mirror of
https://github.com/dnote/dnote
synced 2026-03-14 14:35:50 +01:00
393 lines
13 KiB
Go
393 lines
13 KiB
Go
/* Copyright (C) 2019, 2020, 2021, 2022, 2023, 2024, 2025 Dnote contributors
|
|
*
|
|
* This file is part of Dnote.
|
|
*
|
|
* Dnote is free software: you can redistribute it and/or modify
|
|
* it under the terms of the GNU Affero General Public License as published by
|
|
* the Free Software Foundation, either version 3 of the License, or
|
|
* (at your option) any later version.
|
|
*
|
|
* Dnote is distributed in the hope that it will be useful,
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
* GNU Affero General Public License for more details.
|
|
*
|
|
* You should have received a copy of the GNU Affero General Public License
|
|
* along with Dnote. If not, see <https://www.gnu.org/licenses/>.
|
|
*/
|
|
|
|
package app
|
|
|
|
import (
|
|
"testing"
|
|
|
|
"github.com/dnote/dnote/pkg/assert"
|
|
"github.com/dnote/dnote/pkg/server/database"
|
|
"github.com/dnote/dnote/pkg/server/testutils"
|
|
"github.com/pkg/errors"
|
|
"golang.org/x/crypto/bcrypt"
|
|
)
|
|
|
|
func TestValidatePassword(t *testing.T) {
|
|
testCases := []struct {
|
|
name string
|
|
password string
|
|
wantErr error
|
|
}{
|
|
{
|
|
name: "valid password",
|
|
password: "password123",
|
|
wantErr: nil,
|
|
},
|
|
{
|
|
name: "valid password exactly 8 chars",
|
|
password: "12345678",
|
|
wantErr: nil,
|
|
},
|
|
{
|
|
name: "password too short",
|
|
password: "1234567",
|
|
wantErr: ErrPasswordTooShort,
|
|
},
|
|
{
|
|
name: "empty password",
|
|
password: "",
|
|
wantErr: ErrPasswordTooShort,
|
|
},
|
|
}
|
|
|
|
for _, tc := range testCases {
|
|
t.Run(tc.name, func(t *testing.T) {
|
|
err := validatePassword(tc.password)
|
|
assert.Equal(t, err, tc.wantErr, "error mismatch")
|
|
})
|
|
}
|
|
}
|
|
|
|
func TestCreateUser_ProValue(t *testing.T) {
|
|
db := testutils.InitMemoryDB(t)
|
|
|
|
a := NewTest()
|
|
a.DB = db
|
|
if _, err := a.CreateUser("alice@example.com", "pass1234", "pass1234"); err != nil {
|
|
t.Fatal(errors.Wrap(err, "executing"))
|
|
}
|
|
|
|
var userCount int64
|
|
var userRecord database.User
|
|
testutils.MustExec(t, db.Model(&database.User{}).Count(&userCount), "counting user")
|
|
testutils.MustExec(t, db.First(&userRecord), "finding user")
|
|
|
|
assert.Equal(t, userCount, int64(1), "book count mismatch")
|
|
|
|
}
|
|
|
|
func TestGetAccountByEmail(t *testing.T) {
|
|
t.Run("success", func(t *testing.T) {
|
|
db := testutils.InitMemoryDB(t)
|
|
|
|
user := testutils.SetupUserData(db)
|
|
testutils.SetupAccountData(db, user, "alice@example.com", "password123")
|
|
|
|
a := NewTest()
|
|
a.DB = db
|
|
|
|
account, err := a.GetAccountByEmail("alice@example.com")
|
|
|
|
assert.Equal(t, err, nil, "should not error")
|
|
assert.Equal(t, account.Email.String, "alice@example.com", "email mismatch")
|
|
assert.Equal(t, account.UserID, user.ID, "user ID mismatch")
|
|
})
|
|
|
|
t.Run("not found", func(t *testing.T) {
|
|
db := testutils.InitMemoryDB(t)
|
|
|
|
a := NewTest()
|
|
a.DB = db
|
|
|
|
account, err := a.GetAccountByEmail("nonexistent@example.com")
|
|
|
|
assert.Equal(t, err, ErrNotFound, "should return ErrNotFound")
|
|
assert.Equal(t, account, (*database.Account)(nil), "account should be nil")
|
|
})
|
|
}
|
|
|
|
func TestCreateUser(t *testing.T) {
|
|
t.Run("success", func(t *testing.T) {
|
|
db := testutils.InitMemoryDB(t)
|
|
|
|
a := NewTest()
|
|
a.DB = db
|
|
if _, err := a.CreateUser("alice@example.com", "pass1234", "pass1234"); err != nil {
|
|
t.Fatal(errors.Wrap(err, "executing"))
|
|
}
|
|
