mirror/opensourcepos
1
0
Fork 0
mirror of https://github.com/opensourcepos/opensourcepos.git synced 2026-03-10 11:10:47 -04:00
Code Issues Packages Projects Releases Wiki Activity
Files
977fa5647b68ac290d44c6a289d7ade68e2ceaf0
opensourcepos/.github/workflows/phpunit.yml
jekkos ca6a1b35af Add row-level authorization to password change endpoints (#4401) 
* fix(security): add row-level authorization to password change endpoints

- Prevents non-admin users from viewing other users' password forms
- Prevents non-admin users from changing other users' passwords
- Uses can_modify_employee() check consistent with Employees controller fix
- Addresses BOLA vulnerability in Home controller (GHSA-q58g-gg7v-f9rf)

* test(security): add BOLA authorization tests for Home controller

- Test non-admin cannot view/change admin password
- Test user can view/change own password
- Test admin can view/change any password
- Test default employee_id uses current user
- Add JUnit test result upload to CI workflow

* refactor: apply PSR-12 naming and add DEFAULT_EMPLOYEE_ID constant

- Add DEFAULT_EMPLOYEE_ID constant to Constants.php
- Rename variables to follow PSR-12 camelCase convention
- Use ternary for default employee ID assignment

* refactor: use NEW_ENTRY constant instead of adding DEFAULT_EMPLOYEE_ID

Reuse existing NEW_ENTRY constant for default employee ID parameter.
Avoids adding redundant constants to Constants.php with same value (-1).

---------

Co-authored-by: jekkos <jeroen@steganos.dev>
2026-03-06 17:08:36 +01:00

126 lines
3.3 KiB
YAML
Raw Blame History

name: PHPUnit Tests
on:
push:
paths:
- '**.php'
- 'spark'
- 'tests/**'
- '.github/workflows/phpunit.yml'
- 'gulpfile.js'
- 'app/Database/**'
pull_request:
paths:
- '**.php'
- 'spark'
- 'tests/**'
- '.github/workflows/phpunit.yml'
- 'gulpfile.js'
- 'app/Database/**'
concurrency:
group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
cancel-in-progress: true
permissions:
contents: read
jobs:
test:
name: PHP ${{ matrix.php-version }} Tests
runs-on: ubuntu-22.04
strategy:
fail-fast: false
matrix:
php-version:
- '8.1'
- '8.2'
- '8.3'
- '8.4'
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Setup PHP
uses: shivammathur/setup-php@v2
with:
php-version: ${{ matrix.php-version }}
extensions: intl, mbstring, mysqli
coverage: none
- name: Setup Node.js
uses: actions/setup-node@v4
with:
node-version: '20'
- name: Get npm cache directory
run: echo "NPM_CACHE_DIR=$(npm config get cache)" >> $GITHUB_ENV
- name: Cache npm dependencies
uses: actions/cache@v3
with:
path: ${{ env.NPM_CACHE_DIR }}
key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }}
restore-keys: |
${{ runner.os }}-node-
- name: Install npm dependencies
run: npm install
- name: Build database.sql
run: npm run gulp build-database
- name: Start MariaDB
run: |
docker run -d --name mysql \
-e MYSQL_ROOT_PASSWORD=root \
-e MYSQL_DATABASE=ospos \
-e MYSQL_USER=admin \
-e MYSQL_PASSWORD=pointofsale \
-v $PWD/app/Database/database.sql:/docker-entrypoint-initdb.d/database.sql \
-p 3306:3306 \
mariadb:10.5
# Wait for MariaDB to be ready
until docker exec mysql mysqladmin ping -h 127.0.0.1 -u root -proot --silent; do
echo "Waiting for MariaDB..."
sleep 2
done
echo "MariaDB is ready!"
- name: Get composer cache directory
run: echo "COMPOSER_CACHE_FILES_DIR=$(composer config cache-files-dir)" >> $GITHUB_ENV
- name: Cache dependencies
uses: actions/cache@v3
with:
path: ${{ env.COMPOSER_CACHE_FILES_DIR }}
key: ${{ runner.os }}-${{ matrix.php-version }}-${{ hashFiles('**/composer.lock') }}
restore-keys: |
${{ runner.os }}-${{ matrix.php-version }}-
${{ runner.os }}-
- name: Install dependencies
run: composer update --ansi --no-interaction
- name: Create .env file
run: cp .env.example .env
- name: Run PHPUnit tests
env:
CI_ENVIRONMENT: testing
MYSQL_HOST_NAME: 127.0.0.1
run: composer test -- --log-junit test-results/junit.xml
- name: Upload test results
uses: actions/upload-artifact@v4
if: always()
with:
name: test-results-php-${{ matrix.php-version }}
path: test-results/
retention-days: 30
- name: Stop MariaDB
if: always()
run: docker stop mysql && docker rm mysql
Reference in New Issue View Git Blame Copy Permalink