From b14db407f3f5d2cbd9f37852a60d1d6ea599d325 Mon Sep 17 00:00:00 2001
From: Manager Bot <manager@myjekyllblog.net>
Date: Wed, 30 Nov 2022 07:15:06 +0000
Subject: [PATCH] Tests!

---
 .../02_do_admin_become/01_anon_to_user.t      | 33 +++++++++++
 .../02_do_admin_become/02_user_to_user.t      | 38 ++++++++++++
 .../02_do_admin_become/03_admin_to_user.t     | 58 +++++++++++++++++++
 3 files changed, 129 insertions(+)
 create mode 100644 Web/t/01_endpoints/01_admin/02_do_admin_become/01_anon_to_user.t
 create mode 100644 Web/t/01_endpoints/01_admin/02_do_admin_become/02_user_to_user.t
 create mode 100644 Web/t/01_endpoints/01_admin/02_do_admin_become/03_admin_to_user.t

diff --git a/Web/t/01_endpoints/01_admin/02_do_admin_become/01_anon_to_user.t b/Web/t/01_endpoints/01_admin/02_do_admin_become/01_anon_to_user.t
new file mode 100644
index 0000000..35079ae
--- /dev/null
+++ b/Web/t/01_endpoints/01_admin/02_do_admin_become/01_anon_to_user.t
@@ -0,0 +1,33 @@
+#!/usr/bin/env perl
+use MJB::Web::Test;
+
+#==
+# This test ensures that an anonymouse user may not use the
+# admin become functionality.
+#
+# 1. Create a user and record the id.
+# 2. Log out of the user account.
+# 3. As an anonymouse user try to use admin_become and confirm rejection
+#==
+
+my $t = Test::Mojo::MJB->new('MJB::Web');
+
+my $user_id = $t->create_user
+    ->get_ok( '/profile' )
+    ->status_is( 200 )
+    ->stash->{person}->id;
+
+# Logout
+$t->get_ok( '/logout' )
+    ->reset_session;
+
+$t->post_ok( '/admin', form => {
+        uid => $user_id
+    })
+    ->header_is( location => '/login' )
+    ->status_is( 302 )
+    ->code_block(sub {
+        is shift->stash->{person}, undef, 'No person object loaded';
+    });
+
+done_testing;
diff --git a/Web/t/01_endpoints/01_admin/02_do_admin_become/02_user_to_user.t b/Web/t/01_endpoints/01_admin/02_do_admin_become/02_user_to_user.t
new file mode 100644
index 0000000..e6a84de
--- /dev/null
+++ b/Web/t/01_endpoints/01_admin/02_do_admin_become/02_user_to_user.t
@@ -0,0 +1,38 @@
+#!/usr/bin/env perl
+use MJB::Web::Test;
+
+#==
+# This test ensures that a regular user cannot use the admin become functionality.
+#
+# 1. Create a user and record the id.
+# 2. Log out of the user account.
+# 3. Make a new user account and login.
+# 4. Try to use admin_become and confirm rejection
+#==
+
+my $t = Test::Mojo::MJB->new('MJB::Web');
+
+my $user_id = $t->create_user
+    ->get_ok( '/profile' )
+    ->status_is( 200 )
+    ->stash->{person}->id;
+
+# Logout
+$t->get_ok( '/logout' )
+    ->reset_session;
+
+# Make a new user, try to become the first user and confirm we do not.
+$t->create_user
+    ->get_ok( '/profile' )
+    ->status_is( 200 )
+    ->post_ok( '/admin', form => {
+        uid => $user_id
+    })
+    ->header_is( location => '/dashboard' )
+    ->status_is( 302 )
+    ->get_ok( '/dashboard' )
+    ->code_block(sub {
+        isnt shift->stash->{person}->id, $user_id, 'Did not become user.';
+    });
+
+done_testing;
diff --git a/Web/t/01_endpoints/01_admin/02_do_admin_become/03_admin_to_user.t b/Web/t/01_endpoints/01_admin/02_do_admin_become/03_admin_to_user.t
new file mode 100644
index 0000000..e9746e5
--- /dev/null
+++ b/Web/t/01_endpoints/01_admin/02_do_admin_become/03_admin_to_user.t
@@ -0,0 +1,58 @@
+#!/usr/bin/env perl
+use MJB::Web::Test;
+
+#==
+# This test confirms that an admin can login to a user account through the
+# admin become functionality.
+#
+# 1. Create a user and record the id.
+# 2. Log out of the user account.
+# 3. Make a new user account, promote it to admin, and login.
+# 4. Try to use admin_become and confirm that I am now logged in under the target user
+# 5. Logout and confirm I am logged in under the admin account.
+#==
+
+my $t = Test::Mojo::MJB->new('MJB::Web');
+
+my $user_id = $t->create_user
+    ->get_ok( '/profile' )
+    ->status_is( 200 )
+    ->stash->{person}->id;
+
+# Logout
+$t->get_ok( '/logout' )
+    ->reset_session;
+
+# Make a new user, promote to admin
+my $admin_id = $t->create_user
+    ->get_ok( '/profile' )
+    ->code_block( sub {
+        my $self = shift;
+
+        $self->stash->{person}->is_admin( 1 );
+        ok( $self->stash->{person}->update, 'Promoted user to an admin' );
+    })->stash->{person}->id;
+
+# Try to become the first user that was created, confirm we do.
+$t->post_ok( '/admin', form => {
+        uid => $user_id
+    })
+    ->header_is( location => '/dashboard' )
+    ->status_is( 302 )
+    ->get_ok( '/dashboard' )
+    ->code_block(sub {
+        is shift->stash->{person}->id, $user_id, 'Admin has become target user';
+    });
+
+# Logout and confirm the user id resets back to the admin one.
+$t->get_ok( '/logout' )
+    ->status_is( 302 )
+    ->header_is( location => '/admin' )
+    ->get_ok( '/admin' )
+    ->code_block(sub {
+        is shift->stash->{person}->id, $admin_id, 'Admin has become self again';
+    });
+
+
+
+done_testing;