From 487d38db958e57fdbf5cff858b49a33ebb27fa50 Mon Sep 17 00:00:00 2001 From: Torsten Dittmann Date: Tue, 26 Apr 2022 12:07:33 +0200 Subject: [PATCH] fix(user): search integrity --- app/controllers/api/users.php | 14 +++- tests/e2e/Services/Account/AccountBase.php | 14 ++-- .../Account/AccountCustomClientTest.php | 83 ++++++++++++++++++- .../Account/AccountCustomServerTest.php | 2 +- tests/e2e/Services/Users/UsersBase.php | 76 +++++++++++++++++ 5 files changed, 177 insertions(+), 12 deletions(-) diff --git a/app/controllers/api/users.php b/app/controllers/api/users.php index 6bb14c500..a38c8cad8 100644 --- a/app/controllers/api/users.php +++ b/app/controllers/api/users.php @@ -453,7 +453,12 @@ App::patch('/v1/users/:userId/name') throw new Exception('User not found', 404, Exception::USER_NOT_FOUND); } - $user = $dbForProject->updateDocument('users', $user->getId(), $user->setAttribute('name', $name)); + $user + ->setAttribute('name', $name) + ->setAttribute('search', \implode(' ', [$user->getId(), $user->getAttribute('email'), $name])); + ; + + $user = $dbForProject->updateDocument('users', $user->getId(), $user); $audits ->setParam('userId', $user->getId()) @@ -542,8 +547,13 @@ App::patch('/v1/users/:userId/email') $email = \strtolower($email); + $user + ->setAttribute('email', $email) + ->setAttribute('search', \implode(' ', [$user->getId(), $email, $user->getAttribute('name')])) + ; + try { - $user = $dbForProject->updateDocument('users', $user->getId(), $user->setAttribute('email', $email)); + $user = $dbForProject->updateDocument('users', $user->getId(), $user); } catch(Duplicate $th) { throw new Exception('Email already exists', 409, Exception::USER_EMAIL_ALREADY_EXISTS); } diff --git a/tests/e2e/Services/Account/AccountBase.php b/tests/e2e/Services/Account/AccountBase.php index 2fbe65a0e..3aa368baa 100644 --- a/tests/e2e/Services/Account/AccountBase.php +++ b/tests/e2e/Services/Account/AccountBase.php @@ -445,7 +445,7 @@ trait AccountBase { $email = $data['email'] ?? ''; $session = $data['session'] ?? ''; - $newName = 'New Name'; + $newName = 'Lorem'; /** * Test for SUCCESS @@ -477,7 +477,7 @@ trait AccountBase ])); $this->assertEquals($response['headers']['status-code'], 401); - + $response = $this->client->call(Client::METHOD_PATCH, '/account/name', array_merge([ 'origin' => 'http://localhost', 'content-type' => 'application/json', @@ -485,7 +485,7 @@ trait AccountBase 'cookie' => 'a_session_'.$this->getProject()['$id'].'=' . $session, ]), [ ]); - + $this->assertEquals($response['headers']['status-code'], 400); $response = $this->client->call(Client::METHOD_PATCH, '/account/name', array_merge([ @@ -496,7 +496,7 @@ trait AccountBase ]), [ 'name' => 'ocSRq1d3QphHivJyUmYY7WMnrxyjdk5YvVwcDqx2zS0coxESN8RmsQwLWw5Whnf0WbVohuFWTRAaoKgCOO0Y0M7LwgFnZmi8881Y72222222222222222222222222222' ]); - + $this->assertEquals($response['headers']['status-code'], 400); $data['name'] = $newName; @@ -532,7 +532,6 @@ trait AccountBase $this->assertNotEmpty($response['body']['$id']); $this->assertIsNumeric($response['body']['registration']); $this->assertEquals($response['body']['email'], $email); - $this->assertEquals($response['body']['name'], 'New Name'); $response = $this->client->call(Client::METHOD_POST, '/account/sessions', array_merge([ 'origin' => 'http://localhost', @@ -625,7 +624,6 @@ trait AccountBase $this->assertNotEmpty($response['body']['$id']); $this->assertIsNumeric($response['body']['registration']); $this->assertEquals($response['body']['email'], $newEmail); - $this->assertEquals($response['body']['name'], 'New Name'); /** * Test for FAILURE @@ -637,7 +635,7 @@ trait AccountBase ])); $this->assertEquals($response['headers']['status-code'], 401); - + $response = $this->client->call(Client::METHOD_PATCH, '/account/email', array_merge([ 'origin' => 'http://localhost', 'content-type' => 'application/json', @@ -645,7 +643,7 @@ trait AccountBase 'cookie' => 'a_session_'.