photoprism/internal/api/user_password_test.go

package api

import (
	"encoding/json"
	"net/http"
	"testing"

	"github.com/photoprism/photoprism/internal/form"

	"github.com/stretchr/testify/assert"
)

func TestChangePassword(t *testing.T) {
	t.Run("not existing user", func(t *testing.T) {
		app, router, _ := NewApiTest()
		ChangePassword(router)
		r := PerformRequestWithBody(app, "PUT", "/api/v1/users/xxx/password", `{}`)
		assert.Equal(t, http.StatusForbidden, r.Code)
	})
}

func TestChangeUserPasswords(t *testing.T) {
	t.Run("alice: change password invalid", func(t *testing.T) {
		app, router, conf := NewApiTest()
		conf.SetPublic(false)
		defer conf.SetPublic(true)
		ChangePassword(router)
		sessId := AuthenticateUser(app, router, "alice", "Alice123!")

		f := form.ChangePassword{
			OldPassword: "someonewhoisntalice",
			NewPassword: "aliceinwonderland",
		}
		if pwStr, err := json.Marshal(f); err != nil {
			log.Fatal(err)
		} else {
			r := AuthenticatedRequestWithBody(app, "PUT", "/api/v1/users/uqxetse3cy5eo9z2/password",
				string(pwStr), sessId)
			assert.Equal(t, http.StatusBadRequest, r.Code)
		}
	})
	t.Run("alice: change password valid", func(t *testing.T) {
		app, router, conf := NewApiTest()
		conf.SetPublic(false)
		defer conf.SetPublic(true)
		ChangePassword(router)
		sessId := AuthenticateUser(app, router, "alice", "Alice123!")

		f := form.ChangePassword{
			OldPassword: "Alice123!",
			NewPassword: "aliceinwonderland",
		}
		if pwStr, err := json.Marshal(f); err != nil {
			log.Fatal(err)
		} else {
			r := AuthenticatedRequestWithBody(app, "PUT", "/api/v1/users/uqxetse3cy5eo9z2/password",
				string(pwStr), sessId)
			assert.Equal(t, http.StatusOK, r.Code)
		}
	})
	t.Run("alice as admin: change bob's password", func(t *testing.T) {
		app, router, conf := NewApiTest()
		conf.SetPublic(false)
		defer conf.SetPublic(true)
		ChangePassword(router)
		sessId := AuthenticateUser(app, router, "alice", "aliceinwonderland")

		f := form.ChangePassword{
			OldPassword: "Bobbob123!",
			NewPassword: "helloworld",
		}
		if pwStr, err := json.Marshal(f); err != nil {
			log.Fatal(err)
		} else {
			r := AuthenticatedRequestWithBody(app, "PUT", "/api/v1/users/uqxc08w3d0ej2283/password",
				string(pwStr), sessId)
			assert.Equal(t, http.StatusUnauthorized, r.Code)
		}
	})
	t.Run("bob: change wrong password", func(t *testing.T) {
		app, router, conf := NewApiTest()
		conf.SetPublic(false)
		defer conf.SetPublic(true)
		ChangePassword(router)
		sessId := AuthenticateUser(app, router, "bob", "Bobbob123!")

		f := form.ChangePassword{
			OldPassword: "helloworld",
			NewPassword: "Bobbob123!",
		}
		if pwStr, err := json.Marshal(f); err != nil {
			log.Fatal(err)
		} else {
			r := AuthenticatedRequestWithBody(app, "PUT", "/api/v1/users/uqxc08w3d0ej2283/password",
				string(pwStr), sessId)
			assert.Equal(t, http.StatusBadRequest, r.Code)
		}
	})

	t.Run("friend: change password to same", func(t *testing.T) {
		app, router, conf := NewApiTest()
		conf.SetPublic(false)
		defer conf.SetPublic(true)
		ChangePassword(router)
		sessId := AuthenticateUser(app, router, "friend", "!Friend321")

		f := form.ChangePassword{
			OldPassword: "!Friend321",
			NewPassword: "!Friend321",
		}
		if pwStr, err := json.Marshal(f); err != nil {
			log.Fatal(err)
		} else {
			r := AuthenticatedRequestWithBody(app, "PUT", "/api/v1/users/uqxqg7i1kperxvu7/password",
				string(pwStr), sessId)
			assert.Equal(t, http.StatusOK, r.Code)
		}
	})

	t.Run("bob: change alice's password", func(t *testing.T) {
		app, router, conf := NewApiTest()
		conf.SetPublic(false)
		defer conf.SetPublic(true)
		ChangePassword(router)
		sessId := AuthenticateUser(app, router, "bob", "Bobbob123!")

