Resolves #52 - A guest cannot submit Links for existing author_email (#54)

tiagof · web-flow · commit 1c2bdea0cd4a · 2020-11-04T08:46:49.000Z
* Update CHANGELOG.md

* Implemented funcionality

Refactored test: moved payload and file creation to setUp().

* Apply rule only when guest
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -9,6 +9,7 @@ All notable changes to `laravel-portugal/api` will be documented in this file
 - An authenticated user can delete a question (#30)
 - A guest or an authenticated user can see details of a question (#48)
 - A guest or an authenticated user can list questions (#26)
+- Guest cannot submit Links for existing author_email (#52)
 
 ### Changed
 
diff --git a/domains/Links/Controllers/LinksStoreController.php b/domains/Links/Controllers/LinksStoreController.php
@@ -25,7 +25,7 @@ public function __invoke(Request $request): Response
             'title' => ['required', 'string'],
             'description' => ['required', 'string'],
             'author_name' => ['required', 'string'],
-            'author_email' => ['required', 'email'],
+            'author_email' => ['required', 'email', $request->user() ? null : 'unique:users,email'],
             'cover_image' => ['required', 'image'],
             'tags' => ['required', 'array'],
             'tags.*.id' => ['required', 'integer', 'exists:tags'],
@@ -40,8 +40,8 @@ public function __invoke(Request $request): Response
             'link' => $request->input('link'),
             'title' => $request->input('title'),
             'description' => $request->input('description'),
-            'author_name' => $request->input('author_name'),
-            'author_email' => $request->input('author_email'),
+            'author_name' => optional($request->user())->name ?? $request->input('author_name'),
+            'author_email' => optional($request->user())->email ?? $request->input('author_email'),
             'cover_image' => $request->file('cover_image')->store('cover_images'),
         ]);
 
diff --git a/domains/Links/Tests/Feature/LinksStoreTest.php b/domains/Links/Tests/Feature/LinksStoreTest.php
@@ -2,6 +2,7 @@
 
 namespace Domains\Links\Tests\Feature;
 
+use Domains\Accounts\Database\Factories\UserFactory;
 use Domains\Tags\Database\Factories\TagFactory;
 use Domains\Tags\Models\Tag;
 use Faker\Factory;
@@ -18,20 +19,17 @@ class LinksStoreTest extends TestCase
     private Tag $tag;
     private Generator $faker;
 
+    private array $payload;
+    private array $files;
+
     protected function setUp(): void
     {
         parent::setUp();
 
         $this->tag = TagFactory::new()->create();
         $this->faker = Factory::create();
-    }
-
-    /** @test */
-    public function it_stores_resources(): void
-    {
-        Storage::fake('local');
 
-        $payload = [
+        $this->payload = [
             'link' => $this->faker->url,
             'title' => $this->faker->title,
             'description' => $this->faker->paragraph,
@@ -41,21 +39,26 @@ public function it_stores_resources(): void
                 ['id' => $this->tag->id],
             ],
         ];
-
-        $files = [
+        $this->files = [
             'cover_image' => UploadedFile::fake()->image('cover_image.jpg'),
         ];
 
-        $response = $this->call('POST', '/links', $payload, [], $files);
+        Storage::fake('local');
+    }
+
+    /** @test */
+    public function it_stores_resources(): void
+    {
+        $response = $this->call('POST', '/links', $this->payload, [], $this->files);
         self::assertTrue($response->isEmpty());
 
         $this->seeInDatabase('links', [
-            'link' => $payload['link'],
-            'title' => $payload['title'],
-            'description' => $payload['description'],
-            'author_name' => $payload['author_name'],
-            'author_email' => $payload['author_email'],
-            'cover_image' => 'cover_images/' . $files['cover_image']->hashName(),
+            'link' => $this->payload['link'],
+            'title' => $this->payload['title'],
+            'description' => $this->payload['description'],
+            'author_name' => $this->payload['author_name'],
+            'author_email' => $this->payload['author_email'],
+            'cover_image' => 'cover_images/' . $this->files['cover_image']->hashName(),
             'approved_at' => null,
         ]);
 
@@ -66,7 +69,7 @@ public function it_stores_resources(): void
             ]
         );
 
-        Storage::assertExists('cover_images/' . $files['cover_image']->hashName());
+        Storage::assertExists('cover_images/' . $this->files['cover_image']->hashName());
     }
 
     /** @test */
@@ -87,18 +90,9 @@ public function it_fails_to_store_resources_on_validation_errors(): void
     /** @test */
     public function it_fails_to_store_resources_with_invalid_link(): void
     {
-        $payload = [
-            'link' => 'this_is_not_a_valid_url',
-            'title' => $this->faker->title,
-            'description' => $this->faker->paragraph,
-            'author_name' => $this->faker->name,
-            'author_email' => $this->faker->safeEmail,
-            'tags' => [
-                ['id' => $this->tag->id],
-            ],
-        ];
+        $this->payload['link'] = 'this_is_not_a_valid_url';
 
-        $this->post('/links', $payload)
+        $this->post('/links', $this->payload)
             ->seeJsonStructure([
                 'link',
             ]);
@@ -107,26 +101,47 @@ public function it_fails_to_store_resources_with_invalid_link(): void
     /** @test */
     public function it_stores_resources_with_unregistered_link_domain(): void
     {
-        Storage::fake('local');
+        $this->payload['link'] = 'http://unregistered.laravel.pt';
 
-        $payload = [
-            'link' => 'http://unregistered.laravel.pt',
-            'title' => $this->faker->title,
-            'description' => $this->faker->paragraph,
-            'author_name' => $this->faker->name,
-            'author_email' => $this->faker->safeEmail,
-            'tags' => [
-                ['id' => $this->tag->id],
-            ],
-        ];
+        $response = $this->call('POST', '/links', $this->payload, [], $this->files);
 
-        $files = [
-            'cover_image' => UploadedFile::fake()->image('cover_image.jpg'),
-        ];
+        self::assertEquals(204, $response->getStatusCode());
+        self::assertTrue($response->isEmpty());
+    }
+
+    /** @test */
+    public function it_forbids_guest_to_use_a_registered_users_email_when_submitting_a_link(): void
+    {
+        $user = UserFactory::new(['email' => $this->faker->safeEmail])
+            ->create();
 
-        $response = $this->call('POST', '/links', $payload, [], $files);
+        $this->payload['author_email'] = $user->email;
+
+        $this->post('/links', $this->payload)
+            ->seeJsonStructure(['author_email']);
+    }
+
+    /** @test */
+    public function it_uses_logged_in_user_email_and_name_when_submitting_a_link(): void
+    {
+        // create a random user
+        $randomUser = UserFactory::new(['email' => $this->faker->safeEmail])->create();
+        // create a user and login
+        $user = UserFactory::new(['email' => $this->faker->safeEmail])->create();
+        $this->actingAs($user);
+
+        // use an existing user's email and it should go OK since we're logged in.
+        $this->payload['author_email'] = $randomUser->email;
+
+        $response = $this->call('POST', '/links', $this->payload, [], $this->files);
 
         self::assertEquals(204, $response->getStatusCode());
-        self::assertTrue($response->isEmpty());
+        $this->seeInDatabase(
+            'links',
+            [
+                'author_email' => $user->email,
+                'author_name' => $user->name,
+            ]
+        );
     }
 }
