4 files changed, 174 insertions, 2 deletions

diff --git a/tests/Jellyfin.Networking.Tests/NetworkParseTests.cs b/tests/Jellyfin.Networking.Tests/NetworkParseTests.cs
index caea0d265..2d3356998 100644
--- a/tests/Jellyfin.Networking.Tests/NetworkParseTests.cs
+++ b/tests/Jellyfin.Networking.Tests/NetworkParseTests.cs
@@ -38,6 +38,8 @@ namespace Jellyfin.Networking.Tests
         [InlineData("192.168.1.208/24,-16,vEthernet1|192.168.2.208/24,-16,vEthernet212|200.200.200.200/24,11,eth11", "192.168.1.0/24", "[]")]
         // vEthernet1 and vEthernet212 should be excluded.
         [InlineData("192.168.1.200/24,-20,vEthernet1|192.168.2.208/24,-16,vEthernet212|200.200.200.200/24,11,eth11", "192.168.1.0/24;200.200.200.200/24", "[200.200.200.200/24]")]
+        // Overlapping interface,
+        [InlineData("192.168.1.110/24,-20,br0|192.168.1.10/24,-16,br0|200.200.200.200/24,11,eth11", "192.168.1.0/24", "[192.168.1.110/24,192.168.1.10/24]")]
         public void IgnoreVirtualInterfaces(string interfaces, string lan, string value)
         {
             var conf = new NetworkConfiguration()
diff --git a/tests/Jellyfin.Server.Integration.Tests/AuthHelper.cs b/tests/Jellyfin.Server.Integration.Tests/AuthHelper.cs
index 4b8fac07f..ea6838682 100644
--- a/tests/Jellyfin.Server.Integration.Tests/AuthHelper.cs
+++ b/tests/Jellyfin.Server.Integration.Tests/AuthHelper.cs
@@ -44,7 +44,7 @@ namespace Jellyfin.Server.Integration.Tests
             return auth!.AccessToken;
         }
 
-        public static void AddAuthHeader(this HttpRequestHeaders headers, string accessToken)
+        public static void AddAuthHeader(this HttpHeaders headers, string accessToken)
         {
             headers.Add(AuthHeaderName, DummyAuthHeader + $", Token={accessToken}");
         }
diff --git a/tests/Jellyfin.Server.Integration.Tests/Controllers/ActivityLogControllerTests.cs b/tests/Jellyfin.Server.Integration.Tests/Controllers/ActivityLogControllerTests.cs
index 4657ee6e2..be89fbc9a 100644
--- a/tests/Jellyfin.Server.Integration.Tests/Controllers/ActivityLogControllerTests.cs
+++ b/tests/Jellyfin.Server.Integration.Tests/Controllers/ActivityLogControllerTests.cs
@@ -8,7 +8,7 @@ namespace Jellyfin.Server.Integration.Tests.Controllers
     public sealed class ActivityLogControllerTests : IClassFixture<JellyfinApplicationFactory>
     {
         private readonly JellyfinApplicationFactory _factory;
-        private string? _accessToken;
+        private static string? _accessToken;
 
