Tests: Add unit tests

internal/commands/passwd_test.go

@@ -0,0 +1,52 @@
+package commands
+
+import (
+	"github.com/photoprism/photoprism/pkg/capture"
+	"github.com/stretchr/testify/assert"
+	"testing"
+)
+
+func TestPasswdCommand(t *testing.T) {
+	t.Run("UserNotFound", func(t *testing.T) {
+		var err error
+
+		ctx := NewTestContext([]string{"passwd", "--show", "mila"})
+
+		// Run command with test context.
+		output := capture.Output(func() {
+			err = PasswdCommand.Run(ctx)
+		})
+
+		// Check command output for plausibility.
+		assert.Error(t, err)
+		assert.Empty(t, output)
+	})
+	t.Run("DeletedUser", func(t *testing.T) {
+		var err error
+
+		ctx := NewTestContext([]string{"passwd", "--show", "uqxqg7i1kperxvu8"})
+
+		// Run command with test context.
+		output := capture.Output(func() {
+			err = PasswdCommand.Run(ctx)
+		})
+
+		// Check command output for plausibility.
+		assert.Error(t, err)
+		assert.Empty(t, output)
+	})
+	t.Run("DeletePassword", func(t *testing.T) {
+		var err error
+
+		ctx := NewTestContext([]string{"passwd", "--rm", "no_local_auth"})
+
+		// Run command with test context.
+		output := capture.Output(func() {
+			err = PasswdCommand.Run(ctx)
+		})
+
+		// Check command output for plausibility.
+		assert.NoError(t, err)
+		assert.Empty(t, output)
+	})
+}

internal/entity/auth_session_login_test.go

@@ -342,6 +342,26 @@ func TestAuthLocal(t *testing.T) {
 			assert.Equal(t, method, authn.MethodUndefined)
 		}
 	})
+	t.Run("None", func(t *testing.T) {
+		m := FindSessionByRefID("sessxkkcaert")
+		u := FindUserByName("no_local_auth")
+
+		// Create test request form.
+		frm := form.Login{
+			Username: "no_local_auth",
+			Password: "None123!",
+		}
+
+		// Create test request context.
+		c, _ := gin.CreateTestContext(httptest.NewRecorder())
+		c.Request = httptest.NewRequest(http.MethodPost, "/api/v1/session", form.AsReader(frm))
+		c.Request.RemoteAddr = "1.2.3.4"
+
+		// Check authentication result.
+		provider, _, err := AuthLocal(u, frm, m, c)
+		assert.Error(t, err)
+		assert.Equal(t, provider, authn.ProviderNone)
+	})
 }
 
 func TestSessionLogIn(t *testing.T) {

internal/entity/auth_user_test.go

@@ -1003,17 +1003,43 @@ func TestAddUser(t *testing.T) {
 		err := AddUser(u)
 		assert.Error(t, err)
 	})
-	t.Run("Valid", func(t *testing.T) {
+	t.Run("ValidLocalUser", func(t *testing.T) {
 		u := form.User{
 			UserName:     "thomas2",
 			UserEmail:    "thomas2@example.com",
 			Password:     "helloworld",
 			UserRole:     acl.RoleAdmin.String(),
+			AuthProvider: "local",
 		}
 
 		err := AddUser(u)
 		assert.Nil(t, err)
 	})
+	t.Run("ValidOidcUser", func(t *testing.T) {
+		u := form.User{
+			UserName:     "thomasoidc",
+			UserEmail:    "thomasoidc@example.com",
+			Password:     "helloworld",
+			UserRole:     acl.RoleAdmin.String(),
+			AuthProvider: "oidc",
+			AuthID:       "12378696",
+		}
+
+		err := AddUser(u)
+		assert.Nil(t, err)
+	})
+	t.Run("AuthIDMissing", func(t *testing.T) {
+		u := form.User{
+			UserName:     "thomasoidc",
+			UserEmail:    "thomasoidc@example.com",
+			Password:     "helloworld",
+			UserRole:     acl.RoleAdmin.String(),
+			AuthProvider: "oidc",
+		}
+
+		err := AddUser(u)
+		assert.Error(t, err)
+	})
 }
 
