From b283748c42320d20040fa1e087524f90cdb0aa9a Mon Sep 17 00:00:00 2001 From: Ivan Diaz Date: Sat, 20 Oct 2018 16:21:50 -0300 Subject: [PATCH 1/4] upgrade build command --- build.sh | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/build.sh b/build.sh index e845ed34..e25e4910 100755 --- a/build.sh +++ b/build.sh @@ -4,8 +4,10 @@ gulp prod --api rm build/index.html echo "2/3 Creating api folder..." cd ../server -rm -rf files -mkdir files +mkdir files2 +mv files/.htaccess files2 +rm -rf files/ +mv files2 files cd .. mkdir api cp server/index.php api @@ -17,8 +19,7 @@ cp -R server/data api cp -R server/libs api cp -R server/models api cp -R server/vendor api -mkdir api/files -touch api/files/.keep +cp -R server/files api echo -n > api/config.php chmod -R 755 . echo "3/3 Generating zip..." From c3d16376154be9fcdfa727039f32dc6406075f00 Mon Sep 17 00:00:00 2001 From: Ivan Diaz Date: Fri, 26 Oct 2018 12:02:07 -0300 Subject: [PATCH 2/4] #335 fix email template editing --- server/controllers/system/edit-mail-template.php | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/server/controllers/system/edit-mail-template.php b/server/controllers/system/edit-mail-template.php index 8663538e..711a85da 100755 --- a/server/controllers/system/edit-mail-template.php +++ b/server/controllers/system/edit-mail-template.php @@ -24,7 +24,7 @@ use Respect\Validation\Validator as DataValidator; * @apiUse INVALID_SUBJECT * @apiUse INVALID_BODY * - * @apiSuccess {Object} data Empty object + * @apiSuccess {Object} data Empty object * */ @@ -60,18 +60,16 @@ class EditMailTemplateController extends Controller { $language = Controller::request('language'); $templateType = Controller::request('templateType'); $subject = Controller::request('subject', true); - $body = Controller::request('body', true); + $body = Controller::request('body'); $mailTemplate = MailTemplate::findOne(' language = ? AND type = ?', [$language, $templateType]); if($mailTemplate->isNull()) { - Response::respondError(ERRORS::INVALID_TEMPLATE); - return; + throw new Exception(ERRORS::INVALID_TEMPLATE); } $mailTemplate->subject = $subject; $mailTemplate->body = $body; $mailTemplate->store(); Response::respondSuccess(); - } -} \ No newline at end of file +} From 9a40c63cf4a347d77a057ecad8be03cc8268ed42 Mon Sep 17 00:00:00 2001 From: Ivan Diaz Date: Fri, 26 Oct 2018 12:58:01 -0300 Subject: [PATCH 3/4] Fix recover password redirection bug --- .../main/main-recover-password/main-recover-password-page.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/client/src/app/main/main-recover-password/main-recover-password-page.js b/client/src/app/main/main-recover-password/main-recover-password-page.js index e06ec60d..9ad2c3d0 100644 --- a/client/src/app/main/main-recover-password/main-recover-password-page.js +++ b/client/src/app/main/main-recover-password/main-recover-password-page.js @@ -75,7 +75,7 @@ class MainRecoverPasswordPage extends React.Component { } onPasswordRecovered(response) { - setTimeout(() => {history.push(response.data.staff ? '/admin' : '/')}, 2000); + setTimeout(() => {history.push((response.data.staff*1) ? '/admin' : '/')}, 2000); this.setState({ recoverStatus: 'valid', loading: false From 099dd5a5a0a9d126d087acbdd43a1c1804e9c1aa Mon Sep 17 00:00:00 2001 From: Ivan Diaz Date: Mon, 29 Oct 2018 19:32:03 -0300 Subject: [PATCH 4/4] Fix ticket delete test issues --- server/controllers/ticket/delete.php | 12 +++- tests/scripts.rb | 7 ++- tests/staff/assign-ticket.rb | 7 ++- tests/staff/delete.rb | 12 ++-- tests/staff/edit.rb | 10 +-- tests/staff/get-new-tickets.rb | 4 +- tests/staff/get.rb | 5 +- tests/system/disable-user-system.rb | 4 +- tests/ticket/delete.rb | 92 +++++++++++++--------------- 9 files changed, 78 insertions(+), 