func (suite *AccountsTestSuite) insertTestUser(email, password, firstName, lastName string) (*accounts.User, *oauth.AccessToken, error) {
var (
testOauthUser *oauth.User
testUser *accounts.User
testAccessToken *oauth.AccessToken
err error
)
// Insert a test user
testOauthUser, err = suite.service.GetOauthService().CreateUser(
roles.User,
email,
password,
)
if err != nil {
return nil, nil, err
}
testUser, err = accounts.NewUser(
suite.accounts[0],
testOauthUser,
"", //facebook ID
false, // confirmed
&accounts.UserRequest{
FirstName: firstName,
LastName: lastName,
},
)
if err != nil {
return nil, nil, err
}
err = suite.db.Create(testUser).Error
testUser.Account = suite.accounts[0]
testUser.OauthUser = testOauthUser
if err != nil {
return nil, nil, err
}
// Login the test user
testAccessToken, _, err = suite.service.GetOauthService().Login(
suite.accounts[0].OauthClient,
testUser.OauthUser,
"read_write", // scope
)
if err != nil {
return nil, nil, err
}
return testUser, testAccessToken, nil
}
func (suite *AccountsTestSuite) TestConfirmEmail() {
var (
testOauthUser *oauth.User
testUser *accounts.User
testConfirmation *accounts.Confirmation
err error
)
// Insert a test user
testOauthUser, err = suite.service.GetOauthService().CreateUser(
roles.User,
"harold@finch",
"test_password",
)
assert.NoError(suite.T(), err, "Failed to insert a test oauth user")
testUser, err = accounts.NewUser(
suite.accounts[0],
testOauthUser,
"", //facebook ID
false, // confirmed
&accounts.UserRequest{
FirstName: "Harold",
LastName: "Finch",
},
)
assert.NoError(suite.T(), err, "Failed to create a new user object")
err = suite.db.Create(testUser).Error
assert.NoError(suite.T(), err, "Failed to insert a test user")
testUser.Account = suite.accounts[0]
testUser.OauthUser = testOauthUser
// Insert a test confirmation
testConfirmation, err = accounts.NewConfirmation(
testUser,
suite.cnf.AppSpecific.ConfirmationLifetime,
)
assert.NoError(suite.T(), err, "Failed to create a new confirmation object")
err = suite.db.Create(testConfirmation).Error
assert.NoError(suite.T(), err, "Failed to insert a test confirmation")
testConfirmation.User = testUser
// Prepare a request
r, err := http.NewRequest(
"GET",
fmt.Sprintf(
"http://1.2.3.4/v1/confirmations/%s",
testConfirmation.Reference,
),
nil,
)
assert.NoError(suite.T(), err, "Request setup should not get an error")
r.Header.Set(
"Authorization",
fmt.Sprintf(
"Basic %s",
b64.StdEncoding.EncodeToString([]byte("test_client_1:test_secret")),
),
)
// Check the routing
match := new(mux.RouteMatch)
suite.router.Match(r, match)
if assert.NotNil(suite.T(), match.Route) {
assert.Equal(suite.T(), "confirm_email", match.Route.GetName())
}
// Count before
var (
countBefore int
accessTokensCountBefore int
refreshTokensCountBefore int
)
suite.db.Model(new(accounts.Confirmation)).Count(&countBefore)
suite.db.Model(new(oauth.AccessToken)).Count(&accessTokensCountBefore)
suite.db.Model(new(oauth.RefreshToken)).Count(&refreshTokensCountBefore)
// And serve the request
w := httptest.NewRecorder()
suite.router.ServeHTTP(w, r)
// Count after
var (
countAfter int
accessTokensCountAfter int
refreshTokensCountAfter int
)
suite.db.Model(new(accounts.Confirmation)).Count(&countAfter)
suite.db.Model(new(oauth.AccessToken)).Count(&accessTokensCountAfter)
suite.db.Model(new(oauth.RefreshToken)).Count(&refreshTokensCountAfter)
assert.Equal(suite.T(), countBefore-1, countAfter)
assert.Equal(suite.T(), accessTokensCountBefore, accessTokensCountAfter)
assert.Equal(suite.T(), refreshTokensCountBefore, refreshTokensCountAfter)
// Fetch the updated user
user := new(accounts.User)
notFound := accounts.UserPreload(suite.db).First(user, testUser.ID).RecordNotFound()
assert.False(suite.T(), notFound)
// Confirmation should have been soft deleteted
assert.True(suite.T(), suite.db.Last(new(accounts.Confirmation)).RecordNotFound())
// And correct data was saved
