From 110a051a4ecac791e5dd9f805a3e153c967c9fb8 Mon Sep 17 00:00:00 2001 From: Tom Bloor Date: Tue, 18 Apr 2017 23:43:49 +0100 Subject: [PATCH] Fixed upload test and controller after updates to session key usage --- lib/Pear/LocalLoop/Controller/Api/Auth.pm | 11 +++++- lib/Pear/LocalLoop/Controller/Api/Upload.pm | 2 +- t/upload.t | 44 +++++++++++++++------ 3 files changed, 42 insertions(+), 15 deletions(-) diff --git a/lib/Pear/LocalLoop/Controller/Api/Auth.pm b/lib/Pear/LocalLoop/Controller/Api/Auth.pm index 302a169..59f3fe5 100644 --- a/lib/Pear/LocalLoop/Controller/Api/Auth.pm +++ b/lib/Pear/LocalLoop/Controller/Api/Auth.pm @@ -1,7 +1,7 @@ package Pear::LocalLoop::Controller::Api::Auth; use Mojo::Base 'Mojolicious::Controller'; use Data::Dumper; -use Mojo::JSON; +use Mojo::JSON qw/ decode_json /; has error_messages => sub { return { @@ -20,6 +20,15 @@ sub auth { my $session_key = $c->req->json( '/session_key' ); + unless ( defined $session_key ) { + # Upload doesnt quite use json correctly.... + my $json = $c->param('json'); + if ( defined $json ) { + $json = decode_json( $json ); + $session_key = $json->{session_key}; + } + } + my $session_result = $c->schema->resultset('SessionToken')->find({ sessiontokenname => $session_key }); if ( defined $session_result ) { diff --git a/lib/Pear/LocalLoop/Controller/Api/Upload.pm b/lib/Pear/LocalLoop/Controller/Api/Upload.pm index 18a096f..e124a83 100644 --- a/lib/Pear/LocalLoop/Controller/Api/Upload.pm +++ b/lib/Pear/LocalLoop/Controller/Api/Upload.pm @@ -38,7 +38,7 @@ The name of an organisation. Used when transactionAdditionType is 3. sub post_upload { my $self = shift; - my $userId = $self->get_active_user_id(); + my $userId = $self->stash->{api_user}->id; my $json = $self->param('json'); if ( ! defined $json ) { diff --git a/t/upload.t b/t/upload.t index 7e6ec28..9d3b522 100644 --- a/t/upload.t +++ b/t/upload.t @@ -107,20 +107,21 @@ $testJson = { $t->post_ok('/api/login' => json => $testJson) ->status_is(200) ->json_is('/success', Mojo::JSON->true); - +my $session_key = $t->tx->res->json('/session_key'); print "test 5 - JSON missing\n"; my $upload = {file2 => {file => './t/test.jpg'}}; $t->post_ok('/api/upload' => form => $upload ) - ->status_is(400) + ->status_is(401) ->json_is('/success', Mojo::JSON->false) - ->content_like(qr/JSON is missing/i); + ->json_like('/message', qr/Invalid Session/); #TODO Check for malformed JSON. print "test 6 - microCurrencyValue missing\n"; my $json = { transactionAdditionType => 1, - addValidatedId => $companyIdNumShinra + addValidatedId => $companyIdNumShinra, + session_key => $session_key, }; my $upload = {json => Mojo::JSON::encode_json($json), file2 => {file => './t/test.jpg'}}; $t->post_ok('/api/upload' => form => $upload ) @@ -132,7 +133,8 @@ print "test 7 - microCurrencyValue non-numbers\n"; my $json = { microCurrencyValue => 'Abc', transactionAdditionType => 1, - addValidatedId => $companyIdNumShinra + addValidatedId => $companyIdNumShinra, + session_key => $session_key, }; my $upload = {json => Mojo::JSON::encode_json($json), file2 => {file => './t/test.jpg'}}; $t->post_ok('/api/upload' => form => $upload ) @@ -144,7 +146,8 @@ print "test 8 - microCurrencyValue equal to zero\n"; my $json = { microCurrencyValue => 0, transactionAdditionType => 1, - addValidatedId => $companyIdNumShinra + addValidatedId => $companyIdNumShinra, + session_key => $session_key, }; my $upload = {json => Mojo::JSON::encode_json($json), file2 => {file => './t/test.jpg'}}; $t->post_ok('/api/upload' => form => $upload ) @@ -156,7 +159,8 @@ print "test 9 - microCurrencyValue less than zero\n"; my $json = { microCurrencyValue => -1, transactionAdditionType => 1, - addValidatedId => $companyIdNumShinra + addValidatedId => $companyIdNumShinra, + session_key => $session_key, }; my $upload = {json => Mojo::JSON::encode_json($json), file2 => {file => './t/test.jpg'}}; $t->post_ok('/api/upload' => form => $upload ) @@ -167,6 +171,7 @@ $t->post_ok('/api/upload' => form => $upload ) print "test 10 - transactionAdditionType missing\n"; $json = { microCurrencyValue => 10, + session_key => $session_key, }; my $upload = {json => Mojo::JSON::encode_json($json), file2 => {file => './t/test.jpg'}}; $t->post_ok('/api/upload' => form => $upload ) @@ -178,6 +183,7 @@ print "test 11 - transactionAdditionType invalid.