diff --git a/internal/envstest/unit.go b/internal/envstest/unit.go index edb62b490..96bb6b750 100644 --- a/internal/envstest/unit.go +++ b/internal/envstest/unit.go @@ -147,16 +147,14 @@ func ExerciseIDNotFound(t *testing.T, membership *database.Membership, h http.Ha t.Run("id_not_found", func(t *testing.T) { t.Parallel() - mux := mux.NewRouter() - mux.Handle("/{id}", h) - ctx := project.TestContext(t) ctx = controller.WithSession(ctx, &sessions.Session{}) ctx = controller.WithMembership(ctx, membership) ctx = controller.WithUser(ctx, membership.User) - w, r := BuildFormRequest(ctx, t, http.MethodGet, "/13940890", nil) - mux.ServeHTTP(w, r) + w, r := BuildFormRequest(ctx, t, http.MethodGet, "/", nil) + r = mux.SetURLVars(r, map[string]string{"id": "13940890"}) + h.ServeHTTP(w, r) if got, want := w.Code, http.StatusUnauthorized; got != want { t.Errorf("Expected %d to be %d", got, want) diff --git a/pkg/controller/apikey/create_test.go b/pkg/controller/apikey/create_test.go index 9f8df1050..57b69432d 100644 --- a/pkg/controller/apikey/create_test.go +++ b/pkg/controller/apikey/create_test.go @@ -34,13 +34,7 @@ func TestHandleCreate(t *testing.T) { t.Parallel() ctx := project.TestContext(t) - harness := envstest.NewServer(t, testDatabaseInstance) - - realm, user, session, err := harness.ProvisionAndLogin() - if err != nil { - t.Fatal(err) - } - ctx = controller.WithSession(ctx, session) + harness := envstest.NewServerConfig(t, testDatabaseInstance) c := apikey.New(harness.Cacher, harness.Database, harness.Renderer) handler := c.HandleCreate() @@ -60,9 +54,10 @@ func TestHandleCreate(t *testing.T) { handler := c.HandleCreate() ctx := ctx + ctx = controller.WithSession(ctx, &sessions.Session{}) ctx = controller.WithMembership(ctx, &database.Membership{ - Realm: realm, - User: user, + Realm: &database.Realm{}, + User: &database.User{}, Permissions: rbac.APIKeyWrite, }) @@ -81,9 +76,10 @@ func TestHandleCreate(t *testing.T) { t.Parallel() ctx := ctx + ctx = controller.WithSession(ctx, &sessions.Session{}) ctx = controller.WithMembership(ctx, &database.Membership{ - Realm: realm, - User: user, + Realm: &database.Realm{}, + User: &database.User{}, Permissions: rbac.APIKeyWrite, }) @@ -103,13 +99,20 @@ func TestHandleCreate(t *testing.T) { t.Run("success", func(t *testing.T) { t.Parallel() - session := &sessions.Session{} + realm, err := harness.Database.FindRealm(1) + if err != nil { + t.Fatal(err) + } + + session := &sessions.Session{ + Values: make(map[interface{}]interface{}), + } ctx := ctx ctx = controller.WithSession(ctx, session) ctx = controller.WithMembership(ctx, &database.Membership{ Realm: realm, - User: user, + User: &database.User{}, Permissions: rbac.APIKeyWrite, }) diff --git a/pkg/controller/apikey/disable_test.go b/pkg/controller/apikey/disable_test.go index ff24cc3ec..2a0cf9d4b 100644 --- a/pkg/controller/apikey/disable_test.go +++ b/pkg/controller/apikey/disable_test.go @@ -26,27 +26,14 @@ import ( "github.com/google/exposure-notifications-verification-server/pkg/database" "github.com/google/exposure-notifications-verification-server/pkg/rbac" "github.com/gorilla/mux" + "github.com/gorilla/sessions" ) func TestHandleDisable(t *testing.T) { t.Parallel() ctx := project.TestContext(t) - harness := envstest.NewServer(t, testDatabaseInstance) - - realm, user, session, err := harness.ProvisionAndLogin() - if err != nil { - t.Fatal(err) - } - ctx = controller.WithSession(ctx, session) - - authApp := &database.AuthorizedApp{ - RealmID: realm.ID, - Name: "Appy", - } - if _, err := realm.CreateAuthorizedApp(harness.Database, authApp, database.SystemTest); err != nil { - t.Fatal(err) - } + harness := envstest.NewServerConfig(t, testDatabaseInstance) c := apikey.New(harness.Cacher, harness.Database, harness.Renderer) handler := c.HandleDisable() @@ -58,8 +45,8 @@ func TestHandleDisable(t *testing.T) { envstest.ExerciseMembershipMissing(t, handler) envstest.ExercisePermissionMissing(t, handler) envstest.ExerciseIDNotFound(t, &database.Membership{ - Realm: realm, - User: user, + Realm: &database.Realm{}, + User: &database.User{}, Permissions: rbac.APIKeyWrite, }, handler) }) @@ -67,13 +54,27 @@ func TestHandleDisable(t *testing.T) { t.Run("internal_error", func(t *testing.T) { t.Parallel() + realm, err := harness.Database.FindRealm(1) + if err != nil { + t.Fatal(err) + } + + authApp := &database.AuthorizedApp{ + RealmID: realm.ID, + Name: "Appy1", + } + if _, err := realm.CreateAuthorizedApp(harness.Database, authApp, database.SystemTest); err != nil { + t.Fatal(err) + } + c := apikey.New(harness.Cacher, harness.BadDatabase, harness.Renderer) handler := c.HandleDisable() ctx := ctx + ctx = controller.WithSession(ctx, &sessions.Session{}) ctx = controller.WithMembership(ctx, &database.Membership{ Realm: realm, - User: user, + User: &database.User{}, Permissions: rbac.APIKeyWrite, }) @@ -89,10 +90,24 @@ func TestHandleDisable(t *testing.T) { t.Run("success", func(t *testing.T) { t.Parallel() + realm, err := harness.Database.FindRealm(1) + if err != nil { + t.Fatal(err) + } + + authApp := &database.AuthorizedApp{ + RealmID: realm.ID, + Name: "Appy2", + } + if _, err := realm.CreateAuthorizedApp(harness.Database, authApp, database.SystemTest); err != nil { + t.Fatal(err) + } + ctx := ctx + ctx = controller.WithSession(ctx, &sessions.Session{}) ctx = controller.WithMembership(ctx, &database.Membership{ Realm: realm, - User: user, + User: &database.User{}, Permissions: rbac.APIKeyWrite, }) diff --git a/pkg/controller/apikey/enable_test.go b/pkg/controller/apikey/enable_test.go index b5f453a4f..4d6dfe614 100644 --- a/pkg/controller/apikey/enable_test.go +++ b/pkg/controller/apikey/enable_test.go @@ -27,6 +27,7 @@ import ( "github.com/google/exposure-notifications-verification-server/pkg/database" "github.com/google/exposure-notifications-verification-server/pkg/rbac" "github.com/gorilla/mux" + "github.com/gorilla/sessions" "github.com/jinzhu/gorm" ) @@ -34,25 +35,7 @@ func TestHandleEnable(t *testing.T) { t.Parallel() ctx := project.TestContext(t) - harness := envstest.NewServer(t, testDatabaseInstance) - - realm, user, session, err := harness.ProvisionAndLogin() - if err != nil { - t.Fatal(err) - } - ctx = controller.WithSession(ctx, session) - - now := time.Now().UTC().Add(-5 * time.Second) - authApp := &database.AuthorizedApp{ - RealmID: realm.ID, - Name: "Appy", - Model: gorm.Model{ - DeletedAt: &now, - }, - } - if _, err := realm.CreateAuthorizedApp(harness.Database, authApp, database.SystemTest); err != nil { - t.Fatal(err) - } + harness := envstest.NewServerConfig(t, testDatabaseInstance) c := apikey.New(harness.Cacher, harness.Database, harness.Renderer) handler := c.HandleEnable() @@ -64,8 +47,8 @@ func TestHandleEnable(t *testing.T) { envstest.ExerciseMembershipMissing(t, handler) envstest.ExercisePermissionMissing(t, handler) envstest.ExerciseIDNotFound(t, &database.Membership{ - Realm: realm, - User: user, + Realm: &database.Realm{}, + User: &database.User{}, Permissions: rbac.APIKeyWrite, }, handler) }) @@ -76,10 +59,28 @@ func TestHandleEnable(t *testing.T) { c := apikey.New(harness.Cacher, harness.BadDatabase, harness.Renderer) handler := c.HandleEnable() + realm, err := harness.Database.FindRealm(1) + if err != nil { + t.Fatal(err) + } + + now := time.Now().UTC().Add(-5 * time.Second) + authApp := &database.AuthorizedApp{ + RealmID: realm.ID, + Name: "Appy1", + Model: gorm.Model{ + DeletedAt: &now, + }, + } + if _, err := realm.CreateAuthorizedApp(harness.Database, authApp, database.SystemTest); err != nil { + t.Fatal(err) + } + ctx := ctx + ctx = controller.WithSession(ctx, &sessions.Session{}) ctx = controller.WithMembership(ctx, &database.Membership{ Realm: realm, - User: user, + User: &database.User{}, Permissions: rbac.APIKeyWrite, }) @@ -95,10 +96,28 @@ func TestHandleEnable(t *testing.T) { t.Run("success", func(t *testing.T) { t.Parallel() + realm, err := harness.Database.FindRealm(1) + if err != nil { + t.Fatal(err) + } + + now := time.Now().UTC().Add(-5 * time.Second) + authApp := &database.AuthorizedApp{ + RealmID: realm.ID, + Name: "Appy2", + Model: gorm.Model{ + DeletedAt: &now, + }, + } + if _, err := realm.CreateAuthorizedApp(harness.Database, authApp, database.SystemTest); err != nil { + t.Fatal(err) + } + ctx := ctx + ctx = controller.WithSession(ctx, &sessions.Session{}) ctx = controller.WithMembership(ctx, &database.Membership{ Realm: realm, - User: user, + User: &database.User{}, Permissions: rbac.APIKeyWrite, }) diff --git a/pkg/controller/apikey/index_test.go b/pkg/controller/apikey/index_test.go index 4d9676b02..e70b4ff81 100644 --- a/pkg/controller/apikey/index_test.go +++ b/pkg/controller/apikey/index_test.go @@ -25,27 +25,14 @@ import ( "github.com/google/exposure-notifications-verification-server/pkg/controller/middleware" "github.com/google/exposure-notifications-verification-server/pkg/database" "github.com/google/exposure-notifications-verification-server/pkg/rbac" + "github.com/gorilla/sessions" ) func TestHandleIndex(t *testing.T) { t.Parallel() ctx := project.TestContext(t) - harness := envstest.NewServer(t, testDatabaseInstance) - - realm, user, session, err := harness.ProvisionAndLogin() - if err != nil { - t.Fatal(err) - } - ctx = controller.WithSession(ctx, session) - - authApp := &database.AuthorizedApp{ - RealmID: realm.ID, - Name: "Appy", - } - if _, err := realm.CreateAuthorizedApp(harness.Database, authApp, database.SystemTest); err != nil { - t.Fatal(err) - } + harness := envstest.NewServerConfig(t, testDatabaseInstance) c := apikey.New(harness.Cacher, harness.Database, harness.Renderer) handler := middleware.InjectCurrentPath()(c.HandleIndex()) @@ -56,8 +43,8 @@ func TestHandleIndex(t *testing.T) { envstest.ExerciseMembershipMissing(t, handler) envstest.ExercisePermissionMissing(t, handler) envstest.ExerciseBadPagination(t, &database.Membership{ - Realm: realm, - User: user, + Realm: &database.Realm{}, + User: &database.User{}, Permissions: rbac.APIKeyRead, }, handler) }) @@ -69,9 +56,10 @@ func TestHandleIndex(t *testing.T) { handler := middleware.InjectCurrentPath()(c.HandleIndex()) ctx := ctx + ctx = controller.WithSession(ctx, &sessions.Session{}) ctx = controller.WithMembership(ctx, &database.Membership{ - Realm: realm, - User: user, + Realm: &database.Realm{}, + User: &database.User{}, Permissions: rbac.APIKeyRead, }) @@ -86,10 +74,24 @@ func TestHandleIndex(t *testing.T) { t.Run("success", func(t *testing.T) { t.Parallel() + realm, err := harness.Database.FindRealm(1) + if err != nil { + t.Fatal(err) + } + + authApp := &database.AuthorizedApp{ + RealmID: realm.ID, + Name: "Appy", + } + if _, err := realm.CreateAuthorizedApp(harness.Database, authApp, database.SystemTest); err != nil { + t.Fatal(err) + } + ctx := ctx + ctx = controller.WithSession(ctx, &sessions.Session{}) ctx = controller.WithMembership(ctx, &database.Membership{ Realm: realm, - User: user, + User: &database.User{}, Permissions: rbac.APIKeyRead, }) diff --git a/pkg/controller/apikey/show_test.go b/pkg/controller/apikey/show_test.go index 071c4881b..2b5dea022 100644 --- a/pkg/controller/apikey/show_test.go +++ b/pkg/controller/apikey/show_test.go @@ -27,27 +27,14 @@ import ( "github.com/google/exposure-notifications-verification-server/pkg/database" "github.com/google/exposure-notifications-verification-server/pkg/rbac" "github.com/gorilla/mux" + "github.com/gorilla/sessions" ) func TestHandleShow(t *testing.T) { t.Parallel() ctx := project.TestContext(t) - harness := envstest.NewServer(t, testDatabaseInstance) - - realm, user, session, err := harness.ProvisionAndLogin() - if err != nil { - t.Fatal(err) - } - ctx = controller.WithSession(ctx, session) - - authApp := &database.AuthorizedApp{ - RealmID: realm.ID, - Name: "Appy", - } - if _, err := realm.CreateAuthorizedApp(harness.Database, authApp, database.SystemTest); err != nil { - t.Fatal(err) - } + harness := envstest.NewServerConfig(t, testDatabaseInstance) c := apikey.New(harness.Cacher, harness.Database, harness.Renderer) handler := middleware.InjectCurrentPath()(c.HandleShow()) @@ -59,8 +46,8 @@ func TestHandleShow(t *testing.T) { envstest.ExerciseMembershipMissing(t, handler) envstest.ExercisePermissionMissing(t, handler) envstest.ExerciseIDNotFound(t, &database.Membership{ - Realm: realm, - User: user, + Realm: &database.Realm{}, + User: &database.User{}, Permissions: rbac.APIKeyRead, }, handler) }) @@ -71,10 +58,24 @@ func TestHandleShow(t *testing.T) { c := apikey.New(harness.Cacher, harness.BadDatabase, harness.Renderer) handler := middleware.InjectCurrentPath()(c.HandleShow()) + realm, err := harness.Database.FindRealm(1) + if err != nil { + t.Fatal(err) + } + + authApp := &database.AuthorizedApp{ + RealmID: realm.ID, + Name: "Appy1", + } + if _, err := realm.CreateAuthorizedApp(harness.Database, authApp, database.SystemTest); err != nil { + t.Fatal(err) + } + ctx := ctx + ctx = controller.WithSession(ctx, &sessions.Session{}) ctx = controller.WithMembership(ctx, &database.Membership{ Realm: realm, - User: user, + User: &database.User{}, Permissions: rbac.APIKeyRead, }) @@ -90,10 +91,24 @@ func TestHandleShow(t *testing.T) { t.Run("shows", func(t *testing.T) { t.Parallel() + realm, err := harness.Database.FindRealm(1) + if err != nil { + t.Fatal(err) + } + + authApp := &database.AuthorizedApp{ + RealmID: realm.ID, + Name: "Appy2", + } + if _, err := realm.CreateAuthorizedApp(harness.Database, authApp, database.SystemTest); err != nil { + t.Fatal(err) + } + ctx := ctx + ctx = controller.WithSession(ctx, &sessions.Session{}) ctx = controller.WithMembership(ctx, &database.Membership{ Realm: realm, - User: user, + User: &database.User{}, Permissions: rbac.APIKeyRead, }) diff --git a/pkg/controller/apikey/update_test.go b/pkg/controller/apikey/update_test.go index bb557bd66..2794d1e13 100644 --- a/pkg/controller/apikey/update_test.go +++ b/pkg/controller/apikey/update_test.go @@ -28,27 +28,14 @@ import ( "github.com/google/exposure-notifications-verification-server/pkg/database" "github.com/google/exposure-notifications-verification-server/pkg/rbac" "github.com/gorilla/mux" + "github.com/gorilla/sessions" ) func TestHandleUpdate(t *testing.T) { t.Parallel() ctx := project.TestContext(t) - harness := envstest.NewServer(t, testDatabaseInstance) - - realm, user, session, err := harness.ProvisionAndLogin() - if err != nil { - t.Fatal(err) - } - ctx = controller.WithSession(ctx, session) - - authApp := &database.AuthorizedApp{ - RealmID: realm.ID, - Name: "Appy", - } - if _, err := realm.CreateAuthorizedApp(harness.Database, authApp, database.SystemTest); err != nil { - t.Fatal(err) - } + harness := envstest.NewServerConfig(t, testDatabaseInstance) c := apikey.New(harness.Cacher, harness.Database, harness.Renderer) handler := c.HandleUpdate() @@ -60,8 +47,8 @@ func TestHandleUpdate(t *testing.T) { envstest.ExerciseMembershipMissing(t, handler) envstest.ExercisePermissionMissing(t, handler) envstest.ExerciseIDNotFound(t, &database.Membership{ - Realm: realm, - User: user, + Realm: &database.Realm{}, + User: &database.User{}, Permissions: rbac.APIKeyWrite, }, handler) }) @@ -72,10 +59,24 @@ func TestHandleUpdate(t *testing.T) { c := apikey.New(harness.Cacher, harness.BadDatabase, harness.Renderer) handler := c.HandleUpdate() + realm, err := harness.Database.FindRealm(1) + if err != nil { + t.Fatal(err) + } + + authApp := &database.AuthorizedApp{ + RealmID: realm.ID, + Name: "Appy1", + } + if _, err := realm.CreateAuthorizedApp(harness.Database, authApp, database.SystemTest); err != nil { + t.Fatal(err) + } + ctx := ctx + ctx = controller.WithSession(ctx, &sessions.Session{}) ctx = controller.WithMembership(ctx, &database.Membership{ Realm: realm, - User: user, + User: &database.User{}, Permissions: rbac.APIKeyWrite, }) @@ -93,10 +94,24 @@ func TestHandleUpdate(t *testing.T) { t.Run("validation", func(t *testing.T) { t.Parallel() + realm, err := harness.Database.FindRealm(1) + if err != nil { + t.Fatal(err) + } + + authApp := &database.AuthorizedApp{ + RealmID: realm.ID, + Name: "Appy2", + } + if _, err := realm.CreateAuthorizedApp(harness.Database, authApp, database.SystemTest); err != nil { + t.Fatal(err) + } + ctx := ctx + ctx = controller.WithSession(ctx, &sessions.Session{}) ctx = controller.WithMembership(ctx, &database.Membership{ Realm: realm, - User: user, + User: &database.User{}, Permissions: rbac.APIKeyWrite, }) @@ -118,10 +133,24 @@ func TestHandleUpdate(t *testing.T) { t.Run("success", func(t *testing.T) { t.Parallel() + realm, err := harness.Database.FindRealm(1) + if err != nil { + t.Fatal(err) + } + + authApp := &database.AuthorizedApp{ + RealmID: realm.ID, + Name: "Appy3", + } + if _, err := realm.CreateAuthorizedApp(harness.Database, authApp, database.SystemTest); err != nil { + t.Fatal(err) + } + ctx := ctx + ctx = controller.WithSession(ctx, &sessions.Session{}) ctx = controller.WithMembership(ctx, &database.Membership{ Realm: realm, - User: user, + User: &database.User{}, Permissions: rbac.APIKeyWrite, }) diff --git a/pkg/controller/mobileapps/create_test.go b/pkg/controller/mobileapps/create_test.go index 7a642648f..3ce08608c 100644 --- a/pkg/controller/mobileapps/create_test.go +++ b/pkg/controller/mobileapps/create_test.go @@ -34,12 +34,7 @@ func TestHandleCreate(t *testing.T) { t.Parallel() ctx := project.TestContext(t) - harness := envstest.NewServer(t, testDatabaseInstance) - - realm, user, _, err := harness.ProvisionAndLogin() - if err != nil { - t.Fatal(err) - } + harness := envstest.NewServerConfig(t, testDatabaseInstance) c := mobileapps.New(harness.Database, harness.Renderer) handler := c.HandleCreate() @@ -61,8 +56,8 @@ func TestHandleCreate(t *testing.T) { ctx := ctx ctx = controller.WithSession(ctx, &sessions.Session{}) ctx = controller.WithMembership(ctx, &database.Membership{ - Realm: realm, - User: user, + Realm: &database.Realm{}, + User: &database.User{}, Permissions: rbac.MobileAppWrite, }) @@ -85,8 +80,8 @@ func TestHandleCreate(t *testing.T) { ctx := ctx ctx = controller.WithSession(ctx, &sessions.Session{}) ctx = controller.WithMembership(ctx, &database.Membership{ - Realm: realm, - User: user, + Realm: &database.Realm{}, + User: &database.User{}, Permissions: rbac.MobileAppWrite, }) @@ -104,11 +99,16 @@ func TestHandleCreate(t *testing.T) { t.Run("success", func(t *testing.T) { t.Parallel() + realm, err := harness.Database.FindRealm(1) + if err != nil { + t.Fatal(err) + } + ctx := ctx ctx = controller.WithSession(ctx, &sessions.Session{}) ctx = controller.WithMembership(ctx, &database.Membership{ Realm: realm, - User: user, + User: &database.User{}, Permissions: rbac.MobileAppWrite, }) diff --git a/pkg/controller/mobileapps/disable_test.go b/pkg/controller/mobileapps/disable_test.go index be8b74a31..9f24acc9f 100644 --- a/pkg/controller/mobileapps/disable_test.go +++ b/pkg/controller/mobileapps/disable_test.go @@ -33,12 +33,7 @@ func TestHandleDisable(t *testing.T) { t.Parallel() ctx := project.TestContext(t) - harness := envstest.NewServer(t, testDatabaseInstance) - - realm, user, _, err := harness.ProvisionAndLogin() - if err != nil { - t.Fatal(err) - } + harness := envstest.NewServerConfig(t, testDatabaseInstance) c := mobileapps.New(harness.Database, harness.Renderer) handler := c.HandleDisable() @@ -50,8 +45,8 @@ func TestHandleDisable(t *testing.T) { envstest.ExerciseMembershipMissing(t, handler) envstest.ExercisePermissionMissing(t, handler) envstest.ExerciseIDNotFound(t, &database.Membership{ - Realm: realm, - User: user, + Realm: &database.Realm{}, + User: &database.User{}, Permissions: rbac.MobileAppWrite, }, handler) }) @@ -65,8 +60,8 @@ func TestHandleDisable(t *testing.T) { ctx := ctx ctx = controller.WithSession(ctx, &sessions.Session{}) ctx = controller.WithMembership(ctx, &database.Membership{ - Realm: realm, - User: user, + Realm: &database.Realm{}, + User: &database.User{}, Permissions: rbac.MobileAppWrite, }) @@ -82,6 +77,11 @@ func TestHandleDisable(t *testing.T) { t.Run("success", func(t *testing.T) { t.Parallel() + realm, err := harness.Database.FindRealm(1) + if err != nil { + t.Fatal(err) + } + app := &database.MobileApp{ RealmID: realm.ID, Name: "Appy", @@ -97,7 +97,7 @@ func TestHandleDisable(t *testing.T) { ctx = controller.WithSession(ctx, &sessions.Session{}) ctx = controller.WithMembership(ctx, &database.Membership{ Realm: realm, - User: user, + User: &database.User{}, Permissions: rbac.MobileAppWrite, }) diff --git a/pkg/controller/mobileapps/enable_test.go b/pkg/controller/mobileapps/enable_test.go index 0baaf387b..b5d03b307 100644 --- a/pkg/controller/mobileapps/enable_test.go +++ b/pkg/controller/mobileapps/enable_test.go @@ -35,12 +35,7 @@ func TestHandleEnable(t *testing.T) { t.Parallel() ctx := project.TestContext(t) - harness := envstest.NewServer(t, testDatabaseInstance) - - realm, user, _, err := harness.ProvisionAndLogin() - if err != nil { - t.Fatal(err) - } + harness := envstest.NewServerConfig(t, testDatabaseInstance) c := mobileapps.New(harness.Database, harness.Renderer) handler := c.HandleEnable() @@ -52,8 +47,8 @@ func TestHandleEnable(t *testing.T) { envstest.ExerciseMembershipMissing(t, handler) envstest.ExercisePermissionMissing(t, handler) envstest.ExerciseIDNotFound(t, &database.Membership{ - Realm: realm, - User: user, + Realm: &database.Realm{}, + User: &database.User{}, Permissions: rbac.MobileAppWrite, }, handler) }) @@ -67,8 +62,8 @@ func TestHandleEnable(t *testing.T) { ctx := ctx ctx = controller.WithSession(ctx, &sessions.Session{}) ctx = controller.WithMembership(ctx, &database.Membership{ - Realm: realm, - User: user, + Realm: &database.Realm{}, + User: &database.User{}, Permissions: rbac.MobileAppWrite, }) @@ -84,8 +79,12 @@ func TestHandleEnable(t *testing.T) { t.Run("success", func(t *testing.T) { t.Parallel() - deletedAt := time.Now().Add(-720 * time.Hour) + realm, err := harness.Database.FindRealm(1) + if err != nil { + t.Fatal(err) + } + deletedAt := time.Now().Add(-720 * time.Hour) app := &database.MobileApp{ RealmID: realm.ID, Name: "Appy", @@ -104,7 +103,7 @@ func TestHandleEnable(t *testing.T) { ctx = controller.WithSession(ctx, &sessions.Session{}) ctx = controller.WithMembership(ctx, &database.Membership{ Realm: realm, - User: user, + User: &database.User{}, Permissions: rbac.MobileAppWrite, }) diff --git a/pkg/controller/mobileapps/index_test.go b/pkg/controller/mobileapps/index_test.go index e9901cc15..c8b97b55d 100644 --- a/pkg/controller/mobileapps/index_test.go +++ b/pkg/controller/mobileapps/index_test.go @@ -32,12 +32,7 @@ func TestHandleIndex(t *testing.T) { t.Parallel() ctx := project.TestContext(t) - harness := envstest.NewServer(t, testDatabaseInstance) - - realm, user, _, err := harness.ProvisionAndLogin() - if err != nil { - t.Fatal(err) - } + harness := envstest.NewServerConfig(t, testDatabaseInstance) c := mobileapps.New(harness.Database, harness.Renderer) handler := middleware.InjectCurrentPath()(c.HandleIndex()) @@ -48,8 +43,8 @@ func TestHandleIndex(t *testing.T) { envstest.ExerciseMembershipMissing(t, handler) envstest.ExercisePermissionMissing(t, handler) envstest.ExerciseBadPagination(t, &database.Membership{ - Realm: realm, - User: user, + Realm: &database.Realm{}, + User: &database.User{}, Permissions: rbac.MobileAppRead, }, handler) }) @@ -63,8 +58,8 @@ func TestHandleIndex(t *testing.T) { ctx := ctx ctx = controller.WithSession(ctx, &sessions.Session{}) ctx = controller.WithMembership(ctx, &database.Membership{ - Realm: realm, - User: user, + Realm: &database.Realm{}, + User: &database.User{}, Permissions: rbac.MobileAppRead, }) @@ -79,6 +74,11 @@ func TestHandleIndex(t *testing.T) { t.Run("success", func(t *testing.T) { t.Parallel() + realm, err := harness.Database.FindRealm(1) + if err != nil { + t.Fatal(err) + } + app := &database.MobileApp{ RealmID: realm.ID, Name: "Appy", @@ -94,7 +94,7 @@ func TestHandleIndex(t *testing.T) { ctx = controller.WithSession(ctx, &sessions.Session{}) ctx = controller.WithMembership(ctx, &database.Membership{ Realm: realm, - User: user, + User: &database.User{}, Permissions: rbac.MobileAppRead, }) diff --git a/pkg/controller/mobileapps/show_test.go b/pkg/controller/mobileapps/show_test.go index 4ca01e113..2ba990ece 100644 --- a/pkg/controller/mobileapps/show_test.go +++ b/pkg/controller/mobileapps/show_test.go @@ -33,12 +33,7 @@ func TestHandleShow(t *testing.T) { t.Parallel() ctx := project.TestContext(t) - harness := envstest.NewServer(t, testDatabaseInstance) - - realm, user, _, err := harness.ProvisionAndLogin() - if err != nil { - t.Fatal(err) - } + harness := envstest.NewServerConfig(t, testDatabaseInstance) c := mobileapps.New(harness.Database, harness.Renderer) handler := c.HandleShow() @@ -50,8 +45,8 @@ func TestHandleShow(t *testing.T) { envstest.ExerciseMembershipMissing(t, handler) envstest.ExercisePermissionMissing(t, handler) envstest.ExerciseIDNotFound(t, &database.Membership{ - Realm: realm, - User: user, + Realm: &database.Realm{}, + User: &database.User{}, Permissions: rbac.MobileAppRead, }, handler) }) @@ -65,8 +60,8 @@ func TestHandleShow(t *testing.T) { ctx := ctx ctx = controller.WithSession(ctx, &sessions.Session{}) ctx = controller.WithMembership(ctx, &database.Membership{ - Realm: realm, - User: user, + Realm: &database.Realm{}, + User: &database.User{}, Permissions: rbac.MobileAppRead, }) @@ -82,6 +77,11 @@ func TestHandleShow(t *testing.T) { t.Run("success", func(t *testing.T) { t.Parallel() + realm, err := harness.Database.FindRealm(1) + if err != nil { + t.Fatal(err) + } + app := &database.MobileApp{ RealmID: realm.ID, Name: "Appy", @@ -97,7 +97,7 @@ func TestHandleShow(t *testing.T) { ctx = controller.WithSession(ctx, &sessions.Session{}) ctx = controller.WithMembership(ctx, &database.Membership{ Realm: realm, - User: user, + User: &database.User{}, Permissions: rbac.MobileAppRead, }) diff --git a/pkg/controller/mobileapps/update_test.go b/pkg/controller/mobileapps/update_test.go index 05572f7fd..f2940f68f 100644 --- a/pkg/controller/mobileapps/update_test.go +++ b/pkg/controller/mobileapps/update_test.go @@ -35,23 +35,7 @@ func TestHandleUpdate(t *testing.T) { t.Parallel() ctx := project.TestContext(t) - harness := envstest.NewServer(t, testDatabaseInstance) - - realm, user, _, err := harness.ProvisionAndLogin() - if err != nil { - t.Fatal(err) - } - - app := &database.MobileApp{ - RealmID: realm.ID, - Name: "Appy", - AppID: "com.example.app", - URL: "https://app.example.com", - OS: database.OSTypeIOS, - } - if err := harness.Database.SaveMobileApp(app, database.SystemTest); err != nil { - t.Fatal(err) - } + harness := envstest.NewServerConfig(t, testDatabaseInstance) c := mobileapps.New(harness.Database, harness.Renderer) handler := c.HandleUpdate() @@ -63,8 +47,8 @@ func TestHandleUpdate(t *testing.T) { envstest.ExerciseMembershipMissing(t, handler) envstest.ExercisePermissionMissing(t, handler) envstest.ExerciseIDNotFound(t, &database.Membership{ - Realm: realm, - User: user, + Realm: &database.Realm{}, + User: &database.User{}, Permissions: rbac.MobileAppWrite, }, handler) }) @@ -78,8 +62,8 @@ func TestHandleUpdate(t *testing.T) { ctx := ctx ctx = controller.WithSession(ctx, &sessions.Session{}) ctx = controller.WithMembership(ctx, &database.Membership{ - Realm: realm, - User: user, + Realm: &database.Realm{}, + User: &database.User{}, Permissions: rbac.MobileAppWrite, }) @@ -97,11 +81,27 @@ func TestHandleUpdate(t *testing.T) { t.Run("validation", func(t *testing.T) { t.Parallel() + realm, err := harness.Database.FindRealm(1) + if err != nil { + t.Fatal(err) + } + + app := &database.MobileApp{ + RealmID: realm.ID, + Name: "Appy1", + AppID: "com.example.app1", + URL: "https://app1.example.com", + OS: database.OSTypeIOS, + } + if err := harness.Database.SaveMobileApp(app, database.SystemTest); err != nil { + t.Fatal(err) + } + ctx := ctx ctx = controller.WithSession(ctx, &sessions.Session{}) ctx = controller.WithMembership(ctx, &database.Membership{ Realm: realm, - User: user, + User: &database.User{}, Permissions: rbac.MobileAppWrite, }) @@ -123,11 +123,27 @@ func TestHandleUpdate(t *testing.T) { t.Run("success", func(t *testing.T) { t.Parallel() + realm, err := harness.Database.FindRealm(1) + if err != nil { + t.Fatal(err) + } + + app := &database.MobileApp{ + RealmID: realm.ID, + Name: "Appy2", + AppID: "com.example.app2", + URL: "https://app2.example.com", + OS: database.OSTypeIOS, + } + if err := harness.Database.SaveMobileApp(app, database.SystemTest); err != nil { + t.Fatal(err) + } + ctx := ctx ctx = controller.WithSession(ctx, &sessions.Session{}) ctx = controller.WithMembership(ctx, &database.Membership{ Realm: realm, - User: user, + User: &database.User{}, Permissions: rbac.MobileAppWrite, }) diff --git a/pkg/controller/realmadmin/events_test.go b/pkg/controller/realmadmin/events_test.go index 941ec7f81..d0a097ad0 100644 --- a/pkg/controller/realmadmin/events_test.go +++ b/pkg/controller/realmadmin/events_test.go @@ -32,12 +32,7 @@ func TestHandleEvents(t *testing.T) { t.Parallel() ctx := project.TestContext(t) - harness := envstest.NewServer(t, testDatabaseInstance) - - realm, user, _, err := harness.ProvisionAndLogin() - if err != nil { - t.Fatal(err) - } + harness := envstest.NewServerConfig(t, testDatabaseInstance) c := realmadmin.New(harness.Config, harness.Database, harness.RateLimiter, harness.Renderer) handler := middleware.InjectCurrentPath()(c.HandleEvents()) @@ -49,8 +44,8 @@ func TestHandleEvents(t *testing.T) { envstest.ExerciseMembershipMissing(t, handler) envstest.ExercisePermissionMissing(t, handler) envstest.ExerciseBadPagination(t, &database.Membership{ - Realm: realm, - User: user, + Realm: &database.Realm{}, + User: &database.User{}, Permissions: rbac.AuditRead, }, handler) }) @@ -64,8 +59,8 @@ func TestHandleEvents(t *testing.T) { ctx := ctx ctx = controller.WithSession(ctx, &sessions.Session{}) ctx = controller.WithMembership(ctx, &database.Membership{ - Realm: realm, - User: user, + Realm: &database.Realm{}, + User: &database.User{}, Permissions: rbac.AuditRead, }) @@ -80,11 +75,16 @@ func TestHandleEvents(t *testing.T) { t.Run("lists", func(t *testing.T) { t.Parallel() + realm, err := harness.Database.FindRealm(1) + if err != nil { + t.Fatal(err) + } + ctx := ctx ctx = controller.WithSession(ctx, &sessions.Session{}) ctx = controller.WithMembership(ctx, &database.Membership{ Realm: realm, - User: user, + User: &database.User{}, Permissions: rbac.AuditRead, }) @@ -99,11 +99,16 @@ func TestHandleEvents(t *testing.T) { t.Run("searches", func(t *testing.T) { t.Parallel() + realm, err := harness.Database.FindRealm(1) + if err != nil { + t.Fatal(err) + } + ctx := ctx ctx = controller.WithSession(ctx, &sessions.Session{}) ctx = controller.WithMembership(ctx, &database.Membership{ Realm: realm, - User: user, + User: &database.User{}, Permissions: rbac.AuditRead, }) diff --git a/pkg/controller/realmadmin/settings_modify_test.go b/pkg/controller/realmadmin/settings_modify_test.go index 06397c064..ac8ee1148 100644 --- a/pkg/controller/realmadmin/settings_modify_test.go +++ b/pkg/controller/realmadmin/settings_modify_test.go @@ -38,13 +38,7 @@ func TestHandleSettings(t *testing.T) { t.Parallel() ctx := project.TestContext(t) - harness := envstest.NewServer(t, testDatabaseInstance) - - realm, user, _, err := harness.ProvisionAndLogin() - if err != nil { - t.Fatal(err) - } - realm.AbusePreventionEnabled = true + harness := envstest.NewServerConfig(t, testDatabaseInstance) c := realmadmin.New(harness.Config, harness.Database, harness.RateLimiter, harness.Renderer) handler := middleware.InjectCurrentPath()(c.HandleSettings()) @@ -60,11 +54,16 @@ func TestHandleSettings(t *testing.T) { t.Run("missing_upsert_permission", func(t *testing.T) { t.Parallel() + realm, err := harness.Database.FindRealm(1) + if err != nil { + t.Fatal(err) + } + ctx := ctx ctx = controller.WithSession(ctx, &sessions.Session{}) ctx = controller.WithMembership(ctx, &database.Membership{ Realm: realm, - User: user, + User: &database.User{}, Permissions: rbac.SettingsRead, }) @@ -88,7 +87,7 @@ func TestHandleSettings(t *testing.T) { ctx = controller.WithSession(ctx, &sessions.Session{}) ctx = controller.WithMembership(ctx, &database.Membership{ Realm: realm, - User: user, + User: &database.User{}, Permissions: rbac.SettingsRead | rbac.SettingsWrite, }) @@ -132,7 +131,7 @@ func TestHandleSettings(t *testing.T) { ctx = controller.WithSession(ctx, &sessions.Session{}) ctx = controller.WithMembership(ctx, &database.Membership{ Realm: realm, - User: user, + User: &database.User{}, Permissions: rbac.SettingsRead | rbac.SettingsWrite, }) @@ -192,7 +191,7 @@ func TestHandleSettings(t *testing.T) { ctx = controller.WithSession(ctx, &sessions.Session{}) ctx = controller.WithMembership(ctx, &database.Membership{ Realm: realm, - User: user, + User: &database.User{}, Permissions: rbac.SettingsRead | rbac.SettingsWrite, }) @@ -267,7 +266,7 @@ func TestHandleSettings(t *testing.T) { ctx = controller.WithSession(ctx, &sessions.Session{}) ctx = controller.WithMembership(ctx, &database.Membership{ Realm: realm, - User: user, + User: &database.User{}, Permissions: rbac.SettingsRead | rbac.SettingsWrite, }) @@ -306,7 +305,7 @@ func TestHandleSettings(t *testing.T) { ctx = controller.WithSession(ctx, &sessions.Session{}) ctx = controller.WithMembership(ctx, &database.Membership{ Realm: realm, - User: user, + User: &database.User{}, Permissions: rbac.SettingsRead | rbac.SettingsWrite, }) @@ -348,7 +347,7 @@ func TestHandleSettings(t *testing.T) { ctx = controller.WithSession(ctx, &sessions.Session{}) ctx = controller.WithMembership(ctx, &database.Membership{ Realm: realm, - User: user, + User: &database.User{}, Permissions: rbac.SettingsRead | rbac.SettingsWrite, }) @@ -386,7 +385,7 @@ func TestHandleSettings(t *testing.T) { ctx = controller.WithSession(ctx, &sessions.Session{}) ctx = controller.WithMembership(ctx, &database.Membership{ Realm: realm, - User: user, + User: &database.User{}, Permissions: rbac.SettingsRead | rbac.SettingsWrite, }) @@ -419,7 +418,7 @@ func TestHandleSettings(t *testing.T) { ctx = controller.WithSession(ctx, &sessions.Session{}) ctx = controller.WithMembership(ctx, &database.Membership{ Realm: realm, - User: user, + User: &database.User{}, Permissions: rbac.SettingsRead | rbac.SettingsWrite, }) @@ -440,11 +439,16 @@ func TestHandleSettings(t *testing.T) { t.Run("validation", func(t *testing.T) { t.Parallel() + realm, err := harness.Database.FindRealm(1) + if err != nil { + t.Fatal(err) + } + ctx := ctx ctx = controller.WithSession(ctx, &sessions.Session{}) ctx = controller.WithMembership(ctx, &database.Membership{ Realm: realm, - User: user, + User: &database.User{}, Permissions: rbac.SettingsRead | rbac.SettingsWrite, }) @@ -477,8 +481,8 @@ func TestHandleSettings(t *testing.T) { ctx := ctx ctx = controller.WithSession(ctx, &sessions.Session{}) ctx = controller.WithMembership(ctx, &database.Membership{ - Realm: realm, - User: user, + Realm: &database.Realm{}, + User: &database.User{}, Permissions: rbac.SettingsRead | rbac.SettingsWrite, }) diff --git a/pkg/controller/realmkeys/activate.go b/pkg/controller/realmkeys/activate.go index a7cb47dcc..3fc77c36d 100644 --- a/pkg/controller/realmkeys/activate.go +++ b/pkg/controller/realmkeys/activate.go @@ -52,6 +52,7 @@ func (c *Controller) HandleActivate() http.Handler { var form FormData if err := controller.BindForm(w, r, &form); err != nil { flash.Error("Failed to process form: %v", err) + w.WriteHeader(http.StatusUnprocessableEntity) c.renderShow(ctx, w, r, currentRealm) return } @@ -59,11 +60,12 @@ func (c *Controller) HandleActivate() http.Handler { kid, err := currentRealm.SetActiveSigningKey(c.db, form.SigningKeyID, currentUser) if err != nil { flash.Error("Unable to set active signing key: %v", err) + w.WriteHeader(http.StatusUnprocessableEntity) c.renderShow(ctx, w, r, currentRealm) return } - flash.Alert("Updated active signing key to %q", kid) + flash.Alert("Updated active signing key to %q", kid) c.redirectShow(ctx, w, r) }) } diff --git a/pkg/controller/realmkeys/activate_test.go b/pkg/controller/realmkeys/activate_test.go index d560b96f6..d36c5f417 100644 --- a/pkg/controller/realmkeys/activate_test.go +++ b/pkg/controller/realmkeys/activate_test.go @@ -34,12 +34,7 @@ func TestRealmKeys_SubmitActivate(t *testing.T) { t.Parallel() ctx := project.TestContext(t) - harness := envstest.NewServer(t, testDatabaseInstance) - - realm, user, _, err := harness.ProvisionAndLogin() - if err != nil { - t.Fatal(err) - } + harness := envstest.NewServerConfig(t, testDatabaseInstance) publicKeyCache, err := keyutils.NewPublicKeyCache(ctx, harness.Cacher, harness.Config.CertificateSigning.PublicKeyCacheDuration) if err != nil { @@ -62,8 +57,8 @@ func TestRealmKeys_SubmitActivate(t *testing.T) { ctx := ctx ctx = controller.WithSession(ctx, &sessions.Session{}) ctx = controller.WithMembership(ctx, &database.Membership{ - User: user, - Realm: realm, + User: &database.User{}, + Realm: &database.Realm{}, Permissions: rbac.SettingsWrite, }) @@ -71,7 +66,7 @@ func TestRealmKeys_SubmitActivate(t *testing.T) { handler.ServeHTTP(w, r) // shows original page with error flash - if got, want := w.Code, http.StatusOK; got != want { + if got, want := w.Code, http.StatusUnprocessableEntity; got != want { t.Errorf("expected %d to be %d: %s", got, want, w.Body.String()) } }) @@ -82,8 +77,8 @@ func TestRealmKeys_SubmitActivate(t *testing.T) { ctx := ctx ctx = controller.WithSession(ctx, &sessions.Session{}) ctx = controller.WithMembership(ctx, &database.Membership{ - User: user, - Realm: realm, + User: &database.User{}, + Realm: &database.Realm{}, Permissions: rbac.SettingsWrite, }) @@ -93,7 +88,7 @@ func TestRealmKeys_SubmitActivate(t *testing.T) { handler.ServeHTTP(w, r) // shows original page with error flash - if got, want := w.Code, http.StatusOK; got != want { + if got, want := w.Code, http.StatusUnprocessableEntity; got != want { t.Errorf("expected %d to be %d: %s", got, want, w.Body.String()) } }) @@ -101,6 +96,11 @@ func TestRealmKeys_SubmitActivate(t *testing.T) { t.Run("success", func(t *testing.T) { t.Parallel() + realm, err := harness.Database.FindRealm(1) + if err != nil { + t.Fatal(err) + } + if _, err := realm.CreateSigningKeyVersion(ctx, harness.Database, database.SystemTest); err != nil { t.Fatal(err) } @@ -112,7 +112,7 @@ func TestRealmKeys_SubmitActivate(t *testing.T) { ctx := ctx ctx = controller.WithSession(ctx, &sessions.Session{}) ctx = controller.WithMembership(ctx, &database.Membership{ - User: user, + User: &database.User{}, Realm: realm, Permissions: rbac.SettingsWrite, }) @@ -122,7 +122,6 @@ func TestRealmKeys_SubmitActivate(t *testing.T) { }) handler.ServeHTTP(w, r) - // shows original page with error flash if got, want := w.Code, http.StatusSeeOther; got != want { t.Errorf("expected %d to be %d: %s", got, want, w.Body.String()) } diff --git a/pkg/controller/realmkeys/automatic_rotate_test.go b/pkg/controller/realmkeys/automatic_rotate_test.go index 44e133bc0..ab06455ca 100644 --- a/pkg/controller/realmkeys/automatic_rotate_test.go +++ b/pkg/controller/realmkeys/automatic_rotate_test.go @@ -16,13 +16,11 @@ package realmkeys_test import ( "net/http" - "net/http/httptest" "strings" "testing" "github.com/google/exposure-notifications-verification-server/internal/envstest" "github.com/google/exposure-notifications-verification-server/internal/project" - "github.com/google/exposure-notifications-verification-server/pkg/config" "github.com/google/exposure-notifications-verification-server/pkg/controller" "github.com/google/exposure-notifications-verification-server/pkg/controller/realmkeys" "github.com/google/exposure-notifications-verification-server/pkg/database" @@ -35,20 +33,18 @@ func TestHandleAutomaticRotate(t *testing.T) { t.Parallel() ctx := project.TestContext(t) - harness := envstest.NewServer(t, testDatabaseInstance) + harness := envstest.NewServerConfig(t, testDatabaseInstance) - cfg := &config.ServerConfig{} + publicKeyCache, err := keyutils.NewPublicKeyCache(ctx, harness.Cacher, harness.Config.CertificateSigning.PublicKeyCacheDuration) + if err != nil { + t.Fatal(err) + } + c := realmkeys.New(harness.Config, harness.Database, harness.KeyManager, publicKeyCache, harness.Renderer) + handler := c.HandleAutomaticRotate() t.Run("middleware", func(t *testing.T) { t.Parallel() - publicKeyCache, err := keyutils.NewPublicKeyCache(ctx, harness.Cacher, cfg.CertificateSigning.PublicKeyCacheDuration) - if err != nil { - t.Fatal(err) - } - c := realmkeys.New(cfg, harness.Database, harness.KeyManager, publicKeyCache, harness.Renderer) - handler := c.HandleAutomaticRotate() - envstest.ExerciseSessionMissing(t, handler) envstest.ExerciseMembershipMissing(t, handler) envstest.ExercisePermissionMissing(t, handler) @@ -57,13 +53,6 @@ func TestHandleAutomaticRotate(t *testing.T) { t.Run("not_realm_specific_keys", func(t *testing.T) { t.Parallel() - publicKeyCache, err := keyutils.NewPublicKeyCache(ctx, harness.Cacher, cfg.CertificateSigning.PublicKeyCacheDuration) - if err != nil { - t.Fatal(err) - } - c := realmkeys.New(cfg, harness.Database, harness.KeyManager, publicKeyCache, harness.Renderer) - handler := c.HandleAutomaticRotate() - ctx := ctx ctx = controller.WithSession(ctx, &sessions.Session{}) ctx = controller.WithMembership(ctx, &database.Membership{ @@ -76,17 +65,11 @@ func TestHandleAutomaticRotate(t *testing.T) { Permissions: rbac.SettingsWrite, }) - r := httptest.NewRequest(http.MethodPut, "/", nil) - r = r.Clone(ctx) - r.Header.Set("Content-Type", "text/html") - - w := httptest.NewRecorder() - + w, r := envstest.BuildFormRequest(ctx, t, http.MethodPut, "/", nil) handler.ServeHTTP(w, r) - w.Flush() if got, want := w.Code, http.StatusUnprocessableEntity; got != want { - t.Errorf("Expected %d to be %d", got, want) + t.Errorf("Expected %d to be %d: %s", got, want, w.Body.String()) } if got, want := w.Body.String(), "must upgrade to realm-specific signing keys"; !strings.Contains(got, want) { t.Errorf("Expected %q to contain %q", got, want) @@ -96,13 +79,6 @@ func TestHandleAutomaticRotate(t *testing.T) { t.Run("already_enabled", func(t *testing.T) { t.Parallel() - publicKeyCache, err := keyutils.NewPublicKeyCache(ctx, harness.Cacher, cfg.CertificateSigning.PublicKeyCacheDuration) - if err != nil { - t.Fatal(err) - } - c := realmkeys.New(cfg, harness.Database, harness.KeyManager, publicKeyCache, harness.Renderer) - handler := c.HandleAutomaticRotate() - ctx := ctx ctx = controller.WithSession(ctx, &sessions.Session{}) ctx = controller.WithMembership(ctx, &database.Membership{ @@ -116,17 +92,11 @@ func TestHandleAutomaticRotate(t *testing.T) { Permissions: rbac.SettingsWrite, }) - r := httptest.NewRequest(http.MethodPut, "/", nil) - r = r.Clone(ctx) - r.Header.Set("Content-Type", "text/html") - - w := httptest.NewRecorder() - + w, r := envstest.BuildFormRequest(ctx, t, http.MethodPut, "/", nil) handler.ServeHTTP(w, r) - w.Flush() if got, want := w.Code, http.StatusUnprocessableEntity; got != want { - t.Errorf("Expected %d to be %d", got, want) + t.Errorf("Expected %d to be %d: %s", got, want, w.Body.String()) } if got, want := w.Body.String(), "is already enabled"; !strings.Contains(got, want) { t.Errorf("Expected %q to contain %q", got, want) @@ -136,14 +106,7 @@ func TestHandleAutomaticRotate(t *testing.T) { t.Run("internal_error", func(t *testing.T) { t.Parallel() - harness := envstest.NewServerConfig(t, testDatabaseInstance) - harness.Database.SetRawDB(envstest.NewFailingDatabase()) - - publicKeyCache, err := keyutils.NewPublicKeyCache(ctx, harness.Cacher, cfg.CertificateSigning.PublicKeyCacheDuration) - if err != nil { - t.Fatal(err) - } - c := realmkeys.New(cfg, harness.Database, harness.KeyManager, publicKeyCache, harness.Renderer) + c := realmkeys.New(harness.Config, harness.BadDatabase, harness.KeyManager, publicKeyCache, harness.Renderer) handler := c.HandleAutomaticRotate() ctx := ctx @@ -159,17 +122,11 @@ func TestHandleAutomaticRotate(t *testing.T) { Permissions: rbac.SettingsWrite, }) - r := httptest.NewRequest(http.MethodPut, "/", nil) - r = r.Clone(ctx) - r.Header.Set("Content-Type", "text/html") - - w := httptest.NewRecorder() - + w, r := envstest.BuildFormRequest(ctx, t, http.MethodPut, "/", nil) handler.ServeHTTP(w, r) - w.Flush() if got, want := w.Code, http.StatusInternalServerError; got != want { - t.Errorf("Expected %d to be %d", got, want) + t.Errorf("Expected %d to be %d: %s", got, want, w.Body.String()) } if got, want := w.Body.String(), "Internal server error"; !strings.Contains(got, want) { t.Errorf("Expected %q to contain %q", got, want) @@ -179,13 +136,6 @@ func TestHandleAutomaticRotate(t *testing.T) { t.Run("enables", func(t *testing.T) { t.Parallel() - publicKeyCache, err := keyutils.NewPublicKeyCache(ctx, harness.Cacher, cfg.CertificateSigning.PublicKeyCacheDuration) - if err != nil { - t.Fatal(err) - } - c := realmkeys.New(cfg, harness.Database, harness.KeyManager, publicKeyCache, harness.Renderer) - handler := c.HandleAutomaticRotate() - realm := database.NewRealmWithDefaults("test") realm.CertificateIssuer = "iss" realm.CertificateAudience = "aud" @@ -203,17 +153,11 @@ func