 func TestDeleteUser(t *testing.T) {
@@ -1348,7 +1374,7 @@ func TestUser_SaveForm(t *testing.T) {
 		assert.Equal(t, "admin@example.com", m.UserEmail)
 		assert.Equal(t, "GoLand", m.Details().UserLocation)
 	})
-	t.Run("Change display name", func(t *testing.T) {
+	t.Run("ChangeDisplayName", func(t *testing.T) {
 		m := FindUser(Admin)
 
 		if m == nil {
@@ -1370,7 +1396,7 @@ func TestUser_SaveForm(t *testing.T) {
 		m = FindUserByUID(Admin.UserUID)
 		assert.Equal(t, "New Name", m.DisplayName)
 	})
-	t.Run("Prevent log out initial admin", func(t *testing.T) {
+	t.Run("PreventDisableLoginForInitialAdmin", func(t *testing.T) {
 		m := FindUser(Admin)
 
 		if m == nil {
@@ -1392,6 +1418,74 @@ func TestUser_SaveForm(t *testing.T) {
 		m = FindUserByUID(Admin.UserUID)
 		assert.Equal(t, true, m.CanLogin)
 	})
+	t.Run("PreventInitialAdminFromDisablingOwnLogin", func(t *testing.T) {
+		m := FindUser(Admin)
+
+		if m == nil {
+			t.Fatal("result should not be nil")
+		}
+
+		frm, err := m.Form()
+
+		if err != nil {
+			t.Fatal(err)
+		}
+
+		frm.CanLogin = false
+		err = Admin.SaveForm(frm, &Admin)
+
+		assert.NoError(t, err)
+		assert.Equal(t, true, Admin.CanLogin)
+
+		m = FindUserByUID(Admin.UserUID)
+		assert.Equal(t, true, m.CanLogin)
+	})
+	t.Run("PreventInitialAdminFromSettingAuthProviderNone", func(t *testing.T) {
+		m := FindUser(Admin)
+
+		if m == nil {
+			t.Fatal("result should not be nil")
+		}
+
+		frm, err := m.Form()
+
+		if err != nil {
+			t.Fatal(err)
+		}
+
+		frm.AuthProvider = authn.ProviderNone.String()
+		err = Admin.SaveForm(frm, &Admin)
+
+		assert.NoError(t, err)
+		assert.Equal(t, "local", Admin.AuthProvider)
+
+		m = FindUserByUID(Admin.UserUID)
+		assert.Equal(t, "local", m.AuthProvider)
+	})
+	t.Run("PreventAdminFromSettingAuthProviderNone", func(t *testing.T) {
+		alice := UserFixtures.Get("alice")
+
+		m := FindUser(alice)
+
+		if m == nil {
+			t.Fatal("result should not be nil")
+		}
+
+		frm, err := m.Form()
+
+		if err != nil {
+			t.Fatal(err)
+		}
+
+		frm.AuthProvider = authn.ProviderNone.String()
+		err = alice.SaveForm(frm, &alice)
+
+		assert.NoError(t, err)
+		assert.Equal(t, "local", alice.AuthProvider)
+
+		m = FindUserByUID(alice.UserUID)
+		assert.Equal(t, "local", m.AuthProvider)
+	})
 	t.Run("AliceChangeAdminRights", func(t *testing.T) {
 		user := UserFixtures.Get("alice")
 		m := FindUser(user)
@@ -1425,7 +1519,7 @@ func TestUser_SaveForm(t *testing.T) {
 		assert.True(t, m.SuperAdmin)
 		assert.True(t, m.CanLogin)
 	})
-	t.Run("Try to change role of superadmin", func(t *testing.T) {
+	t.Run("TryToChangeRoleOfInitialAdmin", func(t *testing.T) {
 		m := FindUser(Admin)
 
 		if m == nil {
@@ -1447,7 +1541,7 @@ func TestUser_SaveForm(t *testing.T) {
 		m = FindUserByUID(Admin.UserUID)
 		assert.Equal(t, "admin", m.UserRole)
 	})
-	t.Run("Invalid base path", func(t *testing.T) {
+	t.Run("InvalidBasePath", func(t *testing.T) {
 		m := FindUser(Admin)
 
 		if m == nil {
@@ -1461,7 +1555,7 @@ func TestUser_SaveForm(t *testing.T) {
 		}
 
 		frm.BasePath = "//*?"
-		err = Admin.SaveForm(frm, nil)
+		err = Admin.SaveForm(frm, &Admin)
 
