From 98df7501f64a91f8d0f09f1fc7b9d47cff0ad077 Mon Sep 17 00:00:00 2001
From: Jannis Mattheis <contact@jmattheis.de>
Date: Sat, 10 Mar 2018 21:30:46 +0100
Subject: [PATCH] Add failing test for getmessages with not owned app

---
 api/message_test.go | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/api/message_test.go b/api/message_test.go
index 5b346ab..556b597 100644
--- a/api/message_test.go
+++ b/api/message_test.go
@@ -60,6 +60,7 @@ func (s *MessageSuite) Test_GetMessagesWithToken() {
 	auth.RegisterAuthentication(s.ctx, nil, 4, "")
 	t, _ := time.Parse("2006/01/02", "2021/01/02")
 	s.db.On("GetMessagesByApplication", uint(1)).Return([]*model.Message{{ID: 2, ApplicationID: 1, Message: "hi", Title: "hi", Date: t, Priority: 4}})
+	s.db.On("GetApplicationByID", uint(1)).Return(&model.Application{ID: 1, Token:"irrelevant", UserID: 4})
 	s.ctx.Params = gin.Params{{Key: "appid", Value: "1"}}
 
 	s.a.GetMessagesWithApplication(s.ctx)
@@ -69,6 +70,18 @@ func (s *MessageSuite) Test_GetMessagesWithToken() {
 	assert.JSONEq(s.T(), `[{"id":2,"appid":1,"message":"hi","title":"hi","priority":4,"date":"2021-01-02T00:00:00Z"}]`, string(bytes))
 }
 
+func (s *MessageSuite) Test_GetMessagesWithToken_withWrongUser_expectNotFound() {
+	auth.RegisterAuthentication(s.ctx, nil, 4, "")
+	t, _ := time.Parse("2006/01/02", "2021/01/02")
+	s.db.On("GetApplicationByID", uint(1)).Return(&model.Application{ID: 1, Token:"irrelevant", UserID: 2})
+	s.db.On("GetMessagesByApplication", uint(1)).Return([]*model.Message{{ID: 2, ApplicationID: 1, Message: "hi", Title: "hi", Date: t, Priority: 4}})
+	s.ctx.Params = gin.Params{{Key: "appid", Value: "1"}}
+
+	s.a.GetMessagesWithApplication(s.ctx)
+
+	assert.Equal(s.T(), 404, s.recorder.Code)
+}
+
 func (s *MessageSuite) Test_DeleteMessage_invalidID() {
 	s.ctx.Params = gin.Params{{Key: "id", Value: "string"}}