From b61f3063d973718b5e6ee260e20b51e26c524312 Mon Sep 17 00:00:00 2001
From: graciousgrey <theresagresch@gmail.com>
Date: Fri, 2 May 2025 18:39:40 +0200
Subject: [PATCH] Tests: Add unit tests #4973

---
 internal/api/links_test.go               | 60 +++++++++++++++++++++++-
 internal/entity/auth_session_fixtures.go | 34 +++++++++++++-
 internal/entity/auth_user_fixtures.go    | 15 ++++++
 internal/entity/password_fixtures.go     |  1 +
 internal/entity/query/users_test.go      | 12 ++---
 5 files changed, 114 insertions(+), 8 deletions(-)

diff --git a/internal/api/links_test.go b/internal/api/links_test.go
index efb961e16..d26fa5304 100644
--- a/internal/api/links_test.go
+++ b/internal/api/links_test.go
@@ -35,7 +35,7 @@ func TestCreateAlbumLink(t *testing.T) {
 		assert.NotEmpty(t, link.LinkToken)
 		assert.Equal(t, 0, link.LinkExpires)
 	})
-	t.Run("UserPassword", func(t *testing.T) {
+	t.Run("UserPasswordAdmin", func(t *testing.T) {
 		app, router, conf := NewApiTest()
 		conf.SetAuthMode(config.AuthModePasswd)
 		defer conf.SetAuthMode(config.AuthModePublic)
@@ -61,6 +61,24 @@ func TestCreateAlbumLink(t *testing.T) {
 		assert.NotEmpty(t, link.LinkToken)
 		assert.Equal(t, 0, link.LinkExpires)
 	})
+	t.Run("UserPasswordGuest", func(t *testing.T) {
+		app, router, conf := NewApiTest()
+		conf.SetAuthMode(config.AuthModePasswd)
+		defer conf.SetAuthMode(config.AuthModePublic)
+		UpdateUser(router)
+		sessId := AuthenticateUser(app, router, "gandalf", "Gandalf123!")
+
+		CreateAlbumLink(router)
+
+		resp := AuthenticatedRequestWithBody(app, "POST", "/api/v1/albums/as6sg6bxpogaaba7/links", `{"Password": "foobar", "Expires": 0, "CanEdit": true}`, sessId)
+
+		if resp.Code != http.StatusForbidden {
+			t.Fatal(resp.Body.String())
+		}
+
+		val := gjson.Get(resp.Body.String(), "error")
+		assert.Equal(t, "Permission denied", val.String())
+	})
 	t.Run("AliceAppPassword", func(t *testing.T) {
 		app, router, conf := NewApiTest()
 		conf.SetAuthMode(config.AuthModePasswd)
@@ -85,6 +103,30 @@ func TestCreateAlbumLink(t *testing.T) {
 		assert.NotEmpty(t, link.LinkToken)
 		assert.Equal(t, 0, link.LinkExpires)
 	})
+	t.Run("UlfAppPassword", func(t *testing.T) {
+		app, router, conf := NewApiTest()
+		conf.SetAuthMode(config.AuthModePasswd)
+		defer conf.SetAuthMode(config.AuthModePublic)
+
+		var link entity.Link
+
+		CreateAlbumLink(router)
+
+		resp := AuthenticatedRequestWithBody(app, "POST", "/api/v1/albums/as6sg6bxpogaaba7/links", `{"Password": "foobar", "Expires": 0, "CanEdit": true}`, "zlbkWC-vL4ORw-MvpDD7-mHrPW6")
+
+		if resp.Code != http.StatusOK {
+			t.Fatal(resp.Body.String())
+		}
+
+		if err := json.Unmarshal(resp.Body.Bytes(), &link); err != nil {
+			t.Fatal(err)
+		}
+
+		assert.NotEmpty(t, link.LinkUID)
+		assert.NotEmpty(t, link.ShareUID)
+		assert.NotEmpty(t, link.LinkToken)
+		assert.Equal(t, 0, link.LinkExpires)
+	})
 	t.Run("AliceAppPasswordWebdav", func(t *testing.T) {
 		app, router, conf := NewApiTest()
