Ensures that invalid props cannot be saves to settings

2025-01-13 17:59:38 +11:00 · 2025-01-13 17:59:38 +11:00 · 7304f01de6
parent 3d2ba32c7d
commit 7304f01de6
3 changed files with 32 additions and 3 deletions
--- a/app/Http/Controllers/ClientPortal/InvoiceController.php
+++ b/app/Http/Controllers/ClientPortal/InvoiceController.php
@ -106,14 +106,14 @@ class InvoiceController extends Controller
                break;
            }

-            usleep(200000);
+            usleep(300000);

        }

        $invitation = false;

        match($data['entity_type'] ?? 'invoice') {
-            'invoice' => $invitation = InvoiceInvitation::withTrashed()->find($data['invitation_id']),
+            'invoice' => $invitation = InvoiceInvitation::withTrashed()->find($data['invitation_id']), //@todo - sometimes this is false!!
            'quote' => $invitation = QuoteInvitation::withTrashed()->find($data['invitation_id']),
            'credit' => $invitation = CreditInvitation::withTrashed()->find($data['invitation_id']),
            'recurring_invoice' => $invitation = RecurringInvoiceInvitation::withTrashed()->find($data['invitation_id']),
--- a/app/Utils/Traits/ClientGroupSettingsSaver.php
+++ b/app/Utils/Traits/ClientGroupSettingsSaver.php
@ -46,12 +46,14 @@ trait ClientGroupSettingsSaver
            unset($settings[$field]);
        }

+        $company_settings_stub = new CompanySettings();
+
        /*
         * for clients and group settings, if a field is not set or is set to a blank value,
         * we unset it from the settings object
         */
        foreach ($settings as $key => $value) {
-            if (! isset($settings->{$key}) || empty($settings->{$key}) || (! is_object($settings->{$key}) && strlen($settings->{$key}) == 0)) {
+            if (! isset($settings->{$key}) || empty($settings->{$key})  || !property_exists($company_settings_stub, $key) || (! is_object($settings->{$key}) && strlen($settings->{$key}) == 0)) {
                unset($settings->{$key});
            }
        }
--- a/tests/Unit/ClientSettingsTest.php
+++ b/tests/Unit/ClientSettingsTest.php
@ -11,6 +11,7 @@

 namespace Tests\Unit;

+use App\DataMapper\ClientSettings;
 use Illuminate\Foundation\Testing\DatabaseTransactions;
 use Illuminate\Validation\ValidationException;
 use Tests\MockAccountData;
@ -36,6 +37,32 @@ class ClientSettingsTest extends TestCase
    }


+    public function testBadProps()
+    {
+        $client = \App\Models\Client::factory()->create([
+            'company_id' => $this->company->id,
+            'user_id' => $this->user->id,
+            'settings' => ClientSettings::defaults(),
+        ]);
+
+        $this->assertNotNull($client);
+
+        $settings = $client->settings;
+
+        $settings->timezone_id = '15';
+
+        $client->saveSettings($settings, $client);
+
+        $this->assertNotNull($client);
+
+        $settings->something_crazy_here = '5424234234';
+
+        $client->saveSettings($settings, $client);
+
+        $this->assertFalse(property_exists($client->settings, 'something_crazy_here'));
+
+    }
+
    public function testClientValidSettingsWithBadProps()
    {
        $data = [