assert.True(suite.T(), user.Confirmed)
// Check the response
expected, err := accounts.NewConfirmationResponse(testConfirmation)
assert.NoError(suite.T(), err, "Failed to create expected response object")
testutil.TestResponseObject(suite.T(), w, expected, 200)
}
func (suite *AccountsTestSuite) TestConfirmInvitation() {
var (
testOauthUser *oauth.User
testUser *accounts.User
testInvitation *accounts.Invitation
err error
)
// Insert a test user
testOauthUser, err = suite.service.GetOauthService().CreateUser(
roles.User,
"harold@finch",
"", // blank password
)
assert.NoError(suite.T(), err, "Failed to insert a test oauth user")
testUser, err = accounts.NewUser(
suite.accounts[0],
testOauthUser,
"", //facebook ID
false, // confirmed
&accounts.UserRequest{
FirstName: "Harold",
LastName: "Finch",
},
)
assert.NoError(suite.T(), err, "Failed to create a new user object")
err = suite.db.Create(testUser).Error
assert.NoError(suite.T(), err, "Failed to insert a test user")
testUser.Account = suite.accounts[0]
testUser.OauthUser = testOauthUser
// Insert a test invitation
testInvitation, err = accounts.NewInvitation(
testUser,
suite.users[0],
suite.cnf.AppSpecific.InvitationLifetime,
)
assert.NoError(suite.T(), err, "Failed to create a new invitation object")
err = suite.db.Create(testInvitation).Error
assert.NoError(suite.T(), err, "Failed to insert a test invitation")
testInvitation.InvitedUser = testUser
testInvitation.InvitedByUser = suite.users[0]
// Prepare a request
payload, err := json.Marshal(&accounts.ConfirmInvitationRequest{
PasswordRequest: accounts.PasswordRequest{Password: "******"},
})
assert.NoError(suite.T(), err, "JSON marshalling failed")
r, err := http.NewRequest(
"POST",
fmt.Sprintf("http://1.2.3.4/v1/invitations/%s", testInvitation.Reference),
bytes.NewBuffer(payload),
)
assert.NoError(suite.T(), err, "Request setup should not get an error")
r.Header.Set(
"Authorization",
fmt.Sprintf(
"Basic %s",
b64.StdEncoding.EncodeToString([]byte("test_client_1:test_secret")),
),
)
// Check the routing
match := new(mux.RouteMatch)
suite.router.Match(r, match)
if assert.NotNil(suite.T(), match.Route) {
assert.Equal(suite.T(), "confirm_invitation", match.Route.GetName())
}
// Count before
var countBefore int
suite.db.Model(new(accounts.Invitation)).Count(&countBefore)
// And serve the request
w := httptest.NewRecorder()
suite.router.ServeHTTP(w, r)
// Count after
var countAfter int
suite.db.Model(new(accounts.Invitation)).Count(&countAfter)
assert.Equal(suite.T(), countBefore-1, countAfter)
// Fetch the updated user
user := new(accounts.User)
notFound := accounts.UserPreload(suite.db).First(user, testUser.ID).RecordNotFound()
assert.False(suite.T(), notFound)
// Invitation should have been soft deleted
assert.True(suite.T(), suite.db.First(new(accounts.Invitation), testInvitation.ID).RecordNotFound())
// And correct data was saved
assert.Nil(suite.T(), pass.VerifyPassword(user.OauthUser.Password.String, "test_password"))
// Check the response
expected, err := accounts.NewInvitationResponse(testInvitation)
assert.NoError(suite.T(), err, "Failed to create expected response object")
testutil.TestResponseObject(suite.T(), w, expected, 200)
}
func (suite *AccountsTestSuite) TestUpdateUserPasswordFailsWithPaswordlessUser() {
var (
testOauthUser *oauth.User
testUser *accounts.User
testAccessToken *oauth.AccessToken
err error
)
// Insert a test user
testOauthUser, err = suite.service.GetOauthService().CreateUser(
roles.User,
"harold@finch",
"", // empty password
)
assert.NoError(suite.T(), err, "Failed to insert a test oauth user")
testUser, err = accounts.NewUser(
suite.accounts[0],
testOauthUser,
"", //facebook ID
false, // confirmed
&accounts.UserRequest{
FirstName: "Harold",
LastName: "Finch",
},
)
assert.NoError(suite.T(), err, "Failed to create a new user object")
err = suite.db.Create(testUser).Error
assert.NoError(suite.T(), err, "Failed to insert a test user")
