From c533bf71835c36056eba38f80cfabcba293922ac Mon Sep 17 00:00:00 2001
From: Matthew R Kasun <mkasun@nusak.ca>
Date: Fri, 30 Apr 2021 11:30:19 -0400
Subject: [PATCH] updated test/user tests

---
 controllers/userHttpController.go      | 20 ++++++--------
 controllers/userHttpController_test.go | 22 +++++++++-------
 test/user_test.go                      | 36 +++++++++++++++++---------
 3 files changed, 45 insertions(+), 33 deletions(-)

diff --git a/controllers/userHttpController.go b/controllers/userHttpController.go
index 72332765..ab7fcd00 100644
--- a/controllers/userHttpController.go
+++ b/controllers/userHttpController.go
@@ -50,13 +50,13 @@ func authenticateUser(response http.ResponseWriter, request *http.Request) {
 
 	jwt, err := VerifyAuthRequest(authRequest)
 	if err != nil {
-		errorResponse.Code = http.StatusBadRequest
-		errorResponse.Message = err.Error()
-		returnErrorResponse(response, request, errorResponse)
+		returnErrorResponse(response, request, formatError(err, "badrequest"))
+		return
 	}
 
 	if jwt == "" {
-		returnErrorResponse(response, request, errorResponse)
+		//very unlikely that err is !nil and no jwt returned, but handle it anyways.
+		returnErrorResponse(response, request, formatError(errors.New("No token returned"), "internal"))
 		return
 	}
 
@@ -122,18 +122,13 @@ func VerifyAuthRequest(authRequest models.UserAuthParams) (string, error) {
 //TODO: Consider better RBAC implementations
 func authorizeUser(next http.Handler) http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
-
-		var errorResponse = models.ErrorResponse{
-			Code: http.StatusInternalServerError, Message: "W1R3: It's not you it's me.",
-		}
-
 		w.Header().Set("Content-Type", "application/json")
 
 		//get the auth token
 		bearerToken := r.Header.Get("Authorization")
 		err := ValidateToken(bearerToken)
 		if err != nil {
-			returnErrorResponse(w, r, errorResponse)
+			returnErrorResponse(w, r, formatError(err, "unauthorized"))
 			return
 		}
 		next.ServeHTTP(w, r)
@@ -286,8 +281,9 @@ func createAdmin(w http.ResponseWriter, r *http.Request) {
 	_ = json.NewDecoder(r.Body).Decode(&admin)
 
 	admin, err := CreateUser(admin)
+
 	if err != nil {
-		json.NewEncoder(w).Encode(err)
+		returnErrorResponse(w, r, formatError(err, "badrequest"))
 		return
 	}
 
@@ -377,7 +373,7 @@ func updateUser(w http.ResponseWriter, r *http.Request) {
 	user, err = UpdateUser(userchange, user)
 
 	if err != nil {
-		json.NewEncoder(w).Encode(err)
+		returnErrorResponse(w, r, formatError(err, "badrequest"))
 		return
 	}
 
diff --git a/controllers/userHttpController_test.go b/controllers/userHttpController_test.go
index 659b33a6..ddfc9609 100644
--- a/controllers/userHttpController_test.go
+++ b/controllers/userHttpController_test.go
@@ -31,7 +31,7 @@ func TestMain(m *testing.M) {
 func TestHasAdmin(t *testing.T) {
 	_, err := DeleteUser("admin")
 	assert.Nil(t, err)
-	user := models.User{"admin", "admin", true}
+	user := models.User{"admin", "password", true}
 	_, err = CreateUser(user)
 	assert.Nil(t, err, err)
 	t.Run("AdminExists", func(t *testing.T) {
@@ -49,7 +49,7 @@ func TestHasAdmin(t *testing.T) {
 }
 
