opengist/internal/web/test/auth_test.go

package test

import (
	"github.com/stretchr/testify/require"
	"github.com/thomiceli/opengist/internal/db"
	"testing"
)

func TestRegister(t *testing.T) {
	setup(t)
	s, err := newTestServer()
	require.NoError(t, err, "Failed to create test server")
	defer teardown(t, s)

	err = s.request("GET", "/", nil, 302)
	require.NoError(t, err)

	err = s.request("GET", "/register", nil, 200)
	require.NoError(t, err)

	user1 := db.UserDTO{Username: "thomas", Password: "thomas"}
	register(t, s, user1)

	user1db, err := db.GetUserById(1)
	require.NoError(t, err)
	require.Equal(t, user1.Username, user1db.Username)
	require.True(t, user1db.IsAdmin)

	err = s.request("GET", "/", nil, 200)
	require.NoError(t, err)

	s.sessionCookie = ""

	user2 := db.UserDTO{Username: "thomas", Password: "azeaze"}
	err = s.request("POST", "/register", user2, 200)
	require.Error(t, err)

	user3 := db.UserDTO{Username: "kaguya", Password: "kaguya"}
	register(t, s, user3)

	user3db, err := db.GetUserById(2)
	require.NoError(t, err)
	require.False(t, user3db.IsAdmin)

	s.sessionCookie = ""

	count, err := db.CountAll(db.User{})
	require.NoError(t, err)
	require.Equal(t, int64(2), count)
}

func TestLogin(t *testing.T) {
	setup(t)
	s, err := newTestServer()
	require.NoError(t, err, "Failed to create test server")
	defer teardown(t, s)

	err = s.request("GET", "/login", nil, 200)
	require.NoError(t, err)

	user1 := db.UserDTO{Username: "thomas", Password: "thomas"}
	register(t, s, user1)

	s.sessionCookie = ""

	login(t, s, user1)
	require.NotEmpty(t, s.sessionCookie)

	s.sessionCookie = ""

	user2 := db.UserDTO{Username: "thomas", Password: "azeaze"}
	user3 := db.UserDTO{Username: "azeaze", Password: ""}

	err = s.request("POST", "/login", user2, 302)
	require.Empty(t, s.sessionCookie)
	require.Error(t, err)

	err = s.request("POST", "/login", user3, 302)
	require.Empty(t, s.sessionCookie)
	require.Error(t, err)
}

func register(t *testing.T, s *testServer, user db.UserDTO) {
	err := s.request("POST", "/register", user, 302)
	require.NoError(t, err)
}

func login(t *testing.T, s *testServer, user db.UserDTO) {
	err := s.request("POST", "/login", user, 302)
	require.NoError(t, err)
}

type settingSet struct {
	key   string `form:"key"`
	value string `form:"value"`
}

func TestAnonymous(t *testing.T) {
	setup(t)
	s, err := newTestServer()
	require.NoError(t, err, "Failed to create test server")
	defer teardown(t, s)

	user := db.UserDTO{Username: "thomas", Password: "azeaze"}
	register(t, s, user)

	err = s.request("PUT", "/admin-panel/set-config", settingSet{"require-login", "1"}, 200)
	require.NoError(t, err)

	gist1 := db.GistDTO{
		Title:       "gist1",
		Description: "my first gist",
		VisibilityDTO: db.VisibilityDTO{
			Private: 0,
		},
		Name:    []string{"gist1.txt", "gist2.txt", "gist3.txt"},
		Content: []string{"yeah", "yeah\ncool", "yeah\ncool gist actually"},
	}
	err = s.request("POST", "/", gist1, 302)
	require.NoError(t, err)

	gist1db, err := db.GetGistByID("1")
	require.NoError(t, err)

	err = s.request("GET", "/all", nil, 200)
	require.NoError(t, err)

	cookie := s.sessionCookie
	s.sessionCookie = ""

	err = s.request("GET", "/all", nil, 302)
	require.NoError(t, err)

	// Should redirect to login if RequireLogin
	err = s.request("GET", "/"+gist1db.User.Username+"/"+gist1db.Uuid, nil, 302)
	require.NoError(t, err)

	s.sessionCookie = cookie

	err = s.request("PUT", "/admin-panel/set-config", settingSet{"allow-gists-without-login", "1"}, 200)
	require.NoError(t, err)

	s.sessionCookie = ""

	// Should return results
	err = s.request("GET", "/"+gist1db.User.Username+"/"+gist1db.Uuid, nil, 200)
	require.NoError(t, err)

}
Add git, auth and gists tests (#97) 2023-09-16 22:59:47 +00:00			`package test`

			`import (`
			`"github.com/stretchr/testify/require"`
			`"github.com/thomiceli/opengist/internal/db"`
			`"testing"`
			`)`

			`func TestRegister(t *testing.T) {`
			`setup(t)`
			`s, err := newTestServer()`
			`require.NoError(t, err, "Failed to create test server")`
			`defer teardown(t, s)`

