/** User package, testing. * * @author Sonja Happ * @copyright 2014-2019, Institute for Automation of Complex Power Systems, EONERC * @license GNU General Public License (version 3) * * VILLASweb-backend-go * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see . *********************************************************************************/ package user import ( "bytes" "encoding/json" "fmt" "net/http" "net/http/httptest" "os" "testing" "git.rwth-aachen.de/acs/public/villas/web-backend-go/helper" "github.com/gin-gonic/gin" "github.com/stretchr/testify/assert" "git.rwth-aachen.de/acs/public/villas/web-backend-go/configuration" "git.rwth-aachen.de/acs/public/villas/web-backend-go/database" ) var router *gin.Engine type UserRequest struct { Username string `json:"username,omitempty"` Password string `json:"password,omitempty"` OldPassword string `json:"oldPassword,omitempty"` Mail string `json:"mail,omitempty"` Role string `json:"role,omitempty"` Active string `json:"active,omitempty"` } func TestMain(m *testing.M) { err := configuration.InitConfig() if err != nil { panic(m) } err = database.InitDB(configuration.GlobalConfig) if err != nil { panic(m) } defer database.DBpool.Close() router = gin.Default() api := router.Group("/api/v2") RegisterAuthenticate(api.Group("/authenticate")) api.Use(Authentication()) RegisterUserEndpoints(api.Group("/users")) os.Exit(m.Run()) } func TestAuthenticate(t *testing.T) { database.DropTables() database.MigrateModels() err, adminpw := database.DBAddAdminUser(configuration.GlobalConfig) assert.NoError(t, err) // try to authenticate with non JSON body // should result in unauthorized w1 := httptest.NewRecorder() body, _ := json.Marshal("This is no JSON") req, err := http.NewRequest("POST", "/api/v2/authenticate", bytes.NewBuffer(body)) assert.NoError(t, err) req.Header.Set("Content-Type", "application/json") router.ServeHTTP(w1, req) assert.Equalf(t, 401, w1.Code, "Response body: \n%v\n", w1.Body) malformedCredentials := helper.Credentials{ Username: "TEST1", } // try to authenticate with malformed credentials // should result in unauthorized w2 := httptest.NewRecorder() body, _ = json.Marshal(malformedCredentials) req, err = http.NewRequest("POST", "/api/v2/authenticate", bytes.NewBuffer(body)) assert.NoError(t, err) req.Header.Set("Content-Type", "application/json") router.ServeHTTP(w2, req) assert.Equal(t, 401, w2.Code, w2.Body) // try to authenticate with a username that does not exist in the DB // should result in unauthorized malformedCredentials.Username = "NOTEXIST" malformedCredentials.Password = "blablabla" w3 := httptest.NewRecorder() body, _ = json.Marshal(malformedCredentials) req, err = http.NewRequest("POST", "/api/v2/authenticate", bytes.NewBuffer(body)) assert.NoError(t, err) req.Header.Set("Content-Type", "application/json") router.ServeHTTP(w3, req) assert.Equal(t, 401, w3.Code, w3.Body) // try to authenticate with a correct user name and a wrong password // should result in unauthorized malformedCredentials.Username = "User_A" malformedCredentials.Password = "wrong password" w4 := httptest.NewRecorder() body, _ = json.Marshal(malformedCredentials) req, err = http.NewRequest("POST", "/api/v2/authenticate", bytes.NewBuffer(body)) assert.NoError(t, err) req.Header.Set("Content-Type", "application/json") router.ServeHTTP(w4, req) assert.Equal(t, 401, w4.Code, w4.Body) // authenticate as admin _, err = helper.AuthenticateForTest(router, helper.Credentials{Username: "admin", Password: adminpw}) assert.NoError(t, err) } func TestAuthenticateQueryToken(t *testing.T) { database.DropTables() database.MigrateModels() err, adminpw := database.DBAddAdminUser(configuration.GlobalConfig) assert.NoError(t, err) // authenticate as admin token, err := helper.AuthenticateForTest(router, helper.Credentials{Username: "admin", Password: adminpw}) assert.NoError(t, err) w := httptest.NewRecorder() // Create the request req, err := http.NewRequest("GET", "/api/v2/users?token="+token, nil) assert.NoError(t, err) router.ServeHTTP(w, req) assert.Equal(t, w.Code, 200) } func TestAddGetUser(t *testing.T) { database.DropTables() database.MigrateModels() err, adminpw := database.DBAddAdminUser(configuration.GlobalConfig) assert.NoError(t, err) // authenticate as admin token, err := helper.AuthenticateForTest(router, helper.Credentials{Username: "admin", Password: adminpw}) assert.NoError(t, err) // try to POST with non JSON body // should result in bad request code, resp, err := helper.TestEndpoint(router, token, "/api/v2/users", "POST", "This is not JSON") assert.NoError(t, err) assert.Equalf(t, 400, code, "Response body: \n%v\n", resp) wrongUser := UserRequest{ Username: "ab", Password: "123456", Mail: "bla@test.com", Role: "Guest", } // try POST with too short username // should result in bad request code, resp, err = helper.TestEndpoint(router, token, "/api/v2/users", "POST", helper.KeyModels{"user": wrongUser}) assert.NoError(t, err) assert.Equalf(t, 400, code, "Response body: \n%v\n", resp) // try POST with too short password // should result in bad request wrongUser.Username = "Longenoughusername" wrongUser.Password = "short" code, resp, err = helper.TestEndpoint(router, token, "/api/v2/users", "POST", helper.KeyModels{"user": wrongUser}) assert.NoError(t, err) assert.Equalf(t, 400, code, "Response body: \n%v\n", resp) // try POST with wrong role // should result in bad request wrongUser.Password = "longenough" wrongUser.Role = "ThisIsNotARole" code, resp, err = helper.TestEndpoint(router, token, "/api/v2/users", "POST", helper.KeyModels{"user": wrongUser}) assert.NoError(t, err) assert.Equalf(t, 400, code, "Response body: \n%v\n", resp) //try POST with wrong email // should result in bad request wrongUser.Mail = "noemailaddress" wrongUser.Role = "Guest" code, resp, err = helper.TestEndpoint(router, token, "/api/v2/users", "POST", helper.KeyModels{"user": wrongUser}) assert.NoError(t, err) assert.Equalf(t, 400, code, "Response body: \n%v\n", resp) // try POST with missing required fields // should result in bad request wrongUser.Mail = "" wrongUser.Role = "" wrongUser.Password = "" code, resp, err = helper.TestEndpoint(router, token, "/api/v2/users", "POST", helper.KeyModels{"user": wrongUser}) assert.NoError(t, err) assert.Equalf(t, 400, code, "Response body: \n%v\n", resp) // try POST with username that is already taken // should result in unprocessable entity wrongUser.Mail = "test@test.com" wrongUser.Role = "Guest" wrongUser.Password = "blablabla" wrongUser.Username = "admin" code, resp, err = helper.TestEndpoint(router, token, "/api/v2/users", "POST", helper.KeyModels{"user": wrongUser}) assert.NoError(t, err) assert.Equalf(t, 422, code, "Response body: \n%v\n", resp) newUser := UserRequest{ Username: "Alice483", Password: "th1s_I5_@lice#", Mail: "mail@domain.com", Role: "User", } // test POST user/ $newUser code, resp, err = helper.TestEndpoint(router, token, "/api/v2/users", "POST", helper.KeyModels{"user": newUser}) assert.NoError(t, err) assert.Equalf(t, 200, code, "Response body: \n%v\n", resp) // Turn password member of newUser to empty string so it is omitted // in marshaling. The password will never be included