CodeMirror/appwrite
1
0
Fork 0
mirror of synced 2024-06-29 11:40:45 +12:00
Code Issues Projects Releases Wiki Activity

fix(user): search integrity

Browse source
This commit is contained in:
Torsten Dittmann 2022-04-26 12:07:33 +02:00
parent ddd2a67243
commit 487d38db95
5 changed files with 177 additions and 12 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

14
app/controllers/api/users.php
View file

@ -453,7 +453,12 @@ App::patch('/v1/users/:userId/name')
throw new Exception('User not found', 404, Exception::USER_NOT_FOUND);
}
$user = $dbForProject->updateDocument('users', $user->getId(), $user->setAttribute('name', $name));
$user
->setAttribute('name', $name)
->setAttribute('search', \implode(' ', [$user->getId(), $user->getAttribute('email'), $name]));
;
$user = $dbForProject->updateDocument('users', $user->getId(), $user);
$audits
->setParam('userId', $user->getId())
@ -542,8 +547,13 @@ App::patch('/v1/users/:userId/email')
$email = \strtolower($email);
$user
->setAttribute('email', $email)
->setAttribute('search', \implode(' ', [$user->getId(), $email, $user->getAttribute('name')]))
;
try {
$user = $dbForProject->updateDocument('users', $user->getId(), $user->setAttribute('email', $email));
$user = $dbForProject->updateDocument('users', $user->getId(), $user);
} catch(Duplicate $th) {
throw new Exception('Email already exists', 409, Exception::USER_EMAIL_ALREADY_EXISTS);
}

14
tests/e2e/Services/Account/AccountBase.php
View file

@ -445,7 +445,7 @@ trait AccountBase
{
$email = $data['email'] ?? '';
$session = $data['session'] ?? '';
$newName = 'New Name';
$newName = 'Lorem';
/**
* Test for SUCCESS
@ -477,7 +477,7 @@ trait AccountBase
]));
$this->assertEquals($response['headers']['status-code'], 401);
$response = $this->client->call(Client::METHOD_PATCH, '/account/name', array_merge([
'origin' => 'http://localhost',
'content-type' => 'application/json',
@ -485,7 +485,7 @@ trait AccountBase
'cookie' => 'a_session_'.$this->getProject()['$id'].'=' . $session,
]), [
]);
$this->assertEquals($response['headers']['status-code'], 400);
$response = $this->client->call(Client::METHOD_PATCH, '/account/name', array_merge([
@ -496,7 +496,7 @@ trait AccountBase
]), [
'name' => 'ocSRq1d3QphHivJyUmYY7WMnrxyjdk5YvVwcDqx2zS0coxESN8RmsQwLWw5Whnf0WbVohuFWTRAaoKgCOO0Y0M7LwgFnZmi8881Y72222222222222222222222222222'
]);
$this->assertEquals($response['headers']['status-code'], 400);
$data['name'] = $newName;
@ -532,7 +532,6 @@ trait AccountBase
$this->assertNotEmpty($response['body']['$id']);
$this->assertIsNumeric($response['body']['registration']);
$this->assertEquals($response['body']['email'], $email);
$this->assertEquals($response['body']['name'], 'New Name');
$response = $this->client->call(Client::METHOD_POST, '/account/sessions', array_merge([
'origin' => 'http://localhost',
@ -625,7 +624,6 @@ trait AccountBase
$this->assertNotEmpty($response['body']['$id']);
$this->assertIsNumeric($response['body']['registration']);
$this->assertEquals($response['body']['email'], $newEmail);
$this->assertEquals($response['body']['name'], 'New Name');
/**
* Test for FAILURE
@ -637,7 +635,7 @@ trait AccountBase
]));
$this->assertEquals($response['headers']['status-code'], 401);
$response = $this->client->call(Client::METHOD_PATCH, '/account/email', array_merge([
'origin' => 'http://localhost',
'content-type' => 'application/json',
@ -645,7 +643,7 @@ trait AccountBase
'cookie' => 'a_session_'.$this->getProject()['$id'].'=' . $session,
]), [
]);
$this->assertEquals($response['headers']['status-code'], 400);
// Test if we can create a new account with the old email

