mirror of
https://github.com/mainflux/mainflux.git
synced 2025-04-27 13:48:49 +08:00
9e0947a355
* MF-1261 - Use StatusUnauthorized for authn and StatusForbidden for authz Signed-off-by: Manuel Imperiale <manuel.imperiale@gmail.com> * ErrExternalKey typo Signed-off-by: Manuel Imperiale <manuel.imperiale@gmail.com> * Rename ErrUnauthorizedAcces -> ErrAuthentication Signed-off-by: Manuel Imperiale <manuel.imperiale@gmail.com> * Fix bootstrap error Signed-off-by: Manuel Imperiale <manuel.imperiale@gmail.com> * Fix status code in openapi Signed-off-by: Manuel Imperiale <manuel.imperiale@gmail.com> * Fix test description Signed-off-by: Manuel Imperiale <manuel.imperiale@gmail.com> * Fix test description Signed-off-by: Manuel Imperiale <manuel.imperiale@gmail.com> * Fix test description Signed-off-by: Manuel Imperiale <manuel.imperiale@gmail.com> * Add errors cases Signed-off-by: Manuel Imperiale <manuel.imperiale@gmail.com> * Fix status codes Signed-off-by: Manuel Imperiale <manuel.imperiale@gmail.com> * Add gRPC stutus code Signed-off-by: Manuel Imperiale <manuel.imperiale@gmail.com> * Fix tests description Signed-off-by: Manuel Imperiale <manuel.imperiale@gmail.com> * Fix openapi and encodeError Signed-off-by: Manuel Imperiale <manuel.imperiale@gmail.com> * Fix grpc message Signed-off-by: Manuel Imperiale <manuel.imperiale@gmail.com> * Fix test descriptions Signed-off-by: Manuel Imperiale <manuel.imperiale@gmail.com> * Revert sdk error Signed-off-by: Manuel Imperiale <manuel.imperiale@gmail.com> * Fix typo Signed-off-by: Manuel Imperiale <manuel.imperiale@gmail.com>
393 lines
11 KiB
Go
393 lines
11 KiB
Go
// Copyright (c) Mainflux
|
|
// SPDX-License-Identifier: Apache-2.0
|
|
|
|
package users_test
|
|
|
|
import (
|
|
"context"
|
|
"fmt"
|
|
"regexp"
|
|
"testing"
|
|
|
|
"github.com/mainflux/mainflux"
|
|
"github.com/mainflux/mainflux/pkg/errors"
|
|
"github.com/mainflux/mainflux/pkg/uuid"
|
|
"github.com/mainflux/mainflux/users"
|
|
|
|
"github.com/mainflux/mainflux/users/mocks"
|
|
"github.com/stretchr/testify/assert"
|
|
"github.com/stretchr/testify/require"
|
|
)
|
|
|
|
const wrong string = "wrong-value"
|
|
|
|
var (
|
|
user = users.User{Email: "user@example.com", Password: "password", Metadata: map[string]interface{}{"role": "user"}}
|
|
nonExistingUser = users.User{Email: "non-ex-user@example.com", Password: "password", Metadata: map[string]interface{}{"role": "user"}}
|
|
host = "example.com"
|
|
|
|
idProvider = uuid.New()
|
|
passRegex = regexp.MustCompile("^.{8,}$")
|
|
|
|
unauthzToken = "unauthorizedtoken"
|
|
)
|
|
|
|
func newService() users.Service {
|
|
userRepo := mocks.NewUserRepository()
|
|
hasher := mocks.NewHasher()
|
|
|
|
mockAuthzDB := map[string][]mocks.SubjectSet{}
|
|
mockAuthzDB[user.Email] = append(mockAuthzDB[user.Email], mocks.SubjectSet{Object: "authorities", Relation: "member"})
|
|
mockAuthzDB[unauthzToken] = append(mockAuthzDB[unauthzToken], mocks.SubjectSet{Object: "nothing", Relation: "do"})
|
|
mockUsers := map[string]string{user.Email: user.Email, unauthzToken: unauthzToken}
|
|
|
|
authSvc := mocks.NewAuthService(mockUsers, mockAuthzDB)
|
|
e := mocks.NewEmailer()
|
|
|
|
return users.New(userRepo, hasher, authSvc, e, idProvider, passRegex)
|
|
}
|
|
|
|
func TestRegister(t *testing.T) {
|
|
svc := newService()
