HEX
Server: LiteSpeed
System: Linux s1049.use1.mysecurecloudhost.com 4.18.0-477.27.2.lve.el8.x86_64 #1 SMP Wed Oct 11 12:32:56 UTC 2023 x86_64
User: xedaptot (3356)
PHP: 8.3.31
Disabled: NONE
Upload Files
File: /home/xedaptot/be.naniguide.com/tests/Feature/ApiWhoamiTest.php
<?php

/**
 * Feature tests for GET /api/v1/whoami.
 *
 * Lightweight identity probe used by `php artisan remote:upgrade
 * --min-version=X`. Lives in core (NOT in the acelle/console plugin) so it
 * works on a vanilla install with just an admin api_token.
 */

use App\Model\Admin;
use App\Model\User;

uses(\Tests\TestCase::class);

const API_WHOAMI_URL = '/api/v1/whoami';

function makeUserWithTokenForWhoami(string $emailSuffix = 'plain'): array
{
    $user = new User();
    $user->email = 'test-api-whoami-' . $emailSuffix . '-' . uniqid() . '@example.test';
    $user->first_name = 'Test';
    $user->last_name = 'User';
    $user->password = bcrypt('test-' . uniqid());
    $user->save();
    $token = $user->fresh()->api_token;
    return [$user, $token];
}

function promoteUserToAdminForWhoami(User $user): Admin
{
    // mailixa_test isn't seeded in CI — pick an existing admin_group if any,
    // otherwise create one inline so the test is self-contained.
    $groupId = (int) \DB::table('admin_groups')->orderBy('id')->value('id');
    if ($groupId === 0) {
        $groupId = (int) \DB::table('admin_groups')->insertGetId([
            'name' => 'Test Administrator',
            'permissions' => '{}',
            'created_at' => now(),
            'updated_at' => now(),
        ]);
    }

    $admin = new Admin();
    $admin->user_id = $user->id;
    $admin->timezone = 'UTC';
    $admin->status = 'active';
    $admin->color_scheme = 'default';
    $admin->admin_group_id = $groupId;
    $admin->save();
    return $admin;
}

afterEach(function () {
    foreach (User::where('email', 'like', 'test-api-whoami-%@example.test')->get() as $u) {
        Admin::where('user_id', $u->id)->delete();
        $u->delete();
    }
});

it('returns 401 without any token', function () {
    $response = $this->getJson(API_WHOAMI_URL);
    expect($response->status())->toBe(401);
});

it('returns 401 for an invalid bearer token', function () {
    $response = $this->withHeaders(['Authorization' => 'Bearer totally-invalid-token'])
        ->getJson(API_WHOAMI_URL);
    expect($response->status())->toBe(401);
});

it('returns user + instance for a valid non-admin token', function () {
    [$user, $token] = makeUserWithTokenForWhoami('non-admin');

    $response = $this->withHeaders(['Authorization' => 'Bearer ' . $token])
        ->getJson(API_WHOAMI_URL);

    expect($response->status())->toBe(200);
    $json = $response->json();
    expect($json)->toHaveKeys(['user', 'instance']);
    expect($json['user']['id'])->toBe($user->id);
    expect($json['user']['email'])->toBe($user->email);
    expect($json['user']['is_admin'])->toBeFalse();
    expect($json['instance'])->toHaveKeys(['url', 'version']);
    expect($json['instance']['url'])->toBe(config('app.url'));
    expect($json['instance']['version'])->toBe(trim((string) file_get_contents(base_path('VERSION'))));
});

it('reports is_admin=true for an admin token', function () {
    [$user, $token] = makeUserWithTokenForWhoami('admin');
    promoteUserToAdminForWhoami($user);

    $response = $this->withHeaders(['Authorization' => 'Bearer ' . $token])
        ->getJson(API_WHOAMI_URL);

    expect($response->status())->toBe(200);
    expect($response->json('user.is_admin'))->toBeTrue();
});