ElyBy-Mirror/accounts
1
0
Fork 0
mirror of https://github.com/elyby/accounts.git synced 2025-05-31 14:11:46 +05:30
Code Issues Packages Projects Releases Wiki Activity

Implemented account deletion. Not all cases covered with tests [skip ci]

Browse Source
This commit is contained in:
ErickSkrauch
2020-06-12 00:27:02 +03:00
parent c86817a93d
commit 0183e54442
56 changed files with 1041 additions and 188 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
api/tests/functional/LoginCest.php
View File

@@ -1,10 +1,13 @@
<?php
declare(strict_types=1);
namespace api\tests\functional;
use api\tests\_pages\AuthenticationRoute;
use api\tests\FunctionalTester;
use OTPHP\TOTP;
// TODO: very outdated tests. Need to rewrite
class LoginCest {
public function testLoginEmailOrUsername(FunctionalTester $I) {
@@ -215,4 +218,27 @@ class LoginCest {
$I->canSeeAuthCredentials(false);
}
public function testLoginIntoDeletedAccount(FunctionalTester $I) {
$route = new AuthenticationRoute($I);
$I->wantTo('login into account that marked for deleting');
$route->login('DeletedAccount', 'password_0');
$I->canSeeResponseContainsJson([
'success' => true,
]);
}
public function testLoginIntoBannedAccount(FunctionalTester $I) {
$route = new AuthenticationRoute($I);
$I->wantTo('login into banned account');
$route->login('Banned', 'password_0');
$I->canSeeResponseContainsJson([
'success' => false,
'errors' => [
'login' => 'error.account_banned',
],
]);
}
}

21
api/tests/functional/LogoutCest.php
View File

@@ -1,19 +1,28 @@
<?php
declare(strict_types=1);
namespace api\tests\functional;
use api\tests\_pages\AuthenticationRoute;
use api\tests\FunctionalTester;
use Codeception\Example;
class LogoutCest {
public function testLoginEmailOrUsername(FunctionalTester $I) {
$route = new AuthenticationRoute($I);
$I->amAuthenticated();
$route->logout();
/**
* @dataProvider getLogoutCases
*/
public function logout(FunctionalTester $I, Example $example) {
$I->amAuthenticated($example[0]);
$I->sendPOST('/api/authentication/logout');
$I->canSeeResponseContainsJson([
'success' => true,
]);
}
protected function getLogoutCases() {
yield 'active account' => ['admin'];
yield 'account that not accepted the rules' => ['Veleyaba'];
yield 'account marked for deleting' => ['DeletedAccount'];
}
}

89
api/tests/functional/accounts/DeleteCest.php Normal file
View File

@@ -0,0 +1,89 @@
<?php
declare(strict_types=1);
namespace api\tests\functional\accounts;
use api\tests\_pages\AccountsRoute;
use api\tests\FunctionalTester;
class DeleteCest {
public function deleteMyAccountWithValidPassword(FunctionalTester $I) {
$id = $I->amAuthenticated();
$I->sendDELETE("/api/v1/accounts/{$id}", [
'password' => 'password_0',
]);
$I->canSeeResponseCodeIs(200);
$I->canSeeResponseContainsJson([
'success' => true,
]);
$I->sendGET("/api/v1/accounts/{$id}");
$I->canSeeResponseCodeIs(200);
$I->canSeeResponseContainsJson([
'isDeleted' => true,
]);
}
public function deleteMyAccountWithNotAcceptedRules(FunctionalTester $I) {
$id = $I->amAuthenticated('Veleyaba');
$I->sendDELETE("/api/v1/accounts/{$id}", [
'password' => 'password_0',
]);
$I->canSeeResponseCodeIs(200);
$I->canSeeResponseContainsJson([
'success' => true,
]);
$I->sendGET("/api/v1/accounts/{$id}");
$I->canSeeResponseCodeIs(200);
$I->canSeeResponseContainsJson([
'isDeleted' => true,
'shouldAcceptRules' => true,
]);
}
public function deleteMyAccountWithInvalidPassword(FunctionalTester $I) {
$id = $I->amAuthenticated();
$I->sendDELETE("/api/v1/accounts/{$id}", [
'password' => 'invalid_password',
]);
$I->canSeeResponseCodeIs(200);
$I->canSeeResponseContainsJson([
'success' => false,
'errors' => [
'password' => 'error.password_incorrect',
],
]);
}
public function deleteAlreadyDeletedAccount(FunctionalTester $I) {
$id = $I->amAuthenticated('DeletedAccount');
$I->sendDELETE("/api/v1/accounts/{$id}", [
'password' => 'password_0',
]);
$I->canSeeResponseCodeIs(200);
$I->canSeeResponseContainsJson([
'success' => false,
'errors' => [
'account' => 'error.account_already_deleted',
],
]);
}
public function deleteNotMyAccount(FunctionalTester $I) {
$I->amAuthenticated();
$I->sendDELETE('/api/v1/accounts/2', [
'password' => 'password_0',
]);
$I->canSeeResponseCodeIs(403);
$I->canSeeResponseContainsJson([
'name' => 'Forbidden',
'message' => 'You are not allowed to perform this action.',
'code' => 0,
'status' => 403,
]);
}
}