 func TestCreateUser(t *testing.T) {
-	user := models.User{"admin", "admin", true}
+	user := models.User{"admin", "password", true}
 	t.Run("NoUser", func(t *testing.T) {
 		_, err := DeleteUser("admin")
 		assert.Nil(t, err, err)
@@ -68,7 +68,7 @@ func TestDeleteUser(t *testing.T) {
 	hasadmin, err := HasAdmin()
 	assert.Nil(t, err, err)
 	if !hasadmin {
-		user := models.User{"admin", "admin", true}
+		user := models.User{"admin", "pasword", true}
 		_, err := CreateUser(user)
 		assert.Nil(t, err, err)
 	}
@@ -95,7 +95,7 @@ func TestValidateUser(t *testing.T) {
 	})
 	t.Run("ValidUpdate", func(t *testing.T) {
 		user.UserName = "admin"
-		user.Password = "admin"
+		user.Password = "password"
 		err := ValidateUser("update", user)
 		assert.Nil(t, err, err)
 	})
@@ -122,10 +122,14 @@ func TestValidateUser(t *testing.T) {
 }
 
 func TestGetUser(t *testing.T) {
-	user := models.User{"admin", "admin", true}
 	t.Run("UserExisits", func(t *testing.T) {
-		_, err := CreateUser(user)
+		user := models.User{"admin", "password", true}
+		hasadmin, err := HasAdmin()
 		assert.Nil(t, err, err)
+		if !hasadmin {
+			_, err := CreateUser(user)
+			assert.Nil(t, err, err)
+		}
 		admin, err := GetUser("admin")
 		assert.Nil(t, err, err)
 		assert.Equal(t, user.UserName, admin.UserName)
@@ -140,7 +144,7 @@ func TestGetUser(t *testing.T) {
 }
 
 func TestUpdateUser(t *testing.T) {
-	user := models.User{"admin", "admin", true}
+	user := models.User{"admin", "password", true}
 	newuser := models.User{"hello", "world", true}
 	t.Run("UserExisits", func(t *testing.T) {
 		_, err := DeleteUser("admin")
@@ -220,7 +224,7 @@ func TestVerifyAuthRequest(t *testing.T) {
 	})
 	t.Run("WrongPassword", func(t *testing.T) {
 		_, err := DeleteUser("admin")
-		user := models.User{"admin", "admin", true}
+		user := models.User{"admin", "password", true}
 		_, err = CreateUser(user)
 		assert.Nil(t, err)
 		authRequest := models.UserAuthParams{"admin", "badpass"}
@@ -230,7 +234,7 @@ func TestVerifyAuthRequest(t *testing.T) {
 		assert.Equal(t, "Wrong Password", err.Error())
 	})
 	t.Run("Success", func(t *testing.T) {
-		authRequest := models.UserAuthParams{"admin", "admin"}
+		authRequest := models.UserAuthParams{"admin", "password"}
 		jwt, err := VerifyAuthRequest(authRequest)
 		assert.Nil(t, err, err)
 		assert.NotNil(t, jwt)
diff --git a/test/user_test.go b/test/user_test.go
index 3b019b04..740c2d0e 100644
--- a/test/user_test.go
+++ b/test/user_test.go
@@ -2,6 +2,7 @@ package main
 
 import (
 	"encoding/json"
+	"io/ioutil"
 	"net/http"
 	"testing"
 
@@ -38,11 +39,9 @@ func TestAdminCreation(t *testing.T) {
 		var message models.ErrorResponse
 		err = json.NewDecoder(response.Body).Decode(&message)
 		assert.Nil(t, err, err)
-		assert.Equal(t, http.StatusUnauthorized, response.StatusCode)
-		assert.Equal(t, http.StatusUnauthorized, message.Code)
-		assert.Equal(t, "W1R3: Admin already exists! ", message.Message)
+		assert.Equal(t, http.StatusBadRequest, response.StatusCode)
+		assert.Equal(t, "Admin already Exists", message.Message)
 	})
-
 }
 
 func TestGetUser(t *testing.T) {
@@ -70,12 +69,13 @@ func TestGetUser(t *testing.T) {
 		assert.Nil(t, err, err)
 		assert.Equal(t, http.StatusUnauthorized, response.StatusCode)
 		assert.Equal(t, http.StatusUnauthorized, message.Code)
-		assert.Equal(t, "W1R3: Error Verifying Auth Token.", message.Message)
+		assert.Equal(t, "Error Verifying Auth Token", message.Message)
 
