mirror of
1
Fork 0
gotosocial/internal/api/client/account/accountcreate_test.go

389 lines
16 KiB
Go

// /*
// GoToSocial
// Copyright (C) 2021 GoToSocial Authors admin@gotosocial.org
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU Affero General Public License for more details.
// You should have received a copy of the GNU Affero General Public License
// along with this program. If not, see <http://www.gnu.org/licenses/>.
// */
package account_test
// import (
// "bytes"
// "encoding/json"
// "fmt"
// "io"
// "io/ioutil"
// "mime/multipart"
// "net/http"
// "net/http/httptest"
// "os"
// "testing"
// "github.com/gin-gonic/gin"
// "github.com/google/uuid"
// "github.com/stretchr/testify/assert"
// "github.com/stretchr/testify/suite"
// "github.com/superseriousbusiness/gotosocial/internal/api/client/account"
// "github.com/superseriousbusiness/gotosocial/internal/api/model"
// "github.com/superseriousbusiness/gotosocial/internal/gtsmodel"
// "github.com/superseriousbusiness/gotosocial/testrig"
// "github.com/superseriousbusiness/gotosocial/internal/oauth"
// "golang.org/x/crypto/bcrypt"
// )
// type AccountCreateTestSuite struct {
// AccountStandardTestSuite
// }
// func (suite *AccountCreateTestSuite) SetupSuite() {
// suite.testTokens = testrig.NewTestTokens()
// suite.testClients = testrig.NewTestClients()
// suite.testApplications = testrig.NewTestApplications()
// suite.testUsers = testrig.NewTestUsers()
// suite.testAccounts = testrig.NewTestAccounts()
// suite.testAttachments = testrig.NewTestAttachments()
// suite.testStatuses = testrig.NewTestStatuses()
// }
// func (suite *AccountCreateTestSuite) SetupTest() {
// suite.config = testrig.NewTestConfig()
// suite.db = testrig.NewTestDB()
// suite.storage = testrig.NewTestStorage()
// suite.log = testrig.NewTestLog()
// suite.federator = testrig.NewTestFederator(suite.db, testrig.NewTestTransportController(testrig.NewMockHTTPClient(nil)))
// suite.processor = testrig.NewTestProcessor(suite.db, suite.storage, suite.federator)
// suite.accountModule = account.New(suite.config, suite.processor, suite.log).(*account.Module)
// testrig.StandardDBSetup(suite.db)
// testrig.StandardStorageSetup(suite.storage, "../../../../testrig/media")
// }
// func (suite *AccountCreateTestSuite) TearDownTest() {
// testrig.StandardDBTeardown(suite.db)
// testrig.StandardStorageTeardown(suite.storage)
// }
// // TestAccountCreatePOSTHandlerSuccessful checks the happy path for an account creation request: all the fields provided are valid,
// // and at the end of it a new user and account should be added into the database.
// //
// // This is the handler served at /api/v1/accounts as POST
// func (suite *AccountCreateTestSuite) TestAccountCreatePOSTHandlerSuccessful() {
// t := suite.testTokens["local_account_1"]
// oauthToken := oauth.TokenToOauthToken(t)
// // setup
// recorder := httptest.NewRecorder()
// ctx, _ := gin.CreateTestContext(recorder)
// ctx.Set(oauth.SessionAuthorizedApplication, suite.testApplications["application_1"])
// ctx.Set(oauth.SessionAuthorizedToken, oauthToken)
// ctx.Request = httptest.NewRequest(http.MethodPost, fmt.Sprintf("http://localhost:8080/%s", account.BasePath), nil) // the endpoint we're hitting
// ctx.Request.Form = suite.newUserFormHappyPath
// suite.accountModule.AccountCreatePOSTHandler(ctx)
// // check response
// // 1. we should have OK from our call to the function
// suite.EqualValues(http.StatusOK, recorder.Code)
