Add tests for Item endpoints
This commit is contained in:
parent
857a298b96
commit
c8f1d250b5
GPG key ID:
65122AD495A7F5B2
3 changed files with 102 additions and 50 deletions
|
|
@ -88,6 +88,9 @@ findItems :: T.Text -> Action IO [Document]
|
||||||
findItems a =
|
findItems a =
|
||||||
rest =<< find (select ["owner" =: a] "items") {sort = ["name" =: (1 :: Int)]}
|
rest =<< find (select ["owner" =: a] "items") {sort = ["name" =: (1 :: Int)]}
|
||||||
|
|
||||||
|
findItemById :: String -> Action IO (Maybe Document)
|
||||||
|
findItemById i = findOne (select ["_id" =: (read i :: ObjectId)] "items")
|
||||||
|
|
||||||
upsertItem :: Item -> Action IO ()
|
upsertItem :: Item -> Action IO ()
|
||||||
upsertItem i = do
|
upsertItem i = do
|
||||||
let item = val i
|
let item = val i
|
||||||
|
|
|
||||||
|
|
@ -1028,7 +1028,7 @@ routes pipe config = do
|
||||||
session <- param "session"
|
session <- param "session"
|
||||||
user <- liftAndCatchIO $ run (findUser session)
|
user <- liftAndCatchIO $ run (findUser session)
|
||||||
case cast' . Doc =<< user of
|
case cast' . Doc =<< user of
|
||||||
Nothing -> status unauthorized401
|
Nothing -> status forbidden403
|
||||||
Just u -> do
|
Just u -> do
|
||||||
items <- liftAndCatchIO $ run (findItems $ uaddress u)
|
items <- liftAndCatchIO $ run (findItems $ uaddress u)
|
||||||
case items of
|
case items of
|
||||||
|
|
@ -1044,18 +1044,34 @@ routes pipe config = do
|
||||||
--Upsert item
|
--Upsert item
|
||||||
post "/api/item" $ do
|
post "/api/item" $ do
|
||||||
i <- jsonData
|
i <- jsonData
|
||||||
let q = payload (i :: Payload Item)
|
session <- param "session"
|
||||||
_ <- liftAndCatchIO $ run (upsertItem q)
|
user <- liftAndCatchIO $ run (findUser session)
|
||||||
status created201
|
case cast' . Doc =<< user of
|
||||||
|
Nothing -> status forbidden403
|
||||||
|
Just u -> do
|
||||||
|
let q = payload (i :: Payload Item)
|
||||||
|
if uaddress u == iowner q
|
||||||
|
then do
|
||||||
|
_ <- liftAndCatchIO $ run (upsertItem q)
|
||||||
|
status created201
|
||||||
|
else status forbidden403
|
||||||
--Delete item
|
--Delete item
|
||||||
Web.Scotty.delete "/api/item/:id" $ do
|
Web.Scotty.delete "/api/item/:id" $ do
|
||||||
|
session <- param "session"
|
||||||
oId <- param "id"
|
oId <- param "id"
|
||||||
let r = mkRegex "^[a-f0-9]{24}$"
|
u' <- liftAndCatchIO $ checkUser run session
|
||||||
if matchTest r oId
|
case u' of
|
||||||
then do
|
Nothing -> status forbidden403
|
||||||
liftAndCatchIO $ run (deleteItem oId)
|
Just u -> do
|
||||||
status ok200
|
i <- liftAndCatchIO $ run (findItemById oId)
|
||||||
else status noContent204
|
case cast' . Doc =<< i of
|
||||||
|
Nothing -> status badRequest400
|
||||||
|
Just i' -> do
|
||||||
|
if iowner i' == uaddress u
|
||||||
|
then do
|
||||||
|
liftAndCatchIO $ run (deleteItem oId)
|
||||||
|
status ok200
|
||||||
|
else status forbidden403
|
||||||
--Get price for Zcash
|
--Get price for Zcash
|
||||||
get "/price" $ do
|
get "/price" $ do
|
||||||
curr <- param "currency"
|
curr <- param "currency"
|
||||||
|
|
@ -1553,4 +1569,12 @@ expireProSessions pipe db = do
|
||||||
access pipe master db $ removePro (psaddress z)