 	})
 }
 
 func TestUpdateUser(t *testing.T) {
+	deleteAdmin(t)
 	if !adminExists(t) {
 		addAdmin(t)
 	}
@@ -92,7 +92,7 @@ func TestUpdateUser(t *testing.T) {
 		defer response.Body.Close()
 		err = json.NewDecoder(response.Body).Decode(&message)
 		assert.Nil(t, err, err)
-		assert.Equal(t, "W1R3: Error Verifying Auth Token.", message.Message)
+		assert.Equal(t, "Error Verifying Auth Token", message.Message)
 		assert.Equal(t, http.StatusUnauthorized, response.StatusCode)
 	})
 	t.Run("UpdateSuccess", func(t *testing.T) {
@@ -107,6 +107,18 @@ func TestUpdateUser(t *testing.T) {
 		assert.Equal(t, true, user.IsAdmin)
 		assert.Equal(t, http.StatusOK, response.StatusCode)
 	})
+	t.Run("ShortPassword", func(t *testing.T) {
+		admin.UserName = "user"
+		admin.Password = "123"
+		response, err := api(t, admin, http.MethodPut, "http://localhost:8081/api/users/admin", token)
+		assert.Nil(t, err, err)
+		defer response.Body.Close()
+		message, err := ioutil.ReadAll(response.Body)
+		assert.Nil(t, err, err)
+		assert.Contains(t, string(message), "Field validation for 'Password' failed")
+		assert.Equal(t, http.StatusBadRequest, response.StatusCode)
+	})
+
 }
 
 func TestDeleteUser(t *testing.T) {
@@ -123,7 +135,7 @@ func TestDeleteUser(t *testing.T) {
 		assert.Equal(t, http.StatusUnauthorized, response.StatusCode)
 		var message models.ErrorResponse
 		json.NewDecoder(response.Body).Decode(&message)
-		assert.Equal(t, "W1R3: Error Verifying Auth Token.", message.Message)
+		assert.Equal(t, "Error Verifying Auth Token", message.Message)
 		assert.Equal(t, http.StatusUnauthorized, response.StatusCode)
 	})
 	t.Run("DeleteUser-ValidCredentials", func(t *testing.T) {
@@ -155,7 +167,7 @@ func TestAuthenticateUser(t *testing.T) {
 			password:      "password",
 			code:          http.StatusBadRequest,
 			tokenExpected: false,
-			errMessage:    "W1R3: User invaliduser not found.",
+			errMessage:    "User invaliduser not found",
 		},
 		AuthorizeTestCase{
 			testname:      "empty user",
@@ -163,7 +175,7 @@ func TestAuthenticateUser(t *testing.T) {
 			password:      "password",
 			code:          http.StatusBadRequest,
 			tokenExpected: false,
-			errMessage:    "W1R3: Username can't be empty",
+			errMessage:    "Username can't be empty",
 		},
 		AuthorizeTestCase{
 			testname:      "empty password",
@@ -171,15 +183,15 @@ func TestAuthenticateUser(t *testing.T) {
 			password:      "",
 			code:          http.StatusBadRequest,
 			tokenExpected: false,
-			errMessage:    "W1R3: Password can't be empty",
+			errMessage:    "Password can't be empty",
 		},
 		AuthorizeTestCase{
 			testname:      "Invalid Password",
 			name:          "admin",
 			password:      "xxxxxxx",
-			code:          http.StatusUnauthorized,
+			code:          http.StatusBadRequest,
 			tokenExpected: false,
-			errMessage:    "W1R3: Wrong Password.",
+			errMessage:    "Wrong Password",
 		},
 		AuthorizeTestCase{
 			testname:      "Valid User",