in the // response and if is non empty in request we will not be able to do // request-response comparison. Reserve it also for later usage. newUser.Password = "" // Compare POST's response with the newUser (Password omitted) err = helper.CompareResponse(resp, helper.KeyModels{"user": newUser}) assert.NoError(t, err) // Read newUser's ID from the response newUserID, err := helper.GetResponseID(resp) assert.NoError(t, err) // Get the newUser code, resp, err = helper.TestEndpoint(router, token, fmt.Sprintf("/api/v2/users/%v", newUserID), "GET", nil) assert.NoError(t, err) assert.Equalf(t, 200, code, "Response body: \n%v\n", resp) // Compare GET's response with the newUser (Password omitted) err = helper.CompareResponse(resp, helper.KeyModels{"user": newUser}) assert.NoError(t, err) // try to GET user with invalid user ID // should result in bad request code, resp, err = helper.TestEndpoint(router, token, fmt.Sprintf("/api/v2/users/bla"), "GET", nil) assert.NoError(t, err) assert.Equalf(t, 400, code, "Response body: \n%v\n", resp) } func TestUsersNotAllowedActions(t *testing.T) { database.DropTables() database.MigrateModels() err, adminpw := database.DBAddAdminUser(configuration.GlobalConfig) assert.NoError(t, err) // authenticate as admin token, err := helper.AuthenticateForTest(router, helper.Credentials{Username: "admin", Password: adminpw}) assert.NoError(t, err) // Add a user newUser := UserRequest{ Username: "NotAllowedActions", Password: "N0t_@LLow3d_act10n5", Mail: "not@allowed.ac", Role: "User", } code, resp, err := helper.TestEndpoint(router, token, "/api/v2/users", "POST", helper.KeyModels{"user": newUser}) assert.NoError(t, err) assert.Equalf(t, 200, code, "Response body: \n%v\n", resp) newUserID, err := helper.GetResponseID(resp) assert.NoError(t, err) // Authenticate as the added user token, err = helper.AuthenticateForTest(router, UserRequest{ Username: newUser.Username, Password: newUser.Password, }) assert.NoError(t, err) // Try to get all the users (NOT ALLOWED) code, resp, err = helper.TestEndpoint(router, token, "/api/v2/users", "POST", helper.KeyModels{"user": newUser}) assert.NoError(t, err) assert.Equalf(t, 422, code, "Response body: \n%v\n", resp) // Try to read another user than self (eg. Admin) (NOT ALLOWED) code, resp, err = helper.TestEndpoint(router, token, "/api/v2/users/0", "GET", nil) assert.NoError(t, err) assert.Equalf(t, 403, code, "Response body: \n%v\n", resp) // Try to delete another user (eg. Admin) (NOT ALLOWED) code, resp, err = helper.TestEndpoint(router, token, "/api/v2/users/0", "DELETE", nil) assert.NoError(t, err) assert.Equalf(t, 422, code, "Response body: \n%v\n", resp) // Try to delete self (NOT ALLOWED) code, resp, err = helper.TestEndpoint(router, token, fmt.Sprintf("/api/v2/users/%v", newUserID), "DELETE", nil) assert.NoError(t, err) assert.Equalf(t, 422, code, "Response body: \n%v\n", resp) } func TestGetAllUsers(t *testing.T) { database.DropTables() database.MigrateModels() err, adminpw := database.DBAddAdminUser(configuration.GlobalConfig) assert.NoError(t, err) // authenticate as admin token, err := helper.AuthenticateForTest(router, helper.Credentials{Username: "admin", Password: adminpw}) assert.NoError(t, err) // get the length of the GET all users response initialNumber, err := helper.LengthOfResponse(router, token, "/api/v2/users", "GET", nil) assert.NoError(t, err) // Add a user newUser := UserRequest{ Username: "UserGetAllUsers", Password: "get@ll_User5", Mail: "get@all.users", Role: "User", } code, resp, err := helper.TestEndpoint(router, token, "/api/v2/users", "POST", helper.KeyModels{"user": newUser}) assert.NoError(t, err) assert.Equalf(t, 200, code, "Response body: \n%v\n", resp) // get the length of the GET all users response again finalNumber, err := helper.LengthOfResponse(router, token, "/api/v2/users", "GET", nil) assert.NoError(t, err) assert.Equal(t, finalNumber, initialNumber+1) newUserCredentials := helper.Credentials{ Username: newUser.Username, Password: newUser.Password, } // authenticate as normal user token, err = helper.AuthenticateForTest(router, newUserCredentials) assert.NoError(t, err) // try to get all users as normal user // should result in unprocessable entity eror code, resp, err = helper.TestEndpoint(router, token, "/api/v2/users", "GET", nil) assert.NoError(t, err) assert.Equalf(t, 422, code, "Response body: \n%v\n", resp) } func TestModifyAddedUserAsUser(t *testing.T) { database.DropTables() database.MigrateModels() err, adminpw := database.DBAddAdminUser(configuration.GlobalConfig) assert.NoError(t, err) // authenticate as admin token, err := helper.AuthenticateForTest(router, helper.Credentials{Username: "admin", Password: adminpw}) assert.NoError(t, err) // Add a user that will modify itself newUser := UserRequest{ Username: "modMyself", Password: "mod_My5elf", Mail: "mod@my.self", Role: "User", } code, resp, err := helper.TestEndpoint(router, token, "/api/v2/users", "POST", helper.KeyModels{"user": newUser}) assert.NoError(t, err) assert.Equalf(t, 200, code, "Response body: \n%v\n", resp) newUserID, err := helper.GetResponseID(resp) assert.NoError(t, err) // authenticate as the new user token, err = helper.AuthenticateForTest(router, UserRequest{ Username: newUser.Username, Password: newUser.Password, }) assert.NoError(t, err) // Try PUT with invalid user ID in path // Should return a bad request code, resp, err = helper.TestEndpoint(router, token, fmt.Sprintf("/api/v2/users/blabla"), "PUT", helper.KeyModels{"user": newUser}) assert.NoError(t, err) assert.Equalf(t, 400, code, "Response body: \n%v\n", resp) // Try to PUT a non JSON body // Should return a bad request code, resp, err = helper.TestEndpoint(router, token, fmt.Sprintf("/api/v2/users/%v", newUserID), "PUT", "This is no JSON") assert.NoError(t, err) assert.Equalf(t, 400, code, "Response body: \n%v\n", resp) // Turn password member of newUser to empty string so it is omitted // in marshaling. The password will never be included in the // response and if is non empty in request we will not be able to do // request-response comparison newUser.Password = "" // try to modify active state of user // should result in forbidden modActiveState := UserRequest{Active: "no"} code, resp, err = helper.TestEndpoint(router, token, fmt.Sprintf("/api/v2/users/%v", newUserID), "PUT", helper.KeyModels{"user": modActiveState}) assert.NoError(t, err) assert.Equalf(t, 403, code, "Response body: \n%v\n", resp) // modify newUser's own name modRequest := UserRequest{Username: "myNewName"} newUser.Username = modRequest.Username code, resp, err = helper.TestEndpoint(router, token, fmt.Sprintf("/api/v2/users/%v", newUserID), "PUT", helper.KeyModels{"user": modRequest}) assert.NoError(t, err) assert.Equalf(t, 200, code, "Response body: \n%v\n", resp) err = helper.CompareResponse(resp, helper.KeyModels{"user": newUser}) assert.NoError(t, err) // modify Admin's name (ILLEGAL) modRequest = UserRequest{Username: "myNewName"} newUser.Username = modRequest.Username code, resp, err = helper.TestEndpoint(router, token, "/api/v2/users/1", "PUT", helper.KeyModels{"user": modRequest}) assert.NoError(t, err) assert.Equalf(t, 