sftpgo-mirror/httpd/internal_test.go

package httpd

import (
	"context"
	"fmt"
	"net/http"
	"net/http/httptest"
	"testing"
	"text/template"

	"github.com/drakkan/sftpgo/dataprovider"
	"github.com/go-chi/chi"
)

const (
	invalidURL  = "http://foo\x7f.com/"
	inactiveURL = "http://127.0.0.1:12345"
)

func TestGetRespStatus(t *testing.T) {
	var err error
	err = &dataprovider.MethodDisabledError{}
	respStatus := getRespStatus(err)
	if respStatus != http.StatusForbidden {
		t.Errorf("wrong resp status extected: %d got: %d", http.StatusForbidden, respStatus)
	}
	err = fmt.Errorf("generic error")
	respStatus = getRespStatus(err)
	if respStatus != http.StatusInternalServerError {
		t.Errorf("wrong resp status extected: %d got: %d", http.StatusInternalServerError, respStatus)
	}
}

func TestCheckResponse(t *testing.T) {
	err := checkResponse(http.StatusOK, http.StatusCreated)
	if err == nil {
		t.Errorf("check must fail")
	}
	err = checkResponse(http.StatusBadRequest, http.StatusBadRequest)
	if err != nil {
		t.Errorf("test must succeed, error: %v", err)
	}
}

func TestCheckUser(t *testing.T) {
	expected := dataprovider.User{}
	actual := dataprovider.User{}
	actual.Password = "password"
	err := checkUser(expected, actual)
	if err == nil {
		t.Errorf("actual password must be nil")
	}
	actual.Password = ""
	actual.PublicKeys = []string{"pub key"}
	err = checkUser(expected, actual)
	if err == nil {
		t.Errorf("actual public key must be nil")
	}
	actual.PublicKeys = []string{}
	err = checkUser(expected, actual)
	if err == nil {
		t.Errorf("actual ID must be > 0")
	}
	expected.ID = 1
	actual.ID = 2
	err = checkUser(expected, actual)
	if err == nil {
		t.Errorf("actual ID must be equal to expected ID")
	}
	expected.ID = 2
	actual.ID = 2
	expected.Permissions = []string{dataprovider.PermCreateDirs, dataprovider.PermDelete, dataprovider.PermDownload}
	actual.Permissions = []string{dataprovider.PermCreateDirs, dataprovider.PermCreateSymlinks}
	err = checkUser(expected, actual)
	if err == nil {
		t.Errorf("Permissions are not equal")
	}
	expected.Permissions = append(expected.Permissions, dataprovider.PermRename)
	err = checkUser(expected, actual)
	if err == nil {
		t.Errorf("Permissions are not equal")
	}
}

func TestCompareUserFields(t *testing.T) {
	expected := dataprovider.User{}
	actual := dataprovider.User{}
	expected.Username = "test"
	err := compareEqualsUserFields(expected, actual)
	if err == nil {
		t.Errorf("Username does not match")
	}
	expected.Username = ""
	expected.HomeDir = "homedir"
	err = compareEqualsUserFields(expected, actual)
	if err == nil {
		t.Errorf("HomeDir does not match")
	}
	expected.HomeDir = ""
	expected.UID = 1
	err = compareEqualsUserFields(expected, actual)
	if err == nil {
		t.Errorf("UID does not match")
	}
	expected.UID = 0
	expected.GID = 1
	err = compareEqualsUserFields(expected, actual)
	if err == nil {
		t.Errorf("GID does not match")
	}
	expected.GID = 0
	expected.MaxSessions = 2
	err = compareEqualsUserFields(expected, actual)
	if err == nil {
		t.Errorf("MaxSessions do not match")
	}
	expected.MaxSessions = 0
	expected.QuotaSize = 4096
	err = compareEqualsUserFields(expected, actual)
	if err == nil {
		t.Errorf("QuotaSize does not match")
	}
	expected.QuotaSize = 0
	expected.QuotaFiles = 2
	err = compareEqualsUserFields(expected, actual)
	if err == nil {
		t.Errorf("QuotaFiles do not match")
	}
	expected.QuotaFiles = 0
	expected.Permissions = []string{dataprovider.PermCreateDirs}
	err = compareEqualsUserFields(expected, actual)
	if err == nil {
		t.Errorf("Permissions are not equal")
	}
	expected.Permissions = nil
	expected.UploadBandwidth = 64
	err = compareEqualsUserFields(expected, actual)
	if err == nil {
		t.Errorf("UploadBandwidth does not match")
	}
	expected.UploadBandwidth = 0
	expected.DownloadBandwidth = 128
	err = compareEqualsUserFields(expected, actual)
	if err == nil {
		t.Errorf("DownloadBandwidth does not match")
	}
}