75 deletions(-) diff --git a/server/controllers/ticket/delete.php b/server/controllers/ticket/delete.php index 99f9f0dc..ee35d34c 100644 --- a/server/controllers/ticket/delete.php +++ b/server/controllers/ticket/delete.php @@ -42,14 +42,20 @@ class DeleteController extends Controller { public function handler() { $user = Controller::getLoggedUser(); $ticket = Ticket::getByTicketNumber(Controller::request('ticketNumber')); + $ticketAuthor = $ticket->authorToArray(); - if(Controller::isStaffLogged() && ($user->level < 3 || $ticket->owner)) { + if($ticket->owner) { throw new Exception(ERRORS::NO_PERMISSION); } - if(!Controller::isStaffLogged() && (($user->email !== $ticket->author->email) || $ticket->owner) ) { + + if(Controller::isStaffLogged() && $user->level < 3) { throw new Exception(ERRORS::NO_PERMISSION); } - + + if(!Controller::isStaffLogged() && ($user->email !== $ticketAuthor['email'] || $ticketAuthor['staff'])) { + throw new Exception(ERRORS::NO_PERMISSION); + } + $ticket->delete(); Response::respondSuccess(); diff --git a/tests/scripts.rb b/tests/scripts.rb index 8ed25552..64872afc 100644 --- a/tests/scripts.rb +++ b/tests/scripts.rb @@ -35,10 +35,11 @@ class Scripts raise response['message'] end end - def self.deleteStaff(staffid) - + def self.deleteStaff(staffId) response = request('/staff/delete', { - :staffId => staffid + staffId: staffId, + csrf_userid: $csrf_userid, + csrf_token: $csrf_token }) if response['status'] === 'fail' diff --git a/tests/staff/assign-ticket.rb b/tests/staff/assign-ticket.rb index 0af17f4b..64e612b4 100644 --- a/tests/staff/assign-ticket.rb +++ b/tests/staff/assign-ticket.rb @@ -31,10 +31,12 @@ describe '/staff/assign-ticket' do (staff_ticket['ticket_id']).should.equal('1') end it 'should assign ticket if a staff choose another to assing a ticket ' do + staffId = $database.getRow('staff','ayra2@opensupports.com','email')['id'] + ticket = $database.getRow('ticket', 3 , 'id') result = request('/staff/assign-ticket', { ticketNumber: ticket['ticket_number'], - staffId:4, + staffId: staffId, csrf_userid: $csrf_userid, csrf_token: $csrf_token }) @@ -42,10 +44,9 @@ describe '/staff/assign-ticket' do ticket = $database.getRow('ticket', 3 , 'id') - (ticket['owner_id']).should.equal('4') + (ticket['owner_id']).should.equal(staffId) (ticket['unread']).should.equal('1') - end it 'should fail if ticket is already owned' do diff --git a/tests/staff/delete.rb b/tests/staff/delete.rb index 25ba48de..5bada355 100644 --- a/tests/staff/delete.rb +++ b/tests/staff/delete.rb @@ -1,28 +1,30 @@ describe'/staff/delete' do request('/user/logout') Scripts.login($staff[:email], $staff[:password], true) + @staffId = $database.getRow('staff','littlelannister@opensupports.com','email')['id'] it 'should delete staff member' do result= request('/staff/delete', { csrf_userid: $csrf_userid, csrf_token: $csrf_token, - staffId: 3 + staffId: @staffId }) (result['status']).should.equal('success') - row = $database.getRow('staff', 3, 'id') + row = $database.getRow('staff', @staffId, 'id') (row).should.equal(nil) row = $database.getRow('department', 1, 'id') (row['owners']).should.equal('3') end + it 'should fail delete if staff member is does not exist' do - result= request('/staff/delete', { + result = request('/staff/delete', { csrf_userid: $csrf_userid, csrf_token: $csrf_token, - staffId: 3 + staffId: @staffId }) (result['status']).should.equal('fail') @@ -31,4 +33,4 @@ describe'/staff/delete' do row = $database.getRow('department', 1, 'id') (row['owners']).should.equal('3') end -end \ No newline at end of file +end diff --git a/tests/staff/edit.rb b/tests/staff/edit.rb index 5c398936..f22bd6ac 100644 --- a/tests/staff/edit.rb +++ b/tests/staff/edit.rb @@ -3,23 +3,24 @@ describe'/staff/edit' do Scripts.login($staff[:email], $staff[:password], true) it 'should edit another staff member' do + staffId = $database.getRow('staff','tyrion@opensupports.com','email')['id'] result= request('/staff/edit', { csrf_userid: $csrf_userid, csrf_token: $csrf_token, email: 'LittleLannister@opensupports.com', level: 1, departments: '[1, 2]', - staffId: 3 + staffId: staffId }) (result['status']).should.equal('success') - row = $database.getRow('staff', 3, 'id') + row = $database.getRow('staff', staffId, 'id') (row['email']).should.equal('littlelannister@opensupports.com') (row['level']).should.equal('1') - rows = $database.getRow('department_staff', 3, 'staff_id') + rows = $database.getRow('department_staff', staffId, 'staff_id') (rows['department_id']).should.equal('1') @@ -28,7 +29,6 @@ describe'/staff/edit' do row = $database.getRow('department', 2, 'id') (row['owners']).should.equal('2') - end it 'should edit staff member ' do @@ -43,7 +43,7 @@ describe'/staff/edit' do departments: '[1]' }) - row = $database.getRow('staff', 'Arya Stark', 'name') + row = $database.getRow('staff', 'arya@opensupports.com', 'email') result = request('/staff/edit', { csrf_userid: $csrf_userid, diff --git a/tests/staff/get-new-tickets.rb b/tests/staff/get-new-tickets.rb index 58fbe49b..7561aa1b 100644 --- a/tests/staff/get-new-tickets.rb +++ b/tests/staff/get-new-tickets.rb @@ -3,14 +3,12 @@ describe '/staff/get-new-tickets' do Scripts.login($staff[:email], $staff[:password], true) it 'should get news tickets' do - result = request('/staff/get-new-tickets', { csrf_userid: $csrf_userid, csrf_token: $csrf_token }) (result['status']).should.equal('success') - (result['data'].size).should.equal(11) - + (result['data'].size).should.equal(9) end end diff --git a/tests/staff/get.rb b/tests/staff/get.rb index 6470ea25..b4d0cef5 100644 --- a/tests/staff/get.rb +++ b/tests/staff/get.rb @@ -16,10 +16,11 @@ describe '/staff/get/' do (result['data']['sendEmailOnNewTicket']).should.equal('1') end it 'should return staff member data with staff Id' do + staff = $database.getRow('staff','tyrion@opensupports.com','email') result = request('/staff/get', { csrf_userid: $csrf_userid, csrf_token: $csrf_token, - staffId: 3 + staffId: staff['id'] }) (result['status']).should.equal('success') @@ -29,4 +30,4 @@ describe '/staff/get/' do (result['data']['level']).should.equal('2') (result['data']['sendEmailOnNewTicket']).should.equal('0') end -end \ No newline at end of file +end diff --git a/tests/system/disable-user-system.rb b/tests/system/disable-user-system.rb index 3a0013ba..703a71b4 100644 --- a/tests/system/disable-user-system.rb +++ b/tests/system/disable-user-system.rb @@ -19,7 +19,7 @@ describe'system/disable-user-system' do numberOftickets= $database.query("SELECT * FROM ticket WHERE author_id IS NULL AND author_email IS NOT NULL AND author_name IS NOT NULL") - (numberOftickets.num_rows).should.equal(41) + (numberOftickets.num_rows).should.equal(40) request('/user/logout') @@ -127,7 +127,7 @@ describe'system/disable-user-system' do numberOftickets= $database.query("SELECT * FROM ticket WHERE author_email IS NULL AND author_name IS NULL AND author_id IS NOT NULL" ) - (numberOftickets.num_rows).should.equal(42) + (numberOftickets.num_rows).should.equal(41) end diff --git a/tests/ticket/delete.rb b/tests/ticket/delete.rb index 7fee511d..6b0c5acf 100644 --- a/tests/ticket/delete.rb +++ b/tests/ticket/delete.rb @@ -1,52 +1,46 @@ describe '/ticket/delete' do - request('/user/logout') - Scripts.login($staff[:email], $staff[:password], true) - Scripts.createTicket('tickettodelete') - Scripts.createTicket('tickettodelete4') - # it 'should delete ticket if it is not assigned and is logged a staff lvl 3 ' do - # - # - # ticket = $database.getRow('ticket', 'tickettodelete', 'title') - # - # request('/staff/add', { - # csrf_userid: $csrf_userid, - # csrf_token: $csrf_token, - # name: 'Ned Stark', - # password: 'headless', - # email: 'ned@opensupports.com', - # level: 3, - # profilePic: '', - # departments: '[1]' - # }) - # - # request('/user/logout') - # - # Scripts.login('ned@opensupports.com', 'headless', true) - # - # result = request('/ticket/delete', { - # ticketNumber: ticket['ticket_number'], - # csrf_userid: $csrf_userid, - # csrf_token: $csrf_token - # }) - # - # (result['status']).should.equal('success') - # end + it 'should delete ticket if it is not assigned and is logged a staff lvl 3 ' do + request('/user/logout') + Scripts.login($staff[:email], $staff[:password], true) + Scripts.createTicket('ticket_to_delete') + ticket = $database.getRow('ticket', 'ticket_to_delete', 'title') + + request('/staff/add', { + csrf_userid: $csrf_userid, + csrf_token: $csrf_token, + name: 'Ned Stark', + password: 'headless', + email: 'ned@opensupports.com', + level: 3, + profilePic: '', + departments: '[1]' + }) + + request('/user/logout') + Scripts.login('ned@opensupports.com', 'headless', true) + + result = request('/ticket/delete', { + ticketNumber: ticket['ticket_number'], + csrf_userid: $csrf_userid, + csrf_token: $csrf_token + }) + + (result['status']).should.equal('success') + end it 'should delete ticket if it is yours and it is not assigned' do request('/user/logout') Scripts.createUser('deleter@opensupports.com', 'deleterpassword', 'Delter') Scripts.login('deleter@opensupports.com', 'deleterpassword') - Scripts.createTicket('tickettodelete2') - ticket = $database.getRow('ticket', 'tickettodelete2', 'title'); - + Scripts.createTicket('ticket_to_delete_2') + ticket = $database.getRow('ticket', 'ticket_to_delete_2', 'title'); result = request('/ticket/delete', { ticketNumber: ticket['ticket_number'], csrf_userid: $csrf_userid, csrf_token: $csrf_token }) - puts result (result['status']).should.equal('success') end @@ -54,8 +48,8 @@ describe '/ticket/delete' do request('/user/logout') Scripts.login('deleter@opensupports.com', 'deleterpassword') - Scripts.createTicket('tickettodelete3') - ticket = $database.getRow('ticket', 'tickettodelete3', 'title'); + Scripts.createTicket('ticket_to_delete_3') + ticket = $database.getRow('ticket', 'ticket_to_delete_3', 'title'); request('/user/logout') Scripts.login($staff[:email], $staff[:password], true) @@ -76,14 +70,15 @@ describe '/ticket/delete' do }) (result['status']).should.equal('fail') + (result['message']).should.equal('NO_PERMISSION') end it 'should not delete ticket if the staff logged is not lvl 3' do request('/user/logout') - Scripts.login($staff[:email], $staff[:password], true) + Scripts.createTicket('ticket_to_delete_4') - ticket = $database.getRow('ticket', 'tickettodelete4', 'title'); + ticket = $database.getRow('ticket', 'ticket_to_delete_4', 'title'); request('/staff/add', { csrf_userid: $csrf_userid, @@ -106,15 +101,14 @@ describe '/ticket/delete' do }) (result['status']).should.equal('fail') + (result['message']).should.equal('NO_PERMISSION') + request('/user/logout') + Scripts.login($staff[:email], $staff[:password], true) + staff = $database.getRow('staff', 'ned@opensupports.com', 'email') + Scripts.deleteStaff(staff['id']) + + staff = $database.getRow('staff', 'uselessstaff@opensupports.com', 'email') + Scripts.deleteStaff(staff['id']) end - - request('/user/logout') - Scripts.login($staff[:email], $staff[:password], true) - staff = $database.getRow('staff', 'headless', 'password') - Scripts.deleteStaff(staff['id']) - - staff = $database.getRow('staff', 'theyaregonnafireme', 'password') - Scripts.deleteStaff(staff['id']) - end