188 lines
5.5 KiB
Go
188 lines
5.5 KiB
Go
package auth_test
|
|
|
|
import (
|
|
"database/sql"
|
|
"net/http"
|
|
"testing"
|
|
|
|
"allaboutapps.dev/aw/go-starter/internal/api"
|
|
"allaboutapps.dev/aw/go-starter/internal/auth"
|
|
|
|
"allaboutapps.dev/aw/go-starter/internal/api/httperrors"
|
|
"allaboutapps.dev/aw/go-starter/internal/test"
|
|
"allaboutapps.dev/aw/go-starter/internal/test/fixtures"
|
|
"allaboutapps.dev/aw/go-starter/internal/types"
|
|
"github.com/aarondl/null/v8"
|
|
"github.com/aarondl/sqlboiler/v4/boil"
|
|
"github.com/labstack/echo/v4"
|
|
"github.com/stretchr/testify/assert"
|
|
"github.com/stretchr/testify/require"
|
|
)
|
|
|
|
const (
|
|
newPassword = "correct horse battery staple"
|
|
)
|
|
|
|
func TestPostChangePasswordSuccess(t *testing.T) {
|
|
test.WithTestServer(t, func(s *api.Server) {
|
|
ctx := t.Context()
|
|
fix := fixtures.Fixtures()
|
|
|
|
payload := test.GenericPayload{
|
|
"currentPassword": fixtures.PlainTestUserPassword,
|
|
"newPassword": newPassword,
|
|
}
|
|
|
|
res := test.PerformRequest(t, s, "POST", "/api/v1/auth/change-password", payload, test.HeadersWithAuth(t, fix.User1AccessToken1.Token))
|
|
assert.Equal(t, http.StatusOK, res.Result().StatusCode)
|
|
|
|
var response types.PostLoginResponse
|
|
test.ParseResponseAndValidate(t, res, &response)
|
|
|
|
assert.NotEmpty(t, response.AccessToken)
|
|
assert.NotEqual(t, fix.User1AccessToken1.Token, *response.AccessToken)
|
|
assert.NotEmpty(t, response.RefreshToken)
|
|
assert.NotEqual(t, fix.User1RefreshToken1.Token, *response.RefreshToken)
|
|
assert.Equal(t, int64(s.Config.Auth.AccessTokenValidity.Seconds()), *response.ExpiresIn)
|
|
assert.Equal(t, auth.TokenTypeBearer, *response.TokenType)
|
|
|
|
err := fix.User1AccessToken1.Reload(ctx, s.DB)
|
|
require.ErrorIs(t, err, sql.ErrNoRows)
|
|
err = fix.User1RefreshToken1.Reload(ctx, s.DB)
|
|
require.ErrorIs(t, err, sql.ErrNoRows)
|
|
|
|
cnt, err := fix.User1.AccessTokens().Count(ctx, s.DB)
|
|
require.NoError(t, err)
|
|
assert.Equal(t, int64(1), cnt)
|
|
|
|
cnt, err = fix.User1.RefreshTokens().Count(ctx, s.DB)
|
|
require.NoError(t, err)
|
|
assert.Equal(t, int64(1), cnt)
|
|
|
|
err = fix.User1.Reload(ctx, s.DB)
|
|
require.NoError(t, err)
|
|
assert.NotEqual(t, fixtures.HashedTestUserPassword, fix.User1.Password.String)
|
|
})
|
|
}
|
|
|
|
func TestPostChangePasswordInvalidPassword(t *testing.T) {
|
|
test.WithTestServer(t, func(s *api.Server) {
|
|
ctx := t.Context()
|
|
fix := fixtures.Fixtures()
|
|
|
|
payload := test.GenericPayload{
|
|
"currentPassword": "not my password",
|
|
"newPassword": newPassword,
|
|
}
|
|
|
|
res := test.PerformRequest(t, s, "POST", "/api/v1/auth/change-password", payload, test.HeadersWithAuth(t, fix.User1AccessToken1.Token))
|
|
test.RequireHTTPError(t, res, httperrors.NewFromEcho(echo.ErrUnauthorized))
|
|
|
|
err := fix.User1AccessToken1.Reload(ctx, s.DB)
|
|
require.NoError(t, err)
|
|
err = fix.User1RefreshToken1.Reload(ctx, s.DB)
|
|
require.NoError(t, err)
|
|
})
|
|
}
|
