From 980bceb090ef42cd9b1e8880f672d775857eeb32 Mon Sep 17 00:00:00 2001
From: hexxa <hexxa@outlook.com>
Date: Wed, 16 Feb 2022 17:59:04 +0800
Subject: [PATCH] test: add permission tests - users APIs

---
 src/client/users.go                  |   6 +
 src/server/server_permission_test.go | 259 +++++++++++++++++++++++++++
 2 files changed, 265 insertions(+)
 create mode 100644 src/server/server_permission_test.go

diff --git a/src/client/users.go b/src/client/users.go
index a8d06a7..f58a838 100644
--- a/src/client/users.go
+++ b/src/client/users.go
@@ -171,3 +171,9 @@ func (cl *SingleUserClient) SetPreferences(prefers *userstore.Preferences, token
 		AddCookie(token).
 		End()
 }
+
+func (cl *SingleUserClient) IsAuthed(token *http.Cookie) (*http.Response, string, []error) {
+	return cl.r.Get(cl.url("/v1/users/isauthed")).
+		AddCookie(token).
+		End()
+}
diff --git a/src/server/server_permission_test.go b/src/server/server_permission_test.go
new file mode 100644
index 0000000..e3dc107
--- /dev/null
+++ b/src/server/server_permission_test.go
@@ -0,0 +1,259 @@
+package server
+
+import (
+	"encoding/base64"
+	"fmt"
+	"math/rand"
+	"net/http"
+	"os"
+	"path/filepath"
+	"strconv"
+	"sync"
+	"testing"
+	"time"
+
+	"github.com/ihexxa/quickshare/src/client"
+	q "github.com/ihexxa/quickshare/src/handlers"
+	"github.com/ihexxa/quickshare/src/handlers/fileshdr"
+)
+
+func TestPermissions(t *testing.T) {
+	addr := "http://127.0.0.1:8686"
+	rootPath := "tmpTestData"
+	config := `{
+		"users": {
+			"enableAuth": true,
+			"minUserNameLen": 2,
+			"minPwdLen": 4,
+			"captchaEnabled": false,
+			"uploadSpeedLimit": 409600,
+			"downloadSpeedLimit": 409600,
+			"spaceLimit": 1000,
+			"limiterCapacity": 1000,
+			"limiterCyc": 1000,
+			"predefinedUsers": [				
+				{
+					"name": "admin",
+					"pwd": "1234",
+					"role": "admin"
+				},
+				{
+					"name": "user",
+					"pwd": "1234",
+					"role": "user"
+				},
+			]
+		},
+		"server": {
+			"debug": true,
+			"host": "127.0.0.1"
+		},
+		"fs": {
+			"root": "tmpTestData"
+		},
+		"db": {
+			"dbPath": "tmpTestData/quickshare"
+		}
+	}`
+
+	adminName := "qs"
+	adminPwd := "quicksh@re"
+	setUpEnv(t, rootPath, adminName, adminPwd)
+	defer os.RemoveAll(rootPath)
+
+	srv := startTestServer(config)
+	defer srv.Shutdown()
+	fs := srv.depsFS()
+	if !isServerReady(addr) {
+		t.Fatal("fail to start server")
+	}
+
+	// adminUsersCl := client.NewSingleUserClient(addr)
+	// resp, _, errs := adminUsersCl.Login(adminName, adminPwd)
+	// if len(errs) > 0 {
+	// 	t.Fatal(errs)
+	// } else if resp.StatusCode != 200 {
+	// 	t.Fatal(resp.StatusCode)
+	// }
+	// adminToken := client.GetCookie(resp.Cookies(), q.TokenCookie)
+	// cl := client.NewFilesClient(addr, adminToken)
+
+	var err error
+	// TODO: remove all files under home folder before testing
+	// or the count of files is incorrect
+
+	// tests only check the status code for checking permission
+	t.Run("Users API Permissions", func(t *testing.T) {
+		testUsersAPIs := func(user string, pwd string, requireAuth bool, expectedCodes map[string]int) {
+			cl := client.NewSingleUserClient(addr)
+			var token *http.Cookie
+			if requireAuth {
+				resp, _, errs := cl.Login(user, pwd)
+				if len(errs) > 0 {
+					t.Fatal(errs)
+				} else if resp.StatusCode != 200 {
+					t.Fatal(resp.StatusCode)
+				}
+				token = client.GetCookie(resp.Cookies(), q.TokenCookie)
+			}
+
+			expectedCode := expectedCodes["SetPwd"]
+			newPwd := "12345"
+			resp, _, errs := cl.SetPwd(pwd, newPwd, token)
+			if len(errs) > 0 {
+				t.Fatal(errs)
+			} else if resp.StatusCode != expectedCode {
+				t.Fatal(resp.StatusCode)
+			}
+			// set back the pwd
+			resp, _, errs = cl.SetPwd(newPwd, pwd, token)
+			if len(errs) > 0 {
+				t.Fatal(errs)
+			} else if resp.StatusCode != expectedCode {
+				t.Fatal(resp.StatusCode)
+			}
+
+			expectedCode = expectedCodes["Self"]
+			resp, selfResp, errs := cl.Self(token)
