apps/photoprism
1
0
Fork 0
mirror of https://github.com/photoprism/photoprism.git synced 2025-10-06 01:07:16 +08:00
Code Issues Packages Projects Releases Wiki Activity

Auth: added api tests for user sessions #98

Browse Source
This commit is contained in:
Timo Volkmann
2021-08-10 17:22:15 +02:00
parent e5b1b7b5f6
commit dd0ee298cd
2 changed files with 57 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
internal/api/api_test.go
View File

@@ -1,6 +1,7 @@
package api package api
import ( import (
"fmt"
"net/http" "net/http"
"net/http/httptest" "net/http/httptest"
"os" "os"
@@ -23,10 +24,15 @@ func NewApiTest() (app *gin.Engine, router *gin.RouterGroup, conf *config.Config
// NewApiTest returns new API test helper with authenticated admin session. // NewApiTest returns new API test helper with authenticated admin session.
func NewAdminApiTest() (app *gin.Engine, router *gin.RouterGroup, conf *config.Config, sessId string) { func NewAdminApiTest() (app *gin.Engine, router *gin.RouterGroup, conf *config.Config, sessId string) {
return NewAuthenticatedApiTest("admin", "photoprism")
}
// NewApiTest returns new API test helper with authenticated admin session.
func NewAuthenticatedApiTest(username string, password string) (app *gin.Engine, router *gin.RouterGroup, conf *config.Config, sessId string) {
app = gin.New() app = gin.New()
router = app.Group("/api/v1") router = app.Group("/api/v1")
CreateSession(router) CreateSession(router)
reader := strings.NewReader(`{"username": "admin", "password": "photoprism"}`) reader := strings.NewReader(fmt.Sprintf(`{"username": %s, "password": "%s"}`, username, password))
req, _ := http.NewRequest("POST", "/api/v1/session", reader) req, _ := http.NewRequest("POST", "/api/v1/session", reader)
w := httptest.NewRecorder() w := httptest.NewRecorder()
app.ServeHTTP(w, req) app.ServeHTTP(w, req)