$this->getProject()['$id'].'=' . $session, ]), [ ]); - + $this->assertEquals($response['headers']['status-code'], 400); // Test if we can create a new account with the old email diff --git a/tests/e2e/Services/Account/AccountCustomClientTest.php b/tests/e2e/Services/Account/AccountCustomClientTest.php index 2b06828a6..30a01b31b 100644 --- a/tests/e2e/Services/Account/AccountCustomClientTest.php +++ b/tests/e2e/Services/Account/AccountCustomClientTest.php @@ -510,4 +510,85 @@ class AccountCustomClientTest extends Scope $this->assertEquals($response['headers']['status-code'], 404); } -} \ No newline at end of file + + /** + * @depends testUpdateAccountName + */ + public function testUpdateAccountNameSearch($data): void + { + $id = $data['id'] ?? ''; + $email = $data['email'] ?? ''; + $newName = 'Lorem'; + + /** + * Test for SUCCESS + */ + $response = $this->client->call(Client::METHOD_GET, '/users', [ + 'content-type' => 'application/json', + 'x-appwrite-project' => $this->getProject()['$id'], + 'x-appwrite-key' => $this->getProject()['apiKey'], + ], [ + 'search' => $newName + ]); + + $this->assertEquals($response['headers']['status-code'], 200); + $this->assertNotEmpty($response['body']); + $this->assertNotEmpty($response['body']['users']); + $this->assertCount(1, $response['body']['users']); + $this->assertEquals($response['body']['users'][0]['email'], $email); + + $response = $this->client->call(Client::METHOD_GET, '/users', [ + 'content-type' => 'application/json', + 'x-appwrite-project' => $this->getProject()['$id'], + 'x-appwrite-key' => $this->getProject()['apiKey'], + ], [ + 'search' => $id + ]); + + $this->assertEquals($response['headers']['status-code'], 200); + $this->assertNotEmpty($response['body']); + $this->assertNotEmpty($response['body']['users']); + $this->assertCount(1, $response['body']['users']); + $this->assertEquals($response['body']['users'][0]['email'], $email); + } + + /** + * @depends testUpdateAccountEmail + */ + public function testUpdateAccountEmailSearch($data): void + { + $id = $data['id'] ?? ''; + $email = $data['email'] ?? ''; + + /** + * Test for SUCCESS + */ + $response = $this->client->call(Client::METHOD_GET, '/users', [ + 'content-type' => 'application/json', + 'x-appwrite-project' => $this->getProject()['$id'], + 'x-appwrite-key' => $this->getProject()['apiKey'], + ], [ + 'search' => '"' . $email . '"' + ]); + + $this->assertEquals($response['headers']['status-code'], 200); + $this->assertNotEmpty($response['body']); + $this->assertNotEmpty($response['body']['users']); + $this->assertCount(1, $response['body']['users']); + $this->assertEquals($response['body']['users'][0]['email'], $email); + + $response = $this->client->call(Client::METHOD_GET, '/users', [ + 'content-type' => 'application/json', + 'x-appwrite-project' => $this->getProject()['$id'], + 'x-appwrite-key' => $this->getProject()['apiKey'], + ], [ + 'search' => $id + ]); + + $this->assertEquals($response['headers']['status-code'], 