mirror of
https://github.com/pocketbase/pocketbase.git
synced 2025-02-15 09:12:58 +02:00
163 lines
5.6 KiB
Go
163 lines
5.6 KiB
Go
package apis_test
|
|
|
|
import (
|
|
"net/http"
|
|
"strings"
|
|
"testing"
|
|
"time"
|
|
|
|
"github.com/pocketbase/pocketbase/core"
|
|
"github.com/pocketbase/pocketbase/tests"
|
|
)
|
|
|
|
func TestRecordRequestVerification(t *testing.T) {
|
|
t.Parallel()
|
|
|
|
scenarios := []tests.ApiScenario{
|
|
{
|
|
Name: "not an auth collection",
|
|
Method: http.MethodPost,
|
|
URL: "/api/collections/demo1/request-verification",
|
|
Body: strings.NewReader(``),
|
|
ExpectedStatus: 404,
|
|
ExpectedContent: []string{`"data":{}`},
|
|
ExpectedEvents: map[string]int{"*": 0},
|
|
},
|
|
{
|
|
Name: "empty data",
|
|
Method: http.MethodPost,
|
|
URL: "/api/collections/users/request-verification",
|
|
Body: strings.NewReader(``),
|
|
ExpectedStatus: 400,
|
|
ExpectedContent: []string{`"data":{"email":{"code":"validation_required","message":"Cannot be blank."}}`},
|
|
ExpectedEvents: map[string]int{"*": 0},
|
|
},
|
|
{
|
|
Name: "invalid data",
|
|
Method: http.MethodPost,
|
|
URL: "/api/collections/users/request-verification",
|
|
Body: strings.NewReader(`{"email`),
|
|
ExpectedStatus: 400,
|
|
ExpectedContent: []string{`"data":{}`},
|
|
ExpectedEvents: map[string]int{"*": 0},
|
|
},
|
|
{
|
|
Name: "missing auth record",
|
|
Method: http.MethodPost,
|
|
URL: "/api/collections/users/request-verification",
|
|
Body: strings.NewReader(`{"email":"missing@example.com"}`),
|
|
Delay: 100 * time.Millisecond,
|
|
ExpectedStatus: 204,
|
|
ExpectedEvents: map[string]int{"*": 0},
|
|
AfterTestFunc: func(t testing.TB, app *tests.TestApp, res *http.Response) {
|
|
if app.TestMailer.TotalSend() != 0 {
|
|
t.Fatalf("Expected zero emails, got %d", app.TestMailer.TotalSend())
|
|
}
|
|
},
|
|
},
|
|
{
|
|
Name: "already verified auth record",
|
|
Method: http.MethodPost,
|
|
URL: "/api/collections/users/request-verification",
|
|
Body: strings.NewReader(`{"email":"test2@example.com"}`),
|
|
Delay: 100 * time.Millisecond,
|
|
ExpectedStatus: 204,
|
|
ExpectedEvents: map[string]int{
|
|
"*": 0,
|
|
"OnRecordRequestVerificationRequest": 1,
|
|
},
|
|
AfterTestFunc: func(t testing.TB, app *tests.TestApp, res *http.Response) {
|
|
if app.TestMailer.TotalSend() != 0 {
|
|
t.Fatalf("Expected zero emails, got %d", app.TestMailer.TotalSend())
|
|
}
|
|
},
|
|
},
|
|
{
|
|
Name: "existing auth record",
|
|
Method: http.MethodPost,
|
|
URL: "/api/collections/users/request-verification",
|
|
Body: strings.NewReader(`{"email":"test@example.com"}`),
|
|
Delay: 100 * time.Millisecond,
|
|
ExpectedStatus: 204,
|
|
ExpectedEvents: map[string]int{
|
|
"*": 0,
|
|
"OnRecordRequestVerificationRequest": 1,
|
|
"OnMailerSend": 1,
|
|
"OnMailerRecordVerificationSend": 1,
|
|
},
|
|
AfterTestFunc: func(t testing.TB, app *tests.TestApp, res *http.Response) {
|
|
if !strings.Contains(app.TestMailer.LastMessage().HTML, "/auth/confirm-verification") {
|
|
t.Fatalf("Expected verification email, got\n%v", app.TestMailer.LastMessage().HTML)
|
|
}
|
|
},
|
|
},
|
|
{
|
|
Name: "existing auth record (after already sent)",
|
|
Method: http.MethodPost,
|
|
URL: "/api/collections/users/request-verification",
|
|
Body: strings.NewReader(`{"email":"test@example.com"}`),
|
|
Delay: 100 * time.Millisecond,
|
|
ExpectedStatus: 204,
|
|
ExpectedEvents: map[string]int{
|
|
"*": 0,
|
|
// terminated before firing the event
|
|
// "OnRecordRequestVerificationRequest": 1,
|
|
},
|
|
BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) {
|
|
// simulate recent verification sent
|
|
authRecord, err := app.FindFirstRecordByData("users", "email", "test@example.com")
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
resendKey := "@limitVerificationEmail_" + authRecord.Collection().Id + authRecord.Id
|
|
app.Store().Set(resendKey, struct{}{})
|
|
},
|
|
AfterTestFunc: func(t testing.TB, app *tests.TestApp, res *http.Response) {
|
|
if app.TestMailer.TotalSend() != 0 {
|
|
t.Fatalf("Expected zero emails, got %d", app.TestMailer.TotalSend())
|
|
}
|
|
},
|
|
},
|
|
|
|
// rate limit checks
|
|
// -----------------------------------------------------------
|
|
{
|
|
Name: "RateLimit rule - users:requestVerification",
|
|
Method: http.MethodPost,
|
|
URL: "/api/collections/users/request-verification",
|
|
Body: strings.NewReader(`{"email":"test@example.com"}`),
|
|
BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) {
|
|
app.Settings().RateLimits.Enabled = true
|
|
app.Settings().RateLimits.Rules = []core.RateLimitRule{
|
|
{MaxRequests: 100, Label: "abc"},
|
|
{MaxRequests: 100, Label: "*:requestVerification"},
|
|
{MaxRequests: 0, Label: "users:requestVerification"},
|
|
}
|
|
},
|
|
ExpectedStatus: 429,
|
|
ExpectedContent: []string{`"data":{}`},
|
|
ExpectedEvents: map[string]int{"*": 0},
|
|
},
|
|
{
|
|
Name: "RateLimit rule - *:requestVerification",
|
|
Method: http.MethodPost,
|
|
URL: "/api/collections/users/request-verification",
|
|
Body: strings.NewReader(`{"email":"test@example.com"}`),
|
|
BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) {
|
|
app.Settings().RateLimits.Enabled = true
|
|
app.Settings().RateLimits.Rules = []core.RateLimitRule{
|
|
{MaxRequests: 100, Label: "abc"},
|
|
{MaxRequests: 0, Label: "*:requestVerification"},
|
|
}
|
|
},
|
|
ExpectedStatus: 429,
|
|
ExpectedContent: []string{`"data":{}`},
|
|
ExpectedEvents: map[string]int{"*": 0},
|
|
},
|
|
}
|
|
|
|
for _, scenario := range scenarios {
|
|
scenario.Test(t)
|
|
}
|
|
}
|