From b875f2668d9605b90d7d2acb0ea8ec4da2f62fec Mon Sep 17 00:00:00 2001 From: Josef Moravec Date: Tue, 26 Feb 2019 09:16:05 +0000 Subject: [PATCH] Bug 19661: (follow-up) Use Basic auth in tests Test plan: prove t/db_dependent/api/v1/acquisitions_funds.t Signed-off-by: Josef Moravec Signed-off-by: Martin Renvoize Signed-off-by: Nick Clemens (cherry picked from commit 48484173e26bf9859984860a17089f09de5c8b6a) Signed-off-by: Martin Renvoize --- t/db_dependent/api/v1/acquisitions_funds.t | 85 ++++++---------------- 1 file changed, 22 insertions(+), 63 deletions(-) diff --git a/t/db_dependent/api/v1/acquisitions_funds.t b/t/db_dependent/api/v1/acquisitions_funds.t index 3408118647..910f6be8ce 100644 --- a/t/db_dependent/api/v1/acquisitions_funds.t +++ b/t/db_dependent/api/v1/acquisitions_funds.t @@ -22,25 +22,35 @@ use Test::Mojo; use t::lib::TestBuilder; use t::lib::Mocks; -use C4::Auth; -use C4::Context; use C4::Budgets; use Koha::Database; -use Koha::Patron; my $schema = Koha::Database->new->schema; my $builder = t::lib::TestBuilder->new(); $schema->storage->txn_begin; -# FIXME: sessionStorage defaults to mysql, but it seems to break transaction handling -# this affects the other REST api tests -t::lib::Mocks::mock_preference( 'SessionStorage', 'tmp' ); +t::lib::Mocks::mock_preference( 'RESTBasicAuth', 1 ); -$ENV{REMOTE_ADDR} = '127.0.0.1'; my $t = Test::Mojo->new('Koha::REST::V1'); +my $librarian = $builder->build_object({ + class => 'Koha::Patrons', + value => { flags => 2052 } +}); +my $password = 'thePassword123'; +$librarian->set_password({ password => $password, skip_validation => 1 }); +my $userid = $librarian->userid; + +my $patron = $builder->build_object({ + class => 'Koha::Patrons', + value => { flags => 0 } +}); +my $unauth_password = 'thePassword123'; +$patron->set_password({ password => $unauth_password, skip_validation => 1 }); +my $unauth_userid = $patron->userid; + my $fund1 = { budget_code => 'ABCD', budget_amount => '123.132000', @@ -56,70 +66,19 @@ $t->get_ok('/api/v1/acquisitions/funds') $t->get_ok('/api/v1/acquisitions/funds/?name=testFund') ->status_is(401); -my ( $borrowernumber, $session_id ) - #= create_user_and_session( { authorized => 1 } ); - = create_user_and_session( ); - -my $tx = $t->ua->build_tx(GET => '/api/v1/acquisitions/funds'); -$tx->req->cookies({name => 'CGISESSID', value => $session_id}); -$tx->req->env({REMOTE_ADDR => '127.0.0.1'}); -$t->request_ok($tx) +$t->get_ok("//$unauth_userid:$unauth_password@/api/v1/acquisitions/funds") ->status_is(403); -$tx = $t->ua->build_tx(GET => "/api/v1/acquisitions/funds/?name=" . $fund1->{ budget_name }); -$tx->req->cookies({name => 'CGISESSID', value => $session_id}); -$tx->req->env({REMOTE_ADDR => '127.0.0.1'}); -$t->request_ok($tx) +$t->get_ok("//$unauth_userid:$unauth_password@/api/v1/acquisitions/funds/?name=" . $fund1->{ budget_name }) ->status_is(403); -( $borrowernumber, $session_id ) - = create_user_and_session( { authorized => 1 } ); - -$tx = $t->ua->build_tx(GET => '/api/v1/acquisitions/funds'); -$tx->req->cookies({name => 'CGISESSID', value => $session_id}); -$tx->req->env({REMOTE_ADDR => '127.0.0.1'}); -$t->request_ok($tx) +$t->get_ok("//$userid:$password@/api/v1/acquisitions/funds") ->status_is(200); -$tx = $t->ua->build_tx(GET => "/api/v1/acquisitions/funds/?name=" . $fund1->{ budget_name }); -$tx->req->cookies({name => 'CGISESSID', value => $session_id}); -$tx->req->env({REMOTE_ADDR => '127.0.0.1'}); -$t->request_ok($tx) +$t->get_ok("//$userid:$password@/api/v1/acquisitions/funds/?name=" . $fund1->{ budget_name }) ->status_is(200) ->json_like('/0/name' => qr/$fund1->{ budget_name }/); $schema->storage->txn_rollback; -sub create_user_and_session { - - my $args = shift; - my $flags = ( $args->{authorized} ) ? 2052 : 0; - - # my $flags = ( $args->{authorized} ) ? $args->{authorized} : 0; - my $dbh = C4::Context->dbh; - - my $user = $builder->build( - { source => 'Borrower', - value => { flags => $flags } - } - ); - - # Create a session for the authorized user - my $session = C4::Auth::get_session(''); - $session->param( 'number', $user->{borrowernumber} ); - $session->param( 'id', $user->{userid} ); - $session->param( 'ip', '127.0.0.1' ); - $session->param( 'lasttime', time() ); - $session->flush; - - if ( $args->{authorized} ) { - $dbh->do( - q{ - INSERT INTO user_permissions (borrowernumber,module_bit,code) - VALUES (?,11,'budget_manage_all')}, - undef, $user->{borrowernumber} - ); - } - - return ( $user->{borrowernumber}, $session->id ); -} +1; -- 2.39.5