23
api/tests/functional/accounts/GetCest.php
View File

@@ -1,4 +1,6 @@
<?php
declare(strict_types=1);
namespace api\tests\functional\accounts;
use api\tests\_pages\AccountsRoute;
@@ -6,10 +8,7 @@ use api\tests\FunctionalTester;
class GetCest {
/**
* @var AccountsRoute
*/
private $route;
private AccountsRoute $route;
public function _before(FunctionalTester $I) {
$this->route = new AccountsRoute($I);
@@ -29,6 +28,7 @@ class GetCest {
'email' => 'admin@ely.by',
'lang' => 'en',
'isActive' => true,
'isDeleted' => false,
'hasMojangUsernameCollision' => false,
'shouldAcceptRules' => false,
'elyProfileLink' => 'http://ely.by/u1',
@@ -51,6 +51,7 @@ class GetCest {
'email' => 'admin@ely.by',
'lang' => 'en',
'isActive' => true,
'isDeleted' => false,
'hasMojangUsernameCollision' => false,
'shouldAcceptRules' => false,
'elyProfileLink' => 'http://ely.by/u1',
@@ -72,6 +73,7 @@ class GetCest {
'isOtpEnabled' => false,
'lang' => 'en',
'isActive' => true,
'isDeleted' => false,
'hasMojangUsernameCollision' => false,
'shouldAcceptRules' => true,
'elyProfileLink' => 'http://ely.by/u9',
@@ -79,6 +81,19 @@ class GetCest {
$I->canSeeResponseJsonMatchesJsonPath('$.passwordChangedAt');
}
public function testGetInfoFromAccountMarkedForDeleting(FunctionalTester $I) {
// We're setting up a known expired token
$id = $I->amAuthenticated('DeletedAccount');
$I->sendGET("/api/v1/accounts/{$id}");
$I->canSeeResponseCodeIs(200);
$I->canSeeResponseContainsJson([
'id' => $id,
'isActive' => true,
'isDeleted' => true,
]);
}
public function testGetInfoWithExpiredToken(FunctionalTester $I) {
// We're setting up a known expired token
$I->amBearerAuthenticated(

51
api/tests/functional/accounts/RestoreCest.php Normal file
View File

@@ -0,0 +1,51 @@
<?php
declare(strict_types=1);
namespace api\tests\functional\accounts;
use api\tests\_pages\AccountsRoute;
use api\tests\FunctionalTester;
class RestoreCest {
public function restoreMyDeletedAccount(FunctionalTester $I) {
$id = $I->amAuthenticated('DeletedAccount');
$I->sendPOST("/api/v1/accounts/{$id}/restore");
$I->canSeeResponseCodeIs(200);
$I->canSeeResponseContainsJson([
'success' => true,
]);
$I->sendGET("/api/v1/accounts/{$id}");
$I->canSeeResponseCodeIs(200);
$I->canSeeResponseContainsJson([
'isDeleted' => false,
]);
}
public function restoreNotDeletedAccount(FunctionalTester $I) {
$id = $I->amAuthenticated();
$I->sendPOST("/api/v1/accounts/{$id}/restore");
$I->canSeeResponseCodeIs(200);
$I->canSeeResponseContainsJson([
'success' => false,
'errors' => [
'account' => 'error.account_not_deleted',
],
]);
}
public function restoreNotMyAccount(FunctionalTester $I) {
$I->amAuthenticated('DeletedAccount');
$I->sendPOST('/api/v1/accounts/1/restore');
$I->canSeeResponseCodeIs(403);
$I->canSeeResponseContainsJson([
'name' => 'Forbidden',
'message' => 'You are not allowed to perform this action.',
'code' => 0,
'status' => 403,
]);
}
}