TestHandleAutomaticRotate(t *testing.T) { Permissions: rbac.SettingsWrite, }) - r := httptest.NewRequest(http.MethodPut, "/", nil) - r = r.Clone(ctx) - r.Header.Set("Content-Type", "text/html") - - w := httptest.NewRecorder() - + w, r := envstest.BuildFormRequest(ctx, t, http.MethodPut, "/", nil) handler.ServeHTTP(w, r) - w.Flush() if got, want := w.Code, http.StatusSeeOther; got != want { - t.Errorf("Expected %d to be %d", got, want) + t.Errorf("Expected %d to be %d: %s", got, want, w.Body.String()) } if got, want := w.Header().Get("Location"), "/realm/keys"; got != want { t.Errorf("Expected %q to be %q", got, want) diff --git a/pkg/controller/realmkeys/create_test.go b/pkg/controller/realmkeys/create_test.go index cce8bb312..d6a4e44dd 100644 --- a/pkg/controller/realmkeys/create_test.go +++ b/pkg/controller/realmkeys/create_test.go @@ -16,66 +16,63 @@ package realmkeys_test import ( "net/http" - "net/http/httptest" - "strings" "testing" "github.com/google/exposure-notifications-verification-server/internal/envstest" "github.com/google/exposure-notifications-verification-server/internal/project" - "github.com/google/exposure-notifications-verification-server/pkg/config" "github.com/google/exposure-notifications-verification-server/pkg/controller" "github.com/google/exposure-notifications-verification-server/pkg/controller/realmkeys" "github.com/google/exposure-notifications-verification-server/pkg/database" "github.com/google/exposure-notifications-verification-server/pkg/keyutils" "github.com/google/exposure-notifications-verification-server/pkg/rbac" + "github.com/gorilla/sessions" ) func TestRealmKeys_SubmitCreate(t *testing.T) { t.Parallel() ctx := project.TestContext(t) - harness := envstest.NewServer(t, testDatabaseInstance) + harness := envstest.NewServerConfig(t, testDatabaseInstance) - realm, user, session, err := harness.ProvisionAndLogin() + publicKeyCache, err := keyutils.NewPublicKeyCache(ctx, harness.Cacher, harness.Config.CertificateSigning.PublicKeyCacheDuration) if err != nil { t.Fatal(err) } - ctx = controller.WithSession(ctx, session) - - cfg := &config.ServerConfig{} - - publicKeyCache, err := keyutils.NewPublicKeyCache(ctx, harness.Cacher, cfg.CertificateSigning.PublicKeyCacheDuration) - if err != nil { - t.Fatal(err) - } - c := realmkeys.New(cfg, harness.Database, harness.KeyManager, publicKeyCache, harness.Renderer) + c := realmkeys.New(harness.Config, harness.Database, harness.KeyManager, publicKeyCache, harness.Renderer) handler := c.HandleCreateKey() - envstest.ExerciseSessionMissing(t, handler) - envstest.ExerciseMembershipMissing(t, handler) - envstest.ExercisePermissionMissing(t, handler) + t.Run("middleware", func(t *testing.T) { + t.Parallel() - ctx = controller.WithMembership(ctx, &database.Membership{ - User: user, - Realm: realm, - Permissions: rbac.SettingsWrite, + envstest.ExerciseSessionMissing(t, handler) + envstest.ExerciseMembershipMissing(t, handler) + envstest.ExercisePermissionMissing(t, handler) }) - // success - func() { - req, err := http.NewRequestWithContext(ctx, http.MethodPost, "", strings.NewReader("")) + t.Run("success", func(t *testing.T) { + t.Parallel() + + realm, err := harness.Database.FindRealm(1) if err != nil { t.Fatal(err) } - req.Header.Add("Content-Type", "application/x-www-form-urlencoded") - w := httptest.NewRecorder() - handler.ServeHTTP(w, req) - result := w.Result() - defer result.Body.Close() + ctx := ctx + ctx = controller.WithSession(ctx, &sessions.Session{}) + ctx = controller.WithMembership(ctx, &database.Membership{ + User: &database.User{}, + Realm: realm, + Permissions: rbac.SettingsWrite, + }) + + w, r := envstest.BuildFormRequest(ctx, t, http.MethodPut, "/", nil) + handler.ServeHTTP(w, r) - if result.StatusCode != http.StatusSeeOther { - t.Errorf("expected status 301 SeeOther, got %d", result.StatusCode) + if got, want := w.Code, http.StatusSeeOther; got != want { + t.Errorf("expected %d to be %d: %s", got, want, w.Body.String()) } - }() + if got, want := w.Header().Get("Location"), "/realm/keys"; got != want { + t.Errorf("expected %s to be %s", got, want) + } + }) } diff --git a/pkg/controller/realmkeys/destroy.go b/pkg/controller/realmkeys/destroy.go index 8b0880fe7..d0ef0cd08 100644 --- a/pkg/controller/realmkeys/destroy.go +++ b/pkg/controller/realmkeys/destroy.go @@ -49,6 +49,7 @@ func (c *Controller) HandleDestroy() http.Handler { if err := currentRealm.DestroySigningKeyVersion(ctx, c.db, vars["id"], currentUser); err != nil { flash.Error("Failed to destroy signing key version: %v", err) + w.WriteHeader(http.StatusUnprocessableEntity) c.renderShow(ctx, w, r, currentRealm) return } diff --git a/pkg/controller/realmkeys/destroy_test.go b/pkg/controller/realmkeys/destroy_test.go index f96fbc694..0996dc31c 100644 --- a/pkg/controller/realmkeys/destroy_test.go +++ b/pkg/controller/realmkeys/destroy_test.go @@ -17,97 +17,75 @@ package realmkeys_test import ( "fmt" "net/http" - "net/http/httptest" - "strings" "testing" "github.com/google/exposure-notifications-verification-server/internal/envstest" "github.com/google/exposure-notifications-verification-server/internal/project" - "github.com/google/exposure-notifications-verification-server/pkg/config" "github.com/google/exposure-notifications-verification-server/pkg/controller" "github.com/google/exposure-notifications-verification-server/pkg/controller/realmkeys" "github.com/google/exposure-notifications-verification-server/pkg/database" "github.com/google/exposure-notifications-verification-server/pkg/keyutils" "github.com/google/exposure-notifications-verification-server/pkg/rbac" "github.com/gorilla/mux" + "github.com/gorilla/sessions" ) func TestRealmKeys_SubmitDestroy(t *testing.T) { t.Parallel() ctx := project.TestContext(t) - harness := envstest.NewServer(t, testDatabaseInstance) + harness := envstest.NewServerConfig(t, testDatabaseInstance) - realm, user, session, err := harness.ProvisionAndLogin() + publicKeyCache, err := keyutils.NewPublicKeyCache(ctx, harness.Cacher, harness.Config.CertificateSigning.PublicKeyCacheDuration) if err != nil { t.Fatal(err) } - ctx = controller.WithSession(ctx, session) - - cfg := &config.ServerConfig{} - - publicKeyCache, err := keyutils.NewPublicKeyCache(ctx, harness.Cacher, cfg.CertificateSigning.PublicKeyCacheDuration) - if err != nil { - t.Fatal(err) - } - c := realmkeys.New(cfg, harness.Database, harness.KeyManager, publicKeyCache, harness.Renderer) + c := realmkeys.New(harness.Config, harness.Database, harness.KeyManager, publicKeyCache, harness.Renderer) handler := c.HandleDestroy() - envstest.ExerciseSessionMissing(t, handler) - envstest.ExerciseMembershipMissing(t, handler) - envstest.ExercisePermissionMissing(t, handler) + t.Run("middleware", func(t *testing.T) { + t.Parallel() - ctx = controller.WithMembership(ctx, &database.Membership{ - User: user, - Realm: realm, - Permissions: rbac.SettingsWrite, + envstest.ExerciseSessionMissing(t, handler) + envstest.ExerciseMembershipMissing(t, handler) + envstest.ExercisePermissionMissing(t, handler) }) - // no 'id' var - func() { - req, err := http.NewRequestWithContext(ctx, http.MethodPost, "", strings.NewReader("")) + t.Run("success", func(t *testing.T) { + t.Parallel() + + realm, err := harness.Database.FindRealm(1) if err != nil { t.Fatal(err) } - req.Header.Add("Content-Type", "application/x-www-form-urlencoded") - - w := httptest.NewRecorder() - handler.ServeHTTP(w, req) - result := w.Result() - defer result.Body.Close() - // shows original page with error flash - if result.StatusCode != http.StatusOK { - t.Errorf("expected status 200 OK, got %d", result.StatusCode) + for i := 0; i < 3; i++ { + if _, err := realm.CreateSigningKeyVersion(ctx, harness.Database, database.SystemTest); err != nil { + t.Fatal(err) + } } - }() - - if _, err := realm.CreateSigningKeyVersion(ctx, harness.Database, database.SystemTest); err != nil { - t.Fatal(err) - } - list, err := realm.ListSigningKeys(harness.Database) - if err != nil { - t.Fatal(err) - } - - // success - func() { - req, err := http.NewRequestWithContext(ctx, http.MethodPost, "", strings.NewReader("")) + list, err := realm.ListSigningKeys(harness.Database) if err != nil { t.Fatal(err) } - req = mux.SetURLVars(req, map[string]string{"id": fmt.Sprint(list[0].ID)}) - req.Header.Set("Accept", "text/html") - req.Header.Set("Content-Type", "application/x-www-form-urlencoded") - w := httptest.NewRecorder() - handler.ServeHTTP(w, req) - result := w.Result() - defer result.Body.Close() + ctx := ctx + ctx = controller.WithSession(ctx, &sessions.Session{}) + ctx = controller.WithMembership(ctx, &database.Membership{ + User: &database.User{}, + Realm: realm, + Permissions: rbac.SettingsWrite, + }) + + w, r := envstest.BuildFormRequest(ctx, t, http.MethodPost, "/", nil) + r = mux.SetURLVars(r, map[string]string{"id": fmt.Sprintf("%d", list[0].ID)}) + handler.ServeHTTP(w, r) - // shows original page with error flash - if result.StatusCode != http.StatusOK { - t.Errorf("expected status 200 OK, got %d", result.StatusCode) + if got, want := w.Code, http.StatusSeeOther; got != want { + t.Errorf("expected %d to be %d: %s", got, want, w.Body.String()) } - }() + if got, want := w.Header().Get("Location"), "/realm/keys"; got != want { + t.Errorf("expected %s to be %s", got, want) + } + }) } diff --git a/pkg/controller/realmkeys/manual_rotate_test.go b/pkg/controller/realmkeys/manual_rotate_test.go index 68ce7e8f3..9a9fc498e 100644 --- a/pkg/controller/realmkeys/manual_rotate_test.go +++ b/pkg/controller/realmkeys/manual_rotate_test.go @@ -16,13 +16,11 @@ package realmkeys_test import ( "net/http" - "net/http/httptest" "strings" "testing" "github.com/google/exposure-notifications-verification-server/internal/envstest" "github.com/google/exposure-notifications-verification-server/internal/project" - "github.com/google/exposure-notifications-verification-server/pkg/config" "github.com/google/exposure-notifications-verification-server/pkg/controller" "github.com/google/exposure-notifications-verification-server/pkg/controller/realmkeys" "github.com/google/exposure-notifications-verification-server/pkg/database" @@ -35,20 +33,18 @@ func TestHandleManualRotate(t *testing.T) { t.Parallel() ctx := project.TestContext(t) - harness := envstest.NewServer(t, testDatabaseInstance) + harness := envstest.NewServerConfig(t, testDatabaseInstance) - cfg := &config.ServerConfig{} + publicKeyCache, err := keyutils.NewPublicKeyCache(ctx, harness.Cacher, harness.Config.CertificateSigning.PublicKeyCacheDuration) + if err != nil { + t.Fatal(err) + } + c := realmkeys.New(harness.Config, harness.Database, harness.KeyManager, publicKeyCache, harness.Renderer) + handler := c.HandleManualRotate() t.Run("middleware", func(t *testing.T) { t.Parallel() - publicKeyCache, err := keyutils.NewPublicKeyCache(ctx, harness.Cacher, cfg.CertificateSigning.PublicKeyCacheDuration) - if err != nil { - t.Fatal(err) - } - c := realmkeys.New(cfg, harness.Database, harness.KeyManager, publicKeyCache, harness.Renderer) - handler := c.HandleManualRotate() - envstest.ExerciseSessionMissing(t, handler) envstest.ExerciseMembershipMissing(t, handler) envstest.ExercisePermissionMissing(t, handler) @@ -57,13 +53,6 @@ func TestHandleManualRotate(t *testing.T) { t.Run("not_enabled", func(t *testing.T) { t.Parallel() - publicKeyCache, err := keyutils.NewPublicKeyCache(ctx, harness.Cacher, cfg.CertificateSigning.PublicKeyCacheDuration) - if err != nil { - t.Fatal(err) - } - c := realmkeys.New(cfg, harness.Database, harness.KeyManager, publicKeyCache, harness.Renderer) - handler := c.HandleManualRotate() - ctx := ctx ctx = controller.WithSession(ctx, &sessions.Session{}) ctx = controller.WithMembership(ctx, &database.Membership{ @@ -74,17 +63,11 @@ func TestHandleManualRotate(t *testing.T) { Permissions: rbac.SettingsWrite, }) - r := httptest.NewRequest(http.MethodPut, "/", nil) - r = r.Clone(ctx) - r.Header.Set("Content-Type", "text/html") - - w := httptest.NewRecorder() - + w, r := envstest.BuildFormRequest(ctx, t, http.MethodPut, "", nil) handler.ServeHTTP(w, r) - w.Flush() if got, want := w.Code, http.StatusUnprocessableEntity; got != want { - t.Errorf("Expected %d to be %d", got, want) + t.Errorf("Expected %d to be %d: %s", got, want, w.Body.String()) } if got, want := w.Body.String(), "Already in manual key rotation mode"; !strings.Contains(got, want) { t.Errorf("Expected %q to contain %q", got, want) @@ -94,14 +77,7 @@ func TestHandleManualRotate(t *testing.T) { t.Run("internal_error", func(t *testing.T) { t.Parallel() - harness := envstest.NewServerConfig(t, testDatabaseInstance) - harness.Database.SetRawDB(envstest.NewFailingDatabase()) - - publicKeyCache, err := keyutils.NewPublicKeyCache(ctx, harness.Cacher, cfg.CertificateSigning.PublicKeyCacheDuration) - if err != nil { - t.Fatal(err) - } - c := realmkeys.New(cfg, harness.Database, harness.KeyManager, publicKeyCache, harness.Renderer) + c := realmkeys.New(harness.Config, harness.BadDatabase, harness.KeyManager, publicKeyCache, harness.Renderer) handler := c.HandleManualRotate() ctx := ctx @@ -114,17 +90,11 @@ func TestHandleManualRotate(t *testing.T) { Permissions: rbac.SettingsWrite, }) - r := httptest.NewRequest(http.MethodPut, "/", nil) - r = r.Clone(ctx) - r.Header.Set("Content-Type", "text/html") - - w := httptest.NewRecorder() - + w, r := envstest.BuildFormRequest(ctx, t, http.MethodPut, "", nil) handler.ServeHTTP(w, r) - w.Flush() if got, want := w.Code, http.StatusInternalServerError; got != want { - t.Errorf("Expected %d to be %d", got, want) + t.Errorf("Expected %d to be %d: %s", got, want, w.Body.String()) } if got, want := w.Body.String(), "Internal server error"; !strings.Contains(got, want) { t.Errorf("Expected %q to contain %q", got, want) @@ -134,13 +104,6 @@ func TestHandleManualRotate(t *testing.T) { t.Run("enables", func(t *testing.T) { t.Parallel() - publicKeyCache, err := keyutils.NewPublicKeyCache(ctx, harness.Cacher, cfg.CertificateSigning.PublicKeyCacheDuration) - if err != nil { - t.Fatal(err) - } - c := realmkeys.New(cfg, harness.Database, harness.KeyManager, publicKeyCache, harness.Renderer) - handler := c.HandleManualRotate() - realm := database.NewRealmWithDefaults("test") realm.AutoRotateCertificateKey = true if err := harness.Database.SaveRealm(realm, database.SystemTest); err != nil { @@ -155,17 +118,11 @@ func TestHandleManualRotate(t *testing.T) { Permissions: rbac.SettingsWrite, }) - r := httptest.NewRequest(http.MethodPut, "/", nil) - r = r.Clone(ctx) - r.Header.Set("Content-Type", "text/html") - - w := httptest.NewRecorder() - + w, r := envstest.BuildFormRequest(ctx, t, http.MethodPut, "", nil) handler.ServeHTTP(w, r) - w.Flush() if got, want := w.Code, http.StatusSeeOther; got != want { - t.Errorf("Expected %d to be %d", got, want) + t.Errorf("Expected %d to be %d: %s", got, want, w.Body.String()) } if got, want := w.Header().Get("Location"), "/realm/keys"; got != want { t.Errorf("Expected %q to be %q", got, want) diff --git a/pkg/controller/realmkeys/save.go b/pkg/controller/realmkeys/save.go