From 9b54276e8c3ddf4004207c1a92801b688541428c Mon Sep 17 00:00:00 2001
From: Derf Null <derf@finalrewind.org>
Date: Mon, 26 Jun 2023 17:40:23 +0200
Subject: [PATCH] add visibility and share token test
---
t/22-visibility.t | 427 ++++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 427 insertions(+)
create mode 100644 t/22-visibility.t
diff --git a/t/22-visibility.t b/t/22-visibility.t
new file mode 100644
index 00000000..6e3fd389
--- /dev/null
+++ b/t/22-visibility.t
@@ -0,0 +1,427 @@
+#!/usr/bin/env perl
+
+# Copyright (C) 2023 Birthe Friesel <derf@finalrewind.org>
+#
+# SPDX-License-Identifier: MIT
+
+use Mojo::Base -strict;
+
+# Tests journey entry and statistics
+
+use Test::More;
+use Test::Mojo;
+
+use Crypt::Eksblowfish::Bcrypt qw(bcrypt en_base64);
+use DateTime;
+use Travel::Status::DE::IRIS::Result;
+
+# Include application
+use FindBin;
+require "$FindBin::Bin/../index.pl";
+
+my $t = Test::Mojo->new('Travelynx');
+
+if ( not $t->app->config->{db} ) {
+ plan( skip_all => 'No database configured' );
+}
+
+$t->app->pg->db->query('drop schema if exists travelynx_test_22 cascade');
+$t->app->pg->db->query('create schema travelynx_test_22');
+$t->app->pg->db->query('set search_path to travelynx_test_22');
+$t->app->pg->on(
+ connection => sub {
+ my ( $pg, $dbh ) = @_;
+ $dbh->do('set search_path to travelynx_test_22');
+ }
+);
+
+$t->app->config->{mail}->{disabled} = 1;
+
+$t->app->start( 'database', 'migrate' );
+
+my $u = $t->app->users;
+
+sub hash_password {
+ my ($password) = @_;
+ my @salt_bytes = map { int( rand(255) ) + 1 } ( 1 .. 16 );
+ my $salt = en_base64( pack( 'C[16]', @salt_bytes ) );
+
+ return bcrypt( substr( $password, 0, 10000 ), '$2a$12$' . $salt );
+}
+
+sub login {
+ my %opt = @_;
+ my $csrf_token
+ = $t->ua->get('/login')->res->dom->at('input[name=csrf_token]')
+ ->attr('value');
+ $t->post_ok(
+ '/login' => form => {
+ csrf_token => $csrf_token,
+ user => $opt{user},
+ password => $opt{password},
+ }
+ );
+ $t->status_is(302)->header_is( location => '/' );
+}
+
+sub logout {
+ my $csrf_token
+ = $t->ua->get('/account')->res->dom->at('input[name=csrf_token]')
+ ->attr('value');
+ $t->post_ok(
+ '/logout' => form => {
+ csrf_token => $csrf_token,
+ }
+ );
+ $t->status_is(302)->header_is( location => '/login' );
+}
+
+sub test_visibility {
+ my %opt = @_;
+
+ if ( $opt{set_default_visibility} ) {
+ my %p = %{ $u->get_privacy_by( uid => $opt{uid} ) };
+ $p{default_visibility} = $opt{set_default_visibility};
+ $u->set_privacy(
+ uid => $opt{uid},
+ %p
+ );
+ }
+
+ if ( $opt{set_visibility} ) {
+ $t->app->in_transit->update_visibility(
+ uid => $opt{uid},
+ visibility => $opt{set_visibility}
+ );
+ }
+
+ my $status = $t->app->get_user_status( $opt{uid} );
+ my $token
+ = $status->{sched_departure}->epoch
+ . q{?token=}
+ . $status->{dep_eva} . q{-}
+ . $status->{timestamp}->epoch % 337;
+
+ is( $status->{visibility}, $opt{visibility} );
+ is( $status->{visibility_str}, $opt{visibility_str} );
+ is( $status->{effective_visibility}, $opt{effective_visibility} );
+ is( $status->{effective_visibility_str}, $opt{effective_visibility_str} );
+
+ if ( $opt{public} ) {
+ $t->get_ok('/status/test1')->status_is(200)->content_like(qr{DPN 667});
+ }
+ else {
+ $t->get_ok('/status/test1')->status_is(200)
+ ->content_like(qr{nicht eingecheckt});
+ }
+
+ if ( $opt{with_token} ) {