14
api/tests/functional/authserver/AuthorizationCest.php
View File

@@ -97,6 +97,20 @@ class AuthorizationCest {
]);
}
public function deletedAccount(FunctionalTester $I) {
$I->wantTo('authenticate in account marked for deletion');
$I->sendPOST('/api/authserver/authentication/authenticate', [
'username' => 'DeletedAccount',
'password' => 'password_0',
'clientToken' => Uuid::uuid4()->toString(),
]);
$I->canSeeResponseCodeIs(401);
$I->canSeeResponseContainsJson([
'error' => 'ForbiddenOperationException',
'errorMessage' => 'Invalid credentials. Invalid nickname or password.',
]);
}
public function bannedAccount(FunctionalTester $I) {
$I->wantTo('authenticate in suspended account');
$I->sendPOST('/api/authserver/authentication/authenticate', [

13
api/tests/functional/authserver/RefreshCest.php
View File

@@ -93,6 +93,19 @@ class RefreshCest {
]);
}
public function refreshTokenFromDeletedUser(AuthserverSteps $I) {
$I->wantTo('refresh token from account marked for deletion');
$I->sendPOST('/api/authserver/authentication/refresh', [
'accessToken' => '239ba889-7020-4383-8d99-cd8c8aab4a2f',
'clientToken' => '47443658-4ff8-45e7-b33e-dc8915ab6421',
]);
$I->canSeeResponseCodeIs(401);
$I->canSeeResponseContainsJson([
'error' => 'ForbiddenOperationException',
'errorMessage' => 'Invalid token.',
]);
}
public function refreshTokenFromBannedUser(AuthserverSteps $I) {
$I->wantTo('refresh token from suspended account');
$I->sendPOST('/api/authserver/authentication/refresh', [

12
api/tests/functional/authserver/ValidateCest.php
View File

@@ -79,4 +79,16 @@ class ValidateCest {
]);
}
public function credentialsFromBannedAccount(AuthserverSteps $I) {
$I->wantTo('get error on expired legacy accessToken');
$I->sendPOST('/api/authserver/authentication/validate', [
'accessToken' => '239ba889-7020-4383-8d99-cd8c8aab4a2f',
]);
$I->canSeeResponseCodeIs(401);
$I->canSeeResponseContainsJson([
'error' => 'ForbiddenOperationException',
'errorMessage' => 'Invalid token.',
]);
}
}

7
api/tests/functional/mojang/UsernameToUuidCest.php
View File

@@ -58,6 +58,13 @@ class UsernameToUuidCest {
$I->canSeeResponseEquals('');
}
public function getUuidForDeletedAccount(FunctionalTester $I) {
$I->wantTo('get uuid for account that marked for deleting');
$this->route->usernameToUuid('DeletedAccount');
$I->canSeeResponseCodeIs(204);
$I->canSeeResponseEquals('');
}
public function nonPassedUsername(FunctionalTester $I) {
$I->wantTo('get 404 on not passed username');
$this->route->usernameToUuid('');

4
api/tests/functional/mojang/UsernamesToUuidsCest.php
View File

@@ -42,7 +42,7 @@ class UsernamesToUuidsCest {
public function getUuidsByPartialNonexistentUsernames(FunctionalTester $I) {
$I->wantTo('get uuids by few usernames and some nonexistent');
$this->route->uuidsByUsernames(['Admin', 'not-exists-user']);
$this->route->uuidsByUsernames(['Admin', 'DeletedAccount', 'not-exists-user']);
$I->canSeeResponseCodeIs(200);
$I->canSeeResponseIsJson();
$I->canSeeResponseContainsJson([
@@ -51,6 +51,8 @@ class UsernamesToUuidsCest {
'name' => 'Admin',
],
]);
$I->cantSeeResponseJsonMatchesJsonPath('$.[?(@.name="DeletedAccount")]');
$I->cantSeeResponseJsonMatchesJsonPath('$.[?(@.name="not-exists-user")]');
}
public function passAllNonexistentUsernames(FunctionalTester $I) {

