feat(security): #286 implement csrf middleware
This commit is contained in:
142
db/auth_test.go
142
db/auth_test.go
@@ -2,6 +2,7 @@ package db
|
||||
|
||||
import (
|
||||
"database/sql"
|
||||
"me-fit/types"
|
||||
"testing"
|
||||
"time"
|
||||
|
||||
@@ -29,17 +30,7 @@ func setupDb(t *testing.T) *sql.DB {
|
||||
func TestUser(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
t.Run("should return UserNotFound", func(t *testing.T) {
|
||||
t.Parallel()
|
||||
db := setupDb(t)
|
||||
|
||||
underTest := AuthSqlite{db: db}
|
||||
|
||||
_, err := underTest.GetUserByEmail("someNonExistentEmail")
|
||||
assert.Equal(t, ErrNotFound, err)
|
||||
})
|
||||
|
||||
t.Run("should insert and get user", func(t *testing.T) {
|
||||
t.Run("should insert and get the same", func(t *testing.T) {
|
||||
t.Parallel()
|
||||
db := setupDb(t)
|
||||
|
||||
@@ -52,13 +43,24 @@ func TestUser(t *testing.T) {
|
||||
err := underTest.InsertUser(expected)
|
||||
assert.Nil(t, err)
|
||||
|
||||
actual, err := underTest.GetUserByEmail(expected.Email)
|
||||
actual, err := underTest.GetUser(expected.Id)
|
||||
assert.Nil(t, err)
|
||||
assert.Equal(t, expected, actual)
|
||||
|
||||
actual, err = underTest.GetUserByEmail(expected.Email)
|
||||
assert.Nil(t, err)
|
||||
assert.Equal(t, expected, actual)
|
||||
})
|
||||
t.Run("should return ErrNotFound", func(t *testing.T) {
|
||||
t.Parallel()
|
||||
db := setupDb(t)
|
||||
|
||||
t.Run("should throw error if user already exists", func(t *testing.T) {
|
||||
underTest := AuthSqlite{db: db}
|
||||
|
||||
_, err := underTest.GetUserByEmail("nonExistentEmail")
|
||||
assert.Equal(t, ErrNotFound, err)
|
||||
})
|
||||
t.Run("should return ErrUserExist", func(t *testing.T) {
|
||||
t.Parallel()
|
||||
db := setupDb(t)
|
||||
|
||||
@@ -72,42 +74,126 @@ func TestUser(t *testing.T) {
|
||||
assert.Nil(t, err)
|
||||
|
||||
err = underTest.InsertUser(user)
|
||||
assert.Equal(t, ErrUserExists, err)
|
||||
assert.Equal(t, ErrAlreadyExists, err)
|
||||
})
|
||||
t.Run("should return ErrInternal on missing NOT NULL fields", func(t *testing.T) {
|
||||
t.Parallel()
|
||||
db := setupDb(t)
|
||||
|
||||
underTest := AuthSqlite{db: db}
|
||||
|
||||
createAt := time.Date(2020, 1, 5, 12, 0, 0, 0, time.UTC)
|
||||
user := NewUser(uuid.New(), "some@email.de", false, nil, false, []byte("somePass"), nil, createAt)
|
||||
|
||||
err := underTest.InsertUser(user)
|
||||
assert.Equal(t, types.ErrInternal, err)
|
||||
})
|
||||
}
|
||||
|
||||
func TestEmailVerification(t *testing.T) {
|
||||
func TestToken(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
t.Run("should return NotFound", func(t *testing.T) {
|
||||
t.Run("should insert and get the same", func(t *testing.T) {
|
||||
t.Parallel()
|
||||
db := setupDb(t)
|
||||
|
||||
underTest := AuthSqlite{db: db}
|
||||
|
||||
token, err := underTest.GetToken("someNonExistentToken")
|
||||
createAt := time.Date(2020, 1, 5, 12, 0, 0, 0, time.UTC)
|
||||
expiresAt := createAt.Add(24 * time.Hour)
|
||||
expected := NewToken(uuid.New(), "sessionId", "token", TokenTypeCsrf, createAt, expiresAt)
|
||||
|
||||
assert.Equal(t, ErrNotFound, err)
|
||||
assert.Nil(t, token)
|
||||
err := underTest.InsertToken(expected)
|
||||
assert.Nil(t, err)
|
||||
|
||||
actual, err := underTest.GetToken(expected.Token)
|
||||
assert.Nil(t, err)
|
||||
assert.Equal(t, expected, actual)
|
||||
|
||||
expected.SessionId = ""
|
||||
actuals, err := underTest.GetTokensByUserIdAndType(expected.UserId, expected.Type)
|
||||
assert.Nil(t, err)
|
||||
assert.Equal(t, []*Token{expected}, actuals)
|
||||
|
||||
expected.SessionId = "sessionId"
|
||||
