MCPcopy
hub / github.com/gophish/gophish / TestModifyUser

Function TestModifyUser

controllers/api/user_test.go:103–147  ·  view source on GitHub ↗

TestModifyUser tests that a user with the appropriate access is able to modify their username and password.

(t *testing.T)

Source from the content-addressed store, hash-verified

101// TestModifyUser tests that a user with the appropriate access is able to
102// modify their username and password.
103func TestModifyUser(t *testing.T) {
104 testCtx := setupTest(t)
105 unpriviledgedUser := createUnpriviledgedUser(t, models.RoleUser)
106 newPassword := "new-password"
107 newUsername := "new-username"
108 payload := userRequest{
109 Username: newUsername,
110 Password: newPassword,
111 Role: unpriviledgedUser.Role.Slug,
112 }
113 body, err := json.Marshal(payload)
114 if err != nil {
115 t.Fatalf("error marshaling userRequest payload: %v", err)
116 }
117 url := fmt.Sprintf("/api/users/%d", unpriviledgedUser.Id)
118 r := httptest.NewRequest(http.MethodPut, url, bytes.NewBuffer(body))
119 r.Header.Set("Content-Type", "application/json")
120 r.Header.Set("Authorization", fmt.Sprintf("Bearer %s", unpriviledgedUser.ApiKey))
121 w := httptest.NewRecorder()
122
123 testCtx.apiServer.ServeHTTP(w, r)
124 response := &models.User{}
125 err = json.NewDecoder(w.Body).Decode(response)
126 if err != nil {
127 t.Fatalf("error decoding user payload: %v", err)
128 }
129 expected := http.StatusOK
130 if w.Code != expected {
131 t.Fatalf("unexpected error code received. expected %d got %d", expected, w.Code)
132 }
133 if response.Username != newUsername {
134 t.Fatalf("unexpected username received. expected %s got %s", newUsername, response.Username)
135 }
136 got, err := models.GetUser(unpriviledgedUser.Id)
137 if err != nil {
138 t.Fatalf("error getting unpriviledged user: %v", err)
139 }
140 if response.Username != got.Username {
141 t.Fatalf("unexpected username received. expected %s got %s", response.Username, got.Username)
142 }
143 err = bcrypt.CompareHashAndPassword([]byte(got.Hash), []byte(newPassword))
144 if err != nil {
145 t.Fatalf("incorrect hash received for created user. expected %s got %s", []byte(newPassword), []byte(got.Hash))
146 }
147}
148
149// TestUnauthorizedListUsers ensures that users without the ModifySystem
150// permission are unable to list the users registered in Gophish.

Callers

nothing calls this directly

Calls 4

GetUserFunction · 0.92
createUnpriviledgedUserFunction · 0.85
ServeHTTPMethod · 0.80
setupTestFunction · 0.70

Tested by

no test coverage detected