No OneTemporary
Actions

Size

25 KB

Referenced Files

None

Subscribers

None

View Options

	diff --git a/src/app/Http/Controllers/API/V4/WalletsController.php b/src/app/Http/Controllers/API/V4/WalletsController.php
	index 481ebc1d..40fd6997 100644
	--- a/src/app/Http/Controllers/API/V4/WalletsController.php
	+++ b/src/app/Http/Controllers/API/V4/WalletsController.php
	@@ -1,321 +1,330 @@
	<?php

	namespace App\Http\Controllers\API\V4;

	use App\Transaction;
	use App\Wallet;
	use App\Http\Controllers\Controller;
	use App\Providers\PaymentProvider;
	use Carbon\Carbon;
	use Illuminate\Http\Request;
	use Illuminate\Support\Facades\Auth;

	/**
	* API\WalletsController
	*/
	class WalletsController extends Controller
	{
	/**
	* Display a listing of the resource.
	*
	* @return \Illuminate\Http\JsonResponse
	*/
	public function index()
	{
	return $this->errorResponse(404);
	}

	/**
	* Show the form for creating a new resource.
	*
	* @return \Illuminate\Http\JsonResponse
	*/
	public function create()
	{
	return $this->errorResponse(404);
	}

	/**
	* Store a newly created resource in storage.
	*
	* @param \Illuminate\Http\Request $request
	*
	* @return \Illuminate\Http\JsonResponse
	*/
	public function store(Request $request)
	{
	return $this->errorResponse(404);
	}

	/**
	* Return data of the specified wallet.
	*
	* @param string $id A wallet identifier
	*
	* @return \Illuminate\Http\JsonResponse The response
	*/
	public function show($id)
	{
	$wallet = Wallet::find($id);

	if (empty($wallet)) {
	return $this->errorResponse(404);
	}

	// Only owner (or admin) has access to the wallet
	if (!Auth::guard()->user()->canRead($wallet)) {
	return $this->errorResponse(403);
	}

	$result = $wallet->toArray();

	$provider = \App\Providers\PaymentProvider::factory($wallet);

	$result['provider'] = $provider->name();
	$result['notice'] = $this->getWalletNotice($wallet);

	return response()->json($result);
	}

	/**
	* Show the form for editing the specified resource.
	*
	* @param int $id
	*
	* @return \Illuminate\Http\JsonResponse
	*/
	public function edit($id)
	{
	return $this->errorResponse(404);
	}

	/**
	* Update the specified resource in storage.
	*
	* @param \Illuminate\Http\Request $request
	* @param string $id
	*
	* @return \Illuminate\Http\JsonResponse
	*/
	public function update(Request $request, $id)
	{
	return $this->errorResponse(404);
	}

	/**
	* Remove the specified resource from storage.
	*
	* @param int $id
	*
	* @return \Illuminate\Http\JsonResponse
	*/
	public function destroy($id)
	{
	return $this->errorResponse(404);
	}

	/**
	* Download a receipt in pdf format.
	*
	* @param string $id Wallet identifier
	* @param string $receipt Receipt identifier (YYYY-MM)
	*
	* @return \Illuminate\Http\Response
	*/
	public function receiptDownload($id, $receipt)
	{
	$wallet = Wallet::find($id);

	// Only owner (or admin) has access to the wallet
	if (!Auth::guard()->user()->canRead($wallet)) {
	abort(403);
	}

	list ($year, $month) = explode('-', $receipt);

	if (empty($year) \|\| empty($month) \|\| $year < 2000 \|\| $month < 1 \|\| $month > 12) {
	abort(404);
	}

	if ($receipt >= date('Y-m')) {
	abort(404);
	}

	$params = [
	'id' => sprintf('%04d-%02d', $year, $month),
	'site' => \config('app.name')
	];

	$filename = \trans('documents.receipt-filename', $params);

	$receipt = new \App\Documents\Receipt($wallet, (int) $year, (int) $month);

	$content = $receipt->pdfOutput();

	return response($content)
	->withHeaders([
	'Content-Type' => 'application/pdf',
	'Content-Disposition' => 'attachment; filename="' . $filename . '"',
	'Content-Length' => strlen($content),
	]);
	}