func TestApiCallsWithBadURL(t *testing.T) {
	oldBaseURL := httpBaseURL
	SetBaseURL(invalidURL)
	u := dataprovider.User{}
	_, _, err := UpdateUser(u, http.StatusBadRequest)
	if err == nil {
		t.Errorf("request with invalid URL must fail")
	}
	_, err = RemoveUser(u, http.StatusNotFound)
	if err == nil {
		t.Errorf("request with invalid URL must fail")
	}
	_, _, err = GetUsers(1, 0, "", http.StatusBadRequest)
	if err == nil {
		t.Errorf("request with invalid URL must fail")
	}
	_, err = CloseConnection("non_existent_id", http.StatusNotFound)
	if err == nil {
		t.Errorf("request with invalid URL must fail")
	}
	SetBaseURL(oldBaseURL)
}

func TestApiCallToNotListeningServer(t *testing.T) {
	oldBaseURL := httpBaseURL
	SetBaseURL(inactiveURL)
	u := dataprovider.User{}
	_, _, err := AddUser(u, http.StatusBadRequest)
	if err == nil {
		t.Errorf("request to an inactive URL must fail")
	}
	_, _, err = UpdateUser(u, http.StatusNotFound)
	if err == nil {
		t.Errorf("request to an inactive URL must fail")
	}
	_, err = RemoveUser(u, http.StatusNotFound)
	if err == nil {
		t.Errorf("request to an inactive URL must fail")
	}
	_, _, err = GetUserByID(-1, http.StatusNotFound)
	if err == nil {
		t.Errorf("request to an inactive URL must fail")
	}
	_, _, err = GetUsers(100, 0, "", http.StatusOK)
	if err == nil {
		t.Errorf("request to an inactive URL must fail")
	}
	_, _, err = GetQuotaScans(http.StatusOK)
	if err == nil {
		t.Errorf("request to an inactive URL must fail")
	}
	_, err = StartQuotaScan(u, http.StatusNotFound)
	if err == nil {
		t.Errorf("request to an inactive URL must fail")
	}
	_, _, err = GetConnections(http.StatusOK)
	if err == nil {
		t.Errorf("request to an inactive URL must fail")
	}
	_, err = CloseConnection("non_existent_id", http.StatusNotFound)
	if err == nil {
		t.Errorf("request to an inactive URL must fail")
	}
	_, _, err = GetVersion(http.StatusOK)
	if err == nil {
		t.Errorf("request to an inactive URL must fail")
	}
	SetBaseURL(oldBaseURL)
}

func TestCloseConnectionHandler(t *testing.T) {
	req, _ := http.NewRequest(http.MethodDelete, activeConnectionsPath+"/connectionID", nil)
	rctx := chi.NewRouteContext()
	rctx.URLParams.Add("connectionID", "")
	req = req.WithContext(context.WithValue(req.Context(), chi.RouteCtxKey, rctx))
	rr := httptest.NewRecorder()
	handleCloseConnection(rr, req)
	if rr.Code != http.StatusBadRequest {
		t.Errorf("Expected response code 400. Got %d", rr.Code)
	}
}

