Elgato_dark/appwrite
1
0
Fork 0
mirror of https://github.com/appwrite/appwrite synced 2026-05-23 17:08:45 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Merge pull request #3152 from appwrite/fix-email-search-integrity

Browse source 
fix(user): search integrity
This commit is contained in:
Torsten Dittmann 2022-04-27 10:55:14 +02:00 committed by GitHub
commit fdfc02c19d
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
5 changed files with 177 additions and 12 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

14
app/controllers/api/users.php
View file

@ -453,7 +453,12 @@ App::patch('/v1/users/:userId/name')
throw new Exception('User not found', 404, Exception::USER_NOT_FOUND); throw new Exception('User not found', 404, Exception::USER_NOT_FOUND);
} }
$user = $dbForProject->updateDocument('users', $user->getId(), $user->setAttribute('name', $name)); $user
->setAttribute('name', $name)
->setAttribute('search', \implode(' ', [$user->getId(), $user->getAttribute('email'), $name]));
;
$user = $dbForProject->updateDocument('users', $user->getId(), $user);
$audits $audits
->setParam('userId', $user->getId()) ->setParam('userId', $user->getId())
@ -542,8 +547,13 @@ App::patch('/v1/users/:userId/email')
$email = \strtolower($email); $email = \strtolower($email);
$user
->setAttribute('email', $email)
->setAttribute('search', \implode(' ', [$user->getId(), $email, $user->getAttribute('name')]))
;
try { try {
$user = $dbForProject->updateDocument('users', $user->getId(), $user->setAttribute('email', $email)); $user = $dbForProject->updateDocument('users', $user->getId(), $user);
} catch(Duplicate $th) { } catch(Duplicate $th) {
throw new Exception('Email already exists', 409, Exception::USER_EMAIL_ALREADY_EXISTS); throw new Exception('Email already exists', 409, Exception::USER_EMAIL_ALREADY_EXISTS);
} }

4
tests/e2e/Services/Account/AccountBase.php
View file

@ -445,7 +445,7 @@ trait AccountBase
{ {
$email = $data['email'] ?? ''; $email = $data['email'] ?? '';
$session = $data['session'] ?? ''; $session = $data['session'] ?? '';
$newName = 'New Name'; $newName = 'Lorem';
/** /**
* Test for SUCCESS * Test for SUCCESS
@ -532,7 +532,6 @@ trait AccountBase
$this->assertNotEmpty($response['body']['$id']); $this->assertNotEmpty($response['body']['$id']);
$this->assertIsNumeric($response['body']['registration']); $this->assertIsNumeric($response['body']['registration']);
$this->assertEquals($response['body']['email'], $email); $this->assertEquals($response['body']['email'], $email);
$this->assertEquals($response['body']['name'], 'New Name');
$response = $this->client->call(Client::METHOD_POST, '/account/sessions', array_merge([ $response = $this->client->call(Client::METHOD_POST, '/account/sessions', array_merge([
'origin' => 'http://localhost', 'origin' => 'http://localhost',
@ -625,7 +624,6 @@ trait AccountBase
$this->assertNotEmpty($response['body']['$id']); $this->assertNotEmpty($response['body']['$id']);
$this->assertIsNumeric($response['body']['registration']); $this->assertIsNumeric($response['body']['registration']);
$this->assertEquals($response['body']['email'], $newEmail); $this->assertEquals($response['body']['email'], $newEmail);
$this->assertEquals($response['body']['name'], 'New Name');
/** /**
* Test for FAILURE * Test for FAILURE

