From b2ccc6c98722055d36106de8ccc9489b2e57b709 Mon Sep 17 00:00:00 2001
From: Martin Geno <geno+dev@fireorbit.de>
Date: Sun, 16 Oct 2016 19:00:53 +0200
Subject: [PATCH] [host] add signup and delete

---
 modul/host/api.go      | 46 ++++++++++++++++++---
 modul/host/api_test.go | 65 +++++++++++++++++++++++++++++
 modul/host/lib.go      | 30 ++++++++++++++
 modul/host/models.go   |  2 +-
 modul/web/lib.go       | 35 ++++++----------
 system/api_test.go     | 93 +++++++++++++++++++++---------------------
 system/lib.go          |  2 +
 7 files changed, 198 insertions(+), 75 deletions(-)
 create mode 100644 modul/host/api_test.go
 create mode 100644 modul/host/lib.go

diff --git a/modul/host/api.go b/modul/host/api.go
index dac7aa0..a41770a 100644
--- a/modul/host/api.go
+++ b/modul/host/api.go
@@ -2,6 +2,7 @@ package host
 
 import (
 	"net/http"
+	"strings"
 
 	"github.com/jinzhu/gorm"
 	"goji.io"
@@ -10,6 +11,7 @@ import (
 
 	libapi "dev.sum7.eu/sum7/warehost/lib/api"
 	liblog "dev.sum7.eu/sum7/warehost/lib/log"
+	system "dev.sum7.eu/sum7/warehost/system"
 )
 
 //MODULNAME to get global name for the modul
@@ -23,13 +25,45 @@ func BindAPI(db *gorm.DB, router *goji.Mux, prefix string) {
 	dbconnection = db
 	log = liblog.NewModulLog(MODULNAME)
 
-	router.HandleFuncC(pat.Get(prefix+"/status"), libapi.SessionHandler(status))
+	router.HandleFuncC(pat.Post(prefix+"/signup"), libapi.SessionHandler(system.LoginHandler(signup)))
+	router.HandleFuncC(pat.Delete(prefix+"/delete"), libapi.SessionHandler(system.LoginHandler(ProfilHandler(delete))))
 }
 