func TestRenderInvalidTemplate(t *testing.T) {
	tmpl, err := template.New("test").Parse("{{.Count}}")
	if err != nil {
		t.Errorf("error making test template: %v", err)
	} else {
		templates["no_match"] = tmpl
		rw := httptest.NewRecorder()
		renderTemplate(rw, "no_match", map[string]string{})
		if rw.Code != http.StatusInternalServerError {
			t.Errorf("invalid template rendering must fail")
		}
	}
}
add a basic web interface The builtin web interface allows to manage users and connections 2019-10-07 16:19:01 +00:00			`package httpd`
Improve test cases and logging 2019-07-26 09:34:44 +00:00
			`import (`
version: only git commit and build date must be modifiable Improved some test cases too 2019-08-08 19:42:07 +00:00			`"context"`
Improve test cases and logging 2019-07-26 09:34:44 +00:00			`"fmt"`
			`"net/http"`
version: only git commit and build date must be modifiable Improved some test cases too 2019-08-08 19:42:07 +00:00			`"net/http/httptest"`
Improve test cases and logging 2019-07-26 09:34:44 +00:00			`"testing"`
add a basic web interface The builtin web interface allows to manage users and connections 2019-10-07 16:19:01 +00:00			`"text/template"`
Improve test cases and logging 2019-07-26 09:34:44 +00:00
			`"github.com/drakkan/sftpgo/dataprovider"`
version: only git commit and build date must be modifiable Improved some test cases too 2019-08-08 19:42:07 +00:00			`"github.com/go-chi/chi"`
Improve test cases and logging 2019-07-26 09:34:44 +00:00			`)`

api_utils: expose missing REST API REST API are now fully exposed and can be consumed by other packages using the methods in api_utils.go 2019-08-03 11:19:00 +00:00			`const (`
			`invalidURL = "http://foo\x7f.com/"`
			`inactiveURL = "http://127.0.0.1:12345"`
			`)`

Improve test cases and logging 2019-07-26 09:34:44 +00:00			`func TestGetRespStatus(t *testing.T) {`
			`var err error`
			`err = &dataprovider.MethodDisabledError{}`
			`respStatus := getRespStatus(err)`
			`if respStatus != http.StatusForbidden {`
			`t.Errorf("wrong resp status extected: %d got: %d", http.StatusForbidden, respStatus)`
			`}`
			`err = fmt.Errorf("generic error")`
			`respStatus = getRespStatus(err)`
			`if respStatus != http.StatusInternalServerError {`
			`t.Errorf("wrong resp status extected: %d got: %d", http.StatusInternalServerError, respStatus)`
			`}`
			`}`

			`func TestCheckResponse(t *testing.T) {`
api_utils: return response body too useful for debug and to build external API, for example a CLI interface 2019-08-04 19:37:31 +00:00			`err := checkResponse(http.StatusOK, http.StatusCreated)`
Improve test cases and logging 2019-07-26 09:34:44 +00:00			`if err == nil {`
			`t.Errorf("check must fail")`
			`}`
api_utils: return response body too useful for debug and to build external API, for example a CLI interface 2019-08-04 19:37:31 +00:00			`err = checkResponse(http.StatusBadRequest, http.StatusBadRequest)`
Improve test cases and logging 2019-07-26 09:34:44 +00:00			`if err != nil {`
			`t.Errorf("test must succeed, error: %v", err)`
			`}`
			`}`

			`func TestCheckUser(t *testing.T) {`
			`expected := dataprovider.User{}`
			`actual := dataprovider.User{}`
			`actual.Password = "password"`
			`err := checkUser(expected, actual)`
			`if err == nil {`
			`t.Errorf("actual password must be nil")`
			`}`
			`actual.Password = ""`
rename public_key in public_keys remove compatibility layer to convert public keys newline delimited in json list 2019-08-07 21:41:10 +00:00			`actual.PublicKeys = []string{"pub key"}`
Improve test cases and logging 2019-07-26 09:34:44 +00:00			`err = checkUser(expected, actual)`
			`if err == nil {`
			`t.Errorf("actual public key must be nil")`
			`}`
rename public_key in public_keys remove compatibility layer to convert public keys newline delimited in json list 2019-08-07 21:41:10 +00:00			`actual.PublicKeys = []string{}`
Improve test cases and logging 2019-07-26 09:34:44 +00:00			`err = checkUser(expected, actual)`
			`if err == nil {`
			`t.Errorf("actual ID must be > 0")`
			`}`
			`expected.ID = 1`
			`actual.ID = 2`
			`err = checkUser(expected, actual)`
			`if err == nil {`
			`t.Errorf("actual ID must be equal to expected ID")`
			`}`
			`expected.ID = 2`
			`actual.ID = 2`
			`expected.Permissions = []string{dataprovider.PermCreateDirs, dataprovider.PermDelete, dataprovider.PermDownload}`
			`actual.Permissions = []string{dataprovider.PermCreateDirs, dataprovider.PermCreateSymlinks}`
			`err = checkUser(expected, actual)`
			`if err == nil {`
			`t.Errorf("Permissions are not equal")`
			`}`
			`expected.Permissions = append(expected.Permissions, dataprovider.PermRename)`
			`err = checkUser(expected, actual)`
			`if err == nil {`
			`t.Errorf("Permissions are not equal")`
			`}`
			`}`

