adalal/solidtime
1
0
Fork 0
mirror of https://github.com/solidtime-io/solidtime.git synced 2026-06-15 05:22:44 +01:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: adalal:7035d5fd6e6d119fbaa0f7ba31366f02453091ba
Branches Tags
adalal:main adalal:feature/user-management adalal:dependabot/github_actions/main/codecov/codecov-action-7.0.0 adalal:dependabot/github_actions/main/docker/setup-qemu-action-4 adalal:dependabot/npm_and_yarn/main/major-updates-87a9fdc274 adalal:dependabot/composer/main/minor-updates-6d1cf0063b adalal:dependabot/npm_and_yarn/main/minor-updates-04904bbd88 adalal:feature/timesheets adalal:feature/openapi_invoice_clone adalal:feature/update_openapi_invoice_copy adalal:feature/public_projects adalal:dependabot/github_actions/main/docker/login-action-4 adalal:dependabot/github_actions/main/actions/download-artifact-8 adalal:dependabot/github_actions/main/docker/metadata-action-6 adalal:feature/docker_runtime_uid_remap adalal:fix/dropdown-alphabetical-sort adalal:dependabot/npm_and_yarn/npm_and_yarn-eeacf2bf74 adalal:feature/e2e_setup_data_api_fix adalal:feature/calendar_settings adalal:feature/upgrade_inertia adalal:claude/fix-issue-997-qdXZK adalal:feature/fix_rounding_up_on_boundaries adalal:feature/change_calendar_header_duration_basis_to_minutes adalal:feature/project_table_sorting_filtering adalal:feature/fix_acl_time_entries_private_projects adalal:feature/move_date_components_to_ui_package adalal:feature/employee_create_task_permission adalal:feature/update_packages adalal:hotfix/exporter_client_archived_at adalal:feature/add_support_for_hhmmss_input_format adalal:feature/add_set_end_time_to_timetracker adalal:pullrequests/GROSSWEBER/employee-assigned-clients adalal:feature/add_discard_option adalal:feature/add_restrict_overlap_option adalal:feature/reporting_tag_grouping adalal:feature/tag_grouping adalal:feature/sidebar_dropdowns adalal:feature/calendar_view adalal:feature/add_shared_report_e2e_tests adalal:feature/on-premise-build adalal:feature/fix_billable_filter_reporting adalal:feature/add_contribution_guidelines adalal:feature/add_strict_js_formatting adalal:feature/fix_font_embed adalal:feature/fix-modules-service-provider adalal:feature/fix_time_entry_row_inconsistency adalal:dependabot/composer/composer-3c676574cc adalal:dependabot/npm_and_yarn/npm_and_yarn-1db02b7bbb adalal:feature/rounding adalal:feature/expiring-api-tokens adalal:feature/dependencies_update adalal:feature/fix_last_seven_days_labels adalal:feature/consistency_fixes adalal:feature/delete_member_with_related adalal:feature/12_hour_format_timepicker_support adalal:feature/fix_system_theme_change adalal:feature/postgres_versions adalal:feature/github_actions_permissions adalal:feature/parallel_tests_in_github_action adalal:feature/consistency_checks adalal:feature/base_request adalal:feature/formatting_options_frontend adalal:hotfix/fix_query_invalidation_on_detailed_update adalal:feature/fix_shared_report_currency adalal:feature/add_reporting_e2e_tests adalal:feature/more_validation_for_clockify_importer adalal:feature/fix_import_issue_with_duplicate_project_names adalal:feature/number_and_date_formats adalal:feature/light_mode adalal:feature/chart-api adalal:feature/hide_billable_amounts_for_employees adalal:feature/fix_bug_in_merge_into adalal:feature/fix_timepicker_dropdown adalal:feature/fix_toggl_import_timezone adalal:feature/api_tokens adalal:feature/fix_docker_image adalal:feature/try_to_fix_build adalal:feature/improve_recently_tracked_dropdown adalal:feature/improve_focus_states adalal:feature/disable_registration adalal:feature/fix_tests adalal:feature/update_ui_package adalal:feature/roles_for_project_members adalal:feature/tanstack_tables
adalal:v0.14.0 adalal:v0.13.0 adalal:v0.12.2 adalal:v0.12.1 adalal:v0.12.0 adalal:v0.11.6 adalal:v0.11.5 adalal:v0.11.4 adalal:v0.11.3 adalal:v0.11.2 adalal:v0.11.1 adalal:v0.11.0 adalal:v0.10.0 adalal:v0.9.0 adalal:v0.8.0 adalal:v0.7.0 adalal:v0.6.0 adalal:v0.5.0 adalal:v0.4.0 adalal:v0.3.1 adalal:v0.3.0 adalal:v0.2.0 adalal:v0.1.0 adalal:v0.0.3 adalal:v0.0.2 adalal:0.0.2 adalal:v0.0.1 adalal:0.0.1
...
compare: adalal:feature/user-management
Branches Tags
adalal:feature/user-management adalal:dependabot/github_actions/main/codecov/codecov-action-7.0.0 adalal:dependabot/github_actions/main/docker/setup-qemu-action-4 adalal:main adalal:dependabot/npm_and_yarn/main/major-updates-87a9fdc274 adalal:dependabot/composer/main/minor-updates-6d1cf0063b adalal:dependabot/npm_and_yarn/main/minor-updates-04904bbd88 adalal:feature/timesheets adalal:feature/openapi_invoice_clone adalal:feature/update_openapi_invoice_copy adalal:feature/public_projects adalal:dependabot/github_actions/main/docker/login-action-4 adalal:dependabot/github_actions/main/actions/download-artifact-8 adalal:dependabot/github_actions/main/docker/metadata-action-6 adalal:feature/docker_runtime_uid_remap adalal:fix/dropdown-alphabetical-sort adalal:dependabot/npm_and_yarn/npm_and_yarn-eeacf2bf74 adalal:feature/e2e_setup_data_api_fix adalal:feature/calendar_settings adalal:feature/upgrade_inertia adalal:claude/fix-issue-997-qdXZK adalal:feature/fix_rounding_up_on_boundaries adalal:feature/change_calendar_header_duration_basis_to_minutes adalal:feature/project_table_sorting_filtering adalal:feature/fix_acl_time_entries_private_projects adalal:feature/move_date_components_to_ui_package adalal:feature/employee_create_task_permission adalal:feature/update_packages adalal:hotfix/exporter_client_archived_at adalal:feature/add_support_for_hhmmss_input_format adalal:feature/add_set_end_time_to_timetracker adalal:pullrequests/GROSSWEBER/employee-assigned-clients adalal:feature/add_discard_option adalal:feature/add_restrict_overlap_option adalal:feature/reporting_tag_grouping adalal:feature/tag_grouping adalal:feature/sidebar_dropdowns adalal:feature/calendar_view adalal:feature/add_shared_report_e2e_tests adalal:feature/on-premise-build adalal:feature/fix_billable_filter_reporting adalal:feature/add_contribution_guidelines adalal:feature/add_strict_js_formatting adalal:feature/fix_font_embed adalal:feature/fix-modules-service-provider adalal:feature/fix_time_entry_row_inconsistency adalal:dependabot/composer/composer-3c676574cc adalal:dependabot/npm_and_yarn/npm_and_yarn-1db02b7bbb adalal:feature/rounding adalal:feature/expiring-api-tokens adalal:feature/dependencies_update adalal:feature/fix_last_seven_days_labels adalal:feature/consistency_fixes adalal:feature/delete_member_with_related adalal:feature/12_hour_format_timepicker_support adalal:feature/fix_system_theme_change adalal:feature/postgres_versions adalal:feature/github_actions_permissions adalal:feature/parallel_tests_in_github_action adalal:feature/consistency_checks adalal:feature/base_request adalal:feature/formatting_options_frontend adalal:hotfix/fix_query_invalidation_on_detailed_update adalal:feature/fix_shared_report_currency adalal:feature/add_reporting_e2e_tests adalal:feature/more_validation_for_clockify_importer adalal:feature/fix_import_issue_with_duplicate_project_names adalal:feature/number_and_date_formats adalal:feature/light_mode adalal:feature/chart-api adalal:feature/hide_billable_amounts_for_employees adalal:feature/fix_bug_in_merge_into adalal:feature/fix_timepicker_dropdown adalal:feature/fix_toggl_import_timezone adalal:feature/api_tokens adalal:feature/fix_docker_image adalal:feature/try_to_fix_build adalal:feature/improve_recently_tracked_dropdown adalal:feature/improve_focus_states adalal:feature/disable_registration adalal:feature/fix_tests adalal:feature/update_ui_package adalal:feature/roles_for_project_members adalal:feature/tanstack_tables
adalal:v0.14.0 adalal:v0.13.0 adalal:v0.12.2 adalal:v0.12.1 adalal:v0.12.0 adalal:v0.11.6 adalal:v0.11.5 adalal:v0.11.4 adalal:v0.11.3 adalal:v0.11.2 adalal:v0.11.1 adalal:v0.11.0 adalal:v0.10.0 adalal:v0.9.0 adalal:v0.8.0 adalal:v0.7.0 adalal:v0.6.0 adalal:v0.5.0 adalal:v0.4.0 adalal:v0.3.1 adalal:v0.3.0 adalal:v0.2.0 adalal:v0.1.0 adalal:v0.0.3 adalal:v0.0.2 adalal:0.0.2 adalal:v0.0.1 adalal:0.0.1

13 Commits
7035d5fd6e ... feature/us

Author SHA1 Message Date
Gregor Vostrak
4ff8a72f0b add comprehensive 2 factor authentication e2e tests 2026-06-10 14:13:21 +02:00
Gregor Vostrak
4790693017 add back destroy other browser sessions endpoint (jetstream migration) 2026-06-10 13:28:35 +02:00
Gregor Vostrak
3caf7438b5 update e2e test setup to use user settings api endpoint 2026-06-09 16:24:52 +02:00
Gregor Vostrak
d929d31847 change redirects and references to new organization routes 2026-06-09 13:08:22 +02:00
Gregor Vostrak
d7bb36d50f add currency to organization update endpoint 2026-06-09 12:37:20 +02:00
Gregor Vostrak
b3785f0aa6 replace hardcoded inertia props with organization delete/update perms 2026-06-09 01:43:13 +02:00
Gregor Vostrak
8e47f07f09 remove unused inertia organization page props 2026-06-09 00:32:44 +02:00
Gregor Vostrak
da611086e8 fix inertia backend role data structure after jetstream migration 2026-06-09 00:19:36 +02:00
Gregor Vostrak
a220d0e592 call api for organization create/update/delete and switch 2026-06-09 00:12:55 +02:00
Constantin Graf
0e2c4431a0 Fixed current organization after normal registration 2026-06-08 23:06:07 +02:00
Constantin Graf
2f4c079f9f Added tests 2026-06-08 22:57:02 +02:00
Gregor Vostrak
f826474f88 add switch current organization endpoint 2026-06-08 18:57:23 +02:00
Constantin Graf
98bbe800f1 Removed Laravel Jetstream 2026-06-08 17:34:55 +02:00
88 changed files with 2584 additions and 1591 deletions
Expand all files Collapse all files

3
app/Actions/Fortify/CreateNewUser.php
View File

@@ -16,7 +16,6 @@ use Illuminate\Support\Facades\Validator;
use Illuminate\Validation\ValidationException;
use Korridor\LaravelModelValidationRules\Rules\UniqueEloquent;
use Laravel\Fortify\Contracts\CreatesNewUsers;
use Laravel\Jetstream\Jetstream;
use Log;
class CreateNewUser implements CreatesNewUsers
@@ -55,7 +54,7 @@ class CreateNewUser implements CreatesNewUsers
}),
],
'password' => $this->passwordRules(),
'terms' => Jetstream::hasTermsAndPrivacyPolicyFeature() ? ['accepted', 'required'] : '',
'terms' => ['accepted', 'required'],
'newsletter_consent' => [
'boolean',
],

66
app/Actions/Fortify/UpdateUserProfileInformation.php
View File

@@ -4,16 +4,9 @@ declare(strict_types=1);
namespace App\Actions\Fortify;
use App\Enums\Weekday;
use App\Mail\VerifyUpdatedEmailMail;
use App\Exceptions\MovedToApiException;
use App\Models\User;
use Illuminate\Database\Eloquent\Builder;
use Illuminate\Support\Facades\Mail;
use Illuminate\Support\Facades\Validator;
use Illuminate\Support\Str;
use Illuminate\Validation\Rule;
use Illuminate\Validation\ValidationException;
use Korridor\LaravelModelValidationRules\Rules\UniqueEloquent;
use Laravel\Fortify\Contracts\UpdatesUserProfileInformation;
class UpdateUserProfileInformation implements UpdatesUserProfileInformation
@@ -27,61 +20,6 @@ class UpdateUserProfileInformation implements UpdatesUserProfileInformation
*/
public function update(User $user, array $input): void
{
if (isset($input['email']) && is_string($input['email'])) {
$input['email'] = Str::lower($input['email']);
}
Validator::make($input, [
'name' => [
'required',
'string',
'max:255',
],
'email' => [
'required',
'email',
'max:255',
UniqueEloquent::make(User::class, 'email')->ignore($user->id)->query(function (Builder $query) {
/** @var Builder<User> $query */
return $query->where('is_placeholder', '=', false);
}),
],
'photo' => [
'nullable',
'mimes:jpg,jpeg,png',
'max:1024',
],
'timezone' => [
'required',
'timezone:all',
],
'week_start' => [
'required',
Rule::enum(Weekday::class),
],
])->validateWithBag('updateProfileInformation');
if (isset($input['photo'])) {
$user->updateProfilePhoto($input['photo']);
}
$email = Str::lower((string) $input['email']);
if ($email !== Str::lower($user->email)) {
$user->forceFill([
'name' => $input['name'],
'pending_email' => $email,
'timezone' => $input['timezone'],
'week_start' => $input['week_start'],
])->save();
Mail::to($email)->send(new VerifyUpdatedEmailMail($user, $email));
} else {
$user->forceFill([
'name' => $input['name'],
'timezone' => $input['timezone'],
'week_start' => $input['week_start'],
])->save();
}
throw new MovedToApiException;
}
}

21
app/Actions/Jetstream/AddOrganizationMember.php
View File

@@ -1,21 +0,0 @@
<?php
declare(strict_types=1);
namespace App\Actions\Jetstream;
use App\Exceptions\MovedToApiException;
use App\Models\Organization;
use App\Models\User;
use Laravel\Jetstream\Contracts\AddsTeamMembers;
class AddOrganizationMember implements AddsTeamMembers
{
/**
* Add a new team member to the given team.
*/
public function add(User $owner, Organization $organization, string $email, ?string $role = null): void
{
throw new MovedToApiException;
}
}

60
app/Actions/Jetstream/CreateOrganization.php
View File

@@ -1,60 +0,0 @@
<?php
declare(strict_types=1);
namespace App\Actions\Jetstream;
use App\Events\AfterCreateOrganization;
use App\Models\Organization;
use App\Models\User;
use App\Service\IpLookup\IpLookupServiceContract;
use App\Service\OrganizationService;
use App\Service\UserService;
use Illuminate\Auth\Access\AuthorizationException;
use Illuminate\Support\Facades\Gate;
use Illuminate\Support\Facades\Validator;
use Illuminate\Validation\ValidationException;
use Laravel\Jetstream\Contracts\CreatesTeams;
use Laravel\Jetstream\Jetstream;
class CreateOrganization implements CreatesTeams
{
/**
* Validate and create a new team for the given user.
*
* @param array<string, string> $input
*
* @throws AuthorizationException
* @throws ValidationException
*
* @deprecated Use REST endpoint instead
*/
public function create(User $user, array $input): Organization
{
Gate::forUser($user)->authorize('create', Jetstream::newTeamModel());
Validator::make($input, [
'name' => ['required', 'string', 'max:255'],
])->validateWithBag('createTeam');
$ipLookupResponse = app(IpLookupServiceContract::class)->lookup(request()->ip());
$currency = null;
if ($ipLookupResponse !== null) {
$currency = $ipLookupResponse->currency;
}
$organization = app(OrganizationService::class)->createOrganization(
$input['name'],
$user,
false,
$currency
);
app(UserService::class)->switchCurrentOrganization($user, $organization);
AfterCreateOrganization::dispatch($organization);
return $organization;
}
}

23
app/Actions/Jetstream/DeleteOrganization.php
View File

@@ -1,23 +0,0 @@
<?php
declare(strict_types=1);
namespace App\Actions\Jetstream;
use App\Models\Organization;
use App\Service\DeletionService;
use Laravel\Jetstream\Contracts\DeletesTeams;
class DeleteOrganization implements DeletesTeams
{
/**
* Delete the given team.
*
* @deprecated Use REST endpoint instead
*/
public function delete(Organization $organization): void
{
/** @see ValidateOrganizationDeletion */
app(DeletionService::class)->deleteOrganization($organization);
}
}

32
app/Actions/Jetstream/DeleteUser.php
View File

@@ -1,32 +0,0 @@
<?php
declare(strict_types=1);
namespace App\Actions\Jetstream;
use App\Exceptions\Api\ApiException;
use App\Models\User;
use App\Service\DeletionService;
use Illuminate\Validation\ValidationException;
use Laravel\Jetstream\Contracts\DeletesUsers;
class DeleteUser implements DeletesUsers
{
/**
* Delete the given user.
*
* @throws ValidationException
*
* @deprecated Use REST endpoint instead
*/
public function delete(User $user): void
{
try {
app(DeletionService::class)->deleteUser($user);
} catch (ApiException $exception) {
throw ValidationException::withMessages([
'password' => $exception->getTranslatedMessage(),
]);
}
}
}

24
app/Actions/Jetstream/InviteOrganizationMember.php
View File

@@ -1,24 +0,0 @@
<?php
declare(strict_types=1);
namespace App\Actions\Jetstream;
use App\Exceptions\MovedToApiException;
use App\Models\Organization;
use App\Models\User;
use Exception;
use Laravel\Jetstream\Contracts\InvitesTeamMembers;
class InviteOrganizationMember implements InvitesTeamMembers
{
/**
* Invite a new team member to the given team.
*
* @throws Exception
*/
public function invite(User $user, Organization $organization, string $email, ?string $role = null): void
{
throw new MovedToApiException;
}
}

24
app/Actions/Jetstream/RemoveOrganizationMember.php
View File

@@ -1,24 +0,0 @@
<?php
declare(strict_types=1);
namespace App\Actions\Jetstream;
use App\Exceptions\MovedToApiException;
use App\Models\Organization;
use App\Models\User;
use Exception;
use Laravel\Jetstream\Contracts\RemovesTeamMembers;
class RemoveOrganizationMember implements RemovesTeamMembers
{
/**
* Remove the team member from the given team.
*
* @throws Exception
*/
public function remove(User $user, Organization $organization, User $teamMember): void
{
throw new MovedToApiException;
}
}

25
app/Actions/Jetstream/UpdateMemberRole.php
View File

@@ -1,25 +0,0 @@
<?php
declare(strict_types=1);
namespace App\Actions\Jetstream;
use App\Enums\Role;
use App\Exceptions\MovedToApiException;
use App\Models\Member;
use App\Models\Organization;
use App\Models\User;
use Exception;
class UpdateMemberRole
{
/**
* Update the role for the given team member.
*
* @throws Exception
*/
public function update(User $actingUser, Organization $organization, string $userId, string $role): void
{
throw new MovedToApiException;
}
}

48
app/Actions/Jetstream/UpdateOrganization.php
View File

@@ -1,48 +0,0 @@
<?php
declare(strict_types=1);
namespace App\Actions\Jetstream;
use App\Models\Organization;
use App\Models\User;
use App\Rules\CurrencyRule;
use Illuminate\Auth\Access\AuthorizationException;
use Illuminate\Support\Facades\Gate;
use Illuminate\Support\Facades\Validator;
use Illuminate\Validation\ValidationException;
use Laravel\Jetstream\Contracts\UpdatesTeamNames;
class UpdateOrganization implements UpdatesTeamNames
{
/**
* Validate and update the given team's name.
*
* @param array<string, string> $input
*
* @throws AuthorizationException
* @throws ValidationException
*/
public function update(User $user, Organization $organization, array $input): void
{
Gate::forUser($user)->authorize('update', $organization);
Validator::make($input, [
'name' => [
'required',
'string',
'max:255',
],
'currency' => [
'required',
'string',
new CurrencyRule,
],
])->validateWithBag('updateTeamName');
$organization->forceFill([
'name' => $input['name'],
'currency' => $input['currency'],
])->save();
}
}

30
app/Actions/Jetstream/ValidateOrganizationDeletion.php
View File

@@ -1,30 +0,0 @@
<?php
declare(strict_types=1);
namespace App\Actions\Jetstream;
use App\Models\Organization;
use App\Models\User;
use App\Service\PermissionStore;
use Illuminate\Auth\Access\AuthorizationException;
class ValidateOrganizationDeletion
{
/**
* Validate that the team can be deleted by the given user.
*
* @param User $user Authenticated user
* @param Organization $organization Organization to be deleted
*
* @throws AuthorizationException
*
* @deprecated Use REST endpoint instead
*/
public function validate(User $user, Organization $organization): void
{
if (! app(PermissionStore::class)->userHas($organization, $user, 'organizations:delete')) {
throw new AuthorizationException;
}
}
}

4
app/Enums/Role.php
View File

@@ -4,8 +4,12 @@ declare(strict_types=1);
namespace App\Enums;
use Datomatic\LaravelEnumHelper\LaravelEnumHelper;
enum Role: string
{
use LaravelEnumHelper;
case Owner = 'owner';
case Admin = 'admin';
case Manager = 'manager';