// // 2. we should have a token in the result body
// result := recorder.Result()
// defer result.Body.Close()
// b, err := ioutil.ReadAll(result.Body)
// assert.NoError(suite.T(), err)
// t := &model.Token{}
// err = json.Unmarshal(b, t)
// assert.NoError(suite.T(), err)
// assert.Equal(suite.T(), "we're authorized now!", t.AccessToken)
// // check new account
// // 1. we should be able to get the new account from the db
// acct := &gtsmodel.Account{}
// err = suite.db.GetLocalAccountByUsername("test_user", acct)
// assert.NoError(suite.T(), err)
// assert.NotNil(suite.T(), acct)
// // 2. reason should be set
// assert.Equal(suite.T(), suite.newUserFormHappyPath.Get("reason"), acct.Reason)
// // 3. display name should be equal to username by default
// assert.Equal(suite.T(), suite.newUserFormHappyPath.Get("username"), acct.DisplayName)
// // 4. domain should be nil because this is a local account
// assert.Nil(suite.T(), nil, acct.Domain)
// // 5. id should be set and parseable as a uuid
// assert.NotNil(suite.T(), acct.ID)
// _, err = uuid.Parse(acct.ID)
// assert.Nil(suite.T(), err)
// // 6. private and public key should be set
// assert.NotNil(suite.T(), acct.PrivateKey)
// assert.NotNil(suite.T(), acct.PublicKey)
// // check new user
// // 1. we should be able to get the new user from the db
// usr := &gtsmodel.User{}
// err = suite.db.GetWhere("unconfirmed_email", suite.newUserFormHappyPath.Get("email"), usr)
// assert.Nil(suite.T(), err)
// assert.NotNil(suite.T(), usr)
// // 2. user should have account id set to account we got above
// assert.Equal(suite.T(), acct.ID, usr.AccountID)
// // 3. id should be set and parseable as a uuid
// assert.NotNil(suite.T(), usr.ID)
// _, err = uuid.Parse(usr.ID)
// assert.Nil(suite.T(), err)
// // 4. locale should be equal to what we requested
// assert.Equal(suite.T(), suite.newUserFormHappyPath.Get("locale"), usr.Locale)
// // 5. created by application id should be equal to the app id
// assert.Equal(suite.T(), suite.testApplication.ID, usr.CreatedByApplicationID)
// // 6. password should be matcheable to what we set above
// err = bcrypt.CompareHashAndPassword([]byte(usr.EncryptedPassword), []byte(suite.newUserFormHappyPath.Get("password")))
// assert.Nil(suite.T(), err)
// }
// // TestAccountCreatePOSTHandlerNoAuth makes sure that the handler fails when no authorization is provided:
// // only registered applications can create accounts, and we don't provide one here.
// func (suite *AccountCreateTestSuite) TestAccountCreatePOSTHandlerNoAuth() {
// // setup
// recorder := httptest.NewRecorder()
// ctx, _ := gin.CreateTestContext(recorder)
// ctx.Request = httptest.NewRequest(http.MethodPost, fmt.Sprintf("http://localhost:8080/%s", account.BasePath), nil) // the endpoint we're hitting
// ctx.Request.Form = suite.newUserFormHappyPath
// suite.accountModule.AccountCreatePOSTHandler(ctx)
// // check response
// // 1. we should have forbidden from our call to the function because we didn't auth
// suite.EqualValues(http.StatusForbidden, recorder.Code)
// // 2. we should have an error message in the result body
// result := recorder.Result()
// defer result.Body.Close()
// b, err := ioutil.ReadAll(result.Body)
// assert.NoError(suite.T(), err)
// assert.Equal(suite.T(), `{"error":"not authorized"}`, string(b))
// }
// // TestAccountCreatePOSTHandlerNoAuth makes sure that the handler fails when no form is provided at all.