expected.UserId = uuid.Nil
|
||||
actuals, err = underTest.GetTokensBySessionIdAndType(expected.SessionId, expected.Type)
|
||||
assert.Nil(t, err)
|
||||
assert.Equal(t, []*Token{expected}, actuals)
|
||||
})
|
||||
t.Run("should insert and return token", func(t *testing.T) {
|
||||
t.Run("should insert and return multiple tokens", func(t *testing.T) {
|
||||
t.Parallel()
|
||||
db := setupDb(t)
|
||||
|
||||
underTest := AuthSqlite{db: db}
|
||||
tokenStr := "some secure token"
|
||||
createdAt := time.Date(2020, 1, 5, 13, 0, 0, 0, time.UTC)
|
||||
|
||||
expectedToken := NewToken(uuid.New(), tokenStr, TokenTypeEmailVerify, createdAt, createdAt.Add(24*time.Hour))
|
||||
createAt := time.Date(2020, 1, 5, 12, 0, 0, 0, time.UTC)
|
||||
expiresAt := createAt.Add(24 * time.Hour)
|
||||
userId := uuid.New()
|
||||
expected1 := NewToken(userId, "sessionId", "token1", TokenTypeCsrf, createAt, expiresAt)
|
||||
expected2 := NewToken(userId, "sessionId", "token2", TokenTypeCsrf, createAt, expiresAt)
|
||||
|
||||
err := underTest.InsertToken(expectedToken)
|
||||
err := underTest.InsertToken(expected1)
|
||||
assert.Nil(t, err)
|
||||
err = underTest.InsertToken(expected2)
|
||||
assert.Nil(t, err)
|
||||
|
||||
actualToken, err := underTest.GetToken(tokenStr)
|
||||
expected1.UserId = uuid.Nil
|
||||
expected2.UserId = uuid.Nil
|
||||
actuals, err := underTest.GetTokensBySessionIdAndType(expected1.SessionId, expected1.Type)
|
||||
assert.Nil(t, err)
|
||||
assert.Equal(t, []*Token{expected1, expected2}, actuals)
|
||||
|
||||
expected1.SessionId = ""
|
||||
expected2.SessionId = ""
|
||||
expected1.UserId = userId
|
||||
expected2.UserId = userId
|
||||
actuals, err = underTest.GetTokensByUserIdAndType(userId, expected1.Type)
|
||||
assert.Nil(t, err)
|
||||
assert.Equal(t, []*Token{expected1, expected2}, actuals)
|
||||
|
||||
})
|
||||
t.Run("should return ErrNotFound", func(t *testing.T) {
|
||||
t.Parallel()
|
||||
db := setupDb(t)
|
||||
|
||||
underTest := AuthSqlite{db: db}
|
||||
|
||||
_, err := underTest.GetToken("nonExistent")
|
||||
assert.Equal(t, ErrNotFound, err)
|
||||
|
||||
_, err = underTest.GetTokensByUserIdAndType(uuid.New(), TokenTypeEmailVerify)
|
||||
assert.Equal(t, ErrNotFound, err)
|
||||
|
||||
_, err = underTest.GetTokensBySessionIdAndType("sessionId", TokenTypeEmailVerify)
|
||||
assert.Equal(t, ErrNotFound, err)
|
||||
})
|
||||
t.Run("should return ErrAlreadyExists", func(t *testing.T) {
|
||||
t.Parallel()
|
||||
db := setupDb(t)
|
||||
|
||||
underTest := AuthSqlite{db: db}
|
||||
|
||||
verifiedAt := time.Date(2020, 1, 5, 13, 0, 0, 0, time.UTC)
|
||||
createAt := time.Date(2020, 1, 5, 12, 0, 0, 0, time.UTC)
|
||||
user := NewUser(uuid.New(), "some@email.de", true, &verifiedAt, false, []byte("somePass"), []byte("someSalt"), createAt)
|
||||
|
||||
err := underTest.InsertUser(user)
|
||||
assert.Nil(t, err)
|
||||
|
||||
t.Logf("expectedToken: %v", expectedToken)
|
||||
t.Logf("actualToken: %v", actualToken)
|
||||
assert.Equal(t, expectedToken, actualToken)
|
||||
err = underTest.InsertUser(user)
|
||||
assert.Equal(t, ErrAlreadyExists, err)
|
||||
})
|
||||
t.Run("should return ErrInternal on missing NOT NULL fields", func(t *testing.T) {
|
||||
t.Parallel()
|
||||
db := setupDb(t)
|
||||
|
||||
underTest := AuthSqlite{db: db}
|
||||
|
||||
createAt := time.Date(2020, 1, 5, 12, 0, 0, 0, time.UTC)
|
||||
user := NewUser(uuid.New(), "some@email.de", false, nil, false, []byte("somePass"), nil, createAt)
|
||||
|
||||
err := underTest.InsertUser(user)
|
||||
assert.Equal(t, types.ErrInternal, err)
|
||||
})
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user