Add tests for Item endpoints

This commit is contained in:
Rene Vergara 2023-05-26 14:04:35 -05:00
parent 857a298b96
commit c8f1d250b5
Signed by: pitmutt
GPG key ID: 65122AD495A7F5B2
3 changed files with 102 additions and 50 deletions

View file

@ -88,6 +88,9 @@ findItems :: T.Text -> Action IO [Document]
findItems a = findItems a =
rest =<< find (select ["owner" =: a] "items") {sort = ["name" =: (1 :: Int)]} rest =<< find (select ["owner" =: a] "items") {sort = ["name" =: (1 :: Int)]}
findItemById :: String -> Action IO (Maybe Document)
findItemById i = findOne (select ["_id" =: (read i :: ObjectId)] "items")
upsertItem :: Item -> Action IO () upsertItem :: Item -> Action IO ()
upsertItem i = do upsertItem i = do
let item = val i let item = val i

View file

@ -1028,7 +1028,7 @@ routes pipe config = do
session <- param "session" session <- param "session"
user <- liftAndCatchIO $ run (findUser session) user <- liftAndCatchIO $ run (findUser session)
case cast' . Doc =<< user of case cast' . Doc =<< user of
Nothing -> status unauthorized401 Nothing -> status forbidden403
Just u -> do Just u -> do
items <- liftAndCatchIO $ run (findItems $ uaddress u) items <- liftAndCatchIO $ run (findItems $ uaddress u)
case items of case items of
@ -1044,18 +1044,34 @@ routes pipe config = do
--Upsert item --Upsert item
post "/api/item" $ do post "/api/item" $ do
i <- jsonData i <- jsonData
session <- param "session"
user <- liftAndCatchIO $ run (findUser session)
case cast' . Doc =<< user of
Nothing -> status forbidden403
Just u -> do
let q = payload (i :: Payload Item) let q = payload (i :: Payload Item)
if uaddress u == iowner q
then do
_ <- liftAndCatchIO $ run (upsertItem q) _ <- liftAndCatchIO $ run (upsertItem q)
status created201 status created201
else status forbidden403
--Delete item --Delete item
Web.Scotty.delete "/api/item/:id" $ do Web.Scotty.delete "/api/item/:id" $ do
session <- param "session"
oId <- param "id" oId <- param "id"
let r = mkRegex "^[a-f0-9]{24}$" u' <- liftAndCatchIO $ checkUser run session
if matchTest r oId case u' of
Nothing -> status forbidden403
Just u -> do
i <- liftAndCatchIO $ run (findItemById oId)
case cast' . Doc =<< i of
Nothing -> status badRequest400
Just i' -> do
if iowner i' == uaddress u
then do then do
liftAndCatchIO $ run (deleteItem oId) liftAndCatchIO $ run (deleteItem oId)
status ok200 status ok200
else status noContent204 else status forbidden403
--Get price for Zcash --Get price for Zcash
get "/price" $ do get "/price" $ do
curr <- param "currency" curr <- param "currency"
@ -1553,4 +1569,12 @@ expireProSessions pipe db = do
access pipe master db $ removePro (psaddress z) access pipe master db $ removePro (psaddress z)
access pipe master db $ closeProSession z access pipe master db $ closeProSession z
checkUser ::
(Action IO (Maybe Document) -> IO (Maybe Document))
-> T.Text
-> IO (Maybe User)
checkUser run s = do
user <- run (findUser s)
return $ cast' . Doc =<< user
debug = flip trace debug = flip trace