         public ActivityLogControllerTests(JellyfinApplicationFactory factory)
         {
diff --git a/tests/Jellyfin.Server.Integration.Tests/Controllers/UserControllerTests.cs b/tests/Jellyfin.Server.Integration.Tests/Controllers/UserControllerTests.cs
new file mode 100644
index 000000000..6584490de
--- /dev/null
+++ b/tests/Jellyfin.Server.Integration.Tests/Controllers/UserControllerTests.cs
@@ -0,0 +1,170 @@
+using System;
+using System.Globalization;
+using System.Linq;
+using System.Net;
+using System.Net.Http;
+using System.Net.Http.Headers;
+using System.Net.Mime;
+using System.Text.Json;
+using System.Threading.Tasks;
+using Jellyfin.Api.Models.UserDtos;
+using MediaBrowser.Common.Json;
+using MediaBrowser.Model.Dto;
+using Xunit;
+using Xunit.Priority;
+
+namespace Jellyfin.Server.Integration.Tests.Controllers
+{
+    [TestCaseOrderer(PriorityOrderer.Name, PriorityOrderer.Assembly)]
+    public sealed class UserControllerTests : IClassFixture<JellyfinApplicationFactory>
+    {
+        private const string TestUsername = "testUser01";
+
+        private readonly JellyfinApplicationFactory _factory;
+        private readonly JsonSerializerOptions _jsonOpions = JsonDefaults.Options;
+        private static string? _accessToken;
+        private static Guid _testUserId = Guid.Empty;
+
+        public UserControllerTests(JellyfinApplicationFactory factory)
+        {
+            _factory = factory;
+        }
+
+        private Task<HttpResponseMessage> CreateUserByName(HttpClient httpClient, CreateUserByName request)
+        {
+            using var postContent = new ByteArrayContent(JsonSerializer.SerializeToUtf8Bytes(request, _jsonOpions));
+            postContent.Headers.ContentType = MediaTypeHeaderValue.Parse(MediaTypeNames.Application.Json);
+            return httpClient.PostAsync("Users/New", postContent);
+        }
+
+        private Task<HttpResponseMessage> UpdateUserPassword(HttpClient httpClient, Guid userId, UpdateUserPassword request)
+        {
+            using var postContent = new ByteArrayContent(JsonSerializer.SerializeToUtf8Bytes(request, _jsonOpions));
+            postContent.Headers.ContentType = MediaTypeHeaderValue.Parse(MediaTypeNames.Application.Json);
+            return httpClient.PostAsync("Users/" + userId.ToString("N", CultureInfo.InvariantCulture) + "/Password", postContent);
+        }
+
+        [Fact]
+        [Priority(-1)]
+        public async Task GetPublicUsers_Valid_Success()
+        {
+            var client = _factory.CreateClient();
+
+            using var response = await client.GetAsync("Users/Public").ConfigureAwait(false);
+            Assert.Equal(HttpStatusCode.OK, response.StatusCode);
+            var users = await JsonSerializer.DeserializeAsync<UserDto[]>(
+                await response.Content.ReadAsStreamAsync().ConfigureAwait(false), _jsonOpions).ConfigureAwait(false);
+            // User are hidden by default
+            Assert.Empty(users);
+        }
+
+        [Fact]
+        [Priority(-1)]
+        public async Task GetUsers_Valid_Success()
+        {
+            var client = _factory.CreateClient();
+            client.DefaultRequestHeaders.AddAuthHeader(_accessToken ??= await AuthHelper.CompleteStartupAsync(client).ConfigureAwait(false));
+
+            using var response = await client.GetAsync("Users").ConfigureAwait(false);
+            Assert.Equal(HttpStatusCode.OK, response.StatusCode);
+            var users = await JsonSerializer.DeserializeAsync<UserDto[]>(
+                await response.Content.ReadAsStreamAsync().ConfigureAwait(false), _jsonOpions).ConfigureAwait(false);
+            Assert.Single(users);
+            Assert.False(users![0].HasConfiguredPassword);
+        }
+
+        [Fact]
+        [Priority(0)]
+        public async Task New_Valid_Success()
+        {
+            var client = _factory.CreateClient();
+
+            // access token can't be null here as the previous test populated it
+            client.DefaultRequestHeaders.AddAuthHeader(_accessToken!);
+
+            var createRequest = new CreateUserByName()
+            {
+                Name = TestUsername
+            };
+
+            using var response = await CreateUserByName(client, createRequest).ConfigureAwait(false);
+            Assert.Equal(HttpStatusCode.OK, response.StatusCode);
+            var user = await JsonSerializer.DeserializeAsync<UserDto>(
+                await response.Content.ReadAsStreamAsync().ConfigureAwait(false), _jsonOpions).ConfigureAwait(false);
+            Assert.Equal(TestUsername, user!.Name);
+            Assert.False(user.HasPassword);
+            Assert.False(user.HasConfiguredPassword);
+
+            _testUserId = user.Id;
+
+            Console.WriteLine(user.Id.ToString("N", CultureInfo.InvariantCulture));
+        }
+
+        [Theory]
+        [InlineData(null)]
+        [InlineData("")]
+        [InlineData("   ")]
+        [InlineData("‼️")]
+        [Priority(0)]
+        public async Task New_Invalid_Fail(string? username)
+        {
+            var client = _factory.CreateClient();
+
+            // access token can't be null here as the previous test populated it
+            client.DefaultRequestHeaders.AddAuthHeader(_accessToken!);
+
+            var createRequest = new CreateUserByName()
+            {
+                Name = username
+            };
+
+            using var response = await CreateUserByName(client, createRequest).ConfigureAwait(false);
+            Assert.Equal(HttpStatusCode.BadRequest, response.StatusCode);
+        }
+
+        [Fact]
+        [Priority(1)]
+        public async Task UpdateUserPassword_Valid_Success()
+        {
+            var client = _factory.CreateClient();
+            client.DefaultRequestHeaders.AddAuthHeader(_accessToken!);
+
+            var createRequest = new UpdateUserPassword()
+            {
+                NewPw = "4randomPa$$word"
+            };
+
+            using var response = await UpdateUserPassword(client, _testUserId, createRequest).ConfigureAwait(false);
+            Assert.Equal(HttpStatusCode.NoContent, response.StatusCode);
+
+            var users = await JsonSerializer.DeserializeAsync<UserDto[]>(
+                await client.GetStreamAsync("Users").ConfigureAwait(false), _jsonOpions).ConfigureAwait(false);
+            var user = users!.First(x => x.Id == _testUserId);
+            Assert.True(user.HasPassword);
+            Assert.True(user.HasConfiguredPassword);
+        }
+
+        [Fact]
+        [Priority(2)]
+        public async Task UpdateUserPassword_Empty_RemoveSetPassword()
+        {
+            var client = _factory.CreateClient();
+
+            client.DefaultRequestHeaders.AddAuthHeader(_accessToken!);
+
+            var createRequest = new UpdateUserPassword()
+            {
+                CurrentPw = "4randomPa$$word",
+            };
+
+            using var response = await UpdateUserPassword(client, _testUserId, createRequest).ConfigureAwait(false);
+            Assert.Equal(HttpStatusCode.NoContent, response.StatusCode);
+
+            var users = await JsonSerializer.DeserializeAsync<UserDto[]>(
+                await client.GetStreamAsync("Users").ConfigureAwait(false), _jsonOpions).ConfigureAwait(false);
+            var user = users!.First(x => x.Id == _testUserId);
+            Assert.False(user.HasPassword);
+            Assert.False(user.HasConfiguredPassword);
+        }
+    }
+}