wip

go-backend/internal/controllers/user_controller_test.go

@@ -351,8 +351,8 @@ func testCurrentUserHandler(t *testing.T, loginEmail string) http.Cookie {
 
 			if tt.expectedStatus == http.StatusOK {
 				var response struct {
-					User          models.User                `json:"user"`
-					Subscriptions []models.SubscriptionModel `json:"subscriptions"`
+					User          models.User           `json:"user"`
+					Subscriptions []models.Subscription `json:"subscriptions"`
 				}
 				err := json.Unmarshal(w.Body.Bytes(), &response)
 				assert.NoError(t, err)
@@ -407,12 +407,15 @@ func validateUser(assert bool, wantDBData map[string]interface{}) error {
 	if assert {
 		user := (*users)[0]
 		// Check for mandate reference
-		if user.BankAccount.MandateReference == "" {
+
+		if user.BankAccount.IBAN != "" && user.BankAccount.MandateReference == "" {
 			return fmt.Errorf("Mandate reference not generated for user: %s", user.Email)
+		} else if user.BankAccount.IBAN == "" && user.BankAccount.MandateReference != "" {
+			return fmt.Errorf("Mandate reference generated without IBAN for user: %s", user.Email)
 		}
 
 		// Validate mandate reference format
-		expected := user.GenerateMandateReference()
+		expected := user.BankAccount.GenerateMandateReference(user.ID)
 		if !strings.HasPrefix(user.BankAccount.MandateReference, expected) {
 			return fmt.Errorf("Mandate reference is invalid. Expected: %s, Got: %s", expected, user.BankAccount.MandateReference)
 		}
@@ -686,6 +689,20 @@ func testUpdateUser(t *testing.T) {
 			},
 			expectedStatus: http.StatusAccepted,
 		},
+		{
+			name: "Admin Password Update low entropy should fail",
+			setupCookie: func(req *http.Request) {
+				req.AddCookie(AdminCookie)
+			},
+			updateFunc: func(u *models.User) {
+				u.Password = "newpassword"
+
+			},
+			expectedErrors: []map[string]string{
+				{"field": "server.validation.special server.validation.uppercase server.validation.numbers server.validation.longer", "key": "server.validation.insecure"},
+			},
+			expectedStatus: http.StatusBadRequest,
+		},
 		{
 			name: "Admin Password Update",
 			setupCookie: func(req *http.Request) {
@@ -792,7 +809,11 @@ func testUpdateUser(t *testing.T) {
 				if updatedUser.Password == "" {
 					assert.Equal(t, user.Password, (*updatedUserFromDB).Password)
 				} else {
-					assert.NotEqual(t, user.Password, (*updatedUserFromDB).Password)
+					matches, err := updatedUserFromDB.PasswordMatches(updatedUser.Password)
+					if err != nil {
+						t.Fatalf("Error matching password: %v", err)
+					}
+					assert.True(t, matches, "Password mismatch")
 				}
 
 				updatedUserFromDB.Password = ""
@@ -820,7 +841,7 @@ func testUpdateUser(t *testing.T) {
 				assert.Equal(t, updatedUser.Membership.StartDate, updatedUserFromDB.Membership.StartDate, "Membership.StartDate mismatch")
 				assert.Equal(t, updatedUser.Membership.EndDate, updatedUserFromDB.Membership.EndDate, "Membership.EndDate mismatch")
 				assert.Equal(t, updatedUser.Membership.Status, updatedUserFromDB.Membership.Status, "Membership.Status mismatch")
-				assert.Equal(t, updatedUser.Membership.SubscriptionModelID, updatedUserFromDB.Membership.SubscriptionModelID, "Membership.SubscriptionModelID mismatch")
+				assert.Equal(t, updatedUser.Membership.SubscriptionID, updatedUserFromDB.Membership.SubscriptionID, "Membership.SubscriptionID mismatch")
 				assert.Equal(t, updatedUser.Membership.ParentMembershipID, updatedUserFromDB.Membership.ParentMembershipID, "Membership.ParentMembershipID mismatch")
 
