2020-05-06 12:56:13 +02:00
|
|
|
package api
|
|
|
|
|
|
|
|
import (
|
2020-11-21 18:08:41 +01:00
|
|
|
"net/http"
|
|
|
|
"testing"
|
|
|
|
|
2020-05-06 12:56:13 +02:00
|
|
|
"github.com/stretchr/testify/assert"
|
|
|
|
"github.com/tidwall/gjson"
|
2022-09-02 21:30:50 +02:00
|
|
|
|
|
|
|
"github.com/photoprism/photoprism/internal/i18n"
|
2020-05-06 12:56:13 +02:00
|
|
|
)
|
|
|
|
|
|
|
|
func TestCreateSession(t *testing.T) {
|
|
|
|
t.Run("successful request", func(t *testing.T) {
|
2020-06-25 14:54:04 +02:00
|
|
|
app, router, _ := NewApiTest()
|
|
|
|
CreateSession(router)
|
2021-08-10 17:22:15 +02:00
|
|
|
r := PerformRequestWithBody(app, http.MethodPost, "/api/v1/session", `{"username": "admin", "password": "photoprism"}`)
|
2022-09-02 21:30:50 +02:00
|
|
|
log.Debugf("BODY: %s", r.Body.String())
|
|
|
|
val2 := gjson.Get(r.Body.String(), "data.user.Username")
|
2021-08-10 17:22:15 +02:00
|
|
|
assert.Equal(t, "admin", val2.String())
|
2020-05-06 12:56:13 +02:00
|
|
|
assert.Equal(t, http.StatusOK, r.Code)
|
|
|
|
})
|
|
|
|
t.Run("bad request", func(t *testing.T) {
|
2020-06-25 14:54:04 +02:00
|
|
|
app, router, _ := NewApiTest()
|
|
|
|
CreateSession(router)
|
2021-08-10 17:22:15 +02:00
|
|
|
r := PerformRequestWithBody(app, http.MethodPost, "/api/v1/session", `{"username": 123, "password": "xxx"}`)
|
2020-05-06 12:56:13 +02:00
|
|
|
assert.Equal(t, http.StatusBadRequest, r.Code)
|
|
|
|
})
|
2020-07-14 15:01:11 +02:00
|
|
|
t.Run("invalid token", func(t *testing.T) {
|
|
|
|
app, router, _ := NewApiTest()
|
|
|
|
CreateSession(router)
|
2021-08-10 17:22:15 +02:00
|
|
|
r := PerformRequestWithBody(app, http.MethodPost, "/api/v1/session", `{"username": "admin", "password": "photoprism", "token": "xxx"}`)
|
2020-07-14 15:01:11 +02:00
|
|
|
assert.Equal(t, http.StatusBadRequest, r.Code)
|
|
|
|
})
|
|
|
|
t.Run("valid token", func(t *testing.T) {
|
|
|
|
app, router, _ := NewApiTest()
|
|
|
|
CreateSession(router)
|
2021-08-10 17:22:15 +02:00
|
|
|
r := PerformRequestWithBody(app, http.MethodPost, "/api/v1/session", `{"username": "admin", "password": "photoprism", "token": "1jxf3jfn2k"}`)
|
2020-07-14 15:01:11 +02:00
|
|
|
assert.Equal(t, http.StatusOK, r.Code)
|
|
|
|
})
|
2020-05-06 12:56:13 +02:00
|
|
|
t.Run("invalid password", func(t *testing.T) {
|
2020-06-25 14:54:04 +02:00
|
|
|
app, router, _ := NewApiTest()
|
|
|
|
CreateSession(router)
|
2021-08-10 17:22:15 +02:00
|
|
|
r := PerformRequestWithBody(app, http.MethodPost, "/api/v1/session", `{"username": "admin", "password": "xxx"}`)
|
|
|
|
val := gjson.Get(r.Body.String(), "error")
|
|
|
|
assert.Equal(t, i18n.Msg(i18n.ErrInvalidCredentials), val.String())
|
|
|
|
assert.Equal(t, http.StatusBadRequest, r.Code)
|
|
|
|
})
|
|
|
|
t.Run("alice - successful request", func(t *testing.T) {
|
|
|
|
app, router, _ := NewApiTest()
|
|
|
|
CreateSession(router)
|
|
|
|
r := PerformRequestWithBody(app, http.MethodPost, "/api/v1/session", `{"username": "alice", "password": "Alice123!"}`)