	/**
	* Fetch wallet receipts list.
	*
	* @param string $id Wallet identifier
	*
	* @return \Illuminate\Http\JsonResponse
	*/
	public function receipts($id)
	{
	$wallet = Wallet::find($id);

	// Only owner (or admin) has access to the wallet
	if (!Auth::guard()->user()->canRead($wallet)) {
	return $this->errorResponse(403);
	}

	$result = $wallet->payments()
	->selectRaw('distinct date_format(updated_at, "%Y-%m") as ident')
	->where('status', PaymentProvider::STATUS_PAID)
	->where('amount', '<>', 0)
	->orderBy('ident', 'desc')
	->get()
	->whereNotIn('ident', [date('Y-m')]) // exclude current month
	->pluck('ident');

	return response()->json([
	'status' => 'success',
	'list' => $result,
	'count' => count($result),
	'hasMore' => false,
	'page' => 1,
	]);
	}

	/**
	* Fetch wallet transactions.
	*
	* @param string $id Wallet identifier
	*
	* @return \Illuminate\Http\JsonResponse
	*/
	public function transactions($id)
	{
	$wallet = Wallet::find($id);

	// Only owner (or admin) has access to the wallet
	if (!Auth::guard()->user()->canRead($wallet)) {
	return $this->errorResponse(403);
	}

	$pageSize = 10;
	$page = intval(request()->input('page')) ?: 1;
	$hasMore = false;
	$isAdmin = $this instanceof Admin\WalletsController;

	if ($transaction = request()->input('transaction')) {
	// Get sub-transactions for the specified transaction ID, first
	// check access rights to the transaction's wallet

	$transaction = $wallet->transactions()->where('id', $transaction)->first();

	if (!$transaction) {
	return $this->errorResponse(404);
	}

	$result = Transaction::where('transaction_id', $transaction->id)->get();
	} else {
	// Get main transactions (paged)
	$result = $wallet->transactions()
	// FIXME: Do we know which (type of) transaction has sub-transactions
	// without the sub-query?
	->selectRaw(", (SELECT count() FROM transactions sub "
	. "WHERE sub.transaction_id = transactions.id) AS cnt")
	->whereNull('transaction_id')
	->latest()
	->limit($pageSize + 1)
	->offset($pageSize * ($page - 1))
	->get();

	if (count($result) > $pageSize) {
	$result->pop();
	$hasMore = true;
	}
	}

	$result = $result->map(function ($item) use ($isAdmin) {
	$entry = [
	'id' => $item->id,
	'createdAt' => $item->created_at->format('Y-m-d H:i'),
	'type' => $item->type,
	'description' => $item->shortDescription(),
	'amount' => $item->amount,
	'hasDetails' => !empty($item->cnt),
	];

	if ($isAdmin && $item->user_email) {
	$entry['user'] = $item->user_email;
	}

	return $entry;
	});

	return response()->json([
	'status' => 'success',
	'list' => $result,
	'count' => count($result),
	'hasMore' => $hasMore,
	'page' => $page,
	]);
	}

	/**
	* Returns human readable notice about the wallet state.
	*
	* @param \App\Wallet $wallet The wallet
	*/
	protected function getWalletNotice(Wallet $wallet): ?string
	{
	// there is no credit
	if ($wallet->balance < 0) {
	return \trans('app.wallet-notice-nocredit');
	}

	// the discount is 100%, no credit is needed
	if ($wallet->discount && $wallet->discount->discount == 100) {
	return null;
	}

	// the owner was created less than a month ago
	if ($wallet->owner->created_at > Carbon::now()->subMonthsWithoutOverflow(1)) {
	// but more than two weeks ago, notice of trial ending
	if ($wallet->owner->created_at <= Carbon::now()->subWeeks(2)) {
	return \trans('app.wallet-notice-trial-end');
	}

	return \trans('app.wallet-notice-trial');
	}

	if ($until = $wallet->balanceLastsUntil()) {
	if ($until->isToday()) {
	return \trans('app.wallet-notice-today');
	}

	// Once in a while we got e.g. "3 weeks" instead of expected "4 weeks".
	// It's because $until uses full seconds, but $now is more precise.
	// We make sure both have the same time set.
	$now = Carbon::now()->setTimeFrom($until);