|
access pipe master db $ removePro (psaddress z)
|
||||||
access pipe master db $ closeProSession z
|
access pipe master db $ closeProSession z
|
||||||
|
|
||||||
|
checkUser ::
|
||||||
|
(Action IO (Maybe Document) -> IO (Maybe Document))
|
||||||
|
-> T.Text
|
||||||
|
-> IO (Maybe User)
|
||||||
|
checkUser run s = do
|
||||||
|
user <- run (findUser s)
|
||||||
|
return $ cast' . Doc =<< user
|
||||||
|
|
||||||
debug = flip trace
|
debug = flip trace
|
||||||
|
|
|
||||||
105
test/Spec.hs
105
test/Spec.hs
|
|
@ -398,24 +398,77 @@ main = do
|
||||||
res <- httpLBS req
|
res <- httpLBS req
|
||||||
getResponseStatus res `shouldBe` unauthorized401
|
getResponseStatus res `shouldBe` unauthorized401
|
||||||
describe "Item endpoint" $ do
|
describe "Item endpoint" $ do
|
||||||
prop "add item" testItemAdd
|
it "adding item with bad session fails" $ do
|
||||||
it "get items" $ do
|
let item =
|
||||||
|
Item
|
||||||
|
Nothing
|
||||||
|
"Table"
|
||||||
|
"Oak"
|
||||||
|
"zs1w6nkameazc5gujm69350syl5w8tgvyaphums3pw8eytzy5ym08x7dvskmykkatmwrucmgv3er8e"
|
||||||
|
499.99
|
||||||
|
req <-
|
||||||
|
testPostJson "/api/item" $ A.object ["payload" A..= A.toJSON item]
|
||||||
|
res <-
|
||||||
|
httpLBS $
|
||||||
|
setRequestQueryString
|
||||||
|
[("session", Just "35bfb9c2-9ad2-fake-adda-99d63b8dcdcd")]
|
||||||
|
req
|
||||||
|
getResponseStatus res `shouldBe` unauthorized401
|
||||||
|
it "adding item with good session succeeds" $ do
|
||||||
|
let item =
|
||||||
|
Item
|
||||||
|
(Just (read "627d7ba92b05a76be3000013"))
|
||||||
|
"Table"
|
||||||
|
"Oak"
|
||||||
|
"zs1w6nkameazc5gujm69350syl5w8tgvyaphums3pw8eytzy5ym08x7dvskmykkatmwrucmgv3er8e"
|
||||||
|
499.99
|
||||||
|
req <-
|
||||||
|
testPostJson "/api/item" $ A.object ["payload" A..= A.toJSON item]
|
||||||
|
res <-
|
||||||
|
httpLBS $
|
||||||
|
setRequestQueryString
|
||||||
|
[("session", Just "35bfb9c2-9ad2-4fe5-adda-99d63b8dcdcd")]
|
||||||
|
req
|
||||||
|
getResponseStatus res `shouldBe` created201
|
||||||
|
it "get items with valid session succeeds" $ do
|
||||||
req <-
|
req <-
|
||||||
testGet
|
testGet
|
||||||
"/api/items"
|
"/api/items"
|
||||||
[ ("address", Just "Zaddy")
|
[("session", Just "35bfb9c2-9ad2-4fe5-adda-99d63b8dcdcd")]
|
||||||
, ("session", Just "35bfb9c2-9ad2-4fe5-adda-99d63b8dcdcd")
|
|
||||||
]
|
|
||||||
res <- httpJSON req
|
res <- httpJSON req
|
||||||
getResponseStatus (res :: Response A.Value) `shouldBe` ok200
|
getResponseStatus (res :: Response A.Value) `shouldBe` ok200
|
||||||
it "delete item" $ do
|
it "get items with invalid session returns 401" $ do
|
||||||
req <-
|
req <-
|
||||||
testDelete
|
testGet
|
||||||
"/api/item/"
|
"/api/items"
|
||||||
"627d7ba92b05a76be3000003"
|
[("session", Just "35bfb9c2-9ad2-4fe5-fake-99d63b8dcdcd")]
|
||||||
[("session", Just "35bfb9c2-9ad2-4fe5-adda-99d63b8dcdcd")]
|
|
||||||
res <- httpLBS req
|
res <- httpLBS req
|
||||||
getResponseStatus res `shouldBe` ok200
|
getResponseStatus res `shouldBe` unauthorized401
|
||||||
|
describe "delete item" $ do
|
||||||
|
it "returns 401 with invalid session and item ID" $ do
|
||||||
|
req <-
|
||||||
|
testDelete
|
||||||
|