// func (suite *AccountCreateTestSuite) TestAccountCreatePOSTHandlerNoForm() {
// // setup
// recorder := httptest.NewRecorder()
// ctx, _ := gin.CreateTestContext(recorder)
// ctx.Set(oauth.SessionAuthorizedApplication, suite.testApplication)
// ctx.Set(oauth.SessionAuthorizedToken, suite.testToken)
// ctx.Request = httptest.NewRequest(http.MethodPost, fmt.Sprintf("http://localhost:8080/%s", account.BasePath), nil) // the endpoint we're hitting
// suite.accountModule.AccountCreatePOSTHandler(ctx)
// // check response
// suite.EqualValues(http.StatusBadRequest, recorder.Code)
// // 2. we should have an error message in the result body
// result := recorder.Result()
// defer result.Body.Close()
// b, err := ioutil.ReadAll(result.Body)
// assert.NoError(suite.T(), err)
// assert.Equal(suite.T(), `{"error":"missing one or more required form values"}`, string(b))
// }
// // TestAccountCreatePOSTHandlerWeakPassword makes sure that the handler fails when a weak password is provided
// func (suite *AccountCreateTestSuite) TestAccountCreatePOSTHandlerWeakPassword() {
// // setup
// recorder := httptest.NewRecorder()
// ctx, _ := gin.CreateTestContext(recorder)
// ctx.Set(oauth.SessionAuthorizedApplication, suite.testApplication)
// ctx.Set(oauth.SessionAuthorizedToken, suite.testToken)
// ctx.Request = httptest.NewRequest(http.MethodPost, fmt.Sprintf("http://localhost:8080/%s", account.BasePath), nil) // the endpoint we're hitting
// ctx.Request.Form = suite.newUserFormHappyPath
// // set a weak password
// ctx.Request.Form.Set("password", "weak")
// suite.accountModule.AccountCreatePOSTHandler(ctx)
// // check response
// suite.EqualValues(http.StatusBadRequest, recorder.Code)
// // 2. we should have an error message in the result body
// result := recorder.Result()
// defer result.Body.Close()
// b, err := ioutil.ReadAll(result.Body)
// assert.NoError(suite.T(), err)
// assert.Equal(suite.T(), `{"error":"insecure password, try including more special characters, using uppercase letters, using numbers or using a longer password"}`, string(b))
// }
// // TestAccountCreatePOSTHandlerWeirdLocale makes sure that the handler fails when a weird locale is provided
// func (suite *AccountCreateTestSuite) TestAccountCreatePOSTHandlerWeirdLocale() {
// // setup
// recorder := httptest.NewRecorder()
// ctx, _ := gin.CreateTestContext(recorder)
// ctx.Set(oauth.SessionAuthorizedApplication, suite.testApplication)
// ctx.Set(oauth.SessionAuthorizedToken, suite.testToken)
// ctx.Request = httptest.NewRequest(http.MethodPost, fmt.Sprintf("http://localhost:8080/%s", account.BasePath), nil) // the endpoint we're hitting
// ctx.Request.Form = suite.newUserFormHappyPath
// // set an invalid locale
// ctx.Request.Form.Set("locale", "neverneverland")
// suite.accountModule.AccountCreatePOSTHandler(ctx)
// // check response
// suite.EqualValues(http.StatusBadRequest, recorder.Code)
// // 2. we should have an error message in the result body
// result := recorder.Result()
// defer result.Body.Close()
// b, err := ioutil.ReadAll(result.Body)
// assert.NoError(suite.T(), err)
// assert.Equal(suite.T(), `{"error":"language: tag is not well-formed"}`, string(b))
// }
// // TestAccountCreatePOSTHandlerRegistrationsClosed makes sure that the handler fails when registrations are closed
// func (suite *AccountCreateTestSuite) TestAccountCreatePOSTHandlerRegistrationsClosed() {
// // setup
// recorder := httptest.NewRecorder()
// ctx, _ := gin.CreateTestContext(recorder)
// ctx.Set(oauth.SessionAuthorizedApplication, suite.testApplication)
// ctx.Set(oauth.SessionAuthorizedToken, suite.testToken)
// ctx.Request = httptest.NewRequest(http.MethodPost, fmt.Sprintf("http://localhost:8080/%s", account.BasePath), nil) // the endpoint we're hitting
// ctx.Request.Form = suite.newUserFormHappyPath
// // close registrations
// suite.config.AccountsConfig.OpenRegistration = false
// suite.accountModule.AccountCreatePOSTHandler(ctx)
// // check response
// suite.EqualValues(http.StatusBadRequest, recorder.Code)
// // 2. we should have an error message in the result body
// result := recorder.Result()
// defer result.Body.Close()
// b, err := ioutil.ReadAll(result.Body)
