From 110a051a4ecac791e5dd9f805a3e153c967c9fb8 Mon Sep 17 00:00:00 2001
From: Tom Bloor <tom.bloor@googlemail.com>
Date: Tue, 18 Apr 2017 23:43:49 +0100
Subject: [PATCH] Fixed upload test and controller after updates to session key
 usage

---
 lib/Pear/LocalLoop/Controller/Api/Auth.pm   | 11 +++++-
 lib/Pear/LocalLoop/Controller/Api/Upload.pm |  2 +-
 t/upload.t                                  | 44 +++++++++++++++------
 3 files changed, 42 insertions(+), 15 deletions(-)

diff --git a/lib/Pear/LocalLoop/Controller/Api/Auth.pm b/lib/Pear/LocalLoop/Controller/Api/Auth.pm
index 302a169..59f3fe5 100644
--- a/lib/Pear/LocalLoop/Controller/Api/Auth.pm
+++ b/lib/Pear/LocalLoop/Controller/Api/Auth.pm
@@ -1,7 +1,7 @@
 package Pear::LocalLoop::Controller::Api::Auth;
 use Mojo::Base 'Mojolicious::Controller';
 use Data::Dumper;
-use Mojo::JSON;
+use Mojo::JSON qw/ decode_json /;
 
 has error_messages => sub {
   return {
@@ -20,6 +20,15 @@ sub auth {
 
   my $session_key = $c->req->json( '/session_key' );
 
+  unless ( defined $session_key ) {
+    # Upload doesnt quite use json correctly....
+    my $json = $c->param('json');
+    if ( defined $json ) {
+      $json = decode_json( $json );
+      $session_key = $json->{session_key};
+    }
+  }
+
   my $session_result = $c->schema->resultset('SessionToken')->find({ sessiontokenname => $session_key });
 
   if ( defined $session_result ) {
diff --git a/lib/Pear/LocalLoop/Controller/Api/Upload.pm b/lib/Pear/LocalLoop/Controller/Api/Upload.pm
index 18a096f..e124a83 100644
--- a/lib/Pear/LocalLoop/Controller/Api/Upload.pm
+++ b/lib/Pear/LocalLoop/Controller/Api/Upload.pm
@@ -38,7 +38,7 @@ The name of an organisation. Used when transactionAdditionType is 3.
 sub post_upload {
   my $self = shift;
 
-  my $userId = $self->get_active_user_id();
+  my $userId = $self->stash->{api_user}->id;
 
   my $json = $self->param('json');
   if ( ! defined $json ) {
diff --git a/t/upload.t b/t/upload.t
index 7e6ec28..9d3b522 100644
--- a/t/upload.t
+++ b/t/upload.t
@@ -107,20 +107,21 @@ $testJson = {
 $t->post_ok('/api/login' => json => $testJson)
   ->status_is(200)
   ->json_is('/success', Mojo::JSON->true);
-
+my $session_key = $t->tx->res->json('/session_key');
 print "test 5 - JSON missing\n";
 my $upload = {file2 => {file => './t/test.jpg'}};
 $t->post_ok('/api/upload' => form => $upload )
-  ->status_is(400)
+  ->status_is(401)
   ->json_is('/success', Mojo::JSON->false)
-  ->content_like(qr/JSON is missing/i); 
+  ->json_like('/message', qr/Invalid Session/);
 
 #TODO Check for malformed JSON.
 
