opensource/magistrala
1
0
Fork 0
mirror of https://github.com/absmach/magistrala.git synced 2026-06-23 04:10:28 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

NOISSUE - Fix password reset (#3200)

Browse Source 
Signed-off-by: dusan <borovcanindusan1@gmail.com>
This commit is contained in:
Dušan Borovčanin
2025-10-21 19:44:41 +02:00
committed by GitHub
parent 9258237cb6
commit 15b8901853
2 changed files with 118 additions and 87 deletions
Download Patch File Download Diff File Expand all files Collapse all files
users/api/endpoint_test.go
+117 -86
View File
@@ -46,13 +46,14 @@ var (
Metadata: validCMetadata,
Status: users.EnabledStatus,
}
validToken = "valid"
inValidToken = "invalid"
inValid = "invalid"
validID = "d4ebb847-5d0e-4e46-bdd9-b6aceaaa3a22"
passRegex = regexp.MustCompile("^.{8,}$")
testReferer = "http://localhost"
domainID = testsutil.GenerateUUID(&testing.T{})
validToken = "valid"
inValidToken = "invalid"
inValid = "invalid"
validID = "d4ebb847-5d0e-4e46-bdd9-b6aceaaa3a22"
passRegex = regexp.MustCompile("^.{8,}$")
testReferer = "http://localhost"
domainID = testsutil.GenerateUUID(&testing.T{})
verifiedSession = smqauthn.Session{UserID: validID, DomainID: domainID, Verified: true}
)
const contentType = "application/json"
@@ -94,7 +95,7 @@ func newUsersServer() (*httptest.Server, *mocks.Service, *authnmocks.Authenticat
provider := new(oauth2mocks.Provider)
provider.On("Name").Return("test")
authn := new(authnmocks.Authentication)
am := smqauthn.NewAuthNMiddleware(authn, smqauthn.WithAllowUnverifiedUser(true))
am := smqauthn.NewAuthNMiddleware(authn)
token := new(authmocks.TokenServiceClient)
usersapi.MakeHandler(svc, am, token, true, mux, logger, "", passRegex, idp, provider)
@@ -289,7 +290,7 @@ func TestView(t *testing.T) {
token: validToken,
id: user.ID,
status: http.StatusOK,
authnRes: smqauthn.Session{UserID: validID, DomainID: domainID},
authnRes: verifiedSession,
err: nil,
},
{
@@ -315,7 +316,7 @@ func TestView(t *testing.T) {
token: validToken,
id: user.ID,
status: http.StatusOK,
authnRes: smqauthn.Session{UserID: validID, DomainID: domainID},
authnRes: verifiedSession,
err: nil,
},
{
@@ -323,7 +324,7 @@ func TestView(t *testing.T) {
token: validToken,
id: inValid,
status: http.StatusBadRequest,
authnRes: smqauthn.Session{UserID: validID, DomainID: domainID},
authnRes: verifiedSession,
svcErr: svcerr.ErrViewEntity,
err: svcerr.ErrViewEntity,
},
@@ -375,7 +376,7 @@ func TestViewProfile(t *testing.T) {
token: validToken,
id: user.ID,
status: http.StatusOK,
authnRes: smqauthn.Session{UserID: validID, DomainID: domainID},
authnRes: verifiedSession,
err: nil,
},
{
@@ -401,7 +402,7 @@ func TestViewProfile(t *testing.T) {
token: validToken,
id: user.ID,
status: http.StatusBadRequest,
authnRes: smqauthn.Session{UserID: validID, DomainID: domainID},
authnRes: verifiedSession,
svcErr: svcerr.ErrViewEntity,
err: svcerr.ErrViewEntity,
},
@@ -458,7 +459,7 @@ func TestListUsers(t *testing.T) {
},
Users: []users.User{user},
},
authnRes: smqauthn.Session{UserID: validID, DomainID: domainID},
authnRes: verifiedSession,
err: nil,
},
{
@@ -489,7 +490,7 @@ func TestListUsers(t *testing.T) {
},
query: "offset=1",
status: http.StatusOK,
authnRes: smqauthn.Session{UserID: validID, DomainID: domainID},
authnRes: verifiedSession,
err: nil,
},
{
@@ -497,7 +498,7 @@ func TestListUsers(t *testing.T) {
token: validToken,
query: "offset=invalid",
status: http.StatusBadRequest,
authnRes: smqauthn.Session{UserID: validID, DomainID: domainID},
authnRes: verifiedSession,
err: apiutil.ErrValidation,
},
{
@@ -512,7 +513,7 @@ func TestListUsers(t *testing.T) {
},
query: "limit=1",
status: http.StatusOK,
