From 4ed48dd85cc97f74e121a65c7de71f8906009523 Mon Sep 17 00:00:00 2001 From: Dmitry Verkhoturov Date: Mon, 9 Dec 2024 01:45:57 +0000 Subject: [PATCH] Improve tests --- backend/app/cmd/server_test.go | 27 +++++++++++++++++++---- backend/app/main_test.go | 6 ++--- backend/app/rest/api/admin_test.go | 33 ++++++++++++++++++++++------ backend/app/rest/proxy/image_test.go | 2 +- 4 files changed, 53 insertions(+), 15 deletions(-) diff --git a/backend/app/cmd/server_test.go b/backend/app/cmd/server_test.go index f3a4a5cbaa..66ecc06872 100644 --- a/backend/app/cmd/server_test.go +++ b/backend/app/cmd/server_test.go @@ -637,10 +637,10 @@ func TestServerAuthHooks(t *testing.T) { require.NoError(t, resp.Body.Close()) assert.Equal(t, http.StatusCreated, resp.StatusCode, "non-blocked user able to post") - // add comment with no-aud claim - claimsNoAud := claims - claimsNoAud.Audience = "" - tkNoAud, err := tkService.Token(claimsNoAud) + // try to add comment with no-aud claim + badClaimsNoAud := claims + badClaimsNoAud.Audience = "" + tkNoAud, err := tkService.Token(badClaimsNoAud) require.NoError(t, err) t.Logf("no-aud claims: %s", tkNoAud) req, err = http.NewRequest("POST", fmt.Sprintf("http://localhost:%d/api/v1/comment", port), @@ -655,6 +655,25 @@ func TestServerAuthHooks(t *testing.T) { require.NoError(t, resp.Body.Close()) assert.Equal(t, http.StatusUnauthorized, resp.StatusCode, "user without aud claim rejected, \n"+tkNoAud+"\n"+string(body)) + // try to add comment without user set + badClaimsNoUser := claims + badClaimsNoUser.Audience = "remark" + badClaimsNoUser.User = nil + tkNoUser, err := tkService.Token(badClaimsNoUser) + require.NoError(t, err) + t.Logf("no user claims: %s", tkNoUser) + req, err = http.NewRequest("POST", fmt.Sprintf("http://localhost:%d/api/v1/comment", port), + strings.NewReader(`{"text": "test 123", "locator":{"url": "https://radio-t.com/p/2018/12/29/podcast-631/", + "site": "remark"}}`)) + require.NoError(t, err) + req.Header.Set("X-JWT", tkNoUser) + resp, err = client.Do(req) + require.NoError(t, err) + body, err = io.ReadAll(resp.Body) + require.NoError(t, err) + require.NoError(t, resp.Body.Close()) + assert.Equal(t, http.StatusUnauthorized, resp.StatusCode, "user without user information rejected, \n"+tkNoUser+"\n"+string(body)) + // block user github_dev as admin req, err = http.NewRequest(http.MethodPut, fmt.Sprintf("http://localhost:%d/api/v1/admin/user/github_dev?site=remark&block=1&ttl=10d", port), http.NoBody) diff --git a/backend/app/main_test.go b/backend/app/main_test.go index 2154e7447b..68d5c33d5c 100644 --- a/backend/app/main_test.go +++ b/backend/app/main_test.go @@ -121,9 +121,9 @@ func TestMain_WithWebhook(t *testing.T) { func TestGetDump(t *testing.T) { dump := getDump() - assert.True(t, strings.Contains(dump, "goroutine")) - assert.True(t, strings.Contains(dump, "[running]")) - assert.True(t, strings.Contains(dump, "backend/app/main.go")) + assert.Contains(t, dump, "goroutine") + assert.Contains(t, dump, "[running]") + assert.Contains(t, dump, "backend/app/main.go") t.Logf("\n dump: %s", dump) } diff --git a/backend/app/rest/api/admin_test.go