2022-07-06 23:19:05 +02:00
package apis_test
import (
"net/http"
"strings"
"testing"
2022-07-19 16:23:34 +02:00
"time"
2022-07-06 23:19:05 +02:00
"github.com/labstack/echo/v5"
"github.com/pocketbase/dbx"
2022-07-19 13:20:28 +02:00
"github.com/pocketbase/pocketbase/daos"
2022-07-06 23:19:05 +02:00
"github.com/pocketbase/pocketbase/models"
"github.com/pocketbase/pocketbase/tests"
2022-07-19 13:20:28 +02:00
"github.com/pocketbase/pocketbase/tools/types"
2022-07-06 23:19:05 +02:00
)
2023-01-15 17:00:28 +02:00
func TestAdminAuthWithPassword ( t * testing . T ) {
2022-07-06 23:19:05 +02:00
scenarios := [ ] tests . ApiScenario {
{
Name : "empty data" ,
Method : http . MethodPost ,
2022-10-30 10:28:14 +02:00
Url : "/api/admins/auth-with-password" ,
2022-07-06 23:19:05 +02:00
Body : strings . NewReader ( ` ` ) ,
ExpectedStatus : 400 ,
2022-10-30 10:28:14 +02:00
ExpectedContent : [ ] string { ` "data": { "identity": { "code":"validation_required","message":"Cannot be blank."},"password": { "code":"validation_required","message":"Cannot be blank."}} ` } ,
2022-07-06 23:19:05 +02:00
} ,
{
Name : "invalid data" ,
Method : http . MethodPost ,
2022-10-30 10:28:14 +02:00
Url : "/api/admins/auth-with-password" ,
2022-07-06 23:19:05 +02:00
Body : strings . NewReader ( ` { ` ) ,
ExpectedStatus : 400 ,
ExpectedContent : [ ] string { ` "data": { } ` } ,
} ,
{
2022-10-30 10:28:14 +02:00
Name : "wrong email" ,
Method : http . MethodPost ,
Url : "/api/admins/auth-with-password" ,
Body : strings . NewReader ( ` { "identity":"missing@example.com","password":"1234567890"} ` ) ,
ExpectedStatus : 400 ,
ExpectedContent : [ ] string { ` "data": { } ` } ,
2023-01-15 17:00:28 +02:00
ExpectedEvents : map [ string ] int {
"OnAdminBeforeAuthWithPasswordRequest" : 1 ,
} ,
2022-10-30 10:28:14 +02:00
} ,
{
Name : "wrong password" ,
2022-07-06 23:19:05 +02:00
Method : http . MethodPost ,
2022-10-30 10:28:14 +02:00
Url : "/api/admins/auth-with-password" ,
Body : strings . NewReader ( ` { "identity":"test@example.com","password":"invalid"} ` ) ,
2022-07-06 23:19:05 +02:00
ExpectedStatus : 400 ,
ExpectedContent : [ ] string { ` "data": { } ` } ,
2023-01-15 17:00:28 +02:00
ExpectedEvents : map [ string ] int {
"OnAdminBeforeAuthWithPasswordRequest" : 1 ,
} ,
2022-07-06 23:19:05 +02:00
} ,
2023-01-07 22:25:56 +02:00
{
Name : "valid email/password (guest)" ,
Method : http . MethodPost ,
Url : "/api/admins/auth-with-password" ,
Body : strings . NewReader ( ` { "identity":"test@example.com","password":"1234567890"} ` ) ,
ExpectedStatus : 200 ,
ExpectedContent : [ ] string {
` "admin": { "id":"sywbhecnh46rhm0" ` ,
` "token": ` ,
} ,
ExpectedEvents : map [ string ] int {
2023-01-15 17:00:28 +02:00
"OnAdminBeforeAuthWithPasswordRequest" : 1 ,
"OnAdminAfterAuthWithPasswordRequest" : 1 ,
"OnAdminAuthRequest" : 1 ,
2023-01-07 22:25:56 +02:00
} ,
} ,
2022-07-06 23:19:05 +02:00
{
Name : "valid email/password (already authorized)" ,
Method : http . MethodPost ,
2022-10-30 10:28:14 +02:00
Url : "/api/admins/auth-with-password" ,
Body : strings . NewReader ( ` { "identity":"test@example.com","password":"1234567890"} ` ) ,
2022-07-06 23:19:05 +02:00
RequestHeaders : map [ string ] string {
2022-10-30 10:28:14 +02:00
"Authorization" : "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6InN5d2JoZWNuaDQ2cmhtMCIsInR5cGUiOiJhZG1pbiIsImV4cCI6MjIwODk4MTYwMH0.han3_sG65zLddpcX2ic78qgy7FKecuPfOpFa8Dvi5Bg" ,
2022-07-06 23:19:05 +02:00
} ,
ExpectedStatus : 200 ,
ExpectedContent : [ ] string {
2022-10-30 10:28:14 +02:00
` "admin": { "id":"sywbhecnh46rhm0" ` ,
2022-07-06 23:19:05 +02:00
` "token": ` ,
} ,
ExpectedEvents : map [ string ] int {
2023-01-15 17:00:28 +02:00
"OnAdminBeforeAuthWithPasswordRequest" : 1 ,
"OnAdminAfterAuthWithPasswordRequest" : 1 ,
"OnAdminAuthRequest" : 1 ,
2022-07-06 23:19:05 +02:00
} ,
