x/web-app-template
Archived
Template
2
0
Fork 0
Code Issues 13 Pull Requests 4 Actions Packages Activity

chore(auth): #331 add and fix session tests
All checks were successful
Build Docker Image / Build-Docker-Image (push) Successful in 45s
Details
Build and Push Docker Image / Build-And-Push-Docker-Image (push) Successful in 48s
Details

Browse Source
This commit was merged in pull request #342.
This commit is contained in:
Tim Wundenberg
2024-12-22 22:14:55 +01:00
parent ea653f0087
commit 6a551929c5
7 changed files with 99 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

77
main_test.go
View File

@@ -90,7 +90,7 @@ func TestIntegrationSecurityHeader(t *testing.T) {
"frame-ancestors 'none';", value)
value = resp.Header.Get("Cross-Origin-Resource-Policy")
assert.Equal(t, "same-origin", value)
assert.Equal(t, "same-site", value)
value = resp.Header.Get("Cross-Origin-Opener-Policy")
assert.Equal(t, "same-origin", value)
@@ -300,6 +300,81 @@ func TestIntegrationAuth(t *testing.T) {
assert.False(t, sessions.Next())
})
})
t.Run("Session", func(t *testing.T) {
t.Run("should create new anonymous session if current session gets outdated", func(t *testing.T) {
t.Parallel()
d, basePath, ctx := setupIntegrationTest(t)
userId := uuid.New()
sessionId := "session-id"
_, err := d.Exec(`
INSERT INTO user (user_id, email, email_verified, is_admin, password, salt, created_at)
VALUES (?, "mail@mail.de", FALSE, FALSE, ?, ?, datetime())`, userId, []byte("pass"), []byte("salt"))
assert.Nil(t, err)
_, err = d.Exec(`
INSERT INTO session (session_id, user_id, created_at, expires_at)
VALUES (?, ?, datetime("now", "-8 hour"), datetime("now", "-1 minute"))`, sessionId, userId)
assert.Nil(t, err)
req, err := http.NewRequestWithContext(ctx, "GET", basePath, nil)
assert.Nil(t, err)
req.Header.Set("Cookie", "id="+sessionId)
resp, err := httpClient.Do(req)
assert.Nil(t, err)
newSession := findCookie(resp, "id")
assert.NotNil(t, newSession)
assert.NotEqual(t, sessionId, newSession.Value)
var rows int
err = d.QueryRow("SELECT COUNT(*) FROM session WHERE user_id = ?", userId).Scan(&rows)
assert.Nil(t, err)
assert.Equal(t, 0, rows)
})
t.Run("should create anonymous session", func(t *testing.T) {
t.Parallel()
_, basePath, ctx := setupIntegrationTest(t)
req, err := http.NewRequestWithContext(ctx, "GET", basePath, nil)
assert.Nil(t, err)
resp, err := httpClient.Do(req)
assert.Nil(t, err)
newSession := findCookie(resp, "id")
assert.NotNil(t, newSession)
assert.NotEqual(t, "", newSession.Value)
})
t.Run("should not have access to user information with outdated session", func(t *testing.T) {
t.Parallel()
d, basePath, ctx := setupIntegrationTest(t)
userId := uuid.New()
sessionId := "session-id"
_, err := d.Exec(`
INSERT INTO user (user_id, email, email_verified, is_admin, password, salt, created_at)
VALUES (?, "mail@mail.de", FALSE, FALSE, ?, ?, datetime())`, userId, []byte("pass"), []byte("salt"))
assert.Nil(t, err)
_, err = d.Exec(`
INSERT INTO session (session_id, user_id, created_at, expires_at)
VALUES (?, ?, datetime("now", "-8 hour"), datetime("now", "-1 minute"))`, sessionId, userId)
assert.Nil(t, err)
req, err := http.NewRequestWithContext(ctx, "GET", basePath+"/workout", nil)
assert.Nil(t, err)
req.Header.Set("Cookie", "id="+sessionId)
resp, err := httpClient.Do(req)
assert.Nil(t, err)
assert.Equal(t, http.StatusSeeOther, resp.StatusCode)
assert.Equal(t, "/auth/signin", resp.Header.Get("Location"))
})
})
}
func findCookie(resp *http.Response, name string) *http.Cookie {