81
tests/e2e/Services/Account/AccountCustomClientTest.php
View file

@ -510,4 +510,85 @@ class AccountCustomClientTest extends Scope
$this->assertEquals($response['headers']['status-code'], 404); $this->assertEquals($response['headers']['status-code'], 404);
} }
/**
* @depends testUpdateAccountName
*/
public function testUpdateAccountNameSearch($data): void
{
$id = $data['id'] ?? '';
$email = $data['email'] ?? '';
$newName = 'Lorem';
/**
* Test for SUCCESS
*/
$response = $this->client->call(Client::METHOD_GET, '/users', [
'content-type' => 'application/json',
'x-appwrite-project' => $this->getProject()['$id'],
'x-appwrite-key' => $this->getProject()['apiKey'],
], [
'search' => $newName
]);
$this->assertEquals($response['headers']['status-code'], 200);
$this->assertNotEmpty($response['body']);
$this->assertNotEmpty($response['body']['users']);
$this->assertCount(1, $response['body']['users']);
$this->assertEquals($response['body']['users'][0]['email'], $email);
$response = $this->client->call(Client::METHOD_GET, '/users', [
'content-type' => 'application/json',
'x-appwrite-project' => $this->getProject()['$id'],
'x-appwrite-key' => $this->getProject()['apiKey'],
], [
'search' => $id
]);
$this->assertEquals($response['headers']['status-code'], 200);
$this->assertNotEmpty($response['body']);
$this->assertNotEmpty($response['body']['users']);
$this->assertCount(1, $response['body']['users']);
$this->assertEquals($response['body']['users'][0]['email'], $email);
}
/**
* @depends testUpdateAccountEmail
*/
public function testUpdateAccountEmailSearch($data): void
{
$id = $data['id'] ?? '';
$email = $data['email'] ?? '';
/**
* Test for SUCCESS
*/
$response = $this->client->call(Client::METHOD_GET, '/users', [
'content-type' => 'application/json',
'x-appwrite-project' => $this->getProject()['$id'],
'x-appwrite-key' => $this->getProject()['apiKey'],
], [
'search' => '"' . $email . '"'
]);
$this->assertEquals($response['headers']['status-code'], 200);
$this->assertNotEmpty($response['body']);
$this->assertNotEmpty($response['body']['users']);
$this->assertCount(1, $response['body']['users']);
$this->assertEquals($response['body']['users'][0]['email'], $email);
$response = $this->client->call(Client::METHOD_GET, '/users', [
'content-type' => 'application/json',
'x-appwrite-project' => $this->getProject()['$id'],
'x-appwrite-key' => $this->getProject()['apiKey'],
], [
'search' => $id
]);
$this->assertEquals($response['headers']['status-code'], 200);
$this->assertNotEmpty($response['body']);
$this->assertNotEmpty($response['body']['users']);
$this->assertCount(1, $response['body']['users']);
$this->assertEquals($response['body']['users'][0]['email'], $email);
}
} }

76
tests/e2e/Services/Users/UsersBase.php
View file

@ -281,6 +281,44 @@ trait UsersBase
return $data; return $data;
} }
/**
* @depends testUpdateUserName
*/
public function testUpdateUserNameSearch($data): void
{
$id = $data['userId'] ?? '';
$newName = 'Updated name';
/**
* Test for SUCCESS
*/
$response = $this->client->call(Client::METHOD_GET, '/users', array_merge([
'content-type' => 'application/json',
'x-appwrite-project' => $this->getProject()['$id'],
], $this->getHeaders()), [
'search' => $newName
]);
$this->assertEquals($response['headers']['status-code'], 200);
$this->assertNotEmpty($response['body']);
$this->assertNotEmpty($response['body']['users']);
$this->assertCount(1, $response['body']['users']);
$this->assertEquals($response['body']['users'][0]['$id'], $id);
$response = $this->client->call(Client::METHOD_GET, '/users', array_merge([
'content-type' => 'application/json',
'x-appwrite-project' => $this->getProject()['$id'],
], $this->getHeaders()), [
'search' => $id
]);
$this->assertEquals($response['headers']['status-code'], 200);
$this->assertNotEmpty($response['body']);
$this->assertNotEmpty($response['body']['users']);
$this->assertCount(1, $response['body']['users']);
$this->assertEquals($response['body']['users'][0]['$id'], $id);
}
/** /**
* @depends testGetUser * @depends testGetUser
*/ */
@ -310,6 +348,44 @@ trait UsersBase
return $data; return $data;
} }
/**
* @depends testUpdateUserEmail
*/
public function testUpdateUserEmailSearch($data): void
{
$id = $data['userId'] ?? '';
$newEmail = '"users.service@updated.com"';
/**
* Test for SUCCESS
*/
$response = $this->client->call(Client::METHOD_GET, '/users', array_merge([
'content-type' => 'application/json',
'x-appwrite-project' => $this->getProject()['$id'],
], $this->getHeaders()), [
'search' => $newEmail
]);
$this->assertEquals($response['headers']['status-code'], 200);
$this->assertNotEmpty($response['body']);
$this->assertNotEmpty($response['body']['users']);
$this->assertCount(1, $response['body']['users']);
$this->assertEquals($response['body']['users'][0]['$id'], $id);
$response = $this->client->call(Client::METHOD_GET, '/users', array_merge([
'content-type' => 'application/json',
'x-appwrite-project' => $this->getProject()['$id'],
], $this->getHeaders()), [
'search' => $id
]);
$this->assertEquals($response['headers']['status-code'], 200);
$this->assertNotEmpty($response['body']);
$this->assertNotEmpty($response['body']['users']);
$this->assertCount(1, $response['body']['users']);
$this->assertEquals($response['body']['users'][0]['$id'], $id);
}
/** /**
* @depends testUpdateUserEmail * @depends testUpdateUserEmail
*/ */