			`err = s.request("GET", "/", nil, 302)`
			`require.NoError(t, err)`

			`err = s.request("GET", "/register", nil, 200)`
			`require.NoError(t, err)`

			`user1 := db.UserDTO{Username: "thomas", Password: "thomas"}`
			`register(t, s, user1)`

			`user1db, err := db.GetUserById(1)`
			`require.NoError(t, err)`
			`require.Equal(t, user1.Username, user1db.Username)`
			`require.True(t, user1db.IsAdmin)`

			`err = s.request("GET", "/", nil, 200)`
			`require.NoError(t, err)`

			`s.sessionCookie = ""`

			`user2 := db.UserDTO{Username: "thomas", Password: "azeaze"}`
			`err = s.request("POST", "/register", user2, 200)`
			`require.Error(t, err)`

			`user3 := db.UserDTO{Username: "kaguya", Password: "kaguya"}`
			`register(t, s, user3)`

			`user3db, err := db.GetUserById(2)`
			`require.NoError(t, err)`
			`require.False(t, user3db.IsAdmin)`

			`s.sessionCookie = ""`

			`count, err := db.CountAll(db.User{})`
			`require.NoError(t, err)`
			`require.Equal(t, int64(2), count)`
			`}`

			`func TestLogin(t *testing.T) {`
			`setup(t)`
			`s, err := newTestServer()`
			`require.NoError(t, err, "Failed to create test server")`
			`defer teardown(t, s)`

			`err = s.request("GET", "/login", nil, 200)`
			`require.NoError(t, err)`

			`user1 := db.UserDTO{Username: "thomas", Password: "thomas"}`
			`register(t, s, user1)`

			`s.sessionCookie = ""`

			`login(t, s, user1)`
			`require.NotEmpty(t, s.sessionCookie)`

			`s.sessionCookie = ""`

			`user2 := db.UserDTO{Username: "thomas", Password: "azeaze"}`
			`user3 := db.UserDTO{Username: "azeaze", Password: ""}`

			`err = s.request("POST", "/login", user2, 302)`
			`require.Empty(t, s.sessionCookie)`
			`require.Error(t, err)`

			`err = s.request("POST", "/login", user3, 302)`
			`require.Empty(t, s.sessionCookie)`
			`require.Error(t, err)`
			`}`

			`func register(t testing.T, s testServer, user db.UserDTO) {`
			`err := s.request("POST", "/register", user, 302)`
			`require.NoError(t, err)`
			`}`

			`func login(t testing.T, s testServer, user db.UserDTO) {`
			`err := s.request("POST", "/login", user, 302)`
			`require.NoError(t, err)`
			`}`
Add a setting to allow anonymous access to individual gists while still RequireLogin everywhere else (#229) * Add a setting to allow accessing individual gists without auth This is a middle ground between the existing setting "Require Login", which requires login to do anything at all, and having it off, which shows a public list of gists and more generally allows discovering info about the users/gists of the instance without login. The idea of this setting is that it is "require login" for everything except individual gists. Fixes #228. Co-authored-by: Thomas Miceli <tho.miceli@gmail.com> 2024-05-12 21:40:11 +00:00
			`type settingSet struct {`
			key string `form:"key"`
			value string `form:"value"`
			`}`

			`func TestAnonymous(t *testing.T) {`
			`setup(t)`
			`s, err := newTestServer()`
			`require.NoError(t, err, "Failed to create test server")`
			`defer teardown(t, s)`

			`user := db.UserDTO{Username: "thomas", Password: "azeaze"}`
			`register(t, s, user)`

			`err = s.request("PUT", "/admin-panel/set-config", settingSet{"require-login", "1"}, 200)`
			`require.NoError(t, err)`

			`gist1 := db.GistDTO{`
			`Title: "gist1",`
			`Description: "my first gist",`
			`VisibilityDTO: db.VisibilityDTO{`
			`Private: 0,`
			`},`
			`Name: []string{"gist1.txt", "gist2.txt", "gist3.txt"},`
			`Content: []string{"yeah", "yeah\ncool", "yeah\ncool gist actually"},`
			`}`
			`err = s.request("POST", "/", gist1, 302)`
			`require.NoError(t, err)`

			`gist1db, err := db.GetGistByID("1")`
			`require.NoError(t, err)`

			`err = s.request("GET", "/all", nil, 200)`
			`require.NoError(t, err)`

			`cookie := s.sessionCookie`
			`s.sessionCookie = ""`

			`err = s.request("GET", "/all", nil, 302)`
			`require.NoError(t, err)`

			`// Should redirect to login if RequireLogin`
			`err = s.request("GET", "/"+gist1db.User.Username+"/"+gist1db.Uuid, nil, 302)`
			`require.NoError(t, err)`

			`s.sessionCookie = cookie`

			`err = s.request("PUT", "/admin-panel/set-config", settingSet{"allow-gists-without-login", "1"}, 200)`
			`require.NoError(t, err)`

			`s.sessionCookie = ""`

			`// Should return results`
			`err = s.request("GET", "/"+gist1db.User.Username+"/"+gist1db.Uuid, nil, 200)`
			`require.NoError(t, err)`

			`}`