107 lines
2.9 KiB
Go
107 lines
2.9 KiB
Go
package http
|
|
|
|
import (
|
|
"bytes"
|
|
"encoding/json"
|
|
"io"
|
|
stdhttp "net/http"
|
|
"strings"
|
|
"testing"
|
|
|
|
"gitea.dcglab.co.uk/steve/restic-manager/internal/store"
|
|
)
|
|
|
|
func TestAPIUsersList(t *testing.T) {
|
|
t.Parallel()
|
|
srv, ts, _ := rawTestServerWithUI(t)
|
|
adminID := makeUser(t, srv, "admin1", store.RoleAdmin)
|
|
makeUser(t, srv, "op1", store.RoleOperator)
|
|
cookie := loginAs(t, srv, adminID)
|
|
|
|
req, _ := stdhttp.NewRequest("GET", ts.URL+"/api/users", nil)
|
|
req.AddCookie(cookie)
|
|
res, err := stdhttp.DefaultClient.Do(req)
|
|
if err != nil {
|
|
t.Fatalf("GET: %v", err)
|
|
}
|
|
defer res.Body.Close()
|
|
if res.StatusCode != stdhttp.StatusOK {
|
|
body, _ := io.ReadAll(res.Body)
|
|
t.Fatalf("status: got %d body=%s", res.StatusCode, body)
|
|
}
|
|
var got listUsersResponse
|
|
_ = json.NewDecoder(res.Body).Decode(&got)
|
|
if len(got.Users) != 2 {
|
|
t.Errorf("count: got %d want 2", len(got.Users))
|
|
}
|
|
}
|
|
|
|
func TestAPIUserCreate(t *testing.T) {
|
|
t.Parallel()
|
|
srv, ts, _ := rawTestServerWithUI(t)
|
|
adminID := makeUser(t, srv, "admin1", store.RoleAdmin)
|
|
cookie := loginAs(t, srv, adminID)
|
|
|
|
body, _ := json.Marshal(map[string]any{
|
|
"username": "Bob", "email": "bob@example.com", "role": "operator",
|
|
})
|
|
req, _ := stdhttp.NewRequest("POST", ts.URL+"/api/users", bytes.NewReader(body))
|
|
req.AddCookie(cookie)
|
|
req.Header.Set("Content-Type", "application/json")
|
|
res, err := stdhttp.DefaultClient.Do(req)
|
|
if err != nil {
|
|
t.Fatalf("POST: %v", err)
|
|
}
|
|
defer res.Body.Close()
|
|
if res.StatusCode != stdhttp.StatusCreated {
|
|
body, _ := io.ReadAll(res.Body)
|
|
t.Fatalf("status: got %d body=%s", res.StatusCode, body)
|
|
}
|
|
var got struct {
|
|
ID string `json:"id"`
|
|
SetupURL string `json:"setup_url"`
|
|
}
|
|
_ = json.NewDecoder(res.Body).Decode(&got)
|
|
if got.ID == "" || got.SetupURL == "" {
|
|
t.Errorf("missing fields: %+v", got)
|
|
}
|
|
if !strings.Contains(got.SetupURL, "/setup?token=") {
|
|
t.Errorf("setup_url shape: %q", got.SetupURL)
|
|
}
|
|
|
|
// Verify lowercase-normalised.
|
|
u, err := srv.deps.Store.GetUserByUsername(t.Context(), "bob")
|
|
if err != nil {
|
|
t.Fatalf("get: %v", err)
|
|
}
|
|
if u.Username != "bob" {
|
|
t.Errorf("username: got %q want bob", u.Username)
|
|
}
|
|
if !u.MustChangePassword {
|
|
t.Error("must_change_password not set")
|
|
}
|
|
}
|
|
|
|
func TestAPIUserCreateRejectsDuplicateEnabled(t *testing.T) {
|
|
t.Parallel()
|
|
srv, ts, _ := rawTestServerWithUI(t)
|
|
adminID := makeUser(t, srv, "admin1", store.RoleAdmin)
|
|
makeUser(t, srv, "alice", store.RoleOperator)
|
|
cookie := loginAs(t, srv, adminID)
|
|
|
|
body, _ := json.Marshal(map[string]any{
|
|
"username": "ALICE", "role": "operator",
|
|
})
|
|
req, _ := stdhttp.NewRequest("POST", ts.URL+"/api/users", bytes.NewReader(body))
|
|
req.AddCookie(cookie)
|
|
req.Header.Set("Content-Type", "application/json")
|
|
res, err := stdhttp.DefaultClient.Do(req)
|
|
if err != nil {
|
|
t.Fatalf("POST: %v", err)
|
|
}
|
|
defer res.Body.Close()
|
|
if res.StatusCode != stdhttp.StatusConflict {
|
|
t.Errorf("status: got %d want 409", res.StatusCode)
|
|
}
|
|
}
|