search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Bug 25898: Prohibit indirect object notation
[koha.git] / t / db_dependent / api / v1 / smtp_servers.t
blob79c6d59aa26a3b36ca2b752649467d792af899ec
1 #!/usr/bin/env perl
2
3 # This file is part of Koha.
4 #
5 # Koha is free software; you can redistribute it and/or modify it
6 # under the terms of the GNU General Public License as published by
7 # the Free Software Foundation; either version 3 of the License, or
8 # (at your option) any later version.
9 #
10 # Koha is distributed in the hope that it will be useful, but
11 # WITHOUT ANY WARRANTY; without even the implied warranty of
12 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 # GNU General Public License for more details.
14 #
15 # You should have received a copy of the GNU General Public License
16 # along with Koha; if not, see <http://www.gnu.org/licenses>.
17
18 use Modern::Perl;
19
20 use Test::More tests => 5;
21 use Test::Mojo;
22
23 use t::lib::TestBuilder;
24 use t::lib::Mocks;
25
26 use Koha::SMTP::Servers;
27 use Koha::Database;
28
29 my $schema = Koha::Database->new->schema;
30 my $builder = t::lib::TestBuilder->new;
31
32 my $t = Test::Mojo->new('Koha::REST::V1');
33 t::lib::Mocks::mock_preference( 'RESTBasicAuth', 1 );
34
35 subtest 'list() tests' => sub {
36
37 plan tests => 11;
38
39 $schema->storage->txn_begin;
40
41 Koha::SMTP::Servers->search->delete;
42
43 my $librarian = $builder->build_object(
44 {
45 class => 'Koha::Patrons',
46 value => { flags => 3**2 } # parameters flag = 3
47 }
48 );
49 my $password = 'thePassword123';
50 $librarian->set_password( { password => $password, skip_validation => 1 } );
51 my $userid = $librarian->userid;
52
53 my $patron = $builder->build_object(
54 {
55 class => 'Koha::Patrons',
56 value => { flags => 0 }
57 }
58 );
59
60 $patron->set_password( { password => $password, skip_validation => 1 } );
61 my $unauth_userid = $patron->userid;
62
63 ## Authorized user tests
64 # No SMTP servers, so empty array should be returned
65 $t->get_ok("//$userid:$password@/api/v1/config/smtp_servers")
66 ->status_is(200)->json_is( [] );
67
68 my $smtp_server =
69 $builder->build_object( { class => 'Koha::SMTP::Servers' } );
70
71 # One city created, should get returned
72 $t->get_ok("//$userid:$password@/api/v1/config/smtp_servers")
73 ->status_is(200)->json_is( [ $smtp_server->to_api ] );
74
75 my $another_smtp_server =
76 $builder->build_object( { class => 'Koha::SMTP::Servers' } );
77
78 # Two SMTP servers created, they should both be returned
79 $t->get_ok("//$userid:$password@/api/v1/config/smtp_servers")
80 ->status_is(200)
81 ->json_is( [ $smtp_server->to_api, $another_smtp_server->to_api, ] );
82
83 # Unauthorized access
84 $t->get_ok("//$unauth_userid:$password@/api/v1/config/smtp_servers")
85 ->status_is(403);
86
87 $schema->storage->txn_rollback;
88 };
89
90 subtest 'get() tests' => sub {
91
92 plan tests => 8;
93
94 $schema->storage->txn_begin;
95
96 my $smtp_server =
97 $builder->build_object( { class => 'Koha::SMTP::Servers' } );
98 my $librarian = $builder->build_object(
99 {
100 class => 'Koha::Patrons',
101 value => { flags => 3**2 } # parameters flag = 3
102 }
103 );
104 my $password = 'thePassword123';
105 $librarian->set_password( { password => $password, skip_validation => 1 } );
106 my $userid = $librarian->userid;
107
108 my $patron = $builder->build_object(
109 {
110 class => 'Koha::Patrons',
111 value => { flags => 0 }
112 }
113 );
114
115 $patron->set_password( { password => $password, skip_validation => 1 } );
116 my $unauth_userid = $patron->userid;
117
118 $t->get_ok(