	+ $diffOptions = [
	+ 'syntax' => Carbon::DIFF_ABSOLUTE,
	+ 'parts' => 1,
	+ ];
	+
	+ if ($now->diff($until)->days > 31) {
	+ $diffOptions['parts'] = 2;
	+ }
	+
	$params = [
	'date' => $until->toDateString(),
	- 'days' => $now->diffForHumans($until, Carbon::DIFF_ABSOLUTE),
	+ 'days' => $now->diffForHumans($until, $diffOptions),
	];

	return \trans('app.wallet-notice-date', $params);
	}

	return null;
	}
	}
	diff --git a/src/composer.json b/src/composer.json
	index c5258a8a..8bd3707b 100644
	--- a/src/composer.json
	+++ b/src/composer.json
	@@ -1,87 +1,87 @@
	{
	"name": "laravel/laravel",
	"type": "project",
	"description": "The Laravel Framework.",
	"keywords": [
	"framework",
	"laravel"
	],
	"license": "MIT",
	"repositories": [
	{
	"type": "vcs",
	"url": "https://git.kolab.org/diffusion/PNL/php-net_ldap3.git"
	}
	],
	"require": {
	"php": "^7.1.3",
	"barryvdh/laravel-dompdf": "^0.8.6",
	"doctrine/dbal": "^2.13",
	"dyrynda/laravel-nullable-fields": "*",
	"fideloper/proxy": "^4.0",
	"kolab/net_ldap3": "dev-master",
	"laravel/framework": "6.*",
	"laravel/horizon": "^3",
	"laravel/tinker": "^2.4",
	"mollie/laravel-mollie": "^2.9",
	"morrislaptop/laravel-queue-clear": "^1.2",
	"silviolleite/laravelpwa": "^2.0",
	"spatie/laravel-translatable": "^4.2",
	"spomky-labs/otphp": "~4.0.0",
	"stripe/stripe-php": "^7.29",
	"swooletw/laravel-swoole": "^2.6",
	"tymon/jwt-auth": "^1.0"
	},
	"require-dev": {
	"beyondcode/laravel-dump-server": "^1.0",
	"beyondcode/laravel-er-diagram-generator": "^1.3",
	"code-lts/doctum": "^5.1",
	"filp/whoops": "^2.0",
	"fzaninotto/faker": "^1.4",
	"kirschbaum-development/mail-intercept": "^0.2.4",
	"laravel/dusk": "~5.11.0",
	"mockery/mockery": "^1.0",
	- "nunomaduro/larastan": "^0.6",
	+ "nunomaduro/larastan": "^0.7",
	"phpstan/phpstan": "^0.12",
	"phpunit/phpunit": "^8"
	},
	"config": {
	"optimize-autoloader": true,
	"preferred-install": "dist",
	"sort-packages": true
	},
	"extra": {
	"laravel": {
	"dont-discover": []
	}
	},
	"autoload": {
	"psr-4": {
	"App\\": "app/"
	},
	"classmap": [
	"database/seeds",
	"database/factories",
	"include"
	]
	},
	"autoload-dev": {
	"psr-4": {
	"Tests\\": "tests/"
	}
	},
	"minimum-stability": "dev",
	"prefer-stable": true,
	"scripts": {
	"post-autoload-dump": [
	"Illuminate\\Foundation\\ComposerScripts::postAutoloadDump",
	"@php artisan package:discover --ansi"
	],
	"post-root-package-install": [
	"@php -r \"file_exists('.env') \|\| copy('.env.example', '.env');\""
	],
	"post-create-project-cmd": [
	"@php artisan key:generate --ansi"
	]
	}
	}
	diff --git a/src/tests/Feature/Controller/WalletsTest.php b/src/tests/Feature/Controller/WalletsTest.php
	index 5cb158ca..22cb707a 100644
	--- a/src/tests/Feature/Controller/WalletsTest.php
	+++ b/src/tests/Feature/Controller/WalletsTest.php
	@@ -1,338 +1,351 @@
	<?php

	namespace Tests\Feature\Controller;

	use App\Http\Controllers\API\V4\WalletsController;
	use App\Payment;
	use App\Providers\PaymentProvider;
	use App\Transaction;
	use Carbon\Carbon;
	use Tests\TestCase;

	class WalletsTest extends TestCase
	{
	/**
	* {@inheritDoc}
	*/
	public function setUp(): void
	{
	parent::setUp();

