apps/photoprism
1
0
Fork 0
mirror of https://github.com/photoprism/photoprism.git synced 2025-09-26 21:01:58 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
develop
photoprism/internal/api/users_update_test.go
Michael Mayer 61ced7119c Auth: Refactor cluster configuration and provisioning API endpoints #98 
Signed-off-by: Michael Mayer <michael@photoprism.app>
2025-09-24 08:28:38 +02:00

141 lines
4.3 KiB
Go
Raw Permalink Blame History

package api
import (
"encoding/json"
"fmt"
"net/http"
"testing"
"github.com/stretchr/testify/assert"
"github.com/photoprism/photoprism/internal/config"
"github.com/photoprism/photoprism/internal/entity"
"github.com/photoprism/photoprism/internal/form"
)
func TestUpdateUser(t *testing.T) {
t.Run("InvalidRequestBody", func(t *testing.T) {
app, router, conf := NewApiTest()
conf.SetAuthMode(config.AuthModePasswd)
defer conf.SetAuthMode(config.AuthModePublic)
UpdateUser(router)
sessId := AuthenticateUser(app, router, "alice", "Alice123!")
adminUid := entity.Admin.UserUID
reqUrl := fmt.Sprintf("/api/v1/users/%s", adminUid)
t.Logf("Request URL: %s", reqUrl)
r := AuthenticatedRequestWithBody(app, "PUT", reqUrl, "{Email:\"admin@example.com\",Details:{Location:\"WebStorm\"}}", sessId)
assert.Equal(t, http.StatusBadRequest, r.Code)
})
t.Run("PublicMode", func(t *testing.T) {
app, router, _ := NewApiTest()
adminUid := entity.Admin.UserUID
reqUrl := fmt.Sprintf("/api/v1/users/%s", adminUid)
UpdateUser(router)
r := PerformRequestWithBody(app, "PUT", reqUrl, "{foo:123}")
assert.Equal(t, http.StatusForbidden, r.Code)
})
t.Run("Unauthorized", func(t *testing.T) {
app, router, conf := NewApiTest()
conf.SetAuthMode(config.AuthModePasswd)
defer conf.SetAuthMode(config.AuthModePublic)
UpdateUser(router)
sessId := AuthenticateUser(app, router, "jens.mander", "Alice123!")
f := form.User{
DisplayName: "New Name",
}
if userForm, err := json.Marshal(f); err != nil {
log.Fatal(err)
} else {
r := AuthenticatedRequestWithBody(app, "PUT", "/api/v1/users/uqxetse3cy5eo9z2",
string(userForm), sessId)
assert.Equal(t, http.StatusUnauthorized, r.Code)
}
})
t.Run("AliceChangeOwn", func(t *testing.T) {
app, router, conf := NewApiTest()
conf.SetAuthMode(config.AuthModePasswd)
defer conf.SetAuthMode(config.AuthModePublic)
UpdateUser(router)
sessId := AuthenticateUser(app, router, "alice", "Alice123!")
f := form.User{
DisplayName: "Alicia",
UploadPath: "uploads-alice",
}
if userForm, err := json.Marshal(f); err != nil {
log.Fatal(err)
} else {
r := AuthenticatedRequestWithBody(app, "PUT", "/api/v1/users/uqxetse3cy5eo9z2",
string(userForm), sessId)
assert.Equal(t, http.StatusOK, r.Code)
assert.Contains(t, r.Body.String(), "\"DisplayName\":\"Alicia\"")
assert.Contains(t, r.Body.String(), "\"UploadPath\":\"uploads-alice\"")
}
})
t.Run("AliceChangeBob", func(t *testing.T) {
app, router, conf := NewApiTest()
conf.SetAuthMode(config.AuthModePasswd)
defer conf.SetAuthMode(config.AuthModePublic)
UpdateUser(router)
sessId := AuthenticateUser(app, router, "alice", "Alice123!")
f := form.User{
DisplayName: "Bobby",
WebDAV: false,
UploadPath: "uploads-bob",
}
if userForm, err := json.Marshal(f); err != nil {
log.Fatal(err)
} else {
r := AuthenticatedRequestWithBody(app, "PUT", "/api/v1/users/uqxc08w3d0ej2283",
string(userForm), sessId)
assert.Equal(t, http.StatusOK, r.Code)
assert.Contains(t, r.Body.String(), "\"DisplayName\":\"Bobby\"")
assert.Contains(t, r.Body.String(), "\"UploadPath\":\"uploads-bob\"")
}
})
t.Run("BobChangeOwn", func(t *testing.T) {
app, router, conf := NewApiTest()
conf.SetAuthMode(config.AuthModePasswd)
defer conf.SetAuthMode(config.AuthModePublic)
UpdateUser(router)
sessId := AuthenticateUser(app, router, "bob", "Bobbob123!")
f := form.User{
DisplayName: "Bobo",
}
if userForm, err := json.Marshal(f); err != nil {
log.Fatal(err)
} else {
r := AuthenticatedRequestWithBody(app, "PUT", "/api/v1/users/uqxc08w3d0ej2283",
string(userForm), sessId)
assert.Equal(t, http.StatusOK, r.Code)
assert.Contains(t, r.Body.String(), "\"DisplayName\":\"Bobo\"")
}
})
t.Run("UserNotFound", func(t *testing.T) {
app, router, conf := NewApiTest()
conf.SetAuthMode(config.AuthModePasswd)
defer conf.SetAuthMode(config.AuthModePublic)
UpdateUser(router)
sessId := AuthenticateUser(app, router, "alice", "Alice123!")
f := form.User{
DisplayName: "Bobby",
}
if userForm, err := json.Marshal(f); err != nil {
log.Fatal(err)
} else {
r := AuthenticatedRequestWithBody(app, "PUT", "/api/v1/users/uqxc08w3d0ej2555",
string(userForm), sessId)
assert.Equal(t, http.StatusNotFound, r.Code)
}
})
}
Reference in New Issue View Git Blame Copy Permalink