x/web-app-template
Archived
Template
2
0
Fork 0
Code Issues 13 Pull Requests 4 Actions Packages Activity

chore(auth): #331 unify existing tests
All checks were successful
Build Docker Image / Build-Docker-Image (push) Successful in 47s
Details
Build and Push Docker Image / Build-And-Push-Docker-Image (push) Successful in 52s
Details

Browse Source
This commit was merged in pull request #341.
This commit is contained in:
Tim Wundenberg
2024-12-20 22:21:38 +01:00
parent 143662fff0
commit ea653f0087
1 changed files with 146 additions and 137 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
main_test.go
View File

@@ -112,7 +112,8 @@ func TestIntegrationSecurityHeader(t *testing.T) {
func TestIntegrationAuth(t *testing.T) { func TestIntegrationAuth(t *testing.T) {
t.Parallel() t.Parallel()
t.Run("should return secure cookie on signin with generated csrf-token and session-id", func(t *testing.T) { t.Run("SignIn", func(t *testing.T) {
t.Run("should return secure cookie with NEW session-id", func(t *testing.T) {
t.Parallel() t.Parallel()
db, basePath, ctx := setupIntegrationTest(t) db, basePath, ctx := setupIntegrationTest(t)
@@ -132,15 +133,15 @@ func TestIntegrationAuth(t *testing.T) {
html, err := html.Parse(resp.Body) html, err := html.Parse(resp.Body)
assert.Nil(t, err) assert.Nil(t, err)
csrfToken := findCsrfToken(html) anonymousCsrfToken := findCsrfToken(html)
assert.NotEqual(t, "", csrfToken) assert.NotEqual(t, "", anonymousCsrfToken)
anonymousSession := findCookie(resp, "id") anonymousSession := findCookie(resp, "id")
assert.NotNil(t, anonymousSession) assert.NotNil(t, anonymousSession)
formData := url.Values{ formData := url.Values{
"email": {"mail@mail.de"}, "email": {"mail@mail.de"},
"password": {"password"}, "password": {"password"},
"csrf-token": {csrfToken}, "csrf-token": {anonymousCsrfToken},
} }
req, err = http.NewRequestWithContext(ctx, "POST", basePath+"/api/auth/signin", strings.NewReader(formData.Encode())) req, err = http.NewRequestWithContext(ctx, "POST", basePath+"/api/auth/signin", strings.NewReader(formData.Encode()))
@@ -158,8 +159,12 @@ func TestIntegrationAuth(t *testing.T) {
assert.Equal(t, http.SameSiteStrictMode, cookie.SameSite, "Cookie is not secure") assert.Equal(t, http.SameSiteStrictMode, cookie.SameSite, "Cookie is not secure")
assert.True(t, cookie.HttpOnly, "Cookie is not secure") assert.True(t, cookie.HttpOnly, "Cookie is not secure")
assert.True(t, cookie.Secure, "Cookie is not secure") assert.True(t, cookie.Secure, "Cookie is not secure")
assert.NotEqual(t, anonymousSession.Value, cookie.Value, "Session ID did not change")
}) })
t.Run("should change password and invalidate other sessions from user", func(t *testing.T) { })
t.Run("ChangePassword", func(t *testing.T) {
t.Run("should change password and invalidate all other user sessions", func(t *testing.T) {
t.Parallel() t.Parallel()
db, basePath, ctx := setupIntegrationTest(t) db, basePath, ctx := setupIntegrationTest(t)
@@ -228,7 +233,10 @@ func TestIntegrationAuth(t *testing.T) {
assert.Equal(t, "other", sessionIds[0]) assert.Equal(t, "other", sessionIds[0])
assert.Equal(t, "session-id", sessionIds[1]) assert.Equal(t, "session-id", sessionIds[1])
}) })
t.Run("should forget password and invalidate all user sessions", func(t *testing.T) { })
t.Run("ForgotPassword", func(t *testing.T) {
t.Run("should change password and invalidate ALL sessions", func(t *testing.T) {
t.Parallel() t.Parallel()
d, basePath, ctx := setupIntegrationTest(t) d, basePath, ctx := setupIntegrationTest(t)
@@ -291,6 +299,7 @@ func TestIntegrationAuth(t *testing.T) {
assert.Nil(t, err) assert.Nil(t, err)
assert.False(t, sessions.Next()) assert.False(t, sessions.Next())
}) })
})
} }
func findCookie(resp *http.Response, name string) *http.Cookie { func findCookie(resp *http.Response, name string) *http.Cookie {