83
tests/e2e/Services/Account/AccountCustomClientTest.php
View file

@ -510,4 +510,85 @@ class AccountCustomClientTest extends Scope
$this->assertEquals($response['headers']['status-code'], 404);
}
}
/**
* @depends testUpdateAccountName
*/
public function testUpdateAccountNameSearch($data): void
{
$id = $data['id'] ?? '';
$email = $data['email'] ?? '';
$newName = 'Lorem';
/**
* Test for SUCCESS
*/
$response = $this->client->call(Client::METHOD_GET, '/users', [
'content-type' => 'application/json',
'x-appwrite-project' => $this->getProject()['$id'],
'x-appwrite-key' => $this->getProject()['apiKey'],
], [
'search' => $newName
]);
$this->assertEquals($response['headers']['status-code'], 200);
$this->assertNotEmpty($response['body']);
$this->assertNotEmpty($response['body']['users']);
$this->assertCount(1, $response['body']['users']);
$this->assertEquals($response['body']['users'][0]['email'], $email);
$response = $this->client->call(Client::METHOD_GET, '/users', [
'content-type' => 'application/json',
'x-appwrite-project' => $this->getProject()['$id'],
'x-appwrite-key' => $this->getProject()['apiKey'],
], [
'search' => $id
]);
$this->assertEquals($response['headers']['status-code'], 200);
$this->assertNotEmpty($response['body']);
$this->assertNotEmpty($response['body']['users']);
$this->assertCount(1, $response['body']['users']);
$this->assertEquals($response['body']['users'][0]['email'], $email);
}
/**
* @depends testUpdateAccountEmail
*/
public function testUpdateAccountEmailSearch($data): void
{
$id = $data['id'] ?? '';
$email = $data['email'] ?? '';
/**
* Test for SUCCESS
*/
$response = $this->client->call(Client::METHOD_GET, '/users', [
'content-type' => 'application/json',
'x-appwrite-project' => $this->getProject()['$id'],
'x-appwrite-key' => $this->getProject()['apiKey'],
], [
'search' => '"' . $email . '"'
]);
$this->assertEquals($response['headers']['status-code'], 200);
$this->assertNotEmpty($response['body']);
$this->assertNotEmpty($response['body']['users']);
$this->assertCount(1, $response['body']['users']);
$this->assertEquals($response['body']['users'][0]['email'], $email);
$response = $this->client->call(Client::METHOD_GET, '/users', [
'content-type' => 'application/json',
'x-appwrite-project' => $this->getProject()['$id'],
'x-appwrite-key' => $this->getProject()['apiKey'],
], [
'search' => $id
]);
$this->assertEquals($response['headers']['status-code'], 200);
$this->assertNotEmpty($response['body']);
$this->assertNotEmpty($response['body']['users']);
$this->assertCount(1, $response['body']['users']);
$this->assertEquals($response['body']['users'][0]['email'], $email);
}
}

2
tests/e2e/Services/Account/AccountCustomServerTest.php
View file

@ -33,7 +33,7 @@ class AccountCustomServerTest extends Scope
]);
$this->assertEquals(401, $response['headers']['status-code']);
return [];
}
}

76
tests/e2e/Services/Users/UsersBase.php
View file

@ -281,6 +281,44 @@ trait UsersBase
return $data;
}
/**
* @depends testUpdateUserName
*/
public function testUpdateUserNameSearch($data): void
{
$id = $data['userId'] ?? '';
$newName = 'Updated name';
/**
* Test for SUCCESS
*/
$response = $this->client->call(Client::METHOD_GET, '/users', array_merge([
'content-type' => 'application/json',
'x-appwrite-project' => $this->getProject()['$id'],
], $this->getHeaders()), [
'search' => $newName
]);
$this->assertEquals($response['headers']['status-code'], 200);
$this->assertNotEmpty($response['body']);
$this->assertNotEmpty($response['body']['users']);
$this->assertCount(1, $response['body']['users']);
$this->assertEquals($response['body']['users'][0]['$id'], $id);
$response = $this->client->call(Client::METHOD_GET, '/users', array_merge([
'content-type' => 'application/json',
'x-appwrite-project' => $this->getProject()['$id'],
], $this->getHeaders()), [
'search' => $id
]);
$this->assertEquals($response['headers']['status-code'], 200);
$this->assertNotEmpty($response['body']);
$this->assertNotEmpty($response['body']['users']);
$this->assertCount(1, $response['body']['users']);
$this->assertEquals($response['body']['users'][0]['$id'], $id);
}
/**
* @depends testGetUser
*/
@ -310,6 +348,44 @@ trait UsersBase
return $data;
}
/**
* @depends testUpdateUserEmail
*/
public function testUpdateUserEmailSearch($data): void
{
$id = $data['userId'] ?? '';
$newEmail = '"users.service@updated.com"';
/**
* Test for SUCCESS
*/
$response = $this->client->call(Client::METHOD_GET, '/users', array_merge([
'content-type' => 'application/json',
'x-appwrite-project' => $this->getProject()['$id'],
], $this->getHeaders()), [
'search' => $newEmail
]);
$this->assertEquals($response['headers']['status-code'], 200);
$this->assertNotEmpty($response['body']);
$this->assertNotEmpty($response['body']['users']);
$this->assertCount(1, $response['body']['users']);
$this->assertEquals($response['body']['users'][0]['$id'], $id);
$response = $this->client->call(Client::METHOD_GET, '/users', array_merge([
'content-type' => 'application/json',
'x-appwrite-project' => $this->getProject()['$id'],
], $this->getHeaders()), [
'search' => $id
]);
$this->assertEquals($response['headers']['status-code'], 200);
$this->assertNotEmpty($response['body']);
$this->assertNotEmpty($response['body']['users']);
$this->assertCount(1, $response['body']['users']);
$this->assertEquals($response['body']['users'][0]['$id'], $id);
}
/**
* @depends testUpdateUserEmail
*/