mirror of
https://github.com/navidrome/navidrome.git
synced 2026-03-04 06:35:52 +00:00
8319905d2c
* test(e2e): add comprehensive tests for Subsonic API endpoints Signed-off-by: Deluan <deluan@navidrome.org> * fix(e2e): improve database handling and snapshot restoration in tests Signed-off-by: Deluan <deluan@navidrome.org> * test(e2e): add tests for album sharing and user isolation scenarios Signed-off-by: Deluan <deluan@navidrome.org> * test(e2e): add tests for multi-library support and user access control Signed-off-by: Deluan <deluan@navidrome.org> * test(e2e): tests are fast, no need to skip on -short Signed-off-by: Deluan <deluan@navidrome.org> * address gemini comments Signed-off-by: Deluan <deluan@navidrome.org> * fix(tests): prevent MockDataStore from caching repos with stale context When RealDS is set, MockDataStore previously cached repository instances on first access, binding them to the initial caller's context. This meant repos created with an admin context would skip library filtering for all subsequent non-admin calls, silently masking access control bugs. Changed MockDataStore to delegate to RealDS on every call without caching, so each caller gets a fresh repo with the correct context. Removed the pre-warm calls in e2e setupTestDB that were working around the old caching behavior. * test(e2e): route subsonic tests through full HTTP middleware stack Replace direct router method calls with full HTTP round-trips via router.ServeHTTP(w, r) across all 15 e2e test files. Tests now exercise the complete chi middleware chain including postFormToQueryParams, checkRequiredParameters, authenticate, UpdateLastAccessMiddleware, getPlayer, and sendResponse/sendError serialization. New helpers (doReq, doReqWithUser, doRawReq, buildReq, parseJSONResponse) use plaintext password auth and JSON response format. Old helpers that injected context directly (newReq, newReqWithUser, newRawReq) are removed. Sharing tests now set conf.Server.EnableSharing before router creation to ensure sharing routes are registered. --------- Signed-off-by: Deluan <deluan@navidrome.org>
280 lines
9.8 KiB
Go
280 lines
9.8 KiB
Go
package e2e
|
|
|
|
import (
|
|
"fmt"
|
|
"testing/fstest"
|
|
|
|
"github.com/Masterminds/squirrel"
|
|
"github.com/navidrome/navidrome/conf"
|
|
"github.com/navidrome/navidrome/core"
|
|
"github.com/navidrome/navidrome/core/artwork"
|
|
"github.com/navidrome/navidrome/core/metrics"
|
|
"github.com/navidrome/navidrome/core/storage/storagetest"
|
|
"github.com/navidrome/navidrome/model"
|
|
"github.com/navidrome/navidrome/scanner"
|
|
"github.com/navidrome/navidrome/server/events"
|
|
"github.com/navidrome/navidrome/server/subsonic/responses"
|
|
. "github.com/onsi/ginkgo/v2"
|
|
. "github.com/onsi/gomega"
|
|
)
|
|
|
|
var _ = Describe("Multi-Library Support", Ordered, func() {
|
|
var lib2 model.Library
|
|
var adminWithLibs model.User // admin reloaded with both libraries
|
|
var userLib1Only model.User // non-admin with lib1 access only
|
|
|
|
BeforeAll(func() {
|
|
conf.Server.EnableSharing = true
|
|
setupTestDB()
|
|
|
|
// Create a second FakeFS with Classical music content
