My Account: Covered profile and auth pages with tests

Author: ssddanbrown

app/Users/Controllers/UserAccountController.php

@@ -161,7 +161,7 @@ public function updateNotifications(Request $request)
      */
     public function showAuth(SocialAuthService $socialAuthService)
     {
-        $mfaMethods = user()->mfaValues->groupBy('method');
+        $mfaMethods = user()->mfaValues()->get()->groupBy('method');
 
         $this->setPageTitle(trans('preferences.auth'));
 

tests/Permissions/RolePermissionsTest.php

@@ -49,6 +49,7 @@ public function test_user_cannot_change_email_unless_they_have_manage_users_perm
 
         $resp = $this->get('/my-account/profile')->assertOk();
         $this->withHtml($resp)->assertElementExists('input[name=email][disabled]');
+        $resp->assertSee('Unfortunately you don\'t have permission to change your email address.');
         $this->put('/my-account/profile', [
             'name'  => 'my_new_name',
             'email' => 'new_email@example.com',

tests/User/UserMyAccountTest.php

@@ -2,8 +2,13 @@
 
 namespace Tests\User;
 
+use BookStack\Access\Mfa\MfaValue;
 use BookStack\Activity\Tools\UserEntityWatchOptions;
 use BookStack\Activity\WatchLevels;
+use BookStack\Api\ApiToken;
+use BookStack\Uploads\Image;
+use Illuminate\Support\Facades\Hash;
+use Illuminate\Support\Str;
 use Tests\TestCase;
 