	$this->deleteTestUser('wallets-controller@kolabnow.com');
	}

	/**
	* {@inheritDoc}
	*/
	public function tearDown(): void
	{
	$this->deleteTestUser('wallets-controller@kolabnow.com');

	parent::tearDown();
	}


	/**
	* Test for getWalletNotice() method
	*/
	public function testGetWalletNotice(): void
	{
	$user = $this->getTestUser('wallets-controller@kolabnow.com');
	$package = \App\Package::where('title', 'kolab')->first();
	$user->assignPackage($package);
	$wallet = $user->wallets()->first();

	$controller = new WalletsController();
	$method = new \ReflectionMethod($controller, 'getWalletNotice');
	$method->setAccessible(true);

	// User/entitlements created today, balance=0
	$notice = $method->invoke($controller, $wallet);

	$this->assertSame('You are in your free trial period.', $notice);

	$wallet->owner->created_at = Carbon::now()->subDays(15);
	$wallet->owner->save();

	$notice = $method->invoke($controller, $wallet);

	$this->assertSame('Your free trial is about to end, top up to continue.', $notice);

	// User/entitlements created today, balance=-10 CHF
	$wallet->balance = -1000;
	$notice = $method->invoke($controller, $wallet);

	$this->assertSame('You are out of credit, top up your balance now.', $notice);

	// User/entitlements created slightly more than a month ago, balance=9,99 CHF (monthly)
	$wallet->owner->created_at = Carbon::now()->subMonthsWithoutOverflow(1)->subDays(1);
	$wallet->owner->save();

	+ // test "1 month"
	$wallet->balance = 999;
	$notice = $method->invoke($controller, $wallet);

	$this->assertRegExp('/$(1 month\|4 weeks)$/', $notice);

	+ // test "2 months"
	+ $wallet->balance = 999 * 2.6;
	+ $notice = $method->invoke($controller, $wallet);
	+
	+ $this->assertRegExp('/$2 months 2 weeks$/', $notice);
	+
	+ // test "almost 2 years"
	+ $wallet->balance = 999 * 23.5;
	+ $notice = $method->invoke($controller, $wallet);
	+
	+ $this->assertRegExp('/$1 year 11 months$/', $notice);
	+
	// Old entitlements, 100% discount
	$this->backdateEntitlements($wallet->entitlements, Carbon::now()->subDays(40));
	$discount = \App\Discount::where('discount', 100)->first();
	$wallet->discount()->associate($discount);

	$notice = $method->invoke($controller, $wallet->refresh());

	$this->assertSame(null, $notice);
	}

	/**
	* Test fetching pdf receipt
	*/
	public function testReceiptDownload(): void
	{
	$user = $this->getTestUser('wallets-controller@kolabnow.com');
	$john = $this->getTestUser('john@kolab.org');
	$wallet = $user->wallets()->first();

	// Unauth access not allowed
	$response = $this->get("api/v4/wallets/{$wallet->id}/receipts/2020-05");
	$response->assertStatus(401);
	$response = $this->actingAs($john)->get("api/v4/wallets/{$wallet->id}/receipts/2020-05");
	$response->assertStatus(403);

	// Invalid receipt id (current month)
	$receiptId = date('Y-m');
	$response = $this->actingAs($user)->get("api/v4/wallets/{$wallet->id}/receipts/{$receiptId}");
	$response->assertStatus(404);

	// Invalid receipt id
	$receiptId = '1000-03';
	$response = $this->actingAs($user)->get("api/v4/wallets/{$wallet->id}/receipts/{$receiptId}");
	$response->assertStatus(404);

	// Valid receipt id
	$year = intval(date('Y')) - 1;
	$receiptId = "$year-12";
	$filename = \config('app.name') . " Receipt for $year-12";

	$response = $this->actingAs($user)->get("api/v4/wallets/{$wallet->id}/receipts/{$receiptId}");

	$response->assertStatus(200);
	$response->assertHeader('content-type', 'application/pdf');
	$response->assertHeader('content-disposition', 'attachment; filename="' . $filename . '"');
	$response->assertHeader('content-length');