"/api/item/"
|
||||||
|
"627d7ba92b05a76be3000003"
|
||||||
|
[("session", Just "35bfb9c2-9ad2-fake-adda-99d63b8dcdcd")]
|
||||||
|
res <- httpLBS req
|
||||||
|
getResponseStatus res `shouldBe` unauthorized401
|
||||||
|
it "returns 403 when item ID doesn't belong to session" $ do
|
||||||
|
req <-
|
||||||
|
testDelete
|
||||||
|
"/api/item/"
|
||||||
|
"627d7ba92b05a76be3000003"
|
||||||
|
[("session", Just "35bfb9c2-9ad2-4fe5-adda-99d63b8dcdcd")]
|
||||||
|
res <- httpLBS req
|
||||||
|
getResponseStatus res `shouldBe` forbidden403
|
||||||
|
it "succeeds with valid session and item ID" $ do
|
||||||
|
req <-
|
||||||
|
testDelete
|
||||||
|
"/api/item/"
|
||||||
|
"627d7ba92b05a76be3000013"
|
||||||
|
[("session", Just "35bfb9c2-9ad2-4fe5-adda-99d63b8dcdcd")]
|
||||||
|
res <- httpLBS req
|
||||||
|
getResponseStatus res `shouldBe` ok200
|
||||||
describe "WooCommerce endpoints" $ do
|
describe "WooCommerce endpoints" $ do
|
||||||
it "generate token" $ do
|
it "generate token" $ do
|
||||||
req <-
|
req <-
|
||||||
|
|
@ -841,7 +894,7 @@ testMemoParser t1 t2 t3 =
|
||||||
" zs1w6nkameazc5gujm69350syl5w8tgvyaphums3pw8eytzy5ym08x7dvskmykkatmwrucmgv3er8e " <>
|
" zs1w6nkameazc5gujm69350syl5w8tgvyaphums3pw8eytzy5ym08x7dvskmykkatmwrucmgv3er8e " <>
|
||||||
t2 <> " ZGO::5d3d4494-51c0-432d-8495-050419957aea " <> t3
|
t2 <> " ZGO::5d3d4494-51c0-432d-8495-050419957aea " <> t3
|
||||||
case res of
|
case res of
|
||||||
Left e -> assert False `debug` (errorBundlePretty e)
|
Left e -> assert False `debug` errorBundlePretty e
|
||||||
Right zm ->
|
Right zm ->
|
||||||
assert $
|
assert $
|
||||||
U.fromString "5d3d4494-51c0-432d-8495-050419957aea" == m_session zm &&
|
U.fromString "5d3d4494-51c0-432d-8495-050419957aea" == m_session zm &&
|
||||||
|
|
@ -944,34 +997,6 @@ startAPI config = do
|
||||||
let userList =
|
let userList =
|
||||||
map unwrapDoc $ filter filterDocs $ val <$> [myUser, myUser1, myUser2]
|
map unwrapDoc $ filter filterDocs $ val <$> [myUser, myUser1, myUser2]
|
||||||
_ <- access pipe master "test" (insertAll_ "users" userList)
|
_ <- access pipe master "test" (insertAll_ "users" userList)
|
||||||
--_ <-
|
|
||||||
--access
|
|
||||||
--pipe
|
|
||||||
--master
|
|
||||||
--"test"
|
|
||||||
--(insert_
|
|
||||||
--"users"
|
|
||||||
--[ "address" =: uaddress myUser
|
|
||||||
--, "_id" =: u_id myUser
|
|
||||||
--, "session" =: usession myUser
|
|
||||||
--, "blocktime" =: ublocktime myUser
|
|
||||||
--, "pin" =: upin myUser
|
|
||||||
--, "validated" =: uvalidated myUser
|
|
||||||
--])
|
|
||||||
--_ <-
|
|
||||||
--access
|
|
||||||
--pipe
|
|
||||||
--master
|
|
||||||
--"test"
|
|
||||||
--(insert_
|
|
||||||
--"users"
|
|
||||||
--[ "address" =: uaddress myUser1
|
|
||||||
--, "_id" =: u_id myUser1
|
|
||||||
--, "session" =: usession myUser1
|
|
||||||
--, "blocktime" =: ublocktime myUser1
|
|
||||||
--, "pin" =: upin myUser1
|
|
||||||
--, "validated" =: uvalidated myUser1
|
|
||||||
--])
|
|
||||||
let myOwner =
|
let myOwner =
|
||||||
Owner
|
Owner
|
||||||
(Just (read "627ad3492b05a76be3000001"))
|
(Just (read "627ad3492b05a76be3000001"))
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue