From 2e6b5483503e7feb0afc6ef526a675bde767dd8e Mon Sep 17 00:00:00 2001 From: Tomas Cohen Arazi Date: Tue, 2 Feb 2021 10:27:34 -0300 Subject: [PATCH] Bug 27587: Use Basic auth on API tests - stockrotationstage.t Signed-off-by: Tomas Cohen Arazi Signed-off-by: Martin Renvoize Signed-off-by: Jonathan Druart --- t/db_dependent/api/v1/stockrotationstage.t | 128 ++++++--------------- 1 file changed, 34 insertions(+), 94 deletions(-) diff --git a/t/db_dependent/api/v1/stockrotationstage.t b/t/db_dependent/api/v1/stockrotationstage.t index 2c184ee303..48c761a2b6 100755 --- a/t/db_dependent/api/v1/stockrotationstage.t +++ b/t/db_dependent/api/v1/stockrotationstage.t @@ -19,23 +19,18 @@ use Modern::Perl; use Test::More tests => 1; use Test::Mojo; -use Test::Warn; use t::lib::TestBuilder; use t::lib::Mocks; -use C4::Auth; use Koha::StockRotationStages; my $schema = Koha::Database->new->schema; my $builder = t::lib::TestBuilder->new; -# FIXME: sessionStorage defaults to mysql, but it seems to break transaction handling -# this affects the other REST api tests -t::lib::Mocks::mock_preference( 'SessionStorage', 'tmp' ); +t::lib::Mocks::mock_preference( 'RESTBasicAuth', 1 ); -my $remote_address = '127.0.0.1'; -my $t = Test::Mojo->new('Koha::REST::V1'); +my $t = Test::Mojo->new('Koha::REST::V1'); subtest 'move() tests' => sub { @@ -43,10 +38,20 @@ subtest 'move() tests' => sub { $schema->storage->txn_begin; - my ( $unauthorized_borrowernumber, $unauthorized_session_id ) = - create_user_and_session( { authorized => 0 } ); - my ( $authorized_borrowernumber, $authorized_session_id ) = - create_user_and_session( { authorized => 1 } ); + my $authorized_patron = $builder->build_object({ + class => 'Koha::Patrons', + value => { flags => 2 ** 24 } # stockrotation => 24 + }); + my $password = 'thePassword123'; + $authorized_patron->set_password({ password => $password, skip_validation => 1 }); + my $auth_userid = $authorized_patron->userid; + + my $unauthorized_patron = $builder->build_object({ + class => 'Koha::Patrons', + value => { flags => 0 } + }); + $unauthorized_patron->set_password({ password => $password, skip_validation => 1 }); + my $unauth_userid = $unauthorized_patron->userid; my $library1 = $builder->build({ source => 'Branch' }); my $library2 = $builder->build({ source => 'Branch' }); @@ -69,104 +74,39 @@ subtest 'move() tests' => sub { my $stage1_id = $stage1->{stage_id}; # Unauthorized attempt to update - my $tx = $t->ua->build_tx( - PUT => "/api/v1/rotas/$rota_id/stages/$stage1_id/position" => - json => 2 - ); - $tx->req->cookies( - { name => 'CGISESSID', value => $unauthorized_session_id } ); - $tx->req->env( { REMOTE_ADDR => $remote_address } ); - $t->request_ok($tx)->status_is(403); + $t->put_ok( "//$unauth_userid:$password@/api/v1/rotas/$rota_id/stages/$stage1_id/position" + => json => 2 ) + ->status_is(403); # Invalid attempt to move a stage on a non-existant rota - $tx = $t->ua->build_tx( - PUT => "/api/v1/rotas/99999999/stages/$stage1_id/position" => - json => 2 - ); - $tx->req->cookies( - { name => 'CGISESSID', value => $authorized_session_id } ); - $tx->req->env( { REMOTE_ADDR => $remote_address } ); - $t->request_ok($tx)->status_is(404) + $t->put_ok( "//$auth_userid:$password@/api/v1/rotas/99999999/stages/$stage1_id/position" + => json => 2 ) + ->status_is(404) ->json_is( '/error' => "Not found - Invalid rota or stage ID" ); # Invalid attempt to move an non-existant stage - $tx = $t->ua->build_tx( - PUT => "/api/v1/rotas/$rota_id/stages/999999999/position" => - json => 2 - ); - $tx->req->cookies( - { name => 'CGISESSID', value => $authorized_session_id } ); - $tx->req->env( { REMOTE_ADDR => $remote_address } ); - $t->request_ok($tx)->status_is(404) + $t->put_ok( "//$auth_userid:$password@/api/v1/rotas/$rota_id/stages/999999999/position" + => json => 2 ) + ->status_is(404) ->json_is( '/error' => "Not found - Invalid rota or stage ID" ); # Invalid attempt to move stage to current position my $curr_position = $stage1->{position}; - $tx = $t->ua->build_tx( - PUT => "/api/v1/rotas/$rota_id/stages/$stage1_id/position" => - json => $curr_position - ); - $tx->req->cookies( - { name => 'CGISESSID', value => $authorized_session_id } ); - $tx->req->env( { REMOTE_ADDR => $remote_address } ); - $t->request_ok($tx)->status_is(400) + $t->put_ok( "//$auth_userid:$password@/api/v1/rotas/$rota_id/stages/$stage1_id/position" + => json => $curr_position ) + ->status_is(400) ->json_is( '/error' => "Bad request - new position invalid" ); # Invalid attempt to move stage to invalid position - $tx = $t->ua->build_tx( - PUT => "/api/v1/rotas/$rota_id/stages/$stage1_id/position" => - json => 99999999 - ); - $tx->req->cookies( - { name => 'CGISESSID', value => $authorized_session_id } ); - $tx->req->env( { REMOTE_ADDR => $remote_address } ); - $t->request_ok($tx)->status_is(400) + $t->put_ok( "//$auth_userid:$password@/api/v1/rotas/$rota_id/stages/$stage1_id/position" + => json => 99999999 ) + ->status_is(400) ->json_is( '/error' => "Bad request - new position invalid" ); # Valid, authorised move - $tx = $t->ua->build_tx( - PUT => "/api/v1/rotas/$rota_id/stages/$stage1_id/position" => - json => 2 - ); - $tx->req->cookies( - { name => 'CGISESSID', value => $authorized_session_id } ); - $tx->req->env( { REMOTE_ADDR => $remote_address } ); - $t->request_ok($tx)->status_is(200); + $t->put_ok( "//$auth_userid:$password@/api/v1/rotas/$rota_id/stages/$stage1_id/position" + => json => 2 ) + ->status_is(200); $schema->storage->txn_rollback; }; - -sub create_user_and_session { - - my $args = shift; - my $flags = ( $args->{authorized} ) ? 2 ** 24 : 0; # stockrotation == 24 - my $dbh = C4::Context->dbh; - - my $user = $builder->build( - { - source => 'Borrower', - value => { - flags => $flags - } - } - ); - - # Create a session for the authorized user - my $session = C4::Auth::get_session(''); - $session->param( 'number', $user->{borrowernumber} ); - $session->param( 'id', $user->{userid} ); - $session->param( 'ip', '127.0.0.1' ); - $session->param( 'lasttime', time() ); - $session->flush; - - if ( $args->{authorized} ) { - $dbh->do( " - INSERT INTO user_permissions (borrowernumber,module_bit,code) - VALUES (?,3,'parameters_remaining_permissions')", undef, - $user->{borrowernumber} ); - } - - return ( $user->{borrowernumber}, $session->id ); -} - -1; -- 2.39.5