Add brig integration tests for password-less users.

Author: fisx

services/brig/test/integration/API/Team.hs

@@ -562,9 +562,9 @@ testCreateUserInternalSSO brig galley = do
     let ssoid = UserSSOId "nil" "nil"
 
     -- creating users requires both sso_id and team_id
-    postUser' False "dummy" True False (Just ssoid) Nothing brig
+    postUser' True False "dummy" True False (Just ssoid) Nothing brig
         !!! const 400 === statusCode
-    postUser' False "dummy" True False Nothing (Just teamid) brig
+    postUser' True False "dummy" True False Nothing (Just teamid) brig
         !!! const 400 === statusCode
 
     -- creating user with sso_id, team_id is ok

services/brig/test/integration/API/Team/Util.hs

@@ -151,7 +151,7 @@ deleteTeam g tid u = do
            . paths ["teams", toByteString' tid]
            . zUser u
            . zConn "conn"
-           . lbytes (encode $ Team.newTeamDeleteData Util.defPassword)
+           . lbytes (encode $ Team.newTeamDeleteData $ Just Util.defPassword)
            ) !!! const 202 === statusCode
 
 getTeams :: UserId -> Galley -> Http Team.TeamList

services/brig/test/integration/API/User/Client.hs

@@ -38,20 +38,22 @@ tests :: ConnectionLimit -> Opt.Timeout -> Maybe Opt.Opts -> Manager -> Brig ->
 tests _cl _at _conf p b c g = testGroup "client"
     [ test p "get /users/:user/prekeys - 200"         $ testGetUserPrekeys b
     , test p "get /users/:user/prekeys/:client - 200" $ testGetClientPrekey b
-    , test p "post /clients - 201"                    $ testAddGetClient b c
+    , test p "post /clients - 201 (pwd)"              $ testAddGetClient True b c
+    , test p "post /clients - 201 (no pwd)"           $ testAddGetClient False b c
     , test p "post /clients - 403"                    $ testClientReauthentication b
     , test p "get /clients - 200"                     $ testListClients b
     , test p "get /clients/:client/prekeys - 200"     $ testListPrekeyIds b
     , test p "post /clients - 400"                    $ testTooManyClients b
-    , test p "delete /clients/:client - 200"          $ testRemoveClient b c
+    , test p "delete /clients/:client - 200 (pwd)"    $ testRemoveClient True b c
+    -- , test p "delete /clients/:client - 200 (no pwd)" $ testRemoveClient False b c  -- TODO: is there an easy way with phone user?
     , test p "put /clients/:client - 200"             $ testUpdateClient b
     , test p "post /clients - 200 multiple temporary" $ testAddMultipleTemporary b g
     , test p "client/prekeys/race"                    $ testPreKeyRace b
     ]
 
-testAddGetClient :: Brig -> Cannon -> Http ()
-testAddGetClient brig cannon = do
-    uid <- userId <$> randomUser brig
+testAddGetClient :: Bool -> Brig -> Cannon -> Http ()
+testAddGetClient hasPwd brig cannon = do
+    uid <- userId <$> randomUser' hasPwd brig
     let rq = addClientReq brig uid (defNewClient TemporaryClient [somePrekeys !! 0] (someLastPrekeys !! 0))
            . header "X-Forwarded-For" "127.0.0.1" -- Fake IP to test IpAddr parsing.
     c <- WS.bracketR cannon uid $ \ws -> do
@@ -182,9 +184,12 @@ testTooManyClients brig = do
         const 403 === statusCode
         const (Just "too-many-clients") === fmap Error.label . decodeBody
 
-testRemoveClient :: Brig -> Cannon -> Http ()
-testRemoveClient brig cannon = do
-    u <- randomUser brig
+testRemoveClient :: Bool -> Brig -> Cannon -> Http ()
+testRemoveClient hasPwd brig cannon = do
+    unless hasPwd $ error
+      "not implemented: for password-less users, we need to figure out another way to login."
+
+    u <- randomUser' hasPwd brig
     let uid = userId u
     let Just email = userEmail u
 
@@ -194,12 +199,13 @@ testRemoveClient brig cannon = do
     numCookies <- countCookies brig uid defCookieLabel
     liftIO $ Just 1 @=? numCookies
     c <- decodeBody =<< addClient brig uid (client PermanentClient (someLastPrekeys !! 10))
-    -- Missing password
-    deleteClient brig uid (clientId c) Nothing !!! const 403 === statusCode
+    when hasPwd $ do
+        -- Missing password
+        deleteClient brig uid (clientId c) Nothing !!! const 403 === statusCode
 