35
app/Events/OrganizationInvitationAdding.php Normal file
View File

@@ -0,0 +1,35 @@
<?php
declare(strict_types=1);
namespace App\Events;
use App\Enums\Role;
use App\Models\Organization;
use App\Models\User;
use Illuminate\Foundation\Events\Dispatchable;
class OrganizationInvitationAdding
{
use Dispatchable;
public Organization $organization;
public string $email;
public Role $role;
public User $inviter;
public function __construct(
Organization $organization,
string $email,
Role $role,
User $inviter
) {
$this->role = $role;
$this->email = $email;
$this->organization = $organization;
$this->inviter = $inviter;
}
}

2
app/Filament/Resources/OrganizationResource/RelationManagers/InvitationsRelationManager.php
View File

@@ -64,7 +64,7 @@ class InvitationsRelationManager extends RelationManager
$ownerRecord = $this->getOwnerRecord();
return app(InvitationService::class)
->inviteUser($ownerRecord, $data['email'], Role::from($data['role']));
->inviteUser($ownerRecord, $data['email'], Role::from($data['role']), auth()->user());
}),
])
->actions([

2
app/Http/Controllers/Api/V1/InvitationController.php
View File

@@ -63,7 +63,7 @@ class InvitationController extends Controller
$email = $request->getEmail();
$role = $request->getRole();
$invitationService->inviteUser($organization, $email, $role);
$invitationService->inviteUser($organization, $email, $role, $this->user());
return response()->json(null, 204);
}

2
app/Http/Controllers/Api/V1/MemberController.php
View File

@@ -192,7 +192,7 @@ class MemberController extends Controller
throw new ThisPlaceholderCanNotBeInvitedUseTheMergeToolInsteadException;
}
$invitationService->inviteUser($organization, $user->email, Role::Employee);
$invitationService->inviteUser($organization, $user->email, Role::Employee, $this->user());
return response()->json(null, 204);
}

3
app/Http/Controllers/Api/V1/OrganizationController.php
View File

@@ -50,6 +50,9 @@ class OrganizationController extends Controller
if ($request->getName() !== null) {
$organization->name = $request->getName();
}
if ($request->getCurrency() !== null) {
$organization->currency = $request->getCurrency();
}
if ($request->getEmployeesCanSeeBillableRates() !== null) {
$organization->employees_can_see_billable_rates = $request->getEmployeesCanSeeBillableRates();
}

33
app/Http/Controllers/Api/V1/TimeZoneController.php Normal file
View File

@@ -0,0 +1,33 @@
<?php
declare(strict_types=1);
namespace App\Http\Controllers\Api\V1;
use App\Service\TimezoneService;
use Illuminate\Http\JsonResponse;
class TimeZoneController extends Controller
{
/**
* Get all timezones
*
* @response object{key: string}[]
*
* @operationId getTimezones
*/
public function index(): JsonResponse
{
$timezones = app(TimezoneService::class)->getTimezones();
$response = [];
foreach ($timezones as $timezone) {
$response[] = (object) [
'key' => $timezone,
];
}
return response()->json($response);
}
}

34
app/Http/Controllers/Api/V1/UserController.php
View File

@@ -6,11 +6,14 @@ namespace App\Http\Controllers\Api\V1;
use App\Exceptions\Api\CanNotDeleteUserWhoIsOwnerOfOrganizationWithMultipleMembers;
use App\Exceptions\Api\UserResendEmailVerificationNoPendingEmailApiException;
use App\Http\Requests\V1\User\UserUpdateCurrentOrganizationRequest;
use App\Http\Requests\V1\User\UserUpdateRequest;
use App\Http\Resources\V1\User\UserResource;
use App\Mail\VerifyUpdatedEmailMail;
use App\Models\Organization;
use App\Models\User;
use App\Service\DeletionService;
use App\Service\UserService;
use App\Support\Base64File;
use Illuminate\Auth\Access\AuthorizationException;
use Illuminate\Http\JsonResponse;
@@ -36,6 +39,35 @@ class UserController extends Controller
return new UserResource($user);
}
/**
* Update the current organization of the current user
*
* Switches the organization that the user is currently working in. The user
* must be a member of the given organization. This endpoint is independent of
* the organization.
*
* @operationId updateMyCurrentOrganization
*
* @throws AuthorizationException
*/
public function updateMyCurrentOrganization(UserUpdateCurrentOrganizationRequest $request, UserService $userService): UserResource
{
$user = $this->user();
/** @var Organization|null $organization */
$organization = $user->organizations()
->whereKey($request->getOrganizationId())
->first();
if ($organization === null) {
throw new AuthorizationException;
}
$userService->switchCurrentOrganization($user, $organization);
return new UserResource($user->refresh());
}
/**
* Update the current user
*
@@ -50,7 +82,7 @@ class UserController extends Controller
}
if ($request->hasPhotoKey()) {
$photoDisk = (string) config('jetstream.profile_photo_disk', 'public');
$photoDisk = (string) config('filesystems.public');
$previousPhotoPath = $user->profile_photo_path;
$newPhoto = $request->getPhoto();

19
app/Http/Controllers/Web/Controller.php
View File

@@ -4,4 +4,21 @@ declare(strict_types=1);
namespace App\Http\Controllers\Web;
abstract class Controller extends \App\Http\Controllers\Controller {}
use App\Models\Organization;
use App\Service\PermissionStore;
use Illuminate\Auth\Access\AuthorizationException;
abstract class Controller extends \App\Http\Controllers\Controller
{
public function __construct(
protected PermissionStore $permissionStore,
) {}
/**
* @throws AuthorizationException
*/
protected function hasPermission(Organization $organization, string $permission): bool
{
return $this->permissionStore->has($organization, $permission);
}
}

63
app/Http/Controllers/Web/OrganizationController.php Normal file
View File

@@ -0,0 +1,63 @@
<?php
declare(strict_types=1);
namespace App\Http\Controllers\Web;
use App\Models\Organization;
use Brick\Money\Currency;
use Brick\Money\ISOCurrencyProvider;
use Illuminate\Http\RedirectResponse;
use Illuminate\Http\Request;
use Illuminate\Support\Str;
use Inertia\Inertia;
use Inertia\Response;
class OrganizationController extends Controller
{
/**
* Show the team creation screen.
*/
public function create(Request $request): Response
{
return Inertia::render('Teams/Create');
}
/**
* Show the organizatio details screen.
*
* @param string $organizationId The organization ID
*/
public function show(string $organizationId): Response|RedirectResponse
{
$organization = Str::isUuid($organizationId) ? Organization::find($organizationId) : null;
if ($organization === null) {
return redirect()->route('dashboard');
}
if (! $this->hasPermission($organization, 'organizations:view')) {
return redirect()->route('dashboard');
}
$owner = $organization->owner;
return Inertia::render('Teams/Show', [
'team' => [
'id' => $organization->getKey(),
'name' => $organization->name,
'currency' => $organization->currency,
'owner' => [
'id' => $owner->getKey(),
'name' => $owner->name,
'profile_photo_url' => $owner->profile_photo_url,
],
],
'currencies' => array_map(function (Currency $currency): string {
return $currency->getName();
}, ISOCurrencyProvider::getInstance()->getAvailableCurrencies()),
'permissions' => [
'canDeleteTeam' => $this->hasPermission($organization, 'organizations:delete'),
'canUpdateTeam' => $this->hasPermission($organization, 'organizations:update'),
],
]);
}
}

54
app/Http/Controllers/Web/OtherBrowserSessionsController.php Normal file
View File

@@ -0,0 +1,54 @@
<?php
declare(strict_types=1);
namespace App\Http\Controllers\Web;
use Illuminate\Contracts\Auth\StatefulGuard;
use Illuminate\Http\RedirectResponse;
use Illuminate\Http\Request;
use Illuminate\Routing\Controller;
use Illuminate\Support\Facades\DB;
use Illuminate\Validation\ValidationException;
use Laravel\Fortify\Actions\ConfirmPassword;
class OtherBrowserSessionsController extends Controller
{
/**
* Log the user out of their other browser sessions across all devices.
*/
public function destroy(Request $request, StatefulGuard $guard): RedirectResponse
{
$password = (string) $request->string('password');
$confirmed = app(ConfirmPassword::class)($guard, $request->user(), $password);
if (! $confirmed) {
throw ValidationException::withMessages([
'password' => __('The password is incorrect.'),
]);
}
$guard->logoutOtherDevices($password);
$this->deleteOtherSessionRecords($request);
return back(303);
}
/**
* Delete the other browser session records from storage.
*/
protected function deleteOtherSessionRecords(Request $request): void
{
if (config('session.driver') !== 'database') {
return;
}
DB::connection(config('session.connection'))
->table(config('session.table', 'sessions'))
->where('user_id', $request->user()->getAuthIdentifier())
->where('id', '!=', $request->session()->getId())
->delete();
}
}

142
app/Http/Controllers/Web/UserProfileController.php Normal file
View File

@@ -0,0 +1,142 @@
<?php
declare(strict_types=1);
namespace App\Http\Controllers\Web;
use App\Enums\Weekday;
use App\Service\Dto\UserAgentDto;
use App\Service\TimezoneService;
use Illuminate\Http\Request;
use Illuminate\Routing\Controller;
use Illuminate\Support\Carbon;
use Illuminate\Support\Facades\Auth;
use Illuminate\Support\Facades\DB;
use Inertia\Inertia;
use Inertia\Response;
use Laravel\Fortify\Actions\DisableTwoFactorAuthentication;
use Laravel\Fortify\Features;
class UserProfileController extends Controller
{
/**
* Validate the two-factor authentication state for the request.
*/
protected function validateTwoFactorAuthenticationState(Request $request): void
{
if (! Features::optionEnabled(Features::twoFactorAuthentication(), 'confirm')) {
return;
}
$currentTime = time();
// Notate totally disabled state in session...
if ($this->twoFactorAuthenticationDisabled($request)) {
$request->session()->put('two_factor_empty_at', $currentTime);
}
// If was previously totally disabled this session but is now confirming, notate time...
if ($this->hasJustBegunConfirmingTwoFactorAuthentication($request)) {
$request->session()->put('two_factor_confirming_at', $currentTime);
}
// If the profile is reloaded and is not confirmed but was previously in confirming state, disable...
if ($this->neverFinishedConfirmingTwoFactorAuthentication($request, $currentTime)) {
app(DisableTwoFactorAuthentication::class)(Auth::user());
$request->session()->put('two_factor_empty_at', $currentTime);
$request->session()->remove('two_factor_confirming_at');
}
}
/**
* Determine if two-factor authentication is totally disabled.
*
* @return bool
*/
protected function twoFactorAuthenticationDisabled(Request $request)
{
return is_null($request->user()->two_factor_secret) &&
is_null($request->user()->two_factor_confirmed_at);
}
/**
* Determine if two-factor authentication is just now being confirmed within the last request cycle.
*
* @return bool
*/
protected function hasJustBegunConfirmingTwoFactorAuthentication(Request $request)
{
return ! is_null($request->user()->two_factor_secret) &&
is_null($request->user()->two_factor_confirmed_at) &&
$request->session()->has('two_factor_empty_at') &&
is_null($request->session()->get('two_factor_confirming_at'));
}
/**
* Determine if two-factor authentication was never totally confirmed once confirmation started.
*
* @return bool
*/
protected function neverFinishedConfirmingTwoFactorAuthentication(Request $request, int $currentTime)
{
return ! array_key_exists('code', $request->session()->getOldInput()) &&
is_null($request->user()->two_factor_confirmed_at) &&
$request->session()->get('two_factor_confirming_at', 0) !== $currentTime;
}
/**
* Show the general profile settings screen.
*/
public function show(Request $request): Response
{
$this->validateTwoFactorAuthenticationState($request);
return Inertia::render('Profile/Show', [
'timezones' => app(TimezoneService::class)->getSelectOptions(),
'weekdays' => Weekday::toSelectArray(),
'confirmsTwoFactorAuthentication' => Features::optionEnabled(Features::twoFactorAuthentication(), 'confirm'),
'sessions' => $this->sessions($request),
]);
}
/**
* Get the current sessions.
*
* @return array<int, object{agent: array{is_desktop: bool, platform: string|null, browser: string|null}, ip_address: string, is_current_device: bool, last_active: string}&\stdClass>
*/
public function sessions(Request $request): array
{
if (config('session.driver') !== 'database') {
return [];
}
return collect(
DB::connection(config('session.connection'))->table(config('session.table', 'sessions'))
->where('user_id', $request->user()->getAuthIdentifier())
->orderBy('last_activity', 'desc')
->get()
)->map(function (object $session) use ($request): object {
$agent = $this->createAgent(is_string($session->user_agent) ? $session->user_agent : '');
return (object) [
'agent' => [
'is_desktop' => $agent->isDesktop(),
'platform' => $agent->platform(),
'browser' => $agent->browser(),
],
'ip_address' => is_string($session->ip_address) ? $session->ip_address : '',
'is_current_device' => $session->id === $request->session()->getId(),
'last_active' => Carbon::createFromTimestamp($session->last_activity)->diffForHumans(),
];
})->all();
}
/**
* Create a new agent instance from the given session.
*/
protected function createAgent(string $userAgent): UserAgentDto
{
return tap(new UserAgentDto, fn ($agent) => $agent->setUserAgent($userAgent));
}
}

16
app/Http/Middleware/ShareInertiaData.php
View File

@@ -26,7 +26,7 @@ class ShareInertiaData
$permissions = app(PermissionStore::class);
Inertia::share([
'auth' => [
'permissions' => $request->user() !== null && $request->user()->currentTeam !== null ? $permissions->getPermissions($request->user()->currentTeam) : [],
'permissions' => $request->user() !== null && $request->user()->currentOrganization !== null ? $permissions->getPermissions($request->user()->currentOrganization) : [],
'user' => function () use ($request): array {
/** @var User|null $user */
$user = $request->user();
@@ -35,6 +35,8 @@ class ShareInertiaData
return [];
}
$currentOrganization = $user->currentOrganization;
return array_merge([
'id' => $user->id,
'name' => $user->name,
@@ -47,12 +49,12 @@ class ShareInertiaData
'profile_photo_url' => $user->profile_photo_url,
'two_factor_enabled' => Features::enabled(Features::twoFactorAuthentication())
&& ! is_null($user->two_factor_secret),
'current_team' => $user->currentTeam !== null ? [
'id' => $user->currentTeam->id,
'user_id' => $user->currentTeam->user_id,
'name' => $user->currentTeam->name,
'personal_team' => $user->currentTeam->personal_team,
'currency' => $user->currentTeam->currency,
'current_team' => $currentOrganization !== null ? [
'id' => $currentOrganization->id,
'user_id' => $currentOrganization->user_id,
'name' => $currentOrganization->name,
'personal_team' => $currentOrganization->personal_team,
'currency' => $currentOrganization->currency,
] : null,
], array_filter([
'all_teams' => $user->organizations->map(function (Organization $organization): array {

12
app/Http/Requests/V1/Organization/OrganizationUpdateRequest.php
View File

@@ -11,6 +11,7 @@ use App\Enums\NumberFormat;
use App\Enums\TimeFormat;
use App\Http\Requests\V1\BaseFormRequest;
use App\Models\Organization;
use App\Rules\CurrencyRule;
use Illuminate\Validation\Rule;
/**
@@ -21,7 +22,7 @@ class OrganizationUpdateRequest extends BaseFormRequest
/**
* Get the validation rules that apply to the request.
*
* @return array<string, array<string|\Illuminate\Contracts\Validation\Rule>>
* @return array<string, array<string|\Illuminate\Contracts\Validation\Rule|\Illuminate\Contracts\Validation\ValidationRule>>
*/
public function rules(): array
{
@@ -30,6 +31,10 @@ class OrganizationUpdateRequest extends BaseFormRequest
'string',
'max:255',
],
'currency' => [
'string',
new CurrencyRule,
],
'billable_rate' => array_merge(
[
'nullable',
@@ -68,6 +73,11 @@ class OrganizationUpdateRequest extends BaseFormRequest
return $this->has('name') ? (string) $this->input('name') : null;
}
public function getCurrency(): ?string
{
return $this->has('currency') ? (string) $this->input('currency') : null;
}
public function getNumberFormat(): ?NumberFormat
{
return $this->has('number_format') ? NumberFormat::from($this->input('number_format')) : null;

32
app/Http/Requests/V1/User/UserUpdateCurrentOrganizationRequest.php Normal file
View File

@@ -0,0 +1,32 @@
<?php
declare(strict_types=1);
namespace App\Http\Requests\V1\User;
use App\Http\Requests\V1\BaseFormRequest;
use Illuminate\Contracts\Validation\ValidationRule;
class UserUpdateCurrentOrganizationRequest extends BaseFormRequest
{
/**
* Get the validation rules that apply to the request.
*
* @return array<string, array<string|ValidationRule>>
*/
public function rules(): array
{
return [
'organization_id' => [
'required',
'string',
'uuid',
],
];
}
public function getOrganizationId(): string
{
return (string) $this->input('organization_id');
}
}

5
app/Models/Member.php
View File

@@ -9,10 +9,11 @@ use App\Models\Concerns\HasUuids;
use Database\Factories\MemberFactory;
use Illuminate\Database\Eloquent\Collection;
use Illuminate\Database\Eloquent\Factories\HasFactory;
use Illuminate\Database\Eloquent\Model;
use Illuminate\Database\Eloquent\Relations\BelongsTo;
use Illuminate\Database\Eloquent\Relations\HasMany;
use Illuminate\Database\Eloquent\Relations\Pivot;
use Illuminate\Support\Carbon;
use Laravel\Jetstream\Membership as JetstreamMembership;
use OwenIt\Auditing\Contracts\Auditable as AuditableContract;
/**
@@ -30,7 +31,7 @@ use OwenIt\Auditing\Contracts\Auditable as AuditableContract;
*
* @method static MemberFactory factory()
*/
class Member extends JetstreamMembership implements AuditableContract
class Member extends Pivot implements AuditableContract
{
use CustomAuditable;

28
app/Models/Organization.php
View File

@@ -14,6 +14,7 @@ use App\Models\Concerns\HasUuids;
use Database\Factories\OrganizationFactory;
use Illuminate\Database\Eloquent\Collection;
use Illuminate\Database\Eloquent\Factories\HasFactory;
use Illuminate\Database\Eloquent\Model;
use Illuminate\Database\Eloquent\ModelNotFoundException;
use Illuminate\Database\Eloquent\Relations\BelongsTo;
use Illuminate\Database\Eloquent\Relations\BelongsToMany;
@@ -21,11 +22,6 @@ use Illuminate\Database\Eloquent\Relations\HasMany;
use Illuminate\Database\Eloquent\Relations\Pivot;
use Illuminate\Support\Carbon;
use Illuminate\Support\Str;
use Laravel\Jetstream\Events\TeamCreated;
use Laravel\Jetstream\Events\TeamDeleted;
use Laravel\Jetstream\Events\TeamUpdated;
use Laravel\Jetstream\Team;
use Laravel\Jetstream\Team as JetstreamTeam;
use OwenIt\Auditing\Contracts\Auditable as AuditableContract;
/**
@@ -53,7 +49,7 @@ use OwenIt\Auditing\Contracts\Auditable as AuditableContract;
*
* @method static OrganizationFactory factory()
*/
class Organization extends JetstreamTeam implements AuditableContract
class Organization extends Model implements AuditableContract
{
use CustomAuditable;
@@ -91,17 +87,6 @@ class Organization extends JetstreamTeam implements AuditableContract
'personal_team',
];
/**
* The event map for the model.
*
* @var array<string, class-string>
*/
protected $dispatchesEvents = [
'created' => TeamCreated::class,
'updated' => TeamUpdated::class,
'deleted' => TeamDeleted::class,
];
/**
* The model's default values for attributes.
*
@@ -163,12 +148,13 @@ class Organization extends JetstreamTeam implements AuditableContract
}
/**
* This method prevents an unhandled exception when the ID is not a UUID.
* Normally this can be fixed with a route pattern, but Jetstream does not use route model binding.
* Find a model by its primary key or throw an exception.
*
* @param array<string> $columns
* @param array<int, string> $columns
*
* @throws ModelNotFoundException<Model>
*/
public function findOrFail(string $id, array $columns = ['*']): Team
public static function findOrFail(string $id, array $columns = ['*']): Model
{
if (! Str::isUuid($id)) {
throw (new ModelNotFoundException)->setModel(

4
app/Models/OrganizationInvitation.php
View File

@@ -8,9 +8,9 @@ use App\Models\Concerns\CustomAuditable;
use App\Models\Concerns\HasUuids;
use Database\Factories\OrganizationInvitationFactory;
use Illuminate\Database\Eloquent\Factories\HasFactory;
use Illuminate\Database\Eloquent\Model;
use Illuminate\Database\Eloquent\Relations\BelongsTo;
use Illuminate\Support\Carbon;
use Laravel\Jetstream\TeamInvitation as JetstreamTeamInvitation;
use OwenIt\Auditing\Contracts\Auditable as AuditableContract;
/**
@@ -25,7 +25,7 @@ use OwenIt\Auditing\Contracts\Auditable as AuditableContract;
*
* @method static OrganizationInvitationFactory factory()
*/
class OrganizationInvitation extends JetstreamTeamInvitation implements AuditableContract
class OrganizationInvitation extends Model implements AuditableContract
{
use CustomAuditable;

5
app/Models/User.php
View File

@@ -26,8 +26,6 @@ use Illuminate\Notifications\Notifiable;
use Illuminate\Support\Carbon;
use Illuminate\Support\Facades\Storage;
use Laravel\Fortify\TwoFactorAuthenticatable;
use Laravel\Jetstream\HasProfilePhoto;
use Laravel\Jetstream\HasTeams;
use Laravel\Passport\AuthCode;
use Laravel\Passport\Contracts\OAuthenticatable;
use Laravel\Passport\HasApiTokens;
@@ -46,7 +44,6 @@ use OwenIt\Auditing\Contracts\Auditable as AuditableContract;
* @property Weekday $week_start
* @property string|null $profile_photo_path
* @property-read Organization|null $currentOrganization
* @property-read Organization|null $currentTeam
* @property-read string $profile_photo_url
* @property-read Collection<int, Token> $tokens
* @property Carbon|null $created_at
@@ -71,8 +68,6 @@ class User extends Authenticatable implements AuditableContract, FilamentUser, M
/** @use HasFactory<UserFactory> */
use HasFactory;
use HasProfilePhoto;
use HasTeams;
use HasUuids;
use Notifiable;
use TwoFactorAuthenticatable;