|
|
|
|
cases := []struct {
|
|
desc string
|
|
user users.User
|
|
token string
|
|
err error
|
|
}{
|
|
{
|
|
desc: "register new user",
|
|
user: user,
|
|
token: user.Email,
|
|
err: nil,
|
|
},
|
|
{
|
|
desc: "register existing user",
|
|
user: user,
|
|
token: user.Email,
|
|
err: errors.ErrConflict,
|
|
},
|
|
{
|
|
desc: "register new user with weak password",
|
|
user: users.User{
|
|
Email: user.Email,
|
|
Password: "weak",
|
|
},
|
|
token: user.Email,
|
|
err: users.ErrPasswordFormat,
|
|
},
|
|
{
|
|
desc: "register a new user with unauthorized access",
|
|
user: users.User{Email: "newuser@example.com", Password: "12345678"},
|
|
err: errors.ErrAuthorization,
|
|
token: unauthzToken,
|
|
},
|
|
}
|
|
|
|
for _, tc := range cases {
|
|
_, err := svc.Register(context.Background(), tc.token, tc.user)
|
|
assert.True(t, errors.Contains(err, tc.err), fmt.Sprintf("%s: expected %s got %s\n", tc.desc, tc.err, err))
|
|
}
|
|
}
|
|
|
|
func TestLogin(t *testing.T) {
|
|
svc := newService()
|
|
_, err := svc.Register(context.Background(), user.Email, user)
|
|
require.Nil(t, err, fmt.Sprintf("unexpected error: %s", err))
|
|
|
|
noAuthUser := users.User{
|
|
Email: "email@test.com",
|
|
Password: "12345678",
|
|
}
|
|
|
|
cases := map[string]struct {
|
|
user users.User
|
|
err error
|
|
}{
|
|
"login with good credentials": {
|
|
user: user,
|
|
err: nil,
|
|
},
|
|
"login with wrong e-mail": {
|
|
user: users.User{
|
|
Email: wrong,
|
|
Password: user.Password,
|
|
},
|
|
err: errors.ErrAuthentication,
|
|
},
|
|
"login with wrong password": {
|
|
user: users.User{
|
|
Email: user.Email,
|
|
Password: wrong,
|
|
},
|
|
err: errors.ErrAuthentication,
|
|
},
|
|
"login failed auth": {
|
|
user: noAuthUser,
|
|
err: errors.ErrAuthentication,
|
|
},
|
|
}
|
|
|
|
for desc, tc := range cases {
|
|
_, err := svc.Login(context.Background(), tc.user)
|
|
assert.True(t, errors.Contains(err, tc.err), fmt.Sprintf("%s: expected %s got %s\n", desc, tc.err, err))
|
|
}
|
|
}
|
|
|
|
func TestViewUser(t *testing.T) {
|
|
svc := newService()
|
|
id, err := svc.Register(context.Background(), user.Email, user)
|
|
require.Nil(t, err, fmt.Sprintf("unexpected error: %s", err))
|
|
|
|
token, err := svc.Login(context.Background(), user)
|
|
require.Nil(t, err, fmt.Sprintf("unexpected error: %s", err))
|
|
|
|
u := user
|
|
u.Password = ""
|
|
|
|
cases := map[string]struct {
|
|
user users.User
|
|
token string
|
|
userID string
|
|
err error
|
|
}{
|
|
"view user with authorized token": {
|
|
user: u,
|
|
token: token,
|
|
userID: id,
|
|
err: nil,
|
|
},
|
|
"view user with empty token": {
|
|
user: users.User{},
|
|
token: "",
|
|
userID: id,
|
|
err: errors.ErrAuthentication,
|
|
},
|
|
"view user with valid token and invalid user id": {
|
|
user: users.User{},
|
|
token: token,
|
|
userID: "",
|
|
err: errors.ErrAuthentication,
|
|
},
|
|
}
|
|
|
|
for desc, tc := range cases {
|
|
_, err := svc.ViewUser(context.Background(), tc.token, tc.userID)
|
|
assert.True(t, errors.Contains(err, tc.err), fmt.Sprintf("%s: expected %s got %s\n", desc, tc.err, err))
|
|
}
|
|
}
|
|
|
|
func TestViewProfile(t *testing.T) {
|
|
svc := newService()
|
|
_, err := svc.Register(context.Background(), user.Email, user)
|
|
require.Nil(t, err, fmt.Sprintf("unexpected error: %s", err))
