package integrationtests import ( "bytes" "crypto/rand" "testing" "github.com/mattermost/focalboard/server/model" "github.com/mattermost/focalboard/server/utils" "github.com/stretchr/testify/require" ) const ( fakeUsername = "fakeUsername" fakeEmail = "mock@test.com" ) func TestUserRegister(t *testing.T) { th := SetupTestHelper(t).Start() defer th.TearDown() // register registerRequest := &model.RegisterRequest{ Username: fakeUsername, Email: fakeEmail, Password: utils.NewID(utils.IDTypeNone), } success, resp := th.Client.Register(registerRequest) require.NoError(t, resp.Error) require.True(t, success) // register again will fail success, resp = th.Client.Register(registerRequest) require.Error(t, resp.Error) require.False(t, success) } func TestUserLogin(t *testing.T) { th := SetupTestHelper(t).Start() defer th.TearDown() t.Run("with nonexist user", func(t *testing.T) { loginRequest := &model.LoginRequest{ Type: "normal", Username: "nonexistuser", Email: "", Password: utils.NewID(utils.IDTypeNone), } data, resp := th.Client.Login(loginRequest) require.Error(t, resp.Error) require.Nil(t, data) }) t.Run("with registered user", func(t *testing.T) { password := utils.NewID(utils.IDTypeNone) // register registerRequest := &model.RegisterRequest{ Username: fakeUsername, Email: fakeEmail, Password: password, } success, resp := th.Client.Register(registerRequest) require.NoError(t, resp.Error) require.True(t, success) // login loginRequest := &model.LoginRequest{ Type: "normal", Username: fakeUsername, Email: fakeEmail, Password: password, } data, resp := th.Client.Login(loginRequest) require.NoError(t, resp.Error) require.NotNil(t, data) require.NotNil(t, data.Token) }) } func TestGetMe(t *testing.T) { th := SetupTestHelper(t).Start() defer th.TearDown() t.Run("not login yet", func(t *testing.T) { me, resp := th.Client.GetMe() require.Error(t, resp.Error) require.Nil(t, me) }) t.Run("logged in", func(t *testing.T) { // register password := utils.NewID(utils.IDTypeNone) registerRequest := &model.RegisterRequest{ Username: fakeUsername, Email: fakeEmail, Password: password, } success, resp := th.Client.Register(registerRequest) require.NoError(t, resp.Error) require.True(t, success) // login loginRequest := &model.LoginRequest{ Type: "normal", Username: fakeUsername, Email: fakeEmail, Password: password, } data, resp := th.Client.Login(loginRequest) require.NoError(t, resp.Error) require.NotNil(t, data) require.NotNil(t, data.Token) // get user me me, resp := th.Client.GetMe() require.NoError(t, resp.Error) require.NotNil(t, me) require.Equal(t, "", me.Email) require.Equal(t, registerRequest.Username, me.Username) }) } func TestGetUser(t *testing.T) { th := SetupTestHelper(t).Start() defer th.TearDown() // register password := utils.NewID(utils.IDTypeNone) registerRequest := &model.RegisterRequest{ Username: fakeUsername, Email: fakeEmail, Password: password, } success, resp := th.Client.Register(registerRequest) require.NoError(t, resp.Error) require.True(t, success) // login loginRequest := &model.LoginRequest{ Type: "normal", Username: fakeUsername, Email: fakeEmail, Password: password, } data, resp := th.Client.Login(loginRequest) require.NoError(t, resp.Error) require.NotNil(t, data) require.NotNil(t, data.Token) me, resp := th.Client.GetMe() require.NoError(t, resp.Error) require.NotNil(t, me) t.Run("me's id", func(t *testing.T) { user, resp := th.Client.GetUser(me.ID) require.NoError(t, resp.Error) require.NotNil(t, user) require.Equal(t, me.ID, user.ID) require.Equal(t, me.Username, user.Username) }) t.Run("nonexist user", func(t *testing.T) { user, resp := th.Client.GetUser("nonexistid") require.Error(t, resp.Error) require.Nil(t, user) }) } func TestUserChangePassword(t *testing.T) { th := SetupTestHelper(t).Start() defer th.TearDown() // register password := utils.NewID(utils.IDTypeNone) registerRequest := &model.RegisterRequest{ Username: fakeUsername, Email: fakeEmail, Password: password, } success, resp := th.Client.Register(registerRequest) require.NoError(t, resp.Error) require.True(t, success) // login loginRequest := &model.LoginRequest{ Type: "normal", Username: fakeUsername, Email: fakeEmail, Password: password, } data, resp := th.Client.Login(loginRequest) require.NoError(t, resp.Error) require.NotNil(t, data) require.NotNil(t, data.Token) originalMe, resp := th.Client.GetMe() require.NoError(t, resp.Error) require.NotNil(t, originalMe) // change password success, resp = th.Client.UserChangePassword(originalMe.ID, &model.ChangePasswordRequest{ OldPassword: password, NewPassword: utils.NewID(utils.IDTypeNone), }) require.NoError(t, resp.Error) require.True(t, success) } func randomBytes(t *testing.T, n int) []byte { bb := make([]byte, n) _, err := rand.Read(bb) require.NoError(t, err) return bb } func TestTeamUploadFile(t *testing.T) { t.Run("no permission", func(t *testing.T) { // native auth, but not login th := SetupTestHelper(t).InitBasic() defer th.TearDown() teamID := "0" boardID := utils.NewID(utils.IDTypeBoard) data := randomBytes(t, 1024) result, resp := th.Client.TeamUploadFile(teamID, boardID, bytes.NewReader(data)) require.Error(t, resp.Error) require.Nil(t, result) }) t.Run("a board admin should be able to update a file", func(t *testing.T) { // single token auth th := SetupTestHelper(t).InitBasic() defer th.TearDown() teamID := "0" newBoard := &model.Board{ Type: model.BoardTypeOpen, TeamID: teamID, } board, resp := th.Client.CreateBoard(newBoard) th.CheckOK(resp) require.NotNil(t, board) data := randomBytes(t, 1024) result, resp := th.Client.TeamUploadFile(teamID, board.ID, bytes.NewReader(data)) th.CheckOK(resp) require.NotNil(t, result) require.NotEmpty(t, result.FileID) // TODO get the uploaded file }) t.Run("user that doesn't belong to the board should not be able to upload a file", func(t *testing.T) { th := SetupTestHelper(t).InitBasic() defer th.TearDown() teamID := "0" newBoard := &model.Board{ Type: model.BoardTypeOpen, TeamID: teamID, } board, resp := th.Client.CreateBoard(newBoard) th.CheckOK(resp) require.NotNil(t, board) data := randomBytes(t, 1024) // a user that doesn't belong to the board tries to upload the file result, resp := th.Client2.TeamUploadFile(teamID, board.ID, bytes.NewReader(data)) th.CheckForbidden(resp) require.Nil(t, result) }) }