From 419d1d4fe9e4dae2e98493b81a74b0193104acfd Mon Sep 17 00:00:00 2001 From: Tomas Cohen Arazi Date: Mon, 17 Jul 2023 15:48:09 -0300 Subject: [PATCH] Bug 32739: Unit tests Signed-off-by: Nick Clemens Signed-off-by: Martin Renvoize Signed-off-by: Tomas Cohen Arazi --- t/db_dependent/api/v1/password_validation.t | 154 ++++++++++++-------- 1 file changed, 94 insertions(+), 60 deletions(-) diff --git a/t/db_dependent/api/v1/password_validation.t b/t/db_dependent/api/v1/password_validation.t index 0464e3a5b7..51687d6648 100755 --- a/t/db_dependent/api/v1/password_validation.t +++ b/t/db_dependent/api/v1/password_validation.t @@ -18,7 +18,7 @@ use Modern::Perl; -use Test::More tests => 6; +use Test::More tests => 4; use Test::Mojo; use t::lib::TestBuilder; @@ -45,24 +45,6 @@ my $password = 'thePassword123'; $librarian->set_password( { password => $password, skip_validation => 1 } ); my $userid = $librarian->userid; -subtest 'password validation - success' => sub { - - plan tests => 3; - - $schema->storage->txn_begin; - - my $json = { - "userid" => $userid, - "password" => $password, - }; - - $t->post_ok( "//$userid:$password@/api/v1/auth/password/validation" => json => $json ) - ->status_is(204) - ->content_is(q{}); - - $schema->storage->txn_rollback; -}; - subtest 'password validation - account lock out' => sub { plan tests => 6; @@ -72,8 +54,8 @@ subtest 'password validation - account lock out' => sub { t::lib::Mocks::mock_preference( 'FailedLoginAttempts', 1 ); my $json = { - "userid" => $userid, - "password" => "bad", + identifier => $userid, + password => "bad", }; $t->post_ok( "//$userid:$password@/api/v1/auth/password/validation" => json => $json ) @@ -89,84 +71,136 @@ subtest 'password validation - account lock out' => sub { $schema->storage->txn_rollback; }; - -subtest 'password validation - bad userid' => sub { +subtest 'password validation - unauthorized user' => sub { plan tests => 3; $schema->storage->txn_begin; + my $patron = $builder->build_object( + { + class => 'Koha::Patrons', + value => { flags => 2 ** 2 } # catalogue flag = 2 + } + ); + my $password = 'thePassword123'; + $patron->set_password( { password => $password, skip_validation => 1 } ); + my $userid = $patron->userid; + my $json = { - "userid" => '1234567890abcdefghijklmnopqrstuvwxyz@koha-community.org', - "password" => $password, + identifier => $userid, + password => "test", }; $t->post_ok( "//$userid:$password@/api/v1/auth/password/validation" => json => $json ) - ->status_is(400) - ->json_is({ error => q{Validation failed} }); + ->status_is(403) + ->json_is('/error' => 'Authorization failure. Missing required permission(s).'); $schema->storage->txn_rollback; }; -subtest 'password validation - bad password' => sub { - +subtest 'password validation - unauthenticated user' => sub { plan tests => 3; $schema->storage->txn_begin; my $json = { - "userid" => $userid, - "password" => 'bad', + identifier => "banana", + password => "test", }; - $t->post_ok( "//$userid:$password@/api/v1/auth/password/validation" => json => $json ) - ->status_is(400) - ->json_is({ error => q{Validation failed} }); + $t->post_ok( "/api/v1/auth/password/validation" => json => $json ) + ->json_is( '/error' => 'Authentication failure.' ) + ->status_is(401); $schema->storage->txn_rollback; }; -subtest 'password validation - unauthorized user' => sub { +subtest 'Password validation - authorized requests tests' => sub { - plan tests => 3; + plan tests => 24; $schema->storage->txn_begin; - my $patron = $builder->build_object( - { - class => 'Koha::Patrons', - value => { flags => 2 ** 2 } # catalogue flag = 2 - } - ); - my $password = 'thePassword123'; - $patron->set_password( { password => $password, skip_validation => 1 } ); - my $userid = $patron->userid; + # generate a random unused userid + my $patron_to_delete = $builder->build_object( { class => 'Koha::Patrons' } ); + + my $deleted_userid = $patron_to_delete->userid; + my $deleted_cardnumber = $patron_to_delete->cardnumber; + + $patron_to_delete->delete; my $json = { - "userid" => $userid, - "password" => "test", + identifier => $librarian->userid, + password => $password, }; $t->post_ok( "//$userid:$password@/api/v1/auth/password/validation" => json => $json ) - ->status_is(403) - ->json_is('/error' => 'Authorization failure. Missing required permission(s).'); + ->status_is(204, 'Validating using `cardnumber` works') + ->content_is(q{}); - $schema->storage->txn_rollback; -}; + $json = { + identifier => $librarian->cardnumber, + password => $password, + }; -subtest 'password validation - unauthenticated user' => sub { - plan tests => 3; + $t->post_ok( "//$userid:$password@/api/v1/auth/password/validation" => json => $json ) + ->status_is(204, 'Validating using `cardnumber` works') + ->content_is(q{}); - $schema->storage->txn_begin; + $json = { + identifier => $deleted_cardnumber, + password => $password, + }; - my $json = { - "userid" => "banana", - "password" => "test", + $t->post_ok( "//$userid:$password@/api/v1/auth/password/validation" => json => $json ) + ->status_is(400, 'Validating using and invalid identifier fails') + ->json_is({ error => 'Validation failed' }); + + $json = { + identifier => $deleted_userid, + password => $password, }; - $t->post_ok( "/api/v1/auth/password/validation" => json => $json ) - ->json_is( '/error' => 'Authentication failure.' ) - ->status_is(401); + $t->post_ok( "//$userid:$password@/api/v1/auth/password/validation" => json => $json ) + ->status_is(400, 'Validating using and invalid identifier fails') + ->json_is({ error => 'Validation failed' }); + + $json = { + password => $password, + userid => $deleted_userid, + }; + + $t->post_ok( "//$userid:$password@/api/v1/auth/password/validation" => json => $json ) + ->status_is(400, 'Validating using and invalid userid fails') + ->json_is({ error => 'Validation failed' }); + + $json = { + password => $password, + userid => $userid, + }; + + $t->post_ok( "//$userid:$password@/api/v1/auth/password/validation" => json => $json ) + ->status_is(204, 'Validating using the `userid` attribute works') + ->content_is(q{}); + + $json = { + password => $password, + userid => $librarian->cardnumber, + }; + + $t->post_ok( "//$userid:$password@/api/v1/auth/password/validation" => json => $json ) + ->status_is( 400, 'Validating using a cardnumber as userid fails' )->json_is( { error => 'Validation failed' } ); + + $json = { + identifier => $userid, + password => $password, + userid => $userid, + }; + + $t->post_ok( "//$userid:$password@/api/v1/auth/password/validation" => json => $json ) + ->status_is(400, 'Passing both parameters forbidden') + ->json_is({ error => 'Bad request. Only one identifier attribute can be passed.' }); $schema->storage->txn_rollback; }; -- 2.39.5