File manager - Edit - /var/www/html/homologBancodetalentos/tests/Feature/TalentBank/WebSecurityTest.php
Back
<?php namespace Tests\Feature\TalentBank; use App\Models\TalentBank\Company; use App\Models\TalentBank\Neighbourhood; use App\Support\SsoWebSession; use Illuminate\Foundation\Testing\DatabaseTransactions; use Tests\TestCase; class WebSecurityTest extends TestCase { use DatabaseTransactions; protected function setUp(): void { parent::setUp(); config([ 'talent_bank.bypass_auth' => false, ]); } public function test_auth_status_does_not_expose_name_when_unauthenticated(): void { $this->getJson(route('auth.status')) ->assertOk() ->assertExactJson(['authenticated' => false]); } public function test_auth_status_exposes_name_only_when_authenticated(): void { SsoWebSession::bootstrapLocalTalentBankUser( '12345678901', 'Candidato QA', 'candidato@example.com', 'talent-bank-user-candidate', ); $this->getJson(route('auth.status')) ->assertOk() ->assertJsonPath('authenticated', true) ->assertJsonPath('name', 'Candidato QA'); } public function test_company_user_cannot_access_candidate_curriculum_route(): void { $cnpj = $this->generateValidCnpj(); $neighbourhood = Neighbourhood::query()->create([ 'name' => 'Centro Security '.uniqid(), ]); Company::query()->create([ 'cnpj' => $cnpj, 'corporate_name' => 'Empresa Security Test', 'trading_name' => 'Empresa Security', 'email' => 'security+'.uniqid().'@example.com', 'neighbourhood_id' => $neighbourhood->id, 'active' => true, ]); SsoWebSession::bootstrapLocalTalentBankUser( $cnpj, 'Empresa Security Test', 'empresa@example.com', 'talent-bank-user-company', ); $this->get(route('talent-bank.candidate.curriculum')) ->assertForbidden(); } public function test_legacy_news_redirect_rejects_invalid_slug(): void { $this->get('/noticias/2026-05-20/slug-malicioso%2F..') ->assertNotFound(); } public function test_legacy_news_redirect_accepts_valid_parameters(): void { $this->get('/noticias/2026-05-20/titulo-da-noticia') ->assertRedirect('https://angra.rj.gov.br/noticias/2026-05-20/titulo-da-noticia'); } public function test_contact_form_is_rate_limited(): void { $payload = [ 'name' => 'Teste', 'email' => 'teste@example.com', 'phone' => '21999999999', 'subject' => 'Assunto', 'message' => 'Mensagem de teste para rate limit.', ]; for ($i = 0; $i < 10; $i++) { $this->post(route('fale-conosco.submit'), $payload); } $this->post(route('fale-conosco.submit'), $payload) ->assertStatus(429); } private function generateValidCnpj(): string { $base = []; for ($i = 0; $i < 12; $i++) { $base[$i] = random_int(0, 9); } $weights1 = [5, 4, 3, 2, 9, 8, 7, 6, 5, 4, 3, 2]; $sum1 = 0; for ($i = 0; $i < 12; $i++) { $sum1 += $base[$i] * $weights1[$i]; } $rest1 = $sum1 % 11; $digit1 = $rest1 < 2 ? 0 : 11 - $rest1; $base[] = $digit1; $weights2 = [6, 5, 4, 3, 2, 9, 8, 7, 6, 5, 4, 3, 2]; $sum2 = 0; for ($i = 0; $i < 13; $i++) { $sum2 += $base[$i] * $weights2[$i]; } $rest2 = $sum2 % 11; $digit2 = $rest2 < 2 ? 0 : 11 - $rest2; $base[] = $digit2; return implode('', $base); } }
| ver. 1.4 |
Github
|
.
| PHP 8.3.28 | Generation time: 0.02 |
proxy
|
phpinfo
|
Settings