102
app/Policies/OrganizationPolicy.php
View File

@@ -1,102 +0,0 @@
<?php
declare(strict_types=1);
namespace App\Policies;
use App\Models\Organization;
use App\Models\User;
use App\Service\PermissionStore;
use Filament\Facades\Filament;
use Illuminate\Auth\Access\HandlesAuthorization;
class OrganizationPolicy
{
use HandlesAuthorization;
/**
* Determine whether the user can view any models.
*/
public function viewAny(User $user): bool
{
if (Filament::isServing()) {
return true;
}
return false;
}
/**
* Determine whether the user can view the model.
*/
public function view(User $user, Organization $organization): bool
{
if (Filament::isServing()) {
return true;
}
return $user->isMemberOfOrganization($organization);
}
/**
* Determine whether the user can create models.
*/
public function create(User $user): bool
{
if (Filament::isServing()) {
return true;
}
return true;
}
/**
* Determine whether the user can update the model.
*/
public function update(User $user, Organization $organization): bool
{
if (Filament::isServing()) {
return true;
}
return app(PermissionStore::class)->userHas($organization, $user, 'organizations:update');
}
/**
* Determine whether the user can update team member permissions.
*/
public function updateTeamMember(User $user, Organization $organization): bool
{
if (Filament::isServing()) {
return true;
}
// Note: since this policy is only used for jetstream endpoints, we can return false here
return false;
}
/**
* Determine whether the user can remove team members.
*/
public function removeTeamMember(User $user, Organization $organization): bool
{
if (Filament::isServing()) {
return true;
}
// Note: since this policy is only used for jetstream endpoints that are no longer in use, we can return false here
return false;
}
/**
* Determine whether the user can delete the model.
*/
public function delete(User $user, Organization $organization): bool
{
if (Filament::isServing()) {
return true;
}
return app(PermissionStore::class)->userHas($organization, $user, 'organizations:delete');
}
}

10
app/Providers/AuthServiceProvider.php
View File

@@ -4,14 +4,11 @@ declare(strict_types=1);
namespace App\Providers;
use App\Models\Organization;
use App\Models\Passport\AuthCode;
use App\Models\Passport\Client;
use App\Models\Passport\RefreshToken;
use App\Models\Passport\Token;
use App\Policies\OrganizationPolicy;
use Illuminate\Foundation\Support\Providers\AuthServiceProvider as ServiceProvider;
use Laravel\Jetstream\Jetstream;
use Laravel\Passport\Passport;
class AuthServiceProvider extends ServiceProvider
@@ -22,7 +19,6 @@ class AuthServiceProvider extends ServiceProvider
* @var array<class-string, class-string>
*/
protected $policies = [
Organization::class => OrganizationPolicy::class,
];
/**
@@ -56,11 +52,5 @@ class AuthServiceProvider extends ServiceProvider
// Passport::tokensExpireIn(now()->addDays(15));
// Passport::refreshTokensExpireIn(now()->addDays(30));
Passport::personalAccessTokensExpireIn(now()->addMonths(12));
// same as passport default above
Jetstream::defaultApiTokenPermissions(['read']);
// use passport scopes for jetstream token permissions
Jetstream::permissions(Passport::scopeIds());
}
}

39
app/Providers/FortifyServiceProvider.php
View File

@@ -15,12 +15,13 @@ use Illuminate\Cache\RateLimiting\Limit;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Hash;
use Illuminate\Support\Facades\RateLimiter;
use Illuminate\Support\Facades\Route;
use Illuminate\Support\ServiceProvider;
use Illuminate\Support\Str;
use Inertia\Inertia;
use Laravel\Fortify\Contracts\LoginResponse as LoginResponseContract;
use Laravel\Fortify\Contracts\TwoFactorLoginResponse;
use Laravel\Fortify\Fortify;
use Laravel\Fortify\Http\Responses\LoginResponse;
class FortifyServiceProvider extends ServiceProvider
{
@@ -50,6 +51,40 @@ class FortifyServiceProvider extends ServiceProvider
]);
});
Fortify::loginView(function () {
return Inertia::render('Auth/Login', [
'canResetPassword' => Route::has('password.request'),
'status' => session('status'),
]);
});
Fortify::requestPasswordResetLinkView(function () {
return Inertia::render('Auth/ForgotPassword', [
'status' => session('status'),
]);
});
Fortify::resetPasswordView(function (Request $request) {
return Inertia::render('Auth/ResetPassword', [
'email' => $request->input('email'),
'token' => $request->route('token'),
]);
});
Fortify::verifyEmailView(function () {
return Inertia::render('Auth/VerifyEmail', [
'status' => session('status'),
]);
});
Fortify::twoFactorChallengeView(function () {
return Inertia::render('Auth/TwoFactorChallenge');
});
Fortify::confirmPasswordView(function () {
return Inertia::render('Auth/ConfirmPassword');
});
Fortify::authenticateUsing(function (Request $request): ?User {
/** @var User|null $user */
$user = User::query()
@@ -74,7 +109,7 @@ class FortifyServiceProvider extends ServiceProvider
return Limit::perMinute(5)->by($request->session()->get('login.id'));
});
$this->app->instance(LoginResponse::class, new CustomLoginResponse);
$this->app->instance(LoginResponseContract::class, new CustomLoginResponse);
$this->app->instance(TwoFactorLoginResponse::class, new CustomTwoFactorLoginResponse);
}
}

113
app/Providers/JetstreamServiceProvider.php
View File

@@ -1,113 +0,0 @@
<?php
declare(strict_types=1);
namespace App\Providers;
use App\Actions\Jetstream\AddOrganizationMember;
use App\Actions\Jetstream\CreateOrganization;
use App\Actions\Jetstream\DeleteOrganization;
use App\Actions\Jetstream\DeleteUser;
use App\Actions\Jetstream\InviteOrganizationMember;
use App\Actions\Jetstream\RemoveOrganizationMember;
use App\Actions\Jetstream\UpdateMemberRole;
use App\Actions\Jetstream\UpdateOrganization;
use App\Actions\Jetstream\ValidateOrganizationDeletion;
use App\Enums\Weekday;
use App\Models\Member;
use App\Models\Organization;
use App\Models\OrganizationInvitation;
use App\Models\User;
use App\Service\PermissionStore;
use App\Service\TimezoneService;
use Brick\Money\Currency;
use Brick\Money\ISOCurrencyProvider;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Gate;
use Illuminate\Support\ServiceProvider;
use Laravel\Jetstream\Actions\UpdateTeamMemberRole;
use Laravel\Jetstream\Actions\ValidateTeamDeletion;
use Laravel\Jetstream\Jetstream;
class JetstreamServiceProvider extends ServiceProvider
{
/**
* Register any application services.
*/
public function register(): void
{
//
}
/**
* Bootstrap any application services.
*/
public function boot(): void
{
$this->configurePermissions();
Jetstream::createTeamsUsing(CreateOrganization::class);
Jetstream::updateTeamNamesUsing(UpdateOrganization::class);
Jetstream::addTeamMembersUsing(AddOrganizationMember::class);
Jetstream::inviteTeamMembersUsing(InviteOrganizationMember::class);
Jetstream::removeTeamMembersUsing(RemoveOrganizationMember::class);
Jetstream::deleteTeamsUsing(DeleteOrganization::class);
Jetstream::deleteUsersUsing(DeleteUser::class);
Jetstream::useTeamModel(Organization::class);
Jetstream::useMembershipModel(Member::class);
Jetstream::useTeamInvitationModel(OrganizationInvitation::class);
app()->singleton(UpdateTeamMemberRole::class, UpdateMemberRole::class);
app()->singleton(ValidateTeamDeletion::class, ValidateOrganizationDeletion::class);
Gate::define('removeTeamMember', function (User $user, Organization $team) {
return false;
});
}
/**
* Configure the roles and permissions that are available within the application.
*/
protected function configurePermissions(): void
{
Jetstream::defaultApiTokenPermissions([]);
foreach (PermissionStore::roleDefinitions() as $role => $definition) {
Jetstream::role($role, $definition['name'], $definition['permissions'])
->description($definition['description']);
}
Jetstream::inertia()
->whenRendering(
'Profile/Show',
function (Request $request, array $data): array {
return array_merge($data, [
'timezones' => $this->app->get(TimezoneService::class)->getSelectOptions(),
'weekdays' => Weekday::toSelectArray(),
]);
}
)
->whenRendering(
'Teams/Show',
function (Request $request, array $data): array {
/** @var Organization $teamModel */
$teamModel = $data['team'];
$owner = $teamModel->owner;
return array_merge($data, [
'team' => [
'id' => $teamModel->getKey(),
'name' => $teamModel->name,
'currency' => $teamModel->currency,
'owner' => [
'id' => $owner->getKey(),
'name' => $owner->name,
'profile_photo_url' => $owner->profile_photo_url,
],
],
'currencies' => array_map(function (Currency $currency): string {
return $currency->getName();
}, ISOCurrencyProvider::getInstance()->getAvailableCurrencies()),
]);
}
);
}
}

179
app/Service/Dto/UserAgentDto.php Normal file
View File

@@ -0,0 +1,179 @@
<?php
declare(strict_types=1);
namespace App\Service\Dto;
use Closure;
use Detection\MobileDetect;
/**
* @copyright Originally created by Jens Segers: https://github.com/jenssegers/agent
*/
class UserAgentDto extends MobileDetect
{
/**
* List of additional operating systems.
*
* @var array<string, string>
*/
protected static array $additionalOperatingSystems = [
'Windows' => 'Windows',
'Windows NT' => 'Windows NT',
'OS X' => 'Mac OS X',
'Debian' => 'Debian',
'Ubuntu' => 'Ubuntu',
'Macintosh' => 'PPC',
'OpenBSD' => 'OpenBSD',
'Linux' => 'Linux',
'ChromeOS' => 'CrOS',
];
/**
* List of additional browsers.
*
* @var array<string, string>
*/
protected static array $additionalBrowsers = [
'Opera Mini' => 'Opera Mini',
'Opera' => 'Opera|OPR',
'Edge' => 'Edge|Edg',
'Coc Coc' => 'coc_coc_browser',
'UCBrowser' => 'UCBrowser',
'Vivaldi' => 'Vivaldi',
'Chrome' => 'Chrome',
'Firefox' => 'Firefox',
'Safari' => 'Safari',
'IE' => 'MSIE|IEMobile|MSIEMobile|Trident/[.0-9]+',
'Netscape' => 'Netscape',
'Mozilla' => 'Mozilla',
'WeChat' => 'MicroMessenger',
];
/**
* Key value store for resolved strings.
*
* @var array<string, mixed>
*/
protected array $store = [];
/**
* Get the platform name from the User Agent.
*/
public function platform(): ?string
{
return $this->retrieveUsingCacheOrResolve('platform', function () {
return $this->findDetectionRulesAgainstUserAgent(
$this->mergeRules(MobileDetect::getOperatingSystems(), static::$additionalOperatingSystems)
);
});
}
/**
* Get the browser name from the User Agent.
*/
public function browser(): ?string
{
return $this->retrieveUsingCacheOrResolve('browser', function (): ?string {
return $this->findDetectionRulesAgainstUserAgent(
$this->mergeRules(static::$additionalBrowsers, MobileDetect::getBrowsers())
);
});
}
/**
* Determine if the device is a desktop computer.
*/
public function isDesktop(): bool
{
return $this->retrieveUsingCacheOrResolve('desktop', function (): bool {
// Check specifically for cloudfront headers if the useragent === 'Amazon CloudFront'
if (
$this->getUserAgent() === static::$cloudFrontUA
&& $this->getHttpHeader('HTTP_CLOUDFRONT_IS_DESKTOP_VIEWER') === 'true'
) {
return true;
}
return ! $this->isMobile() && ! $this->isTablet();
});
}
/**
* Match a detection rule and return the matched key.
*
* @param array<string, string|list<string>> $rules
*/
protected function findDetectionRulesAgainstUserAgent(array $rules): ?string
{
$userAgent = $this->getUserAgent();
foreach ($rules as $key => $regex) {
if (is_array($regex)) {
$regex = implode('|', $regex);
}
if (empty($regex)) {
continue;
}
if ($this->match($regex, $userAgent)) {
if ($key !== '') {
return $key;
}
$match = reset($this->matchesArray);
return is_string($match) ? $match : null;
}
}
return null;
}
/**
* Retrieve from the given key from the cache or resolve the value.
*
* @template TReturn of string|bool|null
*
* @param Closure():TReturn $callback
* @return TReturn
*/
protected function retrieveUsingCacheOrResolve(string $key, Closure $callback): string|bool|null
{
$cacheKey = $this->createCacheKey($key);
if (! is_null($cacheItem = $this->store[$cacheKey] ?? null)) {
return $cacheItem;
}
return tap(call_user_func($callback), function ($result) use ($cacheKey): void {
$this->store[$cacheKey] = $result;
});
}
/**
* Merge multiple rules into one array.
*
* @param array<string, string|list<string>> ...$all
* @return array<string, string>
*/
protected function mergeRules(array ...$all): array
{
$merged = [];
foreach ($all as $rules) {
foreach ($rules as $key => $value) {
$value = is_array($value) ? implode('|', $value) : $value;
if (empty($merged[$key])) {
$merged[$key] = $value;
} else {
$merged[$key] .= '|'.$value;
}
}
}
return $merged;
}
}

6
app/Service/InvitationService.php
View File

@@ -5,6 +5,7 @@ declare(strict_types=1);
namespace App\Service;
use App\Enums\Role;
use App\Events\OrganizationInvitationAdding;
use App\Exceptions\Api\InvitationForTheEmailAlreadyExistsApiException;
use App\Exceptions\Api\UserIsAlreadyMemberOfOrganizationApiException;
use App\Mail\OrganizationInvitationMail;
@@ -14,14 +15,13 @@ use App\Models\User;
use Illuminate\Support\Collection;
use Illuminate\Support\Facades\Log;
use Illuminate\Support\Facades\Mail;
use Laravel\Jetstream\Events\InvitingTeamMember;
class InvitationService
{
/**
* @throws UserIsAlreadyMemberOfOrganizationApiException|InvitationForTheEmailAlreadyExistsApiException
*/
public function inviteUser(Organization $organization, string $email, Role $role): OrganizationInvitation
public function inviteUser(Organization $organization, string $email, Role $role, User $inviter): OrganizationInvitation
{
if (app(MemberService::class)->isEmailAlreadyMember($organization, $email)) {
throw new UserIsAlreadyMemberOfOrganizationApiException;
@@ -34,7 +34,7 @@ class InvitationService
throw new InvitationForTheEmailAlreadyExistsApiException;
}
InvitingTeamMember::dispatch($organization, $email, $role->value);
OrganizationInvitationAdding::dispatch($organization, $email, $role, $inviter);
$invitation = new OrganizationInvitation;
$invitation->email = $email;

4
app/Service/MemberService.php
View File

@@ -23,8 +23,6 @@ use App\Models\User;
use Illuminate\Database\Eloquent\Builder;
use Illuminate\Support\Facades\DB;
use InvalidArgumentException;
use Laravel\Jetstream\Events\AddingTeamMember;
use Laravel\Jetstream\Events\TeamMemberAdded;
class MemberService
{
@@ -39,7 +37,6 @@ class MemberService
{
if (! $asSuperAdmin) {
MemberAdding::dispatch($user, $organization, $role);
AddingTeamMember::dispatch($organization, $user); // Legacy event
}
$member = new Member;
@@ -56,7 +53,6 @@ class MemberService
if (! $asSuperAdmin) {
MemberAdded::dispatch($member, $organization, $user);
TeamMemberAdded::dispatch($organization, $user); // Legacy event
}
return $member;

1
app/Service/UserService.php
View File

@@ -62,6 +62,7 @@ class UserService
$intervalFormat,
$timeFormat,
);
$this->switchCurrentOrganization($user, $organization);
}
return $user;

6
composer.json
View File

@@ -18,8 +18,8 @@
"korridor/laravel-computed-attributes": "^3.1",
"korridor/laravel-has-many-sync": "^3.1",
"korridor/laravel-model-validation-rules": "^3.0",
"laravel/fortify": "^1.37",
"laravel/framework": "^12.19.3",
"laravel/jetstream": "^5.0",
"laravel/octane": "^2.3",
"laravel/passport": "^13.0.5",
"laravel/tinker": "^2.8",
@@ -27,6 +27,7 @@
"league/flysystem-aws-s3-v3": "^3.0",
"league/iso3166": "^4.3",
"maatwebsite/excel": "^3.1",
"mobiledetect/mobiledetectlib": "^4.11",
"novadaemon/filament-pretty-json": "^2.2",
"nwidart/laravel-modules": "^12.0.4",
"owen-it/laravel-auditing": "^14.0.0",
@@ -131,7 +132,8 @@
"pestphp/pest-plugin": true,
"php-http/discovery": true,
"wikimedia/composer-merge-plugin": true
}
},
"process-timeout": 900
},
"minimum-stability": "stable",
"prefer-stable": true

92
composer.lock generated
View File

@@ -4,7 +4,7 @@
"Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies",
"This file is @generated automatically"
],
"content-hash": "4c728f01d2beb426b2d157143618fdae",
"content-hash": "897ca7bc13f827db641f7affa54a8523",
"packages": [
{
"name": "anourvalar/eloquent-serialize",
@@ -4413,72 +4413,6 @@
},
"time": "2026-05-20T11:48:19+00:00"
},
{
"name": "laravel/jetstream",
"version": "v5.5.3",
"source": {
"type": "git",
"url": "https://github.com/laravel/jetstream.git",
"reference": "61cac5cde455311890f6981fb2da47acd298e4e2"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/laravel/jetstream/zipball/61cac5cde455311890f6981fb2da47acd298e4e2",
"reference": "61cac5cde455311890f6981fb2da47acd298e4e2",
"shasum": ""
},
"require": {
"ext-json": "*",
"illuminate/console": "^11.0|^12.0|^13.0",
"illuminate/support": "^11.0|^12.0|^13.0",
"laravel/fortify": "^1.20",
"mobiledetect/mobiledetectlib": "^4.8.08",
"php": "^8.2.0",
"symfony/console": "^7.0|^8.0"
},
"require-dev": {
"inertiajs/inertia-laravel": "^2.0",
"laravel/sanctum": "^4.0",
"livewire/livewire": "^3.3",
"mockery/mockery": "^1.0",
"orchestra/testbench": "^9.15|^10.8|^11.0",
"phpstan/phpstan": "^1.10"
},
"type": "library",
"extra": {
"laravel": {
"providers": [
"Laravel\\Jetstream\\JetstreamServiceProvider"
]
}
},
"autoload": {
"psr-4": {
"Laravel\\Jetstream\\": "src/"
}
},
"notification-url": "https://packagist.org/downloads/",
"license": [
"MIT"
],
"authors": [
{
"name": "Taylor Otwell",
"email": "taylor@laravel.com"
}
],
"description": "Tailwind scaffolding for the Laravel framework.",
"keywords": [
"auth",
"laravel",
"tailwind"
],
"support": {
"issues": "https://github.com/laravel/jetstream/issues",
"source": "https://github.com/laravel/jetstream"
},
"time": "2026-05-19T01:30:03+00:00"
},
{
"name": "laravel/octane",
"version": "v2.17.4",
@@ -6445,16 +6379,16 @@
},
{
"name": "mobiledetect/mobiledetectlib",
"version": "4.10.0",
"version": "4.11.0",
"source": {
"type": "git",
"url": "https://github.com/serbanghita/Mobile-Detect.git",
"reference": "1473bd9d6aa40158f75f1e05116e6dd081148b2c"
"reference": "ab39168b7556f44c11c80be1222b44b239f5c2e4"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/serbanghita/Mobile-Detect/zipball/1473bd9d6aa40158f75f1e05116e6dd081148b2c",
"reference": "1473bd9d6aa40158f75f1e05116e6dd081148b2c",
"url": "https://api.github.com/repos/serbanghita/Mobile-Detect/zipball/ab39168b7556f44c11c80be1222b44b239f5c2e4",
"reference": "ab39168b7556f44c11c80be1222b44b239f5c2e4",
"shasum": ""
},
"require": {
@@ -6497,7 +6431,7 @@
],
"support": {
"issues": "https://github.com/serbanghita/Mobile-Detect/issues",
"source": "https://github.com/serbanghita/Mobile-Detect/tree/4.10.0"
"source": "https://github.com/serbanghita/Mobile-Detect/tree/4.11.0"
},
"funding": [
{
@@ -6505,7 +6439,7 @@
"type": "github"
}
],
"time": "2026-04-23T13:05:57+00:00"
"time": "2026-05-24T12:32:40+00:00"
},
{
"name": "monolog/monolog",
@@ -13803,16 +13737,16 @@
},
{
"name": "web-auth/webauthn-lib",
"version": "5.3.3",
"version": "5.3.5",
"source": {
"type": "git",
"url": "https://github.com/web-auth/webauthn-lib.git",
"reference": "e6f656d6c6b29fa305382fe6a0a3be8177d177df"
"reference": "9e0986d999f4102e24ac8a598d3a80d98b56c19f"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/web-auth/webauthn-lib/zipball/e6f656d6c6b29fa305382fe6a0a3be8177d177df",
"reference": "e6f656d6c6b29fa305382fe6a0a3be8177d177df",
"url": "https://api.github.com/repos/web-auth/webauthn-lib/zipball/9e0986d999f4102e24ac8a598d3a80d98b56c19f",
"reference": "9e0986d999f4102e24ac8a598d3a80d98b56c19f",
"shasum": ""
},
"require": {
@@ -13873,7 +13807,7 @@
"webauthn"
],
"support": {
"source": "https://github.com/web-auth/webauthn-lib/tree/5.3.3"
"source": "https://github.com/web-auth/webauthn-lib/tree/5.3.5"
},
"funding": [
{
@@ -13885,7 +13819,7 @@
"type": "patreon"
}
],
"time": "2026-05-17T19:04:30+00:00"
"time": "2026-05-31T15:00:08+00:00"
},
{
"name": "webmozart/assert",