|
|
classical := template(_t{
|
|
"albumartist": "Ludwig van Beethoven",
|
|
"artist": "Ludwig van Beethoven",
|
|
"album": "Symphony No. 9",
|
|
"year": 1824,
|
|
"genre": "Classical",
|
|
})
|
|
classicalFS := storagetest.FakeFS{}
|
|
classicalFS.SetFiles(fstest.MapFS{
|
|
"Classical/Beethoven/Symphony No. 9/01 - Allegro ma non troppo.mp3": classical(track(1, "Allegro ma non troppo")),
|
|
"Classical/Beethoven/Symphony No. 9/02 - Ode to Joy.mp3": classical(track(2, "Ode to Joy")),
|
|
})
|
|
storagetest.Register("fake2", &classicalFS)
|
|
|
|
// Create the second library in the DB (Put auto-assigns admin users)
|
|
lib2 = model.Library{ID: 2, Name: "Classical Library", Path: "fake2:///classical"}
|
|
Expect(ds.Library(ctx).Put(&lib2)).To(Succeed())
|
|
|
|
// Reload admin user to get both libraries in the Libraries field
|
|
loadedAdmin, err := ds.User(ctx).FindByUsername(adminUser.UserName)
|
|
Expect(err).ToNot(HaveOccurred())
|
|
adminWithLibs = *loadedAdmin
|
|
|
|
// Run incremental scan to import lib2 content (lib1 files unchanged → skipped)
|
|
s := scanner.New(ctx, ds, artwork.NoopCacheWarmer(), events.NoopBroker(),
|
|
core.NewPlaylists(ds), metrics.NewNoopInstance())
|
|
_, err = s.ScanAll(ctx, false)
|
|
Expect(err).ToNot(HaveOccurred())
|
|
|
|
// Create a non-admin user with access only to lib1
|
|
userLib1Only = model.User{
|
|
ID: "multilib-user-1",
|
|
UserName: "lib1user",
|
|
Name: "Lib1 User",
|
|
IsAdmin: false,
|
|
NewPassword: "password",
|
|
}
|
|
Expect(ds.User(ctx).Put(&userLib1Only)).To(Succeed())
|
|
Expect(ds.User(ctx).SetUserLibraries(userLib1Only.ID, []int{lib.ID})).To(Succeed())
|
|
|
|
loadedUser, err := ds.User(ctx).FindByUsername(userLib1Only.UserName)
|
|
Expect(err).ToNot(HaveOccurred())
|
|
userLib1Only.Libraries = loadedUser.Libraries
|
|
})
|
|
|
|
Describe("getMusicFolders", func() {
|
|
It("returns both libraries for admin user", func() {
|
|
resp := doReqWithUser(adminWithLibs, "getMusicFolders")
|
|
|
|
Expect(resp.Status).To(Equal(responses.StatusOK))
|
|
Expect(resp.MusicFolders.Folders).To(HaveLen(2))
|
|
|
|
names := make([]string, len(resp.MusicFolders.Folders))
|
|
for i, f := range resp.MusicFolders.Folders {
|
|
names[i] = f.Name
|
|
}
|
|
Expect(names).To(ConsistOf("Music Library", "Classical Library"))
|
|
})
|
|
})
|
|
|
|
Describe("getArtists - library filtering", func() {
|
|
It("returns only lib1 artists when musicFolderId=1", func() {
|
|
resp := doReqWithUser(adminWithLibs, "getArtists", "musicFolderId", fmt.Sprintf("%d", lib.ID))
|
|
|
|
Expect(resp.Status).To(Equal(responses.StatusOK))
|
|
Expect(resp.Artist).ToNot(BeNil())
|
|
|
|
var artistNames []string
|
|
for _, idx := range resp.Artist.Index {
|
|
for _, a := range idx.Artists {
|
|
artistNames = append(artistNames, a.Name)
|
|
}
|
|
}
|
|
Expect(artistNames).To(ContainElements("The Beatles", "Led Zeppelin", "Miles Davis"))
|
|
Expect(artistNames).ToNot(ContainElement("Ludwig van Beethoven"))
|
|
})
|
|
|
|
It("returns only lib2 artists when musicFolderId=2", func() {
|
|
resp := doReqWithUser(adminWithLibs, "getArtists", "musicFolderId", fmt.Sprintf("%d", lib2.ID))