		f := form.ChangePassword{
			OldPassword: "aliceinwonderland",
			NewPassword: "bobinwonderland",
		}
		if pwStr, err := json.Marshal(f); err != nil {
			log.Fatal(err)
		} else {
			r := AuthenticatedRequestWithBody(app, "PUT", "/api/v1/users/uqxetse3cy5eo9z2/password",
				string(pwStr), sessId)
			assert.Equal(t, http.StatusUnauthorized, r.Code)
		}
	})

}
Backend: Add unit tests for internal/api 2020-07-14 15:59:50 +00:00			`package api`

			`import (`
Auth: add change password tests #98 2021-08-11 10:43:53 +00:00			`"encoding/json"`
Backend: Add unit tests for internal/api 2020-07-14 15:59:50 +00:00			`"net/http"`
			`"testing"`
Backend: Format go imports 2020-11-21 17:08:41 +00:00
Run make fmt 2021-08-11 11:23:17 +00:00			`"github.com/photoprism/photoprism/internal/form"`

Backend: Format go imports 2020-11-21 17:08:41 +00:00			`"github.com/stretchr/testify/assert"`
Backend: Add unit tests for internal/api 2020-07-14 15:59:50 +00:00			`)`

			`func TestChangePassword(t *testing.T) {`
Backend: Refactor user entity and add pro package Signed-off-by: Michael Mayer <michael@liquidbytes.net> 2020-10-03 11:50:30 +00:00			`t.Run("not existing user", func(t *testing.T) {`
Backend: Add unit tests for internal/api 2020-07-14 15:59:50 +00:00			`app, router, _ := NewApiTest()`
			`ChangePassword(router)`
			r := PerformRequestWithBody(app, "PUT", "/api/v1/users/xxx/password", `{}`)
Backend: Add unit tests for internal/api 2020-07-14 16:08:39 +00:00			`assert.Equal(t, http.StatusForbidden, r.Code)`
Backend: Add unit tests for internal/api 2020-07-14 15:59:50 +00:00			`})`
			`}`
Auth: add change password tests #98 2021-08-11 10:43:53 +00:00
			`func TestChangeUserPasswords(t *testing.T) {`
			`t.Run("alice: change password invalid", func(t *testing.T) {`
			`app, router, conf := NewApiTest()`
			`conf.SetPublic(false)`
			`defer conf.SetPublic(true)`
			`ChangePassword(router)`
			`sessId := AuthenticateUser(app, router, "alice", "Alice123!")`

			`f := form.ChangePassword{`
			`OldPassword: "someonewhoisntalice",`
			`NewPassword: "aliceinwonderland",`
			`}`
			`if pwStr, err := json.Marshal(f); err != nil {`
			`log.Fatal(err)`
			`} else {`
			`r := AuthenticatedRequestWithBody(app, "PUT", "/api/v1/users/uqxetse3cy5eo9z2/password",`
			`string(pwStr), sessId)`
			`assert.Equal(t, http.StatusBadRequest, r.Code)`
			`}`
			`})`
			`t.Run("alice: change password valid", func(t *testing.T) {`
			`app, router, conf := NewApiTest()`
			`conf.SetPublic(false)`
			`defer conf.SetPublic(true)`
			`ChangePassword(router)`
			`sessId := AuthenticateUser(app, router, "alice", "Alice123!")`