 print "test 6 - microCurrencyValue missing\n";
 my $json = {
   transactionAdditionType => 1,
-  addValidatedId => $companyIdNumShinra
+  addValidatedId => $companyIdNumShinra,
+  session_key => $session_key,
 };
 my $upload = {json => Mojo::JSON::encode_json($json), file2 => {file => './t/test.jpg'}};
 $t->post_ok('/api/upload' => form => $upload )
@@ -132,7 +133,8 @@ print "test 7 - microCurrencyValue non-numbers\n";
 my $json = {
   microCurrencyValue => 'Abc',
   transactionAdditionType => 1,
-  addValidatedId => $companyIdNumShinra
+  addValidatedId => $companyIdNumShinra,
+  session_key => $session_key,
 };
 my $upload = {json => Mojo::JSON::encode_json($json), file2 => {file => './t/test.jpg'}};
 $t->post_ok('/api/upload' => form => $upload )
@@ -144,7 +146,8 @@ print "test 8 - microCurrencyValue equal to zero\n";
 my $json = {
   microCurrencyValue => 0,
   transactionAdditionType => 1,
-  addValidatedId => $companyIdNumShinra
+  addValidatedId => $companyIdNumShinra,
+  session_key => $session_key,
 };
 my $upload = {json => Mojo::JSON::encode_json($json), file2 => {file => './t/test.jpg'}};
 $t->post_ok('/api/upload' => form => $upload )
@@ -156,7 +159,8 @@ print "test 9 - microCurrencyValue less than zero\n";
 my $json = {
   microCurrencyValue => -1,
   transactionAdditionType => 1,
-  addValidatedId => $companyIdNumShinra
+  addValidatedId => $companyIdNumShinra,
+  session_key => $session_key,
 };
 my $upload = {json => Mojo::JSON::encode_json($json), file2 => {file => './t/test.jpg'}};
 $t->post_ok('/api/upload' => form => $upload )
@@ -167,6 +171,7 @@ $t->post_ok('/api/upload' => form => $upload )
 print "test 10 - transactionAdditionType missing\n";
 $json = {
   microCurrencyValue => 10,
+  session_key => $session_key,
 };
 my $upload = {json => Mojo::JSON::encode_json($json), file2 => {file => './t/test.jpg'}};
 $t->post_ok('/api/upload' => form => $upload )
@@ -178,6 +183,7 @@ print "test 11 - transactionAdditionType invalid.\n";
 $json = {
   microCurrencyValue => 10,
   transactionAdditionType => 4,
+  session_key => $session_key,
 #  addValidatedId => $companyIdNumShinra
 };
 my $upload = {json => Mojo::JSON::encode_json($json), file2 => {file => './t/test.jpg'}};
@@ -191,6 +197,7 @@ $json = {
   microCurrencyValue => 10,
   transactionAdditionType => 1,
   addValidatedId => 1,
+  session_key => $session_key,
 };
 my $upload = {json => Mojo::JSON::encode_json($json)};
 $t->post_ok('/api/upload' => form => $upload )
@@ -202,6 +209,7 @@ print "test 13 - addValidatedId missing (type 1: already validated)\n";
 $json = {
   microCurrencyValue => 10,
   transactionAdditionType => 1,
+  session_key => $session_key,
 #  addValidatedId => $companyIdNumShinra
 };
 my $upload = {json => Mojo::JSON::encode_json($json), file2 => {file => './t/test.jpg'}};
@@ -214,7 +222,8 @@ print "test 14 - addValidatedId for non-existent id. (type 1: already validated)
 $json = {
   microCurrencyValue => 10,
   transactionAdditionType => 1,
-  addValidatedId => ($companyIdNumShinra + 100)
+  addValidatedId => ($companyIdNumShinra + 100),
+  session_key => $session_key,
 };
 my $upload = {json => Mojo::JSON::encode_json($json), file2 => {file => './t/test.jpg'}};
 $t->post_ok('/api/upload' => form => $upload )
@@ -228,6 +237,7 @@ $json = {
   microCurrencyValue => 10,
   transactionAdditionType => 1,
   addValidatedId => $companyIdNumShinra,
+  session_key => $session_key,
 };
 my $upload = {json => Mojo::JSON::encode_json($json), file2 => {file => './t/test.jpg'}};
 $t->post_ok('/api/upload' => form => $upload )
@@ -244,7 +254,8 @@ $json = {
   transactionAdditionType => 3,
   streetName => "Slums, Sector 7",
   town => "Midgar",
-  postcode => "E1 MS07"
+  postcode => "E1 MS07",
+  session_key => $session_key,
 };
 my $upload = {json => Mojo::JSON::encode_json($json), file2 => {file => './t/test.jpg'}};
 $t->post_ok('/api/upload' => form => $upload )
@@ -262,7 +273,8 @@ $json = {
   organisationName => '7th Heaven',
   streetName => "Slums, Sector 7",
   town => "Midgar",
-  postcode => "E1 MS07"
+  postcode => "E1 MS07",
+  session_key => $session_key,
 };
 my $upload = {json => Mojo::JSON::encode_json($json), file2 => {file => './t/test.jpg'}};
 $t->post_ok('/api/upload' => form => $upload )
@@ -281,6 +293,7 @@ print "test 18 - addUnvalidatedId missing (type 2: existing organisation)\n";
 $json = {
   microCurrencyValue => 10,
   transactionAdditionType => 2,
+  session_key => $session_key,
 };
 my $upload = {json => Mojo::JSON::encode_json($json), file2 => {file => './t/test.jpg'}};
 $t->post_ok('/api/upload' => form => $upload )
@@ -293,6 +306,7 @@ $json = {
   microCurrencyValue => 10,
   transactionAdditionType => 2,
   addUnvalidatedId => "Abc",
+  session_key => $session_key,
 };
 my $upload = {json => Mojo::JSON::encode_json($json), file2 => {file => './t/test.jpg'}};
 $t->post_ok('/api/upload' => form => $upload )
@@ -305,6 +319,7 @@ $json = {
   microCurrencyValue => 10,
   transactionAdditionType => 2,
   addUnvalidatedId => 1000, #Id that does not exist
+  session_key => $session_key,
 };
 my $upload = {json => Mojo::JSON::encode_json($json), file2 => {file => './t/test.jpg'}};
 $t->post_ok('/api/upload' => form => $upload )
@@ -331,7 +346,7 @@ $testJson = {
 $t->post_ok('/api/login' => json => $testJson)
   ->status_is(200)
   ->json_is('/success', Mojo::JSON->true);
-
+$session_key = $t->tx->res->json('/session_key');
 
