camper/test/change_password.sql

-- Test change_password
set client_min_messages to warning;
create extension if not exists pgtap;
reset client_min_messages;

begin;

select plan(14);

set search_path to camper, auth, public;

select has_function('camper', 'change_password', array ['text']);
select function_lang_is('camper', 'change_password', array ['text'], 'sql');
select function_returns('camper', 'change_password', array ['text'], 'void');
select is_definer('camper', 'change_password', array ['text']);
select volatility_is('camper', 'change_password', array ['text'], 'volatile');
select function_privs_are('camper', 'change_password', array ['text'], 'guest', array []::text[]);
select function_privs_are('camper', 'change_password', array ['text'], 'employee', array ['EXECUTE']);
select function_privs_are('camper', 'change_password', array ['text'], 'admin', array ['EXECUTE']);
select function_privs_are('camper', 'change_password', array ['text'], 'authenticator', array []::text[]);

set client_min_messages to warning;
truncate company_host cascade;
truncate company_user cascade;
truncate company cascade;
truncate auth."user" cascade;
reset client_min_messages;

insert into auth."user" (user_id, email, name, password, cookie, cookie_expires_at)
values (1, 'demo@tandem.blog', 'Demo', 'test', '44facbb30d8a419dfd4bfbc44a4b5539d4970148dfc84bed0e', current_timestamp + interval '1 month')
     , (9, 'admin@tandem.blog', 'Demo', 'test', '12af4c88b528c2ad4222e3740496ecbc58e76e26f087657524', current_timestamp + interval '1 month')
;

insert into company (company_id, business_name, vatin, trade_name, phone, email, web, address, city, province, postal_code, rtc_number, tourist_tax, tourist_tax_max_days, country_code, currency_code, default_lang_tag)
values (2, 'Company 2', 'XX123', '', '555-555-555', 'a@a', '', '', '', '', '', '', 60, 7, 'ES', 'EUR', 'ca')
;

insert into company_user (company_id, user_id, role)
values (2, 1, 'employee')
     , (2, 9, 'admin')
;

insert into company_host (company_id, host)
values (2, 'localhost')
;

select lives_ok($$ select change_password('another') $$, 'Should run even without current user');

select isnt_empty(
	$$ select * from auth."user" where password = crypt('test', password) $$,
	'Should not have changed any password'
);

select set_cookie('44facbb30d8a419dfd4bfbc44a4b5539d4970148dfc84bed0e/demo@tandem.blog', 'localhost');

select lives_ok($$ select change_password('another') $$, 'Should run with the correct user');

reset role;

select isnt_empty(
	$$ select * from auth."user" where email = 'demo@tandem.blog' and password = crypt('another', password) $$,
	'Should have changed the password of the current user'
);

select isnt_empty(
	$$ select * from auth."user" where email = 'admin@tandem.blog' and password = crypt('test', password) $$,
	'Should not have changed any other password'
);

select *
from finish();

rollback;
Add authentication relations, views, and functions for PostgreSQL Most of them are exactly the same as we use for Numerus, but with the main application schema changed to camper. Closes #1 2023-07-21 23:59:12 +00:00			`-- Test change_password`
			`set client_min_messages to warning;`
			`create extension if not exists pgtap;`
			`reset client_min_messages;`

			`begin;`

			`select plan(14);`

			`set search_path to camper, auth, public;`

			`select has_function('camper', 'change_password', array ['text']);`
			`select function_lang_is('camper', 'change_password', array ['text'], 'sql');`
			`select function_returns('camper', 'change_password', array ['text'], 'void');`
			`select is_definer('camper', 'change_password', array ['text']);`
			`select volatility_is('camper', 'change_password', array ['text'], 'volatile');`
			`select function_privs_are('camper', 'change_password', array ['text'], 'guest', array []::text[]);`
			`select function_privs_are('camper', 'change_password', array ['text'], 'employee', array ['EXECUTE']);`
			`select function_privs_are('camper', 'change_password', array ['text'], 'admin', array ['EXECUTE']);`
			`select function_privs_are('camper', 'change_password', array ['text'], 'authenticator', array []::text[]);`

			`set client_min_messages to warning;`
Move the user role down to company_user relation I was starting to add the public page for campsite types, creating more granular row-level security policies for select, insert, update, and delete, because now the guest users needed to SELECT them and they have no related company to filter the rows with. Suddenly, i realized that the role was wrong in the user relation: a user can be an admin to one company, and employee to another, and guess to yet another company; the role should be in the company_user relation instead. That means that to know the role to set to, the user alone is not enough and have to know the company as well. Had to change all the cookie-related function to accept also the company’s host name, as this is the information that the Go application has. 2023-08-08 00:22:16 +00:00			`truncate company_host cascade;`
			`truncate company_user cascade;`
			`truncate company cascade;`
Add authentication relations, views, and functions for PostgreSQL Most of them are exactly the same as we use for Numerus, but with the main application schema changed to camper. Closes #1 2023-07-21 23:59:12 +00:00			`truncate auth."user" cascade;`
			`reset client_min_messages;`

