More progress

caafe0e7 · Alfredo Di Napoli · d02d3d8a · caafe0e7 · caafe0e7 · caafe0e7
Commit caafe0e7 authored Sep 28, 2023 by Alfredo Di Napoli
Hide whitespace changes
Inline Side-by-side

Showing with 10 additions and 3 deletions

Auth.hs src/Gargantext/API/Admin/Auth.hs +2 -2

Private.hs test/Test/API/Private.hs +6 -1

Utils.hs test/Test/Utils.hs +2 -0

No files found.
--- a/src/Gargantext/API/Admin/Auth.hs
+++ b/src/Gargantext/API/Admin/Auth.hs
@@ -115,8 +115,8 @@ auth :: (HasSettings env, CmdCommon env, HasJoseError err)
 auth (AuthRequest u p) = do
  checkAuthRequest' <- checkAuthRequest u p
  case checkAuthRequest' of
-    InvalidUser     -> pure $ AuthResponse Nothing (Just $ AuthInvalid "Invalid user")
-    InvalidPassword -> pure $ AuthResponse Nothing (Just $ AuthInvalid "Invalid password")
+    InvalidUser     -> pure $ AuthResponse Nothing (Just $ AuthInvalid "Invalid username or password")
+    InvalidPassword -> pure $ AuthResponse Nothing (Just $ AuthInvalid "Invalid username or password")
    Valid to trId uId   -> pure $ AuthResponse (Just $ AuthValid to trId uId) Nothing

 --type instance BasicAuthCfg = BasicAuthData -> IO (AuthResult AuthenticatedUser)

--- a/test/Test/API/Private.hs
+++ b/test/Test/API/Private.hs
@@ -26,7 +26,6 @@ import Test.Database.Types
 import Test.Hspec
 import Test.Hspec.Wai hiding (pendingWith)
 import Test.Hspec.Wai.Internal (withApplication)
-import Test.Hspec.Wai.JSON
 import qualified Data.Text.Encoding as TE
 import qualified Network.Wai.Handler.Warp as Wai
 import qualified Servant.Auth.Client as SA
@@ -121,3 +120,9 @@ tests = sequential $ aroundAll withTestDBAndPort $ do
          withValidLogin port "alice" (GargPassword "alice") $ \token -> do
            protected token "GET" (mkUrl port "/node/8") ""
              `shouldRespondWith'` [jsonFragment| {"id":8,"user_id":2,"name":"alice" } |]
+
+      it "forbids 'alice' to see others node private info" $ \((_testEnv, port), app) -> do
+        withApplication app $ do
+          withValidLogin port "alice" (GargPassword "alice") $ \token -> do
+            protected token "GET" (mkUrl port "/node/1") ""
+              `shouldRespondWith` 403
--- a/test/Test/Utils.hs
+++ b/test/Test/Utils.hs
@@ -27,6 +27,8 @@ pending reason act = act `catch` (\(e :: SomeException) -> do
  putStrLn $ "PENDING: " <> reason
  putStrLn (displayException e))

+-- | Similar to 'json' from the 'Test.Hspec.Wai.JSON' package,
+-- but allows matching on a /fragment/ of the body.
 jsonFragment :: QuasiQuoter
 jsonFragment = QuasiQuoter {
  quoteExp = \input -> [|fromValue $(quoteExp aesonQQ input)|]