|
|
|
|
Expect(resp.Status).To(Equal(responses.StatusOK))
|
|
Expect(resp.Artist).ToNot(BeNil())
|
|
|
|
var artistNames []string
|
|
for _, idx := range resp.Artist.Index {
|
|
for _, a := range idx.Artists {
|
|
artistNames = append(artistNames, a.Name)
|
|
}
|
|
}
|
|
Expect(artistNames).To(ContainElement("Ludwig van Beethoven"))
|
|
Expect(artistNames).ToNot(ContainElements("The Beatles", "Led Zeppelin", "Miles Davis"))
|
|
})
|
|
|
|
It("returns artists from all libraries when no musicFolderId is specified", func() {
|
|
resp := doReqWithUser(adminWithLibs, "getArtists")
|
|
|
|
Expect(resp.Status).To(Equal(responses.StatusOK))
|
|
|
|
var artistNames []string
|
|
for _, idx := range resp.Artist.Index {
|
|
for _, a := range idx.Artists {
|
|
artistNames = append(artistNames, a.Name)
|
|
}
|
|
}
|
|
Expect(artistNames).To(ContainElements("The Beatles", "Led Zeppelin", "Miles Davis", "Ludwig van Beethoven"))
|
|
})
|
|
})
|
|
|
|
Describe("getAlbumList - library filtering", func() {
|
|
It("returns only lib1 albums when musicFolderId=1", func() {
|
|
resp := doReqWithUser(adminWithLibs, "getAlbumList", "type", "alphabeticalByName", "musicFolderId", fmt.Sprintf("%d", lib.ID))
|
|
|
|
Expect(resp.AlbumList).ToNot(BeNil())
|
|
Expect(resp.AlbumList.Album).To(HaveLen(5))
|
|
for _, a := range resp.AlbumList.Album {
|
|
Expect(a.Title).ToNot(Equal("Symphony No. 9"))
|
|
}
|
|
})
|
|
|
|
It("returns only lib2 albums when musicFolderId=2", func() {
|
|
resp := doReqWithUser(adminWithLibs, "getAlbumList", "type", "alphabeticalByName", "musicFolderId", fmt.Sprintf("%d", lib2.ID))
|
|
|
|
Expect(resp.AlbumList).ToNot(BeNil())
|
|
Expect(resp.AlbumList.Album).To(HaveLen(1))
|
|
Expect(resp.AlbumList.Album[0].Title).To(Equal("Symphony No. 9"))
|
|
})
|
|
})
|
|
|
|
Describe("search3 - library filtering", func() {
|
|
It("does not find lib1 content when searching in lib2 only", func() {
|
|
resp := doReqWithUser(adminWithLibs, "search3", "query", "Beatles", "musicFolderId", fmt.Sprintf("%d", lib2.ID))
|
|
|
|
Expect(resp.SearchResult3).ToNot(BeNil())
|
|
Expect(resp.SearchResult3.Artist).To(BeEmpty())
|
|
Expect(resp.SearchResult3.Album).To(BeEmpty())
|
|
Expect(resp.SearchResult3.Song).To(BeEmpty())
|
|
})
|
|
|
|
It("finds lib2 content when searching in lib2", func() {
|
|
resp := doReqWithUser(adminWithLibs, "search3", "query", "Beethoven", "musicFolderId", fmt.Sprintf("%d", lib2.ID))
|
|
|
|
Expect(resp.SearchResult3).ToNot(BeNil())
|
|
Expect(resp.SearchResult3.Artist).ToNot(BeEmpty())
|
|
Expect(resp.SearchResult3.Artist[0].Name).To(Equal("Ludwig van Beethoven"))
|
|
})
|
|
})
|
|
|
|
Describe("Cross-library playlists", Ordered, func() {
|
|
var playlistID string
|
|
var lib1SongID, lib2SongID string
|
|
|
|
BeforeAll(func() {
|
|
// Look up one song from each library
|
|
lib1Songs, err := ds.MediaFile(ctx).GetAll(model.QueryOptions{
|
|
Filters: squirrel.Eq{"media_file.library_id": lib.ID},
|
|
Max: 1, Sort: "title",
|
|
})
|
|
Expect(err).ToNot(HaveOccurred())
|
|
Expect(lib1Songs).ToNot(BeEmpty())
|
|
lib1SongID = lib1Songs[0].ID
|
|
|
|
lib2Songs, err := ds.MediaFile(ctx).GetAll(model.QueryOptions{
