This project does not seem to handle request data directly as such no vulnerable execution paths were found.
include
, or for example
via PHP's auto-loading mechanism.
These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more
1 | <?php |
||
2 | |||
3 | use App\Comment; |
||
4 | use App\User; |
||
5 | use App\Video; |
||
6 | use Chrisbjr\ApiGuard\Models\ApiKey; |
||
7 | use Illuminate\Foundation\Testing\DatabaseMigrations; |
||
8 | |||
9 | class CommentAPITest extends TestCase |
||
10 | { |
||
11 | use DatabaseMigrations; |
||
12 | |||
13 | /** |
||
14 | * Create fake user. |
||
15 | * |
||
16 | * @return mixed |
||
17 | */ |
||
18 | public function createUser() |
||
19 | { |
||
20 | $user = factory(User::class)->create(); |
||
21 | $this->createUserApiKey($user); |
||
22 | |||
23 | return $user; |
||
24 | } |
||
25 | |||
26 | /** |
||
27 | * @param User $user |
||
28 | * |
||
29 | * @return mixed |
||
30 | */ |
||
31 | private function createUserApiKey(User $user) |
||
32 | { |
||
33 | $apiKey = ApiKey::make($user->id); |
||
34 | $user->apiKey()->save($apiKey); |
||
35 | } |
||
36 | |||
37 | /** |
||
38 | * Create fake video. |
||
39 | * |
||
40 | * @return \App\Video |
||
41 | */ |
||
42 | View Code Duplication | private function createFakeVideo($user) |
|
0 ignored issues
–
show
|
|||
43 | { |
||
44 | $faker = Faker\Factory::create(); |
||
45 | $video = new Video(); |
||
46 | $video->name = $faker->sentence; |
||
47 | $video->category = $faker->word; |
||
48 | $video->path = $faker->url; |
||
49 | $user->getVideos()->save($video); |
||
50 | |||
51 | return $video; |
||
52 | } |
||
53 | |||
54 | private function createFakeComment($user_id, $video_id) |
||
55 | { |
||
56 | $data = [ |
||
57 | 'user_id' => $user_id, |
||
58 | 'video_id' => $video_id, |
||
59 | 'comment' => 'Lorem ipsum comment', |
||
60 | ]; |
||
61 | |||
62 | $comment = Comment::create($data); |
||
63 | |||
64 | return $comment; |
||
65 | } |
||
66 | |||
67 | /** |
||
68 | * Test comments in database are listed by API. |
||
69 | * |
||
70 | * @return void |
||
71 | */ |
||
72 | public function testCommentsInDatabaseAreListedByAPI() |
||
73 | { |
||
74 | $user = $this->createUser(); |
||
75 | $video = $this->createFakeVideo($user); |
||
76 | $this->createFakeComment($user->id, $video->id); |
||
77 | |||
78 | $this->get('/api/videos/'.$video->id.'/comments') |
||
79 | ->seeJsonStructure([ |
||
80 | '*' => [ |
||
81 | '*' => [ |
||
82 | 'user_id', 'video_id', 'comment', |
||
83 | ], |
||
84 | ], |
||
85 | ])->seeStatusCode(200); |
||
86 | } |
||
87 | |||
88 | /** |
||
89 | * Test store comments and see in DB. |
||
90 | * |
||
91 | * @return void |
||
92 | */ |
||
93 | View Code Duplication | public function testCanBePostCommentAndSeeInDB() |
|
0 ignored issues
–
show
This method seems to be duplicated in your project.
Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. ![]() |
|||
94 | { |
||
95 | $user = $this->createUser(); |
||
96 | $video = $this->createFakeVideo($user); |
||
97 | |||
98 | $data = [ |
||
99 | 'user_id' => $user->id, |
||
100 | 'video_id' => $video->id, |
||
101 | 'comment' => 'This is example comment', |
||
102 | ]; |
||
103 | |||
104 | $this->post('/api/videos/'.$video->id.'/comments', $data, ['X-Authorization' => $user->apiKey->key])->seeInDatabase('comments', $data); |
||
105 | $this->get('/api/videos/'.$video->id.'/comments')->seeJsonContains($data)->seeStatusCode(200); |
||
106 | } |
||
107 | |||
108 | /** |
||
109 | * Test videos can be update and see changes on database. |
||
110 | * |
||
111 | * @return void |
||
112 | */ |
||
113 | public function testCommentsCanBeUpdatedAndSeeChangesInDatabase() |
||
114 | { |
||
115 | $user = $this->createUser(); |
||
116 | $video = $this->createFakeVideo($user); |
||
117 | $comment = $this->createFakeComment($user->id, $video->id); |
||
118 | $request = [ |
||
119 | 'id' => $comment->id, |
||
120 | 'comment' => 'This is example update comment', |
||
121 | ]; |
||
122 | $data = [ |
||
123 | 'id' => $comment->id, |
||
124 | 'user_id' => $comment->user_id, |
||
125 | 'video_id' => $comment->video_id, |
||
126 | 'comment' => 'This is example update comment', |
||
127 | ]; |
||
128 | $this->put('/api/videos/'.$video->id.'/comments/', $request, ['X-Authorization' => $user->apiKey->key])->seeInDatabase('comments', $data); |
||
129 | $this->get('/api/videos/'.$video->id.'/comments/')->seeJsonContains($data)->seeStatusCode(200); |
||
130 | } |
||
131 | |||
132 | /** |
||
133 | * Test comments can be deleted and not see on database. |
||
134 | * |
||
135 | * @return void |
||
136 | */ |
||
137 | public function testCommentsCanBeDeletedAndNotSeenOnDatabase() |
||
138 | { |
||
139 | $user = $this->createUser(); |
||
140 | $video = $this->createFakeVideo($user); |
||
141 | $comment = $this->createFakeComment($user->id, $video->id); |
||
142 | |||
143 | $data = [ |
||
144 | 'id' => $comment->id, |
||
145 | 'user_id' => $comment->user_id, |
||
146 | 'video_id' => $comment->video_id, |
||
147 | 'comment' => $comment->comment, |
||
148 | ]; |
||
149 | |||
150 | $request = [ |
||
151 | 'id' => $comment->id, |
||
152 | ]; |
||
153 | |||
154 | $this->delete('/api/videos/'.$video->id.'/comments', $request, ['X-Authorization' => $user->apiKey->key])->notSeeInDatabase('comments', $data); |
||
155 | $this->get('/api/videos/'.$video->id.'/comments/')->dontSeeJson($data)->seeStatusCode(200); |
||
156 | } |
||
157 | } |
||
158 |
Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation.
You can also find more detailed suggestions in the “Code” section of your repository.