beenull/photoprism
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

Auth: fix wrong api test init sequence #98

Browse source
This commit is contained in:
Timo Volkmann 2021-08-11 12:47:13 +02:00
parent 371a9b3c45
commit daf81b20ee
3 changed files with 26 additions and 41 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
internal/api/account_test.go
View file

@ -12,8 +12,9 @@ import (
func TestGetAccounts(t *testing.T) { func TestGetAccounts(t *testing.T) {
t.Run("successful request", func(t *testing.T) { t.Run("successful request", func(t *testing.T) {
app, router, _, sess := NewAdminApiTest() app, router, _ := NewApiTest()
GetAccounts(router) GetAccounts(router)
sess := AuthenticateAdmin(app, router)
r := AuthenticatedRequest(app, "GET", "/api/v1/accounts?count=10", sess) r := AuthenticatedRequest(app, "GET", "/api/v1/accounts?count=10", sess)
val := gjson.Get(r.Body.String(), "#(AccName=\"Test Account\").AccURL") val := gjson.Get(r.Body.String(), "#(AccName=\"Test Account\").AccURL")
count := gjson.Get(r.Body.String(), "#") count := gjson.Get(r.Body.String(), "#")

35
internal/api/api_test.go
View file

@ -1,7 +1,6 @@
package api package api
import ( import (
"bytes"
"encoding/json" "encoding/json"
"net/http" "net/http"
"net/http/httptest" "net/http/httptest"
@ -25,15 +24,15 @@ func NewApiTest() (app *gin.Engine, router *gin.RouterGroup, conf *config.Config
return app, router, service.Config() return app, router, service.Config()
} }
// NewAdminApiTest returns new API test helper with authenticated admin session. // AuthenticateAdmin Register session routes and returns valid SessionId.
func NewAdminApiTest() (app *gin.Engine, router *gin.RouterGroup, conf *config.Config, sessId string) { // Call this func after registering other routes and before performing other requests.
return NewAuthApiTest("admin", "photoprism") func AuthenticateAdmin(app *gin.Engine, router *gin.RouterGroup) (sessId string) {
return AuthenticateUser(app, router, "admin", "photoprism")
} }
// NewAuthApiTest returns new API test helper with authenticated admin session. // AuthenticateUser Register session routes and returns valid SessionId.
func NewAuthApiTest(username string, password string) (app *gin.Engine, router *gin.RouterGroup, conf *config.Config, sessId string) { // Call this func after registering other routes and before performing other requests.
app = gin.New() func AuthenticateUser(app *gin.Engine, router *gin.RouterGroup, username string, password string) (sessId string) {
router = app.Group("/api/v1")
CreateSession(router) CreateSession(router)
f := form.Login{ f := form.Login{
UserName: username, UserName: username,
@ -43,13 +42,9 @@ func NewAuthApiTest(username string, password string) (app *gin.Engine, router *
if err != nil { if err != nil {
log.Fatal(err) log.Fatal(err)
} }
reader := bytes.NewReader(loginStr) r0 := PerformRequestWithBody(app, http.MethodPost, "/api/v1/session", string(loginStr))
req, _ := http.NewRequest("POST", "/api/v1/session", reader) sessId = r0.Header().Get("X-Session-ID")
w := httptest.NewRecorder() return
app.ServeHTTP(w, req)
sessId = w.Header().Get("X-Session-ID")
gin.SetMode(gin.TestMode)
return app, router, service.Config(), sessId
} }
// Performs API request with empty request body. // Performs API request with empty request body.
@ -79,6 +74,16 @@ func PerformRequestWithBody(r http.Handler, method, path, body string) *httptest
return w return w
} }
// Performs authenticated API request including request body as string.
func AuthenticatedRequestWithBody(r http.Handler, method, path, body string, sessionId string) *httptest.ResponseRecorder {
reader := strings.NewReader(body)
req, _ := http.NewRequest(method, path, reader)
req.Header.Add("X-Session-ID", sessionId)
w := httptest.NewRecorder()
r.ServeHTTP(w, req)
return w
}
func TestMain(m *testing.M) { func TestMain(m *testing.M) {
log = logrus.StandardLogger() log = logrus.StandardLogger()
log.SetLevel(logrus.DebugLevel) log.SetLevel(logrus.DebugLevel)

29
internal/api/session_test.go
View file

@ -1,12 +1,9 @@
package api package api
import ( import (
"encoding/json"
"net/http" "net/http"
"testing" "testing"
"github.com/photoprism/photoprism/internal/form"
"github.com/photoprism/photoprism/internal/i18n" "github.com/photoprism/photoprism/internal/i18n"
"github.com/stretchr/testify/assert" "github.com/stretchr/testify/assert"
"github.com/tidwall/gjson" "github.com/tidwall/gjson"
@ -80,36 +77,18 @@ func TestCreateSession(t *testing.T) {
func TestDeleteSession(t *testing.T) { func TestDeleteSession(t *testing.T) {
t.Run("delete admin session", func(t *testing.T) { t.Run("delete admin session", func(t *testing.T) {
app, router, _ := NewApiTest() app, router, _ := NewApiTest()
CreateSession(router)
DeleteSession(router) DeleteSession(router)
f := form.Login{
UserName: "admin", sessId := AuthenticateAdmin(app, router)
Password: "photoprism",
}
loginStr, err := json.Marshal(f)
if err != nil {
log.Fatal(err)
}
r0 := PerformRequestWithBody(app, http.MethodPost, "/api/v1/session", string(loginStr))
sessId := r0.Header().Get("X-Session-ID")
r := PerformRequest(app, http.MethodDelete, "/api/v1/session/"+sessId) r := PerformRequest(app, http.MethodDelete, "/api/v1/session/"+sessId)
assert.Equal(t, http.StatusOK, r.Code) assert.Equal(t, http.StatusOK, r.Code)
}) })
t.Run("delete user session", func(t *testing.T) { t.Run("delete user session", func(t *testing.T) {
app, router, _ := NewApiTest() app, router, _ := NewApiTest()
CreateSession(router)
DeleteSession(router) DeleteSession(router)
f := form.Login{
UserName: "alice", sessId := AuthenticateUser(app, router, "alice", "Alice123!")
Password: "Alice123!",
}
loginStr, err := json.Marshal(f)
if err != nil {
log.Fatal(err)
}
r0 := PerformRequestWithBody(app, http.MethodPost, "/api/v1/session", string(loginStr))
sessId := r0.Header().Get("X-Session-ID")
r := PerformRequest(app, http.MethodDelete, "/api/v1/session/"+sessId) r := PerformRequest(app, http.MethodDelete, "/api/v1/session/"+sessId)
assert.Equal(t, http.StatusOK, r.Code) assert.Equal(t, http.StatusOK, r.Code)