From c2fc8b8ae9d9e602481d5daaf6d736755b1533d5 Mon Sep 17 00:00:00 2001 From: Rene Vergara Date: Mon, 12 Jun 2023 15:48:23 -0500 Subject: [PATCH] Add tests for random WooToken --- src/WooCommerce.hs | 24 ++++++++--------- test/Spec.hs | 66 +++++++++++++++++++++++++++++++++++++++++----- 2 files changed, 71 insertions(+), 19 deletions(-) diff --git a/src/WooCommerce.hs b/src/WooCommerce.hs index 2b7b160..1699efc 100644 --- a/src/WooCommerce.hs +++ b/src/WooCommerce.hs @@ -31,27 +31,25 @@ data WooToken = instance FromJSON WooToken where parseJSON = withObject "WooToken" $ \obj -> do - i <- obj .: "_id" - o <- obj .: "owner" + i <- obj .:? "_id" + o <- obj .: "ownerid" t <- obj .: "token" - u <- obj .: "url" - pure $ - WooToken - (if not (null i) - then Just (read i) - else Nothing) - (read o) - t - u + u <- obj .: "siteurl" + pure $ WooToken (read <$> i) (read o) t u instance ToJSON WooToken where toJSON (WooToken i o t u) = case i of Just oid -> - object ["_id" .= show oid, "owner" .= show o, "token" .= t, "url" .= u] + object + ["_id" .= show oid, "ownerid" .= show o, "token" .= t, "siteurl" .= u] Nothing -> object - ["_id" .= ("" :: String), "owner" .= show o, "token" .= t, "url" .= u] + [ "_id" .= ("" :: String) + , "ownerid" .= show o + , "token" .= t + , "siteurl" .= u + ] instance Val WooToken where val (WooToken i o t u) = diff --git a/test/Spec.hs b/test/Spec.hs index 9feb956..ac402f4 100644 --- a/test/Spec.hs +++ b/test/Spec.hs @@ -13,6 +13,7 @@ import Data.Either import Data.Maybe import Data.SecureMem import qualified Data.Text as T +import qualified Data.Text.Encoding as E import Data.Time import Data.Time.Calendar import Data.Time.Clock @@ -594,6 +595,20 @@ main = do ] res <- httpLBS req getResponseStatus res `shouldBe` accepted202 + it "read token gives 401 with bad session" $ do + req <- + testGet + "/api/wootoken" + [("session", Just "35bfb9c2-9ad2-4fe5-fake-99d63b8dcdcd")] + res <- httpLBS req + getResponseStatus res `shouldBe` unauthorized401 + it "read token succeeds with valid session" $ do + req <- + testGet + "/api/wootoken" + [("session", Just "35bfb9c2-9ad2-4fe5-adda-99d63b8dcdcd")] + res <- httpJSON req + getResponseStatus (res :: Response A.Value) `shouldBe` ok200 it "authenticate with incorrect owner" $ do req <- testPublicGet @@ -617,13 +632,17 @@ main = do res <- httpJSON req getResponseStatus (res :: Response A.Value) `shouldBe` accepted202 it "authenticate with correct token" $ do + req1 <- + testGet + "/api/wootoken" + [("session", Just "35bfb9c2-9ad2-4fe5-adda-99d63b8dcdcd")] + res1 <- httpJSON req1 + let tk = getResponseBody (res1 :: Response WooToken) req <- testPublicGet "/auth" [ ("ownerid", Just "627ad3492b05a76be3000001") - , ( "token" - , Just - "0c1702c16c7bd7e075b8bb129b24888a5cc2181fa1eb4ce9190cfcb625ecf0ee") + , ("token", Just $ (E.encodeUtf8 . w_token) tk) , ("siteurl", Just "aHR0cHM6Ly93d3cudGVjcHJvdmFsLmNvbS8") ] res <- httpJSON req @@ -641,13 +660,17 @@ main = do res <- httpJSON req getResponseStatus (res :: Response A.Value) `shouldBe` accepted202 it "request order creation" $ do + req1 <- + testGet + "/api/wootoken" + [("session", Just "35bfb9c2-9ad2-4fe5-adda-99d63b8dcdcd")] + res1 <- httpJSON req1 + let tk = getResponseBody (res1 :: Response WooToken) req <- testPublicGet "/woopayment" [ ("ownerid", Just "627ad3492b05a76be3000001") - , ( "token" - , Just - "0c1702c16c7bd7e075b8bb129b24888a5cc2181fa1eb4ce9190cfcb625ecf0ee") + , ("token", Just $ (E.encodeUtf8 . w_token) tk) , ("siteurl", Just "aHR0cHM6Ly93d3cudGVjcHJvdmFsLmNvbS8") , ("order_id", Just "1234") , ("currency", Just "usd") @@ -1143,11 +1166,42 @@ startAPI config = do False "" "" + let myOwner1 = + Owner + (Just (read "627ad3492b05a76be3000008")) + "zs1w6nkameazc5gujm69350syl5w8tgvyaphums3pw8eytzy5ym08x7dvskmykkatmwrucmgv3fake" + "Test shop 2" + "usd" + False + 0 + False + 0 + "Roxy" + "Foo" + "roxy@zgo.cash" + "1 Main St" + "Mpls" + "Minnesota" + "55401" + "" + "missyfoo.io" + "United States" + True + False + False + (UTCTime (fromGregorian 2023 8 6) (secondsToDiffTime 0)) + False + "" + "" _ <- access pipe master "test" (Database.MongoDB.delete (select [] "owners")) let o = val myOwner case o of Doc d -> access pipe master "test" (insert_ "owners" d) _ -> fail "Couldn't save Owner in DB" + let o1 = val myOwner1 + case o1 of + Doc d1 -> access pipe master "test" (insert_ "owners" d1) + _ -> fail "Couldn't save Owner1 in DB" _ <- access pipe master "test" (Database.MongoDB.delete (select [] "orders")) myTs <- liftIO getCurrentTime let myOrder =