authnRes: smqauthn.Session{UserID: validID, DomainID: domainID},
authnRes: verifiedSession,
err: nil,
},
{
@@ -520,7 +521,7 @@ func TestListUsers(t *testing.T) {
token: validToken,
query: "limit=invalid",
status: http.StatusBadRequest,
authnRes: smqauthn.Session{UserID: validID, DomainID: domainID},
authnRes: verifiedSession,
err: apiutil.ErrValidation,
},
{
@@ -528,7 +529,7 @@ func TestListUsers(t *testing.T) {
token: validToken,
query: fmt.Sprintf("limit=%d", api.MaxLimitSize+1),
status: http.StatusBadRequest,
authnRes: smqauthn.Session{UserID: validID, DomainID: domainID},
authnRes: verifiedSession,
err: apiutil.ErrValidation,
},
{
@@ -542,7 +543,7 @@ func TestListUsers(t *testing.T) {
},
query: "name=username",
status: http.StatusOK,
authnRes: smqauthn.Session{UserID: validID, DomainID: domainID},
authnRes: verifiedSession,
err: nil,
},
{
@@ -550,7 +551,7 @@ func TestListUsers(t *testing.T) {
token: validToken,
query: "name=1&name=2",
status: http.StatusBadRequest,
authnRes: smqauthn.Session{UserID: validID, DomainID: domainID},
authnRes: verifiedSession,
err: apiutil.ErrInvalidQueryParams,
},
{
@@ -564,7 +565,7 @@ func TestListUsers(t *testing.T) {
},
query: "status=enabled",
status: http.StatusOK,
authnRes: smqauthn.Session{UserID: validID, DomainID: domainID},
authnRes: verifiedSession,
err: nil,
},
{
@@ -572,7 +573,7 @@ func TestListUsers(t *testing.T) {
token: validToken,
query: "status=invalid",
status: http.StatusBadRequest,
authnRes: smqauthn.Session{UserID: validID, DomainID: domainID},
authnRes: verifiedSession,
err: apiutil.ErrValidation,
},
{
@@ -580,7 +581,7 @@ func TestListUsers(t *testing.T) {
token: validToken,
query: "status=enabled&status=disabled",
status: http.StatusBadRequest,
authnRes: smqauthn.Session{UserID: validID, DomainID: domainID},
authnRes: verifiedSession,
err: apiutil.ErrInvalidQueryParams,
},
{
@@ -594,7 +595,7 @@ func TestListUsers(t *testing.T) {
},
query: "tag=tag1,tag2",
status: http.StatusOK,
authnRes: smqauthn.Session{UserID: validID, DomainID: domainID},
authnRes: verifiedSession,
err: nil,
},
{
@@ -602,7 +603,7 @@ func TestListUsers(t *testing.T) {
token: validToken,
query: "tag=tag1&tag=tag2",
status: http.StatusBadRequest,
authnRes: smqauthn.Session{UserID: validID, DomainID: domainID},
authnRes: verifiedSession,
err: apiutil.ErrInvalidQueryParams,
},
{
@@ -616,7 +617,7 @@ func TestListUsers(t *testing.T) {
},
query: "metadata=%7B%22domain%22%3A%20%22example.com%22%7D&",
status: http.StatusOK,
authnRes: smqauthn.Session{UserID: validID, DomainID: domainID},
authnRes: verifiedSession,
err: nil,
},
{
@@ -624,7 +625,7 @@ func TestListUsers(t *testing.T) {
token: validToken,
query: "metadata=invalid",
status: http.StatusBadRequest,
authnRes: smqauthn.Session{UserID: validID, DomainID: domainID},
authnRes: verifiedSession,
err: apiutil.ErrValidation,
},
{
@@ -632,7 +633,7 @@ func TestListUsers(t *testing.T) {
token: validToken,
query: "metadata=%7B%22domain%22%3A%20%22example.com%22%7D&metadata=%7B%22domain%22%3A%20%22example.com%22%7D",
status: http.StatusBadRequest,
authnRes: smqauthn.Session{UserID: validID, DomainID: domainID},
authnRes: verifiedSession,
err: apiutil.ErrInvalidQueryParams,
},
{
@@ -646,7 +647,7 @@ func TestListUsers(t *testing.T) {
},
query: "permission=view",
status: http.StatusOK,
authnRes: smqauthn.Session{UserID: validID, DomainID: domainID},
authnRes: verifiedSession,
err: nil,
},
{
@@ -654,7 +655,7 @@ func TestListUsers(t *testing.T) {
token: validToken,
query: "permission=view&permission=view",
status: http.StatusBadRequest,
authnRes: smqauthn.Session{UserID: validID, DomainID: domainID},
authnRes: verifiedSession,
err: apiutil.ErrInvalidQueryParams,
