TestModifyUser tests that a user with the appropriate access is able to modify their username and password.
(t *testing.T)
| 101 | // TestModifyUser tests that a user with the appropriate access is able to |
| 102 | // modify their username and password. |
| 103 | func TestModifyUser(t *testing.T) { |
| 104 | testCtx := setupTest(t) |
| 105 | unpriviledgedUser := createUnpriviledgedUser(t, models.RoleUser) |
| 106 | newPassword := "new-password" |
| 107 | newUsername := "new-username" |
| 108 | payload := userRequest{ |
| 109 | Username: newUsername, |
| 110 | Password: newPassword, |
| 111 | Role: unpriviledgedUser.Role.Slug, |
| 112 | } |
| 113 | body, err := json.Marshal(payload) |
| 114 | if err != nil { |
| 115 | t.Fatalf("error marshaling userRequest payload: %v", err) |
| 116 | } |
| 117 | url := fmt.Sprintf("/api/users/%d", unpriviledgedUser.Id) |
| 118 | r := httptest.NewRequest(http.MethodPut, url, bytes.NewBuffer(body)) |
| 119 | r.Header.Set("Content-Type", "application/json") |
| 120 | r.Header.Set("Authorization", fmt.Sprintf("Bearer %s", unpriviledgedUser.ApiKey)) |
| 121 | w := httptest.NewRecorder() |
| 122 | |
| 123 | testCtx.apiServer.ServeHTTP(w, r) |
| 124 | response := &models.User{} |
| 125 | err = json.NewDecoder(w.Body).Decode(response) |
| 126 | if err != nil { |
| 127 | t.Fatalf("error decoding user payload: %v", err) |
| 128 | } |
| 129 | expected := http.StatusOK |
| 130 | if w.Code != expected { |
| 131 | t.Fatalf("unexpected error code received. expected %d got %d", expected, w.Code) |
| 132 | } |
| 133 | if response.Username != newUsername { |
| 134 | t.Fatalf("unexpected username received. expected %s got %s", newUsername, response.Username) |
| 135 | } |
| 136 | got, err := models.GetUser(unpriviledgedUser.Id) |
| 137 | if err != nil { |
| 138 | t.Fatalf("error getting unpriviledged user: %v", err) |
| 139 | } |
| 140 | if response.Username != got.Username { |
| 141 | t.Fatalf("unexpected username received. expected %s got %s", response.Username, got.Username) |
| 142 | } |
| 143 | err = bcrypt.CompareHashAndPassword([]byte(got.Hash), []byte(newPassword)) |
| 144 | if err != nil { |
| 145 | t.Fatalf("incorrect hash received for created user. expected %s got %s", []byte(newPassword), []byte(got.Hash)) |
| 146 | } |
| 147 | } |
| 148 | |
| 149 | // TestUnauthorizedListUsers ensures that users without the ModifySystem |
| 150 | // permission are unable to list the users registered in Gophish. |
nothing calls this directly
no test coverage detected