View file

@ -398,21 +398,74 @@ main = do
res <- httpLBS req res <- httpLBS req
getResponseStatus res `shouldBe` unauthorized401 getResponseStatus res `shouldBe` unauthorized401
describe "Item endpoint" $ do describe "Item endpoint" $ do
prop "add item" testItemAdd it "adding item with bad session fails" $ do
it "get items" $ do let item =
Item
Nothing
"Table"
"Oak"
"zs1w6nkameazc5gujm69350syl5w8tgvyaphums3pw8eytzy5ym08x7dvskmykkatmwrucmgv3er8e"
499.99
req <-
testPostJson "/api/item" $ A.object ["payload" A..= A.toJSON item]
res <-
httpLBS $
setRequestQueryString
[("session", Just "35bfb9c2-9ad2-fake-adda-99d63b8dcdcd")]
req
getResponseStatus res `shouldBe` unauthorized401
it "adding item with good session succeeds" $ do
let item =
Item
(Just (read "627d7ba92b05a76be3000013"))
"Table"
"Oak"
"zs1w6nkameazc5gujm69350syl5w8tgvyaphums3pw8eytzy5ym08x7dvskmykkatmwrucmgv3er8e"
499.99
req <-
testPostJson "/api/item" $ A.object ["payload" A..= A.toJSON item]
res <-
httpLBS $
setRequestQueryString
[("session", Just "35bfb9c2-9ad2-4fe5-adda-99d63b8dcdcd")]
req
getResponseStatus res `shouldBe` created201
it "get items with valid session succeeds" $ do
req <- req <-
testGet testGet
"/api/items" "/api/items"
[ ("address", Just "Zaddy") [("session", Just "35bfb9c2-9ad2-4fe5-adda-99d63b8dcdcd")]
, ("session", Just "35bfb9c2-9ad2-4fe5-adda-99d63b8dcdcd")
]
res <- httpJSON req res <- httpJSON req
getResponseStatus (res :: Response A.Value) `shouldBe` ok200 getResponseStatus (res :: Response A.Value) `shouldBe` ok200
it "delete item" $ do it "get items with invalid session returns 401" $ do
req <-
testGet
"/api/items"
[("session", Just "35bfb9c2-9ad2-4fe5-fake-99d63b8dcdcd")]
res <- httpLBS req
getResponseStatus res `shouldBe` unauthorized401
describe "delete item" $ do
it "returns 401 with invalid session and item ID" $ do
req <- req <-
testDelete testDelete
"/api/item/" "/api/item/"
"627d7ba92b05a76be3000003" "627d7ba92b05a76be3000003"
[("session", Just "35bfb9c2-9ad2-fake-adda-99d63b8dcdcd")]
res <- httpLBS req
getResponseStatus res `shouldBe` unauthorized401
it "returns 403 when item ID doesn't belong to session" $ do
req <-
testDelete
"/api/item/"
"627d7ba92b05a76be3000003"
[("session", Just "35bfb9c2-9ad2-4fe5-adda-99d63b8dcdcd")]
res <- httpLBS req
getResponseStatus res `shouldBe` forbidden403
it "succeeds with valid session and item ID" $ do
req <-
testDelete
"/api/item/"
"627d7ba92b05a76be3000013"
[("session", Just "35bfb9c2-9ad2-4fe5-adda-99d63b8dcdcd")] [("session", Just "35bfb9c2-9ad2-4fe5-adda-99d63b8dcdcd")]
res <- httpLBS req res <- httpLBS req
getResponseStatus res `shouldBe` ok200 getResponseStatus res `shouldBe` ok200
@ -841,7 +894,7 @@ testMemoParser t1 t2 t3 =
" zs1w6nkameazc5gujm69350syl5w8tgvyaphums3pw8eytzy5ym08x7dvskmykkatmwrucmgv3er8e " <> " zs1w6nkameazc5gujm69350syl5w8tgvyaphums3pw8eytzy5ym08x7dvskmykkatmwrucmgv3er8e " <>
t2 <> " ZGO::5d3d4494-51c0-432d-8495-050419957aea " <> t3 t2 <> " ZGO::5d3d4494-51c0-432d-8495-050419957aea " <> t3
case res of case res of
Left e -> assert False `debug` (errorBundlePretty e) Left e -> assert False `debug` errorBundlePretty e
Right zm -> Right zm ->
assert $ assert $
U.fromString "5d3d4494-51c0-432d-8495-050419957aea" == m_session zm && U.fromString "5d3d4494-51c0-432d-8495-050419957aea" == m_session zm &&
@ -944,34 +997,6 @@ startAPI config = do
let userList = let userList =
map unwrapDoc $ filter filterDocs $ val <$> [myUser, myUser1, myUser2] map unwrapDoc $ filter filterDocs $ val <$> [myUser, myUser1, myUser2]
_ <- access pipe master "test" (insertAll_ "users" userList) _ <- access pipe master "test" (insertAll_ "users" userList)
--_ <-
--access
--pipe
--master
--"test"
--(insert_
--"users"
--[ "address" =: uaddress myUser
--, "_id" =: u_id myUser
--, "session" =: usession myUser
--, "blocktime" =: ublocktime myUser
--, "pin" =: upin myUser
--, "validated" =: uvalidated myUser
--])
--_ <-
--access
--pipe
--master
--"test"
--(insert_
--"users"
--[ "address" =: uaddress myUser1
--, "_id" =: u_id myUser1
--, "session" =: usession myUser1
--, "blocktime" =: ublocktime myUser1
--, "pin" =: upin myUser1
--, "validated" =: uvalidated myUser1
--])
let myOwner = let myOwner =
Owner Owner
(Just (read "627ad3492b05a76be3000001")) (Just (read "627ad3492b05a76be3000001"))