64
internal/api/session_test.go
View File

@@ -13,33 +13,61 @@ func TestCreateSession(t *testing.T) {
t.Run("successful request", func(t *testing.T) { t.Run("successful request", func(t *testing.T) {
app, router, _ := NewApiTest() app, router, _ := NewApiTest()
CreateSession(router) CreateSession(router)
r := PerformRequestWithBody(app, "POST", "/api/v1/session", `{"username": "admin", "password": "photoprism"}`) r := PerformRequestWithBody(app, http.MethodPost, "/api/v1/session", `{"username": "admin", "password": "photoprism"}`)
val2 := gjson.Get(r.Body.String(), "user.Email") val2 := gjson.Get(r.Body.String(), "data.user.UserName")
assert.Equal(t, "", val2.String()) assert.Equal(t, "admin", val2.String())
assert.Equal(t, http.StatusOK, r.Code) assert.Equal(t, http.StatusOK, r.Code)
}) })
t.Run("bad request", func(t *testing.T) { t.Run("bad request", func(t *testing.T) {
app, router, _ := NewApiTest() app, router, _ := NewApiTest()
CreateSession(router) CreateSession(router)
r := PerformRequestWithBody(app, "POST", "/api/v1/session", `{"username": 123, "password": "xxx"}`) r := PerformRequestWithBody(app, http.MethodPost, "/api/v1/session", `{"username": 123, "password": "xxx"}`)
assert.Equal(t, http.StatusBadRequest, r.Code) assert.Equal(t, http.StatusBadRequest, r.Code)
}) })
t.Run("invalid token", func(t *testing.T) { t.Run("invalid token", func(t *testing.T) {
app, router, _ := NewApiTest() app, router, _ := NewApiTest()
CreateSession(router) CreateSession(router)
r := PerformRequestWithBody(app, "POST", "/api/v1/session", `{"username": "admin", "password": "photoprism", "token": "xxx"}`) r := PerformRequestWithBody(app, http.MethodPost, "/api/v1/session", `{"username": "admin", "password": "photoprism", "token": "xxx"}`)
assert.Equal(t, http.StatusBadRequest, r.Code) assert.Equal(t, http.StatusBadRequest, r.Code)
}) })
t.Run("valid token", func(t *testing.T) { t.Run("valid token", func(t *testing.T) {
app, router, _ := NewApiTest() app, router, _ := NewApiTest()
CreateSession(router) CreateSession(router)
r := PerformRequestWithBody(app, "POST", "/api/v1/session", `{"username": "admin", "password": "photoprism", "token": "1jxf3jfn2k"}`) r := PerformRequestWithBody(app, http.MethodPost, "/api/v1/session", `{"username": "admin", "password": "photoprism", "token": "1jxf3jfn2k"}`)
assert.Equal(t, http.StatusOK, r.Code) assert.Equal(t, http.StatusOK, r.Code)
}) })
t.Run("invalid password", func(t *testing.T) { t.Run("invalid password", func(t *testing.T) {
app, router, _ := NewApiTest() app, router, _ := NewApiTest()
CreateSession(router) CreateSession(router)
r := PerformRequestWithBody(app, "POST", "/api/v1/session", `{"username": "admin", "password": "xxx"}`) r := PerformRequestWithBody(app, http.MethodPost, "/api/v1/session", `{"username": "admin", "password": "xxx"}`)
val := gjson.Get(r.Body.String(), "error")
assert.Equal(t, i18n.Msg(i18n.ErrInvalidCredentials), val.String())
assert.Equal(t, http.StatusBadRequest, r.Code)
})
t.Run("alice - successful request", func(t *testing.T) {
app, router, _ := NewApiTest()
CreateSession(router)
r := PerformRequestWithBody(app, http.MethodPost, "/api/v1/session", `{"username": "alice", "password": "Alice123!"}`)
resEmail := gjson.Get(r.Body.String(), "data.user.PrimaryEmail")
resUsername := gjson.Get(r.Body.String(), "data.user.UserName")
assert.Equal(t, "alice@example.com", resEmail.String())
assert.Equal(t, "alice", resUsername.String())
assert.Equal(t, http.StatusOK, r.Code)
})
t.Run("bob - successful request", func(t *testing.T) {
app, router, _ := NewApiTest()
CreateSession(router)
r := PerformRequestWithBody(app, http.MethodPost, "/api/v1/session", `{"username": "bob", "password": "Bobbob123!"}`)
resEmail := gjson.Get(r.Body.String(), "data.user.PrimaryEmail")
resUsername := gjson.Get(r.Body.String(), "data.user.UserName")
assert.Equal(t, "bob@example.com", resEmail.String())
assert.Equal(t, "bob", resUsername.String())
assert.Equal(t, http.StatusOK, r.Code)
})
t.Run("bob - invalid password", func(t *testing.T) {
app, router, _ := NewApiTest()
CreateSession(router)
r := PerformRequestWithBody(app, http.MethodPost, "/api/v1/session", `{"username": "bob", "password": "helloworld"}`)
val := gjson.Get(r.Body.String(), "error") val := gjson.Get(r.Body.String(), "error")
assert.Equal(t, i18n.Msg(i18n.ErrInvalidCredentials), val.String()) assert.Equal(t, i18n.Msg(i18n.ErrInvalidCredentials), val.String())
assert.Equal(t, http.StatusBadRequest, r.Code) assert.Equal(t, http.StatusBadRequest, r.Code)
@@ -47,15 +75,23 @@ func TestCreateSession(t *testing.T) {
} }
func TestDeleteSession(t *testing.T) { func TestDeleteSession(t *testing.T) {
app, router, _ := NewApiTest() t.Run("delete admin session", func(t *testing.T) {
CreateSession(router) app, router, _, sessId := NewAdminApiTest()
r := PerformRequestWithBody(app, "POST", "/api/v1/session", `{"username": "admin", "password": "photoprism"}`) DeleteSession(router)
id := gjson.Get(r.Body.String(), "id") r := PerformRequest(app, http.MethodDelete, "/api/v1/session/"+sessId)
assert.Equal(t, http.StatusOK, r.Code)
t.Run("successful request", func(t *testing.T) { })
t.Run("delete user session", func(t *testing.T) {
app, router, _, sessId := NewAuthenticatedApiTest("alice", "Alice123!")
DeleteSession(router)
r := PerformRequest(app, http.MethodDelete, "/api/v1/session/"+sessId)
assert.Equal(t, http.StatusOK, r.Code)
})
t.Run("delete invalid session", func(t *testing.T) {
sessId := "638bffc9b86a8fda0d908ebee84a43930cb8d1e3507f4aa0"
app, router, _ := NewApiTest() app, router, _ := NewApiTest()
DeleteSession(router) DeleteSession(router)
r := PerformRequest(app, "DELETE", "/api/v1/session/"+id.String()) r := PerformRequest(app, http.MethodDelete, "/api/v1/session/"+sessId)
assert.Equal(t, http.StatusOK, r.Code) assert.Equal(t, http.StatusOK, r.Code)
}) })
} }