     -- Success
     WS.bracketR cannon uid $ \ws -> do
-        deleteClient brig uid (clientId c) (Just defPassword)
+        deleteClient brig uid (clientId c) (if hasPwd then Just defPassword else Nothing)
             !!! const 200 === statusCode
         void . liftIO $ WS.assertMatch (5 # Second) ws $ \n -> do
             let j = Object $ List1.head (ntfPayload n)

services/brig/test/integration/Util.hs

@@ -90,19 +90,25 @@ test' :: AWS.Env -> Manager -> TestName -> Http a -> TestTree
 test' e m n h = testCase n $ void $ runHttpT m (liftIO (purgeJournalQueue e) >> h)
 
 randomUser :: HasCallStack => Brig -> Http User
-randomUser brig = do
+randomUser = randomUser' True
+
+randomUser' :: HasCallStack => Bool -> Brig -> Http User
+randomUser' hasPwd brig = do
     n <- fromName <$> randomName
-    createUser n brig
+    createUser' hasPwd n brig
 
 createUser :: HasCallStack => Text -> Brig -> Http User
-createUser name brig = do
-    r <- postUser name True False Nothing Nothing brig <!!
+createUser = createUser' True
+
+createUser' :: HasCallStack => Bool -> Text -> Brig -> Http User
+createUser' hasPwd name brig = do
+    r <- postUser' hasPwd True name True False Nothing Nothing brig <!!
            const 201 === statusCode
     decodeBody r
 
 createUserWithEmail :: HasCallStack => Text -> Email -> Brig -> Http User
 createUserWithEmail name email brig = do
-    r <- postUserWithEmail True name (Just email) False Nothing Nothing brig <!!
+    r <- postUserWithEmail True True name (Just email) False Nothing Nothing brig <!!
            const 201 === statusCode
     decodeBody r
 
@@ -164,32 +170,32 @@ getConnection brig from to = get $ brig
 
 -- | More flexible variant of 'createUser' (see above).
 postUser :: Text -> Bool -> Bool -> Maybe UserSSOId -> Maybe TeamId -> Brig -> Http ResponseLBS
-postUser = postUser' True
+postUser = postUser' True True
 
--- | Use @postUser' False@ instead of 'postUser' if you want to send broken bodies to test error
--- messages.
-postUser' :: Bool -> Text -> Bool -> Bool -> Maybe UserSSOId -> Maybe TeamId -> Brig -> Http ResponseLBS
-postUser' validateBody name haveEmail havePhone ssoid teamid brig = do
+-- | Use @postUser' True False@ instead of 'postUser' if you want to send broken bodies to test error
+-- messages.  Or @postUser' False True@ if you want to validate the body, but not set a password.
+postUser' :: Bool -> Bool -> Text -> Bool -> Bool -> Maybe UserSSOId -> Maybe TeamId -> Brig -> Http ResponseLBS
+postUser' hasPassword validateBody name haveEmail havePhone ssoid teamid brig = do
     email <- if haveEmail
         then Just <$> randomEmail
         else pure Nothing
-    postUserWithEmail validateBody name email havePhone ssoid teamid brig
+    postUserWithEmail hasPassword validateBody name email havePhone ssoid teamid brig
 
 -- | More flexible variant of 'createUserUntrustedEmail' (see above).
-postUserWithEmail :: Bool -> Text -> Maybe Email -> Bool -> Maybe UserSSOId -> Maybe TeamId -> Brig -> Http ResponseLBS
-postUserWithEmail validateBody name email havePhone ssoid teamid brig = do
+postUserWithEmail :: Bool -> Bool -> Text -> Maybe Email -> Bool -> Maybe UserSSOId -> Maybe TeamId -> Brig -> Http ResponseLBS
+postUserWithEmail hasPassword validateBody name email havePhone ssoid teamid brig = do
     phone <- if havePhone
         then Just <$> randomPhone
         else pure Nothing
-    let o = object
+    let o = object $
             [ "name"            .= name
             , "email"           .= (fromEmail <$> email)
             , "phone"           .= phone
-            , "password"        .= defPassword
             , "cookie"          .= defCookieLabel
             , "sso_id"          .= ssoid
             , "team_id"         .= teamid
-            ]
+            ] <>
+            [ "password"        .= defPassword | hasPassword ]
         p = case Aeson.parse parseJSON o of
               Aeson.Success (p_ :: NewUser) -> p_
               bad -> error $ show (bad, o)