testUser.Account = suite.accounts[0]
testUser.OauthUser = testOauthUser
// Login the test user
testAccessToken, _, err = suite.service.GetOauthService().Login(
suite.accounts[0].OauthClient,
testUser.OauthUser,
"read_write", // scope
)
assert.NoError(suite.T(), err, "Failed to login the test user")
payload, err := json.Marshal(&accounts.UserRequest{
Password: "",
NewPassword: "******",
})
assert.NoError(suite.T(), err, "JSON marshalling failed")
r, err := http.NewRequest(
"PUT",
fmt.Sprintf("http://1.2.3.4/v1/users/%d", testUser.ID),
bytes.NewBuffer(payload),
)
assert.NoError(suite.T(), err, "Request setup should not get an error")
r.Header.Set("Authorization", fmt.Sprintf("Bearer %s", testAccessToken.Token))
// Check the routing
match := new(mux.RouteMatch)
suite.router.Match(r, match)
if assert.NotNil(suite.T(), match.Route) {
assert.Equal(suite.T(), "update_user", match.Route.GetName())
}
// And serve the request
w := httptest.NewRecorder()
suite.router.ServeHTTP(w, r)
// Check that the mock object expectations were met
suite.assertMockExpectations()
// Check the response
testutil.TestResponseForError(suite.T(), w, oauth.ErrUserPasswordNotSet.Error(), 400)
}
func (suite *AccountsTestSuite) TestUpdateUserPassword() {
var (
testOauthUser *oauth.User
testUser *accounts.User
testAccessToken *oauth.AccessToken
err error
)
// Insert a test user
testOauthUser, err = suite.service.GetOauthService().CreateUser(
roles.User,
"harold@finch",
"test_password",
)
assert.NoError(suite.T(), err, "Failed to insert a test oauth user")
testUser, err = accounts.NewUser(
suite.accounts[0],
testOauthUser,
"", //facebook ID
false, // confirmed
&accounts.UserRequest{
FirstName: "Harold",
LastName: "Finch",
},
)
assert.NoError(suite.T(), err, "Failed to create a new user object")
err = suite.db.Create(testUser).Error
assert.NoError(suite.T(), err, "Failed to insert a test user")
testUser.Account = suite.accounts[0]
testUser.OauthUser = testOauthUser
// Login the test user
testAccessToken, _, err = suite.service.GetOauthService().Login(
suite.accounts[0].OauthClient,
testUser.OauthUser,
"read_write", // scope
)
assert.NoError(suite.T(), err, "Failed to login the test user")
payload, err := json.Marshal(&accounts.UserRequest{
Password: "******",
NewPassword: "******",
})
assert.NoError(suite.T(), err, "JSON marshalling failed")
r, err := http.NewRequest(
"PUT",
fmt.Sprintf("http://1.2.3.4/v1/users/%d", testUser.ID),
bytes.NewBuffer(payload),
)
assert.NoError(suite.T(), err, "Request setup should not get an error")
r.Header.Set("Authorization", fmt.Sprintf("Bearer %s", testAccessToken.Token))
// Check the routing
match := new(mux.RouteMatch)
suite.router.Match(r, match)
if assert.NotNil(suite.T(), match.Route) {
assert.Equal(suite.T(), "update_user", match.Route.GetName())
}
// Count before
var countBefore int
suite.db.Model(new(accounts.User)).Count(&countBefore)
// And serve the request
w := httptest.NewRecorder()
suite.router.ServeHTTP(w, r)
// Check that the mock object expectations were met
suite.assertMockExpectations()
// Count after
var countAfter int
suite.db.Model(new(accounts.User)).Count(&countAfter)
assert.Equal(suite.T(), countBefore, countAfter)
// Fetch the updated user
user := new(accounts.User)
notFound := accounts.UserPreload(suite.db).First(user, testUser.ID).RecordNotFound()
assert.False(suite.T(), notFound)
// Check that the password has changed
assert.Error(suite.T(), password.VerifyPassword(
user.OauthUser.Password.String,
"test_password",
))
assert.NoError(suite.T(), password.VerifyPassword(
user.OauthUser.Password.String,
"some_new_password",
))
// And the user meta data is unchanged
assert.Equal(suite.T(), "harold@finch", user.OauthUser.Username)
assert.Equal(suite.T(), "Harold", user.FirstName.String)
assert.Equal(suite.T(), "Finch", user.LastName.String)
assert.Equal(suite.T(), roles.User, user.OauthUser.RoleID.String)
