chore(auth): #331 implement and fix sign up tests
All checks were successful
Build Docker Image / Build-Docker-Image (push) Successful in 48s
All checks were successful
Build Docker Image / Build-Docker-Image (push) Successful in 48s
This commit is contained in:
165
main_test.go
165
main_test.go
@@ -455,6 +455,171 @@ func TestIntegrationAuth(t *testing.T) {
|
||||
assert.Equal(t, 0, rows)
|
||||
})
|
||||
})
|
||||
t.Run("SignUp", func(t *testing.T) {
|
||||
t.Run(`should redirect to "/" if signed in`, func(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
db, basePath, ctx := setupIntegrationTest(t)
|
||||
|
||||
userId := uuid.New()
|
||||
sessionId := "session-id"
|
||||
pass := service.GetHashPassword("password", []byte("salt"))
|
||||
|
||||
_, err := db.Exec(`
|
||||
INSERT INTO user (user_id, email, email_verified, is_admin, password, salt, created_at)
|
||||
VALUES (?, "mail@mail.de", TRUE, FALSE, ?, ?, datetime())`, userId, pass, []byte("salt"))
|
||||
assert.Nil(t, err)
|
||||
_, err = db.Exec(`
|
||||
INSERT INTO session (session_id, user_id, created_at, expires_at)
|
||||
VALUES (?, ?, datetime(), datetime("now", "+1 day"))`, sessionId, userId)
|
||||
assert.Nil(t, err)
|
||||
|
||||
req, err := http.NewRequestWithContext(ctx, "GET", basePath+"/auth/signin", nil)
|
||||
assert.Nil(t, err)
|
||||
req.Header.Set("Cookie", "id="+sessionId)
|
||||
resp, err := httpClient.Do(req)
|
||||
assert.Nil(t, err)
|
||||
|
||||
assert.Equal(t, http.StatusSeeOther, resp.StatusCode)
|
||||
assert.Equal(t, "/", resp.Header.Get("Location"))
|
||||
})
|
||||
t.Run(`should fail if csrf token is invalid`, func(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
_, basePath, ctx := setupIntegrationTest(t)
|
||||
|
||||
formData := url.Values{
|
||||
"email": {"mail@mail.de"},
|
||||
"password": {"password"},
|
||||
"csrf-token": {"invalid-csrf-token"},
|
||||
}
|
||||
req, err := http.NewRequestWithContext(ctx, "POST", basePath+"/api/auth/signin", strings.NewReader(formData.Encode()))
|
||||
assert.Nil(t, err)
|
||||
req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
|
||||
req.Header.Set("HX-Request", "true")
|
||||
resp, err := httpClient.Do(req)
|
||||
assert.Nil(t, err)
|
||||
|
||||
assert.Equal(t, http.StatusBadRequest, resp.StatusCode)
|
||||
assert.Contains(t, resp.Header.Get("HX-Trigger"), "CSRF")
|
||||
})
|
||||
t.Run(`should fail if password is insecure`, func(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
_, basePath, ctx := setupIntegrationTest(t)
|
||||
|
||||
req, err := http.NewRequestWithContext(ctx, "GET", basePath+"/auth/signup", nil)
|
||||
assert.Nil(t, err)
|
||||
resp, err := httpClient.Do(req)
|
||||
assert.Nil(t, err)
|
||||
body, err := html.Parse(resp.Body)
|
||||
assert.Nil(t, err)
|
||||
anonymousCsrfToken := findCsrfToken(body)
|
||||
assert.NotEqual(t, "", anonymousCsrfToken)
|
||||
anonymousSession := findCookie(resp, "id")
|
||||
assert.NotNil(t, anonymousSession)
|
||||
|
||||
formData := url.Values{
|
||||
"email": {"mail@mail.de"},
|
||||
"password": {"insecure-password"},
|
||||
"csrf-token": {anonymousCsrfToken},
|
||||
}
|
||||
req, err = http.NewRequestWithContext(ctx, "POST", basePath+"/api/auth/signup", strings.NewReader(formData.Encode()))
|
||||
assert.Nil(t, err)
|
||||
req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
|
||||
req.Header.Set("HX-Request", "true")
|
||||
req.Header.Set("Cookie", "id="+anonymousSession.Value)
|
||||
resp, err = httpClient.Do(req)
|
||||
assert.Nil(t, err)
|
||||
|
||||
assert.Equal(t, http.StatusBadRequest, resp.StatusCode)
|
||||
assert.Contains(t, resp.Header.Get("HX-Trigger"), "password")
|
||||
})
|
||||
t.Run(`should say "verification mail send" if user already exists within ~250 ms`, func(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