// assert.NoError(suite.T(), err)
// assert.Equal(suite.T(), `{"error":"registration is not open for this server"}`, string(b))
// }
// // TestAccountCreatePOSTHandlerReasonNotProvided makes sure that the handler fails when no reason is provided but one is required
// func (suite *AccountCreateTestSuite) TestAccountCreatePOSTHandlerReasonNotProvided() {
// // setup
// recorder := httptest.NewRecorder()
// ctx, _ := gin.CreateTestContext(recorder)
// ctx.Set(oauth.SessionAuthorizedApplication, suite.testApplication)
// ctx.Set(oauth.SessionAuthorizedToken, suite.testToken)
// ctx.Request = httptest.NewRequest(http.MethodPost, fmt.Sprintf("http://localhost:8080/%s", account.BasePath), nil) // the endpoint we're hitting
// ctx.Request.Form = suite.newUserFormHappyPath
// // remove reason
// ctx.Request.Form.Set("reason", "")
// suite.accountModule.AccountCreatePOSTHandler(ctx)
// // check response
// suite.EqualValues(http.StatusBadRequest, recorder.Code)
// // 2. we should have an error message in the result body
// result := recorder.Result()
// defer result.Body.Close()
// b, err := ioutil.ReadAll(result.Body)
// assert.NoError(suite.T(), err)
// assert.Equal(suite.T(), `{"error":"no reason provided"}`, string(b))
// }
// // TestAccountCreatePOSTHandlerReasonNotProvided makes sure that the handler fails when a crappy reason is presented but a good one is required
// func (suite *AccountCreateTestSuite) TestAccountCreatePOSTHandlerInsufficientReason() {
// // setup
// recorder := httptest.NewRecorder()
// ctx, _ := gin.CreateTestContext(recorder)
// ctx.Set(oauth.SessionAuthorizedApplication, suite.testApplication)
// ctx.Set(oauth.SessionAuthorizedToken, suite.testToken)
// ctx.Request = httptest.NewRequest(http.MethodPost, fmt.Sprintf("http://localhost:8080/%s", account.BasePath), nil) // the endpoint we're hitting
// ctx.Request.Form = suite.newUserFormHappyPath
// // remove reason
// ctx.Request.Form.Set("reason", "just cuz")
// suite.accountModule.AccountCreatePOSTHandler(ctx)
// // check response
// suite.EqualValues(http.StatusBadRequest, recorder.Code)
// // 2. we should have an error message in the result body
// result := recorder.Result()
// defer result.Body.Close()
// b, err := ioutil.ReadAll(result.Body)
// assert.NoError(suite.T(), err)
// assert.Equal(suite.T(), `{"error":"reason should be at least 40 chars but 'just cuz' was 8"}`, string(b))
// }
// /*
// TESTING: AccountUpdateCredentialsPATCHHandler
// */
// func (suite *AccountCreateTestSuite) TestAccountUpdateCredentialsPATCHHandler() {
// // put test local account in db
// err := suite.db.Put(suite.testAccountLocal)
// assert.NoError(suite.T(), err)
// // attach avatar to request
// aviFile, err := os.Open("../../media/test/test-jpeg.jpg")
// assert.NoError(suite.T(), err)
// body := &bytes.Buffer{}
// writer := multipart.NewWriter(body)
// part, err := writer.CreateFormFile("avatar", "test-jpeg.jpg")
// assert.NoError(suite.T(), err)
// _, err = io.Copy(part, aviFile)
// assert.NoError(suite.T(), err)
// err = aviFile.Close()
// assert.NoError(suite.T(), err)
// err = writer.Close()
// assert.NoError(suite.T(), err)
// // setup
// recorder := httptest.NewRecorder()
// ctx, _ := gin.CreateTestContext(recorder)
// ctx.Set(oauth.SessionAuthorizedAccount, suite.testAccountLocal)
// ctx.Set(oauth.SessionAuthorizedToken, suite.testToken)
// ctx.Request = httptest.NewRequest(http.MethodPatch, fmt.Sprintf("http://localhost:8080/%s", account.UpdateCredentialsPath), body) // the endpoint we're hitting
// ctx.Request.Header.Set("Content-Type", writer.FormDataContentType())
// suite.accountModule.AccountUpdateCredentialsPATCHHandler(ctx)
// // check response
// // 1. we should have OK because our request was valid
// suite.EqualValues(http.StatusOK, recorder.Code)
// // 2. we should have an error message in the result body
// result := recorder.Result()
// defer result.Body.Close()
// // TODO: implement proper checks here
// //
// // b, err := ioutil.ReadAll(result.Body)
// // assert.NoError(suite.T(), err)
// // assert.Equal(suite.T(), `{"error":"not authorized"}`, string(b))
// }
// func TestAccountCreateTestSuite(t *testing.T) {
// suite.Run(t, new(AccountCreateTestSuite))
// }