\n"; $json = { microCurrencyValue => 10, transactionAdditionType => 4, + session_key => $session_key, # addValidatedId => $companyIdNumShinra }; my $upload = {json => Mojo::JSON::encode_json($json), file2 => {file => './t/test.jpg'}}; @@ -191,6 +197,7 @@ $json = { microCurrencyValue => 10, transactionAdditionType => 1, addValidatedId => 1, + session_key => $session_key, }; my $upload = {json => Mojo::JSON::encode_json($json)}; $t->post_ok('/api/upload' => form => $upload ) @@ -202,6 +209,7 @@ print "test 13 - addValidatedId missing (type 1: already validated)\n"; $json = { microCurrencyValue => 10, transactionAdditionType => 1, + session_key => $session_key, # addValidatedId => $companyIdNumShinra }; my $upload = {json => Mojo::JSON::encode_json($json), file2 => {file => './t/test.jpg'}}; @@ -214,7 +222,8 @@ print "test 14 - addValidatedId for non-existent id. (type 1: already validated) $json = { microCurrencyValue => 10, transactionAdditionType => 1, - addValidatedId => ($companyIdNumShinra + 100) + addValidatedId => ($companyIdNumShinra + 100), + session_key => $session_key, }; my $upload = {json => Mojo::JSON::encode_json($json), file2 => {file => './t/test.jpg'}}; $t->post_ok('/api/upload' => form => $upload ) @@ -228,6 +237,7 @@ $json = { microCurrencyValue => 10, transactionAdditionType => 1, addValidatedId => $companyIdNumShinra, + session_key => $session_key, }; my $upload = {json => Mojo::JSON::encode_json($json), file2 => {file => './t/test.jpg'}}; $t->post_ok('/api/upload' => form => $upload ) @@ -244,7 +254,8 @@ $json = { transactionAdditionType => 3, streetName => "Slums, Sector 7", town => "Midgar", - postcode => "E1 MS07" + postcode => "E1 MS07", + session_key => $session_key, }; my $upload = {json => Mojo::JSON::encode_json($json), file2 => {file => './t/test.jpg'}}; $t->post_ok('/api/upload' => form => $upload ) @@ -262,7 +273,8 @@ $json = { organisationName => '7th Heaven', streetName => "Slums, Sector 7", town => "Midgar", - postcode => "E1 MS07" + postcode => "E1 MS07", + session_key => $session_key, }; my $upload = {json => Mojo::JSON::encode_json($json), file2 => {file => './t/test.jpg'}}; $t->post_ok('/api/upload' => form => $upload ) @@ -281,6 +293,7 @@ print "test 18 - addUnvalidatedId missing (type 2: existing organisation)\n"; $json = { microCurrencyValue => 10, transactionAdditionType => 2, + session_key => $session_key, }; my $upload = {json => Mojo::JSON::encode_json($json), file2 => {file => './t/test.jpg'}}; $t->post_ok('/api/upload' => form => $upload ) @@ -293,6 +306,7 @@ $json = { microCurrencyValue => 10, transactionAdditionType => 2, addUnvalidatedId => "Abc", + session_key => $session_key, }; my $upload = {json => Mojo::JSON::encode_json($json), file2 => {file => './t/test.jpg'}}; $t->post_ok('/api/upload' => form => $upload ) @@ -305,6 +319,7 @@ $json = { microCurrencyValue => 10, transactionAdditionType => 2, addUnvalidatedId => 1000, #Id that does not exist + session_key => $session_key, }; my $upload = {json => Mojo::JSON::encode_json($json), file2 => {file => './t/test.jpg'}}; $t->post_ok('/api/upload' => form => $upload ) @@ -331,7 +346,7 @@ $testJson = { $t->post_ok('/api/login' => json => $testJson) ->status_is(200) ->json_is('/success', Mojo::JSON->true); - +$session_key = $t->tx->res->json('/session_key'); print "test 23 - add valid transaction but for with account (type 2: existing organisation)\n"; is @{$t->app->db->selectrow_arrayref("SELECT COUNT(*) FROM PendingTransactions")}[0],1,"1 pending transaction"; @@ -339,6 +354,7 @@ $json = { microCurrencyValue => 10, transactionAdditionType => 2, addUnvalidatedId => $unvalidatedOrganisationId, + session_key => $session_key, }; my $upload = {json => Mojo::JSON::encode_json($json), file2 => {file => './t/test.jpg'}}; $t->post_ok('/api/upload' => form => $upload ) @@ -366,7 +382,7 @@ $testJson = { $t->post_ok('/api/login' => json => $testJson) ->status_is(200) ->json_is('/success', Mojo::JSON->true); - +$session_key = $t->tx->res->json('/session_key'); print "test 26 - add valid transaction (type 2: existing organisation)\n"; is @{$t->app->db->selectrow_arrayref("SELECT COUNT(*) FROM PendingTransactions")}[0],1,"1 pending transaction"; @@ -374,6 +390,7 @@ $json = { microCurrencyValue => 10, transactionAdditionType => 2, addUnvalidatedId => $unvalidatedOrganisationId, + session_key => $session_key, }; my $upload = {json => Mojo::JSON::encode_json($json), file2 => {file => './t/test.jpg'}}; $t->post_ok('/api/upload' => form => $upload ) @@ -402,7 +419,7 @@ $testJson = { $t->post_ok('/api/login' => json => $testJson) ->status_is(200) ->json_is('/success', Mojo::JSON->true); - +$session_key = $t->tx->res->json('/session_key'); print "test 29 - organisation buy from another organisation\n"; is @{$t->app->db->selectrow_arrayref("SELECT COUNT(*) FROM Transactions")}[0],1,"1 transaction"; @@ -410,6 +427,7 @@ $json = { microCurrencyValue => 100000, transactionAdditionType => 1, addValidatedId => $companyIdNumShinra, + session_key => $session_key, }; my $upload = {json => Mojo::JSON::encode_json($json), file2 => {file => './t/test.jpg'}}; $t->post_ok('/api/upload' => form => $upload )