2
config/app.php
View File

@@ -12,7 +12,6 @@ use App\Providers\AuthServiceProvider;
use App\Providers\EventServiceProvider;
use App\Providers\Filament\AdminPanelProvider;
use App\Providers\FortifyServiceProvider;
use App\Providers\JetstreamServiceProvider;
use App\Providers\RouteServiceProvider;
use Illuminate\Support\Facades\Facade;
use Illuminate\Support\ServiceProvider;
@@ -203,7 +202,6 @@ return [
AdminPanelProvider::class,
RouteServiceProvider::class,
FortifyServiceProvider::class,
JetstreamServiceProvider::class,
// Warning: Do not add TelescopeServiceProvider here since it is already conditionally registered in AppServiceProvider
LaravelModulesServiceProvider::class,
])->toArray(),

82
config/jetstream.php
View File

@@ -1,82 +0,0 @@
<?php
declare(strict_types=1);
use Laravel\Jetstream\Features;
use Laravel\Jetstream\Http\Middleware\AuthenticateSession;
return [
/*
|--------------------------------------------------------------------------
| Jetstream Stack
|--------------------------------------------------------------------------
|
| This configuration value informs Jetstream which "stack" you will be
| using for your application. In general, this value is set for you
| during installation and will not need to be changed after that.
|
*/
'stack' => 'inertia',
/*
|--------------------------------------------------------------------------
| Jetstream Route Middleware
|--------------------------------------------------------------------------
|
| Here you may specify which middleware Jetstream will assign to the routes
| that it registers with the application. When necessary, you may modify
| these middleware; however, this default value is usually sufficient.
|
*/
'middleware' => ['web'],
'auth_session' => AuthenticateSession::class,
/*
|--------------------------------------------------------------------------
| Jetstream Guard
|--------------------------------------------------------------------------
|
| Here you may specify the authentication guard Jetstream will use while
| authenticating users. This value should correspond with one of your
| guards that is already present in your "auth" configuration file.
|
*/
'guard' => 'web',
/*
|--------------------------------------------------------------------------
| Features
|--------------------------------------------------------------------------
|
| Some of Jetstream's features are optional. You may disable the features
| by removing them from this array. You're free to only remove some of
| these features or you can even remove all of these if you need to.
|
*/
'features' => [
Features::termsAndPrivacyPolicy(),
Features::profilePhotos(),
Features::teams(['invitations' => true]),
Features::accountDeletion(),
],
/*
|--------------------------------------------------------------------------
| Profile Photo Disk
|--------------------------------------------------------------------------
|
| This configuration value determines the default disk that will be used
| when storing profile photos for your application's users. Typically
| this will be the "public" disk but you may adjust this if needed.
|
*/
'profile_photo_disk' => env('PROFILE_PHOTO_DISK', env('PUBLIC_FILESYSTEM_DISK', 'public')),
];

2
database/factories/UserFactory.php
View File

@@ -94,7 +94,7 @@ class UserFactory extends Factory
$profilePhoto = $this->faker->image(null, 500, 500);
/** @see FileHelpers::hashName */
$path = 'profile-photos/'.Str::random(40).'.png';
Storage::disk(config('jetstream.profile_photo_disk', 'public'))->put($path, $profilePhoto);
Storage::disk(config('filesystems.public'))->put($path, $profilePhoto);
return $this->state(function (array $attributes) use ($path): array {
return [

16
e2e/calendar.spec.ts
View File

@@ -12,7 +12,7 @@ import {
createRunningTimeEntryWithStartViaApi,
createTaskViaApi,
createProjectWithClientViaApi,
updateUserProfileViaWeb,
updateUserProfileViaApi,
updateOrganizationSettingViaApi,
} from './utils/api';
@@ -1803,28 +1803,22 @@ test.describe('Click-Drag Selection to Create', () => {
// =============================================
test.describe('Timezone & Localization', () => {
test('week start day: monday shows Mon as first column', async ({ page }) => {
// Navigate to calendar first to load Inertia page props
test('week start day: monday shows Mon as first column', async ({ page, ctx }) => {
await updateUserProfileViaApi(ctx, { week_start: 'monday' });
await goToCalendar(page);
await updateUserProfileViaWeb(page, { week_start: 'monday' });
await page.reload();
await expect(page.locator('.fc')).toBeVisible();
const firstHeader = page.locator('.fc-col-header-cell').first();
await expect(firstHeader).toContainText('Mon');
});
test('week start day: sunday shows Sun as first column', async ({ page }) => {
test('week start day: sunday shows Sun as first column', async ({ page, ctx }) => {
await updateUserProfileViaApi(ctx, { week_start: 'sunday' });
await goToCalendar(page);
await updateUserProfileViaWeb(page, { week_start: 'sunday' });
await page.reload();
await expect(page.locator('.fc')).toBeVisible();
const firstHeader = page.locator('.fc-col-header-cell').first();
await expect(firstHeader).toContainText('Sun');
// Reset to monday for other tests
await updateUserProfileViaWeb(page, { week_start: 'monday' });
});
test('12-hour time format shows AM/PM on slot labels', async ({ page, ctx }) => {

4
e2e/command-palette.spec.ts
View File

@@ -348,7 +348,7 @@ test.describe('Command Palette', () => {
const newOrgName = 'TestOrg' + Math.floor(Math.random() * 10000);
// Create a new organization
await page.goto(PLAYWRIGHT_BASE_URL + '/teams/create');
await page.goto(PLAYWRIGHT_BASE_URL + '/organizations/create');
await page.getByLabel('Organization Name').fill(newOrgName);
await page.getByRole('button', { name: 'Create' }).click();
@@ -393,7 +393,7 @@ test.describe('Command Palette', () => {
const newOrgName = 'GroupTestOrg' + Math.floor(Math.random() * 10000);
// Create a new organization to ensure we have multiple
await page.goto(PLAYWRIGHT_BASE_URL + '/teams/create');
await page.goto(PLAYWRIGHT_BASE_URL + '/organizations/create');
await page.getByLabel('Organization Name').fill(newOrgName);
await page.getByRole('button', { name: 'Create' }).click();
await expect(page.getByTestId('dashboard_view')).toBeVisible({ timeout: 10000 });

176
e2e/organization.spec.ts
View File

@@ -36,13 +36,52 @@ async function createTimeEntry(page, duration: string) {
test('test that organization name can be updated', async ({ page }) => {
await goToOrganizationSettings(page);
await page.getByLabel('Organization Name').fill('NEW ORG NAME');
await page.getByLabel('Organization Name').press('Enter');
await page.getByLabel('Organization Name').press('Meta+r');
await Promise.all([
page.waitForResponse(
(response) =>
response.url().includes('/api/v1/organizations/') &&
response.request().method() === 'PUT' &&
response.status() === 200
),
page
.locator('form')
.filter({ hasText: 'Organization Name' })
.getByRole('button', { name: 'Save' })
.click(),
]);
await page.reload();
await expect(page.locator('[data-testid="organization_switcher"]:visible')).toContainText(
'NEW ORG NAME'
);
});
test('test that organization currency can be updated', async ({ page }) => {
await goToOrganizationSettings(page);
await page.getByLabel('Currency', { exact: true }).selectOption('USD');
await Promise.all([
page.waitForRequest(
(request) =>
request.url().includes('/api/v1/organizations/') &&
request.method() === 'PUT' &&
request.postDataJSON().currency === 'USD'
),
page.waitForResponse(
async (response) =>
response.url().includes('/api/v1/organizations/') &&
response.request().method() === 'PUT' &&
response.status() === 200 &&
(await response.json()).data.currency === 'USD'
),
page
.locator('form')
.filter({ hasText: 'Organization Name' })
.getByRole('button', { name: 'Save' })
.click(),
]);
await page.reload();
await expect(page.getByLabel('Currency', { exact: true })).toHaveValue('USD');
});
test('test that organization billable rate can be updated with all existing time entries', async ({
page,
}) => {
@@ -369,13 +408,130 @@ test('test that format settings persist after page reload', async ({ page }) =>
await expect(page.getByLabel('Date Format')).toContainText('DD/MM/YYYY');
});
// =============================================
// Create, Delete & Switch
// =============================================
test.describe('Organization Create, Delete & Switch', () => {
async function createOrganization(page, name: string) {
await page.goto(PLAYWRIGHT_BASE_URL + '/organizations/create');
await page.getByLabel('Organization Name').fill(name);
await Promise.all([
page.waitForResponse(
(response) =>
response.url().includes('/api/v1/organizations') &&
response.request().method() === 'POST' &&
response.status() === 201
),
page.getByRole('button', { name: 'Create' }).click(),
]);
// The backend switches the current organization to the new one and the
// frontend reloads into its dashboard.
await expect(page.getByTestId('dashboard_view')).toBeVisible({ timeout: 10000 });
}
test('can create a new organization and switches to it automatically', async ({ page }) => {
const newOrgName = 'CreateOrg' + Math.floor(Math.random() * 100000);
await createOrganization(page, newOrgName);
await expect(page.locator('[data-testid="organization_switcher"]:visible')).toContainText(
newOrgName
);
});
test('does not create an organization when the name is empty', async ({ page }) => {
await page.goto(PLAYWRIGHT_BASE_URL + '/organizations/create');
// The form posts to the API, which rejects the empty name with a 422.
await Promise.all([
page.waitForResponse(
(response) =>
response.url().includes('/api/v1/organizations') &&
response.request().method() === 'POST' &&
response.status() === 422
),
page.getByRole('button', { name: 'Create' }).click(),
]);
// Validation failed, so we stay on the create form and never reach a
// dashboard. Assert on the form rather than the URL.
await expect(page.getByText('Organization Details')).toBeVisible();
await expect(page.getByRole('alert')).toContainText('The name field is required.');
await expect(page.getByLabel('Organization Name')).toHaveAttribute('aria-invalid', 'true');
await expect(page.getByTestId('dashboard_view')).toHaveCount(0);
});
test('can delete an organization', async ({ page }) => {
// Create a throwaway organization so the primary one is never deleted.
const orgName = 'DeleteOrg' + Math.floor(Math.random() * 100000);
await createOrganization(page, orgName);
// Open the (now current) throwaway organization's settings.
await goToOrganizationSettings(page);
// Open the confirmation modal, then confirm inside the dialog.
await page.getByRole('button', { name: 'Delete Organization' }).click();
await Promise.all([
page.waitForResponse(
(response) =>
response.url().includes('/api/v1/organizations') &&
response.request().method() === 'DELETE' &&
response.status() === 204
),
page.getByRole('dialog').getByRole('button', { name: 'Delete Organization' }).click(),
]);
// We are redirected to the dashboard of a different organization.
await expect(page.getByTestId('dashboard_view')).toBeVisible({ timeout: 10000 });
await expect(
page.locator('[data-testid="organization_switcher"]:visible')
).not.toContainText(orgName);
});
test('can switch the current organization via the organization switcher', async ({ page }) => {
await page.goto(PLAYWRIGHT_BASE_URL + '/dashboard');
const orgSwitcher = page.locator('[data-testid="organization_switcher"]:visible');
await expect(orgSwitcher).toBeVisible();
const previousOrgNameLines = (await orgSwitcher.innerText())
.split('\n')
.map((line) => line.trim())
.filter(Boolean);
const previousOrgName = previousOrgNameLines[previousOrgNameLines.length - 1];
// Ensure there are at least two organizations to switch between.
const orgName = 'SwitchOrg' + Math.floor(Math.random() * 100000);
await createOrganization(page, orgName);
await expect(orgSwitcher).toContainText(orgName);
// Open the switcher and pick a different organization.
await orgSwitcher.click();
await expect(page.getByText('Switch Organizations')).toBeVisible();
const otherOrgButton = page.getByRole('menuitem', { name: previousOrgName });
await expect(otherOrgButton).toBeVisible();
await Promise.all([
page.waitForResponse(
(response) =>
response.url().includes('/users/me/current-organization') &&
response.request().method() === 'PUT' &&
response.status() === 200
),
otherOrgButton.click(),
]);
await expect(orgSwitcher).not.toContainText(orgName, { timeout: 10000 });
await expect(orgSwitcher).toContainText(previousOrgName, { timeout: 10000 });
});
});
// =============================================
// Admin Permission Tests
// =============================================
test.describe('Admin Organization Settings Access', () => {
test('admin can see and edit organization settings', async ({ ctx, admin }) => {
await admin.page.goto(PLAYWRIGHT_BASE_URL + '/teams/' + ctx.orgId);
await admin.page.goto(PLAYWRIGHT_BASE_URL + '/organizations/' + ctx.orgId);
// Organization Name section is visible
await expect(
@@ -396,6 +552,9 @@ test.describe('Admin Organization Settings Access', () => {
// Save buttons should be visible (admin can update)
await expect(admin.page.getByRole('button', { name: 'Save' }).first()).toBeVisible();
// The Organization Name input is editable (admin can update)
await expect(admin.page.getByLabel('Organization Name')).toBeEnabled();
// Delete organization should NOT be visible (owner only)
await expect(
admin.page.getByRole('heading', { name: 'Delete Organization' })
@@ -409,13 +568,17 @@ test.describe('Admin Organization Settings Access', () => {
test.describe('Employee Organization Settings Restrictions', () => {
test('employee can see org name but not editable settings', async ({ ctx, employee }) => {
await employee.page.goto(PLAYWRIGHT_BASE_URL + '/teams/' + ctx.orgId);
await employee.page.goto(PLAYWRIGHT_BASE_URL + '/organizations/' + ctx.orgId);
// Organization Name section is visible (but inputs are disabled)
await expect(
employee.page.getByRole('heading', { name: 'Organization Name', level: 3 })
).toBeVisible({ timeout: 10000 });
// The name and currency inputs are rendered but disabled (employee cannot update)
await expect(employee.page.getByLabel('Organization Name')).toBeDisabled();
await expect(employee.page.getByLabel('Currency')).toBeDisabled();
// Editable settings sections should NOT be visible
await expect(
employee.page.getByRole('heading', { name: 'Billable Rate', level: 3 })
@@ -429,5 +592,10 @@ test.describe('Employee Organization Settings Restrictions', () => {
// Save button should not be visible (employee cannot update)
await expect(employee.page.getByRole('button', { name: 'Save' })).not.toBeVisible();
// Delete organization should NOT be visible (owner only)
await expect(
employee.page.getByRole('heading', { name: 'Delete Organization' })
).not.toBeVisible();
});
});

192
e2e/two-factor.spec.ts Normal file
View File

@@ -0,0 +1,192 @@
import { test, expect } from '../playwright/fixtures';
import { PLAYWRIGHT_BASE_URL, TEST_USER_PASSWORD } from '../playwright/config';
import { generateTotpCode, generateInvalidTotpCode } from './utils/totp';
import type { Page } from '@playwright/test';
async function goToProfilePage(page: Page) {
await page.goto(PLAYWRIGHT_BASE_URL + '/user/profile');
}
/**
* ConfirmsPassword only opens the dialog when the password has not been
* confirmed recently, so fill it only when it actually shows up.
*/
async function confirmPasswordIfPrompted(page: Page) {
const dialog = page.getByRole('dialog');
const appeared = await dialog
.waitFor({ state: 'visible', timeout: 2500 })
.then(() => true)
.catch(() => false);
if (appeared) {
await dialog.getByPlaceholder('Password').fill(TEST_USER_PASSWORD);
await dialog.getByRole('button', { name: 'Confirm' }).click();
await expect(dialog).not.toBeVisible();
}
}
/**
* Enables 2FA from the profile page and returns the TOTP secret (setup key)
* and the recovery codes fetched right after enabling.
*/
async function enableTwoFactor(page: Page): Promise<{ secret: string; recoveryCodes: string[] }> {
await goToProfilePage(page);
await page
.getByText('You have not enabled two factor authentication.')
.locator('..')
.getByRole('button', { name: 'Enable' })
.click();
const dialog = page.getByRole('dialog');
await expect(dialog).toBeVisible();
const recoveryCodesResponse = page.waitForResponse(
(response) =>
response.url().includes('/user/two-factor-recovery-codes') &&
response.request().method() === 'GET'
);
await dialog.getByPlaceholder('Password').fill(TEST_USER_PASSWORD);
await dialog.getByRole('button', { name: 'Confirm' }).click();
await expect(page.getByRole('heading', { name: 'Finish enabling two factor' })).toBeVisible();
const recoveryCodes: string[] = await (await recoveryCodesResponse).json();
const setupKeyText = await page.getByText('Setup Key:').textContent();
const secret = setupKeyText!.replace('Setup Key:', '').trim();
expect(secret.length).toBeGreaterThan(0);
return { secret, recoveryCodes };
}
/**
* Confirms a freshly enabled 2FA setup with a valid TOTP code.
*/
async function confirmTwoFactor(page: Page, secret: string) {
await page.getByLabel('Code').fill(generateTotpCode(secret));
await page.getByRole('button', { name: 'Confirm', exact: true }).click();
await confirmPasswordIfPrompted(page);
await expect(page.getByText('You have enabled two factor authentication.')).toBeVisible();
}
async function logout(page: Page) {
await page.getByTestId('current_user_button').click();
await page.getByText('Log Out', { exact: true }).click();
await page.waitForURL(PLAYWRIGHT_BASE_URL + '/login');
}
/**
* Reads the email of the current user from the profile form, waiting until
* the user query has populated it.
*/
async function getProfileEmail(page: Page): Promise<string> {
await goToProfilePage(page);
const emailInput = page.getByLabel('Email', { exact: true });
await expect(emailInput).toHaveValue(/@/);
return await emailInput.inputValue();
}
async function loginUntilTwoFactorChallenge(page: Page, email: string) {
await page.goto(PLAYWRIGHT_BASE_URL + '/login');
await page.getByLabel('Email').fill(email);
await page.getByLabel('Password').fill(TEST_USER_PASSWORD);
await page.getByRole('button', { name: 'Log in' }).click();
await page.waitForURL(PLAYWRIGHT_BASE_URL + '/two-factor-challenge');
}
test('test that 2FA can be confirmed with a TOTP code and shows recovery codes', async ({
page,
}) => {
const { secret, recoveryCodes } = await enableTwoFactor(page);
await confirmTwoFactor(page, secret);
await expect(page.getByText('Store these recovery codes')).toBeVisible();
expect(recoveryCodes.length).toBeGreaterThan(0);
for (const code of recoveryCodes) {
await expect(page.getByText(code)).toBeVisible();
}
// The confirmed state survives a reload
await page.reload();
await expect(page.getByText('You have enabled two factor authentication.')).toBeVisible();
});
test('test that 2FA confirmation fails with an invalid TOTP code', async ({ page }) => {
const { secret } = await enableTwoFactor(page);
await page.getByLabel('Code').fill(generateInvalidTotpCode(secret));
await page.getByRole('button', { name: 'Confirm', exact: true }).click();
await confirmPasswordIfPrompted(page);
await expect(page.getByRole('alert')).toContainText(
'The provided two factor authentication code was invalid.'
);
await expect(page.getByRole('heading', { name: 'Finish enabling two factor' })).toBeVisible();
});
test('test that recovery codes can be regenerated', async ({ page }) => {
const { secret, recoveryCodes } = await enableTwoFactor(page);
await confirmTwoFactor(page, secret);
const newCodesResponse = page.waitForResponse(
(response) =>
response.url().includes('/user/two-factor-recovery-codes') &&
response.request().method() === 'GET'
);
await page.getByRole('button', { name: 'Regenerate Recovery Codes' }).click();
await confirmPasswordIfPrompted(page);
const newCodes: string[] = await (await newCodesResponse).json();
expect(newCodes).not.toEqual(recoveryCodes);
await expect(page.getByText(newCodes[0])).toBeVisible();
await expect(page.getByText(recoveryCodes[0])).not.toBeVisible();
});
test('test that 2FA can be disabled', async ({ page }) => {
const { secret } = await enableTwoFactor(page);
await confirmTwoFactor(page, secret);
await page.getByRole('button', { name: 'Disable' }).click();
await confirmPasswordIfPrompted(page);
await expect(page.getByText('You have not enabled two factor authentication.')).toBeVisible();
// The disabled state survives a reload
await page.reload();
await expect(page.getByText('You have not enabled two factor authentication.')).toBeVisible();
});
test('test that login challenges for a TOTP code and rejects an invalid code', async ({ page }) => {
const email = await getProfileEmail(page);
const { secret } = await enableTwoFactor(page);
await confirmTwoFactor(page, secret);
await logout(page);
await loginUntilTwoFactorChallenge(page, email);
await page.getByLabel('Code').fill(generateInvalidTotpCode(secret));
await page.getByRole('button', { name: 'Log in' }).click();
await expect(page.getByRole('alert')).toContainText(
'The provided two factor authentication code was invalid.'
);
// Fortify rejects replayed codes, and the current window's code was
// already consumed when confirming the setup — use the next window's
// code, which the +/- 1 step verification window also accepts.
await page.getByLabel('Code').fill(generateTotpCode(secret, Date.now() + 30_000));
await page.getByRole('button', { name: 'Log in' }).click();
await expect(page.getByTestId('dashboard_view')).toBeVisible();
});
test('test that login works with a recovery code', async ({ page }) => {
const email = await getProfileEmail(page);
const { secret, recoveryCodes } = await enableTwoFactor(page);
await confirmTwoFactor(page, secret);
await logout(page);
await loginUntilTwoFactorChallenge(page, email);
await page.getByRole('button', { name: 'Use a recovery code' }).click();
await page.getByLabel('Recovery Code').fill(recoveryCodes[0]);
await page.getByRole('button', { name: 'Log in' }).click();
await expect(page.getByTestId('dashboard_view')).toBeVisible();
});

