Add integration tests for users

integration_test.go

@@ -7,23 +7,43 @@
 package main
 
 import (
+	"math/rand"
+	"strconv"
+	"strings"
 	"testing"
+	"time"
 
 	"github.com/miniflux/miniflux-go"
 )
 
 const (
-	testBaseURL  = "http://127.0.0.1:8080"
-	testUsername = "admin"
-	testPassword = "test123"
+	testBaseURL          = "http://127.0.0.1:8080"
+	testAdminUsername    = "admin"
+	testAdminPassword    = "test123"
+	testStandardPassword = "secret"
 )
 
+func TestWithBadEndpoint(t *testing.T) {
+	client := miniflux.NewClient("bad url", testAdminUsername, testAdminPassword)
+	_, err := client.Users()
+	if err == nil {
+		t.Fatal(`Using a bad url should raise an error`)
+	}
+}
+
+func TestWithWrongCredentials(t *testing.T) {
+	client := miniflux.NewClient(testBaseURL, "invalid", "invalid")
+	_, err := client.Users()
+	if err == nil {
+		t.Fatal(`Using bad credentials should raise an error`)
+	}
+}
+
 func TestGetUsers(t *testing.T) {
-	client := miniflux.NewClient(testBaseURL, testUsername, testPassword)
+	client := miniflux.NewClient(testBaseURL, testAdminUsername, testAdminPassword)
 	users, err := client.Users()
 	if err != nil {
 		t.Fatal(err)
-		return
 	}
 
 	if len(users) == 0 {
@@ -31,71 +51,263 @@ func TestGetUsers(t *testing.T) {
 	}
 
 	if users[0].ID == 0 {
-		t.Fatalf(`Invalid userID, got %v`, users[0].ID)
+		t.Fatalf(`Invalid userID, got "%v"`, users[0].ID)
 	}
 
-	if users[0].Username != testUsername {
-		t.Fatalf(`Invalid username, got %v`, users[0].Username)
+	if users[0].Username != testAdminUsername {
+		t.Fatalf(`Invalid username, got "%v" instead of "%v"`, users[0].Username, testAdminUsername)
 	}
 
 	if users[0].Password != "" {
-		t.Fatalf(`Invalid password, got %v`, users[0].Password)
+		t.Fatalf(`Invalid password, got "%v"`, users[0].Password)
 	}
 
 	if users[0].Language != "en_US" {
-		t.Fatalf(`Invalid language, got %v`, users[0].Language)
+		t.Fatalf(`Invalid language, got "%v"`, users[0].Language)
 	}
 
 	if users[0].Theme != "default" {
-		t.Fatalf(`Invalid theme, got %v`, users[0].Theme)
+		t.Fatalf(`Invalid theme, got "%v"`, users[0].Theme)
 	}
 
 	if users[0].Timezone != "UTC" {
-		t.Fatalf(`Invalid timezone, got %v`, users[0].Timezone)
+		t.Fatalf(`Invalid timezone, got "%v"`, users[0].Timezone)
 	}
 
 	if !users[0].IsAdmin {
-		t.Fatalf(`Invalid role, got %v`, users[0].IsAdmin)
+		t.Fatalf(`Invalid role, got "%v"`, users[0].IsAdmin)
 	}
 }
 
