bert.hausmans
6e89b0ccf7
Phase 6 of S2b. 37 new tests, 820 → 857 passing across the suite. Feature suites (api/tests/Feature/FormBuilder/): - FormSchemaApiTest: CRUD, publish/unpublish, rotate-public-token (with grace window), edit-lock conflict, typed-confirmation delete, 401 on unauthenticated, 403 on outsider. - FormFieldApiTest: create, reorder, binding-change guard (422 w/o force, 200 with force), conditional_logic cycle rejection, 401 unauth. - FormSubmissionApiTest: draft → values → submit stores schema snapshot + version; review records reviewer; delegation creates active row; draft update blocked for non-subject non-delegatee (403). - FormValueSecurityTest: FieldAccessService hides admin-only fields from non-admin; subject-self bypass; admin-only field leaks through neither admin list nor non-admin detail responses (§22.9 intent). - PublicFormApiTest: portal-visible non-admin fields only; unknown token → 404; happy-path submission; expired-previous-token → 410; grace window still allows submission. - FormSchemaWebhookApiTest: url/secret NEVER returned in resources; DeliverFormWebhookJob rejects 10.x private-ip SSRF (response_body_excerpt logs rejection). - FilterRegistryApiTest: response shape includes tags + form_field sources; form_field filter registers. Integration contract (§31.10): - TagPickerSyncListenerTest: 5 cases proving (a) no-op on user_id=null, (b) sync on submit, (c) deferred sync via PersonIdentityService::confirmMatch, (d) organiser_assigned tags preserved on rebuild, (e) idempotent rerun. Fixes discovered while writing tests: - SyncTagPickerSelectionsOnSubmit: removed hardcoded connection='redis' so tests run via sync queue (QUEUE_CONNECTION fallback). - FormSubmissionService: corrected FormSubmissionReviewed / DraftUpdated event signatures to match S1 event classes. - FormSubmission model: added schema_version_at_submit / snapshot / anonymised_at / submission_duration_seconds / auto_save_count to $fillable so bulk operations + factory states populate consistently. - FormSchema: added version, edit_lock_user_id, edit_lock_expires_at to $fillable; factory now sets version=1 explicitly. - FormValueService: public submission path (actor=null) enforces is_portal_visible=true AND is_admin_only=false at the write layer instead of running FieldAccessService against a null user. - MigrationRollbackTest: target the S2a drop migration by filename. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
113 lines
3.5 KiB
PHP
113 lines
3.5 KiB
PHP
<?php
|
|
|
|
declare(strict_types=1);
|
|
|
|
namespace Tests\Feature\FormBuilder;
|
|
|
|
use App\Enums\FormBuilder\FormFieldType;
|
|
use App\Enums\FormBuilder\FormPurpose;
|
|
use App\Models\FormBuilder\FormField;
|
|
use App\Models\FormBuilder\FormSchema;
|
|
use App\Models\Organisation;
|
|
use Database\Seeders\RoleSeeder;
|
|
use Illuminate\Foundation\Testing\RefreshDatabase;
|
|
use Illuminate\Support\Facades\Config;
|
|
use Illuminate\Support\Str;
|
|
use Tests\TestCase;
|
|
|
|
final class PublicFormApiTest extends TestCase
|
|
{
|
|
use RefreshDatabase;
|
|
|
|
private Organisation $org;
|
|
|
|
private FormSchema $schema;
|
|
|
|
protected function setUp(): void
|
|
{
|
|
parent::setUp();
|
|
$this->seed(RoleSeeder::class);
|
|
$this->org = Organisation::factory()->create();
|
|
$this->schema = FormSchema::factory()->create([
|
|
'organisation_id' => $this->org->id,
|
|
'purpose' => FormPurpose::PUBLIC_RSVP,
|
|
'is_published' => true,
|
|
'public_token' => (string) Str::ulid(),
|
|
]);
|
|
|
|
FormField::factory()->create([
|
|
'form_schema_id' => $this->schema->id,
|
|
'field_type' => FormFieldType::TEXT->value,
|
|
'slug' => 'name',
|
|
'label' => 'Naam',
|
|
'is_portal_visible' => true,
|
|
'is_admin_only' => false,
|
|
]);
|
|
FormField::factory()->create([
|
|
'form_schema_id' => $this->schema->id,
|
|
'field_type' => FormFieldType::TEXTAREA->value,
|
|
'slug' => 'secret_admin_notes',
|
|
'label' => 'Admin notes',
|
|
'is_portal_visible' => false,
|
|
'is_admin_only' => true,
|
|
]);
|
|
}
|
|
|
|
public function test_show_returns_schema_without_hidden_fields(): void
|
|
{
|
|
$response = $this->getJson("/api/v1/public/forms/{$this->schema->public_token}");
|
|
$response->assertOk();
|
|
|
|
$slugs = collect($response->json('data.fields'))->pluck('slug')->all();
|
|
$this->assertContains('name', $slugs);
|
|
$this->assertNotContains('secret_admin_notes', $slugs);
|
|
}
|
|
|
|
public function test_show_unknown_token_returns_404(): void
|
|
{
|
|
$this->getJson('/api/v1/public/forms/'.Str::ulid())->assertStatus(404);
|
|
}
|
|
|
|
public function test_submit_creates_submission(): void
|
|
{
|
|
// PUBLIC_RSVP does not require captcha by default
|
|
Config::set('form_builder.captcha.required_for_purposes', []);
|
|
|
|
$response = $this->postJson(
|
|
"/api/v1/public/forms/{$this->schema->public_token}/submissions",
|
|
[
|
|
'values' => ['name' => 'Bart'],
|
|
'public_submitter_name' => 'Bart',
|
|
'public_submitter_email' => 'bart@example.nl',
|
|
],
|
|
);
|
|
|
|
$response->assertCreated();
|
|
$this->assertSame('submitted', $response->json('data.status'));
|
|
}
|
|
|
|
public function test_submit_with_expired_previous_token_returns_410(): void
|
|
{
|
|
$previousToken = (string) Str::ulid();
|
|
$this->schema->update([
|
|
'public_token_previous' => $previousToken,
|
|
'public_token_rotated_at' => now()->subDays(8),
|
|
]);
|
|
|
|
$this->getJson("/api/v1/public/forms/{$previousToken}")->assertStatus(410);
|
|
}
|
|
|
|
public function test_submit_within_grace_window_still_works(): void
|
|
{
|
|
Config::set('form_builder.captcha.required_for_purposes', []);
|
|
|
|
$previousToken = (string) Str::ulid();
|
|
$this->schema->update([
|
|
'public_token_previous' => $previousToken,
|
|
'public_token_rotated_at' => now()->subDays(2),
|
|
]);
|
|
|
|
$this->getJson("/api/v1/public/forms/{$previousToken}")->assertOk();
|
|
}
|
|
}
|