-// Status to get Login and Server status
-func status(ctx context.Context, w http.ResponseWriter, r *http.Request) (returndata interface{}, returnerr *libapi.ErrorResult) {
-	returndata = true
-	logger := log.GetLog(r, "status")
-	logger.Info("status")
+func signup(ctx context.Context, w http.ResponseWriter, r *http.Request) (returndata interface{}, returnerr *libapi.ErrorResult) {
+	login := ctx.Value("login").(*system.Login)
+	returndata = false
+	logger := log.GetLog(r, "signup")
+	run := login.Superadmin
+	if !run {
+		var profil Profil
+		dbconnection.Joins("LEFT JOIN invite invite ON invite.login=host_profil.login").Where("invite.invited=?", login.ID).Find(&profil)
+		run = profil.Reseller
+	}
+	if run {
+		profil := &Profil{LoginID: login.ID}
+		if err := dbconnection.Create(profil).Error; err != nil {
+			if strings.Contains(err.Error(), "duplicate key") {
+				returndata = false
+				logger.Warning("exists already")
+				return
+			} else {
+				logger.Error("database: during create host profil: ", err)
+				returnerr = &libapi.ErrorResult{Message: "Internal Database Error"}
+				w.WriteHeader(http.StatusInternalServerError)
+				return
+			}
+		}
+		returndata = true
+		logger.Info("done")
+		return
+	}
+	w.WriteHeader(http.StatusUnauthorized)
+	logger.Info("not allowed")
+	return
+}
+func delete(ctx context.Context, w http.ResponseWriter, r *http.Request) (returndata interface{}, returnerr *libapi.ErrorResult) {
+	profil := ctx.Value("profil").(*Profil)
+	returndata = true
+	dbconnection.Unscoped().Delete(profil)
 	return
 }
diff --git a/modul/host/api_test.go b/modul/host/api_test.go
new file mode 100644
index 0000000..7d72892
--- /dev/null
+++ b/modul/host/api_test.go
@@ -0,0 +1,65 @@
+package host
+
+import (
+	"net/http"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+
+	"dev.sum7.eu/sum7/warehost/system"
+	"dev.sum7.eu/sum7/warehost/test"
+)
+
+func loginTest(session *test.Request, assertion *assert.Assertions) {
+	result, w := session.JSONRequest("POST", "/login", system.RequestLogin{Username: "root", Password: "root"})
+	assertion.Equal(w.StatusCode, http.StatusOK)
+	assertion.Equal(result.Data, true)
+}
+
+func TestAPI(t *testing.T) {
+
+	assertion, db, router := test.Init(t)
+	defer db.Close()
+
+	//load system Models to database
+	system.SyncModels(db)
+	db.Unscoped().Delete(Profil{})
+	SyncModels(db)
+
+	// Bind API
+	system.BindAPI(db, router, "")
+	BindAPI(db, router, "/host")
+	session := test.NewSession(router)
+
+	/*
+	 * TEST signup
+	 */
+	result, w := session.JSONRequest("POST", "/host/signup", nil)
+	assertion.Equal(w.StatusCode, http.StatusUnauthorized)
+	assertion.Equal(result.Data, false)
+
+	loginTest(session, assertion)
+
+	result, w = session.JSONRequest("POST", "/host/signup", nil)
+	assertion.Equal(w.StatusCode, http.StatusOK)
+	assertion.Equal(result.Data, true)
+
+	result, w = session.JSONRequest("POST", "/host/signup", nil)
+	assertion.Equal(w.StatusCode, http.StatusOK)
+	assertion.Equal(result.Data, false)
+
+	/*
+	 * TEST delete
+	 */
+	session.Clean()
+	result, w = session.JSONRequest("DELETE", "/host/delete", nil)
+	assertion.Equal(w.StatusCode, http.StatusUnauthorized)
+	assertion.Equal(result.Data, false)
+
+	loginTest(session, assertion)
+
+	result, w = session.JSONRequest("DELETE", "/host/delete", nil)
+	assertion.Equal(w.StatusCode, http.StatusOK)
+	assertion.Equal(result.Data, true)
+
+}
diff --git a/modul/host/lib.go b/modul/host/lib.go
new file mode 100644
index 0000000..1637654
--- /dev/null
+++ b/modul/host/lib.go
@@ -0,0 +1,30 @@
+package host
+
+import (
+	"net/http"
+
+	"golang.org/x/net/context"
+
+	libapi "dev.sum7.eu/sum7/warehost/lib/api"
+	liblog "dev.sum7.eu/sum7/warehost/lib/log"
+	libsystem "dev.sum7.eu/sum7/warehost/system"
+)
+
+//ProfilHandler for api function to get host.Profil
+func ProfilHandler(h libapi.Handle) libapi.Handle {
+	return func(ctx context.Context, w http.ResponseWriter, r *http.Request) (returndata interface{}, returnerr *libapi.ErrorResult) {
+		login := ctx.Value("login").(*libsystem.Login)
+		returnerr = &libapi.ErrorResult{Fields: []string{"session"}, Message: "no profil found"}
+		returndata = false
+
+		profil := &Profil{LoginID: login.ID}
+		res := dbconnection.Find(profil)
+		if !res.RecordNotFound() {
+			ctx = context.WithValue(ctx, "profil", profil)
+			returndata, returnerr = h(ctx, w, r)
+			return
+		}
+		liblog.Log.Warn("no profil found")
+		return
+	}
+}
diff --git a/modul/host/models.go b/modul/host/models.go
index 19e8149..811db33 100644
--- a/modul/host/models.go
+++ b/modul/host/models.go
@@ -7,7 +7,7 @@ import (
 // Profil struct
 type Profil struct {
 	ID       int64
-	LoginID  int64 `sql:"type:bigint NOT NULL REFERENCES login(id) ON UPDATE CASCADE ON DELETE CASCADE;column:login" json:"login"`
+	LoginID  int64 `sql:"type:bigint NOT NULL UNIQUE REFERENCES login(id) ON UPDATE CASCADE ON DELETE CASCADE;column:login" json:"login"`
 	Reseller bool  `sql:"default:false;column:reseller" json:"reseller"`
 }
 
diff --git a/modul/web/lib.go b/modul/web/lib.go
index 1df0898..45c68c1 100644
--- a/modul/web/lib.go
+++ b/modul/web/lib.go
@@ -4,7 +4,6 @@ import (
 	"net/http"
 	"strconv"
 