|
|
Filters: squirrel.Eq{"media_file.library_id": lib2.ID},
|
|
Max: 1, Sort: "title",
|
|
})
|
|
Expect(err).ToNot(HaveOccurred())
|
|
Expect(lib2Songs).ToNot(BeEmpty())
|
|
lib2SongID = lib2Songs[0].ID
|
|
})
|
|
|
|
It("admin creates a playlist with songs from both libraries", func() {
|
|
resp := doReqWithUser(adminWithLibs, "createPlaylist",
|
|
"name", "Cross-Library Playlist", "songId", lib1SongID, "songId", lib2SongID)
|
|
|
|
Expect(resp.Status).To(Equal(responses.StatusOK))
|
|
Expect(resp.Playlist).ToNot(BeNil())
|
|
Expect(resp.Playlist.SongCount).To(Equal(int32(2)))
|
|
Expect(resp.Playlist.Entry).To(HaveLen(2))
|
|
playlistID = resp.Playlist.Id
|
|
})
|
|
|
|
It("admin makes the playlist public", func() {
|
|
resp := doReqWithUser(adminWithLibs, "updatePlaylist",
|
|
"playlistId", playlistID, "public", "true")
|
|
|
|
Expect(resp.Status).To(Equal(responses.StatusOK))
|
|
})
|
|
|
|
It("non-admin user with lib1 only sees only lib1 tracks in the playlist", func() {
|
|
resp := doReqWithUser(userLib1Only, "getPlaylist", "id", playlistID)
|
|
|
|
Expect(resp.Playlist).ToNot(BeNil())
|
|
// The playlist has 2 songs total, but the non-admin user only has access to lib1
|
|
Expect(resp.Playlist.Entry).To(HaveLen(1))
|
|
Expect(resp.Playlist.Entry[0].Id).To(Equal(lib1SongID))
|
|
})
|
|
})
|
|
|
|
Describe("Cross-library shares", Ordered, func() {
|
|
var lib2AlbumID string
|
|
|
|
BeforeAll(func() {
|
|
lib2Albums, err := ds.Album(ctx).GetAll(model.QueryOptions{
|
|
Filters: squirrel.Eq{"album.library_id": lib2.ID},
|
|
})
|
|
Expect(err).ToNot(HaveOccurred())
|
|
Expect(lib2Albums).ToNot(BeEmpty())
|
|
lib2AlbumID = lib2Albums[0].ID
|
|
})
|
|
|
|
It("admin creates a share for a lib2 album", func() {
|
|
resp := doReqWithUser(adminWithLibs, "createShare",
|
|
"id", lib2AlbumID, "description", "Classical album share")
|
|
|
|
Expect(resp.Status).To(Equal(responses.StatusOK))
|
|
Expect(resp.Shares).ToNot(BeNil())
|
|
Expect(resp.Shares.Share).To(HaveLen(1))
|
|
|
|
share := resp.Shares.Share[0]
|
|
Expect(share.Description).To(Equal("Classical album share"))
|
|
Expect(share.Entry).ToNot(BeEmpty())
|
|
Expect(share.Entry[0].Title).To(Equal("Symphony No. 9"))
|
|
})
|
|
})
|
|
|
|
Describe("Library access control", func() {
|
|
It("returns error when non-admin user requests inaccessible library", func() {
|
|
resp := doReqWithUser(userLib1Only, "getArtists", "musicFolderId", fmt.Sprintf("%d", lib2.ID))
|
|
|
|
Expect(resp.Status).To(Equal(responses.StatusFailed))
|
|
Expect(resp.Error).ToNot(BeNil())
|
|
})
|
|
|
|
It("non-admin user sees only their library's content without musicFolderId", func() {
|
|
resp := doReqWithUser(userLib1Only, "getArtists")
|
|
|
|
Expect(resp.Status).To(Equal(responses.StatusOK))
|
|
|
|
var artistNames []string
|
|
for _, idx := range resp.Artist.Index {
|
|
for _, a := range idx.Artists {
|
|
artistNames = append(artistNames, a.Name)
|
|
}
|
|
}
|
|
Expect(artistNames).To(ContainElements("The Beatles", "Led Zeppelin", "Miles Davis"))
|
|
Expect(artistNames).ToNot(ContainElement("Ludwig van Beethoven"))
|
|
})
|
|
})
|
|
})
|