},
{
@@ -668,7 +669,7 @@ func TestListUsers(t *testing.T) {
},
query: "list_perms=true",
status: http.StatusOK,
authnRes: smqauthn.Session{UserID: validID, DomainID: domainID},
authnRes: verifiedSession,
err: nil,
},
{
@@ -676,7 +677,7 @@ func TestListUsers(t *testing.T) {
token: validToken,
query: "list_perms=true&list_perms=true",
status: http.StatusBadRequest,
authnRes: smqauthn.Session{UserID: validID, DomainID: domainID},
authnRes: verifiedSession,
err: apiutil.ErrInvalidQueryParams,
},
{
@@ -690,7 +691,7 @@ func TestListUsers(t *testing.T) {
Users: []users.User{user},
},
status: http.StatusOK,
authnRes: smqauthn.Session{UserID: validID, DomainID: domainID},
authnRes: verifiedSession,
err: nil,
},
{
@@ -698,7 +699,7 @@ func TestListUsers(t *testing.T) {
token: validToken,
query: "email=1&email=2",
status: http.StatusBadRequest,
authnRes: smqauthn.Session{UserID: validID, DomainID: domainID},
authnRes: verifiedSession,
err: apiutil.ErrInvalidQueryParams,
},
{
@@ -706,7 +707,7 @@ func TestListUsers(t *testing.T) {
token: validToken,
query: "list_perms=true&list_perms=true",
status: http.StatusBadRequest,
authnRes: smqauthn.Session{UserID: validID, DomainID: domainID},
authnRes: verifiedSession,
err: apiutil.ErrInvalidQueryParams,
},
{
@@ -722,7 +723,7 @@ func TestListUsers(t *testing.T) {
},
},
status: http.StatusOK,
authnRes: smqauthn.Session{UserID: validID, DomainID: validID},
authnRes: smqauthn.Session{UserID: validID, DomainID: validID, Verified: true},
err: nil,
},
{
@@ -730,7 +731,7 @@ func TestListUsers(t *testing.T) {
token: validToken,
query: "email=1&email=2",
status: http.StatusBadRequest,
authnRes: smqauthn.Session{UserID: validID, DomainID: validID},
authnRes: smqauthn.Session{UserID: validID, DomainID: validID, Verified: true},
err: apiutil.ErrInvalidQueryParams,
},
{
@@ -746,7 +747,7 @@ func TestListUsers(t *testing.T) {
token: validToken,
query: "order=username",
status: http.StatusOK,
authnRes: smqauthn.Session{UserID: validID, DomainID: domainID},
authnRes: verifiedSession,
err: nil,
},
{
@@ -754,7 +755,7 @@ func TestListUsers(t *testing.T) {
token: validToken,
query: "order=name&order=name",
status: http.StatusBadRequest,
authnRes: smqauthn.Session{UserID: validID, DomainID: domainID},
authnRes: verifiedSession,
err: apiutil.ErrInvalidQueryParams,
},
{
@@ -762,7 +763,7 @@ func TestListUsers(t *testing.T) {
token: validToken,
query: "dir=invalid",
status: http.StatusBadRequest,
authnRes: smqauthn.Session{UserID: validID, DomainID: domainID},
authnRes: verifiedSession,
err: apiutil.ErrValidation,
},
{
@@ -770,7 +771,7 @@ func TestListUsers(t *testing.T) {
token: validToken,
query: "dir=asc&dir=asc",
status: http.StatusBadRequest,
authnRes: smqauthn.Session{UserID: validID, DomainID: domainID},
authnRes: verifiedSession,
err: apiutil.ErrInvalidQueryParams,
},
}
@@ -922,7 +923,7 @@ func TestSearchUsers(t *testing.T) {
token: tc.token,
}
authnCall := authn.On("Authenticate", mock.Anything, tc.token).Return(smqauthn.Session{UserID: validID, DomainID: domainID}, tc.authnErr)
authnCall := authn.On("Authenticate", mock.Anything, tc.token).Return(verifiedSession, tc.authnErr)
svcCall := svc.On("SearchUsers", mock.Anything, mock.Anything).Return(
users.UsersPage{
Page: tc.listUsersResponse.Page,
@@ -962,7 +963,7 @@ func TestUpdate(t *testing.T) {
id: user.ID,
data: fmt.Sprintf(`{"name":"%s","metadata":%s}`, newName, toJSON(newMetadata)),
token: validToken,
authnRes: smqauthn.Session{UserID: validID, DomainID: domainID},
authnRes: verifiedSession,
contentType: contentType,
userResponse: users.User{
ID: user.ID,
@@ -977,7 +978,7 @@ func TestUpdate(t *testing.T) {
id: user.ID,