-	"github.com/astaxie/session"
 	"goji.io/pat"
 	"golang.org/x/net/context"
 
@@ -13,35 +12,27 @@ import (
 	libsystem "dev.sum7.eu/sum7/warehost/system"
 )
 
-//InvolveWebsiteHandler for api function to Verifie User ist libloggedin
+//InvolveWebsiteHandler for api function to Verifie User ist loggedin
 func InvolveWebsiteHandler(h libapi.Handle) libapi.Handle {
 	return func(ctx context.Context, w http.ResponseWriter, r *http.Request) (returndata interface{}, returnerr *libapi.ErrorResult) {
-		sess := ctx.Value("session").(session.Session)
-		returnerr = &libapi.ErrorResult{Fields: []string{"session"}, Message: "Not liblogged in"}
+		login := ctx.Value("login").(libsystem.Login)
+		returnerr = &libapi.ErrorResult{Fields: []string{"session"}, Message: "Not logged in"}
 		returndata = false
 
-		if login := sess.Get("login"); login != nil {
-			if loginObj := login.(libsystem.Login); loginObj.Active {
-				id, err := strconv.ParseInt(pat.Param(ctx, "websiteid"), 10, 64)
-				if err == nil {
-					res := dbconnection.Where(map[string]int64{"website": id, "login": loginObj.ID}).Find(&Manager{})
-					if !res.RecordNotFound() {
-						ctx = context.WithValue(ctx, "websiteid", id)
-						returndata, returnerr = h(ctx, w, r)
-						return
-					}
-					returnerr = &libapi.ErrorResult{Fields: []string{"permission"}, Message: "No permission"}
-					liblog.Log.Info("no Permissions")
-					return
-				}
-				returnerr = &libapi.ErrorResult{Fields: []string{"websiteid"}, Message: "Not a valid websiteid"}
-				liblog.Log.Warn("invalid websiteid, no integer")
+		id, err := strconv.ParseInt(pat.Param(ctx, "websiteid"), 10, 64)
+		if err == nil {
+			res := dbconnection.Where(map[string]int64{"website": id, "login": login.ID}).Find(&Manager{})
+			if !res.RecordNotFound() {
+				ctx = context.WithValue(ctx, "websiteid", id)
+				returndata, returnerr = h(ctx, w, r)
 				return
 			}
-			liblog.Log.Warn("user not active")
+			returnerr = &libapi.ErrorResult{Fields: []string{"permission"}, Message: "No permission"}
+			liblog.Log.Info("no Permissions")
 			return
 		}
-		liblog.Log.Warn("not libloggedin")
+		returnerr = &libapi.ErrorResult{Fields: []string{"websiteid"}, Message: "Not a valid websiteid"}
+		liblog.Log.Warn("invalid websiteid, no integer")
 		return
 	}
 }
diff --git a/system/api_test.go b/system/api_test.go
index 01b3e4a..88ac564 100644
--- a/system/api_test.go
+++ b/system/api_test.go
@@ -4,12 +4,20 @@ import (
 	"net/http"
 	"testing"
 
+	"github.com/stretchr/testify/assert"
+
 	"dev.sum7.eu/sum7/warehost/test"
 )
 
+func loginTest(session *test.Request, assertion *assert.Assertions) {
+	result, w := session.JSONRequest("POST", "/login", RequestLogin{Username: "root", Password: "root"})
+	assertion.Equal(w.StatusCode, http.StatusOK)
+	assertion.Equal(result.Data, true)
+}
+
 func TestAPI(t *testing.T) {
 