 func TestCreateStandardUser(t *testing.T) {
-	client := miniflux.NewClient(testBaseURL, testUsername, testPassword)
-	user, err := client.CreateUser("test", "test123", false)
+	username := getRandomUsername()
+	client := miniflux.NewClient(testBaseURL, testAdminUsername, testAdminPassword)
+	user, err := client.CreateUser(username, testStandardPassword, false)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if user.ID == 0 {
+		t.Fatalf(`Invalid userID, got "%v"`, user.ID)
+	}
+
+	if user.Username != username {
+		t.Fatalf(`Invalid username, got "%v" instead of "%v"`, user.Username, username)
+	}
+
+	if user.Password != "" {
+		t.Fatalf(`Invalid password, got "%v"`, user.Password)
+	}
+
+	if user.Language != "en_US" {
+		t.Fatalf(`Invalid language, got "%v"`, user.Language)
+	}
+
+	if user.Theme != "default" {
+		t.Fatalf(`Invalid theme, got "%v"`, user.Theme)
+	}
+
+	if user.Timezone != "UTC" {
+		t.Fatalf(`Invalid timezone, got "%v"`, user.Timezone)
+	}
+
+	if user.IsAdmin {
+		t.Fatalf(`Invalid role, got "%v"`, user.IsAdmin)
+	}
+
+	if user.LastLoginAt != nil {
+		t.Fatalf(`Invalid last login date, got "%v"`, user.LastLoginAt)
+	}
+}
+
+func TestRemoveUser(t *testing.T) {
+	username := getRandomUsername()
+	client := miniflux.NewClient(testBaseURL, testAdminUsername, testAdminPassword)
+	user, err := client.CreateUser(username, testStandardPassword, false)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if err := client.DeleteUser(user.ID); err != nil {
+		t.Fatalf(`Unable to remove user: "%v"`, err)
+	}
+}
+
+func TestGetUser(t *testing.T) {
+	username := getRandomUsername()
+	client := miniflux.NewClient(testBaseURL, testAdminUsername, testAdminPassword)
+	user, err := client.CreateUser(username, testStandardPassword, false)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	user, err = client.User(user.ID)
 	if err != nil {
 		t.Fatal(err)
-		return
 	}
 
 	if user.ID == 0 {
-		t.Fatalf(`Invalid userID, got %v`, user.ID)
+		t.Fatalf(`Invalid userID, got "%v"`, user.ID)
 	}
 
-	if user.Username != "test" {
-		t.Fatalf(`Invalid username, got %v`, user.Username)
+	if user.Username != username {
+		t.Fatalf(`Invalid username, got "%v" instead of "%v"`, user.Username, username)
 	}
 
 	if user.Password != "" {
-		t.Fatalf(`Invalid password, got %v`, user.Password)
+		t.Fatalf(`Invalid password, got "%v"`, user.Password)
 	}
 
 	if user.Language != "en_US" {
-		t.Fatalf(`Invalid language, got %v`, user.Language)
+		t.Fatalf(`Invalid language, got "%v"`, user.Language)
 	}
 
 	if user.Theme != "default" {
-		t.Fatalf(`Invalid theme, got %v`, user.Theme)
+		t.Fatalf(`Invalid theme, got "%v"`, user.Theme)
 	}
 
 	if user.Timezone != "UTC" {
-		t.Fatalf(`Invalid timezone, got %v`, user.Timezone)
+		t.Fatalf(`Invalid timezone, got "%v"`, user.Timezone)
 	}
 
 	if user.IsAdmin {
-		t.Fatalf(`Invalid role, got %v`, user.IsAdmin)
+		t.Fatalf(`Invalid role, got "%v"`, user.IsAdmin)
 	}
 