 print "test 23 - add valid transaction but for with account (type 2: existing organisation)\n";
 is @{$t->app->db->selectrow_arrayref("SELECT COUNT(*) FROM PendingTransactions")}[0],1,"1 pending transaction";
@@ -339,6 +354,7 @@ $json = {
   microCurrencyValue => 10,
   transactionAdditionType => 2,
   addUnvalidatedId => $unvalidatedOrganisationId,
+  session_key => $session_key,
 };
 my $upload = {json => Mojo::JSON::encode_json($json), file2 => {file => './t/test.jpg'}};
 $t->post_ok('/api/upload' => form => $upload )
@@ -366,7 +382,7 @@ $testJson = {
 $t->post_ok('/api/login' => json => $testJson)
   ->status_is(200)
   ->json_is('/success', Mojo::JSON->true);
-
+$session_key = $t->tx->res->json('/session_key');
 
 print "test 26 - add valid transaction (type 2: existing organisation)\n";
 is @{$t->app->db->selectrow_arrayref("SELECT COUNT(*) FROM PendingTransactions")}[0],1,"1 pending transaction";
@@ -374,6 +390,7 @@ $json = {
   microCurrencyValue => 10,
   transactionAdditionType => 2,
   addUnvalidatedId => $unvalidatedOrganisationId,
+  session_key => $session_key,
 };
 my $upload = {json => Mojo::JSON::encode_json($json), file2 => {file => './t/test.jpg'}};
 $t->post_ok('/api/upload' => form => $upload )
@@ -402,7 +419,7 @@ $testJson = {
 $t->post_ok('/api/login' => json => $testJson)
   ->status_is(200)
   ->json_is('/success', Mojo::JSON->true);
-
+$session_key = $t->tx->res->json('/session_key');
 
 print "test 29 - organisation buy from another organisation\n";
 is @{$t->app->db->selectrow_arrayref("SELECT COUNT(*) FROM Transactions")}[0],1,"1 transaction";
@@ -410,6 +427,7 @@ $json = {
   microCurrencyValue => 100000,
   transactionAdditionType => 1,
   addValidatedId => $companyIdNumShinra,
+  session_key => $session_key,
 };
 my $upload = {json => Mojo::JSON::encode_json($json), file2 => {file => './t/test.jpg'}};
 $t->post_ok('/api/upload' => form => $upload )