200); + $this->assertNotEmpty($response['body']); + $this->assertNotEmpty($response['body']['users']); + $this->assertCount(1, $response['body']['users']); + $this->assertEquals($response['body']['users'][0]['email'], $email); + } +} diff --git a/tests/e2e/Services/Account/AccountCustomServerTest.php b/tests/e2e/Services/Account/AccountCustomServerTest.php index fabbc5b77..832dd3438 100644 --- a/tests/e2e/Services/Account/AccountCustomServerTest.php +++ b/tests/e2e/Services/Account/AccountCustomServerTest.php @@ -33,7 +33,7 @@ class AccountCustomServerTest extends Scope ]); $this->assertEquals(401, $response['headers']['status-code']); - + return []; } } \ No newline at end of file diff --git a/tests/e2e/Services/Users/UsersBase.php b/tests/e2e/Services/Users/UsersBase.php index 2e61917d2..1f5f2922d 100644 --- a/tests/e2e/Services/Users/UsersBase.php +++ b/tests/e2e/Services/Users/UsersBase.php @@ -281,6 +281,44 @@ trait UsersBase return $data; } + /** + * @depends testUpdateUserName + */ + public function testUpdateUserNameSearch($data): void + { + $id = $data['userId'] ?? ''; + $newName = 'Updated name'; + + /** + * Test for SUCCESS + */ + $response = $this->client->call(Client::METHOD_GET, '/users', array_merge([ + 'content-type' => 'application/json', + 'x-appwrite-project' => $this->getProject()['$id'], + ], $this->getHeaders()), [ + 'search' => $newName + ]); + + $this->assertEquals($response['headers']['status-code'], 200); + $this->assertNotEmpty($response['body']); + $this->assertNotEmpty($response['body']['users']); + $this->assertCount(1, $response['body']['users']); + $this->assertEquals($response['body']['users'][0]['$id'], $id); + + $response = $this->client->call(Client::METHOD_GET, '/users', array_merge([ + 'content-type' => 'application/json', + 'x-appwrite-project' => $this->getProject()['$id'], + ], $this->getHeaders()), [ + 'search' => $id + ]); + + $this->assertEquals($response['headers']['status-code'], 200); + $this->assertNotEmpty($response['body']); + $this->assertNotEmpty($response['body']['users']); + $this->assertCount(1, $response['body']['users']); + $this->assertEquals($response['body']['users'][0]['$id'], $id); + } + /** * @depends testGetUser */ @@ -310,6 +348,44 @@ trait UsersBase return $data; } + /** + * @depends testUpdateUserEmail + */ + public function testUpdateUserEmailSearch($data): void + { + $id = $data['userId'] ?? ''; + $newEmail = '"users.service@updated.com"'; + + /** + * Test for SUCCESS + */ + $response = $this->client->call(Client::METHOD_GET, '/users', array_merge([ + 'content-type' => 'application/json', + 'x-appwrite-project' => $this->getProject()['$id'], + ], $this->getHeaders()), [ + 'search' => $newEmail + ]); + + $this->assertEquals($response['headers']['status-code'], 200); + $this->assertNotEmpty($response['body']); + $this->assertNotEmpty($response['body']['users']); + $this->assertCount(1, $response['body']['users']); + $this->assertEquals($response['body']['users'][0]['$id'], $id); + + $response = $this->client->call(Client::METHOD_GET, '/users', array_merge([ + 'content-type' => 'application/json', + 'x-appwrite-project' => $this->getProject()['$id'], + ], $this->getHeaders()), [ + 'search' => $id + ]); + + $this->assertEquals($response['headers']['status-code'], 200); + $this->assertNotEmpty($response['body']); + $this->assertNotEmpty($response['body']['users']); + $this->assertCount(1, $response['body']['users']); + $this->assertEquals($response['body']['users'][0]['$id'], $id); + } + /** * @depends testUpdateUserEmail */