-	assert, db, router := test.Init(t)
+	assertion, db, router := test.Init(t)
 	defer db.Close()
 
 	//load system Models to database
@@ -23,105 +31,98 @@ func TestAPI(t *testing.T) {
 	 * TEST status
 	 */
 	result, w := session.JSONRequest("GET", "/status", nil)
-	assert.Equal(w.StatusCode, http.StatusOK)
-	assert.Nil(result.Error)
-	assert.Equal(result.Data, true)
+	assertion.Equal(w.StatusCode, http.StatusOK)
+	assertion.Nil(result.Error)
+	assertion.Equal(result.Data, true)
 
 	/*
 	 * TEST login
 	 */
 	result, w = session.JSONRequest("POST", "/login", RequestLogin{Username: "root", Password: "root2"})
-	assert.Equal(w.StatusCode, http.StatusOK)
-	assert.Equal(result.Data, false)
-	assert.Equal(result.Error.Fields[0], "password")
+	assertion.Equal(w.StatusCode, http.StatusOK)
+	assertion.Equal(result.Data, false)
+	assertion.Equal(result.Error.Fields[0], "password")
 
 	result, w = session.JSONRequest("POST", "/login", RequestLogin{Username: "root2", Password: "root"})
-	assert.Equal(w.StatusCode, http.StatusOK)
-	assert.Equal(result.Data, false)
-	assert.Equal(result.Error.Fields[0], "username")
+	assertion.Equal(w.StatusCode, http.StatusOK)
+	assertion.Equal(result.Data, false)
+	assertion.Equal(result.Error.Fields[0], "username")
 
 	result, w = session.JSONRequest("POST", "/login", []byte{2, 3})
-	assert.Equal(w.StatusCode, http.StatusBadRequest)
+	assertion.Equal(w.StatusCode, http.StatusBadRequest)
 
-	result, w = session.JSONRequest("POST", "/login", RequestLogin{Username: "root", Password: "root"})
-	assert.Equal(w.StatusCode, http.StatusOK)
-	assert.Equal(result.Data, true)
+	//login before
+	loginTest(session, assertion)
 
 	/*
 	 * TEST logout
 	 */
 	result, w = session.JSONRequest("GET", "/logout", nil)
-	assert.Equal(w.StatusCode, http.StatusOK)
-	assert.Equal(result.Data, true)
+	assertion.Equal(w.StatusCode, http.StatusOK)
+	assertion.Equal(result.Data, true)
 
 	// Test if crash on if not login in
 	result, w = session.JSONRequest("GET", "/logout", nil)
-	assert.Equal(w.StatusCode, http.StatusOK)
-	assert.Equal(result.Data, false)
+	assertion.Equal(w.StatusCode, http.StatusOK)
+	assertion.Equal(result.Data, false)
 
 	/*
 	 * TEST password
 	 */
 
 	result, w = session.JSONRequest("POST", "/password", ChangePasswordRequest{CurrentPassword: "root", NewPassword: "root-bug"})
-	assert.Equal(w.StatusCode, http.StatusOK)
-	assert.Equal(result.Data, false)
+	assertion.Equal(w.StatusCode, http.StatusOK)
+	assertion.Equal(result.Data, false)
 
 	//login before
-	result, w = session.JSONRequest("POST", "/login", RequestLogin{Username: "root", Password: "root"})
-	assert.Equal(w.StatusCode, http.StatusOK)
-	assert.Equal(result.Data, true)
+	loginTest(session, assertion)
 
 	result, w = session.JSONRequest("POST", "/password", []byte{2, 3})
-	assert.Equal(w.StatusCode, http.StatusBadRequest)
+	assertion.Equal(w.StatusCode, http.StatusBadRequest)
 
