From 498ddbf14c15ae6cd47208c6ed51ddd7faaf501d Mon Sep 17 00:00:00 2001 From: loks0n <22452787+loks0n@users.noreply.github.com> Date: Wed, 17 Jan 2024 11:58:40 +0000 Subject: [PATCH] test: add create email session test for server --- app/controllers/api/account.php | 2 + src/Appwrite/Auth/Auth.php | 4 +- .../Account/AccountCustomServerTest.php | 105 ++++++++++++++++++ 3 files changed, 109 insertions(+), 2 deletions(-) diff --git a/app/controllers/api/account.php b/app/controllers/api/account.php index 9b638e3a8a..cd88ad2349 100644 --- a/app/controllers/api/account.php +++ b/app/controllers/api/account.php @@ -2851,6 +2851,7 @@ App::post('/v1/account/verification') $isPrivilegedUser = Auth::isPrivilegedUser($roles); $isAppUser = Auth::isAppUser($roles); $verificationSecret = Auth::tokenGenerator(Auth::TOKEN_LENGTH_VERIFICATION); + var_dump($verificationSecret); $expire = DateTime::addSeconds(new \DateTime(), Auth::TOKEN_EXPIRATION_CONFIRM); $verification = new Document([ @@ -2996,6 +2997,7 @@ App::put('/v1/account/verification') ->inject('dbForProject') ->inject('queueForEvents') ->action(function (string $userId, string $secret, Response $response, Document $user, Database $dbForProject, Event $queueForEvents) { + var_dump($secret); $profile = Authorization::skip(fn() => $dbForProject->getDocument('users', $userId)); diff --git a/src/Appwrite/Auth/Auth.php b/src/Appwrite/Auth/Auth.php index ba3eea7625..86e0ba676b 100644 --- a/src/Appwrite/Auth/Auth.php +++ b/src/Appwrite/Auth/Auth.php @@ -80,8 +80,8 @@ class Auth * Token Lengths. */ public const TOKEN_LENGTH_MAGIC_URL = 64; - public const TOKEN_LENGTH_VERIFICATION = 64; - public const TOKEN_LENGTH_RECOVERY = 64; + public const TOKEN_LENGTH_VERIFICATION = 256; + public const TOKEN_LENGTH_RECOVERY = 256; public const TOKEN_LENGTH_OAUTH2 = 64; public const TOKEN_LENGTH_SESSION = 256; diff --git a/tests/e2e/Services/Account/AccountCustomServerTest.php b/tests/e2e/Services/Account/AccountCustomServerTest.php index 1ffb863153..8cb8607ad0 100644 --- a/tests/e2e/Services/Account/AccountCustomServerTest.php +++ b/tests/e2e/Services/Account/AccountCustomServerTest.php @@ -11,9 +11,114 @@ use Utopia\Database\Helpers\ID; class AccountCustomServerTest extends Scope { + use AccountBase; use ProjectCustom; use SideServer; + /** + * @depends testCreateAccount + */ + public function testCreateAccountSession($data): array + { + $email = $data['email'] ?? ''; + $password = $data['password'] ?? ''; + + /** + * Test for SUCCESS + */ + $response = $this->client->call(Client::METHOD_POST, '/account/sessions/email', array_merge([ + 'origin' => 'http://localhost', + 'content-type' => 'application/json', + 'x-appwrite-project' => $this->getProject()['$id'], + ], $this->getHeaders()), [ + 'email' => $email, + 'password' => $password, + ]); + + $this->assertEquals(201, $response['headers']['status-code']); + $this->assertNotFalse(\DateTime::createFromFormat('Y-m-d\TH:i:s.uP', $response['body']['expire'])); + + $sessionId = $response['body']['$id']; + $session = $response['body']['secret']; + $userId = $response['body']['userId']; + + $response = $this->client->call(Client::METHOD_GET, '/users/' . $userId, array_merge([ + 'origin' => 'http://localhost', + 'content-type' => 'application/json', + 'x-appwrite-project' => $this->getProject()['$id'], + ], $this->getHeaders())); + + $this->assertEquals(200, $response['headers']['status-code']); + $this->assertArrayHasKey('accessedAt', $response['body']); + $this->assertNotEmpty($response['body']['accessedAt']); + + $response = $this->client->call(Client::METHOD_POST, '/account/sessions/email', array_merge([ + 'origin' => 'http://localhost', + 'content-type' => 'application/json', + 'x-appwrite-project' => $this->getProject()['$id'], + ], $this->getHeaders()), [ + 'email' => $email, + 'password' => $password, + ]); + + $this->assertEquals(201, $response['headers']['status-code']); + $this->assertNotEmpty($response['body']['secret']); + $this->assertNotFalse(\DateTime::createFromFormat('Y-m-d\TH:i:s.uP', $response['body']['expire'])); + + // already logged in + $response = $this->client->call(Client::METHOD_POST, '/account/sessions/email', array_merge([ + 'origin' => 'http://localhost', + 'content-type' => 'application/json', + 'x-appwrite-project' => $this->getProject()['$id'], + 'x-appwrite-session' => $session, + ], $this->getHeaders()), [ + 'email' => $email, + 'password' => $password, + ]); + + $this->assertEquals(201, $response['headers']['status-code']); + + /** + * Test for FAILURE + */ + $response = $this->client->call(Client::METHOD_POST, '/account/sessions/email', array_merge([ + 'origin' => 'http://localhost', + 'content-type' => 'application/json', + 'x-appwrite-project' => $this->getProject()['$id'], + ], $this->getHeaders()), [ + 'email' => $email . 'x', + 'password' => $password, + ]); + + $this->assertEquals(401, $response['headers']['status-code']); + + $response = $this->client->call(Client::METHOD_POST, '/account/sessions/email', array_merge([ + 'origin' => 'http://localhost', + 'content-type' => 'application/json', + 'x-appwrite-project' => $this->getProject()['$id'], + ], $this->getHeaders()), [ + 'email' => $email, + 'password' => $password . 'x', + ]); + + $this->assertEquals(401, $response['headers']['status-code']); + + $response = $this->client->call(Client::METHOD_POST, '/account/sessions/email', array_merge([ + 'origin' => 'http://localhost', + 'content-type' => 'application/json', + 'x-appwrite-project' => $this->getProject()['$id'], + ], $this->getHeaders()), [ + 'email' => '', + 'password' => '', + ]); + + $this->assertEquals(400, $response['headers']['status-code']); + + return array_merge($data, [ + 'sessionId' => $sessionId, + 'session' => $session, + ]); + } public function testCreateAnonymousAccount() {