67
e2e/utils/api.ts
View File

@@ -641,10 +641,13 @@ export async function updateOrganizationCurrencyViaWeb(
const xsrfCookie = cookies.find((c) => c.name === 'XSRF-TOKEN');
const xsrfToken = xsrfCookie ? decodeURIComponent(xsrfCookie.value) : '';
const response = await page.request.put(`${PLAYWRIGHT_BASE_URL}/teams/${ctx.orgId}`, {
headers: { 'X-XSRF-TOKEN': xsrfToken },
data: { name, currency },
});
const response = await page.request.put(
`${PLAYWRIGHT_BASE_URL}/api/v1/organizations/${ctx.orgId}`,
{
headers: { 'X-XSRF-TOKEN': xsrfToken },
data: { name, currency },
}
);
expect(response.status()).toBe(200);
}
@@ -801,53 +804,23 @@ export async function getCurrentUserViaApi(ctx: TestContext) {
};
}
export async function updateUserProfileViaWeb(
page: Page,
export async function updateUserProfileViaApi(
ctx: TestContext,
settings: { timezone?: string; week_start?: string }
) {
// Read user info from Inertia's data-page attribute on the root element
const userInfo = await page.evaluate(() => {
// Try Inertia's data-page attribute (stores initial page props as JSON)
const appEl = document.getElementById('app');
if (appEl) {
const dataPage = appEl.getAttribute('data-page');
if (dataPage) {
try {
const parsed = JSON.parse(dataPage);
const user = parsed?.props?.auth?.user;
if (user) {
return {
name: user.name,
email: user.email,
timezone: user.timezone,
week_start: user.week_start,
};
}
} catch {
// JSON parse failed
}
}
}
return null;
});
if (!userInfo) throw new Error('Could not read user info from Inertia data-page attribute');
const user = await getCurrentUserViaApi(ctx);
const cookies = await page.context().cookies();
const xsrfCookie = cookies.find((c) => c.name === 'XSRF-TOKEN');
const xsrfToken = xsrfCookie ? decodeURIComponent(xsrfCookie.value) : '';
// Only send the fields under test; the endpoint leaves omitted fields untouched.
const data: Record<string, string> = {};
if (settings.timezone !== undefined) {
data.timezone = settings.timezone;
}
if (settings.week_start !== undefined) {
data.week_start = settings.week_start;
}
const response = await page.request.put(`${PLAYWRIGHT_BASE_URL}/user/profile-information`, {
headers: {
'X-XSRF-TOKEN': xsrfToken,
'Content-Type': 'application/json',
Accept: 'application/json',
},
data: {
name: userInfo.name,
email: userInfo.email,
timezone: settings.timezone ?? userInfo.timezone,
week_start: settings.week_start ?? userInfo.week_start,
},
const response = await ctx.request.put(`${PLAYWRIGHT_BASE_URL}/api/v1/users/${user.id}`, {
data,
});
expect(response.status()).toBe(200);
}

58
e2e/utils/totp.ts Normal file
View File

@@ -0,0 +1,58 @@
import { createHmac } from 'node:crypto';
const BASE32_ALPHABET = 'ABCDEFGHIJKLMNOPQRSTUVWXYZ234567';
function base32Decode(input: string): Buffer {
const normalized = input
.toUpperCase()
.replace(/=+$/, '')
.replace(/[^A-Z2-7]/g, '');
let bits = 0;
let value = 0;
const bytes: number[] = [];
for (const char of normalized) {
value = (value << 5) | BASE32_ALPHABET.indexOf(char);
bits += 5;
if (bits >= 8) {
bytes.push((value >>> (bits - 8)) & 0xff);
bits -= 8;
}
}
return Buffer.from(bytes);
}
/**
* Generates a 6-digit TOTP code (RFC 6238, SHA-1, 30 second period) for the
* given base32 secret — the "Setup Key" shown while enabling 2FA.
*/
export function generateTotpCode(base32Secret: string, atMs: number = Date.now()): string {
const counter = Math.floor(atMs / 1000 / 30);
const counterBuffer = Buffer.alloc(8);
counterBuffer.writeBigUInt64BE(BigInt(counter));
const digest = createHmac('sha1', base32Decode(base32Secret)).update(counterBuffer).digest();
const offset = digest[digest.length - 1] & 0x0f;
const code =
((digest[offset] & 0x7f) << 24) |
((digest[offset + 1] & 0xff) << 16) |
((digest[offset + 2] & 0xff) << 8) |
(digest[offset + 3] & 0xff);
return (code % 1_000_000).toString().padStart(6, '0');
}
/**
* Generates a syntactically valid TOTP code that is guaranteed to be rejected,
* by using a timestamp far outside the accepted verification window.
*/
export function generateInvalidTotpCode(base32Secret: string): string {
const validNow = [
generateTotpCode(base32Secret, Date.now() - 30_000),
generateTotpCode(base32Secret),
generateTotpCode(base32Secret, Date.now() + 30_000),
];
for (let minutes = 10; ; minutes++) {
const candidate = generateTotpCode(base32Secret, Date.now() + minutes * 60_000);
if (!validNow.includes(candidate)) {
return candidate;
}
}
}

4
resources/js/Components/OrganizationSwitcher.vue
View File

@@ -61,7 +61,7 @@ const switchToTeam = (organization: Organization) => {
<DropdownMenuItem as-child>
<Link
:href="route('teams.show', page.props.auth.user.current_team.id)"
:href="route('organizations.show', page.props.auth.user.current_team.id)"
class="inline-flex items-center gap-2.5 w-full">
<Cog6ToothIcon class="w-5 h-5 text-icon-default" />
<span>Organization Settings</span>
@@ -74,7 +74,7 @@ const switchToTeam = (organization: Organization) => {
<DropdownMenuItem as-child>
<Link
:href="route('teams.create')"
:href="route('organizations.create')"
class="inline-flex items-center gap-2.5 w-full">
<PlusCircleIcon class="w-5 h-5 text-icon-default" />
<span>Create new organization</span>

9
resources/js/Layouts/AppLayout.vue
View File

@@ -280,10 +280,15 @@ const page = usePage<{
v-if="canUpdateOrganization()"
title="Settings"
:icon="Cog6ToothIcon"
:href="route('teams.show', page.props.auth.user.current_team.id)"
:href="
route(
'organizations.show',
page.props.auth.user.current_team.id
)
"
:current="
route().current(
'teams.show',
'organizations.show',
page.props.auth.user.current_team.id
)
"></NavigationSidebarItem>

16
resources/js/Pages/Profile/Partials/UpdateProfileInformationForm.vue
View File

@@ -1,7 +1,6 @@
<script setup lang="ts">
import { computed, onBeforeUnmount, ref, watch } from 'vue';
import { usePage } from '@inertiajs/vue3';
import axios from 'axios';
import ActionMessage from '@/Components/ActionMessage.vue';
import FormSection from '@/Components/FormSection.vue';
import { Field, FieldError, FieldLabel } from '@/packages/ui/src/field';
@@ -16,6 +15,7 @@ import {
useUserQuery,
} from '@/utils/useUserQuery';
import type { UpdateUserBody, User } from '@/packages/api/src';
import { getApiValidationFieldErrors } from '@/utils/apiValidation';
const { user } = useUserQuery();
const updateUser = useUpdateUserMutation();
@@ -58,17 +58,9 @@ const hasUploadedPhoto = computed(() => {
return !!url && !url.includes('ui-avatars.com');
});
const fieldErrors = computed<Record<string, string>>(() => {
const err = updateUser.error.value;
if (!axios.isAxiosError(err) || err.response?.status !== 422) return {};
const raw = err.response.data?.errors as Record<string, string[]> | undefined;
if (!raw) return {};
const flat: Record<string, string> = {};
for (const [key, messages] of Object.entries(raw)) {
if (Array.isArray(messages) && messages[0]) flat[key] = messages[0];
}
return flat;
});
const fieldErrors = computed<Record<string, string>>(() =>
getApiValidationFieldErrors(updateUser.error.value)
);
function buildPayload(): UpdateUserBody {
if (!user.value) return {};

78
resources/js/Pages/Teams/Partials/CreateTeamForm.vue
View File

@@ -1,25 +1,68 @@
<script setup lang="ts">
import { useForm, usePage } from '@inertiajs/vue3';
import { computed, ref, watch } from 'vue';
import axios from 'axios';
import { router, usePage } from '@inertiajs/vue3';
import FormSection from '@/Components/FormSection.vue';
import { Field, FieldLabel, FieldError } from '@/packages/ui/src/field';
import { Field, FieldError, FieldLabel } from '@/packages/ui/src/field';
import PrimaryButton from '@/packages/ui/src/Buttons/PrimaryButton.vue';
import TextInput from '@/packages/ui/src/Input/TextInput.vue';
import type { User } from '@/types/models';
import { initializeStores } from '@/utils/init';
import { useOrganizationStore } from '@/utils/useOrganization';
import { useNotificationsStore } from '@/utils/notification';
import {
getApiValidationFieldErrors,
getApiValidationMessage,
isApiValidationError,
} from '@/utils/apiValidation';
const form = useForm({
name: '',
const name = ref('');
const processing = ref(false);
const createError = ref<unknown>(null);
const organizationStore = useOrganizationStore();
const notifications = useNotificationsStore();
const fieldErrors = computed<Record<string, string>>(() =>
getApiValidationFieldErrors(createError.value)
);
watch(name, () => {
createError.value = null;
});
const createTeam = () => {
form.post(route('teams.store'), {
errorBag: 'createTeam',
preserveScroll: true,
onSuccess: () => {
initializeStores();
},
});
const createTeam = async () => {
processing.value = true;
createError.value = null;
try {
const organization = await organizationStore.createOrganization(name.value);
if (organization) {
notifications.addNotification('success', 'Organization created successfully');
// The backend already switched the current organization to the new one.
// Flush Inertia's prefetch cache and do a full reload so the new
// organization context is picked up everywhere.
router.flushAll();
router.visit(route('dashboard'));
}
} catch (error) {
createError.value = error;
if (isApiValidationError(error)) {
notifications.addNotification(
'error',
getApiValidationMessage(error, 'Failed to create organization')
);
} else if (axios.isAxiosError(error)) {
notifications.addNotification(
'error',
'Failed to create organization',
error.response?.data?.message ?? 'Please try again later.'
);
} else {
notifications.addNotification('error', 'Failed to create organization');
}
} finally {
processing.value = false;
}
};
const page = usePage<{
auth: {
user: User;
@@ -60,16 +103,17 @@ const page = usePage<{
<FieldLabel for="name">Organization Name</FieldLabel>
<TextInput
id="name"
v-model="form.name"
v-model="name"
type="text"
class="block w-full"
autofocus />
<FieldError v-if="form.errors.name">{{ form.errors.name }}</FieldError>
autofocus
:aria-invalid="Boolean(fieldErrors.name)" />
<FieldError v-if="fieldErrors.name">{{ fieldErrors.name }}</FieldError>
</Field>
</template>
<template #actions>
<PrimaryButton :class="{ 'opacity-25': form.processing }" :disabled="form.processing">
<PrimaryButton :class="{ 'opacity-25': processing }" :disabled="processing">
Create
</PrimaryButton>
</template>

32
resources/js/Pages/Teams/Partials/DeleteTeamForm.vue
View File

@@ -1,26 +1,36 @@
<script setup lang="ts">
import { ref } from 'vue';
import { useForm } from '@inertiajs/vue3';
import { router } from '@inertiajs/vue3';
import ActionSection from '@/Components/ActionSection.vue';
import ConfirmationModal from '@/Components/ConfirmationModal.vue';
import DangerButton from '@/packages/ui/src/Buttons/DangerButton.vue';
import SecondaryButton from '@/packages/ui/src/Buttons/SecondaryButton.vue';
import { useOrganizationStore } from '@/utils/useOrganization';
const props = defineProps({
team: Object,
});
const props = defineProps<{
team: { id: string };
}>();
const confirmingTeamDeletion = ref(false);
const form = useForm({});
const processing = ref(false);
const organizationStore = useOrganizationStore();
const confirmTeamDeletion = () => {
confirmingTeamDeletion.value = true;
};
const deleteTeam = () => {
form.delete(route('teams.destroy', props.team), {
errorBag: 'deleteTeam',
});
const deleteTeam = async () => {
processing.value = true;
try {
await organizationStore.deleteOrganization(props.team.id);
// The backend reassigns the user's current organization after deletion,
// so flush the prefetch cache and reload into the dashboard.
router.flushAll();
router.visit(route('dashboard'));
} catch {
// Request errors are surfaced as notifications by the store.
processing.value = false;
}
};
</script>
@@ -59,8 +69,8 @@ const deleteTeam = () => {
<DangerButton
class="ms-3"
:class="{ 'opacity-25': form.processing }"
:disabled="form.processing"
:class="{ 'opacity-25': processing }"
:disabled="processing"
@click="deleteTeam">
Delete Organization
</DangerButton>

68
resources/js/Pages/Teams/Partials/UpdateTeamNameForm.vue
View File

@@ -1,5 +1,7 @@
<script setup lang="ts">
import { Link, useForm } from '@inertiajs/vue3';
import { Link, router } from '@inertiajs/vue3';
import { reactive, ref } from 'vue';
import axios from 'axios';
import ActionMessage from '@/Components/ActionMessage.vue';
import FormSection from '@/Components/FormSection.vue';
import { Field, FieldLabel, FieldError } from '@/packages/ui/src/field';
@@ -10,22 +12,66 @@ import type { Permissions } from '@/types/jetstream';
import { CreditCardIcon } from '@heroicons/vue/20/solid';
import { isBillingActivated } from '@/utils/billing';
import { canManageBilling } from '@/utils/permissions';
import { api } from '@/packages/api/src';
import { useNotificationsStore } from '@/utils/notification';
import { getApiValidationFieldErrors, isApiValidationError } from '@/utils/apiValidation';
const props = defineProps<{
team: Organization;
permissions: Permissions;
}>();
const form = useForm({
const form = reactive({
name: props.team.name,
currency: props.team.currency,
});
const updateTeamName = () => {
form.put(route('teams.update', props.team.id), {
errorBag: 'updateTeamName',
preserveScroll: true,
});
const errors = ref<Record<string, string>>({});
const processing = ref(false);
const recentlySuccessful = ref(false);
const notifications = useNotificationsStore();
let recentlySuccessfulTimeout: ReturnType<typeof setTimeout> | undefined;
const updateTeamName = async () => {
processing.value = true;
recentlySuccessful.value = false;
errors.value = {};
try {
await api.updateOrganization(
{
name: form.name,
currency: form.currency,
},
{
params: {
organization: props.team.id,
},
}
);
notifications.addNotification('success', 'Organization updated successfully');
recentlySuccessful.value = true;
if (recentlySuccessfulTimeout) {
clearTimeout(recentlySuccessfulTimeout);
}
recentlySuccessfulTimeout = setTimeout(() => {
recentlySuccessful.value = false;
}, 2000);
router.reload({ only: ['auth', 'team'] });
} catch (error) {
if (isApiValidationError(error)) {
errors.value = getApiValidationFieldErrors(error);
} else if (axios.isAxiosError(error)) {
notifications.addNotification(
'error',
'Failed to update organization',
error.response?.data?.message ?? 'Please try again later.'
);
} else {
notifications.addNotification('error', 'Failed to update organization');
}
} finally {
processing.value = false;
}
};
</script>
@@ -74,7 +120,7 @@ const updateTeamName = () => {
class="block w-full"
:disabled="!permissions.canUpdateTeam" />
<FieldError v-if="form.errors.name">{{ form.errors.name }}</FieldError>
<FieldError v-if="errors.name">{{ errors.name }}</FieldError>
</Field>
<!-- Currency -->
@@ -94,14 +140,14 @@ const updateTeamName = () => {
{{ currencyKey }} - {{ currencyTranslated }}
</option>
</select>
<FieldError v-if="form.errors.currency">{{ form.errors.currency }}</FieldError>
<FieldError v-if="errors.currency">{{ errors.currency }}</FieldError>
</Field>
</template>
<template v-if="permissions.canUpdateTeam" #actions>
<ActionMessage :on="form.recentlySuccessful" class="me-3"> Saved. </ActionMessage>
<ActionMessage :on="recentlySuccessful" class="me-3"> Saved. </ActionMessage>
<PrimaryButton :class="{ 'opacity-25': form.processing }" :disabled="form.processing">
<PrimaryButton :class="{ 'opacity-25': processing }" :disabled="processing">
Save
</PrimaryButton>
</template>

5
resources/js/Pages/Teams/Show.vue
View File

@@ -4,7 +4,7 @@ import DeleteTeamForm from '@/Pages/Teams/Partials/DeleteTeamForm.vue';
import SectionBorder from '@/Components/SectionBorder.vue';
import UpdateTeamNameForm from '@/Pages/Teams/Partials/UpdateTeamNameForm.vue';
import type { Organization } from '@/types/models';
import type { Permissions, Role } from '@/types/jetstream';
import type { Permissions } from '@/types/jetstream';
import OrganizationBillableRate from '@/Pages/Teams/Partials/OrganizationBillableRate.vue';
import OrganizationFormatSettings from '@/Pages/Teams/Partials/OrganizationFormatSettings.vue';
import OrganizationTimeEntrySettings from '@/Pages/Teams/Partials/OrganizationTimeEntrySettings.vue';
@@ -14,7 +14,6 @@ import { storeToRefs } from 'pinia';
defineProps<{
team: Organization;
availableRoles: Role[];
permissions: Permissions;
}>();
@@ -54,7 +53,7 @@ onMounted(async () => {
<OrganizationTimeEntrySettings v-if="permissions.canUpdateTeam" />
<SectionBorder />
<template v-if="permissions.canDeleteTeam && !team.personal_team">
<template v-if="permissions.canDeleteTeam">
<DeleteTeamForm class="mt-10 sm:mt-0" :team="team" />
</template>
</template>

101
resources/js/packages/api/src/openapi.json.client.ts
View File

@@ -330,6 +330,7 @@ const OrganizationResource = z
const OrganizationUpdateRequest = z
.object({
name: z.string().max(255),
currency: z.string(),
billable_rate: z.union([z.number(), z.null()]),
employees_can_see_billable_rates: z.boolean(),
employees_can_manage_tasks: z.boolean(),
@@ -803,6 +804,39 @@ const endpoints = makeApi([
z.object({ code: z.string(), name: z.string(), symbol: z.string() }).passthrough()
),
},
{
method: 'post',
path: '/v1/organizations',
alias: 'createOrganization',
requestFormat: 'json',
parameters: [
{
name: 'body',
type: 'Body',
schema: z.object({ name: z.string().max(255) }).passthrough(),
},
],
response: z.object({ data: OrganizationResource }).passthrough(),
errors: [
{
status: 401,
description: `Unauthenticated`,
schema: z.object({ message: z.string() }).passthrough(),
},
{
status: 403,
description: `Authorization error`,
schema: z.object({ message: z.string() }).passthrough(),
},
{
status: 422,
description: `Validation error`,
schema: z
.object({ message: z.string(), errors: z.record(z.array(z.string())) })
.passthrough(),
},
],
},
{
method: 'get',
path: '/v1/organizations/:organization',
@@ -877,6 +911,37 @@ const endpoints = makeApi([
},
],
},
{
method: 'delete',
path: '/v1/organizations/:organization',
alias: 'deleteOrganization',
requestFormat: 'json',
parameters: [
{
name: 'organization',
type: 'Path',
schema: z.string(),
},
],
response: z.void(),
errors: [
{
status: 401,
description: `Unauthenticated`,
schema: z.object({ message: z.string() }).passthrough(),
},
{
status: 403,
description: `Authorization error`,
schema: z.object({ message: z.string() }).passthrough(),
},
{
status: 404,
description: `Not found`,
schema: z.object({ message: z.string() }).passthrough(),
},
],
},
{
method: 'get',
path: '/v1/organizations/:organization/charts/daily-tracked-hours',
@@ -4447,6 +4512,42 @@ The report is considered public if the &#x60;is_public&#x60; field is set to &#x
},
],
},
{
method: 'put',
path: '/v1/users/me/current-organization',
alias: 'updateMyCurrentOrganization',
description: `Switches the organization that the user is currently working in. The user
must be a member of the given organization. This endpoint is independent of
the organization.`,
requestFormat: 'json',
parameters: [
{
name: 'body',
type: 'Body',
schema: z.object({ organization_id: z.string().uuid() }).passthrough(),
},
],
response: z.object({ data: UserResource }).passthrough(),
errors: [
{
status: 401,
description: `Unauthenticated`,
schema: z.object({ message: z.string() }).passthrough(),
},
{
status: 403,
description: `Authorization error`,
schema: z.object({ message: z.string() }).passthrough(),
},
{
status: 422,
description: `Validation error`,
schema: z
.object({ message: z.string(), errors: z.record(z.array(z.string())) })
.passthrough(),
},
],
},
{
method: 'put',
path: '/v1/users/:user',

3
resources/js/types/jetstream.ts
View File

@@ -1,11 +1,8 @@
import type { User } from '@/types/models';
export interface Permissions {
canAddTeamMembers: boolean;
canDeleteTeam: boolean;
canRemoveTeamMembers: boolean;
canUpdateTeam: boolean;
canUpdateTeamMembers: boolean;
}
export interface Session {