data: fmt.Sprintf(`{"name":"%s","metadata":%s}`, newName, toJSON(newMetadata)),
token: validToken,
authnRes: smqauthn.Session{UserID: validID, DomainID: domainID},
authnRes: verifiedSession,
contentType: contentType,
userResponse: users.User{
ID: user.ID,
@@ -992,6 +993,7 @@ func TestUpdate(t *testing.T) {
id: user.ID,
data: fmt.Sprintf(`{"name":"%s","metadata":%s}`, newName, toJSON(newMetadata)),
token: inValidToken,
authnRes: smqauthn.Session{UserID: validID, DomainID: validID, Verified: true},
contentType: contentType,
status: http.StatusUnauthorized,
authnErr: svcerr.ErrAuthentication,
@@ -1002,6 +1004,7 @@ func TestUpdate(t *testing.T) {
id: user.ID,
data: fmt.Sprintf(`{"name":"%s","metadata":%s}`, newName, toJSON(newMetadata)),
token: "",
authnRes: smqauthn.Session{UserID: validID, DomainID: validID, Verified: true},
contentType: contentType,
status: http.StatusUnauthorized,
authnErr: svcerr.ErrAuthentication,
@@ -1012,7 +1015,7 @@ func TestUpdate(t *testing.T) {
id: inValid,
data: fmt.Sprintf(`{"name":"%s","metadata":%s}`, newName, toJSON(newMetadata)),
token: validToken,
authnRes: smqauthn.Session{UserID: validID, DomainID: domainID},
authnRes: verifiedSession,
contentType: contentType,
status: http.StatusForbidden,
err: svcerr.ErrAuthorization,
@@ -1022,7 +1025,7 @@ func TestUpdate(t *testing.T) {
id: user.ID,
data: fmt.Sprintf(`{"name":"%s","metadata":%s}`, newName, toJSON(newMetadata)),
token: validToken,
authnRes: smqauthn.Session{UserID: validID, DomainID: domainID},
authnRes: verifiedSession,
contentType: "application/xml",
status: http.StatusUnsupportedMediaType,
err: apiutil.ErrValidation,
@@ -1032,7 +1035,7 @@ func TestUpdate(t *testing.T) {
id: user.ID,
data: fmt.Sprintf(`{"name":%s}`, "invalid"),
token: validToken,
authnRes: smqauthn.Session{UserID: validID, DomainID: domainID},
authnRes: verifiedSession,
contentType: contentType,
status: http.StatusBadRequest,
err: apiutil.ErrValidation,
@@ -1042,7 +1045,7 @@ func TestUpdate(t *testing.T) {
id: " ",
data: fmt.Sprintf(`{"name":"%s","metadata":%s}`, newName, toJSON(newMetadata)),
token: validToken,
authnRes: smqauthn.Session{UserID: validID, DomainID: domainID},
authnRes: verifiedSession,
contentType: contentType,
status: http.StatusBadRequest,
err: apiutil.ErrValidation,
@@ -1106,7 +1109,7 @@ func TestUpdateTags(t *testing.T) {
Tags: []string{newTag},
},
token: validToken,
authnRes: smqauthn.Session{UserID: validID, DomainID: domainID},
authnRes: verifiedSession,
status: http.StatusOK,
err: nil,
},
@@ -1120,7 +1123,7 @@ func TestUpdateTags(t *testing.T) {
Tags: []string{newTag},
},
token: validToken,
authnRes: smqauthn.Session{UserID: validID, DomainID: domainID},
authnRes: verifiedSession,
status: http.StatusOK,
err: nil,
},
@@ -1130,6 +1133,7 @@ func TestUpdateTags(t *testing.T) {
data: fmt.Sprintf(`{"tags":["%s"]}`, newTag),
contentType: contentType,
token: "",
authnRes: smqauthn.Session{UserID: validID, DomainID: validID, Verified: true},
status: http.StatusUnauthorized,
authnErr: svcerr.ErrAuthentication,
err: apiutil.ErrBearerToken,
@@ -1140,6 +1144,7 @@ func TestUpdateTags(t *testing.T) {
data: fmt.Sprintf(`{"tags":["%s"]}`, newTag),
contentType: contentType,
token: inValidToken,
authnRes: smqauthn.Session{UserID: validID, DomainID: validID, Verified: true},
status: http.StatusUnauthorized,
authnErr: svcerr.ErrAuthentication,
err: svcerr.ErrAuthentication,
@@ -1150,7 +1155,7 @@ func TestUpdateTags(t *testing.T) {
data: fmt.Sprintf(`{"tags":["%s"]}`, newTag),
contentType: contentType,
token: validToken,
authnRes: smqauthn.Session{UserID: validID, DomainID: domainID},
authnRes: verifiedSession,
status: http.StatusForbidden,
