Merge branch 'tests' into 'main'

Yoontigration tests

See merge request nebkor/ww!1
This commit is contained in:
Joe Ardent 2023-06-03 23:12:42 +00:00
commit 6b8589575c
5 changed files with 342 additions and 46 deletions

View file

@ -30,10 +30,7 @@ pub async fn app(db_pool: SqlitePool, secret: &[u8]) -> Router {
Router::new() Router::new()
.route("/", get(handle_slash).post(handle_slash)) .route("/", get(handle_slash).post(handle_slash))
.route("/signup", get(get_create_user).post(post_create_user)) .route("/signup", get(get_create_user).post(post_create_user))
.route( .route("/signup_success/:id", get(handle_signup_success))
"/signup_success/:id",
get(handle_signup_success).post(handle_signup_success),
)
.route("/login", get(get_login).post(post_login)) .route("/login", get(get_login).post(post_login))
.route("/logout", get(get_logout).post(post_logout)) .route("/logout", get(get_logout).post(post_logout))
.fallback(handle_slash_redir) .fallback(handle_slash_redir)

View file

@ -103,18 +103,16 @@ pub async fn post_logout(mut auth: AuthContext) -> impl IntoResponse {
#[cfg(test)] #[cfg(test)]
mod test { mod test {
use axum::body::Bytes;
use crate::{ use crate::{
templates::{Index, LoginGet, LogoutGet, LogoutPost}, templates::{Index, LoginGet, LogoutGet, LogoutPost},
test_utils::{get_user, tserver}, test_utils::{get_test_user, massage, server, FORM_CONTENT_TYPE},
}; };
const LOGIN_FORM: &str = "username=test_user&password=a"; const LOGIN_FORM: &str = "username=test_user&password=a";
#[tokio::test] #[tokio::test]
async fn get_login() { async fn get_login() {
let s = tserver().await; let s = server().await;
let resp = s.get("/login").await; let resp = s.get("/login").await;
let body = std::str::from_utf8(resp.bytes()).unwrap().to_string(); let body = std::str::from_utf8(resp.bytes()).unwrap().to_string();
assert_eq!(body, LoginGet::default().to_string()); assert_eq!(body, LoginGet::default().to_string());
@ -122,16 +120,14 @@ mod test {
#[tokio::test] #[tokio::test]
async fn post_login_success() { async fn post_login_success() {
let s = tserver().await; let s = server().await;
let form = LOGIN_FORM.to_string(); let body = massage(LOGIN_FORM);
let bytes = form.as_bytes();
let body = Bytes::copy_from_slice(bytes);
let resp = s let resp = s
.post("/login") .post("/login")
.expect_failure() .expect_failure()
.content_type("application/x-www-form-urlencoded") .content_type(FORM_CONTENT_TYPE)
.bytes(body) .bytes(body)
.await; .await;
assert_eq!(resp.status_code(), 303); assert_eq!(resp.status_code(), 303);
@ -139,16 +135,15 @@ mod test {
#[tokio::test] #[tokio::test]
async fn post_login_bad_user() { async fn post_login_bad_user() {
let s = tserver().await; let s = server().await;
let form = "username=test_LOSER&password=aaaa".to_string(); let form = "username=test_LOSER&password=aaaa";
let bytes = form.as_bytes(); let body = massage(form);
let body = Bytes::copy_from_slice(bytes);
let resp = s let resp = s
.post("/login") .post("/login")
.expect_success() .expect_success()
.content_type("application/x-www-form-urlencoded") .content_type(FORM_CONTENT_TYPE)
.bytes(body) .bytes(body)
.await; .await;
assert_eq!(resp.status_code(), 200); assert_eq!(resp.status_code(), 200);
@ -156,16 +151,15 @@ mod test {
#[tokio::test] #[tokio::test]
async fn post_login_bad_password() { async fn post_login_bad_password() {
let s = tserver().await; let s = server().await;
let form = "username=test_user&password=bbbb".to_string(); let form = "username=test_user&password=bbbb";
let bytes = form.as_bytes(); let body = massage(form);
let body = Bytes::copy_from_slice(bytes);
let resp = s let resp = s
.post("/login") .post("/login")
.expect_success() .expect_success()
.content_type("application/x-www-form-urlencoded") .content_type(FORM_CONTENT_TYPE)
.bytes(body) .bytes(body)
.await; .await;
assert_eq!(resp.status_code(), 200); assert_eq!(resp.status_code(), 200);
@ -173,7 +167,7 @@ mod test {
#[tokio::test] #[tokio::test]
async fn get_logout() { async fn get_logout() {
let s = tserver().await; let s = server().await;
let resp = s.get("/logout").await; let resp = s.get("/logout").await;
let body = std::str::from_utf8(resp.bytes()).unwrap().to_string(); let body = std::str::from_utf8(resp.bytes()).unwrap().to_string();
assert_eq!(body, LogoutGet.to_string()); assert_eq!(body, LogoutGet.to_string());
@ -181,7 +175,7 @@ mod test {
#[tokio::test] #[tokio::test]
async fn post_logout_not_logged_in() { async fn post_logout_not_logged_in() {
let s = tserver().await; let s = server().await;
let resp = s.post("/logout").await; let resp = s.post("/logout").await;
resp.assert_status_ok(); resp.assert_status_ok();
let body = std::str::from_utf8(resp.bytes()).unwrap(); let body = std::str::from_utf8(resp.bytes()).unwrap();
@ -191,24 +185,21 @@ mod test {
#[tokio::test] #[tokio::test]
async fn post_logout_logged_in() { async fn post_logout_logged_in() {
let s = tserver().await; let s = server().await;
// log in and prove it // log in and prove it
{ {
let form = LOGIN_FORM.to_string(); let body = massage(LOGIN_FORM);
let bytes = form.as_bytes();
let body = Bytes::copy_from_slice(bytes);
let resp = s let resp = s
.post("/login") .post("/login")
.expect_failure() .expect_failure()
.content_type("application/x-www-form-urlencoded") .content_type(FORM_CONTENT_TYPE)
.bytes(body) .bytes(body)
.await; .await;
assert_eq!(resp.status_code(), 303); assert_eq!(resp.status_code(), 303);
let logged_in = Index { let logged_in = Index {
user: Some(get_user()), user: Some(get_test_user()),
} }
.to_string(); .to_string();

