this->assertNotEmpty($response['body']['memberships'][0]['userName']);
$this->assertNotEmpty($response['body']['memberships'][0]['userEmail']);
$this->assertArrayHasKey('mfa', $response['body']['memberships'][0]);
fix: memberships-privacy mfa only
2024-11-13 09:45:50 +00:00
/**
* Update project settings to show only MFA
*/
$response = $this->client->call(Client::METHOD_PATCH, '/projects/' . $this->getProject()['$id'] . '/auth/memberships-privacy', array_merge([
'content-type' => 'application/json',
'x-appwrite-project' => 'console',
'cookie' => 'a_session_console=' . $this->getRoot()['session'],
]), [
'userName' => false,
'userEmail' => false,
'mfa' => true,
]);
$this->assertEquals(200, $response['headers']['status-code']);
/**
* Test that sensitive fields are not shown
*/
$response = $this->client->call(Client::METHOD_GET, '/teams/' . $teamUid . '/memberships', array_merge([
'content-type' => 'application/json',
'x-appwrite-project' => $projectId,
], $this->getHeaders()));
$this->assertEquals(200, $response['headers']['status-code']);
$this->assertIsInt($response['body']['total']);
$this->assertNotEmpty($response['body']['memberships'][0]['$id']);
// Assert that sensitive fields are present
$this->assertEmpty($response['body']['memberships'][0]['userName']);
$this->assertEmpty($response['body']['memberships'][0]['userEmail']);
$this->assertArrayHasKey('mfa', $response['body']['memberships'][0]);
fix: tests
2024-11-06 15:35:31 +00:00
}
fixes: Clean URL variables
2024-07-22 13:37:28 +00:00
/**
* @depends testUpdateTeamMembership
*/
public function testTeamsInviteHTMLInjection($data): array
{
$teamUid = $data['teamUid'] ?? '';
$email = uniqid() . 'friend@localhost.test';
$name = 'Friend User';
$password = 'password';
// Create a user account before we create a invite so we can check if the user has permissions when it shouldn't
$user = $this->client->call(Client::METHOD_POST, '/account', [
'content-type' => 'application/json',
'x-appwrite-project' => 'console'], [
'userId' => 'unique()',
'email' => $email,
'password' => $password,
'name' => $name,
], false);
$this->assertEquals(201, $user['headers']['status-code']);
$response = $this->client->call(Client::METHOD_POST, '/teams/' . $teamUid . '/memberships', array_merge([
'content-type' => 'application/json',
'x-appwrite-project' => $this->getProject()['$id'],
], $this->getHeaders()), [
'email' => $email,
'name' => $name,
'roles' => ['admin', 'editor'],
'url' => 'http://localhost:5000/join-us\"></a><h1>INJECTED</h1>'
]);
$this->assertEquals(201, $response['headers']['status-code']);
$email = $this->getLastEmail();
fix: teams test.
2025-03-29 11:49:46 +00:00
Console::log(json_encode([
'testTeamsInviteHTMLInjection' => $email
], JSON_PRETTY_PRINT));
fixes: Clean URL variables
2024-07-22 13:37:28 +00:00
$encoded = 'http://localhost:5000/join-us\&quot;&gt;&lt;/a&gt;&lt;h1&gt;INJECTED&lt;/h1&gt;?';
$this->assertStringNotContainsString('<h1>INJECTED</h1>', $email['html']);
$this->assertStringContainsString($encoded, $email['html']);
$response = $this->client->call(Client::METHOD_DELETE, '/teams/' . $teamUid . '/memberships/'.$response['body']['$id'], array_merge([
'content-type' => 'application/json',
'x-appwrite-project' => $this->getProject()['$id'],
], $this->getHeaders()));
$this->assertEquals(204, $response['headers']['status-code']);
return $data;
}
format files in app, src, tests
2022-05-23 14:54:50 +00:00
}
Reference in a new issue Copy permalink