} ,
}
for _ , scenario := range scenarios {
scenario . Test ( t )
}
}
func TestAdminRequestPasswordReset ( t * testing . T ) {
scenarios := [ ] tests . ApiScenario {
{
Name : "empty data" ,
Method : http . MethodPost ,
Url : "/api/admins/request-password-reset" ,
Body : strings . NewReader ( ` ` ) ,
ExpectedStatus : 400 ,
ExpectedContent : [ ] string { ` "data": { "email": { "code":"validation_required","message":"Cannot be blank."}} ` } ,
} ,
{
Name : "invalid data" ,
Method : http . MethodPost ,
Url : "/api/admins/request-password-reset" ,
Body : strings . NewReader ( ` { "email ` ) ,
ExpectedStatus : 400 ,
ExpectedContent : [ ] string { ` "data": { } ` } ,
} ,
{
Name : "missing admin" ,
Method : http . MethodPost ,
Url : "/api/admins/request-password-reset" ,
Body : strings . NewReader ( ` { "email":"missing@example.com"} ` ) ,
2022-07-19 16:23:34 +02:00
Delay : 100 * time . Millisecond ,
2022-07-06 23:19:05 +02:00
ExpectedStatus : 204 ,
} ,
{
Name : "existing admin" ,
Method : http . MethodPost ,
Url : "/api/admins/request-password-reset" ,
Body : strings . NewReader ( ` { "email":"test@example.com"} ` ) ,
2022-07-19 16:23:34 +02:00
Delay : 100 * time . Millisecond ,
2022-07-06 23:19:05 +02:00
ExpectedStatus : 204 ,
2022-07-19 13:20:28 +02:00
ExpectedEvents : map [ string ] int {
2023-01-15 17:00:28 +02:00
"OnModelBeforeUpdate" : 1 ,
"OnModelAfterUpdate" : 1 ,
"OnMailerBeforeAdminResetPasswordSend" : 1 ,
"OnMailerAfterAdminResetPasswordSend" : 1 ,
"OnAdminBeforeRequestPasswordResetRequest" : 1 ,
"OnAdminAfterRequestPasswordResetRequest" : 1 ,
2022-07-19 13:20:28 +02:00
} ,
2022-07-06 23:19:05 +02:00
} ,
{
Name : "existing admin (after already sent)" ,
Method : http . MethodPost ,
Url : "/api/admins/request-password-reset" ,
Body : strings . NewReader ( ` { "email":"test@example.com"} ` ) ,
2022-07-19 16:23:34 +02:00
Delay : 100 * time . Millisecond ,
2022-07-06 23:19:05 +02:00
ExpectedStatus : 204 ,
2022-09-07 19:31:05 +02:00
BeforeTestFunc : func ( t * testing . T , app * tests . TestApp , e * echo . Echo ) {
2022-07-19 13:20:28 +02:00
// simulate recent password request
admin , err := app . Dao ( ) . FindAdminByEmail ( "test@example.com" )
if err != nil {
t . Fatal ( err )
}
admin . LastResetSentAt = types . NowDateTime ( )
dao := daos . New ( app . Dao ( ) . DB ( ) ) // new dao to ignore hooks
if err := dao . Save ( admin ) ; err != nil {
t . Fatal ( err )
}
} ,
2022-07-06 23:19:05 +02:00
} ,
}
for _ , scenario := range scenarios {
scenario . Test ( t )
}
}
func TestAdminConfirmPasswordReset ( t * testing . T ) {
scenarios := [ ] tests . ApiScenario {
{
Name : "empty data" ,
Method : http . MethodPost ,
Url : "/api/admins/confirm-password-reset" ,
Body : strings . NewReader ( ` ` ) ,
ExpectedStatus : 400 ,
ExpectedContent : [ ] string { ` "data": { "password": { "code":"validation_required","message":"Cannot be blank."},"passwordConfirm": { "code":"validation_required","message":"Cannot be blank."},"token": { "code":"validation_required","message":"Cannot be blank."}} ` } ,
} ,
{
Name : "invalid data" ,
Method : http . MethodPost ,
Url : "/api/admins/confirm-password-reset" ,
Body : strings . NewReader ( ` { "password ` ) ,
ExpectedStatus : 400 ,
ExpectedContent : [ ] string { ` "data": { } ` } ,
} ,
{
2022-10-30 10:28:14 +02:00
Name : "expired token" ,
Method : http . MethodPost ,
Url : "/api/admins/confirm-password-reset" ,
Body : strings . NewReader ( ` {
"token" : "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6InN5d2JoZWNuaDQ2cmhtMCIsInR5cGUiOiJhZG1pbiIsImVtYWlsIjoidGVzdEBleGFtcGxlLmNvbSIsImV4cCI6MTY0MDk5MTY2MX0.GLwCOsgWTTEKXTK-AyGW838de1OeZGIjfHH0FoRLqZg" ,
"password" : "1234567890" ,
"passwordConfirm" : "1234567890"
} ` ) ,
2022-07-06 23:19:05 +02:00
ExpectedStatus : 400 ,