			`func TestCompareUserFields(t *testing.T) {`
			`expected := dataprovider.User{}`
			`actual := dataprovider.User{}`
			`expected.Username = "test"`
			`err := compareEqualsUserFields(expected, actual)`
			`if err == nil {`
			`t.Errorf("Username does not match")`
			`}`
			`expected.Username = ""`
			`expected.HomeDir = "homedir"`
			`err = compareEqualsUserFields(expected, actual)`
			`if err == nil {`
			`t.Errorf("HomeDir does not match")`
			`}`
			`expected.HomeDir = ""`
			`expected.UID = 1`
			`err = compareEqualsUserFields(expected, actual)`
			`if err == nil {`
			`t.Errorf("UID does not match")`
			`}`
			`expected.UID = 0`
			`expected.GID = 1`
			`err = compareEqualsUserFields(expected, actual)`
			`if err == nil {`
			`t.Errorf("GID does not match")`
			`}`
			`expected.GID = 0`
			`expected.MaxSessions = 2`
			`err = compareEqualsUserFields(expected, actual)`
			`if err == nil {`
			`t.Errorf("MaxSessions do not match")`
			`}`
			`expected.MaxSessions = 0`
			`expected.QuotaSize = 4096`
			`err = compareEqualsUserFields(expected, actual)`
			`if err == nil {`
			`t.Errorf("QuotaSize does not match")`
			`}`
			`expected.QuotaSize = 0`
			`expected.QuotaFiles = 2`
			`err = compareEqualsUserFields(expected, actual)`
			`if err == nil {`
			`t.Errorf("QuotaFiles do not match")`
			`}`
			`expected.QuotaFiles = 0`
			`expected.Permissions = []string{dataprovider.PermCreateDirs}`
			`err = compareEqualsUserFields(expected, actual)`
			`if err == nil {`
			`t.Errorf("Permissions are not equal")`
			`}`
			`expected.Permissions = nil`
			`expected.UploadBandwidth = 64`
			`err = compareEqualsUserFields(expected, actual)`
			`if err == nil {`
			`t.Errorf("UploadBandwidth does not match")`
			`}`
			`expected.UploadBandwidth = 0`
			`expected.DownloadBandwidth = 128`
			`err = compareEqualsUserFields(expected, actual)`
			`if err == nil {`
			`t.Errorf("DownloadBandwidth does not match")`
			`}`
			`}`
api_utils: expose missing REST API REST API are now fully exposed and can be consumed by other packages using the methods in api_utils.go 2019-08-03 11:19:00 +00:00
			`func TestApiCallsWithBadURL(t *testing.T) {`
			`oldBaseURL := httpBaseURL`
			`SetBaseURL(invalidURL)`
			`u := dataprovider.User{}`
api_utils: return response body too useful for debug and to build external API, for example a CLI interface 2019-08-04 19:37:31 +00:00			`_, _, err := UpdateUser(u, http.StatusBadRequest)`
api_utils: expose missing REST API REST API are now fully exposed and can be consumed by other packages using the methods in api_utils.go 2019-08-03 11:19:00 +00:00			`if err == nil {`
			`t.Errorf("request with invalid URL must fail")`
			`}`
api_utils: return response body too useful for debug and to build external API, for example a CLI interface 2019-08-04 19:37:31 +00:00			`_, err = RemoveUser(u, http.StatusNotFound)`
api_utils: expose missing REST API REST API are now fully exposed and can be consumed by other packages using the methods in api_utils.go 2019-08-03 11:19:00 +00:00			`if err == nil {`
			`t.Errorf("request with invalid URL must fail")`
			`}`
api_utils: return response body too useful for debug and to build external API, for example a CLI interface 2019-08-04 19:37:31 +00:00			`_, _, err = GetUsers(1, 0, "", http.StatusBadRequest)`
			`if err == nil {`
			`t.Errorf("request with invalid URL must fail")`
			`}`
add SCP support SCP is an experimental feature, we have our own SCP implementation since we can't rely on scp system command to proper handle permissions, quota and user's home dir restrictions. The SCP protocol is quite simple but there is no official docs about it, so we need more testing and feedbacks before enabling it by default. We may not handle some borderline cases or have sneaky bugs. This commit contains some breaking changes to the REST API. SFTPGo API should be stable now and I hope no more breaking changes before the first stable release. 2019-08-24 12:41:15 +00:00			`_, err = CloseConnection("non_existent_id", http.StatusNotFound)`
api_utils: expose missing REST API REST API are now fully exposed and can be consumed by other packages using the methods in api_utils.go 2019-08-03 11:19:00 +00:00			`if err == nil {`
			`t.Errorf("request with invalid URL must fail")`
			`}`
			`SetBaseURL(oldBaseURL)`
			`}`