 		assert.Error(t, err)
 		assert.Equal(t, "invalid base folder", err.Error())
@@ -1469,7 +1563,7 @@ func TestUser_SaveForm(t *testing.T) {
 		m = FindUserByUID(Admin.UserUID)
 		assert.Equal(t, "", m.BasePath)
 	})
-	t.Run("Invalid upload path", func(t *testing.T) {
+	t.Run("InvalidUploadPath", func(t *testing.T) {
 		m := FindUser(Admin)
 
 		if m == nil {
@@ -1483,7 +1577,7 @@ func TestUser_SaveForm(t *testing.T) {
 		}
 
 		frm.UploadPath = "//*?"
-		err = Admin.SaveForm(frm, nil)
+		err = Admin.SaveForm(frm, &Admin)
 
 		assert.Error(t, err)
 		assert.Equal(t, "invalid upload folder", err.Error())
@@ -1661,7 +1755,7 @@ func TestUser_SetMethod(t *testing.T) {
 
 func TestUser_SetAuthID(t *testing.T) {
 	id := rnd.UUID()
-	issuer := "https://keycloak.localssl.dev/realms/master"
+	issuer := "http://dummy-oidc:9998"
 
 	t.Run("UUID", func(t *testing.T) {
 		m := UserFixtures.Get("guest")
@@ -1680,7 +1774,7 @@ func TestUser_SetAuthID(t *testing.T) {
 
 func TestUser_UpdateAuthID(t *testing.T) {
 	id := rnd.UUID()
-	issuer := "https://keycloak.localssl.dev/realms/master"
+	issuer := "http://dummy-oidc:9998"
 
 	t.Run("UUID", func(t *testing.T) {
 		m := UserFixtures.Get("friend")

internal/entity/passcode_fixtures.go

@@ -21,9 +21,11 @@ func (m PasscodeMap) Pointer(name string) *Passcode {
 var (
 	PasscodeFixtureAlice, _ = NewPasscode("uqxetse3cy5eo9z2", "otpauth://totp/PhotoPrism:alice?algorithm=SHA1&digits=6&issuer=PhotoPrism%20Pro&period=30&secret=LKBTPGHABW2BVQVIROIGFTLQV4IRBXMV", "0t37foocgp2w")
 	PasscodeFixtureJane, _  = NewPasscode("usamyuogp49vd4lh", "otpauth://totp/PhotoPrism:jane?algorithm=SHA1&digits=6&issuer=PhotoPrism%20Pro&period=30&secret=RUYYIDJZBJLKD6OL6WFBJO6PXEZOYIZW", "0wg68oc6jg92")
+	PasscodeFixture2FA, _   = NewPasscode("usg73p55zwgr1ojy", "otpauth://totp/PhotoPrism:2fa?algorithm=SHA1&digits=6&issuer=PhotoPrism%20Pro&period=30&secret=RUYYIDJZBJLKD6OL6WFBJO6PXEZOYUVW", "0wg68oc6jgo54")
 	PasscodeFixtures        = PasscodeMap{
 		"alice": *PasscodeFixtureAlice,
 		"jane":  *PasscodeFixtureJane,
+		"2fa":   *PasscodeFixture2FA,
 	}
 )
 

pkg/authn/providers_test.go

@@ -63,6 +63,18 @@ func TestProviderType_IsLocal(t *testing.T) {
 	assert.False(t, ProviderUndefined.IsLocal())
 }
 
+func TestProviderType_IsOIDC(t *testing.T) {
+	assert.False(t, ProviderLocal.IsOIDC())
+	assert.True(t, ProviderOIDC.IsOIDC())
+	assert.False(t, ProviderLDAP.IsOIDC())
+	assert.False(t, ProviderClient.IsOIDC())
+	assert.False(t, ProviderApplication.IsOIDC())
+	assert.False(t, ProviderAccessToken.IsOIDC())
+	assert.False(t, ProviderNone.IsOIDC())
+	assert.False(t, ProviderDefault.IsOIDC())
+	assert.False(t, ProviderUndefined.IsOIDC())
+}
+
 func TestProviderType_SupportsPasscode(t *testing.T) {
 	assert.True(t, ProviderLocal.SupportsPasscodeAuthentication())
 	assert.True(t, ProviderOIDC.SupportsPasscodeAuthentication())
@@ -75,6 +87,30 @@ func TestProviderType_SupportsPasscode(t *testing.T) {
 	assert.False(t, ProviderUndefined.SupportsPasscodeAuthentication())
 }
 