assert.False(suite.T(), user.Confirmed)
// Check the response
expected := &accounts.UserResponse{
Hal: jsonhal.Hal{
Links: map[string]*jsonhal.Link{
"self": &jsonhal.Link{
Href: fmt.Sprintf("/v1/users/%d", user.ID),
},
},
},
ID: user.ID,
Email: "harold@finch",
FirstName: "Harold",
LastName: "Finch",
Role: roles.User,
Confirmed: false,
CreatedAt: util.FormatTime(&user.CreatedAt),
UpdatedAt: util.FormatTime(&user.UpdatedAt),
}
testutil.TestResponseObject(suite.T(), w, expected, 200)
}
func (suite *FacebookTestSuite) TestLoginUpdatesExistingUser() {
var (
testOauthUser *oauth.User
testUser *accounts.User
err error
)
// Insert a test user
testOauthUser, err = suite.service.GetAccountsService().GetOauthService().CreateUser(
roles.User,
"harold@finch",
"", // empty password
)
assert.NoError(suite.T(), err, "Failed to insert a test oauth user")
testUser, err = accounts.NewUser(
suite.accounts[0],
testOauthUser,
"some_facebook_id", // facebook ID
true, // confirmed
&accounts.UserRequest{
FirstName: "Harold",
LastName: "Finch",
Picture: "some_picture",
},
)
assert.NoError(suite.T(), err, "Failed to create a new test account user object")
err = suite.db.Create(testUser).Error
assert.NoError(suite.T(), err, "Failed to insert a test user")
testUser.OauthUser = testOauthUser
// Prepare a request
r, err := http.NewRequest("POST", "http://1.2.3.4/v1/facebook/login", nil)
assert.NoError(suite.T(), err, "Request setup should not get an error")
r.PostForm = url.Values{
"access_token": {"facebook_token"},
"scope": {"read_write"},
}
r.SetBasicAuth("test_client_1", "test_secret")
// Check the routing
match := new(mux.RouteMatch)
suite.router.Match(r, match)
if assert.NotNil(suite.T(), match.Route) {
assert.Equal(suite.T(), "facebook_login", match.Route.GetName())
}
// Mock fetching profile data from facebook
suite.mockFacebookGetMe(fb.Result{
"id": "new_facebook_id",
"email": testUser.OauthUser.Username,
"name": "New Name",
"first_name": "New First Name",
"last_name": "New Last Name",
"picture": map[string]interface{}{
"data": map[string]interface{}{
"url": "new_picture",
},
},
}, nil)
// Count before
var countBefore int
suite.db.Model(new(accounts.User)).Count(&countBefore)
// And serve the request
w := httptest.NewRecorder()
suite.router.ServeHTTP(w, r)
// Check mock expectations were met
suite.adapterMock.AssertExpectations(suite.T())
// Check the status code
if !assert.Equal(suite.T(), 200, w.Code) {
log.Print(w.Body.String())
}
// Count after
var countAfter int
suite.db.Model(new(accounts.User)).Count(&countAfter)
assert.Equal(suite.T(), countBefore, countAfter)
// Fetch the updated user
user := new(accounts.User)
notFound := accounts.UserPreload(suite.db).
First(user, testUser.ID).RecordNotFound()
assert.False(suite.T(), notFound)
// And correct data was saved
assert.Equal(suite.T(), testUser.OauthUser.Username, user.OauthUser.Username)
assert.Equal(suite.T(), "New First Name", user.FirstName.String)
assert.Equal(suite.T(), "New Last Name", user.LastName.String)
assert.Equal(suite.T(), "new_facebook_id", user.FacebookID.String)
assert.Equal(suite.T(), "new_picture", user.Picture.String)
assert.Equal(suite.T(), roles.User, user.OauthUser.RoleID.String)
// Fetch oauth tokens
accessToken := new(oauth.AccessToken)
assert.False(suite.T(), oauth.AccessTokenPreload(suite.db).
First(accessToken).RecordNotFound())
refreshToken := new(oauth.RefreshToken)
assert.False(suite.T(), oauth.RefreshTokenPreload(suite.db).
First(refreshToken).RecordNotFound())
// Check the response body
expected, err := json.Marshal(&oauth.AccessTokenResponse{
UserID: user.ID,
AccessToken: accessToken.Token,
ExpiresIn: 3600,
TokenType: tokentypes.Bearer,
Scope: "read_write",
RefreshToken: refreshToken.Token,
})
if assert.NoError(suite.T(), err, "JSON marshalling failed") {
assert.Equal(suite.T(), string(expected), strings.TrimSpace(w.Body.String()))
}
}