Add more admin tests (#1754)

google · Feb 2, 2021 · e5bf416 · e5bf416
1 parent b58c3a5
commit e5bf416
Show file tree

Hide file tree

Showing 17 changed files with 2,204 additions and 366 deletions.
diff --git a/cmd/server/assets/admin/realms/edit.html b/cmd/server/assets/admin/realms/edit.html
@@ -26,6 +26,8 @@ <h1>Edit {{$realm.Name}}</h1>
     <div class="card mb-3 shadow-sm">
       <div class="card-header">Details</div>
       <div class="card-body">
+        {{template "errorSummary" $realm}}
+
         <form method="POST" action="/admin/realms/{{$realm.ID}}">
           {{ .csrfField }}
           <input type="hidden" name="_method" value="PATCH" />

diff --git a/cmd/server/assets/admin/realms/new.html b/cmd/server/assets/admin/realms/new.html
@@ -23,6 +23,8 @@ <h1>New realm</h1>
     <div class="card mb-3 shadow-sm">
       <div class="card-header">Details</div>
       <div class="card-body">
+        {{template "errorSummary" $realm}}
+
         <form method="POST" action="/admin/realms" id="new-form">
           {{ .csrfField }}
 

diff --git a/cmd/server/assets/admin/users/new.html b/cmd/server/assets/admin/users/new.html
@@ -23,6 +23,8 @@ <h1>New system admin</h1>
     <div class="card mb-3 shadow-sm">
       <div class="card-header">System admin details</div>
       <div class="card-body">
+        {{template "errorSummary" $user}}
+
         <form method="POST" id="new-form" action="/admin/users">
           {{ .csrfField }}
 

diff --git a/cmd/server/assets/admin/users/show.html b/cmd/server/assets/admin/users/show.html
@@ -9,7 +9,7 @@
   {{template "head" .}}
 </head>
 
-<body id="users-show" class="tab-content">
+<body id="admin-users-show" class="tab-content">
   {{template "admin/navbar" .}}
 
   <main role="main" class="container">
@@ -24,13 +24,13 @@ <h1>{{$user.Name}}</h1>
       <div class="card-header">Details</div>
       <div class="card-body">
         <h6 class="mb-2">Name</h6>
-        <div class="form-group">
+        <div id="user-name" class="form-group">
           {{$user.Name}}
         </div>
 
         <hr>
         <h6 class="mb-2">Email</h6>
-        <div class="form-group">
+        <div id="user-email" class="form-group">
           {{$user.Email}}
         </div>
 

diff --git a/internal/envstest/unit.go b/internal/envstest/unit.go
@@ -64,6 +64,7 @@ func ExerciseMembershipMissing(t *testing.T, h http.Handler) {
 
 		ctx := project.TestContext(t)
 		ctx = controller.WithSession(ctx, &sessions.Session{})
+		ctx = controller.WithUser(ctx, &database.User{})
 
 		r := httptest.NewRequest("GET", "/", nil)
 		r = r.Clone(ctx)
@@ -83,6 +84,34 @@ func ExerciseMembershipMissing(t *testing.T, h http.Handler) {
 	})
 }
 
+// ExerciseUserMissing tests that the proper response code and HTML error page
+// are rendered with there is no user in the context. It sets a session in the
+// context. This only applies to admin pages
+func ExerciseUserMissing(t *testing.T, h http.Handler) {
+	t.Run("user_missing", func(t *testing.T) {
+		t.Parallel()
+
+		ctx := project.TestContext(t)
+		ctx = controller.WithSession(ctx, &sessions.Session{})
+
+		r := httptest.NewRequest("GET", "/", nil)
+		r = r.Clone(ctx)
+		r.Header.Set("Content-Type", "text/html")
+
+		w := httptest.NewRecorder()
+
+		h.ServeHTTP(w, r)
+		w.Flush()
+
+		if got, want := w.Code, 500; got != want {
+			t.Errorf("expected %d to be %d", got, want)
+		}
+		if got, want := w.Body.String(), "user missing"; !strings.Contains(got, want) {
+			t.Errorf("expected %q to contain %q", got, want)
+		}
+	})
+}
+
 // ExercisePermissionMissing tests that the proper response code and HTML error
 // page are rendered when the requestor does not have permission to perform this
 // action.
@@ -93,6 +122,7 @@ func ExercisePermissionMissing(t *testing.T, h http.Handler) {
 		ctx := project.TestContext(t)
 		ctx = controller.WithSession(ctx, &sessions.Session{})
 		ctx = controller.WithMembership(ctx, &database.Membership{})
+		ctx = controller.WithUser(ctx, &database.User{})
 
 		r := httptest.NewRequest("GET", "/", nil)
 		r = r.Clone(ctx)
@@ -121,8 +151,9 @@ func ExerciseBadPagination(t *testing.T, membership *database.Membership, h http
 		ctx := project.TestContext(t)
 		ctx = controller.WithSession(ctx, &sessions.Session{})
 		ctx = controller.WithMembership(ctx, membership)
+		ctx = controller.WithUser(ctx, membership.User)
 
-		r := httptest.NewRequest("GET", "/13940890", nil)
+		r := httptest.NewRequest("GET", "/1", nil)
 		r = r.Clone(ctx)
 		r.Header.Set("Content-Type", "text/html")
 