ExpectedContent : [ ] string { ` "data": { "token": { "code":"validation_invalid_token","message":"Invalid or expired token."}}} ` } ,
} ,
{
2022-10-30 10:28:14 +02:00
Name : "valid token + invalid password" ,
Method : http . MethodPost ,
Url : "/api/admins/confirm-password-reset" ,
Body : strings . NewReader ( ` {
"token" : "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6InN5d2JoZWNuaDQ2cmhtMCIsInR5cGUiOiJhZG1pbiIsImVtYWlsIjoidGVzdEBleGFtcGxlLmNvbSIsImV4cCI6MjIwODk4MTYwMH0.kwFEler6KSMKJNstuaSDvE1QnNdCta5qSnjaIQ0hhhc" ,
"password" : "123456" ,
"passwordConfirm" : "123456"
} ` ) ,
ExpectedStatus : 400 ,
ExpectedContent : [ ] string { ` "data": { "password": { "code":"validation_length_out_of_range" ` } ,
} ,
{
Name : "valid token + valid password" ,
Method : http . MethodPost ,
Url : "/api/admins/confirm-password-reset" ,
Body : strings . NewReader ( ` {
"token" : "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6InN5d2JoZWNuaDQ2cmhtMCIsInR5cGUiOiJhZG1pbiIsImVtYWlsIjoidGVzdEBleGFtcGxlLmNvbSIsImV4cCI6MjIwODk4MTYwMH0.kwFEler6KSMKJNstuaSDvE1QnNdCta5qSnjaIQ0hhhc" ,
"password" : "1234567891" ,
"passwordConfirm" : "1234567891"
} ` ) ,
2022-11-08 18:12:37 +02:00
ExpectedStatus : 204 ,
2022-07-06 23:19:05 +02:00
ExpectedEvents : map [ string ] int {
2023-01-15 17:00:28 +02:00
"OnModelBeforeUpdate" : 1 ,
"OnModelAfterUpdate" : 1 ,
"OnAdminBeforeConfirmPasswordResetRequest" : 1 ,
"OnAdminAfterConfirmPasswordResetRequest" : 1 ,
2022-07-06 23:19:05 +02:00
} ,
} ,
}
for _ , scenario := range scenarios {
scenario . Test ( t )
}
}
func TestAdminRefresh ( t * testing . T ) {
scenarios := [ ] tests . ApiScenario {
{
Name : "unauthorized" ,
Method : http . MethodPost ,
2022-10-30 10:28:14 +02:00
Url : "/api/admins/auth-refresh" ,
2022-07-06 23:19:05 +02:00
ExpectedStatus : 401 ,
ExpectedContent : [ ] string { ` "data": { } ` } ,
} ,
{
Name : "authorized as user" ,
Method : http . MethodPost ,
2022-10-30 10:28:14 +02:00
Url : "/api/admins/auth-refresh" ,
2022-07-06 23:19:05 +02:00
RequestHeaders : map [ string ] string {
2022-10-30 10:28:14 +02:00
"Authorization" : "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6IjRxMXhsY2xtZmxva3UzMyIsInR5cGUiOiJhdXRoUmVjb3JkIiwiY29sbGVjdGlvbklkIjoiX3BiX3VzZXJzX2F1dGhfIiwiZXhwIjoyMjA4OTg1MjYxfQ.UwD8JvkbQtXpymT09d7J6fdA0aP9g4FJ1GPh_ggEkzc" ,
2022-07-06 23:19:05 +02:00
} ,
ExpectedStatus : 401 ,
ExpectedContent : [ ] string { ` "data": { } ` } ,
} ,
{
2022-10-30 10:28:14 +02:00
Name : "authorized as admin (expired token)" ,
Method : http . MethodPost ,
Url : "/api/admins/auth-refresh" ,
RequestHeaders : map [ string ] string {
"Authorization" : "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6InN5d2JoZWNuaDQ2cmhtMCIsInR5cGUiOiJhZG1pbiIsImV4cCI6MTY0MDk5MTY2MX0.I7w8iktkleQvC7_UIRpD7rNzcU4OnF7i7SFIUu6lD_4" ,
} ,
ExpectedStatus : 401 ,
ExpectedContent : [ ] string { ` "data": { } ` } ,
} ,
{
Name : "authorized as admin (valid token)" ,
2022-07-06 23:19:05 +02:00
Method : http . MethodPost ,
2022-10-30 10:28:14 +02:00
Url : "/api/admins/auth-refresh" ,
2022-07-06 23:19:05 +02:00
RequestHeaders : map [ string ] string {
2022-10-30 10:28:14 +02:00
"Authorization" : "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6InN5d2JoZWNuaDQ2cmhtMCIsInR5cGUiOiJhZG1pbiIsImV4cCI6MjIwODk4NTI2MX0.M1m--VOqGyv0d23eeUc0r9xE8ZzHaYVmVFw1VZW6gT8" ,
2022-07-06 23:19:05 +02:00
} ,
ExpectedStatus : 200 ,
ExpectedContent : [ ] string {
2022-10-30 10:28:14 +02:00
` "admin": { "id":"sywbhecnh46rhm0" ` ,
2022-07-06 23:19:05 +02:00
` "token": ` ,
} ,
ExpectedEvents : map [ string ] int {
2023-01-15 17:00:28 +02:00
"OnAdminAuthRequest" : 1 ,
"OnAdminBeforeAuthRefreshRequest" : 1 ,
"OnAdminAfterAuthRefreshRequest" : 1 ,
2022-07-06 23:19:05 +02:00
} ,
} ,
}
for _ , scenario := range scenarios {
scenario . Test ( t )
}
}
func TestAdminsList ( t * testing . T ) {
scenarios := [ ] tests . ApiScenario {
