From 02aa348f653a46cae671f5949a27a205bd5cb4fa Mon Sep 17 00:00:00 2001 From: Tomas Cohen Arazi Date: Tue, 5 Feb 2019 08:24:31 -0300 Subject: [PATCH] Bug 16497: Refactor tests using BASIC authentication Signed-off-by: Tomas Cohen Arazi Signed-off-by: Nick Clemens --- t/db_dependent/api/v1/libraries.t | 232 +++++++++++------------------- 1 file changed, 81 insertions(+), 151 deletions(-) diff --git a/t/db_dependent/api/v1/libraries.t b/t/db_dependent/api/v1/libraries.t index bd74dd3e34..5ac8eccade 100644 --- a/t/db_dependent/api/v1/libraries.t +++ b/t/db_dependent/api/v1/libraries.t @@ -24,39 +24,39 @@ use Test::Warn; use t::lib::TestBuilder; use t::lib::Mocks; -use C4::Auth; use Koha::Libraries; use Koha::Database; my $schema = Koha::Database->new->schema; my $builder = t::lib::TestBuilder->new; -# FIXME: sessionStorage defaults to mysql, but it seems to break transaction handling -# this affects the other REST api tests -t::lib::Mocks::mock_preference( 'SessionStorage', 'tmp' ); +t::lib::Mocks::mock_preference( 'RESTBasicAuth', 1 ); -my $remote_address = '127.0.0.1'; -my $t = Test::Mojo->new('Koha::REST::V1'); +my $t = Test::Mojo->new('Koha::REST::V1'); subtest 'list() tests' => sub { plan tests => 8; $schema->storage->txn_begin; + my $patron = $builder->build_object({ + class => 'Koha::Patrons', + value => { flags => 4 } + }); + my $password = 'thePassword123'; + $patron->set_password({ password => $password, skip_validation => 1 }); + my $userid = $patron->userid; + # Create test context my $library = $builder->build_object({ class => 'Koha::Libraries' }); my $another_library = $library->unblessed; # create a copy of $library but make delete $another_library->{branchcode}; # sure branchcode will be regenerated $another_library = $builder->build_object({ class => 'Koha::Libraries', value => $another_library }); - my ( $borrowernumber, $session_id ) = create_user_and_session( { authorized => 1 } ); ## Authorized user tests my $count_of_libraries = Koha::Libraries->search->count; # Make sure we are returned with the correct amount of libraries - my $tx = $t->ua->build_tx( GET => '/api/v1/libraries' ); - $tx->req->cookies( { name => 'CGISESSID', value => $session_id } ); - $tx->req->env( { REMOTE_ADDR => $remote_address } ); - $t->request_ok($tx) + $t->get_ok( "//$userid:$password@/api/v1/libraries" ) ->status_is( 200, 'SWAGGER3.2.2' ) ->json_has('/'.($count_of_libraries-1).'/library_id') ->json_hasnt('/'.($count_of_libraries).'/library_id'); @@ -89,22 +89,15 @@ subtest 'list() tests' => sub { foreach my $field ( keys %{$fields} ) { my $model_field = $fields->{ $field }; - $tx = $t->ua->build_tx( GET => - "/api/v1/libraries?$field=" . $library->$model_field ); - $tx->req->cookies( { name => 'CGISESSID', value => $session_id } ); - $tx->req->env( { REMOTE_ADDR => $remote_address } ); my $result = - $t->request_ok($tx) + $t->get_ok("//$userid:$password@/api/v1/libraries?$field=" . $library->$model_field) ->status_is(200) ->json_has( [ $library, $another_library ] ); } }; # Warn on unsupported query parameter - $tx = $t->ua->build_tx( GET => '/api/v1/libraries?library_blah=blah' ); - $tx->req->cookies( { name => 'CGISESSID', value => $session_id } ); - $tx->req->env( { REMOTE_ADDR => $remote_address } ); - $t->request_ok($tx) + $t->get_ok( "//$userid:$password@/api/v1/libraries?library_blah=blah" ) ->status_is(400) ->json_is( [{ path => '/query/library_blah', message => 'Malformed query string'}] ); @@ -118,23 +111,22 @@ subtest 'get() tests' => sub { $schema->storage->txn_begin; my $library = $builder->build_object( { class => 'Koha::Libraries' } ); - my ( $borrowernumber, $session_id ) = - create_user_and_session( { authorized => 1 } ); - - my $tx = $t->ua->build_tx( GET => "/api/v1/libraries/" . $library->branchcode ); - $tx->req->cookies( { name => 'CGISESSID', value => $session_id } ); - $tx->req->env( { REMOTE_ADDR => $remote_address } ); - $t->request_ok($tx) + my $patron = $builder->build_object({ + class => 'Koha::Patrons', + value => { flags => 4 } + }); + my $password = 'thePassword123'; + $patron->set_password({ password => $password, skip_validation => 1 }); + my $userid = $patron->userid; + + $t->get_ok( "//$userid:$password@/api/v1/libraries/" . $library->branchcode ) ->status_is( 200, 'SWAGGER3.2.2' ) ->json_is( '' => Koha::REST::V1::Library::_to_api( $library->TO_JSON ), 'SWAGGER3.3.2' ); my $non_existent_code = $library->branchcode; $library->delete; - $tx = $t->ua->build_tx( GET => "/api/v1/libraries/" . $non_existent_code ); - $tx->req->cookies( { name => 'CGISESSID', value => $session_id } ); - $tx->req->env( { REMOTE_ADDR => $remote_address } ); - $t->request_ok($tx) + $t->get_ok( "//$userid:$password@/api/v1/libraries/" . $non_existent_code ) ->status_is(404) ->json_is( '/error' => 'Library not found' ); @@ -147,33 +139,34 @@ subtest 'add() tests' => sub { $schema->storage->txn_begin; - my ( $unauthorized_borrowernumber, $unauthorized_session_id ) = - create_user_and_session( { authorized => 0 } ); - my ( $authorized_borrowernumber, $authorized_session_id ) = - create_user_and_session( { authorized => 1 } ); + my $authorized_patron = $builder->build_object({ + class => 'Koha::Patrons', + value => { flags => 1 } + }); + my $password = 'thePassword123'; + $authorized_patron->set_password({ password => $password, skip_validation => 1 }); + my $auth_userid = $authorized_patron->userid; + + my $unauthorized_patron = $builder->build_object({ + class => 'Koha::Patrons', + value => { flags => 4 } + }); + $unauthorized_patron->set_password({ password => $password, skip_validation => 1 }); + my $unauth_userid = $unauthorized_patron->userid; my $library_obj = $builder->build_object({ class => 'Koha::Libraries' }); my $library = Koha::REST::V1::Library::_to_api( $library_obj->TO_JSON ); $library_obj->delete; # Unauthorized attempt to write - my $tx = $t->ua->build_tx( POST => "/api/v1/libraries" => json => $library ); - $tx->req->cookies( - { name => 'CGISESSID', value => $unauthorized_session_id } ); - $tx->req->env( { REMOTE_ADDR => $remote_address } ); - $t->request_ok($tx) + $t->post_ok( "//$unauth_userid:$password@/api/v1/libraries" => json => $library ) ->status_is(403); # Authorized attempt to write invalid data my $library_with_invalid_field = { %$library }; $library_with_invalid_field->{'branchinvalid'} = 'Library invalid'; - $tx = $t->ua->build_tx( - POST => "/api/v1/libraries" => json => $library_with_invalid_field ); - $tx->req->cookies( - { name => 'CGISESSID', value => $authorized_session_id } ); - $tx->req->env( { REMOTE_ADDR => $remote_address } ); - $t->request_ok($tx) + $t->post_ok( "//$auth_userid:$password@/api/v1/libraries" => json => $library_with_invalid_field ) ->status_is(400) ->json_is( "/errors" => [ @@ -185,11 +178,7 @@ subtest 'add() tests' => sub { ); # Authorized attempt to write - $tx = $t->ua->build_tx( POST => "/api/v1/libraries" => json => $library ); - $tx->req->cookies( - { name => 'CGISESSID', value => $authorized_session_id } ); - $tx->req->env( { REMOTE_ADDR => $remote_address } ); - $t->request_ok($tx) + $t->post_ok( "//$auth_userid:$password@/api/v1/libraries" => json => $library ) ->status_is( 201, 'SWAGGER3.2.1' ) ->json_is( '' => $library, 'SWAGGER3.3.1' ) ->header_is( Location => '/api/v1/libraries/' . $library->{library_id}, 'SWAGGER3.4.1' ); @@ -198,25 +187,16 @@ subtest 'add() tests' => sub { my $library_id = $library->{library_id}; # Authorized attempt to create with null id $library->{library_id} = undef; - $tx = $t->ua->build_tx( - POST => "/api/v1/libraries" => json => $library ); - $tx->req->cookies( - { name => 'CGISESSID', value => $authorized_session_id } ); - $tx->req->env( { REMOTE_ADDR => $remote_address } ); - $t->request_ok($tx) + + $t->post_ok( "//$auth_userid:$password@/api/v1/libraries" => json => $library ) ->status_is(400) ->json_has('/errors'); # Authorized attempt to create with existing id $library->{library_id} = $library_id; - $tx = $t->ua->build_tx( - POST => "/api/v1/libraries" => json => $library ); - $tx->req->cookies( - { name => 'CGISESSID', value => $authorized_session_id } ); - $tx->req->env( { REMOTE_ADDR => $remote_address } ); warning_like { - $t->request_ok($tx) + $t->post_ok( "//$auth_userid:$password@/api/v1/libraries" => json => $library ) ->status_is(409) ->json_has( '/error' => "Fails when trying to add an existing library_id") ->json_is( '/conflict', 'PRIMARY' ); } # WTF @@ -230,21 +210,27 @@ subtest 'update() tests' => sub { $schema->storage->txn_begin; - my ( $unauthorized_borrowernumber, $unauthorized_session_id ) = - create_user_and_session( { authorized => 0 } ); - my ( $authorized_borrowernumber, $authorized_session_id ) = - create_user_and_session( { authorized => 1 } ); + my $authorized_patron = $builder->build_object({ + class => 'Koha::Patrons', + value => { flags => 1 } + }); + my $password = 'thePassword123'; + $authorized_patron->set_password({ password => $password, skip_validation => 1 }); + my $auth_userid = $authorized_patron->userid; + + my $unauthorized_patron = $builder->build_object({ + class => 'Koha::Patrons', + value => { flags => 4 } + }); + $unauthorized_patron->set_password({ password => $password, skip_validation => 1 }); + my $unauth_userid = $unauthorized_patron->userid; my $library = $builder->build_object({ class => 'Koha::Libraries' }); my $library_id = $library->branchcode; # Unauthorized attempt to update - my $tx = $t->ua->build_tx( PUT => "/api/v1/libraries/$library_id" - => json => { branchname => 'New unauthorized name change' } ); - $tx->req->cookies( - { name => 'CGISESSID', value => $unauthorized_session_id } ); - $tx->req->env( { REMOTE_ADDR => $remote_address } ); - $t->request_ok($tx) + $t->put_ok( "//$unauth_userid:$password@/api/v1/libraries/$library_id" + => json => { name => 'New unauthorized name change' } ) ->status_is(403); # Attempt partial update on a PUT @@ -252,12 +238,7 @@ subtest 'update() tests' => sub { address1 => "New library address", }; - $tx = $t->ua->build_tx( PUT => "/api/v1/libraries/$library_id" => - json => $library_with_missing_field ); - $tx->req->cookies( - { name => 'CGISESSID', value => $authorized_session_id } ); - $tx->req->env( { REMOTE_ADDR => $remote_address } ); - $t->request_ok($tx) + $t->put_ok( "//$auth_userid:$password@/api/v1/libraries/$library_id" => json => $library_with_missing_field ) ->status_is(400) ->json_has( "/errors" => [ { message => "Missing property.", path => "/body/address2" } ] @@ -268,10 +249,7 @@ subtest 'update() tests' => sub { $library_with_updated_field->{library_id} = $library_id; $deleted_library->delete; - $tx = $t->ua->build_tx( PUT => "/api/v1/libraries/$library_id" => json => $library_with_updated_field ); - $tx->req->cookies( { name => 'CGISESSID', value => $authorized_session_id } ); - $tx->req->env( { REMOTE_ADDR => $remote_address } ); - $t->request_ok($tx) + $t->put_ok( "//$auth_userid:$password@/api/v1/libraries/$library_id" => json => $library_with_updated_field ) ->status_is(200, 'SWAGGER3.2.1') ->json_is( '' => $library_with_updated_field, 'SWAGGER3.3.3' ); @@ -279,12 +257,7 @@ subtest 'update() tests' => sub { my $library_with_invalid_field = { %$library_with_updated_field }; $library_with_invalid_field->{'branchinvalid'} = 'Library invalid'; - $tx = $t->ua->build_tx( - PUT => "/api/v1/libraries/$library_id" => json => $library_with_invalid_field ); - $tx->req->cookies( - { name => 'CGISESSID', value => $authorized_session_id } ); - $tx->req->env( { REMOTE_ADDR => $remote_address } ); - $t->request_ok($tx) + $t->put_ok( "//$auth_userid:$password@/api/v1/libraries/$library_id" => json => $library_with_invalid_field ) ->status_is(400) ->json_is( "/errors" => [ @@ -296,13 +269,7 @@ subtest 'update() tests' => sub { ); my $non_existent_code = 'nope'.int(rand(10000)); - $tx = - $t->ua->build_tx( PUT => "/api/v1/libraries/$non_existent_code" => json => - $library_with_updated_field ); - $tx->req->cookies( - { name => 'CGISESSID', value => $authorized_session_id } ); - $tx->req->env( { REMOTE_ADDR => $remote_address } ); - $t->request_ok($tx) + $t->put_ok("//$auth_userid:$password@/api/v1/libraries/$non_existent_code" => json => $library_with_updated_field) ->status_is(404); $schema->storage->txn_rollback; @@ -313,70 +280,33 @@ subtest 'delete() tests' => sub { $schema->storage->txn_begin; - my ( $unauthorized_borrowernumber, $unauthorized_session_id ) = - create_user_and_session( { authorized => 0 } ); - my ( $authorized_borrowernumber, $authorized_session_id ) = - create_user_and_session( { authorized => 1 } ); + my $authorized_patron = $builder->build_object({ + class => 'Koha::Patrons', + value => { flags => 1 } + }); + my $password = 'thePassword123'; + $authorized_patron->set_password({ password => $password, skip_validation => 1 }); + my $auth_userid = $authorized_patron->userid; - my $branchcode = $builder->build( { source => 'Branch' } )->{branchcode}; + my $unauthorized_patron = $builder->build_object({ + class => 'Koha::Patrons', + value => { flags => 4 } + }); + $unauthorized_patron->set_password({ password => $password, skip_validation => 1 }); + my $unauth_userid = $unauthorized_patron->userid; + + my $library_id = $builder->build( { source => 'Branch' } )->{branchcode}; # Unauthorized attempt to delete - my $tx = $t->ua->build_tx( DELETE => "/api/v1/libraries/$branchcode" ); - $tx->req->cookies( - { name => 'CGISESSID', value => $unauthorized_session_id } ); - $tx->req->env( { REMOTE_ADDR => $remote_address } ); - $t->request_ok($tx) + $t->delete_ok( "//$unauth_userid:$password@/api/v1/libraries/$library_id" ) ->status_is(403); - $tx = $t->ua->build_tx( DELETE => "/api/v1/libraries/$branchcode" ); - $tx->req->cookies( - { name => 'CGISESSID', value => $authorized_session_id } ); - $tx->req->env( { REMOTE_ADDR => $remote_address } ); - $t->request_ok($tx) + $t->delete_ok( "//$auth_userid:$password@/api/v1/libraries/$library_id" ) ->status_is(204, 'SWAGGER3.2.4') ->content_is('', 'SWAGGER3.3.4'); - $tx = $t->ua->build_tx( DELETE => "/api/v1/libraries/$branchcode" ); - $tx->req->cookies( - { name => 'CGISESSID', value => $authorized_session_id } ); - $tx->req->env( { REMOTE_ADDR => $remote_address } ); - $t->request_ok($tx) + $t->delete_ok( "//$auth_userid:$password@/api/v1/libraries/$library_id" ) ->status_is(404); $schema->storage->txn_rollback; }; - -sub create_user_and_session { - - my $args = shift; - my $flags = ( $args->{authorized} ) ? $args->{authorized} : 0; - my $dbh = C4::Context->dbh; - - my $user = $builder->build( - { - source => 'Borrower', - value => { - flags => $flags - } - } - ); - - # Create a session for the authorized user - my $session = C4::Auth::get_session(''); - $session->param( 'number', $user->{borrowernumber} ); - $session->param( 'id', $user->{userid} ); - $session->param( 'ip', '127.0.0.1' ); - $session->param( 'lasttime', time() ); - $session->flush; - - if ( $args->{authorized} ) { - $dbh->do( " - INSERT INTO user_permissions (borrowernumber,module_bit,code) - VALUES (?,3,'parameters_remaining_permissions')", undef, - $user->{borrowernumber} ); - } - - return ( $user->{borrowernumber}, $session->id ); -} - -1; -- 2.39.5