err: svcerr.ErrAuthorization,
},
@@ -1160,7 +1165,7 @@ func TestUpdateTags(t *testing.T) {
data: fmt.Sprintf(`{"tags":["%s"]}`, newTag),
contentType: "application/xml",
token: validToken,
authnRes: smqauthn.Session{UserID: validID, DomainID: domainID},
authnRes: verifiedSession,
status: http.StatusUnsupportedMediaType,
err: apiutil.ErrValidation,
},
@@ -1170,7 +1175,7 @@ func TestUpdateTags(t *testing.T) {
data: fmt.Sprintf(`{"tags":["%s"]}`, newTag),
contentType: contentType,
token: validToken,
authnRes: smqauthn.Session{UserID: validID, DomainID: domainID},
authnRes: verifiedSession,
status: http.StatusBadRequest,
err: apiutil.ErrValidation,
},
@@ -1180,7 +1185,7 @@ func TestUpdateTags(t *testing.T) {
data: fmt.Sprintf(`{"tags":%s}`, newTag),
contentType: contentType,
token: validToken,
authnRes: smqauthn.Session{UserID: validID, DomainID: domainID},
authnRes: verifiedSession,
status: http.StatusBadRequest,
err: apiutil.ErrValidation,
},
@@ -1248,7 +1253,7 @@ func TestUpdateEmail(t *testing.T) {
},
contentType: contentType,
token: validToken,
authnRes: smqauthn.Session{UserID: validID, DomainID: domainID},
authnRes: verifiedSession,
status: http.StatusOK,
err: nil,
},
@@ -1355,7 +1360,7 @@ func TestUpdateEmail(t *testing.T) {
},
contentType: contentType,
token: validToken,
authnRes: smqauthn.Session{UserID: validID, DomainID: domainID},
authnRes: verifiedSession,
status: http.StatusUnprocessableEntity,
svcErr: svcerr.ErrUpdateEntity,
err: svcerr.ErrUpdateEntity,
@@ -1417,7 +1422,7 @@ func TestUpdateUsername(t *testing.T) {
},
contentType: contentType,
token: validToken,
authnRes: smqauthn.Session{UserID: validID, DomainID: domainID},
authnRes: verifiedSession,
status: http.StatusOK,
err: nil,
},
@@ -1430,6 +1435,7 @@ func TestUpdateUsername(t *testing.T) {
Username: newusername,
},
},
authnRes: smqauthn.Session{Type: smqauthn.AccessToken, Verified: true},
contentType: contentType,
token: "",
status: http.StatusUnauthorized,
@@ -1445,6 +1451,7 @@ func TestUpdateUsername(t *testing.T) {
Username: newusername,
},
},
authnRes: smqauthn.Session{Type: smqauthn.AccessToken, Verified: true},
contentType: contentType,
token: inValid,
status: http.StatusUnauthorized,
@@ -1460,9 +1467,9 @@ func TestUpdateUsername(t *testing.T) {
Username: newusername,
},
},
authnRes: smqauthn.Session{UserID: validID, DomainID: validID, Verified: true},
contentType: contentType,
token: validToken,
authnRes: smqauthn.Session{UserID: validID, DomainID: validID},
status: http.StatusBadRequest,
err: apiutil.ErrMissingID,
},
@@ -1475,6 +1482,7 @@ func TestUpdateUsername(t *testing.T) {
Username: newusername,
},
},
authnRes: smqauthn.Session{UserID: validID, DomainID: validID, Verified: true},
contentType: "application/xml",
token: validToken,
status: http.StatusUnsupportedMediaType,
@@ -1489,6 +1497,7 @@ func TestUpdateUsername(t *testing.T) {
Username: newusername,
},
},
authnRes: smqauthn.Session{UserID: validID, DomainID: validID, Verified: true},
token: validToken,
contentType: contentType,
status: http.StatusBadRequest,
@@ -1503,6 +1512,7 @@ func TestUpdateUsername(t *testing.T) {
Username: newusername,
},
},
authnRes: smqauthn.Session{UserID: validID, DomainID: validID, Verified: true},
contentType: contentType,
token: validToken,
status: http.StatusUnprocessableEntity,
@@ -1564,7 +1574,7 @@ func TestUpdateProfilePicture(t *testing.T) {
},
contentType: contentType,
token: validToken,
authnRes: smqauthn.Session{UserID: validID, DomainID: domainID},
authnRes: smqauthn.Session{UserID: validID, DomainID: domainID, Role: smqauthn.AdminRole},
status: http.StatusOK,
err: nil,
},
@@ -1572,6 +1582,7 @@ func TestUpdateProfilePicture(t *testing.T) {