{
Name : "unauthorized" ,
Method : http . MethodGet ,
Url : "/api/admins" ,
ExpectedStatus : 401 ,
ExpectedContent : [ ] string { ` "data": { } ` } ,
} ,
{
Name : "authorized as user" ,
Method : http . MethodGet ,
Url : "/api/admins" ,
RequestHeaders : map [ string ] string {
2022-10-30 10:28:14 +02:00
"Authorization" : "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6IjRxMXhsY2xtZmxva3UzMyIsInR5cGUiOiJhdXRoUmVjb3JkIiwiY29sbGVjdGlvbklkIjoiX3BiX3VzZXJzX2F1dGhfIiwiZXhwIjoyMjA4OTg1MjYxfQ.UwD8JvkbQtXpymT09d7J6fdA0aP9g4FJ1GPh_ggEkzc" ,
2022-07-06 23:19:05 +02:00
} ,
ExpectedStatus : 401 ,
ExpectedContent : [ ] string { ` "data": { } ` } ,
} ,
{
Name : "authorized as admin" ,
Method : http . MethodGet ,
Url : "/api/admins" ,
RequestHeaders : map [ string ] string {
2022-10-30 10:28:14 +02:00
"Authorization" : "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6InN5d2JoZWNuaDQ2cmhtMCIsInR5cGUiOiJhZG1pbiIsImV4cCI6MjIwODk4NTI2MX0.M1m--VOqGyv0d23eeUc0r9xE8ZzHaYVmVFw1VZW6gT8" ,
2022-07-06 23:19:05 +02:00
} ,
ExpectedStatus : 200 ,
ExpectedContent : [ ] string {
` "page":1 ` ,
` "perPage":30 ` ,
2022-10-30 10:28:14 +02:00
` "totalItems":3 ` ,
2022-07-06 23:19:05 +02:00
` "items":[ { ` ,
2022-10-30 10:28:14 +02:00
` "id":"sywbhecnh46rhm0" ` ,
` "id":"sbmbsdb40jyxf7h" ` ,
` "id":"9q2trqumvlyr3bd" ` ,
2022-07-06 23:19:05 +02:00
} ,
ExpectedEvents : map [ string ] int {
"OnAdminsListRequest" : 1 ,
} ,
} ,
{
Name : "authorized as admin + paging and sorting" ,
Method : http . MethodGet ,
Url : "/api/admins?page=2&perPage=1&sort=-created" ,
RequestHeaders : map [ string ] string {
2022-10-30 10:28:14 +02:00
"Authorization" : "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6InN5d2JoZWNuaDQ2cmhtMCIsInR5cGUiOiJhZG1pbiIsImV4cCI6MjIwODk4NTI2MX0.M1m--VOqGyv0d23eeUc0r9xE8ZzHaYVmVFw1VZW6gT8" ,
2022-07-06 23:19:05 +02:00
} ,
ExpectedStatus : 200 ,
ExpectedContent : [ ] string {
` "page":2 ` ,
` "perPage":1 ` ,
2022-10-30 10:28:14 +02:00
` "totalItems":3 ` ,
2022-07-06 23:19:05 +02:00
` "items":[ { ` ,
2022-10-30 10:28:14 +02:00
` "id":"sbmbsdb40jyxf7h" ` ,
} ,
NotExpectedContent : [ ] string {
` "tokenKey" ` ,
` "passwordHash" ` ,
2022-07-06 23:19:05 +02:00
} ,
ExpectedEvents : map [ string ] int {
"OnAdminsListRequest" : 1 ,
} ,
} ,
{
Name : "authorized as admin + invalid filter" ,
Method : http . MethodGet ,
Url : "/api/admins?filter=invalidfield~'test2'" ,
RequestHeaders : map [ string ] string {
2022-10-30 10:28:14 +02:00
"Authorization" : "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6InN5d2JoZWNuaDQ2cmhtMCIsInR5cGUiOiJhZG1pbiIsImV4cCI6MjIwODk4NTI2MX0.M1m--VOqGyv0d23eeUc0r9xE8ZzHaYVmVFw1VZW6gT8" ,
2022-07-06 23:19:05 +02:00
} ,
ExpectedStatus : 400 ,
ExpectedContent : [ ] string { ` "data": { } ` } ,
} ,
{
Name : "authorized as admin + valid filter" ,
Method : http . MethodGet ,
2022-10-30 10:28:14 +02:00
Url : "/api/admins?filter=email~'test3'" ,
2022-07-06 23:19:05 +02:00
RequestHeaders : map [ string ] string {
2022-10-30 10:28:14 +02:00
"Authorization" : "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6InN5d2JoZWNuaDQ2cmhtMCIsInR5cGUiOiJhZG1pbiIsImV4cCI6MjIwODk4NTI2MX0.M1m--VOqGyv0d23eeUc0r9xE8ZzHaYVmVFw1VZW6gT8" ,
2022-07-06 23:19:05 +02:00
} ,
ExpectedStatus : 200 ,
ExpectedContent : [ ] string {
` "page":1 ` ,
` "perPage":30 ` ,
` "totalItems":1 ` ,
` "items":[ { ` ,
2022-10-30 10:28:14 +02:00
` "id":"9q2trqumvlyr3bd" ` ,
} ,
NotExpectedContent : [ ] string {
` "tokenKey" ` ,
` "passwordHash" ` ,
2022-07-06 23:19:05 +02:00
} ,
ExpectedEvents : map [ string ] int {
"OnAdminsListRequest" : 1 ,
} ,
} ,
}
for _ , scenario := range scenarios {
scenario . Test ( t )
}
}
func TestAdminView ( t * testing . T ) {
scenarios := [ ] tests . ApiScenario {
{
Name : "unauthorized" ,
Method : http . MethodGet ,
2022-10-30 10:28:14 +02:00