+func TestProviderType_RequiresLocalPassword(t *testing.T) {
+	assert.True(t, ProviderLocal.RequiresLocalPassword())
+	assert.False(t, ProviderOIDC.RequiresLocalPassword())
+	assert.False(t, ProviderLDAP.RequiresLocalPassword())
+	assert.False(t, ProviderClient.RequiresLocalPassword())
+	assert.False(t, ProviderApplication.RequiresLocalPassword())
+	assert.False(t, ProviderAccessToken.RequiresLocalPassword())
+	assert.False(t, ProviderNone.RequiresLocalPassword())
+	assert.True(t, ProviderDefault.RequiresLocalPassword())
+	assert.False(t, ProviderUndefined.RequiresLocalPassword())
+}
+
+func TestProviderType_SupportsPasswordAuthentication(t *testing.T) {
+	assert.True(t, ProviderLocal.SupportsPasswordAuthentication())
+	assert.False(t, ProviderOIDC.SupportsPasswordAuthentication())
+	assert.True(t, ProviderLDAP.SupportsPasswordAuthentication())
+	assert.False(t, ProviderClient.SupportsPasswordAuthentication())
+	assert.False(t, ProviderApplication.SupportsPasswordAuthentication())
+	assert.False(t, ProviderAccessToken.SupportsPasswordAuthentication())
+	assert.False(t, ProviderNone.SupportsPasswordAuthentication())
+	assert.True(t, ProviderDefault.SupportsPasswordAuthentication())
+	assert.False(t, ProviderUndefined.SupportsPasswordAuthentication())
+}
+
 func TestProviderType_IsDefault(t *testing.T) {
 	assert.False(t, ProviderLocal.IsDefault())
 	assert.False(t, ProviderOIDC.IsDefault())
@@ -126,10 +162,17 @@ func TestProvider(t *testing.T) {
 	assert.Equal(t, ProviderLDAP, Provider("ad"))
 	assert.Equal(t, ProviderDefault, Provider(""))
 	assert.Equal(t, ProviderLink, Provider("url"))
+	assert.Equal(t, ProviderApplication, Provider("app"))
 	assert.Equal(t, ProviderDefault, Provider("default"))
 	assert.Equal(t, ProviderClient, Provider("oauth2"))
 }
 
+func TestProviders(t *testing.T) {
+	types := Providers("pass, oidc")
+	assert.Equal(t, ProviderLocal, types[0])
+	assert.Equal(t, ProviderOIDC, types[1])
+}
+
 func TestProviderType_IsApplication(t *testing.T) {
 	assert.True(t, ProviderApplication.IsApplication())
 	assert.False(t, ProviderLocal.IsApplication())

pkg/rnd/token_test.go

@@ -85,12 +85,27 @@ func TestBase62(t *testing.T) {
 }
 
 func TestCharset(t *testing.T) {
+	t.Run("23", func(t *testing.T) {
 		s := Charset(23, CharsetBase62)
 		t.Logf("CharsetBase62 (23 chars): %s", s)
 		assert.NotEmpty(t, s)
 		assert.False(t, IsRefID(s))
 		assert.True(t, InvalidRefID(s))
 		assert.Equal(t, 23, len(s))
+	})
+	t.Run("0", func(t *testing.T) {
+		s := Charset(0, CharsetBase62)
+		t.Logf("CharsetBase62 (23 chars): %s", s)
+		assert.Empty(t, s)
+	})
+	t.Run("5000", func(t *testing.T) {
+		s := Charset(5000, CharsetBase62)
+		t.Logf("CharsetBase62 (23 chars): %s", s)
+		assert.NotEmpty(t, s)
+		assert.False(t, IsRefID(s))
+		assert.True(t, InvalidRefID(s))
+		assert.Equal(t, 4096, len(s))
+	})
 }
 
 func TestRandomToken(t *testing.T) {