desc: "update profile picture with empty token",
data: fmt.Sprintf(`{"profile_picture": "%s"}`, newprofilepicture),
user: users.User{},
authnRes: smqauthn.Session{Type: smqauthn.AccessToken, Verified: true},
contentType: contentType,
token: "",
status: http.StatusUnauthorized,
@@ -1595,9 +1606,10 @@ func TestUpdateProfilePicture(t *testing.T) {
ID: "",
ProfilePicture: newprofilepicture,
},
contentType: contentType,
token: validToken,
authnRes: smqauthn.Session{UserID: validID, DomainID: validID},
authnRes: smqauthn.Session{UserID: validID, DomainID: validID, Verified: true},
status: http.StatusBadRequest,
err: apiutil.ErrMissingID,
},
@@ -1608,6 +1620,7 @@ func TestUpdateProfilePicture(t *testing.T) {
ID: user.ID,
ProfilePicture: newprofilepicture,
},
authnRes: smqauthn.Session{Type: smqauthn.AccessToken, Verified: true},
contentType: "application/xml",
token: validToken,
status: http.StatusUnsupportedMediaType,
@@ -1617,6 +1630,7 @@ func TestUpdateProfilePicture(t *testing.T) {
desc: "update profile picture with malformed data",
data: fmt.Sprintf(`{"profile_picture": %s}`, "invalid"),
user: users.User{},
authnRes: smqauthn.Session{Type: smqauthn.AccessToken, Verified: true},
token: validToken,
contentType: contentType,
status: http.StatusBadRequest,
@@ -1628,6 +1642,7 @@ func TestUpdateProfilePicture(t *testing.T) {
user: users.User{
ID: user.ID,
},
authnRes: smqauthn.Session{Type: smqauthn.AccessToken, Verified: true},
contentType: contentType,
token: validToken,
status: http.StatusUnprocessableEntity,
@@ -1714,7 +1729,7 @@ func TestPasswordResetRequest(t *testing.T) {
err: apiutil.ErrValidation,
},
{
desc: "password reset with invalid contentype",
desc: "password reset with invalid content type",
data: fmt.Sprintf(`{"email": "%s", "host": "%s"}`, testemail, testhost),
contentType: "application/xml",
referer: testReferer,
@@ -1768,7 +1783,7 @@ func TestSendVerification(t *testing.T) {
desc: "send verification with valid token",
token: validToken,
status: http.StatusOK,
authnRes: smqauthn.Session{UserID: validID, DomainID: domainID},
authnRes: verifiedSession,
err: nil,
},
{
@@ -1791,7 +1806,7 @@ func TestSendVerification(t *testing.T) {
desc: "send verification with service error",
token: validToken,
status: http.StatusUnprocessableEntity,
authnRes: smqauthn.Session{UserID: validID, DomainID: domainID},
authnRes: verifiedSession,
svcErr: svcerr.ErrCreateEntity,
err: svcerr.ErrCreateEntity,
},
@@ -1917,6 +1932,16 @@ func TestPasswordReset(t *testing.T) {
desc: "password reset with valid token",
data: fmt.Sprintf(`{"token": "%s", "password": "%s", "confirm_password": "%s"}`, validToken, strongPass, strongPass),
token: validToken,
authnRes: smqauthn.Session{Type: smqauthn.AccessToken, Verified: true},
contentType: contentType,
status: http.StatusCreated,
err: nil,
},
{
desc: "password reset with forgotten password",
data: fmt.Sprintf(`{"token": "%s", "password": "%s", "confirm_password": "%s"}`, validToken, strongPass, strongPass),
token: validToken,
authnRes: smqauthn.Session{Type: smqauthn.AccessToken, Verified: false},
contentType: contentType,
status: http.StatusCreated,
err: nil,
@@ -2023,7 +2048,7 @@ func TestUpdateRole(t *testing.T) {
data: fmt.Sprintf(`{"role": "%s"}`, "admin"),
userID: user.ID,
token: validToken,
authnRes: smqauthn.Session{UserID: validID, DomainID: domainID},
authnRes: verifiedSession,
contentType: contentType,
status: http.StatusOK,
err: nil,
@@ -2033,7 +2058,7 @@ func TestUpdateRole(t *testing.T) {
data: fmt.Sprintf(`{"role": "%s"}`, "admin"),
userID: user.ID,
token: validToken,
authnRes: smqauthn.Session{UserID: validID, DomainID: domainID},
authnRes: verifiedSession,