+			if len(errs) > 0 {
+				t.Fatal(errs)
+			} else if resp.StatusCode != expectedCode {
+				t.Fatal(resp.StatusCode)
+			}
+
+			expectedCode = expectedCodes["SetPreferences"]
+			prefer := selfResp.Preferences
+			resp, _, errs = cl.SetPreferences(prefer, token)
+			if len(errs) > 0 {
+				t.Fatal(errs)
+			} else if resp.StatusCode != expectedCode {
+				t.Fatal(resp.StatusCode)
+			}
+
+			expectedCode = expectedCodes["IsAuthed"]
+			resp, _, errs = cl.IsAuthed(token)
+			if len(errs) > 0 {
+				t.Fatal(errs)
+			} else if resp.StatusCode != expectedCode {
+				t.Fatalf("%s %d", user, resp.StatusCode)
+			}
+
+			// test user operations
+			expectedCode = expectedCodes["AddUser"]
+			tmpUser, tmpPwd, tmpRole := "tmpUser", "1234", "admin"
+			resp, addUserResp, errs := cl.AddUser(tmpUser, tmpPwd, tmpRole, token)
+			if len(errs) > 0 {
+				t.Fatal(errs)
+			} else if resp.StatusCode != expectedCode {
+				t.Fatalf("%s %d", user, resp.StatusCode)
+			}
+
+			expectedCode = expectedCodes["ListUsers"]
+			resp, _, errs = cl.ListUsers(token)
+			if len(errs) > 0 {
+				t.Fatal(errs)
+			} else if resp.StatusCode != expectedCode {
+				t.Fatalf("%s %d", user, resp.StatusCode)
+			}
+
+			// TODO: the id here should be uint64
+			uintID, err := strconv.ParseUint(addUserResp.ID, 64, 10)
+			if err != nil {
+				t.Fatal(err)
+			}
+			newRole := "user"
+			expectedCode = expectedCodes["SetUser"]
+			resp, _, errs = cl.SetUser(uintID, newRole, selfResp.Quota, token)
+			if len(errs) > 0 {
+				t.Fatal(errs)
+			} else if resp.StatusCode != expectedCode {
+				t.Fatalf("%s %d", user, resp.StatusCode)
+			}
+
+			expectedCode = expectedCodes["DelUser"]
+			resp, _, errs = cl.DelUser(addUserResp.ID, token)
+			if len(errs) > 0 {
+				t.Fatal(errs)
+			} else if resp.StatusCode != expectedCode {
+				t.Fatalf("%s %d", user, resp.StatusCode)
+			}
+
+			// test role operations
+			expectedCode = expectedCodes["AddRole"]
+			tmpNewRole := "tmpNewRole"
+			resp, _, errs = cl.AddRole(tmpNewRole, token)
+			if len(errs) > 0 {
+				t.Fatal(errs)
+			} else if resp.StatusCode != expectedCode {
+				t.Fatalf("%s %d", user, resp.StatusCode)
+			}
+
+			expectedCode = expectedCodes["ListRoles"]
+			resp, _, errs = cl.ListRoles(token)
+			if len(errs) > 0 {
+				t.Fatal(errs)
+			} else if resp.StatusCode != expectedCode {
+				t.Fatalf("%s %d", user, resp.StatusCode)
+			}
+
+			expectedCode = expectedCodes["DelRole"]
+			resp, _, errs = cl.DelRole(tmpNewRole, token)
+			if len(errs) > 0 {
+				t.Fatal(errs)
+			} else if resp.StatusCode != expectedCode {
+				t.Fatalf("%s %d", user, resp.StatusCode)
+			}
+
+			if requireAuth {
+				resp, _, errs := cl.Logout(token)
+				if len(errs) > 0 {
+					t.Fatal(errs)
+				} else if resp.StatusCode != 200 {
+					t.Fatal(resp.StatusCode)
+				}
+			}
+		}
+
+		testUsersAPIs("admin", "1234", true, map[string]int{
+			"SetPwd":         200,
+			"Self":           200,
+			"SetPreferences": 200,
+			"IsAuthed":       200,
+			"AddUser":        200,
+			"ListUsers":      200,
+			"SetUser":        200,
+			"DelUser":        200,
+			"AddRole":        200,
+			"ListRoles":      200,
+			"DelRole":        200,
+		})
+
+		testUsersAPIs("user", "1234", true, map[string]int{
+			"SetPwd":         200,
+			"Self":           200,
+			"SetPreferences": 200,
+			"IsAuthed":       200,
+			"AddUser":        401,
+			"ListUsers":      401,
+			"SetUser":        401,
+			"DelUser":        401,
+			"AddRole":        401,
+			"ListRoles":      401,
+			"DelRole":        401,
+		})
+
+		testUsersAPIs("visitor", "", false, map[string]int{
+			"SetPwd":         401,
+			"Self":           401,
+			"SetPreferences": 401,
+			"IsAuthed":       401,
+			"AddUser":        401,
+			"ListUsers":      401,
+			"SetUser":        401,
+			"DelUser":        401,
+			"AddRole":        401,
+			"ListRoles":      401,
+			"DelRole":        401,
+		})
+	})
+}