|
|
var userCount int64
|
|
testutils.MustExec(t, db.Model(&database.User{}).Count(&userCount), "counting user")
|
|
assert.Equal(t, userCount, int64(1), "book count mismatch")
|
|
|
|
var accountCount int64
|
|
var accountRecord database.Account
|
|
testutils.MustExec(t, db.Model(&database.Account{}).Count(&accountCount), "counting account")
|
|
testutils.MustExec(t, db.First(&accountRecord), "finding account")
|
|
|
|
assert.Equal(t, accountCount, int64(1), "account count mismatch")
|
|
assert.Equal(t, accountRecord.Email.String, "alice@example.com", "account email mismatch")
|
|
|
|
passwordErr := bcrypt.CompareHashAndPassword([]byte(accountRecord.Password.String), []byte("pass1234"))
|
|
assert.Equal(t, passwordErr, nil, "Password mismatch")
|
|
})
|
|
|
|
t.Run("duplicate email", func(t *testing.T) {
|
|
db := testutils.InitMemoryDB(t)
|
|
|
|
aliceUser := testutils.SetupUserData(db)
|
|
testutils.SetupAccountData(db, aliceUser, "alice@example.com", "somepassword")
|
|
|
|
a := NewTest()
|
|
a.DB = db
|
|
_, err := a.CreateUser("alice@example.com", "newpassword", "newpassword")
|
|
|
|
assert.Equal(t, err, ErrDuplicateEmail, "error mismatch")
|
|
|
|
var userCount, accountCount int64
|
|
testutils.MustExec(t, db.Model(&database.User{}).Count(&userCount), "counting user")
|
|
testutils.MustExec(t, db.Model(&database.Account{}).Count(&accountCount), "counting account")
|
|
|
|
assert.Equal(t, userCount, int64(1), "user count mismatch")
|
|
assert.Equal(t, accountCount, int64(1), "account count mismatch")
|
|
})
|
|
}
|
|
|
|
func TestUpdateAccountPassword(t *testing.T) {
|
|
t.Run("success", func(t *testing.T) {
|
|
db := testutils.InitMemoryDB(t)
|
|
|
|
user := testutils.SetupUserData(db)
|
|
account := testutils.SetupAccountData(db, user, "alice@example.com", "oldpassword123")
|
|
|
|
err := UpdateAccountPassword(db, &account, "newpassword123")
|
|
|
|
assert.Equal(t, err, nil, "should not error")
|
|
|
|
// Verify password was updated in database
|
|
var updatedAccount database.Account
|
|
testutils.MustExec(t, db.Where("id = ?", account.ID).First(&updatedAccount), "finding updated account")
|
|
|
|
// Verify new password works
|
|
passwordErr := bcrypt.CompareHashAndPassword([]byte(updatedAccount.Password.String), []byte("newpassword123"))
|
|
assert.Equal(t, passwordErr, nil, "New password should match")
|
|
|
|
// Verify old password no longer works
|
|
oldPasswordErr := bcrypt.CompareHashAndPassword([]byte(updatedAccount.Password.String), []byte("oldpassword123"))
|
|
assert.NotEqual(t, oldPasswordErr, nil, "Old password should not match")
|
|
})
|
|
|
|
t.Run("password too short", func(t *testing.T) {
|
|
db := testutils.InitMemoryDB(t)
|
|
|
|
user := testutils.SetupUserData(db)
|
|
account := testutils.SetupAccountData(db, user, "alice@example.com", "oldpassword123")
|
|
|
|
err := UpdateAccountPassword(db, &account, "short")
|
|
|
|
assert.Equal(t, err, ErrPasswordTooShort, "should return ErrPasswordTooShort")
|
|
|
|
// Verify password was NOT updated in database
|
|
var unchangedAccount database.Account
|
|
testutils.MustExec(t, db.Where("id = ?", account.ID).First(&unchangedAccount), "finding unchanged account")
|
|
|
|
// Verify old password still works
|
|
passwordErr := bcrypt.CompareHashAndPassword([]byte(unchangedAccount.Password.String), []byte("oldpassword123"))
|
|
assert.Equal(t, passwordErr, nil, "Old password should still match")
|
|
})
|
|
|
|
t.Run("empty password", func(t *testing.T) {
|
|
db := testutils.InitMemoryDB(t)
|
|
|
|
user := testutils.SetupUserData(db)
|
|
