diff --git a/internal/entity/auth_session_login_test.go b/internal/entity/auth_session_login_test.go index 66cd53468..5d22c4772 100644 --- a/internal/entity/auth_session_login_test.go +++ b/internal/entity/auth_session_login_test.go @@ -5,11 +5,84 @@ import ( "net/http/httptest" "testing" + "github.com/photoprism/photoprism/pkg/authn" + "github.com/gin-gonic/gin" "github.com/photoprism/photoprism/internal/form" ) +func TestAuthLocal(t *testing.T) { + t.Run("Alice", func(t *testing.T) { + + m := FindSessionByRefID("sessxkkcabch") + + u := FindUserByName("alice") + + frm := form.Login{ + UserName: "alice", + Password: "Alice123!", + } + + if err := AuthLocal(u, frm, m); err != nil { + t.Fatal(err) + } + }) + t.Run("Wrong credentials", func(t *testing.T) { + + m := FindSessionByRefID("sessxkkcabch") + + u := FindUserByName("alice") + + frm := form.Login{ + UserName: "alice", + Password: "photoprism", + } + + if err := AuthLocal(u, frm, m); err == nil { + t.Fatal("auth should fail") + } + }) + t.Run("No login rights", func(t *testing.T) { + + m := &Session{} + + u := FindUserByName("friend") + + u.CanLogin = false + + frm := form.Login{ + UserName: "friend", + Password: "!Friend321", + } + + if err := AuthLocal(u, frm, m); err == nil { + t.Fatal("auth should fail") + } + + u.CanLogin = true + }) + t.Run("Authentication disabled", func(t *testing.T) { + + m := &Session{} + + u := FindUserByName("friend") + + u.SetProvider(authn.ProviderNone) + + frm := form.Login{ + UserName: "friend", + Password: "!Friend321", + } + + if err := AuthLocal(u, frm, m); err == nil { + t.Fatal("auth should fail") + } + + u.SetProvider(authn.ProviderLocal) + }) +} + func TestSessionLogIn(t *testing.T) { const clientIp = "1.2.3.4" @@ -68,6 +141,81 @@ func TestSessionLogIn(t *testing.T) { ctx.Request = httptest.NewRequest(http.MethodPost, "/api/v1/session", form.AsReader(frm)) ctx.Request.RemoteAddr = "1.2.3.4" + // Try to log in. + if err := m.LogIn(frm, ctx); err == nil { + t.Fatal("login should fail") + } + }) + t.Run("Unknown user with token", func(t *testing.T) { + m := NewSession(UnixDay, UnixHour*6) + m.SetClientIP(clientIp) + + // Create login form. + frm := form.Login{ + AuthToken: "1jxf3jfn2k", + } + + // Create HTTP request. + ctx.Request = httptest.NewRequest(http.MethodPost, "/api/v1/session", form.AsReader(frm)) + ctx.Request.RemoteAddr = "1.2.3.4" + + // Try to log in. + if err := m.LogIn(frm, ctx); err != nil { + t.Fatal(err) + } + }) + + t.Run("Unknown user with invalid token", func(t *testing.T) { + m := NewSession(UnixDay, UnixHour*6) + m.SetClientIP(clientIp) + + // Create login form. + frm := form.Login{ + AuthToken: "1jxf3jfxxx", + } + + // Create HTTP request. + ctx.Request = httptest.NewRequest(http.MethodPost, "/api/v1/session", form.AsReader(frm)) + ctx.Request.RemoteAddr = "1.2.3.4" + + // Try to log in. + if err := m.LogIn(frm, ctx); err == nil { + t.Fatal("login should fail") + } + }) + + t.Run("Known user with token", func(t *testing.T) { + m := FindSessionByRefID("sessxkkcabch") + m.SetClientIP(clientIp) + + // Create login form. + frm := form.Login{ + AuthToken: "1jxf3jfn2k", + } + + // Create HTTP request. + ctx.Request = httptest.NewRequest(http.MethodPost, "/api/v1/session", form.AsReader(frm)) + ctx.Request.RemoteAddr = "1.2.3.4" + + // Try to log in. + if err := m.LogIn(frm, ctx); err != nil { + t.Fatal(err) + } + }) + + t.Run("Known user with invalid token", func(t *testing.T) { + m := FindSessionByRefID("sessxkkcabch") + m.SetClientIP(clientIp) + + // Create login form. + frm := form.Login{ + AuthToken: "1jxf3jfxxx", + } + + // Create HTTP request. + ctx.Request = httptest.NewRequest(http.MethodPost, "/api/v1/session", form.AsReader(frm)) + ctx.Request.RemoteAddr = "1.2.3.4" + // Try to log in. if err := m.LogIn(frm, ctx); err == nil { t.Fatal("login should fail")