db, basePath, ctx := setupIntegrationTest(t)
|
||||
|
||||
_, err := db.Exec(`
|
||||
INSERT INTO user (user_id, email, email_verified, is_admin, password, salt, created_at)
|
||||
VALUES (?, "mail@mail.de", TRUE, FALSE, ?, ?, datetime())`, uuid.New(), service.GetHashPassword("password", []byte("salt")), []byte("salt"))
|
||||
assert.Nil(t, err)
|
||||
|
||||
req, err := http.NewRequestWithContext(ctx, "GET", basePath+"/auth/signup", nil)
|
||||
assert.Nil(t, err)
|
||||
resp, err := httpClient.Do(req)
|
||||
assert.Nil(t, err)
|
||||
body, err := html.Parse(resp.Body)
|
||||
assert.Nil(t, err)
|
||||
anonymousCsrfToken := findCsrfToken(body)
|
||||
assert.NotEqual(t, "", anonymousCsrfToken)
|
||||
anonymousSession := findCookie(resp, "id")
|
||||
assert.NotNil(t, anonymousSession)
|
||||
|
||||
formData := url.Values{
|
||||
"email": {"mail@mail.de"},
|
||||
"password": {"secure-Password!1"},
|
||||
"csrf-token": {anonymousCsrfToken},
|
||||
}
|
||||
req, err = http.NewRequestWithContext(ctx, "POST", basePath+"/api/auth/signup", strings.NewReader(formData.Encode()))
|
||||
assert.Nil(t, err)
|
||||
req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
|
||||
req.Header.Set("HX-Request", "true")
|
||||
req.Header.Set("Cookie", "id="+anonymousSession.Value)
|
||||
timeStart := time.Now()
|
||||
resp, err = httpClient.Do(req)
|
||||
timeEnd := time.Now()
|
||||
assert.Nil(t, err)
|
||||
timeTaken := timeEnd.Sub(timeStart)
|
||||
assert.LessOrEqual(t, timeTaken, 253*time.Millisecond)
|
||||
assert.GreaterOrEqual(t, timeTaken, 250*time.Millisecond)
|
||||
|
||||
assert.Equal(t, http.StatusOK, resp.StatusCode)
|
||||
assert.Contains(t, resp.Header.Get("HX-Trigger"), "An activation link has been send to your email")
|
||||
})
|
||||
t.Run(`should say "verification mail send" within ~250 ms`, func(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
db, basePath, ctx := setupIntegrationTest(t)
|
||||
|
||||
req, err := http.NewRequestWithContext(ctx, "GET", basePath+"/auth/signup", nil)
|
||||
assert.Nil(t, err)
|
||||
resp, err := httpClient.Do(req)
|
||||
assert.Nil(t, err)
|
||||
body, err := html.Parse(resp.Body)
|
||||
assert.Nil(t, err)
|
||||
anonymousCsrfToken := findCsrfToken(body)
|
||||
assert.NotEqual(t, "", anonymousCsrfToken)
|
||||
anonymousSession := findCookie(resp, "id")
|
||||
assert.NotNil(t, anonymousSession)
|
||||
|
||||
formData := url.Values{
|
||||
"email": {"mail@mail.de"},
|
||||
"password": {"secure-Password!1"},
|
||||
"csrf-token": {anonymousCsrfToken},
|
||||
}
|
||||
req, err = http.NewRequestWithContext(ctx, "POST", basePath+"/api/auth/signup", strings.NewReader(formData.Encode()))
|
||||
assert.Nil(t, err)
|
||||
req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
|
||||
req.Header.Set("HX-Request", "true")
|
||||
req.Header.Set("Cookie", "id="+anonymousSession.Value)
|
||||
timeStart := time.Now()
|
||||
resp, err = httpClient.Do(req)
|
||||
timeEnd := time.Now()
|
||||
assert.Nil(t, err)
|
||||
timeTaken := timeEnd.Sub(timeStart)
|
||||
assert.LessOrEqual(t, timeTaken, 253*time.Millisecond)
|
||||
assert.GreaterOrEqual(t, timeTaken, 250*time.Millisecond)
|
||||
|
||||
assert.Equal(t, http.StatusOK, resp.StatusCode)
|
||||
assert.Contains(t, resp.Header.Get("HX-Trigger"), "An activation link has been send to your email")
|
||||
|
||||
var rows int
|
||||
err = db.QueryRow("SELECT COUNT(*) FROM user WHERE email = ? AND email_verified = FALSE", "mail@mail.de").Scan(&rows)
|
||||
assert.Nil(t, err)
|
||||
assert.Equal(t, 1, rows)
|
||||
})
|
||||
})
|
||||
t.Run("SignOut", func(t *testing.T) {
|
||||
t.Run("should fail if csrf token is not valid", func(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
Reference in New Issue
Block a user