Url : "/api/admins/sbmbsdb40jyxf7h" ,
2022-07-06 23:19:05 +02:00
ExpectedStatus : 401 ,
ExpectedContent : [ ] string { ` "data": { } ` } ,
} ,
{
Name : "authorized as user" ,
Method : http . MethodGet ,
2022-10-30 10:28:14 +02:00
Url : "/api/admins/sbmbsdb40jyxf7h" ,
2022-07-06 23:19:05 +02:00
RequestHeaders : map [ string ] string {
2022-10-30 10:28:14 +02:00
"Authorization" : "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6IjRxMXhsY2xtZmxva3UzMyIsInR5cGUiOiJhdXRoUmVjb3JkIiwiY29sbGVjdGlvbklkIjoiX3BiX3VzZXJzX2F1dGhfIiwiZXhwIjoyMjA4OTg1MjYxfQ.UwD8JvkbQtXpymT09d7J6fdA0aP9g4FJ1GPh_ggEkzc" ,
2022-07-06 23:19:05 +02:00
} ,
ExpectedStatus : 401 ,
ExpectedContent : [ ] string { ` "data": { } ` } ,
} ,
{
Name : "authorized as admin + nonexisting admin id" ,
Method : http . MethodGet ,
2022-10-30 10:28:14 +02:00
Url : "/api/admins/nonexisting" ,
2022-07-06 23:19:05 +02:00
RequestHeaders : map [ string ] string {
2022-10-30 10:28:14 +02:00
"Authorization" : "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6InN5d2JoZWNuaDQ2cmhtMCIsInR5cGUiOiJhZG1pbiIsImV4cCI6MjIwODk4NTI2MX0.M1m--VOqGyv0d23eeUc0r9xE8ZzHaYVmVFw1VZW6gT8" ,
2022-07-06 23:19:05 +02:00
} ,
ExpectedStatus : 404 ,
ExpectedContent : [ ] string { ` "data": { } ` } ,
} ,
{
Name : "authorized as admin + existing admin id" ,
Method : http . MethodGet ,
2022-10-30 10:28:14 +02:00
Url : "/api/admins/sbmbsdb40jyxf7h" ,
2022-07-06 23:19:05 +02:00
RequestHeaders : map [ string ] string {
2022-10-30 10:28:14 +02:00
"Authorization" : "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6InN5d2JoZWNuaDQ2cmhtMCIsInR5cGUiOiJhZG1pbiIsImV4cCI6MjIwODk4NTI2MX0.M1m--VOqGyv0d23eeUc0r9xE8ZzHaYVmVFw1VZW6gT8" ,
2022-07-06 23:19:05 +02:00
} ,
ExpectedStatus : 200 ,
ExpectedContent : [ ] string {
2022-10-30 10:28:14 +02:00
` "id":"sbmbsdb40jyxf7h" ` ,
} ,
NotExpectedContent : [ ] string {
` "tokenKey" ` ,
` "passwordHash" ` ,
2022-07-06 23:19:05 +02:00
} ,
ExpectedEvents : map [ string ] int {
"OnAdminViewRequest" : 1 ,
} ,
} ,
}
for _ , scenario := range scenarios {
scenario . Test ( t )
}
}
func TestAdminDelete ( t * testing . T ) {
scenarios := [ ] tests . ApiScenario {
{
Name : "unauthorized" ,
Method : http . MethodDelete ,
2022-10-30 10:28:14 +02:00
Url : "/api/admins/sbmbsdb40jyxf7h" ,
2022-07-06 23:19:05 +02:00
ExpectedStatus : 401 ,
ExpectedContent : [ ] string { ` "data": { } ` } ,
} ,
{
Name : "authorized as user" ,
Method : http . MethodDelete ,
2022-10-30 10:28:14 +02:00
Url : "/api/admins/sbmbsdb40jyxf7h" ,
2022-07-06 23:19:05 +02:00
RequestHeaders : map [ string ] string {
2022-10-30 10:28:14 +02:00
"Authorization" : "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6IjRxMXhsY2xtZmxva3UzMyIsInR5cGUiOiJhdXRoUmVjb3JkIiwiY29sbGVjdGlvbklkIjoiX3BiX3VzZXJzX2F1dGhfIiwiZXhwIjoyMjA4OTg1MjYxfQ.UwD8JvkbQtXpymT09d7J6fdA0aP9g4FJ1GPh_ggEkzc" ,
2022-07-06 23:19:05 +02:00
} ,
ExpectedStatus : 401 ,
ExpectedContent : [ ] string { ` "data": { } ` } ,
} ,
{
2022-10-30 10:28:14 +02:00
Name : "authorized as admin + missing admin id" ,
2022-07-06 23:19:05 +02:00
Method : http . MethodDelete ,
2022-10-30 10:28:14 +02:00
Url : "/api/admins/missing" ,
2022-07-06 23:19:05 +02:00
RequestHeaders : map [ string ] string {
2022-10-30 10:28:14 +02:00
"Authorization" : "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6InN5d2JoZWNuaDQ2cmhtMCIsInR5cGUiOiJhZG1pbiIsImV4cCI6MjIwODk4NTI2MX0.M1m--VOqGyv0d23eeUc0r9xE8ZzHaYVmVFw1VZW6gT8" ,
2022-07-06 23:19:05 +02:00
} ,
ExpectedStatus : 404 ,
ExpectedContent : [ ] string { ` "data": { } ` } ,
} ,
{
Name : "authorized as admin + existing admin id" ,
Method : http . MethodDelete ,
2022-10-30 10:28:14 +02:00
Url : "/api/admins/sbmbsdb40jyxf7h" ,
2022-07-06 23:19:05 +02:00
RequestHeaders : map [ string ] string {
2022-10-30 10:28:14 +02:00