 		conf.SetAuthMode(config.AuthModePasswd)
@@ -101,6 +143,22 @@ func TestCreateAlbumLink(t *testing.T) {
 		val := gjson.Get(resp.Body.String(), "error")
 		assert.Equal(t, "Permission denied", val.String())
 	})
+	t.Run("GandalfAppPasswordFullAccess", func(t *testing.T) {
+		app, router, conf := NewApiTest()
+		conf.SetAuthMode(config.AuthModePasswd)
+		defer conf.SetAuthMode(config.AuthModePublic)
+
+		CreateAlbumLink(router)
+
+		resp := AuthenticatedRequestWithBody(app, "POST", "/api/v1/albums/as6sg6bxpogaaba7/links", `{"Password": "foobar", "Expires": 0, "CanEdit": true}`, "5hKyGD-FZUP9p-z8dYit-SYhkGI")
+
+		if resp.Code != http.StatusForbidden {
+			t.Fatal(resp.Body.String())
+		}
+
+		val := gjson.Get(resp.Body.String(), "error")
+		assert.Equal(t, "Permission denied", val.String())
+	})
 	t.Run("AccessToken", func(t *testing.T) {
 		app, router, conf := NewApiTest()
 		conf.SetAuthMode(config.AuthModePasswd)
diff --git a/internal/entity/auth_session_fixtures.go b/internal/entity/auth_session_fixtures.go
index ab7d556fe..630ff43d5 100644
--- a/internal/entity/auth_session_fixtures.go
+++ b/internal/entity/auth_session_fixtures.go
@@ -305,7 +305,7 @@ var SessionFixtures = SessionMap{
 	"alice_app_password_webdav": {
 		authToken:    "v2wS72-OkqEzm-MQ63Z2-TEhU0w",
 		ID:           rnd.SessionID("v2wS72-OkqEzm-MQ63Z2-TEhU0w"),
-		RefID:        "sessgh6gjhe8",
+		RefID:        "sessgh6gjnw5",
 		SessTimeout:  0,
 		SessExpires:  unix.Now() + unix.Day,
 		AuthScope:    clean.Scope("webdav"),
@@ -318,6 +318,38 @@ var SessionFixtures = SessionMap{
 		UserUID:      UserFixtures.Pointer("alice").UserUID,
 		UserName:     UserFixtures.Pointer("alice").UserName,
 	},
+	"alice_app_password_shares": {
+		authToken:    "zlbkWC-vL4ORw-MvpDD7-mHrPW6",
+		ID:           rnd.SessionID("zlbkWC-vL4ORw-MvpDD7-mHrPW6"),
+		RefID:        "sessgh6gjjz4",
+		SessTimeout:  0,
+		SessExpires:  unix.Now() + unix.Day,
+		AuthScope:    clean.Scope("albums shares"),
+		AuthProvider: authn.ProviderApplication.String(),
+		AuthMethod:   authn.MethodDefault.String(),
+		GrantType:    authn.GrantPassword.String(),
+		ClientUID:    "",
+		ClientName:   "shares-alice",
+		user:         UserFixtures.Pointer("alice"),
+		UserUID:      UserFixtures.Pointer("alice").UserUID,
+		UserName:     UserFixtures.Pointer("alice").UserName,
+	},
+	"gandalf_app_password_full_access": {
+		authToken:    "5hKyGD-FZUP9p-z8dYit-SYhkGI",
+		ID:           rnd.SessionID("5hKyGD-FZUP9p-z8dYit-SYhkGI"),
+		RefID:        "sessgh6gjjc1",
+		SessTimeout:  0,
+		SessExpires:  unix.Now() + unix.Day,
+		AuthScope:    clean.Scope("*"),
+		AuthProvider: authn.ProviderApplication.String(),
+		AuthMethod:   authn.MethodDefault.String(),
+		GrantType:    authn.GrantPassword.String(),
+		ClientUID:    "",
+		ClientName:   "full-access-gandalf",
+		user:         UserFixtures.Pointer("gandalf"),
+		UserUID:      UserFixtures.Pointer("gandalf").UserUID,
+		UserName:     UserFixtures.Pointer("gandalf").UserName,
+	},
 }
 