@@ -157,6 +188,7 @@ func ExerciseIDNotFound(t *testing.T, membership *database.Membership, h http.Ha
 		ctx := project.TestContext(t)
 		ctx = controller.WithSession(ctx, &sessions.Session{})
 		ctx = controller.WithMembership(ctx, membership)
+		ctx = controller.WithUser(ctx, membership.User)
 
 		r := httptest.NewRequest("GET", "/13940890", nil)
 		r = r.Clone(ctx)

diff --git a/pkg/controller/admin/caches_test.go b/pkg/controller/admin/caches_test.go
@@ -24,10 +24,12 @@ import (
 	"github.com/chromedp/chromedp"
 	"github.com/google/exposure-notifications-verification-server/internal/browser"
 	"github.com/google/exposure-notifications-verification-server/internal/envstest"
+	"github.com/google/exposure-notifications-verification-server/internal/i18n"
 	"github.com/google/exposure-notifications-verification-server/internal/project"
-	"github.com/google/exposure-notifications-verification-server/pkg/config"
+	"github.com/google/exposure-notifications-verification-server/pkg/cache"
 	"github.com/google/exposure-notifications-verification-server/pkg/controller"
 	"github.com/google/exposure-notifications-verification-server/pkg/controller/admin"
+	"github.com/google/exposure-notifications-verification-server/pkg/controller/middleware"
 	"github.com/google/exposure-notifications-verification-server/pkg/render"
 	"github.com/gorilla/mux"
 	"github.com/gorilla/sessions"
@@ -39,24 +41,39 @@ func TestAdminCaches(t *testing.T) {
 	ctx := project.TestContext(t)
 	harness := envstest.NewServer(t, testDatabaseInstance)
 
-	cfg := &config.ServerConfig{}
+	locales, err := i18n.Load(harness.Config.LocalesPath)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	middlewares := []mux.MiddlewareFunc{
+		middleware.InjectCurrentPath(),
+		middleware.ProcessLocale(locales),
+	}
 
 	h, err := render.New(ctx, envstest.ServerAssetsPath(), true)
 	if err != nil {
 		t.Fatal(err)
 	}
 
-	c := admin.New(cfg, harness.Cacher, harness.Database, harness.AuthProvider, harness.RateLimiter, h)
+	c := admin.New(harness.Config, harness.Cacher, harness.Database, harness.AuthProvider, harness.RateLimiter, h)
 
 	t.Run("middleware", func(t *testing.T) {
 		t.Parallel()
-		envstest.ExerciseSessionMissing(t, c.HandleCachesClear())
+
+		mux := mux.NewRouter()
+		mux.Use(middlewares...)
+		mux.Handle("/{id}", c.HandleCachesClear())
+		mux.Handle("/", c.HandleCachesClear())
+
+		envstest.ExerciseSessionMissing(t, mux)
 	})
 
 	t.Run("not_found", func(t *testing.T) {
 		t.Parallel()
 
 		mux := mux.NewRouter()
+		mux.Use(middlewares...)
 		mux.Handle("/{id}", c.HandleCachesClear()).Methods("PUT")
 
 		session := &sessions.Session{
@@ -93,10 +110,62 @@ func TestAdminCaches(t *testing.T) {
 		}
 	})
 
+	t.Run("cacher_failure", func(t *testing.T) {
+		t.Parallel()
+
+		cacher, err := cache.NewInMemory(nil)
+		if err != nil {
+			t.Fatal(err)
+		}
+		if err := cacher.Close(); err != nil {
+			t.Fatal(err)
+		}
+
+		c := admin.New(harness.Config, cacher, harness.Database, harness.AuthProvider, harness.RateLimiter, h)
+
+		mux := mux.NewRouter()
+		mux.Use(middlewares...)
+		mux.Handle("/{id}", c.HandleCachesClear()).Methods("PUT")
+
+		session := &sessions.Session{
+			Values: map[interface{}]interface{}{},
+		}
+
+		ctx := ctx
+		ctx = controller.WithSession(ctx, session)
+
+		r := httptest.NewRequest("PUT", "/realms:", nil)
+		r = r.Clone(ctx)
+		r.Header.Set("Content-Type", "text/html")
+		r.Header.Set("Referer", "https://example.com/foo/bar")
+
+		w := httptest.NewRecorder()
+
+		mux.ServeHTTP(w, r)
+		w.Flush()
+
+		if got, want := w.Code, 303; got != want {
+			t.Errorf("expected %d to be %d", got, want)
+		}
+		if got, want := w.Header().Get("Location"), "https://example.com/foo/bar"; got != want {
+			t.Errorf("expected %q to be %q", got, want)
+		}
+
+		flash := controller.Flash(session)
+		errs := flash.Errors()
+		if got, want := len(errs), 1; got != want {
+			t.Errorf("expected %d errors, got %d", want, got)
+		}
+		if got, want := errs[0], "Failed to clear cache"; !strings.Contains(got, want) {
+			t.Errorf("expected %q to contain %q", got, want)
+		}
+	})
+
 	t.Run("clears", func(t *testing.T) {
 		t.Parallel()
 
 		mux := mux.NewRouter()
+		mux.Use(middlewares...)
 		mux.Handle("/{id}", c.HandleCachesClear()).Methods("PUT")
 
 		ctx := ctx

diff --git a/pkg/controller/admin/events.go b/pkg/controller/admin/events.go
@@ -45,6 +45,12 @@ func (c *Controller) HandleEventsShow() http.Handler {
 	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		ctx := r.Context()
 
+		session := controller.SessionFromContext(ctx)
+		if session == nil {
+			controller.MissingSession(w, r, c.h)
+			return
+		}
+
 		// Parse query params
 		pageParams, err := pagination.FromRequest(r)
 		if err != nil {