Merge pull request #1871 from umputun/paskal/improve_tests

Improve tests
umputun · Dec 9, 2024 · 6402ef9 · 6402ef9
2 parents 9628312 + 4ed48dd
commit 6402ef9
Show file tree

Hide file tree

Showing 4 changed files with 53 additions and 15 deletions.
diff --git a/backend/app/cmd/server_test.go b/backend/app/cmd/server_test.go
@@ -637,10 +637,10 @@ func TestServerAuthHooks(t *testing.T) {
 	require.NoError(t, resp.Body.Close())
 	assert.Equal(t, http.StatusCreated, resp.StatusCode, "non-blocked user able to post")
 
-	// add comment with no-aud claim
-	claimsNoAud := claims
-	claimsNoAud.Audience = ""
-	tkNoAud, err := tkService.Token(claimsNoAud)
+	// try to add comment with no-aud claim
+	badClaimsNoAud := claims
+	badClaimsNoAud.Audience = ""
+	tkNoAud, err := tkService.Token(badClaimsNoAud)
 	require.NoError(t, err)
 	t.Logf("no-aud claims: %s", tkNoAud)
 	req, err = http.NewRequest("POST", fmt.Sprintf("http://localhost:%d/api/v1/comment", port),
@@ -655,6 +655,25 @@ func TestServerAuthHooks(t *testing.T) {
 	require.NoError(t, resp.Body.Close())
 	assert.Equal(t, http.StatusUnauthorized, resp.StatusCode, "user without aud claim rejected, \n"+tkNoAud+"\n"+string(body))
 
+	// try to add comment without user set
+	badClaimsNoUser := claims
+	badClaimsNoUser.Audience = "remark"
+	badClaimsNoUser.User = nil
+	tkNoUser, err := tkService.Token(badClaimsNoUser)
+	require.NoError(t, err)
+	t.Logf("no user claims: %s", tkNoUser)
+	req, err = http.NewRequest("POST", fmt.Sprintf("http://localhost:%d/api/v1/comment", port),
+		strings.NewReader(`{"text": "test 123", "locator":{"url": "https://radio-t.com/p/2018/12/29/podcast-631/",
+	"site": "remark"}}`))
+	require.NoError(t, err)
+	req.Header.Set("X-JWT", tkNoUser)
+	resp, err = client.Do(req)
+	require.NoError(t, err)
+	body, err = io.ReadAll(resp.Body)
+	require.NoError(t, err)
+	require.NoError(t, resp.Body.Close())
+	assert.Equal(t, http.StatusUnauthorized, resp.StatusCode, "user without user information rejected, \n"+tkNoUser+"\n"+string(body))
+
 	// block user github_dev as admin
 	req, err = http.NewRequest(http.MethodPut,
 		fmt.Sprintf("http://localhost:%d/api/v1/admin/user/github_dev?site=remark&block=1&ttl=10d", port), http.NoBody)

diff --git a/backend/app/main_test.go b/backend/app/main_test.go
@@ -121,9 +121,9 @@ func TestMain_WithWebhook(t *testing.T) {
 
 func TestGetDump(t *testing.T) {
 	dump := getDump()
-	assert.True(t, strings.Contains(dump, "goroutine"))
-	assert.True(t, strings.Contains(dump, "[running]"))
-	assert.True(t, strings.Contains(dump, "backend/app/main.go"))
+	assert.Contains(t, dump, "goroutine")
+	assert.Contains(t, dump, "[running]")
+	assert.Contains(t, dump, "backend/app/main.go")
 	t.Logf("\n dump: %s", dump)
 }
 

diff --git a/backend/app/rest/api/admin_test.go b/backend/app/rest/api/admin_test.go
@@ -803,9 +803,9 @@ func TestAdmin_DeleteMeRequestFailed(t *testing.T) {
 	assert.Equal(t, http.StatusForbidden, resp.StatusCode)
 
 	// try bad user
-	badClaims := claims
-	badClaims.User.ID = "no-such-id"
-	tkn, err = srv.Authenticator.TokenService().Token(badClaims)
+	badClaimsUser := claims
+	badClaimsUser.User.ID = "no-such-id"
+	tkn, err = srv.Authenticator.TokenService().Token(badClaimsUser)
 	assert.NoError(t, err)
 	req, err = http.NewRequest(http.MethodGet, fmt.Sprintf("%s/api/v1/admin/deleteme?token=%s", ts.URL, tkn), http.NoBody)
 	assert.NoError(t, err)
@@ -814,11 +814,12 @@ func TestAdmin_DeleteMeRequestFailed(t *testing.T) {
 	assert.NoError(t, err)
 	assert.NoError(t, resp.Body.Close())
 	assert.Equal(t, http.StatusBadRequest, resp.StatusCode, resp.Status)
+	badClaimsUser.User.ID = "provider1_user1"
 
 	// try without deleteme flag
-	badClaims2 := claims
-	badClaims2.User.SetBoolAttr("delete_me", false)
-	tkn, err = srv.Authenticator.TokenService().Token(badClaims2)
+	badClaimsWithoutDeleteMe := claims
+	badClaimsWithoutDeleteMe.User.SetBoolAttr("delete_me", false)
+	tkn, err = srv.Authenticator.TokenService().Token(badClaimsWithoutDeleteMe)
 	assert.NoError(t, err)
 	req, err = http.NewRequest(http.MethodGet, fmt.Sprintf("%s/api/v1/admin/deleteme?token=%s", ts.URL, tkn), http.NoBody)
 	assert.NoError(t, err)
@@ -829,7 +830,25 @@ func TestAdmin_DeleteMeRequestFailed(t *testing.T) {
 	b, err := io.ReadAll(resp.Body)
 	assert.NoError(t, err)
 	assert.NoError(t, resp.Body.Close())
-	assert.True(t, strings.Contains(string(b), "can't use provided token"))
+	assert.Contains(t, string(b), "can't use provided token")
+	badClaimsWithoutDeleteMe.User.SetBoolAttr("delete_me", true)
+
+	// try with wrong audience
+	badClaimsMultipleAudience := claims
+	badClaimsMultipleAudience.StandardClaims.Audience = "something else"
+	tkn, err = srv.Authenticator.TokenService().Token(badClaimsMultipleAudience)
+	assert.NoError(t, err)
+	req, err = http.NewRequest(http.MethodGet, fmt.Sprintf("%s/api/v1/admin/deleteme?token=%s", ts.URL, tkn), http.NoBody)
+	assert.NoError(t, err)
+	req.SetBasicAuth("admin", "password")
+	resp, err = client.Do(req)
+	assert.NoError(t, err)
+	assert.Equal(t, http.StatusBadRequest, resp.StatusCode)
+	b, err = io.ReadAll(resp.Body)
+	assert.NoError(t, err)
+	assert.NoError(t, resp.Body.Close())
+	assert.Contains(t, string(b), `site \"something else\" not found`)
+	badClaimsMultipleAudience.StandardClaims.Audience = "remark42"
 }
 
 func TestAdmin_GetUserInfo(t *testing.T) {

diff --git a/backend/app/rest/proxy/image_test.go b/backend/app/rest/proxy/image_test.go
@@ -262,7 +262,7 @@ func TestImage_RoutesTimedOut(t *testing.T) {
 	assert.NoError(t, resp.Body.Close())
 	require.NoError(t, err)
 	t.Log(string(b))
-	assert.True(t, strings.Contains(string(b), "deadline exceeded"))
+	assert.Contains(t, string(b), "deadline exceeded")
 	assert.Equal(t, 1, len(imageStore.LoadCalls()))
 }