Tests: Add unit tests #3943

2023-12-14 14:19:43 +01:00 · 2023-12-14 14:19:43 +01:00 · 0c4c3215f4
commit 0c4c3215f4
parent a29ac670f7
3 changed files with 156 additions and 0 deletions
--- a/internal/acl/acl_test.go
+++ b/internal/acl/acl_test.go
@ -25,6 +25,12 @@ func TestACL_Allow(t *testing.T) {
 	t.Run("ResourceAlbumsRoleVisitorActionDefault", func(t *testing.T) {
 		assert.False(t, Resources.Allow(ResourceAlbums, RoleVisitor, FullAccess))
 	})
+	t.Run("WrongResourceRoleAdminActionDefault", func(t *testing.T) {
+		assert.True(t, Resources.Allow("wrong", RoleAdmin, FullAccess))
+	})
+	t.Run("WrongResourceRoleVisitorActionDefault", func(t *testing.T) {
+		assert.False(t, Resources.Allow("wrong", RoleVisitor, FullAccess))
+	})
 }

 func TestACL_AllowAny(t *testing.T) {
@ -105,3 +111,12 @@ func TestACL_Deny(t *testing.T) {
 		assert.True(t, Resources.Deny(ResourceAlbums, RoleVisitor, FullAccess))
 	})
 }
+
+func TestACL_DenyAll(t *testing.T) {
+	t.Run("ResourceFilesRoleVisitorActionDefault", func(t *testing.T) {
+		assert.True(t, Resources.DenyAll(ResourceFiles, RoleVisitor, Permissions{FullAccess, AccessShared, ActionView}))
+	})
+	t.Run("ResourceFilesRoleAdminActionDefault", func(t *testing.T) {
+		assert.False(t, Resources.DenyAll(ResourceFiles, RoleAdmin, Permissions{FullAccess, AccessShared, ActionView}))
+	})
+}
--- a/internal/api/oauth_test.go
+++ b/internal/api/oauth_test.go
@ -35,4 +35,129 @@ func TestCreateOauthToken(t *testing.T) {
 		t.Logf("BODY: %s", w.Body.String())
 		assert.Equal(t, http.StatusOK, w.Code)
 	})
+
+	t.Run("InvalidClientID", func(t *testing.T) {
+		app, router, _ := NewApiTest()
+		CreateOauthToken(router)
+
+		var method = "POST"
+		var path = "/api/v1/oauth/token"
+
+		data := url.Values{
+			"grant_type":    {"client_credentials"},
+			"client_id":     {"123"},
+			"client_secret": {"xcCbOrw6I0vcoXzhnOmXhjpVSyFq0l0e"},
+			"scope":         {"metrics"},
+		}
+
+		req, _ := http.NewRequest(method, path, strings.NewReader(data.Encode()))
+		req.Header.Add("Content-Type", "application/x-www-form-urlencoded")
+
+		w := httptest.NewRecorder()
+		app.ServeHTTP(w, req)
+
+		t.Logf("Header: %s", w.Header())
+		t.Logf("BODY: %s", w.Body.String())
+		assert.Equal(t, http.StatusUnauthorized, w.Code)
+	})
+
+	t.Run("WrongClient", func(t *testing.T) {
+		app, router, _ := NewApiTest()
+		CreateOauthToken(router)
+
+		var method = "POST"
+		var path = "/api/v1/oauth/token"
+
+		data := url.Values{
+			"grant_type":    {"client_credentials"},
+			"client_id":     {"cs5cpu17n6gj2yy6"},
+			"client_secret": {"xcCbOrw6I0vcoXzhnOmXhjpVSyFq0l0e"},
+			"scope":         {"metrics"},
+		}
+
+		req, _ := http.NewRequest(method, path, strings.NewReader(data.Encode()))
+		req.Header.Add("Content-Type", "application/x-www-form-urlencoded")
+
+		w := httptest.NewRecorder()
+		app.ServeHTTP(w, req)
+
+		t.Logf("Header: %s", w.Header())