b/backend/app/rest/api/admin_test.go index d913f76e3f..644a8ce510 100644 --- a/backend/app/rest/api/admin_test.go +++ b/backend/app/rest/api/admin_test.go @@ -803,9 +803,9 @@ func TestAdmin_DeleteMeRequestFailed(t *testing.T) { assert.Equal(t, http.StatusForbidden, resp.StatusCode) // try bad user - badClaims := claims - badClaims.User.ID = "no-such-id" - tkn, err = srv.Authenticator.TokenService().Token(badClaims) + badClaimsUser := claims + badClaimsUser.User.ID = "no-such-id" + tkn, err = srv.Authenticator.TokenService().Token(badClaimsUser) assert.NoError(t, err) req, err = http.NewRequest(http.MethodGet, fmt.Sprintf("%s/api/v1/admin/deleteme?token=%s", ts.URL, tkn), http.NoBody) assert.NoError(t, err) @@ -814,11 +814,12 @@ func TestAdmin_DeleteMeRequestFailed(t *testing.T) { assert.NoError(t, err) assert.NoError(t, resp.Body.Close()) assert.Equal(t, http.StatusBadRequest, resp.StatusCode, resp.Status) + badClaimsUser.User.ID = "provider1_user1" // try without deleteme flag - badClaims2 := claims - badClaims2.User.SetBoolAttr("delete_me", false) - tkn, err = srv.Authenticator.TokenService().Token(badClaims2) + badClaimsWithoutDeleteMe := claims + badClaimsWithoutDeleteMe.User.SetBoolAttr("delete_me", false) + tkn, err = srv.Authenticator.TokenService().Token(badClaimsWithoutDeleteMe) assert.NoError(t, err) req, err = http.NewRequest(http.MethodGet, fmt.Sprintf("%s/api/v1/admin/deleteme?token=%s", ts.URL, tkn), http.NoBody) assert.NoError(t, err) @@ -829,7 +830,25 @@ func TestAdmin_DeleteMeRequestFailed(t *testing.T) { b, err := io.ReadAll(resp.Body) assert.NoError(t, err) assert.NoError(t, resp.Body.Close()) - assert.True(t, strings.Contains(string(b), "can't use provided token")) + assert.Contains(t, string(b), "can't use provided token") + badClaimsWithoutDeleteMe.User.SetBoolAttr("delete_me", true) + + // try with wrong audience + badClaimsMultipleAudience := claims + badClaimsMultipleAudience.StandardClaims.Audience = "something else" + tkn, err = srv.Authenticator.TokenService().Token(badClaimsMultipleAudience) + assert.NoError(t, err) + req, err = http.NewRequest(http.MethodGet, fmt.Sprintf("%s/api/v1/admin/deleteme?token=%s", ts.URL, tkn), http.NoBody) + assert.NoError(t, err) + req.SetBasicAuth("admin", "password") + resp, err = client.Do(req) + assert.NoError(t, err) + assert.Equal(t, http.StatusBadRequest, resp.StatusCode) + b, err = io.ReadAll(resp.Body) + assert.NoError(t, err) + assert.NoError(t, resp.Body.Close()) + assert.Contains(t, string(b), `site \"something else\" not found`) + badClaimsMultipleAudience.StandardClaims.Audience = "remark42" } func TestAdmin_GetUserInfo(t *testing.T) { diff --git a/backend/app/rest/proxy/image_test.go b/backend/app/rest/proxy/image_test.go index 22c61f1b71..502148163b 100644 --- a/backend/app/rest/proxy/image_test.go +++ b/backend/app/rest/proxy/image_test.go @@ -262,7 +262,7 @@ func TestImage_RoutesTimedOut(t *testing.T) { assert.NoError(t, resp.Body.Close()) require.NoError(t, err) t.Log(string(b)) - assert.True(t, strings.Contains(string(b), "deadline exceeded")) + assert.Contains(t, string(b), "deadline exceeded") assert.Equal(t, 1, len(imageStore.LoadCalls())) }