account := testutils.SetupAccountData(db, user, "alice@example.com", "oldpassword123")
|
|
|
|
err := UpdateAccountPassword(db, &account, "")
|
|
|
|
assert.Equal(t, err, ErrPasswordTooShort, "should return ErrPasswordTooShort")
|
|
|
|
// Verify password was NOT updated in database
|
|
var unchangedAccount database.Account
|
|
testutils.MustExec(t, db.Where("id = ?", account.ID).First(&unchangedAccount), "finding unchanged account")
|
|
|
|
// Verify old password still works
|
|
passwordErr := bcrypt.CompareHashAndPassword([]byte(unchangedAccount.Password.String), []byte("oldpassword123"))
|
|
assert.Equal(t, passwordErr, nil, "Old password should still match")
|
|
})
|
|
|
|
t.Run("transaction rollback", func(t *testing.T) {
|
|
db := testutils.InitMemoryDB(t)
|
|
|
|
user := testutils.SetupUserData(db)
|
|
account := testutils.SetupAccountData(db, user, "alice@example.com", "oldpassword123")
|
|
|
|
// Start a transaction and rollback to verify UpdateAccountPassword respects transactions
|
|
tx := db.Begin()
|
|
err := UpdateAccountPassword(tx, &account, "newpassword123")
|
|
assert.Equal(t, err, nil, "should not error")
|
|
tx.Rollback()
|
|
|
|
// Verify password was NOT updated after rollback
|
|
var unchangedAccount database.Account
|
|
testutils.MustExec(t, db.Where("id = ?", account.ID).First(&unchangedAccount), "finding unchanged account")
|
|
|
|
// Verify old password still works
|
|
passwordErr := bcrypt.CompareHashAndPassword([]byte(unchangedAccount.Password.String), []byte("oldpassword123"))
|
|
assert.Equal(t, passwordErr, nil, "Old password should still match after rollback")
|
|
})
|
|
|
|
t.Run("transaction commit", func(t *testing.T) {
|
|
db := testutils.InitMemoryDB(t)
|
|
|
|
user := testutils.SetupUserData(db)
|
|
account := testutils.SetupAccountData(db, user, "alice@example.com", "oldpassword123")
|
|
|
|
// Start a transaction and commit to verify UpdateAccountPassword respects transactions
|
|
tx := db.Begin()
|
|
err := UpdateAccountPassword(tx, &account, "newpassword123")
|
|
assert.Equal(t, err, nil, "should not error")
|
|
tx.Commit()
|
|
|
|
// Verify password was updated after commit
|
|
var updatedAccount database.Account
|
|
testutils.MustExec(t, db.Where("id = ?", account.ID).First(&updatedAccount), "finding updated account")
|
|
|
|
// Verify new password works
|
|
passwordErr := bcrypt.CompareHashAndPassword([]byte(updatedAccount.Password.String), []byte("newpassword123"))
|
|
assert.Equal(t, passwordErr, nil, "New password should match after commit")
|
|
})
|
|
}
|
|
|
|
func TestRemoveUser(t *testing.T) {
|
|
t.Run("success", func(t *testing.T) {
|
|
db := testutils.InitMemoryDB(t)
|
|
|
|
user := testutils.SetupUserData(db)
|
|
testutils.SetupAccountData(db, user, "alice@example.com", "password123")
|
|
|
|
a := NewTest()
|
|
a.DB = db
|
|
|
|
err := a.RemoveUser("alice@example.com")
|
|
|
|
assert.Equal(t, err, nil, "should not error")
|
|
|
|
// Verify user was deleted
|
|
var userCount int64
|
|
testutils.MustExec(t, db.Model(&database.User{}).Count(&userCount), "counting users")
|
|
assert.Equal(t, userCount, int64(0), "user should be deleted")
|
|
|
|
// Verify account was deleted
|
|
var accountCount int64
|
|
testutils.MustExec(t, db.Model(&database.Account{}).Count(&accountCount), "counting accounts")
|
|
assert.Equal(t, accountCount, int64(0), "account should be deleted")
|
|
})
|
|
|
|
t.Run("user not found", func(t *testing.T) {
|
|
db := testutils.InitMemoryDB(t)
|
|
|
|
a := NewTest()
|
|
a.DB = db
|
|
|
|
err := a.RemoveUser("nonexistent@example.com")
|
|
|
|
assert.Equal(t, err, ErrNotFound, "should return ErrNotFound")
