2022-02-07 12:04:31 +01:00
|
|
|
package auth_test
|
|
|
|
|
|
|
|
import (
|
|
|
|
"context"
|
|
|
|
"fmt"
|
|
|
|
"net/http"
|
|
|
|
"testing"
|
|
|
|
"time"
|
|
|
|
|
|
|
|
"github.com/gin-contrib/sessions"
|
|
|
|
"github.com/stretchr/testify/suite"
|
2023-01-02 13:10:50 +01:00
|
|
|
"github.com/superseriousbusiness/gotosocial/internal/api/auth"
|
2022-02-07 12:04:31 +01:00
|
|
|
"github.com/superseriousbusiness/gotosocial/internal/gtsmodel"
|
2023-08-07 19:38:11 +02:00
|
|
|
"github.com/superseriousbusiness/gotosocial/internal/util"
|
2022-02-07 12:04:31 +01:00
|
|
|
)
|
|
|
|
|
|
|
|
type AuthAuthorizeTestSuite struct {
|
|
|
|
AuthStandardTestSuite
|
|
|
|
}
|
|
|
|
|
|
|
|
type authorizeHandlerTestCase struct {
|
|
|
|
description string
|
2022-11-16 11:27:08 +01:00
|
|
|
mutateUserAccount func(*gtsmodel.User, *gtsmodel.Account) []string
|
2022-02-07 12:04:31 +01:00
|
|
|
expectedStatusCode int
|
|
|
|
expectedLocationHeader string
|
|
|
|
}
|
|
|
|
|
|
|
|
func (suite *AuthAuthorizeTestSuite) TestAccountAuthorizeHandler() {
|
2022-05-08 19:49:45 +02:00
|
|
|
tests := []authorizeHandlerTestCase{
|
2022-02-07 12:04:31 +01:00
|
|
|
{
|
|
|
|
description: "user has their email unconfirmed",
|
2022-11-16 11:27:08 +01:00
|
|
|
mutateUserAccount: func(user *gtsmodel.User, account *gtsmodel.Account) []string {
|
|
|
|
user.ConfirmedAt = time.Time{}
|
|
|
|
return []string{"confirmed_at"}
|
2022-02-07 12:04:31 +01:00
|
|
|
},
|
|
|
|
expectedStatusCode: http.StatusSeeOther,
|
2023-01-02 13:10:50 +01:00
|
|
|
expectedLocationHeader: "/auth" + auth.AuthCheckYourEmailPath,
|
2022-02-07 12:04:31 +01:00
|
|
|
},
|
|
|
|
{
|
|
|
|
description: "user has their email confirmed but is not approved",
|
2022-11-16 11:27:08 +01:00
|
|
|
mutateUserAccount: func(user *gtsmodel.User, account *gtsmodel.Account) []string {
|
2022-02-07 12:04:31 +01:00
|
|
|
user.ConfirmedAt = time.Now()
|
|
|
|
user.Email = user.UnconfirmedEmail
|
2022-11-16 11:27:08 +01:00
|
|
|
return []string{"confirmed_at", "email"}
|
2022-02-07 12:04:31 +01:00
|
|
|
},
|
|
|
|
expectedStatusCode: http.StatusSeeOther,
|
2023-01-02 13:10:50 +01:00
|
|
|
expectedLocationHeader: "/auth" + auth.AuthWaitForApprovalPath,
|
2022-02-07 12:04:31 +01:00
|
|
|
},
|
|
|
|
{
|
|
|
|
description: "user has their email confirmed and is approved, but User entity has been disabled",
|
2022-11-16 11:27:08 +01:00
|
|
|
mutateUserAccount: func(user *gtsmodel.User, account *gtsmodel.Account) []string {
|
2022-02-07 12:04:31 +01:00
|
|
|
user.ConfirmedAt = time.Now()
|
|
|
|
user.Email = user.UnconfirmedEmail
|
2023-08-07 19:38:11 +02:00
|
|
|
user.Approved = util.Ptr(true)
|
|
|
|
user.Disabled = util.Ptr(true)
|
2022-11-16 11:27:08 +01:00
|
|
|
return []string{"confirmed_at", "email", "approved", "disabled"}
|
2022-02-07 12:04:31 +01:00
|
|
|
},
|
|
|
|
expectedStatusCode: http.StatusSeeOther,
|
2023-01-02 13:10:50 +01:00
|
|
|
expectedLocationHeader: "/auth" + auth.AuthAccountDisabledPath,
|
2022-02-07 12:04:31 +01:00
|
|
|
},
|
|
|
|
{
|
|
|
|
