From 9b54276e8c3ddf4004207c1a92801b688541428c Mon Sep 17 00:00:00 2001 From: Derf Null Date: Mon, 26 Jun 2023 17:40:23 +0200 Subject: [PATCH] add visibility and share token test --- t/22-visibility.t | 427 ++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 427 insertions(+) create mode 100644 t/22-visibility.t diff --git a/t/22-visibility.t b/t/22-visibility.t new file mode 100644 index 0000000..6e3fd38 --- /dev/null +++ b/t/22-visibility.t @@ -0,0 +1,427 @@ +#!/usr/bin/env perl + +# Copyright (C) 2023 Birthe Friesel +# +# SPDX-License-Identifier: MIT + +use Mojo::Base -strict; + +# Tests journey entry and statistics + +use Test::More; +use Test::Mojo; + +use Crypt::Eksblowfish::Bcrypt qw(bcrypt en_base64); +use DateTime; +use Travel::Status::DE::IRIS::Result; + +# Include application +use FindBin; +require "$FindBin::Bin/../index.pl"; + +my $t = Test::Mojo->new('Travelynx'); + +if ( not $t->app->config->{db} ) { + plan( skip_all => 'No database configured' ); +} + +$t->app->pg->db->query('drop schema if exists travelynx_test_22 cascade'); +$t->app->pg->db->query('create schema travelynx_test_22'); +$t->app->pg->db->query('set search_path to travelynx_test_22'); +$t->app->pg->on( + connection => sub { + my ( $pg, $dbh ) = @_; + $dbh->do('set search_path to travelynx_test_22'); + } +); + +$t->app->config->{mail}->{disabled} = 1; + +$t->app->start( 'database', 'migrate' ); + +my $u = $t->app->users; + +sub hash_password { + my ($password) = @_; + my @salt_bytes = map { int( rand(255) ) + 1 } ( 1 .. 16 ); + my $salt = en_base64( pack( 'C[16]', @salt_bytes ) ); + + return bcrypt( substr( $password, 0, 10000 ), '$2a$12$' . $salt ); +} + +sub login { + my %opt = @_; + my $csrf_token + = $t->ua->get('/login')->res->dom->at('input[name=csrf_token]') + ->attr('value'); + $t->post_ok( + '/login' => form => { + csrf_token => $csrf_token, + user => $opt{user}, + password => $opt{password}, + } + ); + $t->status_is(302)->header_is( location => '/' ); +} + +sub logout { + my $csrf_token + = $t->ua->get('/account')->res->dom->at('input[name=csrf_token]') + ->attr('value'); + $t->post_ok( + '/logout' => form => { + csrf_token => $csrf_token, + } + ); + $t->status_is(302)->header_is( location => '/login' ); +} + +sub test_visibility { + my %opt = @_; + + if ( $opt{set_default_visibility} ) { + my %p = %{ $u->get_privacy_by( uid => $opt{uid} ) }; + $p{default_visibility} = $opt{set_default_visibility}; + $u->set_privacy( + uid => $opt{uid}, + %p + ); + } + + if ( $opt{set_visibility} ) { + $t->app->in_transit->update_visibility( + uid => $opt{uid}, + visibility => $opt{set_visibility} + ); + } + + my $status = $t->app->get_user_status( $opt{uid} ); + my $token + = $status->{sched_departure}->epoch + . q{?token=} + . $status->{dep_eva} . q{-} + . $status->{timestamp}->epoch % 337; + + is( $status->{visibility}, $opt{visibility} ); + is( $status->{visibility_str}, $opt{visibility_str} ); + is( $status->{effective_visibility}, $opt{effective_visibility} ); + is( $status->{effective_visibility_str}, $opt{effective_visibility_str} ); + + if ( $opt{public} ) { + $t->get_ok('/status/test1')->status_is(200)->content_like(qr{DPN 667}); + } + else { + $t->get_ok('/status/test1')->status_is(200) + ->content_like(qr{nicht eingecheckt}); + } + + if ( $opt{with_token} ) { + $t->get_ok("/status/test1/$token")->status_is(200) + ->content_like(qr{DPN 667}); + } + else { + $t->get_ok("/status/test1/$token")->status_is(200) + ->content_like(qr{nicht eingecheckt}); + } + + login( + user => 'test1', + password => 'password1' + ); + + # users can see their own status if visibility is >= followrs + if ( $opt{effective_visibility} >= 60 ) { + $t->get_ok('/status/test1')->status_is(200)->content_like(qr{DPN 667}); + } + else { + $t->get_ok('/status/test1')->status_is(200) + ->content_like(qr{nicht eingecheckt}); + } + + # users can see their own status with token if visibility is >= unlisted + if ( $opt{effective_visibility} >= 30 ) { + $t->get_ok("/status/test1/$token")->status_is(200) + ->content_like(qr{DPN 667}); + } + else { + $t->get_ok("/status/test1/$token")->status_is(200) + ->content_like(qr{nicht eingecheckt}); + } + + logout(); + login( + user => 'test2', + password => 'password2' + ); + + # uid2 can see uid1 if visibility is >= followers + if ( $opt{effective_visibility} >= 60 ) { + $t->get_ok('/status/test1')->status_is(200)->content_like(qr{DPN 667}); + } + else { + $t->get_ok('/status/test1')->status_is(200) + ->content_like(qr{nicht eingecheckt}); + } + + # uid2 can see uid1 with token if visibility is >= unlisted + if ( $opt{effective_visibility} >= 30 ) { + $t->get_ok("/status/test1/$token")->status_is(200) + ->content_like(qr{DPN 667}); + } + else { + $t->get_ok("/status/test1/$token")->status_is(200) + ->content_like(qr{nicht eingecheckt}); + } + + logout(); + login( + user => 'test3', + password => 'password3' + ); + + # uid3 can see uid1 if visibility is >= travelynx + if ( $opt{effective_visibility} >= 80 ) { + $t->get_ok('/status/test1')->status_is(200)->content_like(qr{DPN 667}); + } + else { + $t->get_ok('/status/test1')->status_is(200) + ->content_like(qr{nicht eingecheckt}); + } + + # uid3 can see uid1 with token if visibility is >= unlisted + if ( $opt{effective_visibility} >= 30 ) { + $t->get_ok("/status/test1/$token")->status_is(200) + ->content_like(qr{DPN 667}); + } + else { + $t->get_ok("/status/test1/$token")->status_is(200) + ->content_like(qr{nicht eingecheckt}); + } + + logout(); +} + +my $uid1 = $u->add( + name => 'test1', + email => 'test1@example.org', + token => 'abcd', + password_hash => hash_password('password1'), +); + +my $uid2 = $u->add( + name => 'test2', + email => 'test2@example.org', + token => 'efgh', + password_hash => hash_password('password2'), +); + +my $uid3 = $u->add( + name => 'test3', + email => 'test3@example.org', + token => 'ijkl', + password_hash => hash_password('password3'), +); + +$u->verify_registration_token( + uid => $uid1, + token => 'abcd' +); +$u->verify_registration_token( + uid => $uid2, + token => 'efgh' +); +$u->verify_registration_token( + uid => $uid3, + token => 'ijkl' +); + +$u->set_social( + uid => $uid1, + accept_follows => 1 +); +$u->set_social( + uid => $uid2, + accept_follows => 1 +); +$u->set_social( + uid => $uid3, + accept_follows => 1 +); + +$u->follow( + uid => $uid2, + target => $uid1 +); + +is( + $u->get_relation( + subject => $uid2, + object => $uid1 + ), + 'follows' +); +is( + $u->get_relation( + subject => $uid1, + object => $uid2 + ), + undef +); + +my $dep = DateTime->now; +my $arr = $dep->clone->add( hours => 1 ); +my $train_dep = Travel::Status::DE::IRIS::Result->new( + classes => 'N', + type => 'DPN', + train_no => '667', + raw_id => '1234-2306251312-1', + departure_ts => '2306251312', + platform => 8, + station => 'Aachen Hbf', + station_uic => 8000001, + route_post => 'Mainz Hbf|Aalen Hbf', +); +my $train_arr = Travel::Status::DE::IRIS::Result->new( + classes => 'N', + type => 'DPN', + train_no => '667', + raw_id => '1234-2306251312-3', + arrival_ts => '2306252000', + platform => 1, + station => 'Aalen Hbf', + station_uic => 8000002, + route_pre => 'Aachen Hbf|Mainz Hbf', +); +$t->app->in_transit->add( + uid => $uid1, + departure_eva => 8000001, + train => $train_dep, + route => [], +); +$t->app->in_transit->set_arrival_eva( + uid => $uid1, + arrival_eva => 8000002, +); + +test_visibility( + uid => $uid1, + visibility => undef, + visibility_str => 'default', + effective_visibility => 30, + effective_visibility_str => 'unlisted', + public => 0, + with_token => 1, +); + +test_visibility( + uid => $uid1, + set_default_visibility => 10, + visibility => undef, + visibility_str => 'default', + effective_visibility => 10, + effective_visibility_str => 'private', + public => 0, + with_token => 0, +); + +test_visibility( + uid => $uid1, + set_default_visibility => 30, + visibility => undef, + visibility_str => 'default', + effective_visibility => 30, + effective_visibility_str => 'unlisted', + public => 0, + with_token => 1, +); + +test_visibility( + uid => $uid1, + set_default_visibility => 60, + visibility => undef, + visibility_str => 'default', + effective_visibility => 60, + effective_visibility_str => 'followers', + public => 0, + with_token => 1, +); + +test_visibility( + uid => $uid1, + set_default_visibility => 80, + visibility => undef, + visibility_str => 'default', + effective_visibility => 80, + effective_visibility_str => 'travelynx', + public => 0, + with_token => 1, +); + +test_visibility( + uid => $uid1, + set_default_visibility => 100, + visibility => undef, + visibility_str => 'default', + effective_visibility => 100, + effective_visibility_str => 'public', + public => 1, + with_token => 1, +); + +test_visibility( + uid => $uid1, + set_visibility => 'private', + visibility => 10, + visibility_str => 'private', + effective_visibility => 10, + effective_visibility_str => 'private', + public => 0, + with_token => 0, +); + +test_visibility( + uid => $uid1, + set_visibility => 'unlisted', + visibility => 30, + visibility_str => 'unlisted', + effective_visibility => 30, + effective_visibility_str => 'unlisted', + public => 0, + with_token => 1, +); + +test_visibility( + uid => $uid1, + set_visibility => 'followers', + visibility => 60, + visibility_str => 'followers', + effective_visibility => 60, + effective_visibility_str => 'followers', + public => 0, + with_token => 1, +); + +test_visibility( + uid => $uid1, + set_visibility => 'travelynx', + visibility => 80, + visibility_str => 'travelynx', + effective_visibility => 80, + effective_visibility_str => 'travelynx', + public => 0, + with_token => 1, +); + +test_visibility( + uid => $uid1, + set_visibility => 'public', + visibility => 100, + visibility_str => 'public', + effective_visibility => 100, + effective_visibility_str => 'public', + public => 1, + with_token => 1, +); + +$t->app->pg->db->query('drop schema travelynx_test_22 cascade'); +done_testing();