 	if user.LastLoginAt != nil {
-		t.Fatalf(`Invalid last login date, got %v`, user.LastLoginAt)
+		t.Fatalf(`Invalid last login date, got "%v"`, user.LastLoginAt)
+	}
+}
+
+func TestUpdateUser(t *testing.T) {
+	username := getRandomUsername()
+	client := miniflux.NewClient(testBaseURL, testAdminUsername, testAdminPassword)
+	user, err := client.CreateUser(username, testStandardPassword, false)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	theme := "black"
+	user.Theme = theme
+	user, err = client.UpdateUser(user)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if user.Theme != theme {
+		t.Fatalf(`Unable to update user: got "%v" instead of "%v"`, user.Theme, theme)
+	}
+}
+
+func TestUpdateUserWithInvalidValue(t *testing.T) {
+	username := getRandomUsername()
+	client := miniflux.NewClient(testBaseURL, testAdminUsername, testAdminPassword)
+	user, err := client.CreateUser(username, testStandardPassword, false)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	theme := "something that doesn't exists"
+	user.Theme = theme
+	_, err = client.UpdateUser(user)
+	if err == nil {
+		t.Fatal(`Updating a user with an invalid value should raise an error`)
+	}
+}
+
+func TestCannotCreateDuplicateUser(t *testing.T) {
+	username := getRandomUsername()
+	client := miniflux.NewClient(testBaseURL, testAdminUsername, testAdminPassword)
+	_, err := client.CreateUser(username, testStandardPassword, false)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	_, err = client.CreateUser(username, testStandardPassword, false)
+	if err == nil {
+		t.Fatal(`Duplicate users should not be allowed`)
+	}
+}
+
+func TestCannotListUsersAsNonAdmin(t *testing.T) {
+	username := getRandomUsername()
+	client := miniflux.NewClient(testBaseURL, testAdminUsername, testAdminPassword)
+	_, err := client.CreateUser(username, testStandardPassword, false)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	client = miniflux.NewClient(testBaseURL, username, testStandardPassword)
+	_, err = client.Users()
+	if err == nil {
+		t.Fatal(`Standard users should not be able to list any users`)
+	}
+}
+
+func TestCannotGetUserAsNonAdmin(t *testing.T) {
+	username := getRandomUsername()
+	client := miniflux.NewClient(testBaseURL, testAdminUsername, testAdminPassword)
+	user, err := client.CreateUser(username, testStandardPassword, false)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	client = miniflux.NewClient(testBaseURL, username, testStandardPassword)
+	_, err = client.User(user.ID)
+	if err == nil {
+		t.Fatal(`Standard users should not be able to get any users`)
+	}
+}
+
+func TestCannotUpdateUserAsNonAdmin(t *testing.T) {
+	username := getRandomUsername()
+	client := miniflux.NewClient(testBaseURL, testAdminUsername, testAdminPassword)
+	user, err := client.CreateUser(username, testStandardPassword, false)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	client = miniflux.NewClient(testBaseURL, username, testStandardPassword)
+	_, err = client.UpdateUser(user)
+	if err == nil {
+		t.Fatal(`Standard users should not be able to update any users`)
+	}
+}
+
+func TestCannotCreateUserAsNonAdmin(t *testing.T) {
+	username := getRandomUsername()
+	client := miniflux.NewClient(testBaseURL, testAdminUsername, testAdminPassword)
+	_, err := client.CreateUser(username, testStandardPassword, false)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	client = miniflux.NewClient(testBaseURL, username, testStandardPassword)
+	_, err = client.CreateUser(username, testStandardPassword, false)
+	if err == nil {
+		t.Fatal(`Standard users should not be able to create users`)
+	}
+}
+
+func TestCannotDeleteUserAsNonAdmin(t *testing.T) {
+	username := getRandomUsername()
+	client := miniflux.NewClient(testBaseURL, testAdminUsername, testAdminPassword)
+	user, err := client.CreateUser(username, testStandardPassword, false)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	client = miniflux.NewClient(testBaseURL, username, testStandardPassword)
+	if err := client.DeleteUser(user.ID); err == nil {
+		t.Fatal(`Standard users should not be able to remove any users`)
+	}
+}
+
+func getRandomUsername() string {
+	rand.Seed(time.Now().UnixNano())
+	var suffix []string
+	for i := 0; i < 10; i++ {
+		suffix = append(suffix, strconv.Itoa(rand.Intn(1000)))
 	}
+	return "user" + strings.Join(suffix, "")
 }

locale/translations.go

@@ -1,5 +1,5 @@
 // Code generated by go generate; DO NOT EDIT.
-// 2017-11-24 21:40:33.354922728 -0800 PST m=+0.035838197
+// 2017-11-25 10:47:30.371865884 -0800 PST m=+0.027993990
 
 package locale
 

locale/translations/fr_FR.json

@@ -133,5 +133,6 @@
     "Sign in with Google": "Se connecter avec Google",
     "Unlink my Google account": "Dissocier mon compte Google",
     "Link my Google account": "Associer mon compte Google",
-    "Category not found for this user.": "Cette catégorie n'existe pas pour cet utilisateur."
+    "Category not found for this user.": "Cette catégorie n'existe pas pour cet utilisateur.",
+    "Invalid theme.": "Le thème est invalide."
 }