			`f := form.ChangePassword{`
			`OldPassword: "Alice123!",`
			`NewPassword: "aliceinwonderland",`
			`}`
			`if pwStr, err := json.Marshal(f); err != nil {`
			`log.Fatal(err)`
			`} else {`
			`r := AuthenticatedRequestWithBody(app, "PUT", "/api/v1/users/uqxetse3cy5eo9z2/password",`
			`string(pwStr), sessId)`
			`assert.Equal(t, http.StatusOK, r.Code)`
			`}`
			`})`
			`t.Run("alice as admin: change bob's password", func(t *testing.T) {`
			`app, router, conf := NewApiTest()`
			`conf.SetPublic(false)`
			`defer conf.SetPublic(true)`
			`ChangePassword(router)`
			`sessId := AuthenticateUser(app, router, "alice", "aliceinwonderland")`

			`f := form.ChangePassword{`
			`OldPassword: "Bobbob123!",`
			`NewPassword: "helloworld",`
			`}`
			`if pwStr, err := json.Marshal(f); err != nil {`
			`log.Fatal(err)`
			`} else {`
			`r := AuthenticatedRequestWithBody(app, "PUT", "/api/v1/users/uqxc08w3d0ej2283/password",`
			`string(pwStr), sessId)`
Auth: adapt tests for recent changes 2021-08-12 18:29:15 +00:00			`assert.Equal(t, http.StatusUnauthorized, r.Code)`
Auth: add change password tests #98 2021-08-11 10:43:53 +00:00			`}`
			`})`
Auth: adapt tests for recent changes 2021-08-12 18:29:15 +00:00			`t.Run("bob: change wrong password", func(t *testing.T) {`
Auth: add change password tests #98 2021-08-11 10:43:53 +00:00			`app, router, conf := NewApiTest()`
			`conf.SetPublic(false)`
			`defer conf.SetPublic(true)`
			`ChangePassword(router)`
Auth: adapt tests for recent changes 2021-08-12 18:29:15 +00:00			`sessId := AuthenticateUser(app, router, "bob", "Bobbob123!")`
Auth: add change password tests #98 2021-08-11 10:43:53 +00:00
			`f := form.ChangePassword{`
			`OldPassword: "helloworld",`
			`NewPassword: "Bobbob123!",`
			`}`
			`if pwStr, err := json.Marshal(f); err != nil {`
			`log.Fatal(err)`
			`} else {`
			`r := AuthenticatedRequestWithBody(app, "PUT", "/api/v1/users/uqxc08w3d0ej2283/password",`
			`string(pwStr), sessId)`
Auth: adapt tests for recent changes 2021-08-12 18:29:15 +00:00			`assert.Equal(t, http.StatusBadRequest, r.Code)`
			`}`
			`})`

			`t.Run("friend: change password to same", func(t *testing.T) {`
			`app, router, conf := NewApiTest()`
			`conf.SetPublic(false)`
			`defer conf.SetPublic(true)`
			`ChangePassword(router)`
			`sessId := AuthenticateUser(app, router, "friend", "!Friend321")`

			`f := form.ChangePassword{`
			`OldPassword: "!Friend321",`
			`NewPassword: "!Friend321",`
			`}`
			`if pwStr, err := json.Marshal(f); err != nil {`
			`log.Fatal(err)`
			`} else {`
			`r := AuthenticatedRequestWithBody(app, "PUT", "/api/v1/users/uqxqg7i1kperxvu7/password",`
			`string(pwStr), sessId)`
			`assert.Equal(t, http.StatusOK, r.Code)`
Auth: add change password tests #98 2021-08-11 10:43:53 +00:00			`}`
			`})`

			`t.Run("bob: change alice's password", func(t *testing.T) {`
			`app, router, conf := NewApiTest()`
			`conf.SetPublic(false)`
			`defer conf.SetPublic(true)`
			`ChangePassword(router)`
			`sessId := AuthenticateUser(app, router, "bob", "Bobbob123!")`

			`f := form.ChangePassword{`
			`OldPassword: "aliceinwonderland",`
			`NewPassword: "bobinwonderland",`
			`}`
			`if pwStr, err := json.Marshal(f); err != nil {`
			`log.Fatal(err)`
			`} else {`
			`r := AuthenticatedRequestWithBody(app, "PUT", "/api/v1/users/uqxetse3cy5eo9z2/password",`
			`string(pwStr), sessId)`
			`assert.Equal(t, http.StatusUnauthorized, r.Code)`
			`}`
			`})`

			`}`