119 "//$userid:$password@/api/v1/config/smtp_servers/" . $smtp_server->id )
120 ->status_is(200)->json_is( $smtp_server->to_api );
121
122 $t->get_ok( "//$unauth_userid:$password@/api/v1/config/smtp_servers/"
123 . $smtp_server->id )->status_is(403);
124
125 my $smtp_server_to_delete =
126 $builder->build_object( { class => 'Koha::SMTP::Servers' } );
127 my $non_existent_id = $smtp_server_to_delete->id;
128 $smtp_server_to_delete->delete;
129
130 $t->get_ok(
131 "//$userid:$password@/api/v1/config/smtp_servers/$non_existent_id")
132 ->status_is(404)->json_is( '/error' => 'SMTP server not found' );
133
134 $schema->storage->txn_rollback;
135 };
136
137 subtest 'add() tests' => sub {
138
139 plan tests => 18;
140
141 $schema->storage->txn_begin;
142
143 Koha::SMTP::Servers->search->delete;
144
145 my $librarian = $builder->build_object(
146 {
147 class => 'Koha::Patrons',
148 value => { flags => 3**2 } # parameters flag = 3
149 }
150 );
151 my $password = 'thePassword123';
152 $librarian->set_password( { password => $password, skip_validation => 1 } );
153 my $userid = $librarian->userid;
154
155 my $patron = $builder->build_object(
156 {
157 class => 'Koha::Patrons',
158 value => { flags => 0 }
159 }
160 );
161
162 $patron->set_password( { password => $password, skip_validation => 1 } );
163 my $unauth_userid = $patron->userid;
164
165 my $smtp_server =
166 $builder->build_object( { class => 'Koha::SMTP::Servers' } );
167 my $smtp_server_data = $smtp_server->to_api;
168 delete $smtp_server_data->{smtp_server_id};
169 $smtp_server->delete;
170
171 # Unauthorized attempt to write
172 $t->post_ok(
173 "//$unauth_userid:$password@/api/v1/config/smtp_servers" => json =>
174 $smtp_server_data )->status_is(403);
175
176 # Authorized attempt to write invalid data
177 my $smtp_server_with_invalid_field = {
178 name => 'Some other server',
179 blah => 'blah'
180 };
181
182 $t->post_ok( "//$userid:$password@/api/v1/config/smtp_servers" => json =>
183 $smtp_server_with_invalid_field )->status_is(400)->json_is(
184 "/errors" => [
185 {
186 message => "Properties not allowed: blah.",
187 path => "/body"
188 }
189 ]
190 );
191
192 # Authorized attempt to write
193 my $smtp_server_id =
194 $t->post_ok( "//$userid:$password@/api/v1/config/smtp_servers" => json =>
195 $smtp_server_data )->status_is( 201, 'SWAGGER3.2.1' )->header_like(
196 Location => qr|^\/api\/v1\/config\/smtp_servers\/\d*|,
197 'SWAGGER3.4.1'
198 )->json_is( '/name' => $smtp_server_data->{name} )
199 ->json_is( '/state' => $smtp_server_data->{state} )
200 ->json_is( '/postal_code' => $smtp_server_data->{postal_code} )
201 ->json_is( '/country' => $smtp_server_data->{country} )
202 ->tx->res->json->{smtp_server_id};
203
204 # Authorized attempt to create with null id
205 $smtp_server_data->{smtp_server_id} = undef;
206 $t->post_ok( "//$userid:$password@/api/v1/config/smtp_servers" => json =>
207 $smtp_server_data )->status_is(400)->json_has('/errors');
208
209 # Authorized attempt to create with existing id
210 $smtp_server_data->{smtp_server_id} = $smtp_server_id;
211 $t->post_ok( "//$userid:$password@/api/v1/config/smtp_servers" => json =>
212 $smtp_server_data )->status_is(400)->json_is(
213 "/errors" => [
214 {
215 message => "Read-only.",
216 path => "/body/smtp_server_id"
217 }
218 ]
219 );
220
221 $schema->storage->txn_rollback;
222 };
223
224 subtest 'update() tests' => sub {
225
226 plan tests => 15;
227
228 $schema->storage->txn_begin;
229
230 my $librarian = $builder->build_object(
231 {
232 class => 'Koha::Patrons',
233 value => { flags => 3**2 } # parameters flag = 3
234 }
235 );
236 my $password = 'thePassword123';