+		t.Logf("BODY: %s", w.Body.String())
+		assert.Equal(t, http.StatusUnauthorized, w.Code)
+	})
+
+	t.Run("WrongSecret", func(t *testing.T) {
+		app, router, _ := NewApiTest()
+		CreateOauthToken(router)
+
+		var method = "POST"
+		var path = "/api/v1/oauth/token"
+
+		data := url.Values{
+			"grant_type":    {"client_credentials"},
+			"client_id":     {"cs5cpu17n6gj2qo5"},
+			"client_secret": {"xcCbOrw6I0vcoXzhnOmXhjpVSyFq0l0f"},
+			"scope":         {"metrics"},
+		}
+
+		req, _ := http.NewRequest(method, path, strings.NewReader(data.Encode()))
+		req.Header.Add("Content-Type", "application/x-www-form-urlencoded")
+
+		w := httptest.NewRecorder()
+		app.ServeHTTP(w, req)
+
+		t.Logf("Header: %s", w.Header())
+		t.Logf("BODY: %s", w.Body.String())
+		assert.Equal(t, http.StatusUnauthorized, w.Code)
+	})
+
+	t.Run("AuthNotEnabled", func(t *testing.T) {
+		app, router, _ := NewApiTest()
+		CreateOauthToken(router)
+
+		var method = "POST"
+		var path = "/api/v1/oauth/token"
+
+		data := url.Values{
+			"grant_type":    {"client_credentials"},
+			"client_id":     {"cs5gfsvbd7ejzn8m"},
+			"client_secret": {"aaCbOrw6I0vcoXzhnOmXhjpVSyFq0l0e"},
+			"scope":         {"metrics"},
+		}
+
+		req, _ := http.NewRequest(method, path, strings.NewReader(data.Encode()))
+		req.Header.Add("Content-Type", "application/x-www-form-urlencoded")
+
+		w := httptest.NewRecorder()
+		app.ServeHTTP(w, req)
+
+		t.Logf("Header: %s", w.Header())
+		t.Logf("BODY: %s", w.Body.String())
+		assert.Equal(t, http.StatusUnauthorized, w.Code)
+	})
+
+	t.Run("UnknownAuthMethod", func(t *testing.T) {
+		app, router, _ := NewApiTest()
+		CreateOauthToken(router)
+
+		var method = "POST"
+		var path = "/api/v1/oauth/token"
+
+		data := url.Values{
+			"grant_type":    {"client_credentials"},
+			"client_id":     {"cs5cpu17n6gj2jh6"},
+			"client_secret": {"aaCbOrw6I0vcoXzhnOmXhjpVSyFq0l0e"},
+			"scope":         {"*"},
+		}
+
+		req, _ := http.NewRequest(method, path, strings.NewReader(data.Encode()))
+		req.Header.Add("Content-Type", "application/x-www-form-urlencoded")
+
+		w := httptest.NewRecorder()
+		app.ServeHTTP(w, req)
+
+		t.Logf("Header: %s", w.Header())
+		t.Logf("BODY: %s", w.Body.String())
+		assert.Equal(t, http.StatusUnauthorized, w.Code)
+	})
 }
--- a/internal/entity/auth_client_fixtures.go
+++ b/internal/entity/auth_client_fixtures.go
@ -69,6 +69,22 @@ var ClientFixtures = ClientMap{
 		AuthEnabled: true,
 		LastActive:  0,
 	},
+	"Unknown": {
+		ClientUID:   "cs5cpu17n6gj2jh6",
+		UserUID:     "",
+		UserName:    "",
+		user:        nil,
+		ClientName:  "Unknown",
+		ClientType:  authn.ClientUnknown,
+		ClientURL:   "",
+		CallbackURL: "",
+		AuthMethod:  authn.MethodUnknown.String(),
+		AuthScope:   "*",
+		AuthExpires: UnixHour,
+		AuthTokens:  2,
+		AuthEnabled: true,
+		LastActive:  0,
+	},
 }

 // CreateClientFixtures inserts known entities into the database for testing.