			`func TestApiCallToNotListeningServer(t *testing.T) {`
			`oldBaseURL := httpBaseURL`
			`SetBaseURL(inactiveURL)`
			`u := dataprovider.User{}`
api_utils: return response body too useful for debug and to build external API, for example a CLI interface 2019-08-04 19:37:31 +00:00			`_, _, err := AddUser(u, http.StatusBadRequest)`
api_utils: expose missing REST API REST API are now fully exposed and can be consumed by other packages using the methods in api_utils.go 2019-08-03 11:19:00 +00:00			`if err == nil {`
			`t.Errorf("request to an inactive URL must fail")`
			`}`
api_utils: return response body too useful for debug and to build external API, for example a CLI interface 2019-08-04 19:37:31 +00:00			`_, _, err = UpdateUser(u, http.StatusNotFound)`
api_utils: expose missing REST API REST API are now fully exposed and can be consumed by other packages using the methods in api_utils.go 2019-08-03 11:19:00 +00:00			`if err == nil {`
			`t.Errorf("request to an inactive URL must fail")`
			`}`
api_utils: return response body too useful for debug and to build external API, for example a CLI interface 2019-08-04 19:37:31 +00:00			`_, err = RemoveUser(u, http.StatusNotFound)`
api_utils: expose missing REST API REST API are now fully exposed and can be consumed by other packages using the methods in api_utils.go 2019-08-03 11:19:00 +00:00			`if err == nil {`
			`t.Errorf("request to an inactive URL must fail")`
			`}`
api_utils: return response body too useful for debug and to build external API, for example a CLI interface 2019-08-04 19:37:31 +00:00			`_, _, err = GetUserByID(-1, http.StatusNotFound)`
api_utils: expose missing REST API REST API are now fully exposed and can be consumed by other packages using the methods in api_utils.go 2019-08-03 11:19:00 +00:00			`if err == nil {`
			`t.Errorf("request to an inactive URL must fail")`
			`}`
api_utils: return response body too useful for debug and to build external API, for example a CLI interface 2019-08-04 19:37:31 +00:00			`_, _, err = GetUsers(100, 0, "", http.StatusOK)`
api_utils: expose missing REST API REST API are now fully exposed and can be consumed by other packages using the methods in api_utils.go 2019-08-03 11:19:00 +00:00			`if err == nil {`
			`t.Errorf("request to an inactive URL must fail")`
			`}`
api_utils: return response body too useful for debug and to build external API, for example a CLI interface 2019-08-04 19:37:31 +00:00			`_, _, err = GetQuotaScans(http.StatusOK)`
api_utils: expose missing REST API REST API are now fully exposed and can be consumed by other packages using the methods in api_utils.go 2019-08-03 11:19:00 +00:00			`if err == nil {`
			`t.Errorf("request to an inactive URL must fail")`
			`}`
api_utils: return response body too useful for debug and to build external API, for example a CLI interface 2019-08-04 19:37:31 +00:00			`_, err = StartQuotaScan(u, http.StatusNotFound)`
api_utils: expose missing REST API REST API are now fully exposed and can be consumed by other packages using the methods in api_utils.go 2019-08-03 11:19:00 +00:00			`if err == nil {`
			`t.Errorf("request to an inactive URL must fail")`
			`}`
add SCP support SCP is an experimental feature, we have our own SCP implementation since we can't rely on scp system command to proper handle permissions, quota and user's home dir restrictions. The SCP protocol is quite simple but there is no official docs about it, so we need more testing and feedbacks before enabling it by default. We may not handle some borderline cases or have sneaky bugs. This commit contains some breaking changes to the REST API. SFTPGo API should be stable now and I hope no more breaking changes before the first stable release. 2019-08-24 12:41:15 +00:00			`_, _, err = GetConnections(http.StatusOK)`
api_utils: expose missing REST API REST API are now fully exposed and can be consumed by other packages using the methods in api_utils.go 2019-08-03 11:19:00 +00:00			`if err == nil {`
