From 8d90874d04622bcd5d87956096feb9858cbb43d8 Mon Sep 17 00:00:00 2001 From: Tim Wundenberg Date: Thu, 3 Oct 2024 20:36:34 +0200 Subject: [PATCH] chore: refine integration test #181 --- main_test.go | 84 ++++++++++++++++++++++++++++++++++------------------ 1 file changed, 56 insertions(+), 28 deletions(-) diff --git a/main_test.go b/main_test.go index 0d5e899..6878f53 100644 --- a/main_test.go +++ b/main_test.go @@ -19,38 +19,27 @@ import ( func TestHandleSignIn(t *testing.T) { t.Parallel() - t.Run("should signIn and return session cookie", func(t *testing.T) { - t.Parallel() - ctx, done := context.WithCancel(context.Background()) - t.Cleanup(done) - db, err := sql.Open("sqlite3", ":memory:") - if err != nil { - t.Fatalf("Could not open Database data.db: %v", err) - } - t.Cleanup(func() { - db.Close() - }) - err = utils.RunMigrations(db, "") - if err != nil { - t.Fatalf("Could not run migrations: %v", err) - } + httpClient := http.Client{ + // Disable redirect following + CheckRedirect: func(req *http.Request, via []*http.Request) error { + return http.ErrUseLastResponse + }, + } + + t.Run("should signin and return session cookie", func(t *testing.T) { + t.Parallel() + + db, ctx := setupIntegrationTest(t, "8080") pass := service.GetHashPassword("password", []byte("salt")) - _, err = db.Exec(` + _, err := db.Exec(` INSERT INTO user (user_uuid, email, email_verified, is_admin, password, salt, created_at) VALUES (?, "mail@mail.de", FALSE, FALSE, ?, ?, datetime())`, uuid.New(), pass, []byte("salt")) if err != nil { t.Fatalf("Error inserting user: %v", err) } - go run(ctx, db, getEnv("8080")) - - err = waitForReady(ctx, 5*time.Second, "http://localhost:8080") - if err != nil { - t.Fatalf("Failed to start server: %v", err) - } - formData := url.Values{ "email": {"mail@mail.de"}, "password": {"password"}, @@ -64,18 +53,57 @@ func TestHandleSignIn(t *testing.T) { // Set the content type to application/x-www-form-urlencoded req.Header.Set("Content-Type", "application/x-www-form-urlencoded") - client := http.Client{} - resp, err := client.Do(req) + resp, err := httpClient.Do(req) if err != nil { t.Fatalf("Error making request: %v", err) } - if resp.StatusCode != http.StatusOK { - t.Fatalf("Expected status code 200, got %d", resp.StatusCode) + + if resp.StatusCode != http.StatusSeeOther { + t.Fatalf("Expected status code 303, got %d", resp.StatusCode) } + var cookie *http.Cookie + for _, c := range resp.Cookies() { + if c.Name == "id" { + cookie = c + break + } + } + if cookie == nil { + t.Fatalf("No session cookie found") + } else if cookie.SameSite != http.SameSiteStrictMode || cookie.HttpOnly != true || cookie.Secure != true { + t.Fatalf("Cookie is not secure") + } }) } +func setupIntegrationTest(t *testing.T, port string) (*sql.DB, context.Context) { + ctx, done := context.WithCancel(context.Background()) + t.Cleanup(done) + + db, err := sql.Open("sqlite3", ":memory:") + if err != nil { + t.Fatalf("Could not open Database data.db: %v", err) + } + t.Cleanup(func() { + db.Close() + }) + + err = utils.RunMigrations(db, "") + if err != nil { + t.Fatalf("Could not run migrations: %v", err) + } + + go run(ctx, db, getEnv(port)) + + err = waitForReady(ctx, 5*time.Second, "http://localhost:8080") + if err != nil { + t.Fatalf("Failed to start server: %v", err) + } + + return db, ctx +} + func getEnv(port string) func(string) string { return func(key string) string { if key == "PORT" { @@ -85,7 +113,7 @@ func getEnv(port string) func(string) string { } else if key == "PROMETHEUS_ENABLED" { return "false" } else if key == "BASE_URL" { - return "https://localhost:8080" + return "http://localhost:" + port } else if key == "ENVIRONMENT" { return "test" } else {