package service import ( "me-fit/db" "me-fit/mocks" "me-fit/types" "errors" "strings" "testing" "time" "github.com/google/uuid" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/mock" ) func TestSignIn(t *testing.T) { t.Parallel() t.Run("should return user if password is correct", func(t *testing.T) { t.Parallel() salt := []byte("salt") verifiedAt := time.Date(2020, 1, 2, 0, 0, 0, 0, time.UTC) user := db.NewUser( uuid.New(), "test@test.de", true, &verifiedAt, false, GetHashPassword("password", salt), salt, time.Date(2020, 1, 1, 0, 0, 0, 0, time.UTC), ) dbSession := db.NewSession("sessionId", user.Id, time.Date(2020, 1, 1, 0, 0, 0, 0, time.UTC)) mockAuthDb := mocks.NewMockAuthDb(t) mockAuthDb.EXPECT().GetUser("test@test.de").Return(user, nil) mockAuthDb.EXPECT().DeleteOldSessions(user.Id).Return(nil) mockAuthDb.EXPECT().InsertSession(dbSession).Return(nil) mockRandom := mocks.NewMockRandomService(t) mockRandom.EXPECT().String(32).Return("sessionId", nil) mockClock := mocks.NewMockClockService(t) mockClock.EXPECT().Now().Return(time.Date(2020, 1, 1, 0, 0, 0, 0, time.UTC)) mockMail := mocks.NewMockMailService(t) underTest := NewAuthServiceImpl(mockAuthDb, mockRandom, mockClock, mockMail, &types.ServerSettings{}) actualSession, err := underTest.SignIn(user.Email, "password") assert.Nil(t, err) expectedSession := NewSession(dbSession, NewUser(user)) assert.Equal(t, expectedSession, actualSession) }) t.Run("should return ErrInvalidCretentials if password is not correct", func(t *testing.T) { t.Parallel() salt := []byte("salt") verifiedAt := time.Date(2020, 1, 2, 0, 0, 0, 0, time.UTC) user := db.NewUser( uuid.New(), "test@test.de", true, &verifiedAt, false, GetHashPassword("password", salt), salt, time.Date(2020, 1, 1, 0, 0, 0, 0, time.UTC), ) mockAuthDb := mocks.NewMockAuthDb(t) mockAuthDb.EXPECT().GetUser(user.Email).Return(user, nil) mockRandom := mocks.NewMockRandomService(t) mockClock := mocks.NewMockClockService(t) mockMail := mocks.NewMockMailService(t) underTest := NewAuthServiceImpl(mockAuthDb, mockRandom, mockClock, mockMail, &types.ServerSettings{}) _, err := underTest.SignIn("test@test.de", "wrong password") assert.Equal(t, ErrInvaidCredentials, err) }) t.Run("should return ErrInvalidCretentials if user has not been found", func(t *testing.T) { t.Parallel() mockAuthDb := mocks.NewMockAuthDb(t) mockAuthDb.EXPECT().GetUser("test").Return(nil, db.ErrNotFound) mockRandom := mocks.NewMockRandomService(t) mockClock := mocks.NewMockClockService(t) mockMail := mocks.NewMockMailService(t) underTest := NewAuthServiceImpl(mockAuthDb, mockRandom, mockClock, mockMail, &types.ServerSettings{}) _, err := underTest.SignIn("test", "test") assert.Equal(t, ErrInvaidCredentials, err) }) t.Run("should forward ErrInternal on any other error", func(t *testing.T) { t.Parallel() mockAuthDb := mocks.NewMockAuthDb(t) mockAuthDb.EXPECT().GetUser("test").Return(nil, errors.New("Some undefined error")) mockRandom := mocks.NewMockRandomService(t) mockClock := mocks.NewMockClockService(t) mockMail := mocks.NewMockMailService(t) underTest := NewAuthServiceImpl(mockAuthDb, mockRandom, mockClock, mockMail, &types.ServerSettings{}) _, err := underTest.SignIn("test", "test") assert.Equal(t, types.ErrInternal, err) }) } func TestSignUp(t *testing.T) { t.Parallel() t.Run("should check for correct email address", func(t *testing.T) { t.Parallel() mockAuthDb := mocks.NewMockAuthDb(t) mockRandom := mocks.NewMockRandomService(t) mockClock := mocks.NewMockClockService(t) mockMail := mocks.NewMockMailService(t) underTest := NewAuthServiceImpl(mockAuthDb, mockRandom, mockClock, mockMail, &types.ServerSettings{}) _, err := underTest.SignUp("invalid email address", "SomeStrongPassword123!") assert.Equal(t, ErrInvalidEmail, err) }) t.Run("should check for password complexity", func(t *testing.T) { t.Parallel() mockAuthDb := mocks.NewMockAuthDb(t) mockRandom := mocks.NewMockRandomService(t) mockClock := mocks.NewMockClockService(t) mockMail := mocks.NewMockMailService(t) underTest := NewAuthServiceImpl(mockAuthDb, mockRandom, mockClock, mockMail, &types.ServerSettings{}) weakPasswords := []string{ "123!ab", // too short "no_upper_case_123", "NO_LOWER_CASE_123", "noSpecialChar123", } for _, password := range weakPasswords { _, err := underTest.SignUp("some@valid.email", password) assert.Equal(t, ErrInvalidPassword, err) } }) t.Run("should signup correctly", func(t *testing.T) { t.Parallel() mockAuthDb := mocks.NewMockAuthDb(t) mockRandom := mocks.NewMockRandomService(t) mockClock := mocks.NewMockClockService(t) mockMail := mocks.NewMockMailService(t) expected := User{ Id: uuid.New(), Email: "some@valid.email", EmailVerified: false, } random := NewRandomServiceImpl() salt, err := random.Bytes(16) assert.Nil(t, err) password := "SomeStrongPassword123!" mockRandom.EXPECT().UUID().Return(expected.Id, nil) mockRandom.EXPECT().Bytes(16).Return(salt, nil) createTime := time.Date(2020, 1, 1, 0, 0, 0, 0, time.UTC) mockClock.EXPECT().Now().Return(createTime) mockAuthDb.EXPECT().InsertUser(db.NewUser(expected.Id, expected.Email, false, nil, false, GetHashPassword(password, salt), salt, createTime)).Return(nil) underTest := NewAuthServiceImpl(mockAuthDb, mockRandom, mockClock, mockMail, &types.ServerSettings{}) actual, err := underTest.SignUp(expected.Email, password) assert.Nil(t, err) assert.Equal(t, expected, *actual) }) t.Run("should return ErrAccountExists", func(t *testing.T) { t.Parallel() mockAuthDb := mocks.NewMockAuthDb(t) mockRandom := mocks.NewMockRandomService(t) mockClock := mocks.NewMockClockService(t) mockMail := mocks.NewMockMailService(t) user := User{ Id: uuid.New(), Email: "some@valid.email", } random := NewRandomServiceImpl() salt, err := random.Bytes(16) assert.Nil(t, err) password := "SomeStrongPassword123!" mockRandom.EXPECT().UUID().Return(user.Id, nil) mockRandom.EXPECT().Bytes(16).Return(salt, nil) createTime := time.Date(2020, 1, 1, 0, 0, 0, 0, time.UTC) mockClock.EXPECT().Now().Return(createTime) mockAuthDb.EXPECT().InsertUser(db.NewUser(user.Id, user.Email, false, nil, false, GetHashPassword(password, salt), salt, createTime)).Return(db.ErrUserExists) underTest := NewAuthServiceImpl(mockAuthDb, mockRandom, mockClock, mockMail, &types.ServerSettings{}) _, err = underTest.SignUp(user.Email, password) assert.Equal(t, ErrAccountExists, err) }) } func TestSendVerificationMail(t *testing.T) { t.Parallel() t.Run("should use stored token and send mail", func(t *testing.T) { t.Parallel() token := "someRandomTokenToUse" email := "some@email.de" userId := uuid.New() mockAuthDb := mocks.NewMockAuthDb(t) mockRandom := mocks.NewMockRandomService(t) mockClock := mocks.NewMockClockService(t) mockMail := mocks.NewMockMailService(t) mockAuthDb.EXPECT().GetEmailVerificationToken(userId).Return(token, nil) mockMail.EXPECT().SendMail(email, "Welcome to ME-FIT", mock.MatchedBy(func(message string) bool { return strings.Contains(message, token) })).Return() underTest := NewAuthServiceImpl(mockAuthDb, mockRandom, mockClock, mockMail, &types.ServerSettings{}) underTest.SendVerificationMail(userId, email) }) }