Tim Wundenberg
dc8e87ba0d
Some checks failed
Build Docker Image / Build-Docker-Image (push) Failing after 44s
221 lines
4.8 KiB
Go
221 lines
4.8 KiB
Go
package main
|
|
|
|
import (
|
|
"me-fit/log"
|
|
"me-fit/service"
|
|
"me-fit/types"
|
|
|
|
"context"
|
|
"database/sql"
|
|
"net/http"
|
|
"net/url"
|
|
"strings"
|
|
"testing"
|
|
"time"
|
|
|
|
"github.com/google/uuid"
|
|
"github.com/stretchr/testify/assert"
|
|
"golang.org/x/net/html"
|
|
)
|
|
|
|
func TestHandleSignIn(t *testing.T) {
|
|
t.Parallel()
|
|
|
|
httpClient := http.Client{
|
|
// Disable redirect following
|
|
CheckRedirect: func(req *http.Request, via []*http.Request) error {
|
|
return http.ErrUseLastResponse
|
|
},
|
|
}
|
|
|
|
t.Run("should signin and return session cookie", func(t *testing.T) {
|
|
t.Parallel()
|
|
|
|
db, ctx := setupIntegrationTest(t, "8080")
|
|
|
|
pass := service.GetHashPassword("password", []byte("salt"))
|
|
_, err := db.Exec(`
|
|
INSERT INTO user (user_id, email, email_verified, is_admin, password, salt, created_at)
|
|
VALUES (?, "mail@mail.de", FALSE, FALSE, ?, ?, datetime())`, uuid.New(), pass, []byte("salt"))
|
|
if err != nil {
|
|
t.Fatalf("Error inserting user: %v", err)
|
|
}
|
|
|
|
req, err := http.NewRequestWithContext(ctx, "GET", "http://localhost:8080/auth/signin", nil)
|
|
assert.Nil(t, err)
|
|
|
|
resp, err := httpClient.Do(req)
|
|
assert.Nil(t, err)
|
|
|
|
html, err := html.Parse(resp.Body)
|
|
assert.Nil(t, err)
|
|
|
|
csrfToken := findCsrfToken(html)
|
|
assert.NotEqual(t, "", csrfToken)
|
|
anonymousSession := findCookie(resp, "id")
|
|
assert.NotNil(t, anonymousSession)
|
|
|
|
formData := url.Values{
|
|
"email": {"mail@mail.de"},
|
|
"password": {"password"},
|
|
"csrf-token": {csrfToken},
|
|
}
|
|
|
|
req, err = http.NewRequestWithContext(ctx, "POST", "http://localhost:8080/api/auth/signin", strings.NewReader(formData.Encode()))
|
|
assert.Nil(t, err)
|
|
req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
|
|
req.Header.Set("Cookie", anonymousSession.Name+"="+anonymousSession.Value)
|
|
|
|
resp, err = httpClient.Do(req)
|
|
assert.Nil(t, err)
|
|
|
|
assert.Equal(t, http.StatusSeeOther, resp.StatusCode)
|
|
|
|
cookie := findCookie(resp, "id")
|
|
if cookie == nil {
|
|
t.Fatalf("No session cookie found")
|
|
} else if cookie.SameSite != http.SameSiteStrictMode || cookie.HttpOnly != true || cookie.Secure != true {
|
|
t.Fatalf("Cookie is not secure")
|
|
}
|
|
})
|
|
}
|
|
|
|
func findCookie(resp *http.Response, name string) *http.Cookie {
|
|
for _, cookie := range resp.Cookies() {
|
|
if cookie.Name == name {
|
|
return cookie
|
|
}
|
|
}
|
|
|
|
return nil
|
|
}
|
|
|
|
func setupIntegrationTest(t *testing.T, port string) (*sql.DB, context.Context) {
|
|
ctx, done := context.WithCancel(context.Background())
|
|
t.Cleanup(done)
|
|
|
|
database, err := sql.Open("sqlite3", ":memory:")
|
|
if err != nil {
|
|
t.Fatalf("Could not open Database data.db: %v", err)
|
|
}
|
|
t.Cleanup(func() {
|
|
database.Close()
|
|
})
|
|
|
|
go run(ctx, database, getEnv(port))
|
|
|
|
err = waitForReady(ctx, 5*time.Second, "http://localhost:8080")
|
|
if err != nil {
|
|
t.Fatalf("Failed to start server: %v", err)
|
|
}
|
|
|
|
return database, ctx
|
|
}
|
|
|
|
func getEnv(port string) func(string) string {
|
|
return func(key string) string {
|
|
if key == "PORT" {
|
|
return port
|
|
} else if key == "SMTP_ENABLED" {
|
|
return "false"
|
|
} else if key == "PROMETHEUS_ENABLED" {
|
|
return "false"
|
|
} else if key == "BASE_URL" {
|
|
return "http://localhost:" + port
|
|
} else if key == "ENVIRONMENT" {
|
|
return "test"
|
|
} else {
|
|
return ""
|
|
}
|
|
}
|
|
}
|
|
|
|
// waitForReady calls the specified endpoint until it gets a 200
|
|
// response or until the context is cancelled or the timeout is
|
|
// reached.
|
|
func waitForReady(
|
|
ctx context.Context,
|
|
timeout time.Duration,
|
|
endpoint string,
|
|
) error {
|
|
client := http.Client{}
|
|
startTime := time.Now()
|
|
for {
|
|
req, err := http.NewRequestWithContext(
|
|
ctx,
|
|
http.MethodGet,
|
|
endpoint,
|
|
nil,
|
|
)
|
|
if err != nil {
|
|
log.Error("failed to create request: %v", err)
|
|
return err
|
|
}
|
|
|
|
resp, err := client.Do(req)
|
|
if err != nil {
|
|
log.Info("Error making request: %v", err)
|
|
continue
|
|
}
|
|
if resp.StatusCode == http.StatusOK {
|
|
log.Info("Endpoint is ready!")
|
|
resp.Body.Close()
|
|
return nil
|
|
}
|
|
resp.Body.Close()
|
|
|
|
select {
|
|
case <-ctx.Done():
|
|
return ctx.Err()
|
|
default:
|
|
if time.Since(startTime) >= timeout {
|
|
log.Error("timeout reached while waiting for endpoint")
|
|
return types.ErrInternal
|
|
}
|
|
// wait a little while between checks
|
|
time.Sleep(250 * time.Millisecond)
|
|
}
|
|
}
|
|
}
|
|
|
|
func findCsrfToken(data *html.Node) string {
|
|
attr := getTokenAttribute(data)
|
|
if attr != nil {
|
|
return attr.Val
|
|
}
|
|
|
|
if data.FirstChild != nil {
|
|
if token := findCsrfToken(data.FirstChild); token != "" {
|
|
return token
|
|
}
|
|
}
|
|
if data.NextSibling != nil {
|
|
if token := findCsrfToken(data.NextSibling); token != "" {
|
|
return token
|
|
}
|
|
}
|
|
|
|
return ""
|
|
}
|
|
|
|
func getTokenAttribute(data *html.Node) *html.Attribute {
|
|
returnValue := false
|
|
for _, attr := range data.Attr {
|
|
if attr.Key == "name" && attr.Val == "csrf-token" {
|
|
returnValue = true
|
|
}
|
|
}
|
|
|
|
if !returnValue {
|
|
return nil
|
|
}
|
|
|
|
for _, attr := range data.Attr {
|
|
if attr.Key == "value" {
|
|
return &attr
|
|
}
|
|
}
|
|
|
|
return nil
|
|
}
|