From 397442767a2829d2232f8b566f6e8163b0c280d0 Mon Sep 17 00:00:00 2001
From: Tim Wundenberg <tim@wundenbergs.de>
Date: Mon, 23 Dec 2024 22:51:46 +0100
Subject: [PATCH] chore(auth): #331 implement and fix sign up tests

---
 handler/auth.go |  2 +-
 main_test.go    | 84 +++++++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 85 insertions(+), 1 deletion(-)

diff --git a/handler/auth.go b/handler/auth.go
index 67663ba..74ade85 100644
--- a/handler/auth.go
+++ b/handler/auth.go
@@ -210,7 +210,7 @@ func (handler AuthImpl) handleSignUp() http.HandlerFunc {
 			// If err is "service.ErrAccountExists", then just continue
 		}
 
-		utils.TriggerToast(w, r, "success", "A link to activate your account has been emailed to the address provided.", http.StatusOK)
+		utils.TriggerToast(w, r, "success", "An activation link has been send to your email", http.StatusOK)
 	}
 }
 
diff --git a/main_test.go b/main_test.go
index f56910c..b7ceb89 100644
--- a/main_test.go
+++ b/main_test.go
@@ -535,6 +535,90 @@ func TestIntegrationAuth(t *testing.T) {
 			assert.Equal(t, http.StatusBadRequest, resp.StatusCode)
 			assert.Contains(t, resp.Header.Get("HX-Trigger"), "password")
 		})
+		t.Run(`should say "verification mail send" if user already exists within ~250 ms`, func(t *testing.T) {
+			t.Parallel()
+
+			db, basePath, ctx := setupIntegrationTest(t)
+
+			_, err := db.Exec(`
+				INSERT INTO user (user_id, email, email_verified, is_admin, password, salt, created_at)
+				VALUES (?, "mail@mail.de", TRUE, FALSE, ?, ?, datetime())`, uuid.New(), service.GetHashPassword("password", []byte("salt")), []byte("salt"))
+			assert.Nil(t, err)
+
+			req, err := http.NewRequestWithContext(ctx, "GET", basePath+"/auth/signup", nil)
+			assert.Nil(t, err)
+			resp, err := httpClient.Do(req)
+			assert.Nil(t, err)
+			body, err := html.Parse(resp.Body)
+			assert.Nil(t, err)
+			anonymousCsrfToken := findCsrfToken(body)
+			assert.NotEqual(t, "", anonymousCsrfToken)
+			anonymousSession := findCookie(resp, "id")
+			assert.NotNil(t, anonymousSession)
+
+			formData := url.Values{
+				"email":      {"mail@mail.de"},
+				"password":   {"secure-Password!1"},
+				"csrf-token": {anonymousCsrfToken},
+			}
+			req, err = http.NewRequestWithContext(ctx, "POST", basePath+"/api/auth/signup", strings.NewReader(formData.Encode()))
+			assert.Nil(t, err)
+			req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
+			req.Header.Set("HX-Request", "true")
+			req.Header.Set("Cookie", "id="+anonymousSession.Value)
+			timeStart := time.Now()
+			resp, err = httpClient.Do(req)
+			timeEnd := time.Now()
+			assert.Nil(t, err)
+			timeTaken := timeEnd.Sub(timeStart)
+			assert.LessOrEqual(t, timeTaken, 253*time.Millisecond)
+			assert.GreaterOrEqual(t, timeTaken, 250*time.Millisecond)
+
+			assert.Equal(t, http.StatusOK, resp.StatusCode)
+			assert.Contains(t, resp.Header.Get("HX-Trigger"), "An activation link has been send to your email")
+		})
+		t.Run(`should say "verification mail send" within ~250 ms`, func(t *testing.T) {
+			t.Parallel()
+
+			db, basePath, ctx := setupIntegrationTest(t)
+
+			req, err := http.NewRequestWithContext(ctx, "GET", basePath+"/auth/signup", nil)
+			assert.Nil(t, err)
+			resp, err := httpClient.Do(req)
+			assert.Nil(t, err)
+			body, err := html.Parse(resp.Body)
+			assert.Nil(t, err)
+			anonymousCsrfToken := findCsrfToken(body)
+			assert.NotEqual(t, "", anonymousCsrfToken)
+			anonymousSession := findCookie(resp, "id")
+			assert.NotNil(t, anonymousSession)
+
+			formData := url.Values{
+				"email":      {"mail@mail.de"},
+				"password":   {"secure-Password!1"},
+				"csrf-token": {anonymousCsrfToken},
+			}
+			req, err = http.NewRequestWithContext(ctx, "POST", basePath+"/api/auth/signup", strings.NewReader(formData.Encode()))
+			assert.Nil(t, err)
+			req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
+			req.Header.Set("HX-Request", "true")
+			req.Header.Set("Cookie", "id="+anonymousSession.Value)
+			timeStart := time.Now()
+			resp, err = httpClient.Do(req)
+			timeEnd := time.Now()
+			assert.Nil(t, err)
+			timeTaken := timeEnd.Sub(timeStart)
+			assert.LessOrEqual(t, timeTaken, 253*time.Millisecond)
+			assert.GreaterOrEqual(t, timeTaken, 250*time.Millisecond)
+
+			assert.Equal(t, http.StatusOK, resp.StatusCode)
+			assert.Contains(t, resp.Header.Get("HX-Trigger"), "An activation link has been send to your email")
+
+			var rows int
+			err = db.QueryRow("SELECT COUNT(*) FROM user WHERE email = ? AND email_verified = FALSE", "mail@mail.de").Scan(&rows)
+			assert.Nil(t, err)
+			assert.Equal(t, 1, rows)
+		})
 	})
 	t.Run("SignOut", func(t *testing.T) {
 		t.Run("should fail if csrf token is not valid", func(t *testing.T) {