contentType: contentType,
status: http.StatusOK,
err: nil,
@@ -2063,7 +2088,7 @@ func TestUpdateRole(t *testing.T) {
data: fmt.Sprintf(`{"role": "%s"}`, "invalid"),
userID: user.ID,
token: validToken,
authnRes: smqauthn.Session{UserID: validID, DomainID: domainID},
authnRes: verifiedSession,
contentType: contentType,
status: http.StatusBadRequest,
err: svcerr.ErrInvalidRole,
@@ -2073,7 +2098,7 @@ func TestUpdateRole(t *testing.T) {
data: fmt.Sprintf(`{"role": "%s"}`, "admin"),
userID: user.ID,
token: validToken,
authnRes: smqauthn.Session{UserID: validID, DomainID: domainID},
authnRes: verifiedSession,
contentType: "application/xml",
status: http.StatusUnsupportedMediaType,
err: apiutil.ErrValidation,
@@ -2083,7 +2108,7 @@ func TestUpdateRole(t *testing.T) {
data: fmt.Sprintf(`{"role": %s}`, "admin"),
userID: user.ID,
token: validToken,
authnRes: smqauthn.Session{UserID: validID, DomainID: domainID},
authnRes: verifiedSession,
contentType: contentType,
status: http.StatusBadRequest,
err: apiutil.ErrValidation,
@@ -2093,7 +2118,7 @@ func TestUpdateRole(t *testing.T) {
data: fmt.Sprintf(`{"role": "%s"}`, "admin"),
userID: user.ID,
token: validToken,
authnRes: smqauthn.Session{UserID: validID, DomainID: domainID},
authnRes: verifiedSession,
contentType: contentType,
status: http.StatusUnprocessableEntity,
svcErr: svcerr.ErrUpdateEntity,
@@ -2157,6 +2182,7 @@ func TestUpdateSecret(t *testing.T) {
},
contentType: contentType,
token: validToken,
authnRes: verifiedSession,
status: http.StatusOK,
err: nil,
},
@@ -2170,8 +2196,9 @@ func TestUpdateSecret(t *testing.T) {
Secret: "strongersecret",
},
},
contentType: contentType,
token: "",
authnRes: verifiedSession,
contentType: contentType,
status: http.StatusUnauthorized,
authnErr: svcerr.ErrAuthentication,
err: apiutil.ErrBearerToken,
@@ -2188,6 +2215,7 @@ func TestUpdateSecret(t *testing.T) {
},
contentType: contentType,
token: inValid,
authnRes: verifiedSession,
status: http.StatusUnauthorized,
authnErr: svcerr.ErrAuthentication,
err: svcerr.ErrAuthentication,
@@ -2205,6 +2233,7 @@ func TestUpdateSecret(t *testing.T) {
},
contentType: contentType,
token: validToken,
authnRes: verifiedSession,
status: http.StatusBadRequest,
err: apiutil.ErrMissingPass,
},
@@ -2220,6 +2249,7 @@ func TestUpdateSecret(t *testing.T) {
},
contentType: "application/xml",
token: validToken,
authnRes: verifiedSession,
status: http.StatusUnsupportedMediaType,
err: apiutil.ErrValidation,
},
@@ -2235,6 +2265,7 @@ func TestUpdateSecret(t *testing.T) {
},
contentType: contentType,
token: validToken,
authnRes: verifiedSession,
status: http.StatusBadRequest,
err: apiutil.ErrValidation,
},
@@ -2375,7 +2406,7 @@ func TestRefreshToken(t *testing.T) {
data: fmt.Sprintf(`{"refresh_token": "%s", "domain_id": "%s"}`, validToken, validID),
contentType: contentType,
token: validToken,
authnRes: smqauthn.Session{UserID: validID, DomainID: domainID},
authnRes: verifiedSession,
status: http.StatusCreated,
err: nil,
},
@@ -2401,7 +2432,7 @@ func TestRefreshToken(t *testing.T) {
data: fmt.Sprintf(`{"refresh_token": "%s", "domain_id": "%s"}`, validToken, "invalid"),
contentType: contentType,
token: validToken,
authnRes: smqauthn.Session{UserID: validID, DomainID: domainID},
authnRes: verifiedSession,
status: http.StatusUnauthorized,
err: svcerr.ErrAuthentication,
},
@@ -2410,7 +2441,7 @@ func TestRefreshToken(t *testing.T) {
data: fmt.Sprintf(`{"refresh_token": %s, "domain_id": %s}`, validToken, validID),
contentType: contentType,
token: validToken,
authnRes: smqauthn.Session{UserID: validID, DomainID: domainID},
authnRes: verifiedSession,
status: http.StatusBadRequest,
err: apiutil.ErrValidation,