"Authorization" : "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6InN5d2JoZWNuaDQ2cmhtMCIsInR5cGUiOiJhZG1pbiIsImV4cCI6MjIwODk4NTI2MX0.M1m--VOqGyv0d23eeUc0r9xE8ZzHaYVmVFw1VZW6gT8" ,
2022-07-06 23:19:05 +02:00
} ,
ExpectedStatus : 204 ,
ExpectedEvents : map [ string ] int {
"OnModelBeforeDelete" : 1 ,
"OnModelAfterDelete" : 1 ,
"OnAdminBeforeDeleteRequest" : 1 ,
"OnAdminAfterDeleteRequest" : 1 ,
} ,
} ,
{
Name : "authorized as admin - try to delete the only remaining admin" ,
Method : http . MethodDelete ,
2022-10-30 10:28:14 +02:00
Url : "/api/admins/sywbhecnh46rhm0" ,
2022-07-06 23:19:05 +02:00
RequestHeaders : map [ string ] string {
2022-10-30 10:28:14 +02:00
"Authorization" : "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6InN5d2JoZWNuaDQ2cmhtMCIsInR5cGUiOiJhZG1pbiIsImV4cCI6MjIwODk4NTI2MX0.M1m--VOqGyv0d23eeUc0r9xE8ZzHaYVmVFw1VZW6gT8" ,
2022-07-06 23:19:05 +02:00
} ,
2022-09-07 19:31:05 +02:00
BeforeTestFunc : func ( t * testing . T , app * tests . TestApp , e * echo . Echo ) {
2022-07-06 23:19:05 +02:00
// delete all admins except the authorized one
adminModel := & models . Admin { }
_ , err := app . Dao ( ) . DB ( ) . Delete ( adminModel . TableName ( ) , dbx . Not ( dbx . HashExp {
2022-10-30 10:28:14 +02:00
"id" : "sywbhecnh46rhm0" ,
2022-07-06 23:19:05 +02:00
} ) ) . Execute ( )
if err != nil {
t . Fatal ( err )
}
} ,
ExpectedStatus : 400 ,
ExpectedContent : [ ] string { ` "data": { } ` } ,
ExpectedEvents : map [ string ] int {
"OnAdminBeforeDeleteRequest" : 1 ,
} ,
} ,
}
for _ , scenario := range scenarios {
scenario . Test ( t )
}
}
func TestAdminCreate ( t * testing . T ) {
scenarios := [ ] tests . ApiScenario {
{
2022-07-10 10:46:21 +02:00
Name : "unauthorized (while having at least 1 existing admin)" ,
2022-07-06 23:19:05 +02:00
Method : http . MethodPost ,
Url : "/api/admins" ,
ExpectedStatus : 401 ,
ExpectedContent : [ ] string { ` "data": { } ` } ,
} ,
2022-07-10 10:46:21 +02:00
{
Name : "unauthorized (while having 0 existing admins)" ,
Method : http . MethodPost ,
Url : "/api/admins" ,
Body : strings . NewReader ( ` { "email":"testnew@example.com","password":"1234567890","passwordConfirm":"1234567890","avatar":3} ` ) ,
2022-09-07 19:31:05 +02:00
BeforeTestFunc : func ( t * testing . T , app * tests . TestApp , e * echo . Echo ) {
2022-07-10 10:46:21 +02:00
// delete all admins
_ , err := app . Dao ( ) . DB ( ) . NewQuery ( "DELETE FROM {{_admins}}" ) . Execute ( )
if err != nil {
t . Fatal ( err )
}
} ,
ExpectedStatus : 200 ,
ExpectedContent : [ ] string {
` "id": ` ,
` "email":"testnew@example.com" ` ,
` "avatar":3 ` ,
} ,
ExpectedEvents : map [ string ] int {
"OnModelBeforeCreate" : 1 ,
"OnModelAfterCreate" : 1 ,
"OnAdminBeforeCreateRequest" : 1 ,
"OnAdminAfterCreateRequest" : 1 ,
} ,
} ,
2022-07-06 23:19:05 +02:00
{
Name : "authorized as user" ,
Method : http . MethodPost ,
Url : "/api/admins" ,
RequestHeaders : map [ string ] string {
2022-10-30 10:28:14 +02:00
"Authorization" : "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6IjRxMXhsY2xtZmxva3UzMyIsInR5cGUiOiJhdXRoUmVjb3JkIiwiY29sbGVjdGlvbklkIjoiX3BiX3VzZXJzX2F1dGhfIiwiZXhwIjoyMjA4OTg1MjYxfQ.UwD8JvkbQtXpymT09d7J6fdA0aP9g4FJ1GPh_ggEkzc" ,
2022-07-06 23:19:05 +02:00
} ,
ExpectedStatus : 401 ,
ExpectedContent : [ ] string { ` "data": { } ` } ,
} ,
{
Name : "authorized as admin + empty data" ,
Method : http . MethodPost ,
Url : "/api/admins" ,
Body : strings . NewReader ( ` ` ) ,
RequestHeaders : map [ string ] string {
2022-10-30 10:28:14 +02:00
"Authorization" : "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6InN5d2JoZWNuaDQ2cmhtMCIsInR5cGUiOiJhZG1pbiIsImV4cCI6MjIwODk4NTI2MX0.M1m--VOqGyv0d23eeUc0r9xE8ZzHaYVmVFw1VZW6gT8" ,
2022-07-06 23:19:05 +02:00
} ,
ExpectedStatus : 400 ,
ExpectedContent : [ ] string { ` "data": { "email": { "code":"validation_required","message":"Cannot be blank."},"password": { "code":"validation_required","message":"Cannot be blank."}} ` } ,
