WIP

svera · Feb 12, 2024 · e5d72f9 · e5d72f9
1 parent d02ecbe
commit e5d72f9
Show file tree

Hide file tree

Showing 3 changed files with 48 additions and 20 deletions.
diff --git a/internal/webserver/upload_test.go b/internal/webserver/upload_test.go
@@ -1,7 +1,12 @@
 package webserver_test
 
 import (
+	"bytes"
+	"encoding/json"
+	"fmt"
+	"mime/multipart"
 	"net/http"
+	"net/textproto"
 	"testing"
 
 	"github.com/spf13/afero"
@@ -26,7 +31,7 @@ func TestUpload(t *testing.T) {
 		mustReturnForbiddenAndShowLogin(response, t)
 	})
 
-	t.Run("Try to add a user with an admin active session", func(t *testing.T) {
+	t.Run("Try to access upload page with an admin active session", func(t *testing.T) {
 		response, err := getRequest(adminCookie, app, "/en/upload")
 		if response == nil {
 			t.Fatalf("Unexpected error: %v", err.Error())
@@ -35,4 +40,21 @@ func TestUpload(t *testing.T) {
 			t.Errorf("Expected status %d, got %d", expectedStatus, response.StatusCode)
 		}
 	})
+
+	t.Run("Returns 400 for file content-type not allowed", func(t *testing.T) {
+		jsonD, err := json.Marshal(struct{ TestField string }{TestField: "test"})
+		if err != nil {
+			t.Fatalf("Unexpected error: %v", err.Error())
+		}
+		body := new(bytes.Buffer)
+		writer := multipart.NewWriter(body)
+		writer.WriteField("payload", string(jsonD))
+		// Create the file part with an unsupported content-type
+		h := make(textproto.MIMEHeader)
+		h.Set("Content-Disposition", fmt.Sprintf(`form-data; name="%s"; filename="%s"`, EscapeQuotes("filename"), EscapeQuotes("file.txt")))
+		h.Set("Content-Type", "application/octet-stream")
+		part, _ := writer.CreatePart(h)
+		part.Write([]byte(`sample`))
+		writer.Close()
+	})
 }
diff --git a/internal/webserver/user_management_test.go b/internal/webserver/user_management_test.go
@@ -281,25 +281,6 @@ func mustRedirectToUsersList(response *http.Response, t *testing.T) {
 	}
 }
 
-func mustReturnForbiddenAndShowLogin(response *http.Response, t *testing.T) {
-	if response.StatusCode != http.StatusForbidden {
-		t.Errorf("Expected status %d, received %d", http.StatusForbidden, response.StatusCode)
-		return
-	}
-
-	doc, err := goquery.NewDocumentFromReader(response.Body)
-	if err != nil {
-		t.Fatal(err)
-	}
-	selection, err := doc.Find("head title").First().Html()
-	if err != nil {
-		t.Fatal(err)
-	}
-	if selection != "Login" {
-		t.Errorf("Expected login page, received %s", selection)
-	}
-}
-
 func mustReturnStatus(response *http.Response, expectedStatus int, t *testing.T) {
 	if response.StatusCode != expectedStatus {
 		t.Errorf("Expected status %d, received %d", expectedStatus, response.StatusCode)

diff --git a/internal/webserver/webserver_test.go b/internal/webserver/webserver_test.go
@@ -9,6 +9,7 @@ import (
 	"testing"
 	"time"
 
+	"github.com/PuerkitoBio/goquery"
 	"github.com/blevesearch/bleve/v2"
 	"github.com/gofiber/fiber/v2"
 	"github.com/spf13/afero"
@@ -129,3 +130,27 @@ func postRequest(data url.Values, cookie *http.Cookie, app *fiber.App, URL strin
 
 	return app.Test(req)
 }
+
+func mustReturnForbiddenAndShowLogin(response *http.Response, t *testing.T) {
+	if response.StatusCode != http.StatusForbidden {
+		t.Errorf("Expected status %d, received %d", http.StatusForbidden, response.StatusCode)
+		return
+	}
+
+	doc, err := goquery.NewDocumentFromReader(response.Body)
+	if err != nil {
+		t.Fatal(err)
+	}
+	selection, err := doc.Find("head title").First().Html()
+	if err != nil {
+		t.Fatal(err)
+	}
+	if selection != "Login" {
+		t.Errorf("Expected login page, received %s", selection)
+	}
+}
+
+func EscapeQuotes(s string) string {
+	var quoteEscaper = strings.NewReplacer("\\", "\\\\", `"`, "\\\"")
+	return quoteEscaper.Replace(s)
+}