},
@@ -2419,7 +2450,7 @@ func TestRefreshToken(t *testing.T) {
data: fmt.Sprintf(`{"refresh_token": "%s", "domain_id": "%s"}`, validToken, validID),
contentType: "application/xml",
token: validToken,
authnRes: smqauthn.Session{UserID: validID, DomainID: domainID},
authnRes: verifiedSession,
status: http.StatusUnsupportedMediaType,
err: apiutil.ErrValidation,
},
@@ -2475,7 +2506,7 @@ func TestEnable(t *testing.T) {
Status: users.EnabledStatus,
},
token: validToken,
authnRes: smqauthn.Session{UserID: validID, DomainID: domainID},
authnRes: verifiedSession,
status: http.StatusOK,
err: nil,
},
@@ -2487,7 +2518,7 @@ func TestEnable(t *testing.T) {
Status: users.EnabledStatus,
},
token: validToken,
authnRes: smqauthn.Session{UserID: validID, DomainID: domainID},
authnRes: verifiedSession,
status: http.StatusOK,
err: nil,
},
@@ -2505,7 +2536,7 @@ func TestEnable(t *testing.T) {
ID: "",
},
token: validToken,
authnRes: smqauthn.Session{UserID: validID, DomainID: domainID},
authnRes: verifiedSession,
status: http.StatusBadRequest,
err: apiutil.ErrMissingID,
},
@@ -2513,7 +2544,7 @@ func TestEnable(t *testing.T) {
desc: "enable user with service error",
user: user,
token: validToken,
authnRes: smqauthn.Session{UserID: validID, DomainID: domainID},
authnRes: verifiedSession,
status: http.StatusUnprocessableEntity,
svcErr: svcerr.ErrEnableUser,
err: svcerr.ErrEnableUser,
@@ -2575,7 +2606,7 @@ func TestDisable(t *testing.T) {
Status: users.DisabledStatus,
},
token: validToken,
authnRes: smqauthn.Session{UserID: validID, DomainID: domainID, SuperAdmin: true},
authnRes: smqauthn.Session{UserID: validID, DomainID: domainID, SuperAdmin: true, Verified: true},
status: http.StatusOK,
err: nil,
},
@@ -2587,7 +2618,7 @@ func TestDisable(t *testing.T) {
Status: users.DisabledStatus,
},
token: validToken,
authnRes: smqauthn.Session{UserID: validID, DomainID: domainID},
authnRes: verifiedSession,
status: http.StatusOK,
err: nil,
},
@@ -2605,7 +2636,7 @@ func TestDisable(t *testing.T) {
ID: "",
},
token: validToken,
authnRes: smqauthn.Session{UserID: validID, DomainID: domainID},
authnRes: verifiedSession,
status: http.StatusBadRequest,
err: apiutil.ErrMissingID,
},
@@ -2613,7 +2644,7 @@ func TestDisable(t *testing.T) {
desc: "disable user with service error",
user: user,
token: validToken,
authnRes: smqauthn.Session{UserID: validID, DomainID: domainID},
authnRes: verifiedSession,
status: http.StatusUnprocessableEntity,
svcErr: svcerr.ErrDisableUser,
err: svcerr.ErrDisableUser,
@@ -2665,7 +2696,7 @@ func TestDelete(t *testing.T) {
ID: user.ID,
},
token: validToken,
authnRes: smqauthn.Session{UserID: validID, DomainID: domainID},
authnRes: verifiedSession,
status: http.StatusNoContent,
err: nil,
},
@@ -2683,7 +2714,7 @@ func TestDelete(t *testing.T) {
ID: "",
},
token: validToken,
authnRes: smqauthn.Session{UserID: validID, DomainID: domainID},
authnRes: verifiedSession,
status: http.StatusMethodNotAllowed,
err: apiutil.ErrMissingID,
},
@@ -2691,7 +2722,7 @@ func TestDelete(t *testing.T) {
desc: "delete user with service error",
user: user,
token: validToken,
authnRes: smqauthn.Session{UserID: validID, DomainID: domainID},
authnRes: verifiedSession,
status: http.StatusUnprocessableEntity,
svcErr: svcerr.ErrRemoveEntity,
err: svcerr.ErrRemoveEntity,
users/api/users.go
+1 -1
View File
@@ -176,7 +176,7 @@ func usersHandler(svc users.Service, authn smqauthn.AuthNMiddleware, tokenClient
})
r.Group(func(r chi.Router) {
r.Use(authn.Middleware())
r.Use(authn.WithOptions(smqauthn.WithAllowUnverifiedUser(true)).Middleware())
r.Put("/password/reset", otelhttp.NewHandler(kithttp.NewServer(
passwordResetEndpoint(svc),
decodePasswordReset,