403, code, "Response body: \n%v\n", resp) // modify newUser's own email modRequest = UserRequest{Mail: "my@new.email"} newUser.Mail = modRequest.Mail code, resp, err = helper.TestEndpoint(router, token, fmt.Sprintf("/api/v2/users/%v", newUserID), "PUT", helper.KeyModels{"user": modRequest}) assert.NoError(t, err) assert.Equalf(t, 200, code, "Response body: \n%v\n", resp) err = helper.CompareResponse(resp, helper.KeyModels{"user": newUser}) assert.NoError(t, err) // modify Admin's own email (ILLEGAL) modRequest = UserRequest{Mail: "my@new.email"} newUser.Mail = modRequest.Mail code, resp, err = helper.TestEndpoint(router, token, "/api/v2/users/1", "PUT", helper.KeyModels{"user": modRequest}) assert.NoError(t, err) assert.Equalf(t, 403, code, "Response body: \n%v\n", resp) // modify newUser's role (ILLEGAL) modRequest = UserRequest{Role: "Admin"} newUser.Role = modRequest.Role code, resp, err = helper.TestEndpoint(router, token, fmt.Sprintf("/api/v2/users/%v", newUserID), "PUT", helper.KeyModels{"user": modRequest}) assert.NoError(t, err) assert.Equalf(t, 403, code, "Response body: \n%v\n", resp) // modify newUser's password without providing old password modRequest = UserRequest{ Password: "5tr0ng_pw!", } code, resp, err = helper.TestEndpoint(router, token, fmt.Sprintf("/api/v2/users/%v", newUserID), "PUT", helper.KeyModels{"user": modRequest}) assert.NoError(t, err) assert.Equalf(t, 400, code, "Response body: \n%v\n", resp) // modify newUser's password with wring old password modRequest = UserRequest{ Password: "5tr0ng_pw!", OldPassword: "wrongoldpassword", } code, resp, err = helper.TestEndpoint(router, token, fmt.Sprintf("/api/v2/users/%v", newUserID), "PUT", helper.KeyModels{"user": modRequest}) assert.NoError(t, err) assert.Equalf(t, 403, code, "Response body: \n%v\n", resp) // modify newUser's password modRequest = UserRequest{ Password: "5tr0ng_pw!", OldPassword: "mod_My5elf", } code, resp, err = helper.TestEndpoint(router, token, fmt.Sprintf("/api/v2/users/%v", newUserID), "PUT", helper.KeyModels{"user": modRequest}) assert.NoError(t, err) assert.Equalf(t, 200, code, "Response body: \n%v\n", resp) // try to login as newUser with the modified username and password token, err = helper.AuthenticateForTest(router, UserRequest{ Username: newUser.Username, Password: modRequest.Password, }) assert.NoError(t, err) // modify Admin's password (ILLEGAL) modRequest = UserRequest{Password: "4dm1ns_pw!"} code, resp, err = helper.TestEndpoint(router, token, "/api/v2/users/1", "PUT", helper.KeyModels{"user": modRequest}) assert.NoError(t, err) assert.Equalf(t, 403, code, "Response body: \n%v\n", resp) } func TestInvalidUserUpdate(t *testing.T) { database.DropTables() database.MigrateModels() err, adminpw := database.DBAddAdminUser(configuration.GlobalConfig) assert.NoError(t, err) // authenticate as admin token, err := helper.AuthenticateForTest(router, helper.Credentials{Username: "admin", Password: adminpw}) assert.NoError(t, err) // Add a user newUser := UserRequest{ Username: "invalidUpdatedUser", Password: "wr0ng_Upd@te!", Mail: "inv@user.upd", Role: "User", } code, resp, err := helper.TestEndpoint(router, token, "/api/v2/users", "POST", helper.KeyModels{"user": newUser}) assert.NoError(t, err) assert.Equalf(t, 200, code, "Response body: \n%v\n", resp) newUserID, err := helper.GetResponseID(resp) assert.NoError(t, err) // try PUT with userID that does not exist // should result in not found modRequest := UserRequest{ Password: "longenough", } code, resp, err = helper.TestEndpoint(router, token, fmt.Sprintf("/api/v2/users/%v", newUserID+1), "PUT", helper.KeyModels{"user": modRequest}) assert.NoError(t, err) assert.Equalf(t, 