31
resources/js/utils/apiValidation.ts Normal file
View File

@@ -0,0 +1,31 @@
import axios, { type AxiosError } from 'axios';
type ApiValidationResponse = {
message?: string;
errors?: Record<string, string[]>;
};
export function isApiValidationError(error: unknown): error is AxiosError<ApiValidationResponse> {
return axios.isAxiosError<ApiValidationResponse>(error) && error.response?.status === 422;
}
export function getApiValidationFieldErrors(error: unknown): Record<string, string> {
if (!isApiValidationError(error)) {
return {};
}
const fieldErrors: Record<string, string> = {};
for (const [field, messages] of Object.entries(error.response?.data?.errors ?? {})) {
if (Array.isArray(messages) && messages[0]) {
fieldErrors[field] = messages[0];
}
}
return fieldErrors;
}
export function getApiValidationMessage(error: unknown, fallback: string): string {
if (!isApiValidationError(error)) {
return fallback;
}
return error.response?.data?.message ?? fallback;
}

2
resources/js/utils/commandPaletteCommands.ts
View File

@@ -210,7 +210,7 @@ export function createNavigationCommands(
icon: Cog6ToothIcon,
keywords: ['settings', 'organization', 'configuration'],
group: 'navigation',
action: () => navigate('teams.show', { team: currentTeamId() }),
action: () => navigate('organizations.show', { organizationId: currentTeamId() }),
permission: permissions.canUpdateOrganization,
priority: GROUP_PRIORITIES.navigation - 3,
},

62
resources/js/utils/useOrganization.ts
View File

@@ -11,23 +11,29 @@ import { useNotificationsStore } from '@/utils/notification';
import { getCurrentOrganizationId } from '@/utils/useUser';
import { api } from '@/packages/api/src';
export function switchOrganization(organizationId: string) {
// Clear Inertia's prefetch cache to prevent stale pages from the old
// organization being served when navigating after the switch.
router.flushAll();
export async function switchOrganization(organizationId: string) {
const { handleApiRequestNotifications } = useNotificationsStore();
try {
await handleApiRequestNotifications(
() => api.updateMyCurrentOrganization({ organization_id: organizationId }),
undefined,
'Failed to switch organization'
);
} catch {
// The error notification is surfaced by the request handler.
return;
}
router.put(
route('current-team.update'),
{
team_id: organizationId,
// The current organization changed server-side. Clear Inertia's prefetch
// cache and reload into the dashboard so the new organization context
// (auth.user.current_team) is picked up everywhere.
router.flushAll();
router.visit(route('dashboard'), {
preserveState: false,
onSuccess: () => {
initializeStores();
},
{
preserveState: false,
onSuccess: () => {
initializeStores();
},
}
);
});
}
export const useOrganizationStore = defineStore('organization', () => {
@@ -67,9 +73,33 @@ export const useOrganizationStore = defineStore('organization', () => {
}
}
async function createOrganization(name: string): Promise<Organization | null> {
const response = await api.createOrganization({ name });
return response?.data ?? null;
}
async function deleteOrganization(organizationId: string) {
await handleApiRequestNotifications(
() =>
api.deleteOrganization(undefined, {
params: {
organization: organizationId,
},
}),
'Organization deleted successfully',
'Failed to delete organization'
);
}
const organization = computed<Organization | null>(() => {
return organizationResponse.value?.data || null;
});
return { organization, fetchOrganization, updateOrganization };
return {
organization,
fetchOrganization,
updateOrganization,
createOrganization,
deleteOrganization,
};
});

7
resources/js/ziggy.d.ts vendored
View File

@@ -114,6 +114,13 @@ declare module 'ziggy-js' {
'other-browser-sessions.destroy': [];
'current-user-photo.destroy': [];
'current-user.destroy': [];
'organizations.create': [];
'organizations.show': [
{
'name': 'organizationId';
'required': true;
},
];
'teams.create': [];
'teams.store': [];
'teams.show': [

6
resources/js/ziggy.js
View File

@@ -197,6 +197,12 @@ const Ziggy = {
'methods': ['DELETE'],
},
'current-user.destroy': { 'uri': 'user', 'methods': ['DELETE'] },
'organizations.create': { 'uri': 'organizations/create', 'methods': ['GET', 'HEAD'] },
'organizations.show': {
'uri': 'organizations/{organizationId}',
'methods': ['GET', 'HEAD'],
'parameters': ['organizationId'],
},
'teams.create': { 'uri': 'teams/create', 'methods': ['GET', 'HEAD'] },
'teams.store': { 'uri': 'teams', 'methods': ['POST'] },
'teams.show': {

7
routes/api.php
View File

@@ -18,6 +18,7 @@ use App\Http\Controllers\Api\V1\ReportController;
use App\Http\Controllers\Api\V1\TagController;
use App\Http\Controllers\Api\V1\TaskController;
use App\Http\Controllers\Api\V1\TimeEntryController;
use App\Http\Controllers\Api\V1\TimeZoneController;
use App\Http\Controllers\Api\V1\UserController;
use App\Http\Controllers\Api\V1\UserMembershipController;
use App\Http\Controllers\Api\V1\UserTimeEntryController;
@@ -61,6 +62,7 @@ Route::prefix('v1')->name('v1.')->group(static function (): void {
// User routes
Route::name('users.')->group(static function (): void {
Route::get('/users/me', [UserController::class, 'me'])->name('me');
Route::put('/users/me/current-organization', [UserController::class, 'updateMyCurrentOrganization'])->name('update-current-organization');
Route::put('/users/{user}', [UserController::class, 'update'])->name('update');
Route::post('/users/{user}/resend-email-verification', [UserController::class, 'resendEmailVerification'])->name('resend-email-verification');
Route::delete('/users/{user}', [UserController::class, 'destroy'])->name('destroy');
@@ -179,10 +181,15 @@ Route::prefix('v1')->name('v1.')->group(static function (): void {
Route::name('export.')->prefix('/organizations/{organization}')->group(static function (): void {
Route::post('/export', [ExportController::class, 'export'])->name('export');
});
});
// Currency routes
Route::get('/currencies', [CurrencyController::class, 'index'])->name('currencies.index');
// Timezone routes
Route::get('/time-zones', [TimeZoneController::class, 'index'])->name('time-zones.index');
// Public routes
Route::name('public.')->prefix('/public')->group(static function (): void {
Route::get('/reports', [PublicReportController::class, 'show'])->name('reports.show');

29
routes/web.php
View File

@@ -4,11 +4,15 @@ declare(strict_types=1);
use App\Http\Controllers\Web\DashboardController;
use App\Http\Controllers\Web\HomeController;
use App\Http\Controllers\Web\OrganizationController;
use App\Http\Controllers\Web\OrganizationInvitationController;
use App\Http\Controllers\Web\OtherBrowserSessionsController;
use App\Http\Controllers\Web\UserController;
use App\Http\Controllers\Web\UserProfileController;
use App\Service\PermissionStore;
use Illuminate\Http\RedirectResponse;
use Illuminate\Support\Facades\Route;
use Inertia\Inertia;
use Laravel\Jetstream\Jetstream;
/*
|--------------------------------------------------------------------------
@@ -29,7 +33,6 @@ Route::get('/shared-report', function () {
Route::middleware([
'auth:web',
config('jetstream.auth_session'),
'verified',
])->group(function (): void {
Route::get('/dashboard', [DashboardController::class, 'dashboard'])->name('dashboard');
@@ -72,7 +75,14 @@ Route::middleware([
Route::get('/members', function () {
return Inertia::render('Members', [
'availableRoles' => array_values(Jetstream::$roles),
'availableRoles' => collect(PermissionStore::roleDefinitions())
->map(fn (array $definition, string $key): array => [
'key' => $key,
'name' => $definition['name'],
'description' => $definition['description'],
])
->values()
->all(),
]);
})->name('members');
@@ -84,6 +94,17 @@ Route::middleware([
return Inertia::render('Import');
})->name('import');
Route::get('/organizations/create', [OrganizationController::class, 'create'])->name('organizations.create');
Route::get('/organizations/{organizationId}', [OrganizationController::class, 'show'])->name('organizations.show');
Route::get('/teams/create', function (): RedirectResponse {
return to_route('organizations.create');
})->name('teams.create');
Route::get('/teams/{organizationId}', function (string $organizationId): RedirectResponse {
return to_route('organizations.show', [$organizationId]);
})->name('teams.show');
Route::get('/user/profile', [UserProfileController::class, 'show'])->name('profile.show');
Route::delete('/user/other-browser-sessions', [OtherBrowserSessionsController::class, 'destroy'])
->name('other-browser-sessions.destroy');
});
Route::get('/team-invitations/{invitation}', [OrganizationInvitationController::class, 'accept'])
@@ -94,5 +115,5 @@ Route::get('/organization-invitations/{invitation}', [OrganizationInvitationCont
->name('organization-invitations.accept');
Route::get('/users/{user}/verify-email-change', [UserController::class, 'verifyEmailChange'])
->middleware(['auth:web', config('jetstream.auth_session'), 'signed:relative'])
->middleware(['auth:web', 'signed:relative'])
->name('users.verify-email-change');

25
tests/Feature/BrowserSessionsTest.php
View File

@@ -1,25 +0,0 @@
<?php
declare(strict_types=1);
namespace Tests\Feature;
use App\Models\User;
use Illuminate\Foundation\Testing\RefreshDatabase;
use Tests\TestCase;
class BrowserSessionsTest extends TestCase
{
use RefreshDatabase;
public function test_other_browser_sessions_can_be_logged_out(): void
{
$this->actingAs($user = User::factory()->create());
$response = $this->delete('/user/other-browser-sessions', [
'password' => 'password',
]);
$response->assertSessionHasNoErrors();
}
}

48
tests/Feature/CreateOrganizationTest.php
View File

@@ -1,48 +0,0 @@
<?php
declare(strict_types=1);
namespace Tests\Feature;
use App\Enums\Role;
use App\Events\AfterCreateOrganization;
use App\Models\Member;
use App\Models\Organization;
use App\Models\User;
use Illuminate\Foundation\Testing\RefreshDatabase;
use Illuminate\Support\Facades\Event;
use Tests\TestCase;
class CreateOrganizationTest extends TestCase
{
use RefreshDatabase;
public function test_organizations_can_be_created(): void
{
// Arrange
$user = User::factory()->withPersonalOrganization()->create();
$this->actingAs($user);
Event::fake([
AfterCreateOrganization::class,
]);
// Act
$response = $this->post('/teams', [
'name' => 'Test Organization',
]);
// Assert
$response->assertStatus(302);
/** @var Organization|null $newOrganization */
$ownedOrganizations = $user->fresh()->ownedOrganizations;
$this->assertCount(2, $ownedOrganizations);
$this->assertTrue($ownedOrganizations->contains('name', 'Test Organization'));
$newOrganization = $ownedOrganizations->firstWhere('name', 'Test Organization');
/** @var Member $member */
$member = Member::query()->whereBelongsTo($user, 'user')->whereBelongsTo($newOrganization, 'organization')->firstOrFail();
$this->assertSame(Role::Owner->value, $member->role);
Event::assertDispatched(AfterCreateOrganization::class, function (AfterCreateOrganization $event) use ($newOrganization): bool {
return $event->organization->is($newOrganization);
});
}
}

68
tests/Feature/DeleteAccountTest.php
View File

@@ -1,68 +0,0 @@
<?php
declare(strict_types=1);
namespace Tests\Feature;
use App\Enums\Role;
use App\Models\Member;
use App\Models\Organization;
use App\Models\User;
use Illuminate\Foundation\Testing\RefreshDatabase;
use Tests\TestCase;
class DeleteAccountTest extends TestCase
{
use RefreshDatabase;
public function test_user_accounts_can_be_deleted(): void
{
// Arrange
$user = User::factory()->create();
$this->actingAs($user);
// Act
$response = $this->delete('/user', [
'password' => 'password',
]);
// Assert
$response->assertStatus(302);
$this->assertNull($user->fresh());
}
public function test_correct_password_must_be_provided_before_account_can_be_deleted(): void
{
// Arrange
$user = User::factory()->create();
$this->actingAs($user);
// Act
$response = $this->delete('/user', [
'password' => 'wrong-password',
]);
// Assert
$this->assertNotNull($user->fresh());
}
public function test_user_account_can_not_be_deleted_if_attached_to_a_organization_with_multiple_users(): void
{
// Arrange
$user = User::factory()->create();
$organization = Organization::factory()->withOwner($user)->create();
$userMember = Member::factory()->forOrganization($organization)->forUser($user)->role(Role::Owner)->create();
$otherUser = User::factory()->create();
$otherMember = Member::factory()->forOrganization($organization)->forUser($otherUser)->role(Role::Admin)->create();
$this->actingAs($user);
// Act
$response = $this->delete('/user', [
'password' => 'password',
]);
// Assert
$response->assertInvalid(['password']);
$this->assertNotNull($user->fresh());
}
}

84
tests/Feature/DeleteOrganizationTest.php
View File

@@ -1,84 +0,0 @@
<?php
declare(strict_types=1);
namespace Tests\Feature;
use App\Enums\Role;
use App\Models\Member;
use App\Models\Organization;
use App\Models\User;
use Illuminate\Foundation\Testing\RefreshDatabase;
use Tests\TestCase;
class DeleteOrganizationTest extends TestCase
{
use RefreshDatabase;
public function test_organizations_can_be_deleted_and_users_of_the_organization_that_have_no_organization_get_a_new_one(): void
{
// Arrange
$user = User::factory()->withPersonalOrganization()->create();
$this->actingAs($user);
$organization = Organization::factory()->withOwner($user)->create([
'personal_team' => false,
]);
Member::factory()->forOrganization($organization)->forUser($user)->role(Role::Owner)->create();
$otherUser = User::factory()->create();
$organization->users()->attach(
$otherUser, ['role' => 'test-role']
);
// Act
$response = $this->delete('/teams/'.$organization->getKey());
// Assert
$this->assertNull($organization->fresh());
$this->assertCount(1, $otherUser->fresh()->organizations);
$this->assertFalse($otherUser->fresh()->organizations->first()->is($organization));
}
public function test_personal_organizations_can_be_deleted_but_user_gets_an_new_one_if_this_is_the_only_one_left(): void
{
// Arrange
$user = User::factory()->withPersonalOrganization()->create();
$organization = $user->currentOrganization;
$this->actingAs($user);
// Act
$response = $this->delete('/teams/'.$organization->getKey());
// Assert
$user->refresh();
$this->assertDatabaseMissing(Organization::class, [
'id' => $organization->getKey(),
]);
$this->assertTrue($user->currentOrganization->isNot($organization));
}
public function test_organization_can_not_be_deleted_if_user_is_not_owner(): void
{
// Arrange
$user = User::factory()->withPersonalOrganization()->create();
$organization = Organization::factory()->withOwner($user)->create([
'personal_team' => false,
]);
$this->actingAs($user);
$otherUser = User::factory()->create();
$organization->users()->attach(
$otherUser, ['role' => Role::Admin->value]
);
// Act
$response = $this->delete('/teams/'.$organization->getKey());
// Assert
$response->assertForbidden();
$this->assertDatabaseHas(Organization::class, [
'id' => $organization->getKey(),
]);
}
}

38
tests/Feature/InviteTeamMemberTest.php
View File

@@ -17,44 +17,6 @@ class InviteTeamMemberTest extends TestCase
{
use RefreshDatabase;
public function test_team_members_can_no_longer_be_invited_to_team_over_jetstream(): void
{
// Arrange
Mail::fake();
$this->actingAs($user = User::factory()->withPersonalOrganization()->create());
// Act
$response = $this->post('/teams/'.$user->currentOrganization->id.'/members', [
'email' => 'test@example.com',
'role' => 'admin',
]);
// Assert
$response->assertStatus(403);
$response->assertSee('Moved to API');
Mail::assertNothingSent();
}
public function test_team_member_invitations_can_no_longer_be_cancelled_over_jetstream(): void
{
// Arrange
Mail::fake();
$this->actingAs($user = User::factory()->withPersonalOrganization()->create());
$invitation = $user->currentOrganization->organizationInvitations()->create([
'email' => 'test@example.com',
'role' => 'admin',
]);
// Act
$response = $this->delete('/team-invitations/'.$invitation->id);
// Assert
$response->assertStatus(403);
$this->assertCount(1, $user->currentOrganization->fresh()->organizationInvitations);
}
public function test_team_member_invitations_can_be_accepted(): void
{
// Arrange

33
tests/Feature/LeaveTeamTest.php
View File

@@ -1,33 +0,0 @@
<?php
declare(strict_types=1);
namespace Tests\Feature;
use App\Models\User;
use Illuminate\Foundation\Testing\RefreshDatabase;
use Tests\TestCase;
class LeaveTeamTest extends TestCase
{
use RefreshDatabase;
public function test_users_can_no_longer_leave_team_over_jetstream(): void
{
// Arrange
$user = User::factory()->withPersonalOrganization()->create();
$user->currentOrganization->users()->attach(
$otherUser = User::factory()->create(), ['role' => 'admin']
);
$this->actingAs($otherUser);
// Act
$response = $this->delete('/teams/'.$user->currentOrganization->id.'/members/'.$otherUser->id);
// Assert
$response->assertStatus(403);
$this->assertCount(2, $user->currentOrganization->fresh()->users);
}
}

174
tests/Feature/ProfileInformationTest.php
View File

@@ -5,32 +5,16 @@ declare(strict_types=1);
namespace Tests\Feature;
use App\Enums\Weekday;
use App\Mail\VerifyUpdatedEmailMail;
use App\Models\User;
use App\Service\TimezoneService;
use Illuminate\Foundation\Testing\RefreshDatabase;
use Illuminate\Support\Facades\Mail;
use Illuminate\Support\Facades\URL;
use Tests\TestCase;
class ProfileInformationTest extends TestCase
{
use RefreshDatabase;
public function test_show_profile_information_succeeds(): void
{
// Arrange
$user = User::factory()->withPersonalOrganization()->create();
$this->actingAs($user);
// Act
$response = $this->get('/user/profile');
// Assert
$response->assertSuccessful();
}
public function test_profile_information_can_be_updated(): void
public function test_profile_information_can_no_longer_be_updated_via_inertia(): void
{
// Arrange
$user = User::factory()->create([
@@ -48,160 +32,8 @@ class ProfileInformationTest extends TestCase
]);
// Assert
$response->assertValid(errorBag: 'updateProfileInformation');
$response->assertStatus(403);
$user = $user->fresh();
$this->assertEquals('Test Name', $user->name);
$this->assertEquals('test@example.com', $user->email);
$this->assertEquals($timezone, $user->timezone);
$this->assertEquals(Weekday::Sunday, $user->week_start);
}
public function test_email_update_keeps_current_email_verified_until_new_email_is_verified(): void
{
// Arrange
Mail::fake();
$user = User::factory()->create([
'email' => 'current@example.com',
'email_verified_at' => now(),
]);
$timezone = app(TimezoneService::class)->getTimezones()[0];
$this->actingAs($user);
// Act
$response = $this->put('/user/profile-information', [
'name' => 'Test Name',
'email' => 'New.Email@Example.com',
'timezone' => $timezone,
'week_start' => Weekday::Sunday->value,
]);
// Assert
$response->assertValid(errorBag: 'updateProfileInformation');
$user = $user->fresh();
$this->assertEquals('current@example.com', $user->email);
$this->assertEquals('new.email@example.com', $user->pending_email);
$this->assertNotNull($user->email_verified_at);
Mail::assertSent(VerifyUpdatedEmailMail::class, function (VerifyUpdatedEmailMail $mail): bool {
return $mail->hasTo('new.email@example.com') && $mail->email === 'new.email@example.com';
});
}
public function test_pending_email_can_be_verified(): void
{
// Arrange
$user = User::factory()->create([
'email' => 'current@example.com',
'pending_email' => 'new.email@example.com',
]);
$this->actingAs($user);
$verificationUrl = URL::temporarySignedRoute(
'users.verify-email-change',
now()->addMinutes(60),
[
'user' => $user->getKey(),
'email' => 'new.email@example.com',
],
false
);
// Act
$response = $this->get($verificationUrl);
// Assert
$response->assertRedirect(route('dashboard'));
$response->assertSessionHas('bannerStyle', 'success');
$response->assertSessionHas('bannerText', 'Your email address has been updated successfully.');
$user = $user->fresh();
$this->assertEquals('new.email@example.com', $user->email);
$this->assertNull($user->pending_email);
$this->assertNotNull($user->email_verified_at);
}
public function test_profile_update_does_not_clear_pending_email_when_email_is_unchanged(): void
{
// Arrange
$user = User::factory()->create([
'email' => 'current@example.com',
'pending_email' => 'new.email@example.com',
]);
$timezone = app(TimezoneService::class)->getTimezones()[0];
$this->actingAs($user);
// Act
$response = $this->put('/user/profile-information', [
'name' => 'Updated Name',
'email' => 'current@example.com',
'timezone' => $timezone,
'week_start' => Weekday::Sunday->value,
]);
// Assert
$response->assertValid(errorBag: 'updateProfileInformation');
$user = $user->fresh();
$this->assertEquals('Updated Name', $user->name);
$this->assertEquals('current@example.com', $user->email);
$this->assertEquals('new.email@example.com', $user->pending_email);
}
public function test_pending_email_verification_redirects_with_danger_banner_when_email_already_in_use(): void
{
// Arrange
User::factory()->create([
'email' => 'taken@example.com',
'is_placeholder' => false,
]);
$user = User::factory()->create([
'email' => 'current@example.com',
'pending_email' => 'taken@example.com',
]);
$this->actingAs($user);
$verificationUrl = URL::temporarySignedRoute(
'users.verify-email-change',
now()->addMinutes(60),
[
'user' => $user->getKey(),
'email' => 'taken@example.com',
],
false
);
// Act
$response = $this->get($verificationUrl);
// Assert
$response->assertRedirect(route('dashboard'));
$response->assertSessionHas('bannerStyle', 'danger');
$response->assertSessionHas('bannerText', 'The email address is already in use.');
$user = $user->fresh();
$this->assertEquals('current@example.com', $user->email);
$this->assertEquals('taken@example.com', $user->pending_email);
}
public function test_stale_pending_email_verification_link_is_rejected(): void
{
// Arrange
$user = User::factory()->create([
'email' => 'current@example.com',
'pending_email' => 'newer@example.com',
]);
$this->actingAs($user);
$verificationUrl = URL::temporarySignedRoute(
'users.verify-email-change',
now()->addMinutes(60),
[
'user' => $user->getKey(),
'email' => 'older@example.com',
],
false
);
// Act
$response = $this->get($verificationUrl);
// Assert
$response->assertForbidden();
$user = $user->fresh();
$this->assertEquals('current@example.com', $user->email);
$this->assertEquals('newer@example.com', $user->pending_email);
$this->assertEquals($user->name, $user->name);
}
}