7
api/tests/functional/mojang/UuidToUsernamesHistoryCest.php
View File

@@ -55,6 +55,13 @@ class UuidToUsernamesHistoryCest {
$I->canSeeResponseEquals('');
}
public function passUuidOfDeletedAccount(FunctionalTester $I) {
$I->wantTo('get username by passing uuid of the account marked for deleting');
$this->route->usernamesByUuid('6383de63-8f85-4ed5-92b7-5401a1fa68cd');
$I->canSeeResponseCodeIs(204);
$I->canSeeResponseEquals('');
}
public function passWrongUuidFormat(FunctionalTester $I) {
$I->wantTo('call profile route with invalid uuid string');
$this->route->usernamesByUuid('bla-bla-bla');

11
api/tests/functional/oauth/AuthCodeCest.php
View File

@@ -195,4 +195,15 @@ class AuthCodeCest {
$I->canSeeResponseJsonMatchesJsonPath('$.redirectUri');
}
public function finalizeByAccountMarkedForDeletion(FunctionalTester $I) {
$I->amAuthenticated('DeletedAccount');
$I->sendPOST('/api/oauth2/v1/complete?' . http_build_query([
'client_id' => 'ely',
'redirect_uri' => 'http://ely.by',
'response_type' => 'code',
'scope' => 'minecraft_server_session',
]), ['accept' => true]);
$I->canSeeResponseCodeIs(403);
}
}

13
api/tests/functional/sessionserver/JoinCest.php
View File

@@ -137,6 +137,19 @@ class JoinCest {
]);
}
public function joinByAccountMarkedForDeletion(FunctionalTester $I) {
$this->route->join([
'accessToken' => '239ba889-7020-4383-8d99-cd8c8aab4a2f',
'selectedProfile' => '6383de63-8f85-4ed5-92b7-5401a1fa68cd',
'serverId' => uuid(),
]);
$I->canSeeResponseCodeIs(401);
$I->canSeeResponseContainsJson([
'error' => 'ForbiddenOperationException',
'errorMessage' => 'Invalid credentials',
]);
}
private function expectSuccessResponse(FunctionalTester $I) {
$I->seeResponseCodeIs(200);
$I->seeResponseIsJson();

11
api/tests/functional/sessionserver/JoinLegacyCest.php
View File

@@ -106,6 +106,17 @@ class JoinLegacyCest {
$I->canSeeResponseContains('credentials can not be null.');
}
public function joinByAccountMarkedForDeletion(FunctionalTester $I) {
$I->wantTo('join to some server by legacy protocol with nil accessToken and selectedProfile');
$this->route->joinLegacy([
'sessionId' => 'token:239ba889-7020-4383-8d99-cd8c8aab4a2f:6383de63-8f85-4ed5-92b7-5401a1fa68cd',
'user' => 'DeletedAccount',
'serverId' => uuid(),
]);
$I->canSeeResponseCodeIs(401);
$I->canSeeResponseContains('Ely.by authorization required');
}
private function expectSuccessResponse(FunctionalTester $I) {
$I->seeResponseCodeIs(200);
$I->canSeeResponseEquals('OK');

11
api/tests/functional/sessionserver/ProfileCest.php
View File

@@ -58,4 +58,15 @@ class ProfileCest {
]);
}
public function getProfileOfAccountMarkedForDeletion(FunctionalTester $I) {
$this->route->profile('6383de63-8f85-4ed5-92b7-5401a1fa68cd');
$I->canSeeResponseCodeIs(401);
$I->canSeeResponseIsJson();
$I->seeResponseIsJson();
$I->canSeeResponseContainsJson([
'error' => 'ForbiddenOperationException',
'errorMessage' => 'Invalid uuid.',
]);
}
}