 				if updatedUser.Licence == nil {
@@ -871,11 +892,11 @@ func checkWelcomeMail(message *utils.Email, user *models.User) error {
 	if !strings.Contains(message.Body, user.FirstName) {
 		return fmt.Errorf("User first name(%v) has not been rendered in registration mail.", user.FirstName)
 	}
-	if !strings.Contains(message.Body, fmt.Sprintf("Preis/Monat</strong>: %v", user.Membership.SubscriptionModel.MonthlyFee)) {
-		return fmt.Errorf("Users monthly subscription fee(%v) has not been rendered in registration mail.", user.Membership.SubscriptionModel.MonthlyFee)
+	if !strings.Contains(message.Body, fmt.Sprintf("Preis/Monat</strong>: %v", user.Membership.Subscription.MonthlyFee)) {
+		return fmt.Errorf("Users monthly subscription fee(%v) has not been rendered in registration mail.", user.Membership.Subscription.MonthlyFee)
 	}
-	if !strings.Contains(message.Body, fmt.Sprintf("Preis/h</strong>: %v", user.Membership.SubscriptionModel.HourlyRate)) {
-		return fmt.Errorf("Users hourly subscription fee(%v) has not been rendered in registration mail.", user.Membership.SubscriptionModel.HourlyRate)
+	if !strings.Contains(message.Body, fmt.Sprintf("Preis/h</strong>: %v", user.Membership.Subscription.HourlyRate)) {
+		return fmt.Errorf("Users hourly subscription fee(%v) has not been rendered in registration mail.", user.Membership.Subscription.HourlyRate)
 	}
 	if user.Company != "" && !strings.Contains(message.Body, user.Company) {
 		return fmt.Errorf("Users Company(%v) has not been rendered in registration mail.", user.Company)
@@ -907,11 +928,11 @@ func checkRegistrationMail(message *utils.Email, user *models.User) error {
 	if !strings.Contains(message.Body, user.FirstName+" "+user.LastName) {
 		return fmt.Errorf("User first and last name(%v) has not been rendered in registration mail.", user.FirstName+" "+user.LastName)
 	}
-	if !strings.Contains(message.Body, fmt.Sprintf("Preis/Monat</strong>: %v", user.Membership.SubscriptionModel.MonthlyFee)) {
-		return fmt.Errorf("Users monthly subscription fee(%v) has not been rendered in registration mail.", user.Membership.SubscriptionModel.MonthlyFee)
+	if !strings.Contains(message.Body, fmt.Sprintf("Preis/Monat</strong>: %v", user.Membership.Subscription.MonthlyFee)) {
+		return fmt.Errorf("Users monthly subscription fee(%v) has not been rendered in registration mail.", user.Membership.Subscription.MonthlyFee)
 	}
-	if !strings.Contains(message.Body, fmt.Sprintf("Preis/h</strong>: %v", user.Membership.SubscriptionModel.HourlyRate)) {
-		return fmt.Errorf("Users hourly subscription fee(%v) has not been rendered in registration mail.", user.Membership.SubscriptionModel.HourlyRate)
+	if !strings.Contains(message.Body, fmt.Sprintf("Preis/h</strong>: %v", user.Membership.Subscription.HourlyRate)) {
+		return fmt.Errorf("Users hourly subscription fee(%v) has not been rendered in registration mail.", user.Membership.Subscription.HourlyRate)
 	}
 	if user.Company != "" && !strings.Contains(message.Body, user.Company) {
 		return fmt.Errorf("Users Company(%v) has not been rendered in registration mail.", user.Company)
@@ -951,7 +972,7 @@ func checkVerificationMail(message *utils.Email, user *models.User) error {
 	if err != nil {
 		return fmt.Errorf("Error parsing verification URL: %#v", err.Error())
 	}
-	v, err := user.GetVerification(constants.VerificationTypes.Email)
+	v, err := user.FindVerification(constants.VerificationTypes.Email)
 	if err != nil {
 		return fmt.Errorf("Error getting verification token: %v", err.Error())
 	}
@@ -1132,7 +1153,7 @@ func getTestUsers() []RegisterUserTest {
 				user.BankAccount.IBAN = "DE1234234123134"
 				user.RoleID = constants.Roles.Supporter
 				user.Email = "john.supporter@example.com"
-				user.Membership.SubscriptionModel.Name = constants.SupporterSubscriptionModelName
+				user.Membership.Subscription.Name = constants.SupporterSubscriptionName
 				return user
 			})),
 		},
@@ -1145,7 +1166,7 @@ func getTestUsers() []RegisterUserTest {
 				user.BankAccount.IBAN = ""
 				user.RoleID = constants.Roles.Supporter
 				user.Email = "john.supporter@example.com"
-				user.Membership.SubscriptionModel.Name = constants.SupporterSubscriptionModelName
+				user.Membership.Subscription.Name = constants.SupporterSubscriptionName
 				return user
 			})),
 		},
@@ -1155,7 +1176,7 @@ func getTestUsers() []RegisterUserTest {
 			WantDBData:   map[string]interface{}{"email": "john.doe@example.com"},
 			Assert:       false,
 			Input: GenerateInputJSON(customizeInput(func(user models.User) models.User {
-				user.Membership.SubscriptionModel.Name = ""
+				user.Membership.Subscription.Name = ""
 				return user
 			})),
 		},
@@ -1165,7 +1186,7 @@ func getTestUsers() []RegisterUserTest {
 			WantDBData:   map[string]interface{}{"email": "john.doe@example.com"},
 			Assert:       false,
 			Input: GenerateInputJSON(customizeInput(func(user models.User) models.User {
-				user.Membership.SubscriptionModel.Name = "NOTEXISTENTPLAN"
+				user.Membership.Subscription.Name = "NOTEXISTENTPLAN"
 				return user
 			})),
 		},
@@ -1204,7 +1225,7 @@ func getTestUsers() []RegisterUserTest {
 			Assert:       false,
 			Input: GenerateInputJSON(customizeInput(func(user models.User) models.User {
 				user.Email = "john.junior.doe@example.com"
-				user.Membership.SubscriptionModel.Name = "additional"
+				user.Membership.Subscription.Name = "additional"
 				return user
 			})),
 		},
@@ -1216,7 +1237,7 @@ func getTestUsers() []RegisterUserTest {
 			Input: GenerateInputJSON(customizeInput(func(user models.User) models.User {
 				user.Email = "john.junior.doe@example.com"
 				user.Membership.ParentMembershipID = 200
-				user.Membership.SubscriptionModel.Name = "additional"
+				user.Membership.Subscription.Name = "additional"
 				return user
 			})),
 		},
@@ -1228,7 +1249,7 @@ func getTestUsers() []RegisterUserTest {
 			Input: GenerateInputJSON(customizeInput(func(user models.User) models.User {
 				user.Email = "john.junior.doe@example.com"
 				user.Membership.ParentMembershipID = 1
-				user.Membership.SubscriptionModel.Name = "additional"
+				user.Membership.Subscription.Name = "additional"
 				return user
 			})),
 		},