 	result, w = session.JSONRequest("POST", "/password", ChangePasswordRequest{CurrentPassword: "root-wrong", NewPassword: "root-bug"})
-	assert.Equal(w.StatusCode, http.StatusOK)
-	assert.Equal(result.Data, false)
-	assert.Equal(result.Error.Fields[0], "currentpassword")
+	assertion.Equal(w.StatusCode, http.StatusOK)
+	assertion.Equal(result.Data, false)
+	assertion.Equal(result.Error.Fields[0], "currentpassword")
 
 	result, w = session.JSONRequest("POST", "/password", ChangePasswordRequest{CurrentPassword: "root", NewPassword: ""})
-	assert.Equal(w.StatusCode, http.StatusOK)
-	assert.Equal(result.Data, false)
-	assert.Equal(result.Error.Fields[0], "newpassword")
+	assertion.Equal(w.StatusCode, http.StatusOK)
+	assertion.Equal(result.Data, false)
+	assertion.Equal(result.Error.Fields[0], "newpassword")
 
 	result, w = session.JSONRequest("POST", "/password", ChangePasswordRequest{CurrentPassword: "root", NewPassword: "root-tmp"})
-	assert.Equal(w.StatusCode, http.StatusOK)
-	assert.Equal(result.Data, true)
+	assertion.Equal(w.StatusCode, http.StatusOK)
+	assertion.Equal(result.Data, true)
 
 	result, w = session.JSONRequest("POST", "/password", ChangePasswordRequest{CurrentPassword: "root-tmp", NewPassword: "root"})
-	assert.Equal(w.StatusCode, http.StatusOK)
-	assert.Equal(result.Data, true)
+	assertion.Equal(w.StatusCode, http.StatusOK)
+	assertion.Equal(result.Data, true)
 
 	/*
 	 * TEST inviteList
 	 */
 	session.Clean()
 	result, w = session.JSONRequest("GET", "/invite", nil)
-	assert.Equal(w.StatusCode, http.StatusOK)
-	assert.Equal(result.Data, false)
+	assertion.Equal(w.StatusCode, http.StatusOK)
+	assertion.Equal(result.Data, false)
 
 	//login before
-	result, w = session.JSONRequest("POST", "/login", RequestLogin{Username: "root", Password: "root"})
-	assert.Equal(w.StatusCode, http.StatusOK)
-	assert.Equal(result.Data, true)
+	loginTest(session, assertion)
 
 	result, w = session.JSONRequest("GET", "/invite", nil)
-	assert.Equal(w.StatusCode, http.StatusOK)
+	assertion.Equal(w.StatusCode, http.StatusOK)
 
 	/*
 	 * TEST loginList
 	 */
 	session.Clean()
 	result, w = session.JSONRequest("GET", "/user", nil)
-	assert.Equal(w.StatusCode, http.StatusOK)
-	assert.Equal(result.Data, false)
+	assertion.Equal(w.StatusCode, http.StatusOK)
+	assertion.Equal(result.Data, false)
 
 	//login before
-	result, w = session.JSONRequest("POST", "/login", RequestLogin{Username: "root", Password: "root"})
-	assert.Equal(w.StatusCode, http.StatusOK)
-	assert.Equal(result.Data, true)
+	loginTest(session, assertion)
 
 	result, w = session.JSONRequest("GET", "/user", nil)
-	assert.Equal(w.StatusCode, http.StatusOK)
+	assertion.Equal(w.StatusCode, http.StatusOK)
 }
diff --git a/system/lib.go b/system/lib.go
index aacad45..2609e39 100644
--- a/system/lib.go
+++ b/system/lib.go
@@ -23,9 +23,11 @@ func LoginHandler(h libapi.Handle) libapi.Handle {
 				return
 			}
 			returnerr = &libapi.ErrorResult{Fields: []string{"session"}, Message: "Not active user"}
+			w.WriteHeader(http.StatusUnauthorized)
 			liblog.Log.Warn("user not active")
 			return
 		}
+		w.WriteHeader(http.StatusUnauthorized)
 		returnerr = &libapi.ErrorResult{Fields: []string{"session"}, Message: "Not logged in"}
 		liblog.Log.Warn("not loggedin")
 		return