+ $t->get_ok("/status/test1/$token")->status_is(200)
+ ->content_like(qr{DPN 667});
+ }
+ else {
+ $t->get_ok("/status/test1/$token")->status_is(200)
+ ->content_like(qr{nicht eingecheckt});
+ }
+
+ login(
+ user => 'test1',
+ password => 'password1'
+ );
+
+ # users can see their own status if visibility is >= followrs
+ if ( $opt{effective_visibility} >= 60 ) {
+ $t->get_ok('/status/test1')->status_is(200)->content_like(qr{DPN 667});
+ }
+ else {
+ $t->get_ok('/status/test1')->status_is(200)
+ ->content_like(qr{nicht eingecheckt});
+ }
+
+ # users can see their own status with token if visibility is >= unlisted
+ if ( $opt{effective_visibility} >= 30 ) {
+ $t->get_ok("/status/test1/$token")->status_is(200)
+ ->content_like(qr{DPN 667});
+ }
+ else {
+ $t->get_ok("/status/test1/$token")->status_is(200)
+ ->content_like(qr{nicht eingecheckt});
+ }
+
+ logout();
+ login(
+ user => 'test2',
+ password => 'password2'
+ );
+
+ # uid2 can see uid1 if visibility is >= followers
+ if ( $opt{effective_visibility} >= 60 ) {
+ $t->get_ok('/status/test1')->status_is(200)->content_like(qr{DPN 667});
+ }
+ else {
+ $t->get_ok('/status/test1')->status_is(200)
+ ->content_like(qr{nicht eingecheckt});
+ }
+
+ # uid2 can see uid1 with token if visibility is >= unlisted
+ if ( $opt{effective_visibility} >= 30 ) {
+ $t->get_ok("/status/test1/$token")->status_is(200)
+ ->content_like(qr{DPN 667});
+ }
+ else {
+ $t->get_ok("/status/test1/$token")->status_is(200)
+ ->content_like(qr{nicht eingecheckt});
+ }
+
+ logout();
+ login(
+ user => 'test3',
+ password => 'password3'
+ );
+
+ # uid3 can see uid1 if visibility is >= travelynx
+ if ( $opt{effective_visibility} >= 80 ) {
+ $t->get_ok('/status/test1')->status_is(200)->content_like(qr{DPN 667});
+ }
+ else {
+ $t->get_ok('/status/test1')->status_is(200)
+ ->content_like(qr{nicht eingecheckt});
+ }
+
+ # uid3 can see uid1 with token if visibility is >= unlisted
+ if ( $opt{effective_visibility} >= 30 ) {
+ $t->get_ok("/status/test1/$token")->status_is(200)
+ ->content_like(qr{DPN 667});
+ }
+ else {
+ $t->get_ok("/status/test1/$token")->status_is(200)
+ ->content_like(qr{nicht eingecheckt});
+ }
+
+ logout();
+}
+
+my $uid1 = $u->add(
+ name => 'test1',
+ email => 'test1@example.org',
+ token => 'abcd',
+ password_hash => hash_password('password1'),
+);
+
+my $uid2 = $u->add(
+ name => 'test2',
+ email => 'test2@example.org',
+ token => 'efgh',
+ password_hash => hash_password('password2'),
+);
+
+my $uid3 = $u->add(
+ name => 'test3',
+ email => 'test3@example.org',
+ token => 'ijkl',
+ password_hash => hash_password('password3'),
+);
+
+$u->verify_registration_token(
+ uid => $uid1,
+ token => 'abcd'
+);
+$u->verify_registration_token(
+ uid => $uid2,
+ token => 'efgh'
+);
+$u->verify_registration_token(
+ uid => $uid3,
+ token => 'ijkl'
+);
+
+$u->set_social(
+ uid => $uid1,
+ accept_follows => 1
+);
+$u->set_social(
+ uid => $uid2,
+ accept_follows => 1
+);
+$u->set_social(
+ uid => $uid3,
+ accept_follows => 1
+);
+
+$u->follow(
+ uid => $uid2,
+ target => $uid1
+);
+
+is(
+ $u->get_relation(
+ subject => $uid2,
+ object => $uid1
+ ),
+ 'follows'
+);
+is(
+ $u->get_relation(
+ subject => $uid1,
+ object => $uid2
+ ),
+ undef
+);
+
+my $dep = DateTime->now;
+my $arr = $dep->clone->add( hours => 1 );
+my $train_dep = Travel::Status::DE::IRIS::Result->new(