model/theme.go

@@ -4,6 +4,8 @@
 
 package model
 
+import "github.com/miniflux/miniflux2/errors"
+
 // GetThemes returns the list of available themes.
 func GetThemes() map[string]string {
 	return map[string]string{
@@ -11,3 +13,14 @@ func GetThemes() map[string]string {
 		"black":   "Black",
 	}
 }
+
+// ValidateTheme validates theme value.
+func ValidateTheme(theme string) error {
+	for key := range GetThemes() {
+		if key == theme {
+			return nil
+		}
+	}
+
+	return errors.NewLocalizedError("Invalid theme.")
+}

model/user.go

@@ -27,6 +27,7 @@ func NewUser() *User {
 	return &User{Extra: make(map[string]string)}
 }
 
+// ValidateUserCreation validates new user.
 func (u User) ValidateUserCreation() error {
 	if err := u.ValidateUserLogin(); err != nil {
 		return err
@@ -39,6 +40,7 @@ func (u User) ValidateUserCreation() error {
 	return nil
 }
 
+// ValidateUserModification validates user for modification.
 func (u User) ValidateUserModification() error {
 	if u.Username == "" {
 		return errors.New("The username is mandatory")
@@ -48,9 +50,14 @@ func (u User) ValidateUserModification() error {
 		return err
 	}
 
+	if err := ValidateTheme(u.Theme); err != nil {
+		return err
+	}
+
 	return nil
 }
 
+// ValidateUserLogin validates user credential requirements.
 func (u User) ValidateUserLogin() error {
 	if u.Username == "" {
 		return errors.New("The username is mandatory")
@@ -63,6 +70,7 @@ func (u User) ValidateUserLogin() error {
 	return nil
 }
 
+// ValidatePassword validates user password requirements.
 func (u User) ValidatePassword() error {
 	if u.Password != "" && len(u.Password) < 6 {
 		return errors.New("The password must have at least 6 characters")

server/static/bin.go

@@ -1,5 +1,5 @@
 // Code generated by go generate; DO NOT EDIT.
-// 2017-11-24 21:40:33.326996526 -0800 PST m=+0.007911995
+// 2017-11-25 10:47:30.351686806 -0800 PST m=+0.007814912
 
 package static
 

server/static/css.go

@@ -1,5 +1,5 @@
 // Code generated by go generate; DO NOT EDIT.
-// 2017-11-24 21:40:33.330122316 -0800 PST m=+0.011037785
+// 2017-11-25 10:47:30.352812144 -0800 PST m=+0.008940250
 
 package static
 

server/static/js.go

@@ -1,5 +1,5 @@
 // Code generated by go generate; DO NOT EDIT.
-// 2017-11-24 21:40:33.333049571 -0800 PST m=+0.013965040
+// 2017-11-25 10:47:30.357950671 -0800 PST m=+0.014078777
 
 package static
 

server/template/common.go

@@ -1,5 +1,5 @@
 // Code generated by go generate; DO NOT EDIT.
-// 2017-11-24 21:40:33.353262943 -0800 PST m=+0.034178412
+// 2017-11-25 10:47:30.370347794 -0800 PST m=+0.026475900
 
 package template
 

server/template/views.go

@@ -1,5 +1,5 @@
 // Code generated by go generate; DO NOT EDIT.
-// 2017-11-24 21:40:33.335450873 -0800 PST m=+0.016366342
+// 2017-11-25 10:47:30.359140331 -0800 PST m=+0.015268437
 
 package template
 

sql/sql.go

@@ -1,5 +1,5 @@
 // Code generated by go generate; DO NOT EDIT.
-// 2017-11-24 21:40:33.323320501 -0800 PST m=+0.004235970
+// 2017-11-25 10:47:30.347837046 -0800 PST m=+0.003965152
 
 package sql