 // CreateSessionFixtures inserts known entities into the database for testing.
diff --git a/internal/entity/auth_user_fixtures.go b/internal/entity/auth_user_fixtures.go
index 1e8e6e71d..958842905 100644
--- a/internal/entity/auth_user_fixtures.go
+++ b/internal/entity/auth_user_fixtures.go
@@ -276,6 +276,21 @@ var UserFixtures = UserMap{
 			UITimeZone:  "UTC",
 		},
 	},
+	"gandalf": {
+		ID:           10000028,
+		UserUID:      "uqxetse3cy5eu3r0",
+		UserName:     "gandalf",
+		DisplayName:  "Gandalf",
+		UserEmail:    "gandalf@example.com",
+		UserRole:     acl.RoleGuest.String(),
+		AuthProvider: authn.ProviderLocal.String(),
+		AuthMethod:   authn.MethodDefault.String(),
+		SuperAdmin:   false,
+		CanLogin:     true,
+		WebDAV:       false,
+		CanInvite:    false,
+		InviteToken:  "",
+	},
 }
 
 // CreateUserFixtures creates the user fixtures specified above
diff --git a/internal/entity/password_fixtures.go b/internal/entity/password_fixtures.go
index edb74929f..557bea6a6 100644
--- a/internal/entity/password_fixtures.go
+++ b/internal/entity/password_fixtures.go
@@ -28,6 +28,7 @@ var PasswordFixtures = PasswordMap{
 	"metrics":       NewPassword("cs5cpu17n6gj2qo5", "xcCbOrw6I0vcoXzhnOmXhjpVSyFq0l0e", false),
 	"no_local_auth": NewPassword("usg73p55zwgr1ytr", "None123!", false),
 	"2fa":           NewPassword("usg73p55zwgr1ojy", "2fa-123!", false),
+	"gandalf":       NewPassword("uqxetse3cy5eu3r0", "Gandalf123!", false),
 }
 
 // CreatePasswordFixtures inserts known entities into the database for testing.
diff --git a/internal/entity/query/users_test.go b/internal/entity/query/users_test.go
index 86d421106..290d0b6a8 100644
--- a/internal/entity/query/users_test.go
+++ b/internal/entity/query/users_test.go
@@ -21,25 +21,25 @@ func TestRegisteredUsers(t *testing.T) {
 
 func TestCountUsers(t *testing.T) {
 	t.Run("All", func(t *testing.T) {
-		assert.LessOrEqual(t, CountUsers(false, false, nil, nil), 12)
+		assert.LessOrEqual(t, CountUsers(false, false, nil, nil), 14)
 	})
 	t.Run("Registered", func(t *testing.T) {
-		assert.LessOrEqual(t, CountUsers(true, false, nil, nil), 10)
+		assert.LessOrEqual(t, CountUsers(true, false, nil, nil), 12)
 	})
 	t.Run("Active", func(t *testing.T) {
-		assert.LessOrEqual(t, CountUsers(false, true, nil, nil), 10)
+		assert.LessOrEqual(t, CountUsers(false, true, nil, nil), 12)
 	})
 	t.Run("RegisteredActive", func(t *testing.T) {
-		assert.LessOrEqual(t, CountUsers(true, true, nil, nil), 10)
+		assert.LessOrEqual(t, CountUsers(true, true, nil, nil), 12)
 	})
 	t.Run("Admins", func(t *testing.T) {
 		assert.LessOrEqual(t, CountUsers(true, true, []string{"admin"}, nil), 7)
 	})
 	t.Run("NoAdmins", func(t *testing.T) {
-		assert.LessOrEqual(t, CountUsers(true, true, []string{}, []string{"admin"}), 3)
+		assert.LessOrEqual(t, CountUsers(true, true, []string{}, []string{"admin"}), 5)
 	})
 	t.Run("Guests", func(t *testing.T) {
-		assert.LessOrEqual(t, CountUsers(true, true, []string{"guest"}, nil), 2)
+		assert.LessOrEqual(t, CountUsers(true, true, []string{"guest"}, nil), 3)
 	})
 }