func TestSessionCreate(t *testing.T) { logrus.SetLevel(logrus.PanicLevel) mongo, dbName, err := tests.RandomTestMongoUp() if err != nil { t.Fatal(err) } defer tests.RandomTestMongoDown(mongo, dbName) mgr := manager.New(mongo.DB(dbName)) err = loadFixtures(mgr) if err != nil { t.Fatal(err) } // create and auth user sess := filters.NewSession() u, err := mgr.Users.Create(&user.User{}) if err != nil { t.Fatal(err) } sess.Set(filters.SessionUserKey, u.Id.Hex()) scanService := New(services.New(mgr, nil, scheduler.NewFake())) wsContainer := restful.NewContainer() wsContainer.Router(restful.CurlyRouter{}) wsContainer.Filter(filters.SessionFilterMock(sess)) scanService.Register(wsContainer) marshalSession := func(s *scan.Session) []byte { data, err := json.Marshal(s) if err != nil { t.Fatal(err) } return data } ts := httptest.NewServer(wsContainer) defer ts.Close() c.Convey("Given base scan with sessions", t, func() { baseScan, err := mgr.Scans.Create(&scan.Scan{ Status: scan.StatusWorking, Plan: mgr.NewId(), Target: mgr.NewId(), Owner: mgr.NewId(), Project: mgr.NewId(), Sessions: []*scan.Session{ &scan.Session{ Id: mgr.NewId(), Status: scan.StatusWorking, Plugin: mgr.NewId(), }, }, }) c.So(err, c.ShouldBeNil) scanId := mgr.FromId(baseScan.Id) parentSession := baseScan.Sessions[0] baseScan.Sessions = append(baseScan.Sessions, parentSession) sess := &scan.Session{ Step: &plan.WorkflowStep{ Plugin: "barbudo/wappalyzer:0.0.2", }, Scan: baseScan.Id, Parent: parentSession.Id, } c.Convey("When create session with empty body", func() { res := sessionCreate(t, ts.URL, scanId, nil) shouldBeBadRequest(t, res, services.CodeWrongEntity, "wrong entity") }) c.Convey("When create session with bad body", func() { res := sessionCreate(t, ts.URL, scanId, []byte("{'}")) shouldBeBadRequest(t, res, services.CodeWrongEntity, "wrong entity") }) c.Convey("When create session without step", func() { res := sessionCreate(t, ts.URL, scanId, marshalSession(&scan.Session{})) shouldBeBadRequest(t, res, services.CodeWrongData, "step is required") }) c.Convey("When create session with empty step.plugin", func() { sess.Step.Plugin = "" res := sessionCreate(t, ts.URL, scanId, marshalSession(sess)) shouldBeBadRequest(t, res, services.CodeWrongData, "step.plugin is required") }) c.Convey("When create session with wrong scan", func() { sess.Scan = mgr.NewId() res := sessionCreate(t, ts.URL, scanId, marshalSession(sess)) shouldBeBadRequest(t, res, services.CodeWrongData, "wrong scan id") }) c.Convey("When scan is not in working state", func() { baseScan.Status = scan.StatusFinished if err := mgr.Scans.Update(baseScan); err != nil { t.Fatal(err) return } res := sessionCreate(t, ts.URL, scanId, marshalSession(sess)) shouldBeBadRequest(t, res, services.CodeWrongData, "scan should have working status") }) c.Convey("When parent is empty", func() { sess.Parent = "" res := sessionCreate(t, ts.URL, scanId, marshalSession(sess)) shouldBeBadRequest(t, res, services.CodeWrongData, "parent field is required") }) c.Convey("When parent is not existed", func() { sess.Parent = mgr.NewId() res := sessionCreate(t, ts.URL, scanId, marshalSession(sess)) shouldBeBadRequest(t, res, services.CodeWrongData, "parent not found") }) c.Convey("When parent doesn't have working status", func() { parentSession.Status = scan.StatusFinished mgr.Scans.UpdateSession(baseScan, parentSession) res := sessionCreate(t, ts.URL, scanId, marshalSession(sess)) shouldBeBadRequest(t, res, services.CodeWrongData, "parent should have working status") }) c.Convey("When plugin has wrong name", func() { sess.Step.Plugin = "bad_name" res := sessionCreate(t, ts.URL, scanId, marshalSession(sess)) shouldBeBadRequest(t, res, services.CodeWrongData, "plugin bad_name is not found") }) c.Convey("When everything is ok", func() { res := sessionCreate(t, ts.URL, scanId, marshalSession(sess)) c.Convey("Session returns and updated into db", func() { c.So(res.StatusCode, c.ShouldEqual, http.StatusCreated) baseScan, err := mgr.Scans.GetById(baseScan.Id) c.So(err, c.ShouldBeNil) c.So(len(baseScan.Sessions), c.ShouldEqual, 1) c.So(len(baseScan.Sessions[0].Children), c.ShouldEqual, 1) child := baseScan.Sessions[0].Children[0] c.So(child.Parent, c.ShouldEqual, parentSession.Id) c.So(child.Status, c.ShouldEqual, scan.StatusCreated) c.So(child.Scan, c.ShouldEqual, baseScan.Id) }) }) }) }
func TestChangePassword(t *testing.T) { logrus.SetLevel(logrus.PanicLevel) mongo, dbName, err := tests.RandomTestMongoUp() if err != nil { t.Fatal(err) } defer tests.RandomTestMongoDown(mongo, dbName) mgr := manager.New(mongo.DB(dbName)) passCtx := passlib.NewContext() // create and auth user sess := filters.NewSession() service := New(services.New(mgr, passCtx, scheduler.NewFake())) wsContainer := restful.NewContainer() wsContainer.Router(restful.CurlyRouter{}) wsContainer.Filter(filters.SessionFilterMock(sess)) service.Register(wsContainer) ts := httptest.NewServer(wsContainer) defer ts.Close() c.Convey("Given authorized user with password - password", t, func() { pass, err := passCtx.Encrypt("password") if err != nil { t.Fatal(err) } u, err := mgr.Users.Create(&user.User{ Password: pass, }) if err != nil { t.Fatal(err) } sess.Set(filters.SessionUserKey, u.Id.Hex()) c.Convey("Change password with wrong entity", func() { err, resp, sErr := changePassword(ts.URL, map[string]int{"old": 1}) c.So(err, c.ShouldBeNil) c.So(resp.StatusCode, c.ShouldEqual, http.StatusBadRequest) c.So(sErr, c.ShouldNotBeNil) c.So(sErr.Code, c.ShouldEqual, services.CodeWrongEntity) }) c.Convey("Change password with wrong old password", func() { err, resp, sErr := changePassword(ts.URL, map[string]string{"old": "bad"}) c.So(err, c.ShouldBeNil) c.So(resp.StatusCode, c.ShouldEqual, http.StatusBadRequest) c.So(sErr, c.ShouldNotBeNil) c.So(sErr.Code, c.ShouldEqual, services.CodeWrongData) }) c.Convey("Change password with right old password, but new is short", func() { err, resp, sErr := changePassword(ts.URL, map[string]string{"old": "password", "new": "short"}) c.So(err, c.ShouldBeNil) c.So(resp.StatusCode, c.ShouldEqual, http.StatusBadRequest) c.So(sErr, c.ShouldNotBeNil) c.So(sErr.Code, c.ShouldEqual, services.CodeWrongData) }) c.Convey("Change password with right old password, and good new password", func() { err, resp, sErr := changePassword(ts.URL, map[string]string{"old": "password", "new": "password2"}) c.So(err, c.ShouldBeNil) c.So(resp.StatusCode, c.ShouldEqual, http.StatusOK) c.So(sErr, c.ShouldBeNil) modified, err := mgr.Users.GetById(u.Id) if err != nil { t.Fatal(err) } verified, err := passCtx.Verify("password2", modified.Password) if err != nil { t.Fatal(err) } c.So(verified, c.ShouldBeTrue) }) }) }
func TestSessionCreate(t *testing.T) { mongo, dbName, err := tests.RandomTestMongoUp() if err != nil { t.Fatal(err) } defer tests.RandomTestMongoDown(mongo, dbName) mgr := manager.New(mongo.DB(dbName)) // create and auth user sess := filters.NewSession() u, err := mgr.Users.Create(&user.User{}) if err != nil { t.Fatal(err) } sess.Set(filters.SessionUserKey, u.Id.Hex()) service := New(services.New(mgr, nil, scheduler.NewFake())) wsContainer := restful.NewContainer() wsContainer.Router(restful.CurlyRouter{}) wsContainer.Filter(filters.SessionFilterMock(sess)) service.Register(wsContainer) ts := httptest.NewServer(wsContainer) defer ts.Close() c.Convey("Given empty issues collections", t, func() { _, err = mongo.DB(dbName).C("issues").RemoveAll(bson.M{}) c.So(err, c.ShouldBeNil) projectObj, err := mgr.Projects.Create(&project.Project{ Name: "default", Owner: u.Id, }) c.So(err, c.ShouldBeNil) targetObj, err := mgr.Targets.Create(&target.Target{ Project: projectObj.Id, Type: target.TypeWeb, }) c.So(err, c.ShouldBeNil) c.Convey("Get list of all issues", func() { res, issues := getIssues(t, ts.URL, nil) c.Convey("Response should be empty", func() { c.So(res.StatusCode, c.ShouldEqual, http.StatusOK) c.So(issues.Count, c.ShouldEqual, 0) c.So(len(issues.Results), c.ShouldEqual, 0) }) }) c.Convey("Given target issue", func() { targetIssue, err := mgr.Issues.Create(&issue.TargetIssue{ Target: targetObj.Id, Project: projectObj.Id, Issue: issue.Issue{ UniqId: "1", }, Status: issue.Status{ Confirmed: true, }, }) c.So(err, c.ShouldBeNil) c.So(targetIssue.Confirmed, c.ShouldEqual, true) c.So(targetIssue.Muted, c.ShouldEqual, false) c.So(targetIssue.False, c.ShouldEqual, false) c.So(targetIssue.Resolved, c.ShouldEqual, false) c.Convey("Get list of all issues", func() { res, issues := getIssues(t, ts.URL, nil) c.Convey("Response should have a new issue", func() { c.So(res.StatusCode, c.ShouldEqual, http.StatusOK) c.So(issues.Count, c.ShouldEqual, 1) c.So(len(issues.Results), c.ShouldEqual, 1) c.So(issues.Results[0].Id, c.ShouldEqual, targetIssue.Id) }) }) c.Convey("Set issue status confirmed", func() { res, issue := updateIssue(t, ts.URL, mgr.FromId(targetIssue.Id), &TargetIssueEntity{ Status: Status{ Confirmed: utils.BoolP(false), }, }) c.So(res.StatusCode, c.ShouldEqual, http.StatusOK) c.So(issue.Confirmed, c.ShouldEqual, false) c.So(issue.Muted, c.ShouldEqual, false) c.So(issue.False, c.ShouldEqual, false) c.So(issue.Resolved, c.ShouldEqual, false) }) c.Convey("Set issue status muted", func() { res, issue := updateIssue(t, ts.URL, mgr.FromId(targetIssue.Id), &TargetIssueEntity{ Status: Status{ Muted: utils.BoolP(true), }, }) c.So(res.StatusCode, c.ShouldEqual, http.StatusOK) c.So(issue.Confirmed, c.ShouldEqual, true) c.So(issue.Muted, c.ShouldEqual, true) c.So(issue.False, c.ShouldEqual, false) c.So(issue.Resolved, c.ShouldEqual, false) }) c.Convey("Set issue status false", func() { res, issue := updateIssue(t, ts.URL, mgr.FromId(targetIssue.Id), &TargetIssueEntity{ Status: Status{ False: utils.BoolP(true), }, }) c.So(res.StatusCode, c.ShouldEqual, http.StatusOK) c.So(issue.Confirmed, c.ShouldEqual, true) c.So(issue.Muted, c.ShouldEqual, false) c.So(issue.False, c.ShouldEqual, true) c.So(issue.Resolved, c.ShouldEqual, false) }) c.Convey("Set issue status resolved", func() { res, issue := updateIssue(t, ts.URL, mgr.FromId(targetIssue.Id), &TargetIssueEntity{ Status: Status{ Resolved: utils.BoolP(true), }, }) c.So(res.StatusCode, c.ShouldEqual, http.StatusOK) c.So(issue.Confirmed, c.ShouldEqual, true) c.So(issue.Muted, c.ShouldEqual, false) c.So(issue.False, c.ShouldEqual, false) c.So(issue.Resolved, c.ShouldEqual, true) }) c.Convey("Set all issue status", func() { res, issue := updateIssue(t, ts.URL, mgr.FromId(targetIssue.Id), &TargetIssueEntity{ Status: Status{ Muted: utils.BoolP(true), Resolved: utils.BoolP(true), False: utils.BoolP(true), Confirmed: utils.BoolP(false), }, }) c.So(res.StatusCode, c.ShouldEqual, http.StatusOK) c.So(issue.Confirmed, c.ShouldEqual, false) c.So(issue.Muted, c.ShouldEqual, true) c.So(issue.False, c.ShouldEqual, true) c.So(issue.Resolved, c.ShouldEqual, true) }) }) }) }