description: "user has their email confirmed and is approved, but Account entity has been suspended",
|
2022-11-16 11:27:08 +01:00
|
|
|
mutateUserAccount: func(user *gtsmodel.User, account *gtsmodel.Account) []string {
|
2022-02-07 12:04:31 +01:00
|
|
|
user.ConfirmedAt = time.Now()
|
|
|
|
user.Email = user.UnconfirmedEmail
|
2023-08-07 19:38:11 +02:00
|
|
|
user.Approved = util.Ptr(true)
|
|
|
|
user.Disabled = util.Ptr(false)
|
2022-02-07 12:04:31 +01:00
|
|
|
account.SuspendedAt = time.Now()
|
2022-11-16 11:27:08 +01:00
|
|
|
return []string{"confirmed_at", "email", "approved", "disabled"}
|
2022-02-07 12:04:31 +01:00
|
|
|
},
|
|
|
|
expectedStatusCode: http.StatusSeeOther,
|
2023-01-02 13:10:50 +01:00
|
|
|
expectedLocationHeader: "/auth" + auth.AuthAccountDisabledPath,
|
2022-02-07 12:04:31 +01:00
|
|
|
},
|
|
|
|
}
|
|
|
|
|
|
|
|
doTest := func(testCase authorizeHandlerTestCase) {
|
2022-06-11 10:39:39 +02:00
|
|
|
ctx, recorder := suite.newContext(http.MethodGet, auth.OauthAuthorizePath, nil, "")
|
2022-02-07 12:04:31 +01:00
|
|
|
|
2022-10-03 10:46:11 +02:00
|
|
|
user := >smodel.User{}
|
|
|
|
account := >smodel.Account{}
|
|
|
|
|
|
|
|
*user = *suite.testUsers["unconfirmed_account"]
|
|
|
|
*account = *suite.testAccounts["unconfirmed_account"]
|
2022-02-07 12:04:31 +01:00
|
|
|
|
|
|
|
testSession := sessions.Default(ctx)
|
|
|
|
testSession.Set(sessionUserID, user.ID)
|
|
|
|
testSession.Set(sessionClientID, suite.testApplications["application_1"].ClientID)
|
|
|
|
if err := testSession.Save(); err != nil {
|
2022-05-08 19:49:45 +02:00
|
|
|
panic(fmt.Errorf("failed on case %s: %w", testCase.description, err))
|
2022-02-07 12:04:31 +01:00
|
|
|
}
|
|
|
|
|
2022-11-16 11:27:08 +01:00
|
|
|
columns := testCase.mutateUserAccount(user, account)
|
2022-02-07 12:04:31 +01:00
|
|
|
|
2022-08-15 12:35:05 +02:00
|
|
|
testCase.description = fmt.Sprintf("%s, %t, %s", user.Email, *user.Disabled, account.SuspendedAt)
|
2022-02-07 12:04:31 +01:00
|
|
|
|
2022-11-16 11:27:08 +01:00
|
|
|
err := suite.db.UpdateUser(context.Background(), user, columns...)
|
2022-02-07 12:04:31 +01:00
|
|
|
suite.NoError(err)
|
2022-11-15 19:45:15 +01:00
|
|
|
err = suite.db.UpdateAccount(context.Background(), account)
|
2022-02-07 12:04:31 +01:00
|
|
|
suite.NoError(err)
|
|
|
|
|
|
|
|
// call the handler
|
|
|
|
suite.authModule.AuthorizeGETHandler(ctx)
|
|
|
|
|
|
|
|
// 1. we should have a redirect
|
|
|
|
suite.Equal(testCase.expectedStatusCode, recorder.Code, fmt.Sprintf("failed on case: %s", testCase.description))
|
|
|
|
|
|
|
|
// 2. we should have a redirect to the check your email path, as this user has not confirmed their email yet.
|
|
|
|
suite.Equal(testCase.expectedLocationHeader, recorder.Header().Get("Location"), fmt.Sprintf("failed on case: %s", testCase.description))
|
|
|
|
}
|
|
|
|
|
|
|
|
for _, testCase := range tests {
|
|
|
|
doTest(testCase)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
func TestAccountUpdateTestSuite(t *testing.T) {
|
|
|
|
suite.Run(t, new(AuthAuthorizeTestSuite))
|
|
|
|
}
|