// SPDX-License-Identifier: AGPL-3.0-or-later package store import ( "testing" ) func TestSignupRequestCreateAndList(t *testing.T) { db := testDB(t) requests := NewSignupRequestStore(db) Argon2Memory = 1024 Argon2Time = 1 defer func() { Argon2Memory = 65536; Argon2Time = 3 }() err := requests.Create("newuser", "password123") if err != nil { t.Fatalf("create request: %v", err) } // Duplicate should fail. err = requests.Create("newuser", "password456") if err != ErrSignupRequestExists { t.Errorf("duplicate: err = %v, want ErrSignupRequestExists", err) } pending, err := requests.ListPending() if err != nil { t.Fatalf("list pending: %v", err) } if len(pending) != 1 { t.Fatalf("pending count = %d, want 1", len(pending)) } if pending[0].Username != "newuser" { t.Errorf("username = %q, want %q", pending[0].Username, "newuser") } if pending[0].Status != "pending" { t.Errorf("status = %q, want pending", pending[0].Status) } count, _ := requests.PendingCount() if count != 1 { t.Errorf("pending count = %d, want 1", count) } } func TestSignupRequestApprove(t *testing.T) { db := testDB(t) users := NewUserStore(db) requests := NewSignupRequestStore(db) Argon2Memory = 1024 Argon2Time = 1 defer func() { Argon2Memory = 65536; Argon2Time = 3 }() // Create an admin to act as reviewer. admin, _ := users.Create("admin", "adminpass", "admin") // Create a signup request. requests.Create("newuser", "password123") pending, _ := requests.ListPending() requestID := pending[0].ID // Approve it. err := requests.Approve(requestID, admin.ID) if err != nil { t.Fatalf("approve: %v", err) } // The user should now exist with must_reset_password=1. user, err := users.GetByUsername("newuser") if err != nil { t.Fatalf("get approved user: %v", err) } if !user.MustResetPassword { t.Error("approved user should have must_reset_password=true") } // The request should no longer be pending. count, _ := requests.PendingCount() if count != 0 { t.Errorf("pending count after approve = %d, want 0", count) } // The approved request should have the correct status. sr, _ := requests.GetByID(requestID) if sr.Status != "approved" { t.Errorf("status = %q, want approved", sr.Status) } // Double-approve should fail. err = requests.Approve(requestID, admin.ID) if err == nil { t.Error("double approve should fail") } } func TestSignupRequestReject(t *testing.T) { db := testDB(t) users := NewUserStore(db) requests := NewSignupRequestStore(db) Argon2Memory = 1024 Argon2Time = 1 defer func() { Argon2Memory = 65536; Argon2Time = 3 }() admin, _ := users.Create("admin", "adminpass", "admin") requests.Create("rejectme", "password123") pending, _ := requests.ListPending() requestID := pending[0].ID err := requests.Reject(requestID, admin.ID) if err != nil { t.Fatalf("reject: %v", err) } // Should not be in pending list. count, _ := requests.PendingCount() if count != 0 { t.Errorf("pending count after reject = %d, want 0", count) } // User should NOT have been created. _, err = users.GetByUsername("rejectme") if err != ErrUserNotFound { t.Errorf("rejected user should not exist: err = %v", err) } // Double-reject should fail. err = requests.Reject(requestID, admin.ID) if err != ErrSignupRequestNotFound { t.Errorf("double reject: err = %v, want ErrSignupRequestNotFound", err) } }