Tests: Add unit tests

2025-12-12 00:34:13 +01:00 · 2024-03-28 13:17:32 +01:00
parent afe6337bb5
commit d76f0e361e
2 changed files with 141 additions and 5 deletions
--- a/internal/api/users_password_test.go
+++ b/internal/api/users_password_test.go
@@ -12,13 +12,45 @@ import (
 )

 func TestChangePassword(t *testing.T) {
-	t.Run("NonExistentUser", func(t *testing.T) {
+	t.Run("PublicMode", func(t *testing.T) {
 		app, router, _ := NewApiTest()
 		UpdateUserPassword(router)
 		r := PerformRequestWithBody(app, "PUT", "/api/v1/users/xxx/password", `{}`)
 		assert.Equal(t, http.StatusForbidden, r.Code)
 	})

+	t.Run("Unauthorized", func(t *testing.T) {
+		app, router, conf := NewApiTest()
+		conf.SetAuthMode(config.AuthModePasswd)
+		defer conf.SetAuthMode(config.AuthModePublic)
+		UpdateUserPassword(router)
+		sessId := AuthenticateUser(app, router, "jens.mander", "Alice123!")
+
+		f := form.ChangePassword{
+			OldPassword: "Alice123!",
+			NewPassword: "aliceinwonderland",
+		}
+		if pwStr, err := json.Marshal(f); err != nil {
+			log.Fatal(err)
+		} else {
+			r := AuthenticatedRequestWithBody(app, "PUT", "/api/v1/users/uqxetse3cy5eo9z2/password",
+				string(pwStr), sessId)
+			assert.Equal(t, http.StatusUnauthorized, r.Code)
+		}
+	})
+
+	t.Run("InvalidRequestBody", func(t *testing.T) {
+		app, router, conf := NewApiTest()
+		conf.SetAuthMode(config.AuthModePasswd)
+		defer conf.SetAuthMode(config.AuthModePublic)
+		UpdateUserPassword(router)
+		sessId := AuthenticateUser(app, router, "alice", "Alice123!")
+
+		r := AuthenticatedRequestWithBody(app, "PUT", "/api/v1/users/uqxetse3cy5eo9z2/password",
+			"{OldPassword: old}", sessId)
+		assert.Equal(t, http.StatusBadRequest, r.Code)
+	})
+
 	t.Run("AliceProvidesWrongPassword", func(t *testing.T) {
 		app, router, conf := NewApiTest()
 		conf.SetAuthMode(config.AuthModePasswd)
--- a/internal/api/users_update_test.go
+++ b/internal/api/users_update_test.go
@@ -1,18 +1,19 @@
 package api

 import (
+	"encoding/json"
 	"fmt"
 	"net/http"
 	"testing"

-	"github.com/stretchr/testify/assert"
-
 	"github.com/photoprism/photoprism/internal/config"
 	"github.com/photoprism/photoprism/internal/entity"
+	"github.com/photoprism/photoprism/internal/form"
+	"github.com/stretchr/testify/assert"
 )

 func TestUpdateUser(t *testing.T) {
-	t.Run("Alice", func(t *testing.T) {
+	t.Run("InvalidRequestBody", func(t *testing.T) {
 		app, router, conf := NewApiTest()
 		conf.SetAuthMode(config.AuthModePasswd)
 		defer conf.SetAuthMode(config.AuthModePublic)
@@ -25,7 +26,7 @@ func TestUpdateUser(t *testing.T) {
 		assert.Equal(t, http.StatusBadRequest, r.Code)
 	})