	$length = $response->headers->get('content-length');
	$content = $response->content();
	$this->assertStringStartsWith("%PDF-1.", $content);
	$this->assertEquals(strlen($content), $length);
	}

	/**
	* Test fetching list of receipts
	*/
	public function testReceipts(): void
	{
	$user = $this->getTestUser('wallets-controller@kolabnow.com');
	$john = $this->getTestUser('john@kolab.org');
	$wallet = $user->wallets()->first();
	$wallet->payments()->delete();

	// Unauth access not allowed
	$response = $this->get("api/v4/wallets/{$wallet->id}/receipts");
	$response->assertStatus(401);
	$response = $this->actingAs($john)->get("api/v4/wallets/{$wallet->id}/receipts");
	$response->assertStatus(403);

	// Empty list expected
	$response = $this->actingAs($user)->get("api/v4/wallets/{$wallet->id}/receipts");
	$response->assertStatus(200);

	$json = $response->json();

	$this->assertCount(5, $json);
	$this->assertSame('success', $json['status']);
	$this->assertSame([], $json['list']);
	$this->assertSame(1, $json['page']);
	$this->assertSame(0, $json['count']);
	$this->assertSame(false, $json['hasMore']);

	// Insert a payment to the database
	$date = Carbon::create(intval(date('Y')) - 1, 4, 30);
	$payment = Payment::create([
	'id' => 'AAA1',
	'status' => PaymentProvider::STATUS_PAID,
	'type' => PaymentProvider::TYPE_ONEOFF,
	'description' => 'Paid in April',
	'wallet_id' => $wallet->id,
	'provider' => 'stripe',
	'amount' => 1111,
	]);
	$payment->updated_at = $date;
	$payment->save();

	$response = $this->actingAs($user)->get("api/v4/wallets/{$wallet->id}/receipts");
	$response->assertStatus(200);

	$json = $response->json();

	$this->assertCount(5, $json);
	$this->assertSame('success', $json['status']);
	$this->assertSame([$date->format('Y-m')], $json['list']);
	$this->assertSame(1, $json['page']);
	$this->assertSame(1, $json['count']);
	$this->assertSame(false, $json['hasMore']);
	}

	/**
	* Test fetching a wallet (GET /api/v4/wallets/:id)
	*/
	public function testShow(): void
	{
	$john = $this->getTestUser('john@kolab.org');
	$jack = $this->getTestUser('jack@kolab.org');
	$wallet = $john->wallets()->first();
	$wallet->balance = -100;
	$wallet->save();

	// Accessing a wallet of someone else
	$response = $this->actingAs($jack)->get("api/v4/wallets/{$wallet->id}");
	$response->assertStatus(403);

	// Accessing non-existing wallet
	$response = $this->actingAs($jack)->get("api/v4/wallets/aaa");
	$response->assertStatus(404);

	// Wallet owner
	$response = $this->actingAs($john)->get("api/v4/wallets/{$wallet->id}");
	$response->assertStatus(200);

	$json = $response->json();

	$this->assertSame($wallet->id, $json['id']);
	$this->assertSame('CHF', $json['currency']);
	$this->assertSame($wallet->balance, $json['balance']);
	$this->assertTrue(empty($json['description']));
	$this->assertTrue(!empty($json['notice']));
	}

	/**
	* Test fetching wallet transactions
	*/
	public function testTransactions(): void
	{
	$package_kolab = \App\Package::where('title', 'kolab')->first();
	$user = $this->getTestUser('wallets-controller@kolabnow.com');
	$user->assignPackage($package_kolab);
	$john = $this->getTestUser('john@kolab.org');
	$wallet = $user->wallets()->first();

	// Unauth access not allowed
	$response = $this->get("api/v4/wallets/{$wallet->id}/transactions");
	$response->assertStatus(401);
	$response = $this->actingAs($john)->get("api/v4/wallets/{$wallet->id}/transactions");
	$response->assertStatus(403);

	// Expect empty list
	$response = $this->actingAs($user)->get("api/v4/wallets/{$wallet->id}/transactions");
	$response->assertStatus(200);

	$json = $response->json();

	$this->assertCount(5, $json);
	$this->assertSame('success', $json['status']);
	$this->assertSame([], $json['list']);
	$this->assertSame(1, $json['page']);
	$this->assertSame(0, $json['count']);
	$this->assertSame(false, $json['hasMore']);