32
tests/Feature/RegistrationTest.php
View File

@@ -17,7 +17,6 @@ use Illuminate\Support\Facades\Config;
use Illuminate\Support\Facades\Event;
use Illuminate\Support\Facades\Log;
use Laravel\Fortify\Features;
use Laravel\Jetstream\Jetstream;
use Tests\TestCaseWithDatabase;
use TiMacDonald\Log\LogEntry;
@@ -47,7 +46,7 @@ class RegistrationTest extends TestCaseWithDatabase
'email' => 'test@example.com',
'password' => 'password',
'password_confirmation' => 'password',
'terms' => Jetstream::hasTermsAndPrivacyPolicyFeature(),
'terms' => true,
]);
// Assert
@@ -62,6 +61,7 @@ class RegistrationTest extends TestCaseWithDatabase
$member = Member::query()->whereBelongsTo($user, 'user')->whereBelongsTo($organization, 'organization')->firstOrFail();
$this->assertSame(Role::Owner->value, $member->role);
Event::assertNotDispatched(NewsletterRegistered::class);
$this->assertSame($organization->getKey(), $user->current_team_id);
}
public function test_user_registration_fails_if_registration_is_deactivated(): void
@@ -78,7 +78,7 @@ class RegistrationTest extends TestCaseWithDatabase
'email' => 'test@example.com',
'password' => 'password',
'password_confirmation' => 'password',
'terms' => Jetstream::hasTermsAndPrivacyPolicyFeature(),
'terms' => true,
]);
// Assert
@@ -97,7 +97,7 @@ class RegistrationTest extends TestCaseWithDatabase
'email' => 'peter.test@gmail',
'password' => 'password',
'password_confirmation' => 'password',
'terms' => Jetstream::hasTermsAndPrivacyPolicyFeature(),
'terms' => true,
]);
// Assert
@@ -112,7 +112,7 @@ class RegistrationTest extends TestCaseWithDatabase
'email' => 'PETER.test@gmail.com ',
'password' => 'password',
'password_confirmation' => 'password',
'terms' => Jetstream::hasTermsAndPrivacyPolicyFeature(),
'terms' => true,
]);
// Assert
@@ -132,7 +132,7 @@ class RegistrationTest extends TestCaseWithDatabase
'email' => 'test@example.com',
'password' => 'password',
'password_confirmation' => 'password',
'terms' => Jetstream::hasTermsAndPrivacyPolicyFeature(),
'terms' => true,
'newsletter_consent' => true,
]);
@@ -154,7 +154,7 @@ class RegistrationTest extends TestCaseWithDatabase
'email' => 'test@example.com',
'password' => 'password',
'password_confirmation' => 'password',
'terms' => Jetstream::hasTermsAndPrivacyPolicyFeature(),
'terms' => true,
'timezone' => 'Europe/Berlin',
]);
@@ -182,7 +182,7 @@ class RegistrationTest extends TestCaseWithDatabase
'email' => 'test@example.com',
'password' => 'password',
'password_confirmation' => 'password',
'terms' => Jetstream::hasTermsAndPrivacyPolicyFeature(),
'terms' => true,
'timezone' => 'Europe/Berlin',
]);
@@ -213,7 +213,7 @@ class RegistrationTest extends TestCaseWithDatabase
'email' => 'test@example.com',
'password' => 'password',
'password_confirmation' => 'password',
'terms' => Jetstream::hasTermsAndPrivacyPolicyFeature(),
'terms' => true,
'timezone' => null,
]);
@@ -244,7 +244,7 @@ class RegistrationTest extends TestCaseWithDatabase
'email' => 'test@example.com',
'password' => 'password',
'password_confirmation' => 'password',
'terms' => Jetstream::hasTermsAndPrivacyPolicyFeature(),
'terms' => true,
'timezone' => 'Unknown timezone',
]);
@@ -275,7 +275,7 @@ class RegistrationTest extends TestCaseWithDatabase
'email' => 'test@example.com',
'password' => 'password',
'password_confirmation' => 'password',
'terms' => Jetstream::hasTermsAndPrivacyPolicyFeature(),
'terms' => true,
'timezone' => 'Asia/Calcutta',
]);
@@ -296,7 +296,7 @@ class RegistrationTest extends TestCaseWithDatabase
'email' => 'test@example.com',
'password' => 'password',
'password_confirmation' => 'password',
'terms' => Jetstream::hasTermsAndPrivacyPolicyFeature(),
'terms' => true,
'timezone' => 'Unknown timezone',
]);
@@ -319,7 +319,7 @@ class RegistrationTest extends TestCaseWithDatabase
'email' => 'test@example.com',
'password' => 'password',
'password_confirmation' => 'password',
'terms' => Jetstream::hasTermsAndPrivacyPolicyFeature(),
'terms' => true,
]);
$this->assertFalse($this->isAuthenticated(), 'The user is authenticated');
@@ -340,7 +340,7 @@ class RegistrationTest extends TestCaseWithDatabase
'email' => 'test@example.com',
'password' => 'password',
'password_confirmation' => 'password',
'terms' => Jetstream::hasTermsAndPrivacyPolicyFeature(),
'terms' => true,
]);
$this->assertAuthenticated();
@@ -365,7 +365,7 @@ class RegistrationTest extends TestCaseWithDatabase
'email' => 'test@example.com',
'password' => 'password',
'password_confirmation' => 'password',
'terms' => Jetstream::hasTermsAndPrivacyPolicyFeature(),
'terms' => true,
]);
$this->assertAuthenticated();
@@ -398,7 +398,7 @@ class RegistrationTest extends TestCaseWithDatabase
'email' => 'test@example.com',
'password' => 'password',
'password_confirmation' => 'password',
'terms' => Jetstream::hasTermsAndPrivacyPolicyFeature(),
'terms' => true,
]);
// Assert

31
tests/Feature/RemoveTeamMemberTest.php
View File

@@ -1,31 +0,0 @@
<?php
declare(strict_types=1);
namespace Tests\Feature;
use App\Models\User;
use Illuminate\Foundation\Testing\RefreshDatabase;
use Tests\TestCase;
class RemoveTeamMemberTest extends TestCase
{
use RefreshDatabase;
public function test_team_members_can_no_longer_be_removed_from_teams_over_jetstream_endpoints(): void
{
// Arrange
$this->actingAs($user = User::factory()->withPersonalOrganization()->create());
$user->currentOrganization->users()->attach(
$otherUser = User::factory()->create(), ['role' => 'admin']
);
// Act
$response = $this->delete('/teams/'.$user->currentOrganization->id.'/members/'.$otherUser->id);
// Assert
$response->assertStatus(403);
$response->assertSee('Moved to API');
}
}

35
tests/Feature/UpdateTeamMemberRoleTest.php
View File

@@ -1,35 +0,0 @@
<?php
declare(strict_types=1);
namespace Tests\Feature;
use App\Enums\Role;
use App\Models\User;
use Illuminate\Foundation\Testing\RefreshDatabase;
use Tests\TestCase;
class UpdateTeamMemberRoleTest extends TestCase
{
use RefreshDatabase;
public function test_team_member_roles_can_no_longer_be_updated_over_jetstream(): void
{
// Arrange
$user = User::factory()->withPersonalOrganization()->create();
$this->actingAs($user);
$user->currentOrganization->users()->attach(
$otherUser = User::factory()->create(), ['role' => 'admin']
);
// Act
$response = $this->put('/teams/'.$user->currentOrganization->id.'/members/'.$otherUser->id, [
'role' => Role::Employee->value,
]);
// Assert
$response->assertStatus(403);
$response->assertSee('Moved to API');
}
}

47
tests/Feature/UpdateTeamTest.php
View File

@@ -1,47 +0,0 @@
<?php
declare(strict_types=1);
namespace Tests\Feature;
use App\Models\User;
use Illuminate\Foundation\Testing\RefreshDatabase;
use Tests\TestCase;
class UpdateTeamTest extends TestCase
{
use RefreshDatabase;
public function test_team_update_page_shows_not_found_if_id_is_not_uuid(): void
{
// Arrange
$user = User::factory()->withPersonalOrganization()->create();
$this->actingAs($user);
// Act
$response = $this->get('/teams/1');
// Assert
$response->assertStatus(404);
}
public function test_team_names_can_be_updated(): void
{
// Arrange
$user = User::factory()->withPersonalOrganization()->create();
$this->actingAs($user);
// Act
$response = $this->put('/teams/'.$user->currentOrganization->id, [
'name' => 'Test Organization',
'currency' => 'USD',
]);
// Assert
$response->assertValid(errorBag: 'updateTeamName');
$this->assertCount(1, $user->fresh()->ownedOrganizations);
$organization = $user->currentOrganization->fresh();
$this->assertEquals('Test Organization', $organization->name);
$this->assertEquals('USD', $organization->currency);
}
}

3
tests/TestCaseWithDatabase.php
View File

@@ -12,7 +12,6 @@ use App\Service\PermissionStore;
use Illuminate\Foundation\Testing\RefreshDatabase;
use Illuminate\Support\Facades\DB;
use Illuminate\Support\Str;
use Laravel\Jetstream\Jetstream;
abstract class TestCaseWithDatabase extends TestCase
{
@@ -25,8 +24,6 @@ abstract class TestCaseWithDatabase extends TestCase
protected function createUserWithPermission(array $permissions = [], bool $isOwner = false): object
{
$roleName = 'custom-test-'.Str::uuid();
Jetstream::role($roleName, 'Custom Test', $permissions)
->description('Role custom for testing');
PermissionStore::registerCustomRole($roleName, $permissions);
$user = User::factory()->create();
if ($isOwner) {

2
tests/Unit/Endpoint/Api/V1/InvitationEndpointTest.php
View File

@@ -193,7 +193,7 @@ class InvitationEndpointTest extends ApiEndpointTestAbstract
Passport::actingAs($data->user);
// Act
$response = $this->postJson(route('api.v1.invitations.store', $data->organization->getKey()), [
$response = $this->withoutExceptionHandling()->postJson(route('api.v1.invitations.store', $data->organization->getKey()), [
'email' => $user->email,
'role' => Role::Employee->value,
]);

52
tests/Unit/Endpoint/Api/V1/OrganizationEndpointTest.php
View File

@@ -382,6 +382,58 @@ class OrganizationEndpointTest extends ApiEndpointTestAbstract
]);
}
public function test_update_endpoint_can_update_the_currency_of_the_organization(): void
{
// Arrange
$data = $this->createUserWithPermission([
'organizations:update',
]);
$this->assertBillableRateServiceIsUnused();
$data->organization->currency = 'EUR';
$data->organization->save();
Passport::actingAs($data->user);
// Act
$response = $this->putJson(route('api.v1.organizations.update', [$data->organization->getKey()]), [
'name' => $data->organization->name,
'currency' => 'USD',
]);
// Assert
$response->assertStatus(200);
$response->assertJsonPath('data.currency', 'USD');
$this->assertDatabaseHas(Organization::class, [
'id' => $data->organization->getKey(),
'currency' => 'USD',
]);
}
public function test_update_endpoint_fails_if_currency_is_invalid(): void
{
// Arrange
$data = $this->createUserWithPermission([
'organizations:update',
]);
$this->assertBillableRateServiceIsUnused();
$data->organization->currency = 'EUR';
$data->organization->save();
Passport::actingAs($data->user);
// Act
$response = $this->putJson(route('api.v1.organizations.update', [$data->organization->getKey()]), [
'name' => $data->organization->name,
'currency' => 'NOT_A_CURRENCY',
]);
// Assert
$response->assertStatus(422);
$response->assertJsonValidationErrors(['currency']);
$this->assertDatabaseHas(Organization::class, [
'id' => $data->organization->getKey(),
'currency' => 'EUR',
]);
}
public function test_delete_endpoint_if_user_does_not_have_permission(): void
{
// Arrange

44
tests/Unit/Endpoint/Api/V1/TimeZoneEndpointTest.php Normal file
View File

@@ -0,0 +1,44 @@
<?php
declare(strict_types=1);
namespace Tests\Unit\Endpoint\Api\V1;
use App\Http\Controllers\Api\V1\TimeZoneController;
use App\Service\TimezoneService;
use PHPUnit\Framework\Attributes\CoversClass;
use Tests\TestCase;
#[CoversClass(TimeZoneController::class)]
#[CoversClass(TimezoneService::class)]
class TimeZoneEndpointTest extends TestCase
{
public function test_index_returns_list_of_available_timezones(): void
{
// Arrange
$timezones = app(TimezoneService::class)->getTimezones();
// Act
$response = $this->getJson(route('api.v1.time-zones.index'));
// Assert
$response->assertOk();
$response->assertJsonCount(count($timezones));
$response->assertJsonStructure([
[
'key',
],
]);
$responseObj = collect($response->json());
$this->assertSame([
'key' => $timezones[0],
], $responseObj->first());
$this->assertSame([
'key' => 'Europe/Vienna',
], $responseObj->firstWhere('key', '=', 'Europe/Vienna'));
$this->assertSame([
'key' => 'America/New_York',
], $responseObj->firstWhere('key', '=', 'America/New_York'));
}
}

93
tests/Unit/Endpoint/Api/V1/UserEndpointTest.php
View File

@@ -4,8 +4,11 @@ declare(strict_types=1);
namespace Tests\Unit\Endpoint\Api\V1;
use App\Enums\Role;
use App\Enums\Weekday;
use App\Mail\VerifyUpdatedEmailMail;
use App\Models\Member;
use App\Models\Organization;
use App\Models\User;
use Illuminate\Support\Facades\Mail;
use Illuminate\Support\Facades\Storage;
@@ -46,6 +49,88 @@ class UserEndpointTest extends ApiEndpointTestAbstract
]);
}
public function test_update_current_organization_fails_when_not_authenticated(): void
{
// Arrange
$organization = Organization::factory()->create();
// Act
$response = $this->putJson(route('api.v1.users.update-current-organization'), [
'organization_id' => $organization->getKey(),
]);
// Assert
$response->assertUnauthorized();
}
public function test_update_current_organization_switches_the_current_organization_of_the_user(): void
{
// Arrange
$data = $this->createUserWithPermission([], isOwner: true);
$otherOrganization = Organization::factory()->create();
Member::factory()->forUser($data->user)->forOrganization($otherOrganization)->create([
'role' => Role::Admin->value,
]);
Passport::actingAs($data->user);
// Act
$response = $this->putJson(route('api.v1.users.update-current-organization'), [
'organization_id' => $otherOrganization->getKey(),
]);
// Assert
$response->assertSuccessful();
$this->assertSame($otherOrganization->getKey(), $data->user->fresh()->current_team_id);
}
public function test_update_current_organization_fails_if_user_is_not_a_member_of_the_target_organization(): void
{
// Arrange
$data = $this->createUserWithPermission([], isOwner: true);
$currentOrganizationId = $data->user->current_team_id;
$otherOrganization = Organization::factory()->create();
Passport::actingAs($data->user);
// Act
$response = $this->putJson(route('api.v1.users.update-current-organization'), [
'organization_id' => $otherOrganization->getKey(),
]);
// Assert
$response->assertForbidden();
$this->assertSame($currentOrganizationId, $data->user->fresh()->current_team_id);
}
public function test_update_current_organization_fails_if_organization_id_is_missing(): void
{
// Arrange
$data = $this->createUserWithPermission([], isOwner: true);
Passport::actingAs($data->user);
// Act
$response = $this->putJson(route('api.v1.users.update-current-organization'), []);
// Assert
$response->assertUnprocessable();
$response->assertJsonValidationErrors('organization_id');
}
public function test_update_current_organization_fails_if_organization_id_is_not_a_uuid(): void
{
// Arrange
$data = $this->createUserWithPermission([], isOwner: true);
Passport::actingAs($data->user);
// Act
$response = $this->putJson(route('api.v1.users.update-current-organization'), [
'organization_id' => 'not-a-uuid',
]);
// Assert
$response->assertUnprocessable();
$response->assertJsonValidationErrors('organization_id');
}
public function test_update_changes_user_name_timezone_and_week_start(): void
{
// Arrange
@@ -310,7 +395,7 @@ class UserEndpointTest extends ApiEndpointTestAbstract
{
// Arrange
$data = $this->createUserWithPermission();
$photoDisk = (string) config('jetstream.profile_photo_disk', 'public');
$photoDisk = (string) config('filesystems.public', 'public');
$previousPhotoPath = 'profile-photos/previous.png';
$photo = file_get_contents(resource_path('testfiles/test.png'));
$this->assertIsString($photo);
@@ -491,7 +576,7 @@ class UserEndpointTest extends ApiEndpointTestAbstract
{
// Arrange
$data = $this->createUserWithPermission();
$photoDisk = (string) config('jetstream.profile_photo_disk', 'public');
$photoDisk = (string) config('filesystems.public', 'public');
$photoPath = 'profile-photos/existing.png';
Storage::fake($photoDisk);
Storage::disk($photoDisk)->put($photoPath, 'photo contents');
@@ -515,7 +600,7 @@ class UserEndpointTest extends ApiEndpointTestAbstract
{
// Arrange
$data = $this->createUserWithPermission();
$photoDisk = (string) config('jetstream.profile_photo_disk', 'public');
$photoDisk = (string) config('filesystems.public', 'public');
Storage::fake($photoDisk);
$data->user->profile_photo_path = null;
$data->user->save();
@@ -536,7 +621,7 @@ class UserEndpointTest extends ApiEndpointTestAbstract
{
// Arrange
$data = $this->createUserWithPermission();
$photoDisk = (string) config('jetstream.profile_photo_disk', 'public');
$photoDisk = (string) config('filesystems.public', 'public');
$photoPath = 'profile-photos/existing.png';
Storage::fake($photoDisk);
Storage::disk($photoDisk)->put($photoPath, 'photo contents');

35
tests/Unit/Endpoint/Web/MembersEndpointTest.php Normal file
View File

@@ -0,0 +1,35 @@
<?php
declare(strict_types=1);
namespace Tests\Unit\Endpoint\Web;
use Inertia\Testing\AssertableInertia as Assert;
class MembersEndpointTest extends EndpointTestAbstract
{
public function test_members_passes_available_roles_as_objects_with_key_name_and_description(): void
{
// Arrange
$data = $this->createUserWithPermission([
'members:view',
]);
$this->actingAs($data->user);
// Act
$response = $this->get(route('members'));
// Assert
$response->assertOk();
$response->assertInertia(fn (Assert $page) => $page
->component('Members')
->has('availableRoles', 5, fn (Assert $role) => $role
->has('key')
->has('name')
->has('description')
)
->where('availableRoles.0.key', 'owner')
->where('availableRoles.0.name', 'Owner')
);
}
}