index ab75dee80..2d63c38c8 100644 --- a/pkg/controller/realmkeys/save.go +++ b/pkg/controller/realmkeys/save.go @@ -55,6 +55,7 @@ func (c *Controller) HandleSave() http.Handler { var form FormData if err := controller.BindForm(w, r, &form); err != nil { flash.Error("Failed to process form: %v", err) + w.WriteHeader(http.StatusUnprocessableEntity) c.renderShow(ctx, w, r, currentRealm) return } @@ -67,6 +68,7 @@ func (c *Controller) HandleSave() http.Handler { if err := c.db.SaveRealm(currentRealm, currentUser); err != nil { flash.Error("Failed to update realm: %v", err) + w.WriteHeader(http.StatusUnprocessableEntity) c.renderShow(ctx, w, r, currentRealm) } diff --git a/pkg/controller/realmkeys/save_test.go b/pkg/controller/realmkeys/save_test.go index c0a2a70d2..47ff12c4c 100644 --- a/pkg/controller/realmkeys/save_test.go +++ b/pkg/controller/realmkeys/save_test.go @@ -16,66 +16,64 @@ package realmkeys_test import ( "net/http" - "net/http/httptest" - "strings" + "net/url" "testing" "github.com/google/exposure-notifications-verification-server/internal/envstest" "github.com/google/exposure-notifications-verification-server/internal/project" - "github.com/google/exposure-notifications-verification-server/pkg/config" "github.com/google/exposure-notifications-verification-server/pkg/controller" "github.com/google/exposure-notifications-verification-server/pkg/controller/realmkeys" "github.com/google/exposure-notifications-verification-server/pkg/database" "github.com/google/exposure-notifications-verification-server/pkg/keyutils" "github.com/google/exposure-notifications-verification-server/pkg/rbac" + "github.com/gorilla/sessions" ) func TestRealmKeys_SubmitSave(t *testing.T) { t.Parallel() ctx := project.TestContext(t) - harness := envstest.NewServer(t, testDatabaseInstance) + harness := envstest.NewServerConfig(t, testDatabaseInstance) - realm, user, session, err := harness.ProvisionAndLogin() + publicKeyCache, err := keyutils.NewPublicKeyCache(ctx, harness.Cacher, harness.Config.CertificateSigning.PublicKeyCacheDuration) if err != nil { t.Fatal(err) } - ctx = controller.WithSession(ctx, session) - - cfg := &config.ServerConfig{} - - publicKeyCache, err := keyutils.NewPublicKeyCache(ctx, harness.Cacher, cfg.CertificateSigning.PublicKeyCacheDuration) - if err != nil { - t.Fatal(err) - } - c := realmkeys.New(cfg, harness.Database, harness.KeyManager, publicKeyCache, harness.Renderer) + c := realmkeys.New(harness.Config, harness.Database, harness.KeyManager, publicKeyCache, harness.Renderer) handler := c.HandleSave() - envstest.ExerciseSessionMissing(t, handler) - envstest.ExerciseMembershipMissing(t, handler) - envstest.ExercisePermissionMissing(t, handler) + t.Run("middleware", func(t *testing.T) { + t.Parallel() - ctx = controller.WithMembership(ctx, &database.Membership{ - User: user, - Realm: realm, - Permissions: rbac.SettingsWrite, + envstest.ExerciseSessionMissing(t, handler) + envstest.ExerciseMembershipMissing(t, handler) + envstest.ExercisePermissionMissing(t, handler) }) - // success - func() { - req, err := http.NewRequestWithContext(ctx, http.MethodPost, "", strings.NewReader("")) + t.Run("success", func(t *testing.T) { + t.Parallel() + + realm, err := harness.Database.FindRealm(1) if err != nil { t.Fatal(err) } - req.Header.Add("Content-Type", "application/x-www-form-urlencoded") - w := httptest.NewRecorder() - handler.ServeHTTP(w, req) - result := w.Result() - defer result.Body.Close() + ctx := ctx + ctx = controller.WithSession(ctx, &sessions.Session{}) + ctx = controller.WithMembership(ctx, &database.Membership{ + User: &database.User{}, + Realm: realm, + Permissions: rbac.SettingsWrite, + }) + + w, r := envstest.BuildFormRequest(ctx, t, http.MethodPut, "", &url.Values{}) + handler.ServeHTTP(w, r) - if result.StatusCode != http.StatusSeeOther { - t.Errorf("expected status 301 SeeOther, got %d", result.StatusCode) + if got, want := w.Code, http.StatusSeeOther; got != want { + t.Errorf("expected %d to be %d: %s", got, want, w.Body.String()) } - }() + if got, want := w.Header().Get("Location"), "/realm/keys"; got != want { + t.Errorf("expected %s to be %s", got, want) + } + }) } diff --git a/pkg/controller/realmkeys/upgrade_test.go b/pkg/controller/realmkeys/upgrade_test.go index 9e7884fc2..71f2f507d 100644 --- a/pkg/controller/realmkeys/upgrade_test.go +++ b/pkg/controller/realmkeys/upgrade_test.go @@ -16,87 +16,92 @@ package realmkeys_test import ( "net/http" - "net/http/httptest" - "strings" "testing" "github.com/google/exposure-notifications-verification-server/internal/envstest" "github.com/google/exposure-notifications-verification-server/internal/project" - "github.com/google/exposure-notifications-verification-server/pkg/config" "github.com/google/exposure-notifications-verification-server/pkg/controller" "github.com/google/exposure-notifications-verification-server/pkg/controller/realmkeys" "github.com/google/exposure-notifications-verification-server/pkg/database" "github.com/google/exposure-notifications-verification-server/pkg/keyutils" "github.com/google/exposure-notifications-verification-server/pkg/rbac" + "github.com/gorilla/sessions" ) func TestRealmKeys_SubmitUpgrade(t *testing.T) { t.Parallel() ctx := project.TestContext(t) - harness := envstest.NewServer(t, testDatabaseInstance) + harness := envstest.NewServerConfig(t, testDatabaseInstance) - realm, user, session, err := harness.ProvisionAndLogin() + publicKeyCache, err := keyutils.NewPublicKeyCache(ctx, harness.Cacher, harness.Config.CertificateSigning.PublicKeyCacheDuration) if err != nil { t.Fatal(err) } - ctx = controller.WithSession(ctx, session) - - cfg := &config.ServerConfig{} - - publicKeyCache, err := keyutils.NewPublicKeyCache(ctx, harness.Cacher, cfg.CertificateSigning.PublicKeyCacheDuration) - if err != nil { - t.Fatal(err) - } - c := realmkeys.New(cfg, harness.Database, harness.KeyManager, publicKeyCache, harness.Renderer) + c := realmkeys.New(harness.Config, harness.Database, harness.KeyManager, publicKeyCache, harness.Renderer) handler := c.HandleUpgrade() - envstest.ExerciseSessionMissing(t, handler) - envstest.ExerciseMembershipMissing(t, handler) - envstest.ExercisePermissionMissing(t, handler) + t.Run("middleware", func(t *testing.T) { + t.Parallel() - ctx = controller.WithMembership(ctx, &database.Membership{ - User: user, - Realm: realm, - Permissions: rbac.SettingsWrite, + envstest.ExerciseSessionMissing(t, handler) + envstest.ExerciseMembershipMissing(t, handler) + envstest.ExercisePermissionMissing(t, handler) }) - // success - func() { - req, err := http.NewRequestWithContext(ctx, http.MethodPost, "", strings.NewReader("")) + t.Run("success", func(t *testing.T) { + t.Parallel() + + realm, err := harness.Database.FindRealm(1) if err != nil { t.Fatal(err) } - req.Header.Add("Content-Type", "application/x-www-form-urlencoded") - w := httptest.NewRecorder() - handler.ServeHTTP(w, req) - result := w.Result() - defer result.Body.Close() + ctx := ctx + ctx = controller.WithSession(ctx, &sessions.Session{}) + ctx = controller.WithMembership(ctx, &database.Membership{ + User: &database.User{}, + Realm: realm, + Permissions: rbac.SettingsWrite, + }) - if result.StatusCode != http.StatusSeeOther { - t.Errorf("expected status 301 SeeOther, got %d", result.StatusCode) + w, r := envstest.BuildFormRequest(ctx, t, http.MethodPut, "", nil) + handler.ServeHTTP(w, r) + + if got, want := w.Code, http.StatusSeeOther; got != want { + t.Errorf("expected %d to be %d: %s", got, want, w.Body.String()) + } + if got, want := w.Header().Get("Location"), "/realm/keys"; got != want { + t.Errorf("expected %s to be %s", got, want) } - }() + }) + + t.Run("success_realm_certificate", func(t *testing.T) { + t.Parallel() - // success - use realm certificate - func() { + realm := database.NewRealmWithDefaults("realmy2") realm.CertificateIssuer = "foo" realm.CertificateAudience = "bar" - - req, err := http.NewRequestWithContext(ctx, http.MethodPost, "", strings.NewReader("")) - if err != nil { + if err := harness.Database.SaveRealm(realm, database.SystemTest); err != nil { t.Fatal(err) } - req.Header.Add("Content-Type", "application/x-www-form-urlencoded") - w := httptest.NewRecorder() - handler.ServeHTTP(w, req) - result := w.Result() - defer result.Body.Close() + ctx := ctx + ctx = controller.WithSession(ctx, &sessions.Session{}) + ctx = controller.WithMembership(ctx, &database.Membership{ + User: &database.User{}, + Realm: realm, + Permissions: rbac.SettingsWrite, + }) - if result.StatusCode != http.StatusSeeOther { - t.Errorf("expected status 301 SeeOther, got %d", result.StatusCode) + w, r := envstest.BuildFormRequest(ctx, t, http.MethodPut, "", nil) + handler.ServeHTTP(w, r) + + if got, want := w.Code, http.StatusSeeOther; got != want { + t.Errorf("expected %d to be %d: %s", got, want, w.Body.String()) + } + if got, want := w.Header().Get("Location"), "/realm/keys"; got != want { + t.Errorf("expected %s to be %s", got, want) } - }() + }) } diff --git a/pkg/controller/smskeys/activate_test.go b/pkg/controller/smskeys/activate_test.go index 43c42b086..d2cb1f9bc 100644 --- a/pkg/controller/smskeys/activate_test.go +++ b/pkg/controller/smskeys/activate_test.go @@ -17,14 +17,12 @@ package smskeys_test import ( "fmt" "net/http" - "net/http/httptest" "net/url" "strings" "testing" "github.com/google/exposure-notifications-verification-server/internal/envstest" "github.com/google/exposure-notifications-verification-server/internal/project" - "github.com/google/exposure-notifications-verification-server/pkg/config" "github.com/google/exposure-notifications-verification-server/pkg/controller" "github.com/google/exposure-notifications-verification-server/pkg/controller/smskeys" "github.com/google/exposure-notifications-verification-server/pkg/database" @@ -37,26 +35,19 @@ func TestHandleActivate(t *testing.T) { t.Parallel() ctx := project.TestContext(t) - harness := envstest.NewServer(t, testDatabaseInstance) + harness := envstest.NewServerConfig(t, testDatabaseInstance) - realm, user, _, err := harness.ProvisionAndLogin() + publicKeyCache, err := keyutils.NewPublicKeyCache(ctx, harness.Cacher, harness.Config.CertificateSigning.PublicKeyCacheDuration) if err != nil { t.Fatal(err) } - cfg := &config.ServerConfig{} - - publicKeyCache, err := keyutils.NewPublicKeyCache(ctx, harness.Cacher, cfg.CertificateSigning.PublicKeyCacheDuration) - if err != nil { - t.Fatal(err) - } + c := smskeys.New(harness.Config, harness.Database, publicKeyCache, harness.Renderer) + handler := c.HandleActivate() t.Run("middleware", func(t *testing.T) { t.Parallel() - c := smskeys.New(cfg, harness.Database, publicKeyCache, harness.Renderer) - handler := c.HandleActivate() - envstest.ExerciseSessionMissing(t, handler) envstest.ExerciseMembershipMissing(t, handler) envstest.ExercisePermissionMissing(t, handler) @@ -65,77 +56,57 @@ func TestHandleActivate(t *testing.T) { t.Run("internal_error", func(t *testing.T) { t.Parallel() - harness := envstest.NewServerConfig(t, testDatabaseInstance) - harness.Database.SetRawDB(envstest.NewFailingDatabase()) - - c := smskeys.New(cfg, harness.Database, publicKeyCache, harness.Renderer) + c := smskeys.New(harness.Config, harness.BadDatabase, publicKeyCache, harness.Renderer) handler := c.HandleActivate() ctx := ctx ctx = controller.WithSession(ctx, &sessions.Session{}) ctx = controller.WithMembership(ctx, &database.Membership{ - Realm: realm, - User: user, + Realm: &database.Realm{}, + User: &database.User{}, Permissions: rbac.SettingsWrite, }) - u := &url.Values{"id": []string{"123456"}} - - r := httptest.NewRequest(http.MethodPut, "/", strings.NewReader(u.Encode())) - r = r.Clone(ctx) - r.Header.Set("Accept", "text/html") - r.Header.Set("Content-Type", "application/x-www-form-urlencoded") - - w := httptest.NewRecorder() - + w, r := envstest.BuildFormRequest(ctx, t, http.MethodPut, "", &url.Values{}) handler.ServeHTTP(w, r) - w.Flush() if got, want := w.Code, http.StatusInternalServerError; got != want { - t.Errorf("Expected %d to be %d", got, want) - } - if got, want := w.Body.String(), "Internal server error"; !strings.Contains(got, want) { - t.Errorf("Expected %q to contain %q", got, want) + t.Errorf("expected %d to be %d: %s", got, want, w.Body.String()) } }) t.Run("not_found", func(t *testing.T) { t.Parallel() - c := smskeys.New(cfg, harness.Database, publicKeyCache, harness.Renderer) - handler := c.HandleActivate() - ctx := ctx ctx = controller.WithSession(ctx, &sessions.Session{}) ctx = controller.WithMembership(ctx, &database.Membership{ - Realm: realm, - User: user, + Realm: &database.Realm{}, + User: &database.User{}, Permissions: rbac.SettingsWrite, }) - u := &url.Values{"id": []string{"123456"}} - - r := httptest.NewRequest(http.MethodPut, "/", strings.NewReader(u.Encode())) - r = r.Clone(ctx) - r.Header.Set("Accept", "text/html") - r.Header.Set("Content-Type", "application/x-www-form-urlencoded") - - w := httptest.NewRecorder() - + w, r := envstest.BuildFormRequest(ctx, t, http.MethodPut, "", &url.Values{ + "id": []string{"123456789"}, + }) handler.ServeHTTP(w, r) - w.Flush() if got, want := w.Code, http.StatusUnprocessableEntity; got != want { - t.Errorf("Expected %d to be %d", got, want) + t.Errorf("Expected %d to be %d: %s", got, want, w.Body.String()) } if got, want := w.Body.String(), "does not exist"; !strings.Contains(got, want) { t.Errorf("Expected %q to contain %q", got, want) } }) - t.Run("activates", func(t *testing.T) { + t.Run("success", func(t *testing.T) { t.Parallel() + realm, err := harness.Database.FindRealm(1) + if err != nil { + t.Fatal(err) + } + if _, err := realm.CreateSMSSigningKeyVersion(ctx, harness.Database, database.SystemTest); err != nil { t.Fatal(err) } @@ -149,31 +120,21 @@ func TestHandleActivate(t *testing.T) { } signingKey := list[0] - c := smskeys.New(cfg, harness.Database, publicKeyCache, harness.Renderer) - handler := c.HandleActivate() - ctx := ctx ctx = controller.WithSession(ctx, &sessions.Session{}) ctx = controller.WithMembership(ctx, &database.Membership{ Realm: realm, - User: user, + User: &database.User{}, Permissions: rbac.SettingsWrite, }) - u := &url.Values{"id": []string{fmt.Sprintf("%d", signingKey.ID)}} - - r := httptest.NewRequest(http.MethodPut, "/", strings.NewReader(u.Encode())) - r = r.Clone(ctx) - r.Header.Set("Accept", "text/html") - r.Header.Set("Content-Type", "application/x-www-form-urlencoded") - - w := httptest.NewRecorder() - + w, r := envstest.BuildFormRequest(ctx, t, http.MethodPut, "", &url.Values{ + "id": []string{fmt.Sprintf("%d", signingKey.ID)}, + }) handler.ServeHTTP(w, r) - w.Flush() if got, want := w.Code, http.StatusSeeOther; got != want { - t.Errorf("Expected %d to be %d", got, want) + t.Errorf("Expected %d to be %d: %s", got, want, w.Body.String()) } if got, want := w.Header().Get("Location"), "/realm/sms-keys"; !strings.Contains(got, want) { t.Errorf("Expected %q to contain %q", got, want) diff --git a/pkg/controller/smskeys/create_test.go b/pkg/controller/smskeys/create_test.go index 5f21f39dc..c0cf792aa 100644 --- a/pkg/controller/smskeys/create_test.go +++ b/pkg/controller/smskeys/create_test.go @@ -16,13 +16,11 @@ package smskeys_test import ( "net/http" - "net/http/httptest" "strings" "testing" "github.com/google/exposure-notifications-verification-server/internal/envstest" "github.com/google/exposure-notifications-verification-server/internal/project" - "github.com/google/exposure-notifications-verification-server/pkg/config" "github.com/google/exposure-notifications-verification-server/pkg/controller" "github.com/google/exposure-notifications-verification-server/pkg/controller/smskeys" "github.com/google/exposure-notifications-verification-server/pkg/database" @@ -35,26 +33,23 @@ func TestHandleCreate(t *testing.T) { t.Parallel() ctx := project.TestContext(t) - harness := envstest.NewServer(t, testDatabaseInstance) + harness := envstest.NewServerConfig(t, testDatabaseInstance) realm, err := harness.Database.FindRealm(1) if err != nil { t.Fatal(err) } - cfg := &config.ServerConfig{} - - publicKeyCache, err := keyutils.NewPublicKeyCache(ctx, harness.Cacher, cfg.CertificateSigning.PublicKeyCacheDuration) + publicKeyCache, err := keyutils.NewPublicKeyCache(ctx, harness.Cacher, harness.Config.CertificateSigning.PublicKeyCacheDuration) if err != nil { t.Fatal(err) } + c := smskeys.New(harness.Config, harness.Database, publicKeyCache, harness.Renderer) + handler := c.HandleCreateKey() t.Run("middleware", func(t *testing.T) { t.Parallel() - c := smskeys.New(cfg, harness.Database, publicKeyCache, harness.Renderer) - handler := c.HandleCreateKey() - envstest.ExerciseSessionMissing(t, handler) envstest.ExerciseMembershipMissing(t, handler) envstest.ExercisePermissionMissing(t, handler) @@ -63,10 +58,7 @@ func TestHandleCreate(t *testing.T) { t.Run("internal_error", func(t *testing.T) { t.Parallel() - harness := envstest.NewServerConfig(t, testDatabaseInstance) - harness.Database.SetRawDB(envstest.NewFailingDatabase()) - - c := smskeys.New(cfg, harness.Database, publicKeyCache, harness.Renderer) + c := smskeys.New(harness.Config, harness.BadDatabase, publicKeyCache, harness.Renderer) handler := c.HandleCreateKey() ctx := ctx @@ -77,29 +69,20 @@ func TestHandleCreate(t *testing.T) { Permissions: rbac.SettingsWrite, }) - r := httptest.NewRequest(http.MethodPut, "/", nil) - r = r.Clone(ctx) - r.Header.Set("Content-Type", "text/html") - - w := httptest.NewRecorder() - + w, r := envstest.BuildFormRequest(ctx, t, http.MethodPut, "/", nil) handler.ServeHTTP(w, r) - w.Flush() if got, want := w.Code, http.StatusInternalServerError; got != want { - t.Errorf("Expected %d to be %d", got, want) + t.Errorf("Expected %d to be %d: %s", got, want, w.Body.String()) } if got, want := w.Body.String(), "Internal server error"; !strings.Contains(got, want) { t.Errorf("Expected %q to contain %q", got, want) } }) - t.Run("creates", func(t *testing.T) { + t.Run("success", func(t *testing.T) { t.Parallel() - c := smskeys.New(cfg, harness.Database, publicKeyCache, harness.Renderer) - handler := c.HandleCreateKey() - ctx := ctx ctx = controller.WithSession(ctx, &sessions.Session{}) ctx = controller.WithMembership(ctx, &database.Membership{ @@ -108,17 +91,11 @@ func TestHandleCreate(t *testing.T) { Permissions: rbac.SettingsWrite, }) - r := httptest.NewRequest(http.MethodPut, "/", nil) - r = r.Clone(ctx) - r.Header.Set("Content-Type", "text/html") - - w := httptest.NewRecorder() - + w, r := envstest.BuildFormRequest(ctx, t, http.MethodPut, "/", nil) handler.ServeHTTP(w, r) - w.Flush() if got, want := w.Code, http.StatusSeeOther; got != want { - t.Errorf("Expected %d to be %d", got, want) + t.Errorf("Expected %d to be %d: %s", got, want, w.Body.String()) } if got, want := w.Header().Get("Location"), "/realm/sms-keys"; got != want { t.Errorf("Expected %q to be %q", got, want) diff --git a/pkg/controller/smskeys/destroy_test.go b/pkg/controller/smskeys/destroy_test.go index 63afdaab4..26d6c64e5 100644 --- a/pkg/controller/smskeys/destroy_test.go +++ b/pkg/controller/smskeys/destroy_test.go @@ -17,13 +17,11 @@ package smskeys_test import ( "fmt" "net/http" - "net/http/httptest" "strings" "testing" "github.com/google/exposure-notifications-verification-server/internal/envstest" "github.com/google/exposure-notifications-verification-server/internal/project" - "github.com/google/exposure-notifications-verification-server/pkg/config" "github.com/google/exposure-notifications-verification-server/pkg/controller" "github.com/google/exposure-notifications-verification-server/pkg/controller/smskeys" "github.com/google/exposure-notifications-verification-server/pkg/database" @@ -37,26 +35,18 @@ func TestHandleDestroy(t *testing.T) { t.Parallel() ctx := project.TestContext(t) - harness := envstest.NewServer(t, testDatabaseInstance) + harness := envstest.NewServerConfig(t, testDatabaseInstance) - realm, user, _, err := harness.ProvisionAndLogin() - if err != nil { - t.Fatal(err) - } - - cfg := &config.ServerConfig{} - - publicKeyCache, err := keyutils.NewPublicKeyCache(ctx, harness.Cacher, cfg.CertificateSigning.PublicKeyCacheDuration) + publicKeyCache, err := keyutils.NewPublicKeyCache(ctx, harness.Cacher, harness.Config.CertificateSigning.PublicKeyCacheDuration) if err != nil { t.Fatal(err) } + c := smskeys.New(harness.Config, harness.Database, publicKeyCache, harness.Renderer) + handler := c.HandleDestroy() t.Run("middleware", func(t *testing.T) { t.Parallel() - c := smskeys.New(cfg, harness.Database, publicKeyCache, harness.Renderer) - handler := c.HandleDestroy() - envstest.ExerciseSessionMissing(t, handler) envstest.ExerciseMembershipMissing(t, handler) envstest.ExercisePermissionMissing(t, handler) @@ -65,30 +55,20 @@ func TestHandleDestroy(t *testing.T) { t.Run("internal_error", func(t *testing.T) { t.Parallel() - harness := envstest.NewServerConfig(t, testDatabaseInstance) - harness.Database.SetRawDB(envstest.NewFailingDatabase()) - - c := smskeys.New(cfg, harness.Database, publicKeyCache, harness.Renderer) + c := smskeys.New(harness.Config, harness.BadDatabase, publicKeyCache, harness.Renderer) handler := c.HandleDestroy() ctx := ctx ctx = controller.WithSession(ctx, &sessions.Session{}) ctx = controller.WithMembership(ctx, &database.Membership{ - Realm: realm, - User: user, + Realm: &database.Realm{}, + User: &database.User{}, Permissions: rbac.SettingsWrite, }) - r := httptest.NewRequest(http.MethodPut, "/", nil) - r = r.Clone(ctx) + w, r := envstest.BuildFormRequest(ctx, t, http.MethodPut, "/", nil) r = mux.SetURLVars(r, map[string]string{"id": "123456"}) - r.Header.Set("Accept", "text/html") - r.Header.Set("Content-Type", "application/x-www-form-urlencoded") - - w := httptest.NewRecorder() - handler.ServeHTTP(w, r) - w.Flush() if got, want := w.Code, http.StatusInternalServerError; got != want { t.Errorf("Expected %d to be %d", got, want) @@ -101,8 +81,10 @@ func TestHandleDestroy(t *testing.T) { t.Run("destroy", func(t *testing.T) { t.Parallel() - c := smskeys.New(cfg, harness.Database, publicKeyCache, harness.Renderer) - handler := c.HandleDestroy() + realm, err := harness.Database.FindRealm(1) + if err != nil { + t.Fatal(err) + } // Create 2 signing keys - we need to destroy the non-active one. if _, err := realm.CreateSMSSigningKeyVersion(ctx, harness.Database, database.SystemTest); err != nil { @@ -127,19 +109,13 @@ func TestHandleDestroy(t *testing.T) { ctx = controller.WithSession(ctx, &sessions.Session{}) ctx = controller.WithMembership(ctx, &database.Membership{ Realm: realm, - User: user, + User: &database.User{}, Permissions: rbac.SettingsWrite, }) - r := httptest.NewRequest(http.MethodPut, "/", nil) - r = r.Clone(ctx) + w, r := envstest.BuildFormRequest(ctx, t, http.MethodPut, "/", nil) r = mux.SetURLVars(r, map[string]string{"id": fmt.Sprintf("%d", toDestroy)}) - r.Header.Set("Content-Type", "text/html") - - w := httptest.NewRecorder() - handler.ServeHTTP(w, r) - w.Flush() if got, want := w.Code, http.StatusSeeOther; got != want { t.Errorf("Expected %d to be %d", got, want) diff --git a/pkg/controller/smskeys/disable_test.go b/pkg/controller/smskeys/disable_test.go index 64c9ddc0d..e88ff8e78 100644 --- a/pkg/controller/smskeys/disable_test.go +++ b/pkg/controller/smskeys/disable_test.go @@ -16,13 +16,11 @@ package smskeys_test import ( "net/http" - "net/http/httptest" "strings" "testing" "github.com/google/exposure-notifications-verification-server/internal/envstest" "github.com/google/exposure-notifications-verification-server/internal/project" - "github.com/google/exposure-notifications-verification-server/pkg/config" "github.com/google/exposure-notifications-verification-server/pkg/controller" "github.com/google/exposure-notifications-verification-server/pkg/controller/smskeys" "github.com/google/exposure-notifications-verification-server/pkg/database" @@ -35,21 +33,18 @@ func TestHandleDisable(t *testing.T) { t.Parallel() ctx := project.TestContext(t) - harness := envstest.NewServer(t, testDatabaseInstance) + harness := envstest.NewServerConfig(t, testDatabaseInstance) - cfg := &config.ServerConfig{} - - publicKeyCache, err := keyutils.NewPublicKeyCache(ctx, harness.Cacher, cfg.CertificateSigning.PublicKeyCacheDuration) + publicKeyCache, err := keyutils.NewPublicKeyCache(ctx, harness.Cacher, harness.Config.CertificateSigning.PublicKeyCacheDuration) if err != nil { t.Fatal(err) } + c := smskeys.New(harness.Config, harness.Database, publicKeyCache, harness.Renderer) + handler := c.HandleDisable() t.Run("middleware", func(t *testing.T) { t.Parallel() - c := smskeys.New(cfg, harness.Database, publicKeyCache, harness.Renderer) - handler := c.HandleDisable() - envstest.ExerciseSessionMissing(t, handler) envstest.ExerciseMembershipMissing(t, handler) envstest.ExercisePermissionMissing(t, handler) @@ -58,10 +53,7 @@ func TestHandleDisable(t *testing.T) { t.Run("internal_error", func(t *testing.T) { t.Parallel() - harness := envstest.NewServerConfig(t, testDatabaseInstance) - harness.Database.SetRawDB(envstest.NewFailingDatabase()) - - c := smskeys.New(cfg, harness.Database, publicKeyCache, harness.Renderer) + c := smskeys.New(harness.Config, harness.BadDatabase, publicKeyCache, harness.Renderer) handler := c.HandleDisable() ctx := ctx @@ -74,15 +66,8 @@ func TestHandleDisable(t *testing.T) { Permissions: rbac.SettingsWrite, }) - r := httptest.NewRequest(http.MethodPut, "/", nil) - r = r.Clone(ctx) - r.Header.Set("Accept", "text/html") - r.Header.Set("Content-Type", "application/x-www-form-urlencoded") - - w := httptest.NewRecorder() - + w, r := envstest.BuildFormRequest(ctx, t, http.MethodPut, "/", nil) handler.ServeHTTP(w, r) - w.Flush() if got, want := w.Code, http.StatusInternalServerError; got != want { t.Errorf("Expected %d to be %d", got, want) @@ -101,9 +86,6 @@ func TestHandleDisable(t *testing.T) { } realm.UseAuthenticatedSMS = true - c := smskeys.New(cfg, harness.Database, publicKeyCache, harness.Renderer) - handler := c.HandleDisable() - ctx := ctx ctx = controller.WithSession(ctx, &sessions.Session{}) ctx = controller.WithMembership(ctx, &database.Membership{ @@ -112,15 +94,8 @@ func TestHandleDisable(t *testing.T) { Permissions: rbac.SettingsWrite, }) - r := httptest.NewRequest(http.MethodPut, "/", nil) - r = r.Clone(ctx) - r.Header.Set("Accept", "text/html") - r.Header.Set("Content-Type", "application/x-www-form-urlencoded") - - w := httptest.NewRecorder() - + w, r := envstest.BuildFormRequest(ctx, t, http.MethodPut, "/", nil) handler.ServeHTTP(w, r) - w.Flush() updatedRealm, err := harness.Database.FindRealm(1) if err != nil { diff --git a/pkg/controller/smskeys/enable_test.go b/pkg/controller/smskeys/enable_test.go index fcaa902f8..cf9de3cfc 100644 --- a/pkg/controller/smskeys/enable_test.go +++ b/pkg/controller/smskeys/enable_test.go @@ -16,13 +16,11 @@ package smskeys_test import ( "net/http" - "net/http/httptest" "strings" "testing" "github.com/google/exposure-notifications-verification-server/internal/envstest" "github.com/google/exposure-notifications-verification-server/internal/project" - "github.com/google/exposure-notifications-verification-server/pkg/config" "github.com/google/exposure-notifications-verification-server/pkg/controller" "github.com/google/exposure-notifications-verification-server/pkg/controller/smskeys" "github.com/google/exposure-notifications-verification-server/pkg/database" @@ -35,21 +33,18 @@ func TestHandleEnable(t *testing.T) { t.Parallel() ctx := project.TestContext(t) - harness := envstest.NewServer(t, testDatabaseInstance) + harness := envstest.NewServerConfig(t, testDatabaseInstance) - cfg := &config.ServerConfig{} - - publicKeyCache, err := keyutils.NewPublicKeyCache(ctx, harness.Cacher, cfg.CertificateSigning.PublicKeyCacheDuration) + publicKeyCache, err := keyutils.NewPublicKeyCache(ctx, harness.Cacher, harness.Config.CertificateSigning.PublicKeyCacheDuration) if err != nil { t.Fatal(err) } + c := smskeys.New(harness.Config, harness.Database, publicKeyCache, harness.Renderer) + handler := c.HandleEnable() t.Run("middleware", func(t *testing.T) { t.Parallel() - c := smskeys.New(cfg, harness.Database, publicKeyCache, harness.Renderer) - handler := c.HandleEnable() - envstest.ExerciseSessionMissing(t, handler) envstest.ExerciseMembershipMissing(t, handler) envstest.ExercisePermissionMissing(t, handler) @@ -58,10 +53,7 @@ func TestHandleEnable(t *testing.T) { t.Run("internal_error", func(t *testing.T) { t.Parallel() - harness := envstest.NewServerConfig(t, testDatabaseInstance) - harness.Database.SetRawDB(envstest.NewFailingDatabase()) - - c := smskeys.New(cfg, harness.Database, publicKeyCache, harness.Renderer) + c := smskeys.New(harness.Config, harness.BadDatabase, publicKeyCache, harness.Renderer) handler := c.HandleEnable() ctx := ctx @@ -74,15 +66,8 @@ func TestHandleEnable(t *testing.T) { Permissions: rbac.SettingsWrite, }) - r := httptest.NewRequest(http.MethodPut, "/", nil) - r = r.Clone(ctx) - r.Header.Set("Accept", "text/html") - r.Header.Set("Content-Type", "application/x-www-form-urlencoded") - - w := httptest.NewRecorder() - + w, r := envstest.BuildFormRequest(ctx, t, http.MethodPut, "/", nil) handler.ServeHTTP(w, r) - w.Flush() if got, want := w.Code, http.StatusInternalServerError; got != want { t.Errorf("Expected %d to be %d", got, want) @@ -101,9 +86,6 @@ func TestHandleEnable(t *testing.T) { } realm.UseAuthenticatedSMS = false - c := smskeys.New(cfg, harness.Database, publicKeyCache, harness.Renderer) - handler := c.HandleEnable() - ctx := ctx ctx = controller.WithSession(ctx, &sessions.Session{}) ctx = controller.WithMembership(ctx, &database.Membership{ @@ -112,15 +94,8 @@ func TestHandleEnable(t *testing.T) { Permissions: rbac.SettingsWrite, }) - r := httptest.NewRequest(http.MethodPut, "/", nil) - r = r.Clone(ctx) - r.Header.Set("Accept", "text/html") - r.Header.Set("Content-Type", "application/x-www-form-urlencoded") - - w := httptest.NewRecorder() - + w, r := envstest.BuildFormRequest(ctx, t, http.MethodPut, "/", nil) handler.ServeHTTP(w, r) - w.Flush() updatedRealm, err := harness.Database.FindRealm(1) if err != nil { diff --git a/pkg/controller/smskeys/index_test.go