chore: refine integration test #181

main_test.go

@@ -19,38 +19,27 @@ import (
 
 func TestHandleSignIn(t *testing.T) {
 	t.Parallel()
-	t.Run("should signIn and return session cookie", func(t *testing.T) {
-		t.Parallel()
-		ctx, done := context.WithCancel(context.Background())
-		t.Cleanup(done)
 
-		db, err := sql.Open("sqlite3", ":memory:")
-		if err != nil {
-			t.Fatalf("Could not open Database data.db: %v", err)
-		}
-		t.Cleanup(func() {
-			db.Close()
-		})
-		err = utils.RunMigrations(db, "")
-		if err != nil {
-			t.Fatalf("Could not run migrations: %v", err)
+	httpClient := http.Client{
+		// Disable redirect following
+		CheckRedirect: func(req *http.Request, via []*http.Request) error {
+			return http.ErrUseLastResponse
+		},
 	}
 
+	t.Run("should signin and return session cookie", func(t *testing.T) {
+		t.Parallel()
+
+		db, ctx := setupIntegrationTest(t, "8080")
+
 		pass := service.GetHashPassword("password", []byte("salt"))
-		_, err = db.Exec(`
+		_, err := db.Exec(`
 			INSERT INTO user (user_uuid, email, email_verified, is_admin, password, salt, created_at) 
 			VALUES (?, "mail@mail.de", FALSE, FALSE, ?, ?, datetime())`, uuid.New(), pass, []byte("salt"))
 		if err != nil {
 			t.Fatalf("Error inserting user: %v", err)
 		}
 
-		go run(ctx, db, getEnv("8080"))
-
-		err = waitForReady(ctx, 5*time.Second, "http://localhost:8080")
-		if err != nil {
-			t.Fatalf("Failed to start server: %v", err)
-		}
-
 		formData := url.Values{
 			"email":    {"mail@mail.de"},
 			"password": {"password"},
@@ -64,18 +53,57 @@ func TestHandleSignIn(t *testing.T) {
 		// Set the content type to application/x-www-form-urlencoded
 		req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
 
-		client := http.Client{}
-		resp, err := client.Do(req)
+		resp, err := httpClient.Do(req)
 		if err != nil {
 			t.Fatalf("Error making request: %v", err)
 		}
-		if resp.StatusCode != http.StatusOK {
-			t.Fatalf("Expected status code 200, got %d", resp.StatusCode)
+
+		if resp.StatusCode != http.StatusSeeOther {
+			t.Fatalf("Expected status code 303, got %d", resp.StatusCode)
 		}
 
+		var cookie *http.Cookie
+		for _, c := range resp.Cookies() {
+			if c.Name == "id" {
+				cookie = c
+				break
+			}
+		}
+		if cookie == nil {
+			t.Fatalf("No session cookie found")
+		} else if cookie.SameSite != http.SameSiteStrictMode || cookie.HttpOnly != true || cookie.Secure != true {
+			t.Fatalf("Cookie is not secure")
+		}
 	})
 }
 
+func setupIntegrationTest(t *testing.T, port string) (*sql.DB, context.Context) {
+	ctx, done := context.WithCancel(context.Background())
+	t.Cleanup(done)
+
+	db, err := sql.Open("sqlite3", ":memory:")
+	if err != nil {
+		t.Fatalf("Could not open Database data.db: %v", err)
+	}
+	t.Cleanup(func() {
+		db.Close()
+	})
+
+	err = utils.RunMigrations(db, "")
+	if err != nil {
+		t.Fatalf("Could not run migrations: %v", err)
+	}
+
+	go run(ctx, db, getEnv(port))
+
+	err = waitForReady(ctx, 5*time.Second, "http://localhost:8080")
+	if err != nil {
+		t.Fatalf("Failed to start server: %v", err)
+	}
+
+	return db, ctx
+}
+
 func getEnv(port string) func(string) string {
 	return func(key string) string {
 		if key == "PORT" {
@@ -85,7 +113,7 @@ func getEnv(port string) func(string) string {
 		} else if key == "PROMETHEUS_ENABLED" {
 			return "false"
 		} else if key == "BASE_URL" {
-			return "https://localhost:8080"
+			return "http://localhost:" + port
 		} else if key == "ENVIRONMENT" {
 			return "test"
 		} else {