|
2022-09-02 21:30:50 +02:00
|
|
|
resEmail := gjson.Get(r.Body.String(), "data.user.Email")
|
|
|
|
resUsername := gjson.Get(r.Body.String(), "data.user.Username")
|
2021-08-10 17:22:15 +02:00
|
|
|
assert.Equal(t, "alice@example.com", resEmail.String())
|
|
|
|
assert.Equal(t, "alice", resUsername.String())
|
|
|
|
assert.Equal(t, http.StatusOK, r.Code)
|
|
|
|
})
|
|
|
|
t.Run("bob - successful request", func(t *testing.T) {
|
|
|
|
app, router, _ := NewApiTest()
|
|
|
|
CreateSession(router)
|
|
|
|
r := PerformRequestWithBody(app, http.MethodPost, "/api/v1/session", `{"username": "bob", "password": "Bobbob123!"}`)
|
2022-09-02 21:30:50 +02:00
|
|
|
resEmail := gjson.Get(r.Body.String(), "data.user.Email")
|
|
|
|
resUsername := gjson.Get(r.Body.String(), "data.user.Username")
|
2021-08-10 17:22:15 +02:00
|
|
|
assert.Equal(t, "bob@example.com", resEmail.String())
|
|
|
|
assert.Equal(t, "bob", resUsername.String())
|
|
|
|
assert.Equal(t, http.StatusOK, r.Code)
|
|
|
|
})
|
|
|
|
t.Run("bob - invalid password", func(t *testing.T) {
|
|
|
|
app, router, _ := NewApiTest()
|
|
|
|
CreateSession(router)
|
|
|
|
r := PerformRequestWithBody(app, http.MethodPost, "/api/v1/session", `{"username": "bob", "password": "helloworld"}`)
|
2020-05-06 12:56:13 +02:00
|
|
|
val := gjson.Get(r.Body.String(), "error")
|
2020-09-21 09:40:35 +02:00
|
|
|
assert.Equal(t, i18n.Msg(i18n.ErrInvalidCredentials), val.String())
|
2020-05-06 12:56:13 +02:00
|
|
|
assert.Equal(t, http.StatusBadRequest, r.Code)
|
|
|
|
})
|
|
|
|
}
|
|
|
|
|
|
|
|
func TestDeleteSession(t *testing.T) {
|
2021-08-10 17:22:15 +02:00
|
|
|
t.Run("delete admin session", func(t *testing.T) {
|
2021-08-11 10:47:52 +02:00
|
|
|
app, router, _ := NewApiTest()
|
2021-08-10 17:22:15 +02:00
|
|
|
DeleteSession(router)
|
2021-08-11 12:47:13 +02:00
|
|
|
|
|
|
|
sessId := AuthenticateAdmin(app, router)
|
2021-08-11 10:47:52 +02:00
|
|
|
|
2021-08-10 17:22:15 +02:00
|
|
|
r := PerformRequest(app, http.MethodDelete, "/api/v1/session/"+sessId)
|
|
|
|
assert.Equal(t, http.StatusOK, r.Code)
|
|
|
|
})
|
|
|
|
t.Run("delete user session", func(t *testing.T) {
|
2021-08-11 10:47:52 +02:00
|
|
|
app, router, _ := NewApiTest()
|
2021-08-10 17:22:15 +02:00
|
|
|
DeleteSession(router)
|
2021-08-11 12:47:13 +02:00
|
|
|
|
|
|
|
sessId := AuthenticateUser(app, router, "alice", "Alice123!")
|
2021-08-11 10:47:52 +02:00
|
|
|
|
2021-08-10 17:22:15 +02:00
|
|
|
r := PerformRequest(app, http.MethodDelete, "/api/v1/session/"+sessId)
|
|
|
|
assert.Equal(t, http.StatusOK, r.Code)
|
|
|
|
})
|
|
|
|
t.Run("delete invalid session", func(t *testing.T) {
|
|
|
|
sessId := "638bffc9b86a8fda0d908ebee84a43930cb8d1e3507f4aa0"
|
2020-06-25 14:54:04 +02:00
|
|
|
app, router, _ := NewApiTest()
|
|
|
|
DeleteSession(router)
|
2021-08-10 17:22:15 +02:00
|
|
|
r := PerformRequest(app, http.MethodDelete, "/api/v1/session/"+sessId)
|
2020-05-06 12:56:13 +02:00
|
|
|
assert.Equal(t, http.StatusOK, r.Code)
|
|
|
|
})
|
|
|
|
}
|