b/pkg/controller/smskeys/index_test.go index 5d06a8e2b..7855fd7cc 100644 --- a/pkg/controller/smskeys/index_test.go +++ b/pkg/controller/smskeys/index_test.go @@ -16,13 +16,11 @@ package smskeys_test import ( "net/http" - "net/http/httptest" "strings" "testing" "github.com/google/exposure-notifications-verification-server/internal/envstest" "github.com/google/exposure-notifications-verification-server/internal/project" - "github.com/google/exposure-notifications-verification-server/pkg/config" "github.com/google/exposure-notifications-verification-server/pkg/controller" "github.com/google/exposure-notifications-verification-server/pkg/controller/smskeys" "github.com/google/exposure-notifications-verification-server/pkg/database" @@ -35,20 +33,18 @@ func TestHandleIndex(t *testing.T) { t.Parallel() ctx := project.TestContext(t) - harness := envstest.NewServer(t, testDatabaseInstance) + harness := envstest.NewServerConfig(t, testDatabaseInstance) - cfg := &config.ServerConfig{} + publicKeyCache, err := keyutils.NewPublicKeyCache(ctx, harness.Cacher, harness.Config.CertificateSigning.PublicKeyCacheDuration) + if err != nil { + t.Fatal(err) + } + c := smskeys.New(harness.Config, harness.Database, publicKeyCache, harness.Renderer) + handler := c.HandleIndex() t.Run("middleware", func(t *testing.T) { t.Parallel() - publicKeyCache, err := keyutils.NewPublicKeyCache(ctx, harness.Cacher, cfg.CertificateSigning.PublicKeyCacheDuration) - if err != nil { - t.Fatal(err) - } - c := smskeys.New(cfg, harness.Database, publicKeyCache, harness.Renderer) - handler := c.HandleIndex() - envstest.ExerciseSessionMissing(t, handler) envstest.ExerciseMembershipMissing(t, handler) envstest.ExercisePermissionMissing(t, handler) @@ -57,13 +53,6 @@ func TestHandleIndex(t *testing.T) { t.Run("no_keys", func(t *testing.T) { t.Parallel() - publicKeyCache, err := keyutils.NewPublicKeyCache(ctx, harness.Cacher, cfg.CertificateSigning.PublicKeyCacheDuration) - if err != nil { - t.Fatal(err) - } - c := smskeys.New(cfg, harness.Database, publicKeyCache, harness.Renderer) - handler := c.HandleIndex() - realm, err := harness.Database.FindRealm(1) if err != nil { t.Fatal(err) @@ -77,14 +66,8 @@ func TestHandleIndex(t *testing.T) { Permissions: rbac.SettingsRead | rbac.SettingsWrite, }) - r := httptest.NewRequest(http.MethodGet, "/", nil) - r = r.Clone(ctx) - r.Header.Set("Content-Type", "text/html") - - w := httptest.NewRecorder() - + w, r := envstest.BuildFormRequest(ctx, t, http.MethodPut, "/", nil) handler.ServeHTTP(w, r) - w.Flush() if got, want := w.Code, http.StatusOK; got != want { t.Errorf("Expected %d to be %d", got, want) diff --git a/pkg/controller/user/bulk_permisisons_test.go b/pkg/controller/user/bulk_permisisons_test.go index 5377bdad3..17bf7a069 100644 --- a/pkg/controller/user/bulk_permisisons_test.go +++ b/pkg/controller/user/bulk_permisisons_test.go @@ -34,12 +34,7 @@ func TestHandleBulkPermissions(t *testing.T) { t.Parallel() ctx := project.TestContext(t) - harness := envstest.NewServer(t, testDatabaseInstance) - - realm, testUser, _, err := harness.ProvisionAndLogin() - if err != nil { - t.Fatal(err) - } + harness := envstest.NewServerConfig(t, testDatabaseInstance) c := user.New(harness.AuthProvider, harness.Cacher, harness.Database, harness.Renderer) handler := c.HandleBulkPermissions(database.BulkPermissionActionAdd) @@ -55,9 +50,14 @@ func TestHandleBulkPermissions(t *testing.T) { t.Run("missing_permission", func(t *testing.T) { t.Parallel() - session := new(sessions.Session) + _, testUser, realm := provisionUsers(t, harness.Database) + + session := &sessions.Session{ + Values: make(map[interface{}]interface{}), + } - ctx := controller.WithSession(ctx, session) + ctx := ctx + ctx = controller.WithSession(ctx, session) ctx = controller.WithMembership(ctx, &database.Membership{ Realm: realm, User: testUser, @@ -83,12 +83,13 @@ func TestHandleBulkPermissions(t *testing.T) { t.Run("success", func(t *testing.T) { t.Parallel() - session := new(sessions.Session) + admin, testUser, realm := provisionUsers(t, harness.Database) - ctx := controller.WithSession(ctx, session) + ctx := ctx + ctx = controller.WithSession(ctx, &sessions.Session{}) ctx = controller.WithMembership(ctx, &database.Membership{ Realm: realm, - User: testUser, + User: admin, Permissions: rbac.UserWrite | 1, }) @@ -102,9 +103,12 @@ func TestHandleBulkPermissions(t *testing.T) { t.Errorf("expected %d to be %d", got, want) } - flash := controller.Flash(session) - if got, want := strings.Join(flash.Alerts(), ", "), "updated permissions"; !strings.Contains(got, want) { - t.Errorf("expected %q to include %q", got, want) + record, err := testUser.FindMembership(harness.Database, realm.ID) + if err != nil { + t.Fatal(err) + } + if !record.Can(1) { + t.Errorf("expected %q to be able to %q", record.Permissions, 1) } }) } diff --git a/pkg/controller/user/create_test.go b/pkg/controller/user/create_test.go index 2566f44e7..4738a027b 100644 --- a/pkg/controller/user/create_test.go +++ b/pkg/controller/user/create_test.go @@ -25,7 +25,7 @@ import ( "github.com/google/exposure-notifications-verification-server/internal/envstest" "github.com/google/exposure-notifications-verification-server/internal/project" "github.com/google/exposure-notifications-verification-server/pkg/controller" - userpkg "github.com/google/exposure-notifications-verification-server/pkg/controller/user" + "github.com/google/exposure-notifications-verification-server/pkg/controller/user" "github.com/google/exposure-notifications-verification-server/pkg/database" "github.com/google/exposure-notifications-verification-server/pkg/pagination" "github.com/google/exposure-notifications-verification-server/pkg/rbac" @@ -35,14 +35,9 @@ func TestHandleCreate(t *testing.T) { t.Parallel() ctx := project.TestContext(t) - harness := envstest.NewServer(t, testDatabaseInstance) + harness := envstest.NewServerConfig(t, testDatabaseInstance) - realm, admin, _, err := harness.ProvisionAndLogin() - if err != nil { - t.Fatal(err) - } - - c := userpkg.New(harness.AuthProvider, harness.Cacher, harness.Database, harness.Renderer) + c := user.New(harness.AuthProvider, harness.Cacher, harness.Database, harness.Renderer) handler := c.HandleCreate() t.Run("middleware", func(t *testing.T) { @@ -56,9 +51,11 @@ func TestHandleCreate(t *testing.T) { t.Run("internal_error", func(t *testing.T) { t.Parallel() - c := userpkg.New(harness.AuthProvider, harness.Cacher, harness.BadDatabase, harness.Renderer) + c := user.New(harness.AuthProvider, harness.Cacher, harness.BadDatabase, harness.Renderer) handler := c.HandleCreate() + admin, _, realm := provisionUsers(t, harness.Database) + ctx := ctx ctx = controller.WithSession(ctx, &sessions.Session{}) ctx = controller.WithMembership(ctx, &database.Membership{ @@ -85,6 +82,8 @@ func TestHandleCreate(t *testing.T) { t.Run("validation", func(t *testing.T) { t.Parallel() + admin, _, realm := provisionUsers(t, harness.Database) + ctx := ctx ctx = controller.WithSession(ctx, &sessions.Session{}) ctx = controller.WithMembership(ctx, &database.Membership{ @@ -109,6 +108,8 @@ func TestHandleCreate(t *testing.T) { t.Run("success", func(t *testing.T) { t.Parallel() + admin, _, realm := provisionUsers(t, harness.Database) + ctx := ctx ctx = controller.WithSession(ctx, &sessions.Session{}) ctx = controller.WithMembership(ctx, &database.Membership{ @@ -126,8 +127,8 @@ func TestHandleCreate(t *testing.T) { if got, want := w.Code, http.StatusSeeOther; got != want { t.Errorf("expected %d to be %d", got, want) } - if got, want := w.Header().Get("Location"), "/realm/users/2"; got != want { - t.Errorf("expected %q to be %q", got, want) + if got, want := w.Header().Get("Location"), "/realm/users/"; !strings.HasPrefix(got, want) { + t.Errorf("expected %q to start with %q", got, want) } records, _, err := realm.ListMemberships(harness.Database, pagination.UnlimitedResults) diff --git a/pkg/controller/user/delete_test.go b/pkg/controller/user/delete_test.go index 41b1731a3..7c1c65272 100644 --- a/pkg/controller/user/delete_test.go +++ b/pkg/controller/user/delete_test.go @@ -23,7 +23,7 @@ import ( "github.com/google/exposure-notifications-verification-server/internal/envstest" "github.com/google/exposure-notifications-verification-server/internal/project" "github.com/google/exposure-notifications-verification-server/pkg/controller" - userpkg "github.com/google/exposure-notifications-verification-server/pkg/controller/user" + "github.com/google/exposure-notifications-verification-server/pkg/controller/user" "github.com/google/exposure-notifications-verification-server/pkg/database" "github.com/google/exposure-notifications-verification-server/pkg/rbac" "github.com/gorilla/mux" @@ -34,26 +34,9 @@ func TestHandleDelete(t *testing.T) { t.Parallel() ctx := project.TestContext(t) - harness := envstest.NewServer(t, testDatabaseInstance) - - realm, admin, _, err := harness.ProvisionAndLogin() - if err != nil { - t.Fatal(err) - } - - // Create another user. - user := &database.User{ - Email: "user@example.com", - Name: "User", - } - if err := harness.Database.SaveUser(user, database.SystemTest); err != nil { - t.Fatal(err) - } - if err := user.AddToRealm(harness.Database, realm, rbac.LegacyRealmAdmin, database.SystemTest); err != nil { - t.Fatal(err) - } - - c := userpkg.New(harness.AuthProvider, harness.Cacher, harness.Database, harness.Renderer) + harness := envstest.NewServerConfig(t, testDatabaseInstance) + + c := user.New(harness.AuthProvider, harness.Cacher, harness.Database, harness.Renderer) handler := c.HandleDelete() t.Run("middleware", func(t *testing.T) { @@ -63,8 +46,8 @@ func TestHandleDelete(t *testing.T) { envstest.ExerciseMembershipMissing(t, handler) envstest.ExercisePermissionMissing(t, handler) envstest.ExerciseIDNotFound(t, &database.Membership{ - Realm: realm, - User: admin, + Realm: &database.Realm{}, + User: &database.User{}, Permissions: rbac.UserWrite, }, handler) }) @@ -72,9 +55,11 @@ func TestHandleDelete(t *testing.T) { t.Run("internal_error", func(t *testing.T) { t.Parallel() - c := userpkg.New(harness.AuthProvider, harness.Cacher, harness.BadDatabase, harness.Renderer) + c := user.New(harness.AuthProvider, harness.Cacher, harness.BadDatabase, harness.Renderer) handler := c.HandleDelete() + admin, testUser, realm := provisionUsers(t, harness.Database) + ctx := ctx ctx = controller.WithSession(ctx, &sessions.Session{}) ctx = controller.WithMembership(ctx, &database.Membership{ @@ -84,9 +69,7 @@ func TestHandleDelete(t *testing.T) { }) w, r := envstest.BuildFormRequest(ctx, t, http.MethodDelete, "/", nil) - r = mux.SetURLVars(r, map[string]string{ - "id": fmt.Sprintf("%v", user.ID), - }) + r = mux.SetURLVars(r, map[string]string{"id": fmt.Sprintf("%d", testUser.ID)}) handler.ServeHTTP(w, r) if got, want := w.Code, http.StatusInternalServerError; got != want { @@ -100,6 +83,8 @@ func TestHandleDelete(t *testing.T) { t.Run("success", func(t *testing.T) { t.Parallel() + admin, testUser, realm := provisionUsers(t, harness.Database) + ctx := ctx ctx = controller.WithSession(ctx, &sessions.Session{}) ctx = controller.WithMembership(ctx, &database.Membership{ @@ -109,9 +94,7 @@ func TestHandleDelete(t *testing.T) { }) w, r := envstest.BuildFormRequest(ctx, t, http.MethodDelete, "/", nil) - r = mux.SetURLVars(r, map[string]string{ - "id": fmt.Sprintf("%v", user.ID), - }) + r = mux.SetURLVars(r, map[string]string{"id": fmt.Sprintf("%d", testUser.ID)}) handler.ServeHTTP(w, r) if got, want := w.Code, http.StatusSeeOther; got != want { @@ -121,7 +104,7 @@ func TestHandleDelete(t *testing.T) { t.Errorf("expected %q to be %q", got, want) } - if record, err := user.FindMembership(harness.Database, realm.ID); !database.IsNotFound(err) { + if record, err := testUser.FindMembership(harness.Database, realm.ID); !database.IsNotFound(err) { t.Errorf("expected membership to be deleted, got %#v (%s)", record, err) } }) diff --git a/pkg/controller/user/export_test.go b/pkg/controller/user/export_test.go index b16531181..166c3982d 100644 --- a/pkg/controller/user/export_test.go +++ b/pkg/controller/user/export_test.go @@ -24,7 +24,7 @@ import ( "github.com/google/exposure-notifications-verification-server/internal/envstest" "github.com/google/exposure-notifications-verification-server/internal/project" "github.com/google/exposure-notifications-verification-server/pkg/controller" - userpkg "github.com/google/exposure-notifications-verification-server/pkg/controller/user" + "github.com/google/exposure-notifications-verification-server/pkg/controller/user" "github.com/google/exposure-notifications-verification-server/pkg/database" "github.com/google/exposure-notifications-verification-server/pkg/rbac" "github.com/gorilla/sessions" @@ -34,26 +34,9 @@ func TestHandleExport(t *testing.T) { t.Parallel() ctx := project.TestContext(t) - harness := envstest.NewServer(t, testDatabaseInstance) - - realm, admin, _, err := harness.ProvisionAndLogin() - if err != nil { - t.Fatal(err) - } - - // Create another user. - user := &database.User{ - Email: "user@example.com", - Name: "User", - } - if err := harness.Database.SaveUser(user, database.SystemTest); err != nil { - t.Fatal(err) - } - if err := user.AddToRealm(harness.Database, realm, rbac.LegacyRealmAdmin, database.SystemTest); err != nil { - t.Fatal(err) - } - - c := userpkg.New(harness.AuthProvider, harness.Cacher, harness.Database, harness.Renderer) + harness := envstest.NewServerConfig(t, testDatabaseInstance) + + c := user.New(harness.AuthProvider, harness.Cacher, harness.Database, harness.Renderer) handler := c.HandleExport() t.Run("middleware", func(t *testing.T) { @@ -67,9 +50,11 @@ func TestHandleExport(t *testing.T) { t.Run("internal_error", func(t *testing.T) { t.Parallel() - c := userpkg.New(harness.AuthProvider, harness.Cacher, harness.BadDatabase, harness.Renderer) + c := user.New(harness.AuthProvider, harness.Cacher, harness.BadDatabase, harness.Renderer) handler := c.HandleExport() + admin, _, realm := provisionUsers(t, harness.Database) + ctx := ctx ctx = controller.WithSession(ctx, &sessions.Session{}) ctx = controller.WithMembership(ctx, &database.Membership{ @@ -92,6 +77,8 @@ func TestHandleExport(t *testing.T) { t.Run("csvs", func(t *testing.T) { t.Parallel() + admin, _, realm := provisionUsers(t, harness.Database) + ctx := ctx ctx = controller.WithSession(ctx, &sessions.Session{}) ctx = controller.WithMembership(ctx, &database.Membership{ @@ -110,8 +97,7 @@ func TestHandleExport(t *testing.T) { d := time.Now().UTC().Format(project.RFC3339Date) exp := fmt.Sprintf(`name,email,joined System admin,super@example.com,%s -User,user@example.com,%s -`, d, d) +`, d) if got, want := w.Body.String(), exp; !strings.Contains(got, want) { t.Errorf("Expected %q to contain %q", got, want) } diff --git a/pkg/controller/user/import_batch_test.go b/pkg/controller/user/import_batch_test.go index 5dc466651..0e57bd2ed 100644 --- a/pkg/controller/user/import_batch_test.go +++ b/pkg/controller/user/import_batch_test.go @@ -25,19 +25,14 @@ import ( "github.com/google/exposure-notifications-verification-server/pkg/controller/user" "github.com/google/exposure-notifications-verification-server/pkg/database" "github.com/google/exposure-notifications-verification-server/pkg/rbac" + "github.com/gorilla/sessions" ) func TestHandleImportBatch(t *testing.T) { t.Parallel() ctx := project.TestContext(t) - harness := envstest.NewServer(t, testDatabaseInstance) - - realm, testUser, session, err := harness.ProvisionAndLogin() - if err != nil { - t.Fatal(err) - } - ctx = controller.WithSession(ctx, session) + harness := envstest.NewServerConfig(t, testDatabaseInstance) c := user.New(harness.AuthProvider, harness.Cacher, harness.Database, harness.Renderer) handler := c.HandleImportBatch() @@ -52,10 +47,13 @@ func TestHandleImportBatch(t *testing.T) { t.Run("invalid_user", func(t *testing.T) { t.Parallel() + admin, _, realm := provisionUsers(t, harness.Database) + ctx := ctx + ctx = controller.WithSession(ctx, &sessions.Session{}) ctx = controller.WithMembership(ctx, &database.Membership{ Realm: realm, - User: testUser, + User: admin, Permissions: rbac.UserWrite, }) @@ -81,10 +79,13 @@ func TestHandleImportBatch(t *testing.T) { t.Run("success", func(t *testing.T) { t.Parallel() + admin, _, realm := provisionUsers(t, harness.Database) + ctx := ctx + ctx = controller.WithSession(ctx, &sessions.Session{}) ctx = controller.WithMembership(ctx, &database.Membership{ Realm: realm, - User: testUser, + User: admin, Permissions: rbac.UserWrite, }) diff --git a/pkg/controller/user/import_test.go b/pkg/controller/user/import_test.go index 6fb49b5c2..833a13dcf 100644 --- a/pkg/controller/user/import_test.go +++ b/pkg/controller/user/import_test.go @@ -24,19 +24,14 @@ import ( "github.com/google/exposure-notifications-verification-server/pkg/controller/user" "github.com/google/exposure-notifications-verification-server/pkg/database" "github.com/google/exposure-notifications-verification-server/pkg/rbac" + "github.com/gorilla/sessions" ) func TestHandleImport(t *testing.T) { t.Parallel() ctx := project.TestContext(t) - harness := envstest.NewServer(t, testDatabaseInstance) - - realm, testUser, session, err := harness.ProvisionAndLogin() - if err != nil { - t.Fatal(err) - } - ctx = controller.WithSession(ctx, session) + harness := envstest.NewServerConfig(t, testDatabaseInstance) c := user.New(harness.AuthProvider, harness.Cacher, harness.Database, harness.Renderer) handler := c.HandleImport() @@ -51,10 +46,13 @@ func TestHandleImport(t *testing.T) { t.Run("success", func(t *testing.T) { t.Parallel() + admin, _, realm := provisionUsers(t, harness.Database) + ctx := ctx + ctx = controller.WithSession(ctx, &sessions.Session{}) ctx = controller.WithMembership(ctx, &database.Membership{ Realm: realm, - User: testUser, + User: admin, Permissions: rbac.UserWrite, }) diff --git a/pkg/controller/user/index_test.go b/pkg/controller/user/index_test.go index 27cb3cc70..4ab8a26a9 100644 --- a/pkg/controller/user/index_test.go +++ b/pkg/controller/user/index_test.go @@ -27,19 +27,14 @@ import ( "github.com/google/exposure-notifications-verification-server/pkg/controller/user" "github.com/google/exposure-notifications-verification-server/pkg/database" "github.com/google/exposure-notifications-verification-server/pkg/rbac" + "github.com/gorilla/sessions" ) func TestHandleIndex(t *testing.T) { t.Parallel() ctx := project.TestContext(t) - harness := envstest.NewServer(t, testDatabaseInstance) - - realm, testUser, session, err := harness.ProvisionAndLogin() - if err != nil { - t.Fatal(err) - } - ctx = controller.WithSession(ctx, session) + harness := envstest.NewServerConfig(t, testDatabaseInstance) c := user.New(harness.AuthProvider, harness.Cacher, harness.Database, harness.Renderer) handler := middleware.InjectCurrentPath()(c.HandleIndex()) @@ -50,8 +45,8 @@ func TestHandleIndex(t *testing.T) { envstest.ExerciseMembershipMissing(t, handler) envstest.ExercisePermissionMissing(t, handler) envstest.ExerciseBadPagination(t, &database.Membership{ - Realm: realm, - User: testUser, + Realm: &database.Realm{}, + User: &database.User{}, Permissions: rbac.UserRead, }, handler) }) @@ -62,10 +57,13 @@ func TestHandleIndex(t *testing.T) { c := user.New(harness.AuthProvider, harness.Cacher, harness.BadDatabase, harness.Renderer) handler := middleware.InjectCurrentPath()(c.HandleIndex()) + admin, _, realm := provisionUsers(t, harness.Database) + ctx := ctx + ctx = controller.WithSession(ctx, &sessions.Session{}) ctx = controller.WithMembership(ctx, &database.Membership{ Realm: realm, - User: testUser, + User: admin, Permissions: rbac.UserRead, }) @@ -83,10 +81,13 @@ func TestHandleIndex(t *testing.T) { t.Run("search", func(t *testing.T) { t.Parallel() + admin, _, realm := provisionUsers(t, harness.Database) + ctx := ctx + ctx = controller.WithSession(ctx, &sessions.Session{}) ctx = controller.WithMembership(ctx, &database.Membership{ Realm: realm, - User: testUser, + User: admin, Permissions: rbac.UserRead, }) @@ -103,10 +104,13 @@ func TestHandleIndex(t *testing.T) { t.Run("success", func(t *testing.T) { t.Parallel() + admin, _, realm := provisionUsers(t, harness.Database) + ctx := ctx + ctx = controller.WithSession(ctx, &sessions.Session{}) ctx = controller.WithMembership(ctx, &database.Membership{ Realm: realm, - User: testUser, + User: admin, Permissions: rbac.UserRead, }) diff --git a/pkg/controller/user/reset_password_test.go b/pkg/controller/user/reset_password_test.go index 1ee9d67fe..a26de21d1 100644 --- a/pkg/controller/user/reset_password_test.go +++ b/pkg/controller/user/reset_password_test.go @@ -26,19 +26,14 @@ import ( "github.com/google/exposure-notifications-verification-server/pkg/database" "github.com/google/exposure-notifications-verification-server/pkg/rbac" "github.com/gorilla/mux" + "github.com/gorilla/sessions" ) func TestHandleResetPassword(t *testing.T) { t.Parallel() ctx := project.TestContext(t) - harness := envstest.NewServer(t, testDatabaseInstance) - - realm, testUser, session, err := harness.ProvisionAndLogin() - if err != nil { - t.Fatal(err) - } - ctx = controller.WithSession(ctx, session) + harness := envstest.NewServerConfig(t, testDatabaseInstance) c := user.New(harness.AuthProvider, harness.Cacher, harness.Database, harness.Renderer) handler := c.HandleResetPassword() @@ -53,20 +48,21 @@ func TestHandleResetPassword(t *testing.T) { t.Run("internal_error", func(t *testing.T) { t.Parallel() + admin, testUser, realm := provisionUsers(t, harness.Database) + c := user.New(harness.AuthProvider, harness.Cacher, harness.BadDatabase, harness.Renderer) handler := c.HandleResetPassword() ctx := ctx + ctx = controller.WithSession(ctx, &sessions.Session{}) ctx = controller.WithMembership(ctx, &database.Membership{ Realm: realm, - User: testUser, + User: admin, Permissions: rbac.UserWrite, }) w, r := envstest.BuildFormRequest(ctx, t, http.MethodPost, "/", nil) - r = mux.SetURLVars(r, map[string]string{ - "id": fmt.Sprintf("%d", testUser.ID), - }) + r = mux.SetURLVars(r, map[string]string{"id": fmt.Sprintf("%d", testUser.ID)}) handler.ServeHTTP(w, r) if got, want := w.Code, http.StatusInternalServerError; got != want { @@ -77,17 +73,18 @@ func TestHandleResetPassword(t *testing.T) { t.Run("success", func(t *testing.T) { t.Parallel() + admin, testUser, realm := provisionUsers(t, harness.Database) + ctx := ctx + ctx = controller.WithSession(ctx, &sessions.Session{}) ctx = controller.WithMembership(ctx, &database.Membership{ Realm: realm, - User: testUser, + User: admin, Permissions: rbac.UserWrite, }) w, r := envstest.BuildFormRequest(ctx, t, http.MethodPost, "/", nil) - r = mux.SetURLVars(r, map[string]string{ - "id": fmt.Sprintf("%d", testUser.ID), - }) + r = mux.SetURLVars(r, map[string]string{"id": fmt.Sprintf("%d", testUser.ID)}) handler.ServeHTTP(w, r) if got, want := w.Code, http.StatusSeeOther; got != want { diff --git a/pkg/controller/user/show_test.go b/pkg/controller/user/show_test.go index cd0ae1bb2..c58a5fe5f 100644 --- a/pkg/controller/user/show_test.go +++ b/pkg/controller/user/show_test.go @@ -26,19 +26,14 @@ import ( "github.com/google/exposure-notifications-verification-server/pkg/database" "github.com/google/exposure-notifications-verification-server/pkg/rbac" "github.com/gorilla/mux" + "github.com/gorilla/sessions" ) func TestHandleShow(t *testing.T) { t.Parallel() ctx := project.TestContext(t) - harness := envstest.NewServer(t, testDatabaseInstance) - - realm, testUser, session, err := harness.ProvisionAndLogin() - if err != nil { - t.Fatal(err) - } - ctx = controller.WithSession(ctx, session) + harness := envstest.NewServerConfig(t, testDatabaseInstance) c := user.New(harness.AuthProvider, harness.Cacher, harness.Database, harness.Renderer) handler := c.HandleShow() @@ -50,8 +45,8 @@ func TestHandleShow(t *testing.T) { envstest.ExerciseMembershipMissing(t, handler) envstest.ExercisePermissionMissing(t, handler) envstest.ExerciseIDNotFound(t, &database.Membership{ - Realm: realm, - User: testUser, + Realm: &database.Realm{}, + User: &database.User{}, Permissions: rbac.UserRead, }, handler) }) @@ -62,10 +57,13 @@ func TestHandleShow(t *testing.T) { c := user.New(harness.AuthProvider, harness.Cacher, harness.BadDatabase, harness.Renderer) handler := c.HandleShow() + admin, testUser, realm := provisionUsers(t, harness.Database) + ctx := ctx + ctx = controller.WithSession(ctx, &sessions.Session{}) ctx = controller.WithMembership(ctx, &database.Membership{ Realm: realm, - User: testUser, + User: admin, Permissions: rbac.UserRead, }) @@ -83,17 +81,18 @@ func TestHandleShow(t *testing.T) { t.Run("success", func(t *testing.T) { t.Parallel() + admin, testUser, realm := provisionUsers(t, harness.Database) + ctx := ctx + ctx = controller.WithSession(ctx, &sessions.Session{}) ctx = controller.WithMembership(ctx, &database.Membership{ Realm: realm, - User: testUser, + User: admin, Permissions: rbac.UserRead, }) w, r := envstest.BuildFormRequest(ctx, t, http.MethodGet, "/", nil) - r = mux.SetURLVars(r, map[string]string{ - "id": fmt.Sprintf("%d", testUser.ID), - }) + r = mux.SetURLVars(r, map[string]string{"id": fmt.Sprintf("%d", testUser.ID)}) handler.ServeHTTP(w, r) if got, want := w.Code, http.StatusOK; got != want { diff --git a/pkg/controller/user/update_test.go b/pkg/controller/user/update_test.go index 21eb8ed8e..ea1dcb083 100644 --- a/pkg/controller/user/update_test.go +++ b/pkg/controller/user/update_test.go @@ -35,25 +35,7 @@ func TestHandleUpdate(t *testing.T) { t.Parallel() ctx := project.TestContext(t) - harness := envstest.NewServer(t, testDatabaseInstance) - - realm, admin, session, err := harness.ProvisionAndLogin() - if err != nil { - t.Fatal(err) - } - ctx = controller.WithSession(ctx, session) - - // Create another user. - testUser := &database.User{ - Email: "user@example.com", - Name: "User", - } - if err := harness.Database.SaveUser(testUser, database.SystemTest); err != nil { - t.Fatal(err) - } - if err := testUser.AddToRealm(harness.Database, realm, 0, database.SystemTest); err != nil { - t.Fatal(err) - } + harness := envstest.NewServerConfig(t, testDatabaseInstance) c := user.New(harness.AuthProvider, harness.Cacher, harness.Database, harness.Renderer) handler := c.HandleUpdate() @@ -65,8 +47,8 @@ func TestHandleUpdate(t *testing.T) { envstest.ExerciseMembershipMissing(t, handler) envstest.ExercisePermissionMissing(t, handler) envstest.ExerciseIDNotFound(t, &database.Membership{ - Realm: realm, - User: testUser, + Realm: &database.Realm{}, + User: &database.User{}, Permissions: rbac.UserWrite, }, handler) }) @@ -78,18 +60,17 @@ func TestHandleUpdate(t *testing.T) { handler := c.HandleUpdate() ctx := ctx + ctx = controller.WithSession(ctx, &sessions.Session{}) ctx = controller.WithMembership(ctx, &database.Membership{ - Realm: realm, - User: admin, + Realm: &database.Realm{}, + User: &database.User{}, Permissions: rbac.LegacyRealmAdmin, }) w, r := envstest.BuildFormRequest(ctx, t, http.MethodPut, "/", &url.Values{ "name": []string{"apple"}, }) - r = mux.SetURLVars(r, map[string]string{ - "id": fmt.Sprintf("%d", testUser.ID), - }) + r = mux.SetURLVars(r, map[string]string{"id": "123456789"}) handler.ServeHTTP(w, r) if got, want := w.Code, http.StatusInternalServerError; got != want { @@ -100,6 +81,8 @@ func TestHandleUpdate(t *testing.T) { t.Run("validation", func(t *testing.T) { t.Parallel() + admin, testUser, realm := provisionUsers(t, harness.Database) + ctx := ctx ctx = controller.WithSession(ctx, &sessions.Session{}) ctx = controller.WithMembership(ctx, &database.Membership{ @@ -111,9 +94,7 @@ func TestHandleUpdate(t *testing.T) { w, r := envstest.BuildFormRequest(ctx, t, http.MethodPut, "/", &url.Values{ "name": []string{""}, }) - r = mux.SetURLVars(r, map[string]string{ - "id": fmt.Sprintf("%d", testUser.ID), - }) + r = mux.SetURLVars(r, map[string]string{"id": fmt.Sprintf("%d", testUser.ID)}) handler.ServeHTTP(w, r) if got, want := w.Code, http.StatusUnprocessableEntity; got != want { @@ -127,6 +108,8 @@ func TestHandleUpdate(t *testing.T) { t.Run("success", func(t *testing.T) { t.Parallel() + admin, testUser, realm := provisionUsers(t, harness.Database) + ctx := ctx ctx = controller.WithSession(ctx, &sessions.Session{}) ctx = controller.WithMembership(ctx, &database.Membership{ @@ -142,9 +125,7 @@ func TestHandleUpdate(t *testing.T) { fmt.Sprintf("%d", rbac.UserWrite), }, }) - r = mux.SetURLVars(r, map[string]string{ - "id": fmt.Sprintf("%d", testUser.ID), - }) + r = mux.SetURLVars(r, map[string]string{"id": fmt.Sprintf("%d", testUser.ID)}) handler.ServeHTTP(w, r) if got, want := w.Code, http.StatusSeeOther; got != want { diff --git a/pkg/controller/user/user_test.go b/pkg/controller/user/user_test.go index 75b0cb657..59198a23a 100644 --- a/pkg/controller/user/user_test.go +++ b/pkg/controller/user/user_test.go @@ -15,9 +15,12 @@ package user_test import ( + "fmt" "testing" + "github.com/google/exposure-notifications-verification-server/internal/project" "github.com/google/exposure-notifications-verification-server/pkg/database" + "github.com/google/exposure-notifications-verification-server/pkg/rbac" ) var testDatabaseInstance *database.TestInstance @@ -28,3 +31,40 @@ func TestMain(m *testing.M) { m.Run() } + +func provisionUsers(tb testing.TB, db *database.Database) (admin *database.User, user *database.User, realm *database.Realm) { + tb.Helper() + + var err error + + realm, err = db.FindRealm(1) + if err != nil { + tb.Fatal(err) + } + + admin, err = db.FindUser(1) + if err != nil { + tb.Fatal(err) + } + if err := admin.AddToRealm(db, realm, rbac.LegacyRealmAdmin, database.SystemTest); err != nil { + tb.Fatal(err) + } + + suffix, err := project.RandomHexString(6) + if err != nil { + tb.Fatal(err) + } + + testUser := &database.User{ + Email: fmt.Sprintf("user-%s@example.com", suffix), + Name: "User", + } + if err := db.SaveUser(testUser, database.SystemTest); err != nil { + tb.Fatal(err) + } + if err := testUser.AddToRealm(db, realm, 0, database.SystemTest); err != nil { + tb.Fatal(err) + } + + return admin, testUser, realm +}