} ,
{
Name : "authorized as admin + invalid data format" ,
Method : http . MethodPost ,
Url : "/api/admins" ,
Body : strings . NewReader ( ` { ` ) ,
RequestHeaders : map [ string ] string {
2022-10-30 10:28:14 +02:00
"Authorization" : "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6InN5d2JoZWNuaDQ2cmhtMCIsInR5cGUiOiJhZG1pbiIsImV4cCI6MjIwODk4NTI2MX0.M1m--VOqGyv0d23eeUc0r9xE8ZzHaYVmVFw1VZW6gT8" ,
2022-07-06 23:19:05 +02:00
} ,
ExpectedStatus : 400 ,
ExpectedContent : [ ] string { ` "data": { } ` } ,
} ,
{
Name : "authorized as admin + invalid data" ,
Method : http . MethodPost ,
Url : "/api/admins" ,
2022-10-30 10:28:14 +02:00
Body : strings . NewReader ( ` {
"email" : "test@example.com" ,
"password" : "1234" ,
"passwordConfirm" : "4321" ,
"avatar" : 99
} ` ) ,
2022-07-06 23:19:05 +02:00
RequestHeaders : map [ string ] string {
2022-10-30 10:28:14 +02:00
"Authorization" : "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6InN5d2JoZWNuaDQ2cmhtMCIsInR5cGUiOiJhZG1pbiIsImV4cCI6MjIwODk4NTI2MX0.M1m--VOqGyv0d23eeUc0r9xE8ZzHaYVmVFw1VZW6gT8" ,
} ,
ExpectedStatus : 400 ,
ExpectedContent : [ ] string {
` "data": { ` ,
` "avatar": { "code":"validation_max_less_equal_than_required" ` ,
` "email": { "code":"validation_admin_email_exists" ` ,
` "password": { "code":"validation_length_out_of_range" ` ,
` "passwordConfirm": { "code":"validation_values_mismatch" ` ,
2022-07-06 23:19:05 +02:00
} ,
} ,
{
Name : "authorized as admin + valid data" ,
Method : http . MethodPost ,
Url : "/api/admins" ,
2022-10-30 10:28:14 +02:00
Body : strings . NewReader ( ` {
"email" : "testnew@example.com" ,
"password" : "1234567890" ,
"passwordConfirm" : "1234567890" ,
"avatar" : 3
} ` ) ,
2022-07-06 23:19:05 +02:00
RequestHeaders : map [ string ] string {
2022-10-30 10:28:14 +02:00
"Authorization" : "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6InN5d2JoZWNuaDQ2cmhtMCIsInR5cGUiOiJhZG1pbiIsImV4cCI6MjIwODk4NTI2MX0.M1m--VOqGyv0d23eeUc0r9xE8ZzHaYVmVFw1VZW6gT8" ,
2022-07-06 23:19:05 +02:00
} ,
ExpectedStatus : 200 ,
ExpectedContent : [ ] string {
` "id": ` ,
` "email":"testnew@example.com" ` ,
` "avatar":3 ` ,
} ,
2022-10-30 10:28:14 +02:00
NotExpectedContent : [ ] string {
` "password" ` ,
` "passwordConfirm" ` ,
` "tokenKey" ` ,
` "passwordHash" ` ,
} ,
2022-07-06 23:19:05 +02:00
ExpectedEvents : map [ string ] int {
"OnModelBeforeCreate" : 1 ,
"OnModelAfterCreate" : 1 ,
"OnAdminBeforeCreateRequest" : 1 ,
"OnAdminAfterCreateRequest" : 1 ,
} ,
} ,
}
for _ , scenario := range scenarios {
scenario . Test ( t )
}
}
func TestAdminUpdate ( t * testing . T ) {
scenarios := [ ] tests . ApiScenario {
{
Name : "unauthorized" ,
Method : http . MethodPatch ,
2022-10-30 10:28:14 +02:00
Url : "/api/admins/sbmbsdb40jyxf7h" ,
2022-07-06 23:19:05 +02:00
ExpectedStatus : 401 ,
ExpectedContent : [ ] string { ` "data": { } ` } ,
} ,
{
Name : "authorized as user" ,
Method : http . MethodPatch ,
2022-10-30 10:28:14 +02:00
Url : "/api/admins/sbmbsdb40jyxf7h" ,
2022-07-06 23:19:05 +02:00
RequestHeaders : map [ string ] string {
2022-10-30 10:28:14 +02:00
"Authorization" : "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6IjRxMXhsY2xtZmxva3UzMyIsInR5cGUiOiJhdXRoUmVjb3JkIiwiY29sbGVjdGlvbklkIjoiX3BiX3VzZXJzX2F1dGhfIiwiZXhwIjoyMjA4OTg1MjYxfQ.UwD8JvkbQtXpymT09d7J6fdA0aP9g4FJ1GPh_ggEkzc" ,
2022-07-06 23:19:05 +02:00
} ,
ExpectedStatus : 401 ,
ExpectedContent : [ ] string { ` "data": { } ` } ,
} ,
{
2022-10-30 10:28:14 +02:00
Name : "authorized as admin + missing admin" ,
2022-07-06 23:19:05 +02:00
Method : http . MethodPatch ,
2022-10-30 10:28:14 +02:00
Url : "/api/admins/missing" ,
2022-07-06 23:19:05 +02:00
Body : strings . NewReader ( ` ` ) ,
RequestHeaders : map [ string ] string {
2022-10-30 10:28:14 +02:00