|
|
|
|
token, err := svc.Login(context.Background(), user)
|
|
require.Nil(t, err, fmt.Sprintf("unexpected error: %s", err))
|
|
|
|
u := user
|
|
u.Password = ""
|
|
|
|
cases := map[string]struct {
|
|
user users.User
|
|
token string
|
|
err error
|
|
}{
|
|
"valid token's user info": {
|
|
user: u,
|
|
token: token,
|
|
err: nil,
|
|
},
|
|
"invalid token's user info": {
|
|
user: users.User{},
|
|
token: "",
|
|
err: errors.ErrAuthentication,
|
|
},
|
|
}
|
|
|
|
for desc, tc := range cases {
|
|
_, err := svc.ViewProfile(context.Background(), tc.token)
|
|
assert.True(t, errors.Contains(err, tc.err), fmt.Sprintf("%s: expected %s got %s\n", desc, tc.err, err))
|
|
}
|
|
}
|
|
|
|
func TestListUsers(t *testing.T) {
|
|
svc := newService()
|
|
|
|
_, err := svc.Register(context.Background(), user.Email, user)
|
|
require.Nil(t, err, fmt.Sprintf("unexpected error: %s", err))
|
|
|
|
token, err := svc.Login(context.Background(), user)
|
|
require.Nil(t, err, fmt.Sprintf("unexpected error: %s", err))
|
|
|
|
var nUsers = uint64(10)
|
|
|
|
for i := uint64(1); i < nUsers; i++ {
|
|
email := fmt.Sprintf("TestListUsers%d@example.com", i)
|
|
user := users.User{
|
|
Email: email,
|
|
Password: "passpass",
|
|
}
|
|
_, err := svc.Register(context.Background(), token, user)
|
|
require.Nil(t, err, fmt.Sprintf("unexpected error: %s", err))
|
|
}
|
|
|
|
cases := map[string]struct {
|
|
token string
|
|
offset uint64
|
|
limit uint64
|
|
email string
|
|
size uint64
|
|
err error
|
|
}{
|
|
"list users with authorized token": {
|
|
token: token,
|
|
size: 0,
|
|
err: nil,
|
|
},
|
|
"list user with emtpy token": {
|
|
token: "",
|
|
size: 0,
|
|
err: errors.ErrAuthentication,
|
|
},
|
|
"list users with offset and limit": {
|
|
token: token,
|
|
offset: 6,
|
|
limit: nUsers,
|
|
size: nUsers - 6,
|
|
},
|
|
}
|
|
|
|
for desc, tc := range cases {
|
|
page, err := svc.ListUsers(context.Background(), tc.token, tc.offset, tc.limit, tc.email, nil)
|
|
size := uint64(len(page.Users))
|
|
assert.Equal(t, tc.size, size, fmt.Sprintf("%s: expected size %d got %d\n", desc, tc.size, size))
|
|
assert.True(t, errors.Contains(err, tc.err), fmt.Sprintf("%s: expected %s got %s\n", desc, tc.err, err))
|
|
}
|
|
}
|
|
|
|
func TestUpdateUser(t *testing.T) {
|
|
svc := newService()
|
|
|
|
_, err := svc.Register(context.Background(), user.Email, user)
|
|
require.Nil(t, err, fmt.Sprintf("unexpected error: %s", err))
|
|
|
|
token, err := svc.Login(context.Background(), user)
|
|
require.Nil(t, err, fmt.Sprintf("unexpected error: %s", err))
|
|
|
|
user.Metadata = map[string]interface{}{"role": "test"}
|
|
|
|
cases := map[string]struct {
|
|
user users.User
|
|
token string
|
|
err error
|
|
}{
|
|
"update user with valid token": {
|
|
user: user,
|
|
token: token,
|
|
err: nil,
|
|
},
|
|
"update user with invalid token": {
|
|
user: user,
|
|
token: "non-existent",
|
|
err: errors.ErrAuthentication,
|
|
},
|
|
}
|
|
|
|
for desc, tc := range cases {
|
|
err := svc.UpdateUser(context.Background(), tc.token, tc.user)
|
|
assert.True(t, errors.Contains(err, tc.err), fmt.Sprintf("%s: expected %s got %s\n", desc, tc.err, err))
|
|
}
|
|
}
|
|
|
|
func TestGenerateResetToken(t *testing.T) {
|
|
svc := newService()
|
|
_, err := svc.Register(context.Background(), user.Email, user)
