From 3274099da4972fd5c028eaaa551c55dafcee95f6 Mon Sep 17 00:00:00 2001 From: Tomas Cohen Arazi Date: Thu, 26 May 2022 11:35:41 -0300 Subject: [PATCH] Bug 30855: (follow-up) Rewrite tests using Basic authentication Signed-off-by: Tomas Cohen Arazi Signed-off-by: David Nind Signed-off-by: Nick Clemens Signed-off-by: Tomas Cohen Arazi (cherry picked from commit b4ea3da6f1d1b6066317d885cb4a676a56e0f147) Signed-off-by: Lucas Gass --- t/db_dependent/api/v1/import_record_matches.t | 159 +++++++----------- 1 file changed, 65 insertions(+), 94 deletions(-) diff --git a/t/db_dependent/api/v1/import_record_matches.t b/t/db_dependent/api/v1/import_record_matches.t index aad5ae7c91..fd203c3125 100755 --- a/t/db_dependent/api/v1/import_record_matches.t +++ b/t/db_dependent/api/v1/import_record_matches.t @@ -19,23 +19,15 @@ use Modern::Perl; use Test::More tests => 1; use Test::Mojo; -use Test::Warn; use t::lib::TestBuilder; use t::lib::Mocks; -use C4::Auth; -use Koha::Import::Record::Matches; - my $schema = Koha::Database->new->schema; my $builder = t::lib::TestBuilder->new; -# FIXME: sessionStorage defaults to mysql, but it seems to break transaction handling -# this affects the other REST api tests -t::lib::Mocks::mock_preference( 'SessionStorage', 'tmp' ); - -my $remote_address = '127.0.0.1'; -my $t = Test::Mojo->new('Koha::REST::V1'); +my $t = Test::Mojo->new('Koha::REST::V1'); +t::lib::Mocks::mock_preference( 'RESTBasicAuth', 1 ); subtest 'import record matches tests' => sub { @@ -43,10 +35,35 @@ subtest 'import record matches tests' => sub { $schema->storage->txn_begin; - my ( $unauthorized_borrowernumber, $unauthorized_session_id ) = - create_user_and_session( { authorized => 0 } ); - my ( $authorized_borrowernumber, $authorized_session_id ) = - create_user_and_session( { authorized => 1 } ); + my $librarian = $builder->build_object( + { + class => 'Koha::Patrons', + value => { flags => 0 } + } + ); + + $builder->build({ + source => 'UserPermission', + value => { + borrowernumber => $librarian->id, + module_bit => 13, # tools + code => 'manage_staged_marc', + } + }); + + my $password = 'thePassword123'; + $librarian->set_password( { password => $password, skip_validation => 1 } ); + my $userid = $librarian->userid; + + my $patron = $builder->build_object( + { + class => 'Koha::Patrons', + value => { flags => 0 } + } + ); + + $patron->set_password( { password => $password, skip_validation => 1 } ); + my $unauth_userid = $patron->userid; my $match_1 = $builder->build_object({ class => 'Koha::Import::Record::Matches', @@ -65,60 +82,52 @@ subtest 'import record matches tests' => sub { my $del_import_batch_id = $del_match->import_record->import_batch_id; my $del_match_id = $del_match->import_record_id; - # Unauthorized attempt to update - my $tx = $t->ua->build_tx( - PUT => "/api/v1/import_batches/".$match_1->import_record->import_batch_id."/records/".$match_1->import_record_id."/matches/chosen"=> - json => { - candidate_match_id => $match_1->candidate_match_id - } - ); - $tx->req->cookies( - { name => 'CGISESSID', value => $unauthorized_session_id } ); - $tx->req->env( { REMOTE_ADDR => $remote_address } ); - $t->request_ok($tx)->status_is(403); + $t->put_ok( + "//$unauth_userid:$password@/api/v1/import_batches/" + . $match_1->import_record->import_batch_id + . "/records/" + . $match_1->import_record_id + . "/matches/chosen" => json => { + candidate_match_id => $match_1->candidate_match_id + } + )->status_is(403); # Invalid attempt to allow match on a non-existent record - $tx = $t->ua->build_tx( - PUT => "/api/v1/import_batches/".$del_import_batch_id."/records/".$del_match_id."/matches/chosen" => - json => { - candidate_match_id => $match_1->candidate_match_id - } - ); - - $tx->req->cookies( - { name => 'CGISESSID', value => $authorized_session_id } ); - $tx->req->env( { REMOTE_ADDR => $remote_address } ); $del_match->delete(); - $t->request_ok($tx)->status_is(404) - ->json_is( '/error' => "Match not found" ); + + $t->put_ok( + "//$userid:$password@/api/v1/import_batches/" + . $del_import_batch_id + . "/records/" + . $del_match_id + . "/matches/chosen" => json => { + candidate_match_id => $match_1->candidate_match_id + } + )->status_is(404)->json_is( '/error' => "Match not found" ); # Valid, authorised update - $tx = $t->ua->build_tx( - PUT => "/api/v1/import_batches/".$match_1->import_record->import_batch_id."/records/".$match_1->import_record_id."/matches/chosen" => - json => { - candidate_match_id => $match_1->candidate_match_id - } - ); - $tx->req->cookies( - { name => 'CGISESSID', value => $authorized_session_id } ); - $tx->req->env( { REMOTE_ADDR => $remote_address } ); - $t->request_ok($tx)->status_is(200); + $t->put_ok( + "//$userid:$password@/api/v1/import_batches/" + . $match_1->import_record->import_batch_id + . "/records/" + . $match_1->import_record_id + . "/matches/chosen" => json => { + candidate_match_id => $match_1->candidate_match_id + } + )->status_is(200); $match_1->discard_changes; $match_2->discard_changes; + ok( $match_1->chosen,"Match 1 is correctly set to chosen"); ok( !$match_2->chosen,"Match 2 correctly unset when match 1 is set"); # Valid unsetting - $tx = $t->ua->build_tx( - DELETE => "/api/v1/import_batches/".$match_1->import_record->import_batch_id."/records/".$match_1->import_record_id."/matches/chosen" => - json => { - } - ); - $tx->req->cookies( - { name => 'CGISESSID', value => $authorized_session_id } ); - $tx->req->env( { REMOTE_ADDR => $remote_address } ); - $t->request_ok($tx)->status_is(204); + $t->delete_ok( "//$userid:$password@/api/v1/import_batches/" + . $match_1->import_record->import_batch_id + . "/records/" + . $match_1->import_record_id + . "/matches/chosen" )->status_is(204); $match_1->discard_changes; $match_2->discard_changes; @@ -127,41 +136,3 @@ subtest 'import record matches tests' => sub { $schema->storage->txn_rollback; }; - -sub create_user_and_session { - - my $args = shift; - my $dbh = C4::Context->dbh; - - my $user = $builder->build( - { - source => 'Borrower', - value => { - flags => 0 - } - } - ); - - # Create a session for the authorized user - my $session = C4::Auth::get_session(''); - $session->param( 'number', $user->{borrowernumber} ); - $session->param( 'id', $user->{userid} ); - $session->param( 'ip', '127.0.0.1' ); - $session->param( 'lasttime', time() ); - $session->flush; - - if ( $args->{authorized} ) { - $builder->build({ - source => 'UserPermission', - value => { - borrowernumber => $user->{borrowernumber}, - module_bit => 13, - code => 'manage_staged_marc', - } - }); - } - - return ( $user->{borrowernumber}, $session->id ); -} - -1; -- 2.39.5