237 $librarian->set_password( { password => $password, skip_validation => 1 } );
238 my $userid = $librarian->userid;
239
240 my $patron = $builder->build_object(
241 {
242 class => 'Koha::Patrons',
243 value => { flags => 0 }
244 }
245 );
246
247 $patron->set_password( { password => $password, skip_validation => 1 } );
248 my $unauth_userid = $patron->userid;
249
250 my $smtp_server_id =
251 $builder->build_object( { class => 'Koha::SMTP::Servers' } )->id;
252
253 # Unauthorized attempt to update
254 $t->put_ok(
255 "//$unauth_userid:$password@/api/v1/config/smtp_servers/$smtp_server_id"
256 => json => { name => 'New unauthorized name change' } )
257 ->status_is(403);
258
259 # Attempt partial update on a PUT
260 my $smtp_server_with_missing_field = {
261 host => 'localhost',
262 ssl_mode => 'disabled'
263 };
264
265 $t->put_ok(
266 "//$userid:$password@/api/v1/config/smtp_servers/$smtp_server_id" =>
267 json => $smtp_server_with_missing_field )->status_is(400)
268 ->json_is( "/errors" =>
269 [ { message => "Missing property.", path => "/body/name" } ] );
270
271 # Full object update on PUT
272 my $smtp_server_with_updated_field = { name => "Some name", };
273
274 $t->put_ok(
275 "//$userid:$password@/api/v1/config/smtp_servers/$smtp_server_id" =>
276 json => $smtp_server_with_updated_field )->status_is(200)
277 ->json_is( '/name' => 'Some name' );
278
279 # Authorized attempt to write invalid data
280 my $smtp_server_with_invalid_field = {
281 blah => "Blah",
282 name => 'Some name'
283 };
284
285 $t->put_ok(
286 "//$userid:$password@/api/v1/config/smtp_servers/$smtp_server_id" =>
287 json => $smtp_server_with_invalid_field )->status_is(400)->json_is(
288 "/errors" => [
289 {
290 message => "Properties not allowed: blah.",
291 path => "/body"
292 }
293 ]
294 );
295
296 my $smtp_server_to_delete =
297 $builder->build_object( { class => 'Koha::SMTP::Servers' } );
298 my $non_existent_id = $smtp_server_to_delete->id;
299 $smtp_server_to_delete->delete;
300
301 $t->put_ok(
302 "//$userid:$password@/api/v1/config/smtp_servers/$non_existent_id" =>
303 json => $smtp_server_with_updated_field )->status_is(404);
304
305 # Wrong method (POST)
306 $smtp_server_with_updated_field->{smtp_server_id} = 2;
307
308 $t->post_ok(
309 "//$userid:$password@/api/v1/config/smtp_servers/$smtp_server_id" =>
310 json => $smtp_server_with_updated_field )->status_is(404);
311
312 $schema->storage->txn_rollback;
313 };
314
315 subtest 'delete() tests' => sub {
316
317 plan tests => 7;
318
319 $schema->storage->txn_begin;
320
321 my $librarian = $builder->build_object(
322 {
323 class => 'Koha::Patrons',
324 value => { flags => 3**2 } # parameters flag = 3
325 }
326 );
327 my $password = 'thePassword123';
328 $librarian->set_password( { password => $password, skip_validation => 1 } );
329 my $userid = $librarian->userid;
330
331 my $patron = $builder->build_object(
332 {
333 class => 'Koha::Patrons',
334 value => { flags => 0 }
335 }
336 );
337
338 $patron->set_password( { password => $password, skip_validation => 1 } );
339 my $unauth_userid = $patron->userid;
340
341 my $smtp_server_id =
342 $builder->build_object( { class => 'Koha::SMTP::Servers' } )->id;
343
344 # Unauthorized attempt to delete
345 $t->delete_ok(
346 "//$unauth_userid:$password@/api/v1/config/smtp_servers/$smtp_server_id"
347 )->status_is(403);
348
349 $t->delete_ok(
350 "//$userid:$password@/api/v1/config/smtp_servers/$smtp_server_id")
351 ->status_is( 204, 'SWAGGER3.2.4' )->content_is( '', 'SWAGGER3.3.4' );
352
353 $t->delete_ok(
354 "//$userid:$password@/api/v1/config/smtp_servers/$smtp_server_id")
355 ->status_is(404);
356
357 $schema->storage->txn_rollback;
358 };
Koha ILS