"Authorization" : "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6InN5d2JoZWNuaDQ2cmhtMCIsInR5cGUiOiJhZG1pbiIsImV4cCI6MjIwODk4NTI2MX0.M1m--VOqGyv0d23eeUc0r9xE8ZzHaYVmVFw1VZW6gT8" ,
2022-07-06 23:19:05 +02:00
} ,
ExpectedStatus : 404 ,
ExpectedContent : [ ] string { ` "data": { } ` } ,
} ,
{
Name : "authorized as admin + empty data" ,
Method : http . MethodPatch ,
2022-10-30 10:28:14 +02:00
Url : "/api/admins/sbmbsdb40jyxf7h" ,
2022-07-06 23:19:05 +02:00
Body : strings . NewReader ( ` ` ) ,
RequestHeaders : map [ string ] string {
2022-10-30 10:28:14 +02:00
"Authorization" : "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6InN5d2JoZWNuaDQ2cmhtMCIsInR5cGUiOiJhZG1pbiIsImV4cCI6MjIwODk4NTI2MX0.M1m--VOqGyv0d23eeUc0r9xE8ZzHaYVmVFw1VZW6gT8" ,
2022-07-06 23:19:05 +02:00
} ,
ExpectedStatus : 200 ,
ExpectedContent : [ ] string {
2022-10-30 10:28:14 +02:00
` "id":"sbmbsdb40jyxf7h" ` ,
2022-07-06 23:19:05 +02:00
` "email":"test2@example.com" ` ,
` "avatar":2 ` ,
} ,
ExpectedEvents : map [ string ] int {
"OnModelBeforeUpdate" : 1 ,
"OnModelAfterUpdate" : 1 ,
"OnAdminBeforeUpdateRequest" : 1 ,
"OnAdminAfterUpdateRequest" : 1 ,
} ,
} ,
{
Name : "authorized as admin + invalid formatted data" ,
Method : http . MethodPatch ,
2022-10-30 10:28:14 +02:00
Url : "/api/admins/sbmbsdb40jyxf7h" ,
2022-07-06 23:19:05 +02:00
Body : strings . NewReader ( ` { ` ) ,
RequestHeaders : map [ string ] string {
2022-10-30 10:28:14 +02:00
"Authorization" : "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6InN5d2JoZWNuaDQ2cmhtMCIsInR5cGUiOiJhZG1pbiIsImV4cCI6MjIwODk4NTI2MX0.M1m--VOqGyv0d23eeUc0r9xE8ZzHaYVmVFw1VZW6gT8" ,
2022-07-06 23:19:05 +02:00
} ,
ExpectedStatus : 400 ,
ExpectedContent : [ ] string { ` "data": { } ` } ,
} ,
{
Name : "authorized as admin + invalid data" ,
Method : http . MethodPatch ,
2022-10-30 10:28:14 +02:00
Url : "/api/admins/sbmbsdb40jyxf7h" ,
Body : strings . NewReader ( ` {
"email" : "test@example.com" ,
"password" : "1234" ,
"passwordConfirm" : "4321" ,
"avatar" : 99
} ` ) ,
2022-07-06 23:19:05 +02:00
RequestHeaders : map [ string ] string {
2022-10-30 10:28:14 +02:00
"Authorization" : "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6InN5d2JoZWNuaDQ2cmhtMCIsInR5cGUiOiJhZG1pbiIsImV4cCI6MjIwODk4NTI2MX0.M1m--VOqGyv0d23eeUc0r9xE8ZzHaYVmVFw1VZW6gT8" ,
} ,
ExpectedStatus : 400 ,
ExpectedContent : [ ] string {
` "data": { ` ,
` "avatar": { "code":"validation_max_less_equal_than_required" ` ,
` "email": { "code":"validation_admin_email_exists" ` ,
` "password": { "code":"validation_length_out_of_range" ` ,
` "passwordConfirm": { "code":"validation_values_mismatch" ` ,
2022-07-06 23:19:05 +02:00
} ,
} ,
{
Method : http . MethodPatch ,
2022-10-30 10:28:14 +02:00
Url : "/api/admins/sbmbsdb40jyxf7h" ,
Body : strings . NewReader ( ` {
"email" : "testnew@example.com" ,
"password" : "1234567891" ,
"passwordConfirm" : "1234567891" ,
"avatar" : 5
} ` ) ,
2022-07-06 23:19:05 +02:00
RequestHeaders : map [ string ] string {
2022-10-30 10:28:14 +02:00
"Authorization" : "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6InN5d2JoZWNuaDQ2cmhtMCIsInR5cGUiOiJhZG1pbiIsImV4cCI6MjIwODk4NTI2MX0.M1m--VOqGyv0d23eeUc0r9xE8ZzHaYVmVFw1VZW6gT8" ,
2022-07-06 23:19:05 +02:00
} ,
ExpectedStatus : 200 ,
ExpectedContent : [ ] string {
2022-10-30 10:28:14 +02:00
` "id":"sbmbsdb40jyxf7h" ` ,
2022-07-06 23:19:05 +02:00
` "email":"testnew@example.com" ` ,
` "avatar":5 ` ,
} ,
2022-10-30 10:28:14 +02:00
NotExpectedContent : [ ] string {
` "password" ` ,
` "passwordConfirm" ` ,
` "tokenKey" ` ,
` "passwordHash" ` ,
} ,
2022-07-06 23:19:05 +02:00
ExpectedEvents : map [ string ] int {
"OnModelBeforeUpdate" : 1 ,
"OnModelAfterUpdate" : 1 ,
"OnAdminBeforeUpdateRequest" : 1 ,
"OnAdminAfterUpdateRequest" : 1 ,
} ,
} ,
}
for _ , scenario := range scenarios {
scenario . Test ( t )
}
}
