From cb09f01971dc4592f61a49bda9e54e2dfa4aae2a Mon Sep 17 00:00:00 2001 From: mmd-osm Date: Thu, 30 May 2019 21:56:32 +0200 Subject: [PATCH] Unit tests for Basic Auth fix --- test/test_apidb_backend_changeset_uploads.cpp | 66 +++++++++++++++++++ test/test_database.cpp | 15 ++++- 2 files changed, 80 insertions(+), 1 deletion(-) diff --git a/test/test_apidb_backend_changeset_uploads.cpp b/test/test_apidb_backend_changeset_uploads.cpp index dd2964372..3c1eacbd7 100644 --- a/test/test_apidb_backend_changeset_uploads.cpp +++ b/test/test_apidb_backend_changeset_uploads.cpp @@ -2072,6 +2072,72 @@ namespace { } + // User logging on with display name (different case) + { + // set up request headers from test case + test_request req; + req.set_header("REQUEST_METHOD", "POST"); + req.set_header("REQUEST_URI", "/api/0.6/changeset/1/upload"); + req.set_header("HTTP_AUTHORIZATION", "Basic REVNTzpwYXNzd29yZA=="); + req.set_header("REMOTE_ADDR", "127.0.0.1"); + + req.set_payload(R"( + + + )" ); + + // execute the request + process_request(req, limiter, generator, route, sel_factory, upd_factory, std::shared_ptr(nullptr)); + + if (req.response_status() != 200) + throw std::runtime_error("Expected HTTP 200 OK: Log on with display name, different case"); + } + + // User logging on with email address rather than display name + { + // set up request headers from test case + test_request req; + req.set_header("REQUEST_METHOD", "POST"); + req.set_header("REQUEST_URI", "/api/0.6/changeset/1/upload"); + req.set_header("HTTP_AUTHORIZATION", "Basic ZGVtb0BleGFtcGxlLmNvbTpwYXNzd29yZA=="); + req.set_header("REMOTE_ADDR", "127.0.0.1"); + + req.set_payload(R"( + + + )" ); + + // execute the request + process_request(req, limiter, generator, route, sel_factory, upd_factory, std::shared_ptr(nullptr)); + + if (req.response_status() != 200) + throw std::runtime_error("Expected HTTP 200 OK: Log on with email address"); + } + + + // User logging on with email address with different case and additional whitespace rather than display name + { + // set up request headers from test case + test_request req; + req.set_header("REQUEST_METHOD", "POST"); + req.set_header("REQUEST_URI", "/api/0.6/changeset/1/upload"); + req.set_header("HTTP_AUTHORIZATION", "Basic ICAgZGVtb0BleGFtcGxlLkNPTSAgIDpwYXNzd29yZA=="); + req.set_header("REMOTE_ADDR", "127.0.0.1"); + + req.set_payload(R"( + + + )" ); + + // execute the request + process_request(req, limiter, generator, route, sel_factory, upd_factory, std::shared_ptr(nullptr)); + + if (req.response_status() != 200) + throw std::runtime_error("Expected HTTP 200 OK: Log on with email address, whitespace, different case"); + } + + + // User is blocked (needs_view) { tdb.run_sql(R"(UPDATE user_blocks SET needs_view = true where user_id = 1;)"); diff --git a/test/test_database.cpp b/test/test_database.cpp index 143383f76..b2c27deeb 100644 --- a/test/test_database.cpp +++ b/test/test_database.cpp @@ -208,7 +208,20 @@ void test_database::run_update( } catch (const std::exception &e) { throw std::runtime_error( - (boost::format("%1%, in update") % e.what()).str()); + (boost::format("%1%, in update, writable selection") % e.what()).str()); + } + + try { + // clear out database before using it! + pqxx::connection conn((boost::format("dbname=%1%") % m_db_name).str()); + conn.perform(truncate_all_tables()); + + m_use_readonly = true; + func(*this); + + } catch (const std::exception &e) { + throw std::runtime_error( + (boost::format("%1%, in update, read-only selection") % e.what()).str()); } }