spend-sparrow/service/auth_test.go

package service

import (
	"me-fit/db"
	"me-fit/mocks"
	"me-fit/types"

	"errors"
	"testing"
	"time"

	"github.com/google/uuid"
	"github.com/stretchr/testify/assert"
)

func TestSignIn(t *testing.T) {

	t.Parallel()
	t.Run("should return user if password is correct", func(t *testing.T) {
		t.Parallel()
		salt := []byte("salt")
		verifiedAt := time.Date(2020, 1, 2, 0, 0, 0, 0, time.UTC)
		user := db.NewUser(
			uuid.New(),
			"test@test.de",
			true,
			&verifiedAt,
			false,
			GetHashPassword("password", salt),
			salt,
			time.Date(2020, 1, 1, 0, 0, 0, 0, time.UTC),
		)

		mockDbAuth := mocks.NewMockDbAuth(t)
		mockDbAuth.EXPECT().GetUser("test@test.de").Return(user, nil)
		mockRandom := mocks.NewMockRandomGenerator(t)
		mockClock := mocks.NewMockClock(t)

		underTest := NewServiceAuthImpl(mockDbAuth, mockRandom, mockClock, &types.ServerSettings{})

		actualUser, err := underTest.SignIn(user.Email, "password")
		assert.Nil(t, err)

		expectedUser := User{
			Id:            user.Id,
			Email:         user.Email,
			EmailVerified: user.EmailVerified,
		}

		assert.Equal(t, expectedUser, *actualUser)
	})

	t.Run("should return ErrInvalidCretentials if password is not correct", func(t *testing.T) {
		t.Parallel()
		salt := []byte("salt")
		verifiedAt := time.Date(2020, 1, 2, 0, 0, 0, 0, time.UTC)

		user := db.NewUser(
			uuid.New(),
			"test@test.de",
			true,
			&verifiedAt,
			false,
			GetHashPassword("password", salt),
			salt,
			time.Date(2020, 1, 1, 0, 0, 0, 0, time.UTC),
		)

		mockDbAuth := mocks.NewMockDbAuth(t)
		mockDbAuth.EXPECT().GetUser(user.Email).Return(user, nil)
		mockRandom := mocks.NewMockRandomGenerator(t)
		mockClock := mocks.NewMockClock(t)

		underTest := NewServiceAuthImpl(mockDbAuth, mockRandom, mockClock, &types.ServerSettings{})

		_, err := underTest.SignIn("test@test.de", "wrong password")

		assert.Equal(t, ErrInvaidCredentials, err)
	})
	t.Run("should return ErrInvalidCretentials if user has not been found", func(t *testing.T) {
		t.Parallel()

		mockDbAuth := mocks.NewMockDbAuth(t)
		mockDbAuth.EXPECT().GetUser("test").Return(nil, db.ErrUserNotFound)
		mockRandom := mocks.NewMockRandomGenerator(t)
		mockClock := mocks.NewMockClock(t)

		underTest := NewServiceAuthImpl(mockDbAuth, mockRandom, mockClock, &types.ServerSettings{})

		_, err := underTest.SignIn("test", "test")
		assert.Equal(t, ErrInvaidCredentials, err)
	})
	t.Run("should forward ErrInternal on any other error", func(t *testing.T) {
		t.Parallel()

		mockDbAuth := mocks.NewMockDbAuth(t)
		mockDbAuth.EXPECT().GetUser("test").Return(nil, errors.New("Some undefined error"))
		mockRandom := mocks.NewMockRandomGenerator(t)
		mockClock := mocks.NewMockClock(t)

		underTest := NewServiceAuthImpl(mockDbAuth, mockRandom, mockClock, &types.ServerSettings{})

		_, err := underTest.SignIn("test", "test")

		assert.Equal(t, types.ErrInternal, err)
	})
}

func TestSignUp(t *testing.T) {
	t.Parallel()
	t.Run("should check for correct email address", func(t *testing.T) {
		t.Parallel()

		mockDbAuth := mocks.NewMockDbAuth(t)
		mockRandom := mocks.NewMockRandomGenerator(t)
		mockClock := mocks.NewMockClock(t)

		underTest := NewServiceAuthImpl(mockDbAuth, mockRandom, mockClock, &types.ServerSettings{})

		_, err := underTest.SignUp("invalid email address", "SomeStrongPassword123!")

		assert.Equal(t, ErrInvalidEmail, err)
	})
	t.Run("should check for password complexity", func(t *testing.T) {
		t.Parallel()

		mockDbAuth := mocks.NewMockDbAuth(t)
		mockRandom := mocks.NewMockRandomGenerator(t)
		mockClock := mocks.NewMockClock(t)

		underTest := NewServiceAuthImpl(mockDbAuth, mockRandom, mockClock, &types.ServerSettings{})

		weakPasswords := []string{
			"123!ab", // too short
			"no_upper_case_123",
			"NO_LOWER_CASE_123",
			"noSpecialChar123",
		}

		for _, password := range weakPasswords {
			_, err := underTest.SignUp("some@valid.email", password)
			assert.Equal(t, ErrInvalidPassword, err)
		}
	})
	t.Run("should signup correctly", func(t *testing.T) {
		t.Parallel()

		mockDbAuth := mocks.NewMockDbAuth(t)
		mockRandom := mocks.NewMockRandomGenerator(t)
		mockClock := mocks.NewMockClock(t)

		expected := User{
			Id:            uuid.New(),
			Email:         "some@valid.email",
			EmailVerified: false,
		}

		random := NewRandomGeneratorImpl()
		salt, err := random.Bytes(16)
		assert.Nil(t, err)
		password := "SomeStrongPassword123!"

		mockRandom.EXPECT().UUID().Return(expected.Id, nil)
		mockRandom.EXPECT().Bytes(16).Return(salt, nil)

		createTime := time.Date(2020, 1, 1, 0, 0, 0, 0, time.UTC)

		mockClock.EXPECT().Now().Return(createTime)

		mockDbAuth.EXPECT().InsertUser(db.NewUser(expected.Id, expected.Email, false, nil, false, GetHashPassword(password, salt), salt, createTime)).Return(nil)

		underTest := NewServiceAuthImpl(mockDbAuth, mockRandom, mockClock, &types.ServerSettings{})

		actual, err := underTest.SignUp(expected.Email, password)

		assert.Nil(t, err)

		assert.Equal(t, expected, *actual)
	})
}