 class UserMyAccountTest extends TestCase
@@ -26,6 +31,166 @@ public function test_views_not_accessible_to_guest_user()
             $resp->assertRedirect('/');
         }
     }
+
+    public function test_profile_updating()
+    {
+        $editor = $this->users->editor();
+
+        $resp = $this->actingAs($editor)->get('/my-account/profile');
+        $resp->assertSee('Profile Details');
+
+        $html = $this->withHtml($resp);
+        $html->assertFieldHasValue('name', $editor->name);
+        $html->assertFieldHasValue('email', $editor->email);
+
+        $resp = $this->put('/my-account/profile', [
+            'name' => 'Barryius',
+            'email' => 'barryius@example.com',
+            'language' => 'fr',
+        ]);
+
+        $resp->assertRedirect('/my-account/profile');
+        $this->assertDatabaseHas('users', [
+            'name' => 'Barryius',
+            'email' => $editor->email, // No email change due to not having permissions
+        ]);
+        $this->assertEquals(setting()->getUser($editor, 'language'), 'fr');
+    }
+
+    public function test_profile_user_avatar_update_and_reset()
+    {
+        $user = $this->users->viewer();
+        $avatarFile = $this->files->uploadedImage('avatar-icon.png');
+
+        $this->assertEquals(0, $user->image_id);
+
+        $upload = $this->actingAs($user)->call('PUT', "/my-account/profile", [
+            'name' => 'Barry Scott',
+        ], [], ['profile_image' => $avatarFile], []);
+        $upload->assertRedirect('/my-account/profile');
+
+
+        $user->refresh();
+        $this->assertNotEquals(0, $user->image_id);
+        /** @var Image $image */
+        $image = Image::query()->findOrFail($user->image_id);
+        $this->assertFileExists(public_path($image->path));
+
+        $reset = $this->put("/my-account/profile", [
+            'name' => 'Barry Scott',
+            'profile_image_reset' => 'true',
+        ]);
+        $upload->assertRedirect('/my-account/profile');
+
+        $user->refresh();
+        $this->assertFileDoesNotExist(public_path($image->path));
+        $this->assertEquals(0, $user->image_id);
+    }
+
+    public function test_profile_admin_options_link_shows_if_permissions_allow()
+    {
+        $editor = $this->users->editor();
+
+        $resp = $this->actingAs($editor)->get('/my-account/profile');
+        $resp->assertDontSee('Administrator Options');
+        $this->withHtml($resp)->assertLinkNotExists(url("/settings/users/{$editor->id}"));
+
+        $this->permissions->grantUserRolePermissions($editor, ['users-manage']);
+
+        $resp = $this->actingAs($editor)->get('/my-account/profile');
+        $resp->assertSee('Administrator Options');
+        $this->withHtml($resp)->assertLinkExists(url("/settings/users/{$editor->id}"));
+    }
+
+    public function test_profile_self_delete()
+    {
+        $editor = $this->users->editor();
+
+        $resp = $this->actingAs($editor)->get('/my-account/profile');
+        $this->withHtml($resp)->assertLinkExists(url('/my-account/delete'), 'Delete Account');
+
+        $resp = $this->get('/my-account/delete');
+        $resp->assertSee('Delete My Account');
+        $this->withHtml($resp)->assertElementContains('form[action$="/my-account"] button', 'Confirm');
+
+        $resp = $this->delete('/my-account');
+        $resp->assertRedirect('/');
+
+        $this->assertDatabaseMissing('users', ['id' => $editor->id]);
+    }
+
+    public function test_profile_self_delete_shows_ownership_migration_if_can_manage_users()
+    {
+        $editor = $this->users->editor();
+
+        $resp = $this->actingAs($editor)->get('/my-account/delete');
+        $resp->assertDontSee('Migrate Ownership');
+
+        $this->permissions->grantUserRolePermissions($editor, ['users-manage']);
+
+        $resp = $this->actingAs($editor)->get('/my-account/delete');
+        $resp->assertSee('Migrate Ownership');
+    }
+
+    public function test_auth_password_change()
+    {
+        $editor = $this->users->editor();
+
+        $resp = $this->actingAs($editor)->get('/my-account/auth');
+        $resp->assertSee('Change Password');
+        $this->withHtml($resp)->assertElementExists('form[action$="/my-account/auth/password"]');
+
+        $password = Str::random();
+        $resp = $this->put('/my-account/auth/password', [
+            'password' => $password,
+            'password-confirm' => $password,
+        ]);
+        $resp->assertRedirect('/my-account/auth');
+
+        $editor->refresh();
+        $this->assertTrue(Hash::check($password, $editor->password));
+    }
+
+    public function test_auth_password_change_hides_if_not_using_email_auth()
+    {
+        $editor = $this->users->editor();
+
+        $resp = $this->actingAs($editor)->get('/my-account/auth');
+        $resp->assertSee('Change Password');
+
+        config()->set('auth.method', 'oidc');
+
+        $resp = $this->actingAs($editor)->get('/my-account/auth');
+        $resp->assertDontSee('Change Password');
+    }
+
+    public function test_auth_page_has_mfa_links()
+    {
+        $editor = $this->users->editor();
+        $resp = $this->actingAs($editor)->get('/my-account/auth');
+        $resp->assertSee('0 methods configured');
+        $this->withHtml($resp)->assertLinkExists(url('/mfa/setup'));
+
+        MfaValue::upsertWithValue($editor, 'totp', 'testval');
+
+        $resp = $this->get('/my-account/auth');
+        $resp->assertSee('1 method configured');
+    }
+
+    public function test_auth_page_api_tokens()
+    {
+        $editor = $this->users->editor();
+        $resp = $this->actingAs($editor)->get('/my-account/auth');
+        $resp->assertSee('API Tokens');
+        $this->withHtml($resp)->assertLinkExists(url("/api-tokens/{$editor->id}/create?context=my-account"));
+
+        ApiToken::factory()->create(['user_id' => $editor->id, 'name' => 'My great token']);
+        $editor->unsetRelations();
+
+        $resp = $this->get('/my-account/auth');
+        $resp->assertSee('My great token');
+    }
+
     public function test_interface_shortcuts_updating()
     {
         $this->asEditor();