|
|
|
func TestPostChangePasswordDeactivatedUser(t *testing.T) {
|
|
test.WithTestServer(t, func(s *api.Server) {
|
|
ctx := t.Context()
|
|
fix := fixtures.Fixtures()
|
|
|
|
payload := test.GenericPayload{
|
|
"currentPassword": fixtures.PlainTestUserPassword,
|
|
"newPassword": newPassword,
|
|
}
|
|
|
|
res := test.PerformRequest(t, s, "POST", "/api/v1/auth/change-password", payload, test.HeadersWithAuth(t, fix.UserDeactivatedAccessToken1.Token))
|
|
test.RequireHTTPError(t, res, httperrors.ErrForbiddenUserDeactivated)
|
|
|
|
err := fix.User1AccessToken1.Reload(ctx, s.DB)
|
|
require.NoError(t, err)
|
|
err = fix.User1RefreshToken1.Reload(ctx, s.DB)
|
|
require.NoError(t, err)
|
|
})
|
|
}
|
|
|
|
func TestPostChangePasswordUserWithoutPassword(t *testing.T) {
|
|
test.WithTestServer(t, func(s *api.Server) {
|
|
ctx := t.Context()
|
|
fix := fixtures.Fixtures()
|
|
|
|
payload := test.GenericPayload{
|
|
"currentPassword": fixtures.PlainTestUserPassword,
|
|
"newPassword": newPassword,
|
|
}
|
|
|
|
fix.User2.Password = null.String{}
|
|
rowsAff, err := fix.User2.Update(t.Context(), s.DB, boil.Infer())
|
|
require.NoError(t, err)
|
|
require.Equal(t, int64(1), rowsAff)
|
|
|
|
res := test.PerformRequest(t, s, "POST", "/api/v1/auth/change-password", payload, test.HeadersWithAuth(t, fix.User2AccessToken1.Token))
|
|
test.RequireHTTPError(t, res, httperrors.ErrForbiddenNotLocalUser)
|
|
|
|
err = fix.User1AccessToken1.Reload(ctx, s.DB)
|
|
require.NoError(t, err)
|
|
err = fix.User1RefreshToken1.Reload(ctx, s.DB)
|
|
require.NoError(t, err)
|
|
})
|
|
}
|
|
|
|
func TestPostChangePasswordBadRequest(t *testing.T) {
|
|
test.WithTestServer(t, func(s *api.Server) {
|
|
ctx := t.Context()
|
|
fix := fixtures.Fixtures()
|
|
|
|
tests := []struct {
|
|
name string
|
|
payload test.GenericPayload
|
|
}{
|
|
{
|
|
name: "MissingCurrentPassword",
|
|
payload: test.GenericPayload{
|
|
"newPassword": newPassword,
|
|
},
|
|
},
|
|
{
|
|
name: "MissingNewPassword",
|
|
payload: test.GenericPayload{
|
|
"currentPassword": fixtures.PlainTestUserPassword,
|
|
},
|
|
},
|
|
{
|
|
name: "EmptyCurrentPassword",
|
|
payload: test.GenericPayload{
|
|
"currentPassword": "",
|
|
"newPassword": newPassword,
|
|
},
|
|
},
|
|
{
|
|
name: "EmptyNewPassword",
|
|
payload: test.GenericPayload{
|
|
"currentPassword": fixtures.PlainTestUserPassword,
|
|
"newPassword": "",
|
|
},
|
|
},
|
|
}
|
|
|
|
for _, tt := range tests {
|
|
t.Run(tt.name, func(t *testing.T) {
|
|
res := test.PerformRequest(t, s, "POST", "/api/v1/auth/change-password", tt.payload, test.HeadersWithAuth(t, fix.User1AccessToken1.Token))
|
|
assert.Equal(t, http.StatusBadRequest, res.Result().StatusCode)
|
|
|
|
var response httperrors.HTTPValidationError
|
|
test.ParseResponseAndValidate(t, res, &response)
|
|
|
|
test.Snapshoter.Save(t, response)
|
|
|
|
err := fix.User1AccessToken1.Reload(ctx, s.DB)
|
|
require.NoError(t, err)
|
|
err = fix.User1RefreshToken1.Reload(ctx, s.DB)
|
|
require.NoError(t, err)
|
|
})
|
|
}
|
|
})
|
|
}
|