-	t.Run("Forbidden", func(t *testing.T) {
+	t.Run("PublicMode", func(t *testing.T) {
 		app, router, _ := NewApiTest()
 		adminUid := entity.Admin.UserUID
 		reqUrl := fmt.Sprintf("/api/v1/users/%s", adminUid)
@@ -33,4 +34,107 @@ func TestUpdateUser(t *testing.T) {
 		r := PerformRequestWithBody(app, "PUT", reqUrl, "{foo:123}")
 		assert.Equal(t, http.StatusForbidden, r.Code)
 	})
+
+	t.Run("Unauthorized", func(t *testing.T) {
+		app, router, conf := NewApiTest()
+		conf.SetAuthMode(config.AuthModePasswd)
+		defer conf.SetAuthMode(config.AuthModePublic)
+		UpdateUser(router)
+		sessId := AuthenticateUser(app, router, "jens.mander", "Alice123!")
+
+		f := form.User{
+			DisplayName: "New Name",
+		}
+
+		if userForm, err := json.Marshal(f); err != nil {
+			log.Fatal(err)
+		} else {
+			r := AuthenticatedRequestWithBody(app, "PUT", "/api/v1/users/uqxetse3cy5eo9z2",
+				string(userForm), sessId)
+			assert.Equal(t, http.StatusUnauthorized, r.Code)
+		}
+	})
+
+	t.Run("AliceChangeOwn", func(t *testing.T) {
+		app, router, conf := NewApiTest()
+		conf.SetAuthMode(config.AuthModePasswd)
+		defer conf.SetAuthMode(config.AuthModePublic)
+		UpdateUser(router)
+		sessId := AuthenticateUser(app, router, "alice", "Alice123!")
+
+		f := form.User{
+			DisplayName: "Alicia",
+		}
+
+		if userForm, err := json.Marshal(f); err != nil {
+			log.Fatal(err)
+		} else {
+			r := AuthenticatedRequestWithBody(app, "PUT", "/api/v1/users/uqxetse3cy5eo9z2",
+				string(userForm), sessId)
+			assert.Equal(t, http.StatusOK, r.Code)
+			assert.Contains(t, r.Body.String(), "\"DisplayName\":\"Alicia\"")
+		}
+	})
+
+	t.Run("AliceChangeBob", func(t *testing.T) {
+		app, router, conf := NewApiTest()
+		conf.SetAuthMode(config.AuthModePasswd)
+		defer conf.SetAuthMode(config.AuthModePublic)
+		UpdateUser(router)
+		sessId := AuthenticateUser(app, router, "alice", "Alice123!")
+
+		f := form.User{
+			DisplayName: "Bobby",
+		}
+
+		if userForm, err := json.Marshal(f); err != nil {
+			log.Fatal(err)
+		} else {
+			r := AuthenticatedRequestWithBody(app, "PUT", "/api/v1/users/uqxc08w3d0ej2283",
+				string(userForm), sessId)
+			assert.Equal(t, http.StatusOK, r.Code)
+			assert.Contains(t, r.Body.String(), "\"DisplayName\":\"Bobby\"")
+		}
+	})
+
+	t.Run("BobChangeOwn", func(t *testing.T) {
+		app, router, conf := NewApiTest()
+		conf.SetAuthMode(config.AuthModePasswd)
+		defer conf.SetAuthMode(config.AuthModePublic)
+		UpdateUser(router)
+		sessId := AuthenticateUser(app, router, "bob", "Bobbob123!")
+
+		f := form.User{
+			DisplayName: "Bobo",
+		}
+
+		if userForm, err := json.Marshal(f); err != nil {
+			log.Fatal(err)
+		} else {
+			r := AuthenticatedRequestWithBody(app, "PUT", "/api/v1/users/uqxc08w3d0ej2283",
+				string(userForm), sessId)
+			assert.Equal(t, http.StatusOK, r.Code)
+			assert.Contains(t, r.Body.String(), "\"DisplayName\":\"Bobo\"")
+		}
+	})
+
+	t.Run("UserNotFound", func(t *testing.T) {
+		app, router, conf := NewApiTest()
+		conf.SetAuthMode(config.AuthModePasswd)
+		defer conf.SetAuthMode(config.AuthModePublic)
+		UpdateUser(router)
+		sessId := AuthenticateUser(app, router, "alice", "Alice123!")
+
+		f := form.User{
+			DisplayName: "Bobby",
+		}
+
+		if userForm, err := json.Marshal(f); err != nil {
+			log.Fatal(err)
+		} else {
+			r := AuthenticatedRequestWithBody(app, "PUT", "/api/v1/users/uqxc08w3d0ej2555",
+				string(userForm), sessId)
+			assert.Equal(t, http.StatusNotFound, r.Code)
+		}
+	})
 }