199
tests/Unit/Endpoint/Web/OrganizationEndpointTest.php Normal file
View File

@@ -0,0 +1,199 @@
<?php
declare(strict_types=1);
namespace Tests\Unit\Endpoint\Web;
use App\Enums\Role;
use App\Http\Controllers\Web\OrganizationController;
use App\Models\Organization;
use App\Models\OrganizationInvitation;
use App\Models\User;
use Inertia\Testing\AssertableInertia as Assert;
use PHPUnit\Framework\Attributes\CoversClass;
use PHPUnit\Framework\Attributes\DataProvider;
#[CoversClass(OrganizationController::class)]
class OrganizationEndpointTest extends EndpointTestAbstract
{
public function test_organization_create_succeeds(): void
{
// Arrange
$user = User::factory()->withPersonalOrganization()->create();
$this->actingAs($user);
// Act
$response = $this->get(route('organizations.create'));
// Assert
$response->assertOk();
$response->assertInertia(fn (Assert $page) => $page
->component('Teams/Create')
);
}
public function test_legacy_teams_create_redirects_to_new_organization_create(): void
{
// Arrange
$user = User::factory()->withPersonalOrganization()->create();
$this->actingAs($user);
// Act
$response = $this->get(route('teams.create'));
// Assert
$response->assertRedirect(route('organizations.create'));
}
public function test_organization_show_succeeds(): void
{
// Arrange
$data = $this->createUserWithPermission([
'organizations:view',
]);
$this->actingAs($data->user);
// Act
$response = $this->get(route('organizations.show', [$data->organization->getKey()]));
// Assert
$response->assertOk();
$response->assertInertia(fn (Assert $page) => $page
->component('Teams/Show')
->where('team.id', $data->organization->getKey())
->where('team.name', $data->organization->name)
->where('team.currency', $data->organization->currency)
->where('team.owner.id', $data->owner->getKey())
->where('team.owner.name', $data->owner->name)
->has('team.owner.profile_photo_url')
->has('currencies')
);
}
/**
* @return array<string, array{role: Role, canUpdateTeam: bool, canDeleteTeam: bool}>
*/
public static function showPermissionsPerRoleProvider(): array
{
return [
'owner can update and delete' => ['role' => Role::Owner, 'canUpdateTeam' => true, 'canDeleteTeam' => true],
'admin can update but not delete' => ['role' => Role::Admin, 'canUpdateTeam' => true, 'canDeleteTeam' => false],
'employee can neither update nor delete' => ['role' => Role::Employee, 'canUpdateTeam' => false, 'canDeleteTeam' => false],
];
}
#[DataProvider('showPermissionsPerRoleProvider')]
public function test_organization_show_returns_permissions_based_on_role(Role $role, bool $canUpdateTeam, bool $canDeleteTeam): void
{
// Arrange
$data = $this->createUserWithRole($role);
$this->actingAs($data->user);
// Act
$response = $this->get(route('organizations.show', [$data->organization->getKey()]));
// Assert
$response->assertOk();
$response->assertInertia(fn (Assert $page) => $page
->component('Teams/Show')
->where('permissions.canUpdateTeam', $canUpdateTeam)
->where('permissions.canDeleteTeam', $canDeleteTeam)
);
}
public function test_legacy_team_show_redirects_to_organization_show(): void
{
// Arrange
$data = $this->createUserWithPermission([
'organizations:view',
]);
$this->actingAs($data->user);
// Act
$response = $this->get(route('teams.show', [$data->organization->getKey()]));
// Assert
$response->assertRedirect(route('organizations.show', [$data->organization->getKey()]));
}
public function test_team_show_redirects_to_dashboard_for_invalid_organization_id(): void
{
// Arrange
$user = User::factory()->withPersonalOrganization()->create();
$this->actingAs($user);
// Act
$response = $this->get(route('organizations.show', ['not-a-uuid']));
// Assert
$response->assertRedirect(route('dashboard'));
}
public function test_organization_show_redirects_to_dashboard_for_unknown_organization_id(): void
{
// Arrange
$user = User::factory()->withPersonalOrganization()->create();
$this->actingAs($user);
// Act
$response = $this->get(route('organizations.show', ['00000000-0000-4000-8000-000000000000']));
// Assert
$response->assertRedirect(route('dashboard'));
}
public function test_organization_show_redirects_to_dashboard_without_organization_view_permission(): void
{
// Arrange
$data = $this->createUserWithPermission();
$this->actingAs($data->user);
// Act
$response = $this->get(route('organizations.show', [$data->organization->getKey()]));
// Assert
$response->assertRedirect(route('dashboard'));
}
public function test_organization_show_redirects_to_dashboard_for_organization_outside_user_memberships(): void
{
// Arrange
$data = $this->createUserWithPermission([
'organizations:view',
]);
$otherOrganization = Organization::factory()->create();
$this->actingAs($data->user);
// Act
$response = $this->get(route('organizations.show', [$otherOrganization->getKey()]));
// Assert
$response->assertRedirect(route('dashboard'));
}
public function test_organization_show_does_not_expose_member_roster_invitations_or_owner_email(): void
{
// Arrange
$data = $this->createUserWithPermission([
'organizations:view',
]);
OrganizationInvitation::factory()->forOrganization($data->organization)->create([
'email' => 'pending@example.com',
]);
$this->actingAs($data->user);
// Act
$response = $this->get(route('organizations.show', [$data->organization->getKey()]));
// Assert
$response->assertOk();
$response->assertInertia(fn (Assert $page) => $page
->missing('team.users')
->missing('team.team_invitations')
->missing('team.owner.email')
->has('team.owner.id')
->has('team.owner.name')
->has('team.owner.profile_photo_url')
);
}
}

103
tests/Unit/Endpoint/Web/OtherBrowserSessionsEndpointTest.php Normal file
View File

@@ -0,0 +1,103 @@
<?php
declare(strict_types=1);
namespace Tests\Unit\Endpoint\Web;
use App\Http\Controllers\Web\OtherBrowserSessionsController;
use App\Models\User;
use Illuminate\Support\Facades\DB;
use Illuminate\Support\Facades\Hash;
use PHPUnit\Framework\Attributes\CoversClass;
#[CoversClass(OtherBrowserSessionsController::class)]
class OtherBrowserSessionsEndpointTest extends EndpointTestAbstract
{
public function test_destroy_logs_out_other_browser_sessions_with_the_correct_password(): void
{
// Arrange
$user = User::factory()->create();
$originalPasswordHash = $user->password;
$this->actingAs($user);
// Act
$response = $this->delete('/user/other-browser-sessions', [
'password' => 'password',
]);
// Assert
$response->assertRedirect();
$response->assertSessionHasNoErrors();
// logoutOtherDevices re-hashes the password (same plaintext, new hash) to invalidate other sessions.
$this->assertNotSame($originalPasswordHash, $user->fresh()->password);
$this->assertTrue(Hash::check('password', $user->fresh()->password));
}
public function test_destroy_fails_with_an_incorrect_password(): void
{
// Arrange
$user = User::factory()->create();
$originalPasswordHash = $user->password;
$this->actingAs($user);
// Act
$response = $this->delete('/user/other-browser-sessions', [
'password' => 'wrong-password',
]);
// Assert
$response->assertSessionHasErrors('password');
// No side effects when the password is incorrect: the password must not be re-hashed.
$this->assertSame($originalPasswordHash, $user->fresh()->password);
}
public function test_destroy_requires_authentication(): void
{
// Act
$response = $this->delete('/user/other-browser-sessions', [
'password' => 'password',
]);
// Assert
$response->assertRedirect(route('login'));
}
public function test_destroy_deletes_the_other_database_session_records_of_the_current_user(): void
{
// Arrange
config(['session.driver' => 'database']);
$user = User::factory()->create();
$otherUser = User::factory()->create();
$this->actingAs($user);
DB::table('sessions')->insert([
[
'id' => 'other-session-of-current-user',
'user_id' => $user->getKey(),
'ip_address' => '192.0.2.10',
'user_agent' => '',
'payload' => '',
'last_activity' => now()->subMinutes(5)->timestamp,
],
[
'id' => 'session-of-another-user',
'user_id' => $otherUser->getKey(),
'ip_address' => '192.0.2.30',
'user_agent' => '',
'payload' => '',
'last_activity' => now()->timestamp,
],
]);
// Act
$response = $this->delete('/user/other-browser-sessions', [
'password' => 'password',
]);
// Assert
$response->assertSessionHasNoErrors();
// The current user's other sessions are removed, while another user's session is untouched.
$this->assertDatabaseMissing('sessions', ['id' => 'other-session-of-current-user']);
$this->assertDatabaseHas('sessions', ['id' => 'session-of-another-user']);
}
}

45
tests/Unit/Endpoint/Web/TeamShowEndpointTest.php
View File

@@ -1,45 +0,0 @@
<?php
declare(strict_types=1);
namespace Tests\Unit\Endpoint\Web;
use App\Models\OrganizationInvitation;
use App\Providers\JetstreamServiceProvider;
use Inertia\Testing\AssertableInertia as Assert;
use Laravel\Jetstream\Jetstream;
use PHPUnit\Framework\Attributes\CoversClass;
#[CoversClass(JetstreamServiceProvider::class)]
class TeamShowEndpointTest extends EndpointTestAbstract
{
protected function setUp(): void
{
Jetstream::$inertiaManager = null;
parent::setUp();
}
public function test_team_show_does_not_expose_member_roster_invitations_or_owner_email(): void
{
// Arrange
$data = $this->createUserWithPermission([]);
OrganizationInvitation::factory()->forOrganization($data->organization)->create([
'email' => 'pending@example.com',
]);
$this->actingAs($data->user);
// Act
$response = $this->get('/teams/'.$data->organization->getKey());
// Assert
$response->assertOk();
$response->assertInertia(fn (Assert $page) => $page
->missing('team.users')
->missing('team.team_invitations')
->missing('team.owner.email')
->has('team.owner.id')
->has('team.owner.name')
->has('team.owner.profile_photo_url')
);
}
}

253
tests/Unit/Endpoint/Web/UserEndpointTest.php Normal file
View File

@@ -0,0 +1,253 @@
<?php
declare(strict_types=1);
namespace Tests\Unit\Endpoint\Web;
use App\Http\Controllers\Web\UserController;
use App\Models\User;
use Illuminate\Support\Carbon;
use Illuminate\Support\Facades\URL;
use PHPUnit\Framework\Attributes\CoversClass;
#[CoversClass(UserController::class)]
class UserEndpointTest extends EndpointTestAbstract
{
public function test_pending_email_verification_updates_email_and_redirects_with_success_banner(): void
{
// Arrange
$this->travelTo(Carbon::parse('2024-01-02 12:00:00', 'UTC'));
$user = User::factory()->create([
'email' => 'current@example.com',
'pending_email' => 'new@example.com',
'email_verified_at' => null,
]);
$this->actingAs($user);
$verificationUrl = URL::temporarySignedRoute(
'users.verify-email-change',
now()->addMinutes(60),
[
'user' => $user->getKey(),
'email' => 'NEW@EXAMPLE.COM',
],
false
);
// Act
$response = $this->get($verificationUrl);
// Assert
$response->assertRedirect(route('dashboard'));
$response->assertSessionHas('bannerStyle', 'success');
$response->assertSessionHas('bannerText', 'Your email address has been updated successfully.');
$user->refresh();
$this->assertSame('new@example.com', $user->email);
$this->assertNull($user->pending_email);
$this->assertTrue(now()->equalTo($user->email_verified_at));
}
public function test_pending_email_verification_is_rejected_for_another_authenticated_user(): void
{
// Arrange
$user = User::factory()->create([
'email' => 'current@example.com',
'pending_email' => 'new@example.com',
]);
$this->actingAs(User::factory()->create());
$verificationUrl = URL::temporarySignedRoute(
'users.verify-email-change',
now()->addMinutes(60),
[
'user' => $user->getKey(),
'email' => 'new@example.com',
],
false
);
// Act
$response = $this->get($verificationUrl);
// Assert
$response->assertForbidden();
$user->refresh();
$this->assertSame('current@example.com', $user->email);
$this->assertSame('new@example.com', $user->pending_email);
}
public function test_pending_email_verification_without_email_is_rejected(): void
{
// Arrange
$user = User::factory()->create([
'email' => 'current@example.com',
'pending_email' => 'new@example.com',
]);
$this->actingAs($user);
$verificationUrl = URL::temporarySignedRoute(
'users.verify-email-change',
now()->addMinutes(60),
['user' => $user->getKey()],
false
);
// Act
$response = $this->get($verificationUrl);
// Assert
$response->assertForbidden();
$user->refresh();
$this->assertSame('current@example.com', $user->email);
$this->assertSame('new@example.com', $user->pending_email);
}
public function test_pending_email_verification_with_non_string_email_is_rejected(): void
{
// Arrange
$user = User::factory()->create([
'email' => 'current@example.com',
'pending_email' => 'new@example.com',
]);
$this->actingAs($user);
$verificationUrl = URL::temporarySignedRoute(
'users.verify-email-change',
now()->addMinutes(60),
[
'user' => $user->getKey(),
'email' => ['new@example.com'],
],
false
);
// Act
$response = $this->get($verificationUrl);
// Assert
$response->assertForbidden();
$user->refresh();
$this->assertSame('current@example.com', $user->email);
$this->assertSame('new@example.com', $user->pending_email);
}
public function test_stale_pending_email_verification_link_is_rejected(): void
{
// Arrange
$user = User::factory()->create([
'email' => 'current@example.com',
'pending_email' => 'newer@example.com',
]);
$this->actingAs($user);
$verificationUrl = URL::temporarySignedRoute(
'users.verify-email-change',
now()->addMinutes(60),
[
'user' => $user->getKey(),
'email' => 'older@example.com',
],
false
);
// Act
$response = $this->get($verificationUrl);
// Assert
$response->assertForbidden();
$user->refresh();
$this->assertSame('current@example.com', $user->email);
$this->assertSame('newer@example.com', $user->pending_email);
}
public function test_pending_email_verification_redirects_with_danger_banner_when_email_already_in_use(): void
{
// Arrange
User::factory()->create([
'email' => 'taken@example.com',
'is_placeholder' => false,
]);
$user = User::factory()->create([
'email' => 'current@example.com',
'pending_email' => 'taken@example.com',
]);
$this->actingAs($user);
$verificationUrl = URL::temporarySignedRoute(
'users.verify-email-change',
now()->addMinutes(60),
[
'user' => $user->getKey(),
'email' => 'taken@example.com',
],
false
);
// Act
$response = $this->get($verificationUrl);
// Assert
$response->assertRedirect(route('dashboard'));
$response->assertSessionHas('bannerStyle', 'danger');
$response->assertSessionHas('bannerText', 'The email address is already in use.');
$user->refresh();
$this->assertSame('current@example.com', $user->email);
$this->assertSame('taken@example.com', $user->pending_email);
}
public function test_pending_email_verification_ignores_placeholder_users_with_the_same_email(): void
{
// Arrange
User::factory()->placeholder()->create([
'email' => 'new@example.com',
]);
$user = User::factory()->create([
'email' => 'current@example.com',
'pending_email' => 'new@example.com',
'email_verified_at' => null,
]);
$this->actingAs($user);
$verificationUrl = URL::temporarySignedRoute(
'users.verify-email-change',
now()->addMinutes(60),
[
'user' => $user->getKey(),
'email' => 'new@example.com',
],
false
);
// Act
$response = $this->get($verificationUrl);
// Assert
$response->assertRedirect(route('dashboard'));
$response->assertSessionHas('bannerStyle', 'success');
$user->refresh();
$this->assertSame('new@example.com', $user->email);
$this->assertNull($user->pending_email);
$this->assertNotNull($user->email_verified_at);
}
public function test_pending_email_verification_with_invalid_signature_is_rejected(): void
{
// Arrange
$user = User::factory()->create([
'email' => 'current@example.com',
'pending_email' => 'new@example.com',
]);
$this->actingAs($user);
$verificationUrl = URL::temporarySignedRoute(
'users.verify-email-change',
now()->addMinutes(60),
[
'user' => $user->getKey(),
'email' => 'new@example.com',
],
false
);
// Act
$response = $this->get($verificationUrl.'&invalid');
// Assert
$response->assertForbidden();
$user->refresh();
$this->assertSame('current@example.com', $user->email);
$this->assertSame('new@example.com', $user->pending_email);
}
}

138
tests/Unit/Endpoint/Web/UserProfileEndpointTest.php Normal file
View File

@@ -0,0 +1,138 @@
<?php
declare(strict_types=1);
namespace Tests\Unit\Endpoint\Web;
use App\Enums\Weekday;
use App\Http\Controllers\Web\UserProfileController;
use App\Models\User;
use Illuminate\Support\Carbon;
use Illuminate\Support\Facades\DB;
use Inertia\Testing\AssertableInertia as Assert;
use PHPUnit\Framework\Attributes\CoversClass;
#[CoversClass(UserProfileController::class)]
class UserProfileEndpointTest extends EndpointTestAbstract
{
public function test_showing_profile_succeeds_and_exposes_profile_settings_data(): void
{
// Arrange
config(['session.driver' => 'array']);
$user = User::factory()->withPersonalOrganization()->create();
$this->actingAs($user);
// Act
$response = $this->get('/user/profile');
// Assert
$response->assertOk();
$response->assertInertia(fn (Assert $page) => $page
->component('Profile/Show')
->has('timezones')
->where('weekdays', Weekday::toSelectArray())
->where('confirmsTwoFactorAuthentication', true)
->where('sessions', [])
);
}
public function test_showing_profile_exposes_database_sessions_for_current_user(): void
{
// Arrange
config(['session.driver' => 'database']);
$this->travelTo(Carbon::parse('2024-01-02 12:00:00', 'UTC'));
$user = User::factory()->withPersonalOrganization()->create();
$otherUser = User::factory()->create();
$this->actingAs($user);
DB::table('sessions')->insert([
[
'id' => 'older-session',
'user_id' => $user->getKey(),
'ip_address' => '192.0.2.10',
'user_agent' => 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36',
'payload' => '',
'last_activity' => now()->subMinutes(5)->timestamp,
],
[
'id' => 'newer-session',
'user_id' => $user->getKey(),
'ip_address' => '192.0.2.20',
'user_agent' => 'Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.0.0 Safari/537.36',
'payload' => '',
'last_activity' => now()->subMinute()->timestamp,
],
[
'id' => 'other-user-session',
'user_id' => $otherUser->getKey(),
'ip_address' => '192.0.2.30',
'user_agent' => '',
'payload' => '',
'last_activity' => now()->timestamp,
],
]);
// Act
$response = $this->get('/user/profile');
// Assert
$response->assertOk();
$response->assertInertia(fn (Assert $page) => $page
->component('Profile/Show')
->has('sessions', 2)
->where('sessions.0.agent.is_desktop', true)
->where('sessions.0.agent.platform', 'Linux')
->where('sessions.0.agent.browser', 'Chrome')
->where('sessions.0.ip_address', '192.0.2.20')
->where('sessions.0.is_current_device', false)
->where('sessions.0.last_active', '1 minute ago')
->where('sessions.1.agent.is_desktop', true)
->where('sessions.1.agent.platform', 'OS X')
->where('sessions.1.agent.browser', 'Chrome')
->where('sessions.1.ip_address', '192.0.2.10')
->where('sessions.1.is_current_device', false)
->where('sessions.1.last_active', '5 minutes ago')
);
}
public function test_showing_profile_marks_two_factor_authentication_as_empty_when_disabled(): void
{
// Arrange
config(['session.driver' => 'array']);
$user = User::factory()->withPersonalOrganization()->create([
'two_factor_secret' => null,
'two_factor_confirmed_at' => null,
]);
$this->actingAs($user);
// Act
$response = $this->get('/user/profile');
// Assert
$response->assertOk();
$response->assertSessionHas('two_factor_empty_at');
}
public function test_showing_profile_disables_unconfirmed_two_factor_authentication_after_confirmation_was_abandoned(): void
{
// Arrange
config(['session.driver' => 'array']);
$user = User::factory()->withPersonalOrganization()->create([
'two_factor_secret' => 'secret',
'two_factor_recovery_codes' => '[]',
'two_factor_confirmed_at' => null,
]);
$this->actingAs($user);
$this->withSession(['two_factor_confirming_at' => time() - 1]);
// Act
$response = $this->get('/user/profile');
// Assert
$response->assertOk();
$response->assertSessionHas('two_factor_empty_at');
$response->assertSessionMissing('two_factor_confirming_at');
$this->assertNull($user->fresh()->two_factor_secret);
$this->assertNull($user->fresh()->two_factor_confirmed_at);
}
}

131
tests/Unit/Service/Dto/UserAgentDtoTest.php Normal file
View File

@@ -0,0 +1,131 @@
<?php
declare(strict_types=1);
namespace Tests\Unit\Service\Dto;
use App\Service\Dto\UserAgentDto;
use PHPUnit\Framework\Attributes\CoversClass;
use Tests\TestCase;
#[CoversClass(UserAgentDto::class)]
class UserAgentDtoTest extends TestCase
{
public function test_chrome_on_windows_is_detected_as_a_desktop_browser(): void
{
// Arrange
$userAgent = 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36';
$agent = new UserAgentDto;
$agent->setUserAgent($userAgent);
// Act
$platform = $agent->platform();
$browser = $agent->browser();
$isDesktop = $agent->isDesktop();
// Assert
$this->assertSame('Windows', $platform);
$this->assertSame('Chrome', $browser);
$this->assertTrue($isDesktop);
}
public function test_edge_is_detected_before_chrome(): void
{
// Arrange
$userAgent = 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Edg/120.0.0.0';
$agent = new UserAgentDto;
$agent->setUserAgent($userAgent);
// Act
$browser = $agent->browser();
// Assert
$this->assertSame('Edge', $browser);
}
public function test_iphone_safari_is_detected_as_a_non_desktop_browser(): void
{
// Arrange
$userAgent = 'Mozilla/5.0 (iPhone; CPU iPhone OS 17_0 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.0 Mobile/15E148 Safari/604.1';
$agent = new UserAgentDto;
$agent->setUserAgent($userAgent);
// Act
$platform = $agent->platform();
$browser = $agent->browser();
$isDesktop = $agent->isDesktop();
// Assert
$this->assertSame('iOS', $platform);
$this->assertSame('Safari', $browser);
$this->assertFalse($isDesktop);
}
public function test_ipad_is_detected_as_non_desktop(): void
{
// Arrange
$userAgent = 'Mozilla/5.0 (iPad; CPU OS 17_0 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.0 Mobile/15E148 Safari/604.1';
$agent = new UserAgentDto;
$agent->setUserAgent($userAgent);
// Act
$isDesktop = $agent->isDesktop();
// Assert
$this->assertFalse($isDesktop);
}
public function test_unknown_user_agent_has_no_platform_or_browser_and_is_a_desktop(): void
{
// Arrange
$agent = new UserAgentDto;
$agent->setUserAgent('CustomClient/1.0');
// Act
$platform = $agent->platform();
$browser = $agent->browser();
$isDesktop = $agent->isDesktop();
// Assert
$this->assertNull($platform);
$this->assertNull($browser);
$this->assertTrue($isDesktop);
}
public function test_cloudfront_desktop_header_is_detected_as_desktop(): void
{
// Arrange
$agent = new UserAgentDto;
$agent->setUserAgent('Amazon CloudFront');
$agent->setHttpHeaders([
'HTTP_CLOUDFRONT_IS_DESKTOP_VIEWER' => 'true',
]);
// Act
$isDesktop = $agent->isDesktop();
// Assert
$this->assertTrue($isDesktop);
}
public function test_cached_values_are_resolved_for_the_current_user_agent(): void
{
// Arrange
$agent = new UserAgentDto;
$agent->setUserAgent('Mozilla/5.0 (Windows NT 10.0; Win64; x64) Chrome/120.0.0.0 Safari/537.36');
$agent->platform();
$agent->browser();
$agent->isDesktop();
$agent->setUserAgent('Mozilla/5.0 (iPhone; CPU iPhone OS 17_0 like Mac OS X) Version/17.0 Mobile/15E148 Safari/604.1');
// Act
$platform = $agent->platform();
$browser = $agent->browser();
$isDesktop = $agent->isDesktop();
// Assert
$this->assertSame('iOS', $platform);
$this->assertSame('Safari', $browser);
$this->assertFalse($isDesktop);
}
}