			`t.Errorf("request to an inactive URL must fail")`
			`}`
add SCP support SCP is an experimental feature, we have our own SCP implementation since we can't rely on scp system command to proper handle permissions, quota and user's home dir restrictions. The SCP protocol is quite simple but there is no official docs about it, so we need more testing and feedbacks before enabling it by default. We may not handle some borderline cases or have sneaky bugs. This commit contains some breaking changes to the REST API. SFTPGo API should be stable now and I hope no more breaking changes before the first stable release. 2019-08-24 12:41:15 +00:00			`_, err = CloseConnection("non_existent_id", http.StatusNotFound)`
api_utils: expose missing REST API REST API are now fully exposed and can be consumed by other packages using the methods in api_utils.go 2019-08-03 11:19:00 +00:00			`if err == nil {`
			`t.Errorf("request to an inactive URL must fail")`
			`}`
add version info 2019-08-08 08:01:33 +00:00			`_, _, err = GetVersion(http.StatusOK)`
			`if err == nil {`
			`t.Errorf("request to an inactive URL must fail")`
			`}`
api_utils: expose missing REST API REST API are now fully exposed and can be consumed by other packages using the methods in api_utils.go 2019-08-03 11:19:00 +00:00			`SetBaseURL(oldBaseURL)`
			`}`
version: only git commit and build date must be modifiable Improved some test cases too 2019-08-08 19:42:07 +00:00
add SCP support SCP is an experimental feature, we have our own SCP implementation since we can't rely on scp system command to proper handle permissions, quota and user's home dir restrictions. The SCP protocol is quite simple but there is no official docs about it, so we need more testing and feedbacks before enabling it by default. We may not handle some borderline cases or have sneaky bugs. This commit contains some breaking changes to the REST API. SFTPGo API should be stable now and I hope no more breaking changes before the first stable release. 2019-08-24 12:41:15 +00:00			`func TestCloseConnectionHandler(t *testing.T) {`
version: only git commit and build date must be modifiable Improved some test cases too 2019-08-08 19:42:07 +00:00			`req, _ := http.NewRequest(http.MethodDelete, activeConnectionsPath+"/connectionID", nil)`
			`rctx := chi.NewRouteContext()`
			`rctx.URLParams.Add("connectionID", "")`
			`req = req.WithContext(context.WithValue(req.Context(), chi.RouteCtxKey, rctx))`
			`rr := httptest.NewRecorder()`
add SCP support SCP is an experimental feature, we have our own SCP implementation since we can't rely on scp system command to proper handle permissions, quota and user's home dir restrictions. The SCP protocol is quite simple but there is no official docs about it, so we need more testing and feedbacks before enabling it by default. We may not handle some borderline cases or have sneaky bugs. This commit contains some breaking changes to the REST API. SFTPGo API should be stable now and I hope no more breaking changes before the first stable release. 2019-08-24 12:41:15 +00:00			`handleCloseConnection(rr, req)`
version: only git commit and build date must be modifiable Improved some test cases too 2019-08-08 19:42:07 +00:00			`if rr.Code != http.StatusBadRequest {`
			`t.Errorf("Expected response code 400. Got %d", rr.Code)`
			`}`
			`}`
add a basic web interface The builtin web interface allows to manage users and connections 2019-10-07 16:19:01 +00:00
			`func TestRenderInvalidTemplate(t *testing.T) {`
			`tmpl, err := template.New("test").Parse("{{.Count}}")`
			`if err != nil {`
			`t.Errorf("error making test template: %v", err)`
			`} else {`
			`templates["no_match"] = tmpl`
			`rw := httptest.NewRecorder()`
			`renderTemplate(rw, "no_match", map[string]string{})`
			`if rw.Code != http.StatusInternalServerError {`
			`t.Errorf("invalid template rendering must fail")`
			`}`
			`}`
			`}`