Move the user role down to company_user relation I was starting to add the public page for campsite types, creating more granular row-level security policies for select, insert, update, and delete, because now the guest users needed to SELECT them and they have no related company to filter the rows with. Suddenly, i realized that the role was wrong in the user relation: a user can be an admin to one company, and employee to another, and guess to yet another company; the role should be in the company_user relation instead. That means that to know the role to set to, the user alone is not enough and have to know the company as well. Had to change all the cookie-related function to accept also the company’s host name, as this is the information that the Go application has. 2023-08-08 00:22:16 +00:00			`insert into auth."user" (user_id, email, name, password, cookie, cookie_expires_at)`
			`values (1, 'demo@tandem.blog', 'Demo', 'test', '44facbb30d8a419dfd4bfbc44a4b5539d4970148dfc84bed0e', current_timestamp + interval '1 month')`
			`, (9, 'admin@tandem.blog', 'Demo', 'test', '12af4c88b528c2ad4222e3740496ecbc58e76e26f087657524', current_timestamp + interval '1 month')`
			`;`

Add the number of maximum nights that tourist tax applies This is required by law. I do not know why i have this value and the tax amount in the database, but the payment percent and the number of days are hardcoded. I guess i am such an inconsistent mess. 2024-02-27 18:45:47 +00:00			`insert into company (company_id, business_name, vatin, trade_name, phone, email, web, address, city, province, postal_code, rtc_number, tourist_tax, tourist_tax_max_days, country_code, currency_code, default_lang_tag)`
			`values (2, 'Company 2', 'XX123', '', '555-555-555', 'a@a', '', '', '', '', '', '', 60, 7, 'ES', 'EUR', 'ca')`
Move the user role down to company_user relation I was starting to add the public page for campsite types, creating more granular row-level security policies for select, insert, update, and delete, because now the guest users needed to SELECT them and they have no related company to filter the rows with. Suddenly, i realized that the role was wrong in the user relation: a user can be an admin to one company, and employee to another, and guess to yet another company; the role should be in the company_user relation instead. That means that to know the role to set to, the user alone is not enough and have to know the company as well. Had to change all the cookie-related function to accept also the company’s host name, as this is the information that the Go application has. 2023-08-08 00:22:16 +00:00			`;`

			`insert into company_user (company_id, user_id, role)`
			`values (2, 1, 'employee')`
			`, (2, 9, 'admin')`
			`;`

			`insert into company_host (company_id, host)`
			`values (2, 'localhost')`
Add authentication relations, views, and functions for PostgreSQL Most of them are exactly the same as we use for Numerus, but with the main application schema changed to camper. Closes #1 2023-07-21 23:59:12 +00:00			`;`

			`select lives_ok($$ select change_password('another') $$, 'Should run even without current user');`

			`select isnt_empty(`
			`$$ select * from auth."user" where password = crypt('test', password) $$,`
			`'Should not have changed any password'`
			`);`

Move the user role down to company_user relation I was starting to add the public page for campsite types, creating more granular row-level security policies for select, insert, update, and delete, because now the guest users needed to SELECT them and they have no related company to filter the rows with. Suddenly, i realized that the role was wrong in the user relation: a user can be an admin to one company, and employee to another, and guess to yet another company; the role should be in the company_user relation instead. That means that to know the role to set to, the user alone is not enough and have to know the company as well. Had to change all the cookie-related function to accept also the company’s host name, as this is the information that the Go application has. 2023-08-08 00:22:16 +00:00			`select set_cookie('44facbb30d8a419dfd4bfbc44a4b5539d4970148dfc84bed0e/demo@tandem.blog', 'localhost');`
Add authentication relations, views, and functions for PostgreSQL Most of them are exactly the same as we use for Numerus, but with the main application schema changed to camper. Closes #1 2023-07-21 23:59:12 +00:00
			`select lives_ok($$ select change_password('another') $$, 'Should run with the correct user');`

			`reset role;`

			`select isnt_empty(`
			`$$ select * from auth."user" where email = 'demo@tandem.blog' and password = crypt('another', password) $$,`
			`'Should have changed the password of the current user'`
			`);`

			`select isnt_empty(`
			`$$ select * from auth."user" where email = 'admin@tandem.blog' and password = crypt('test', password) $$,`
			`'Should not have changed any other password'`
			`);`

			`select *`
			`from finish();`

			`rollback;`