+ classes => 'N',
+ type => 'DPN',
+ train_no => '667',
+ raw_id => '1234-2306251312-1',
+ departure_ts => '2306251312',
+ platform => 8,
+ station => 'Aachen Hbf',
+ station_uic => 8000001,
+ route_post => 'Mainz Hbf|Aalen Hbf',
+);
+my $train_arr = Travel::Status::DE::IRIS::Result->new(
+ classes => 'N',
+ type => 'DPN',
+ train_no => '667',
+ raw_id => '1234-2306251312-3',
+ arrival_ts => '2306252000',
+ platform => 1,
+ station => 'Aalen Hbf',
+ station_uic => 8000002,
+ route_pre => 'Aachen Hbf|Mainz Hbf',
+);
+$t->app->in_transit->add(
+ uid => $uid1,
+ departure_eva => 8000001,
+ train => $train_dep,
+ route => [],
+);
+$t->app->in_transit->set_arrival_eva(
+ uid => $uid1,
+ arrival_eva => 8000002,
+);
+
+test_visibility(
+ uid => $uid1,
+ visibility => undef,
+ visibility_str => 'default',
+ effective_visibility => 30,
+ effective_visibility_str => 'unlisted',
+ public => 0,
+ with_token => 1,
+);
+
+test_visibility(
+ uid => $uid1,
+ set_default_visibility => 10,
+ visibility => undef,
+ visibility_str => 'default',
+ effective_visibility => 10,
+ effective_visibility_str => 'private',
+ public => 0,
+ with_token => 0,
+);
+
+test_visibility(
+ uid => $uid1,
+ set_default_visibility => 30,
+ visibility => undef,
+ visibility_str => 'default',
+ effective_visibility => 30,
+ effective_visibility_str => 'unlisted',
+ public => 0,
+ with_token => 1,
+);
+
+test_visibility(
+ uid => $uid1,
+ set_default_visibility => 60,
+ visibility => undef,
+ visibility_str => 'default',
+ effective_visibility => 60,
+ effective_visibility_str => 'followers',
+ public => 0,
+ with_token => 1,
+);
+
+test_visibility(
+ uid => $uid1,
+ set_default_visibility => 80,
+ visibility => undef,
+ visibility_str => 'default',
+ effective_visibility => 80,
+ effective_visibility_str => 'travelynx',
+ public => 0,
+ with_token => 1,
+);
+
+test_visibility(
+ uid => $uid1,
+ set_default_visibility => 100,
+ visibility => undef,
+ visibility_str => 'default',
+ effective_visibility => 100,
+ effective_visibility_str => 'public',
+ public => 1,
+ with_token => 1,
+);
+
+test_visibility(
+ uid => $uid1,
+ set_visibility => 'private',
+ visibility => 10,
+ visibility_str => 'private',
+ effective_visibility => 10,
+ effective_visibility_str => 'private',
+ public => 0,
+ with_token => 0,
+);
+
+test_visibility(
+ uid => $uid1,
+ set_visibility => 'unlisted',
+ visibility => 30,
+ visibility_str => 'unlisted',
+ effective_visibility => 30,
+ effective_visibility_str => 'unlisted',
+ public => 0,
+ with_token => 1,
+);
+
+test_visibility(
+ uid => $uid1,
+ set_visibility => 'followers',
+ visibility => 60,
+ visibility_str => 'followers',
+ effective_visibility => 60,
+ effective_visibility_str => 'followers',
+ public => 0,
+ with_token => 1,
+);
+
+test_visibility(
+ uid => $uid1,
+ set_visibility => 'travelynx',
+ visibility => 80,
+ visibility_str => 'travelynx',
+ effective_visibility => 80,
+ effective_visibility_str => 'travelynx',
+ public => 0,
+ with_token => 1,
+);
+
+test_visibility(
+ uid => $uid1,
+ set_visibility => 'public',
+ visibility => 100,
+ visibility_str => 'public',
+ effective_visibility => 100,
+ effective_visibility_str => 'public',
+ public => 1,
+ with_token => 1,
+);
+
+$t->app->pg->db->query('drop schema travelynx_test_22 cascade');
+done_testing();
--
GitLab