|
|
require.Nil(t, err, fmt.Sprintf("unexpected error: %s", err))
|
|
|
|
cases := map[string]struct {
|
|
email string
|
|
err error
|
|
}{
|
|
"valid user reset token": {user.Email, nil},
|
|
"invalid user rest token": {nonExistingUser.Email, errors.ErrNotFound},
|
|
}
|
|
|
|
for desc, tc := range cases {
|
|
err := svc.GenerateResetToken(context.Background(), tc.email, host)
|
|
assert.True(t, errors.Contains(err, tc.err), fmt.Sprintf("%s: expected %s got %s\n", desc, tc.err, err))
|
|
}
|
|
}
|
|
|
|
func TestChangePassword(t *testing.T) {
|
|
svc := newService()
|
|
_, err := svc.Register(context.Background(), user.Email, user)
|
|
require.Nil(t, err, fmt.Sprintf("register user error: %s", err))
|
|
token, _ := svc.Login(context.Background(), user)
|
|
|
|
cases := map[string]struct {
|
|
token string
|
|
password string
|
|
oldPassword string
|
|
err error
|
|
}{
|
|
"valid user change password ": {token, "newpassword", user.Password, nil},
|
|
"valid user change password with wrong password": {token, "newpassword", "wrongpassword", errors.ErrAuthentication},
|
|
"valid user change password invalid token": {"", "newpassword", user.Password, errors.ErrAuthentication},
|
|
}
|
|
|
|
for desc, tc := range cases {
|
|
err := svc.ChangePassword(context.Background(), tc.token, tc.password, tc.oldPassword)
|
|
assert.True(t, errors.Contains(err, tc.err), fmt.Sprintf("%s: expected %s got %s\n", desc, tc.err, err))
|
|
|
|
}
|
|
}
|
|
|
|
func TestResetPassword(t *testing.T) {
|
|
svc := newService()
|
|
_, err := svc.Register(context.Background(), user.Email, user)
|
|
require.Nil(t, err, fmt.Sprintf("unexpected error: %s", err))
|
|
|
|
mockAuthzDB := map[string][]mocks.SubjectSet{}
|
|
mockAuthzDB[user.Email] = append(mockAuthzDB[user.Email], mocks.SubjectSet{Object: "authorities", Relation: "member"})
|
|
authSvc := mocks.NewAuthService(map[string]string{user.Email: user.Email}, mockAuthzDB)
|
|
|
|
resetToken, err := authSvc.Issue(context.Background(), &mainflux.IssueReq{Id: user.ID, Email: user.Email, Type: 2})
|
|
assert.Nil(t, err, fmt.Sprintf("Generating reset token expected to succeed: %s", err))
|
|
cases := map[string]struct {
|
|
token string
|
|
password string
|
|
err error
|
|
}{
|
|
"valid user reset password ": {resetToken.GetValue(), user.Email, nil},
|
|
"invalid user reset password ": {"", "newpassword", errors.ErrAuthentication},
|
|
}
|
|
|
|
for desc, tc := range cases {
|
|
err := svc.ResetPassword(context.Background(), tc.token, tc.password)
|
|
assert.True(t, errors.Contains(err, tc.err), fmt.Sprintf("%s: expected %s got %s\n", desc, tc.err, err))
|
|
}
|
|
}
|
|
|
|
func TestSendPasswordReset(t *testing.T) {
|
|
svc := newService()
|
|
_, err := svc.Register(context.Background(), user.Email, user)
|
|
require.Nil(t, err, fmt.Sprintf("register user error: %s", err))
|
|
token, _ := svc.Login(context.Background(), user)
|
|
|
|
cases := map[string]struct {
|
|
token string
|
|
email string
|
|
err error
|
|
}{
|
|
"valid user reset password ": {token, user.Email, nil},
|
|
}
|
|
|
|
for desc, tc := range cases {
|
|
err := svc.SendPasswordReset(context.Background(), host, tc.email, tc.token)
|
|
assert.True(t, errors.Contains(err, tc.err), fmt.Sprintf("%s: expected %s got %s\n", desc, tc.err, err))
|
|
|
|
}
|
|
}
|