404, code, "Response body: \n%v\n", resp) // try to PUT with username that is already taken // should result in bad request modRequest.Password = "" modRequest.Username = "admin" code, resp, err = helper.TestEndpoint(router, token, fmt.Sprintf("/api/v2/users/%v", newUserID), "PUT", helper.KeyModels{"user": modRequest}) assert.NoError(t, err) assert.Equalf(t, 400, code, "Response body: \n%v\n", resp) // modify newUser's password with INVALID password modRequest.Password = "short" code, resp, err = helper.TestEndpoint(router, token, fmt.Sprintf("/api/v2/users/%v", newUserID), "PUT", helper.KeyModels{"user": modRequest}) assert.NoError(t, err) assert.Equalf(t, 400, code, "Response body: \n%v\n", resp) // modify newUser's email with INVALID email modRequest = UserRequest{Mail: "notEmail"} code, resp, err = helper.TestEndpoint(router, token, fmt.Sprintf("/api/v2/users/%v", newUserID), "PUT", helper.KeyModels{"user": modRequest}) assert.NoError(t, err) assert.Equalf(t, 400, code, "Response body: \n%v\n", resp) // modify newUser's role with INVALID role modRequest = UserRequest{Role: "noRole"} code, resp, err = helper.TestEndpoint(router, token, fmt.Sprintf("/api/v2/users/%v", newUserID), "PUT", helper.KeyModels{"user": modRequest}) assert.NoError(t, err) assert.Equalf(t, 400, code, "Response body: \n%v\n", resp) } func TestModifyAddedUserAsAdmin(t *testing.T) { database.DropTables() database.MigrateModels() err, adminpw := database.DBAddAdminUser(configuration.GlobalConfig) assert.NoError(t, err) // authenticate as admin token, err := helper.AuthenticateForTest(router, helper.Credentials{Username: "admin", Password: adminpw}) assert.NoError(t, err) // Add a user newUser := UserRequest{ Username: "modAddedUser", Password: "mod_4d^2ed_0ser", Mail: "mod@added.user", Role: "User", } code, resp, err := helper.TestEndpoint(router, token, "/api/v2/users", "POST", helper.KeyModels{"user": newUser}) assert.NoError(t, err) assert.Equalf(t, 200, code, "Response body: \n%v\n", resp) newUserID, err := helper.GetResponseID(resp) assert.NoError(t, err) // Turn password member of newUser to empty string so it is omitted // in marshaling. The password will never be included in the // response and if is non empty in request we will not be able to do // request-response comparison newUser.Password = "" // modify newUser's name modRequest := UserRequest{Username: "NewUsername"} newUser.Username = modRequest.Username code, resp, err = helper.TestEndpoint(router, token, fmt.Sprintf("/api/v2/users/%v", newUserID), "PUT", helper.KeyModels{"user": modRequest}) assert.NoError(t, err) assert.Equalf(t, 200, code, "Response body: \n%v\n", resp) err = helper.CompareResponse(resp, helper.KeyModels{"user": newUser}) assert.NoError(t, err) // modify newUser's email modRequest = UserRequest{Mail: "new@e.mail"} newUser.Mail = modRequest.Mail code, resp, err = helper.TestEndpoint(router, token, fmt.Sprintf("/api/v2/users/%v", newUserID), "PUT", helper.KeyModels{"user": modRequest}) assert.NoError(t, err) assert.Equalf(t, 200, code, "Response body: \n%v\n", resp) err = helper.CompareResponse(resp, helper.KeyModels{"user": newUser}) assert.NoError(t, err) // modify newUser's role modRequest = UserRequest{Role: "Admin"} newUser.Role = modRequest.Role code, resp, err = helper.TestEndpoint(router, token, fmt.Sprintf("/api/v2/users/%v", newUserID), "PUT", helper.KeyModels{"user": modRequest}) assert.NoError(t, err) assert.Equalf(t, 200, code, "Response body: \n%v\n", resp) err = helper.CompareResponse(resp, helper.KeyModels{"user": newUser}) assert.NoError(t, err) // modify newUser's password, should not work without admin password modRequest = UserRequest{ Password: "4_g00d_pw!", } code, resp, err = helper.TestEndpoint(router, token, fmt.Sprintf("/api/v2/users/%v", newUserID), "PUT", helper.KeyModels{"user": modRequest}) assert.NoError(t, err) assert.Equalf(t, 400, code, "Response body: \n%v\n", resp) // modify newUser's password, requires admin password modRequest = UserRequest{ Password: "4_g00d_pw!", OldPassword: adminpw, } code, resp, err = helper.TestEndpoint(router, token, fmt.Sprintf("/api/v2/users/%v", newUserID), "PUT", helper.KeyModels{"user": modRequest}) assert.NoError(t, err) assert.Equalf(t, 200, code, "Response body: \n%v\n", resp) // try to login as newUser with the modified username and password _, err = helper.AuthenticateForTest(router, UserRequest{ Username: newUser.Username, Password: modRequest.Password, }) assert.NoError(t, err) // authenticate as admin token, err = helper.AuthenticateForTest(router, helper.Credentials{Username: "admin", Password: adminpw}) assert.NoError(t, err) // modify newUser's Active status modRequest = UserRequest{Active: "no"} code, resp, err = helper.TestEndpoint(router, token, fmt.Sprintf("/api/v2/users/%v", newUserID), "PUT", helper.KeyModels{"user": modRequest}) assert.NoError(t, err) assert.Equalf(t, 200, code, "Response body: \n%v\n", resp) // try to login as newUser with the modified active status // should NOT work anymore! code, resp, err = helper.TestEndpoint(router, token, "/api/v2/authenticate", "POST", UserRequest{ Username: newUser.Username, Password: "4_g00d_pw!", }) assert.NoError(t, err) assert.Equalf(t, 401, code, "Response body: \n%v\n", resp) } func TestDeleteUser(t *testing.T) { database.DropTables() database.MigrateModels() err, adminpw := database.DBAddAdminUser(configuration.GlobalConfig) assert.NoError(t, err) // authenticate as admin token, err := helper.AuthenticateForTest(router, helper.Credentials{Username: "admin", Password: adminpw}) assert.NoError(t, err) // Add a user newUser := UserRequest{ Username: "toBeDeletedUser", Password: "f0r_deletIOn_0ser", Mail: "to@be.deleted", Role: "User", } code, resp, err := helper.TestEndpoint(router, token, "/api/v2/users", "POST", helper.KeyModels{"user": newUser}) assert.NoError(t, err) assert.Equalf(t, 200, code, "Response body: \n%v\n", resp) newUserID, err := helper.GetResponseID(resp) assert.NoError(t, err) // try to DELETE with invalid ID // should result in bad request code, resp, err = helper.TestEndpoint(router, token, fmt.Sprintf("/api/v2/users/bla"), "DELETE", nil) assert.NoError(t, err) assert.Equalf(t, 400, code, "Response body: \n%v\n", resp) // try to DELETE with ID that does not exist // should result in not found code, resp, err = helper.TestEndpoint(router, token, fmt.Sprintf("/api/v2/users/%v", newUserID+1), "DELETE", nil) assert.NoError(t, err) assert.Equalf(t, 404, code, "Response body: \n%v\n", resp) // Count the number of all the users returned initialNumber, err := helper.LengthOfResponse(router, token, "/api/v2/users", "GET", nil) assert.NoError(t, err) // Delete the added newUser code, resp, err = helper.TestEndpoint(router, token, fmt.Sprintf("/api/v2/users/%v", newUserID), "DELETE", nil) assert.NoError(t, err) assert.Equalf(t, 200, code, "Response body: \n%v\n", resp) // Again count the number of all the users returned finalNumber, err := helper.LengthOfResponse(router, token, "/api/v2/users", "GET", nil) assert.NoError(t, err) assert.Equal(t, finalNumber, initialNumber-1) }