144 lines
4.5 KiB
PL/PgSQL
144 lines
4.5 KiB
PL/PgSQL
-- Test check_cookie
|
|
set client_min_messages to warning;
|
|
create extension if not exists pgtap;
|
|
reset client_min_messages;
|
|
|
|
begin;
|
|
|
|
select plan(23);
|
|
|
|
set search_path to auth, camper, public;
|
|
|
|
select has_function('public', 'check_cookie', array ['text', 'text']);
|
|
select function_lang_is('public', 'check_cookie', array ['text', 'text'], 'plpgsql');
|
|
select function_returns('public', 'check_cookie', array ['text', 'text'], 'name');
|
|
select is_definer('public', 'check_cookie', array ['text', 'text']);
|
|
select volatility_is('public', 'check_cookie', array ['text', 'text'], 'stable');
|
|
select function_privs_are('public', 'check_cookie', array ['text', 'text'], 'guest', array []::text[]);
|
|
select function_privs_are('public', 'check_cookie', array ['text', 'text'], 'employee', array []::text[]);
|
|
select function_privs_are('public', 'check_cookie', array ['text', 'text'], 'admin', array []::text[]);
|
|
select function_privs_are('public', 'check_cookie', array ['text', 'text'], 'authenticator', array ['EXECUTE']);
|
|
|
|
set client_min_messages to warning;
|
|
truncate company_host cascade;
|
|
truncate company_user cascade;
|
|
truncate company cascade;
|
|
truncate auth."user" cascade;
|
|
reset client_min_messages;
|
|
|
|
insert into auth."user" (user_id, email, name, password, cookie, cookie_expires_at)
|
|
values (1, 'demo@tandem.blog', 'Demo', 'test', '44facbb30d8a419dfd4bfbc44a4b5539d4970148dfc84bed0e', current_timestamp + interval '1 month')
|
|
, (9, 'admin@tandem.blog', 'Demo', 'test', '12af4c88b528c2ad4222e3740496ecbc58e76e26f087657524', current_timestamp + interval '1 month')
|
|
;
|
|
|
|
insert into company (company_id, business_name, vatin, trade_name, phone, email, web, address, city, province, postal_code, rtc_number, tourist_tax, tourist_tax_max_days, country_code, currency_code, default_lang_tag)
|
|
values (2, 'Company 2', 'XX123', '', '555-555-555', 'a@a', '', '', '', '', '', '', 60, 7, 'ES', 'EUR', 'ca')
|
|
, (4, 'Company 4', 'XX234', '', '666-666-666', 'b@b', '', '', '', '', '', '', 60, 7, 'FR', 'USD', 'es')
|
|
;
|
|
|
|
insert into company_user (company_id, user_id, role)
|
|
values (2, 1, 'employee')
|
|
, (4, 9, 'admin')
|
|
;
|
|
|
|
insert into company_host (company_id, host)
|
|
values (2, 'co2')
|
|
, (4, 'co4')
|
|
;
|
|
|
|
prepare user_info as
|
|
select current_user_email(), current_user_cookie(), current_company_id();
|
|
|
|
select is(
|
|
check_cookie('44facbb30d8a419dfd4bfbc44a4b5539d4970148dfc84bed0e/demo@tandem.blog', 'co2'),
|
|
'employee'::name,
|
|
'Should validate the cookie for the first user'
|
|
);
|
|
|
|
select results_eq(
|
|
'user_info',
|
|
$$ values ('demo@tandem.blog', '44facbb30d8a419dfd4bfbc44a4b5539d4970148dfc84bed0e', 2) $$,
|
|
'Should have updated the settings with the user info'
|
|
);
|
|
|
|
select is(
|
|
check_cookie('12af4c88b528c2ad4222e3740496ecbc58e76e26f087657524/admin@tandem.blog', 'co4'),
|
|
'admin'::name,
|
|
'Should validate the cookie for the second user'
|
|
);
|
|
|
|
select results_eq(
|
|
'user_info',
|
|
$$ values ('admin@tandem.blog', '12af4c88b528c2ad4222e3740496ecbc58e76e26f087657524', 4) $$,
|
|
'Should have updated the settings with the other user info'
|
|
);
|
|
|
|
select is(
|
|
check_cookie('44facbb30d8a419dfd4bfbc44a4b5539d4970148dfc84bed0e/admin@tandem.blog', 'co2'),
|
|
'guest'::name,
|
|
'Should only match with the correct email'
|
|
);
|
|
|
|
select results_eq(
|
|
'user_info',
|
|
$$ values ('', '', 0) $$,
|
|
'Should have updated the settings with a guest user'
|
|
);
|
|
|
|
select is(
|
|
check_cookie('aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/admin@tandem.blog', 'co2'),
|
|
'guest'::name,
|
|
'Should only match with the correct cookie value'
|
|
);
|
|
|
|
select results_eq(
|
|
'user_info',
|
|
$$ values ('', '', 0) $$,
|
|
'Should have left the settings with a guest user'
|
|
);
|
|
|
|
select is(
|
|
check_cookie('44facbb30d8a419dfd4bfbc44a4b5539d4970148dfc84bed0e/demo@tandem.blog', 'co4'),
|
|
'guest'::name,
|
|
'Should not allow cookies for a different company'
|
|
);
|
|
|
|
select results_eq(
|
|
'user_info',
|
|
$$ values ('', '', 0) $$,
|
|
'Should have left the settings with a guest user'
|
|
);
|
|
|
|
update "user"
|
|
set cookie_expires_at = current_timestamp - interval '1 minute';
|
|
|
|
select is(
|
|
check_cookie('44facbb30d8a419dfd4bfbc44a4b5539d4970148dfc84bed0e/demo@tandem.blog', 'co2'),
|
|
'guest'::name,
|
|
'Should not allow expired cookies'
|
|
);
|
|
|
|
select results_eq(
|
|
'user_info',
|
|
$$ values ('', '', 0) $$,
|
|
'Should have left the settings with a guest user'
|
|
);
|
|
|
|
select is(
|
|
check_cookie('12af4c88b528c2ad4222e3740496ecbc58e76e26f087657524/admin@tandem.blog', 'co4'),
|
|
'guest'::name,
|
|
'Should not allow expired cookied for the other user as well'
|
|
);
|
|
|
|
select results_eq(
|
|
'user_info',
|
|
$$ values ('', '', 0) $$,
|
|
'Should have left the settings with a guest user'
|
|
);
|
|
|
|
|
|
select *
|
|
from finish();
|
|
|
|
rollback;
|