	// Create some sample transactions
	$transactions = $this->createTestTransactions($wallet);
	$transactions = array_reverse($transactions);
	$pages = array_chunk($transactions, 10 /* page size*/);

	// Get the first page
	$response = $this->actingAs($user)->get("api/v4/wallets/{$wallet->id}/transactions");
	$response->assertStatus(200);

	$json = $response->json();

	$this->assertCount(5, $json);
	$this->assertSame('success', $json['status']);
	$this->assertSame(1, $json['page']);
	$this->assertSame(10, $json['count']);
	$this->assertSame(true, $json['hasMore']);
	$this->assertCount(10, $json['list']);
	foreach ($pages[0] as $idx => $transaction) {
	$this->assertSame($transaction->id, $json['list'][$idx]['id']);
	$this->assertSame($transaction->type, $json['list'][$idx]['type']);
	$this->assertSame($transaction->shortDescription(), $json['list'][$idx]['description']);
	$this->assertFalse($json['list'][$idx]['hasDetails']);
	$this->assertFalse(array_key_exists('user', $json['list'][$idx]));
	}

	$search = null;

	// Get the second page
	$response = $this->actingAs($user)->get("api/v4/wallets/{$wallet->id}/transactions?page=2");
	$response->assertStatus(200);

	$json = $response->json();

	$this->assertCount(5, $json);
	$this->assertSame('success', $json['status']);
	$this->assertSame(2, $json['page']);
	$this->assertSame(2, $json['count']);
	$this->assertSame(false, $json['hasMore']);
	$this->assertCount(2, $json['list']);
	foreach ($pages[1] as $idx => $transaction) {
	$this->assertSame($transaction->id, $json['list'][$idx]['id']);
	$this->assertSame($transaction->type, $json['list'][$idx]['type']);
	$this->assertSame($transaction->shortDescription(), $json['list'][$idx]['description']);
	$this->assertSame(
	$transaction->type == Transaction::WALLET_DEBIT,
	$json['list'][$idx]['hasDetails']
	);
	$this->assertFalse(array_key_exists('user', $json['list'][$idx]));

	if ($transaction->type == Transaction::WALLET_DEBIT) {
	$search = $transaction->id;
	}
	}

	// Get a non-existing page
	$response = $this->actingAs($user)->get("api/v4/wallets/{$wallet->id}/transactions?page=3");
	$response->assertStatus(200);

	$json = $response->json();

	$this->assertCount(5, $json);
	$this->assertSame('success', $json['status']);
	$this->assertSame(3, $json['page']);
	$this->assertSame(0, $json['count']);
	$this->assertSame(false, $json['hasMore']);
	$this->assertCount(0, $json['list']);

	// Sub-transaction searching
	$response = $this->actingAs($user)->get("api/v4/wallets/{$wallet->id}/transactions?transaction=123");
	$response->assertStatus(404);

	$response = $this->actingAs($user)->get("api/v4/wallets/{$wallet->id}/transactions?transaction={$search}");
	$response->assertStatus(200);

	$json = $response->json();

	$this->assertCount(5, $json);
	$this->assertSame('success', $json['status']);
	$this->assertSame(1, $json['page']);
	$this->assertSame(2, $json['count']);
	$this->assertSame(false, $json['hasMore']);
	$this->assertCount(2, $json['list']);
	$this->assertSame(Transaction::ENTITLEMENT_BILLED, $json['list'][0]['type']);
	$this->assertSame(Transaction::ENTITLEMENT_BILLED, $json['list'][1]['type']);

	// Test that John gets 404 if he tries to access
	// someone else's transaction ID on his wallet's endpoint
	$wallet = $john->wallets()->first();
	$response = $this->actingAs($john)->get("api/v4/wallets/{$wallet->id}/transactions?transaction={$search}");
	$response->assertStatus(404);
	}
	}

File Metadata

Mime Type: text/x-diff
Expires: Mon, Feb 2, 9:07 PM (1 d, 5 h)
Storage Engine: blob
Storage Format: Raw Data
Storage Handle: 426961
Default Alt Text: (25 KB)

No OneTemporaryActions

View Options

File Metadata

Event Timeline

No OneTemporary
Actions