|
|
})
|
|
|
|
t.Run("user has notes", func(t *testing.T) {
|
|
db := testutils.InitMemoryDB(t)
|
|
|
|
user := testutils.SetupUserData(db)
|
|
testutils.SetupAccountData(db, user, "alice@example.com", "password123")
|
|
|
|
book := database.Book{UserID: user.ID, Label: "testbook", Deleted: false}
|
|
testutils.MustExec(t, db.Save(&book), "creating book")
|
|
|
|
note := database.Note{UserID: user.ID, BookUUID: book.UUID, Body: "test note", Deleted: false}
|
|
testutils.MustExec(t, db.Save(¬e), "creating note")
|
|
|
|
a := NewTest()
|
|
a.DB = db
|
|
|
|
err := a.RemoveUser("alice@example.com")
|
|
|
|
assert.Equal(t, err, ErrUserHasExistingResources, "should return ErrUserHasExistingResources")
|
|
|
|
// Verify user was NOT deleted
|
|
var userCount int64
|
|
testutils.MustExec(t, db.Model(&database.User{}).Count(&userCount), "counting users")
|
|
assert.Equal(t, userCount, int64(1), "user should not be deleted")
|
|
|
|
// Verify account was NOT deleted
|
|
var accountCount int64
|
|
testutils.MustExec(t, db.Model(&database.Account{}).Count(&accountCount), "counting accounts")
|
|
assert.Equal(t, accountCount, int64(1), "account should not be deleted")
|
|
})
|
|
|
|
t.Run("user has books", func(t *testing.T) {
|
|
db := testutils.InitMemoryDB(t)
|
|
|
|
user := testutils.SetupUserData(db)
|
|
testutils.SetupAccountData(db, user, "alice@example.com", "password123")
|
|
|
|
book := database.Book{UserID: user.ID, Label: "testbook", Deleted: false}
|
|
testutils.MustExec(t, db.Save(&book), "creating book")
|
|
|
|
a := NewTest()
|
|
a.DB = db
|
|
|
|
err := a.RemoveUser("alice@example.com")
|
|
|
|
assert.Equal(t, err, ErrUserHasExistingResources, "should return ErrUserHasExistingResources")
|
|
|
|
// Verify user was NOT deleted
|
|
var userCount int64
|
|
testutils.MustExec(t, db.Model(&database.User{}).Count(&userCount), "counting users")
|
|
assert.Equal(t, userCount, int64(1), "user should not be deleted")
|
|
|
|
// Verify account was NOT deleted
|
|
var accountCount int64
|
|
testutils.MustExec(t, db.Model(&database.Account{}).Count(&accountCount), "counting accounts")
|
|
assert.Equal(t, accountCount, int64(1), "account should not be deleted")
|
|
})
|
|
|
|
t.Run("user has deleted notes and books", func(t *testing.T) {
|
|
db := testutils.InitMemoryDB(t)
|
|
|
|
user := testutils.SetupUserData(db)
|
|
testutils.SetupAccountData(db, user, "alice@example.com", "password123")
|
|
|
|
book := database.Book{UserID: user.ID, Label: "testbook", Deleted: false}
|
|
testutils.MustExec(t, db.Save(&book), "creating book")
|
|
|
|
note := database.Note{UserID: user.ID, BookUUID: book.UUID, Body: "test note", Deleted: false}
|
|
testutils.MustExec(t, db.Save(¬e), "creating note")
|
|
|
|
// Soft delete the note and book
|
|
testutils.MustExec(t, db.Model(¬e).Update("deleted", true), "soft deleting note")
|
|
testutils.MustExec(t, db.Model(&book).Update("deleted", true), "soft deleting book")
|
|
|
|
a := NewTest()
|
|
a.DB = db
|
|
|
|
err := a.RemoveUser("alice@example.com")
|
|
|
|
assert.Equal(t, err, nil, "should not error when user only has deleted notes and books")
|
|
|
|
// Verify user was deleted
|
|
var userCount int64
|
|
testutils.MustExec(t, db.Model(&database.User{}).Count(&userCount), "counting users")
|
|
assert.Equal(t, userCount, int64(0), "user should be deleted")
|
|
|
|
// Verify account was deleted
|
|
var accountCount int64
|
|
testutils.MustExec(t, db.Model(&database.Account{}).Count(&accountCount), "counting accounts")
|
|
assert.Equal(t, accountCount, int64(0), "account should be deleted")
|
|
})
|
|
}
|