View file

@ -2,7 +2,6 @@ use argon2::{
password_hash::{rand_core::OsRng, PasswordHasher, SaltString}, password_hash::{rand_core::OsRng, PasswordHasher, SaltString},
Argon2, Argon2,
}; };
use askama::Template;
use axum::{ use axum::{
extract::{Form, Path, State}, extract::{Form, Path, State},
http::StatusCode, http::StatusCode,
@ -12,7 +11,10 @@ use sqlx::{query_as, SqlitePool};
use unicode_segmentation::UnicodeSegmentation; use unicode_segmentation::UnicodeSegmentation;
use uuid::Uuid; use uuid::Uuid;
use crate::{templates::CreateUser, User}; use crate::{
templates::{CreateUser, CreateUserSuccess},
User,
};
pub(crate) const CREATE_QUERY: &str = pub(crate) const CREATE_QUERY: &str =
"insert into witches (id, username, displayname, email, pwhash) values ($1, $2, $3, $4, $5)"; "insert into witches (id, username, displayname, email, pwhash) values ($1, $2, $3, $4, $5)";
@ -22,10 +24,6 @@ const ID_QUERY: &str = "select * from witches where id = $1";
// Result types for user creation // Result types for user creation
//-************************************************************************ //-************************************************************************
#[derive(Debug, Clone, Template)]
#[template(path = "signup_success.html")]
pub struct CreateUserSuccess(User);
#[Error(desc = "Could not create user.")] #[Error(desc = "Could not create user.")]
#[non_exhaustive] #[non_exhaustive]
pub struct CreateUserError(#[from] CreateUserErrorKind); pub struct CreateUserError(#[from] CreateUserErrorKind);
@ -36,7 +34,7 @@ impl IntoResponse for CreateUserError {
CreateUserErrorKind::UnknownDBError => { CreateUserErrorKind::UnknownDBError => {
(StatusCode::INTERNAL_SERVER_ERROR, format!("{self}")).into_response() (StatusCode::INTERNAL_SERVER_ERROR, format!("{self}")).into_response()
} }
_ => (StatusCode::BAD_REQUEST, format!("{self}")).into_response(), _ => (StatusCode::OK, format!("{self}")).into_response(),
} }
} }
} }
@ -133,7 +131,7 @@ pub async fn post_create_user(
let id = user.id.as_simple().to_string(); let id = user.id.as_simple().to_string();
let location = format!("/signup_success/{id}"); let location = format!("/signup_success/{id}");
let resp = axum::response::Redirect::temporary(&location); let resp = axum::response::Redirect::to(&location);
Ok(resp) Ok(resp)
} }
@ -157,7 +155,7 @@ pub async fn handle_signup_success(
if user.username.is_empty() || id.is_empty() { if user.username.is_empty() || id.is_empty() {
// redirect to front page if we got here without a valid witch ID // redirect to front page if we got here without a valid witch ID
*resp.status_mut() = StatusCode::TEMPORARY_REDIRECT; *resp.status_mut() = StatusCode::SEE_OTHER;
resp.headers_mut().insert("Location", "/".parse().unwrap()); resp.headers_mut().insert("Location", "/".parse().unwrap());
} }
@ -228,3 +226,269 @@ pub(crate) async fn create_user(
_ => Err(CreateUserErrorKind::UnknownDBError.into()), _ => Err(CreateUserErrorKind::UnknownDBError.into()),
} }
} }
//-************************************************************************
// TESTS
//-************************************************************************
#[cfg(test)]
mod test {
use axum::http::StatusCode;
use crate::{
db::get_pool,
templates::{CreateUser, CreateUserSuccess},
test_utils::{get_test_user, insert_user, massage, server_with_pool, FORM_CONTENT_TYPE},
User,
};
const GOOD_FORM: &str = "username=test_user&displayname=Test+User&password=aaaa&pw_verify=aaaa";
#[tokio::test]
async fn post_create_user() {
let pool = get_pool().await;
let server = server_with_pool(&pool).await;
let body = massage(GOOD_FORM);
let resp = server
.post("/signup")
.expect_failure() // 303 is "failure"
.bytes(body)
.content_type(FORM_CONTENT_TYPE)
.await;
assert_eq!(StatusCode::SEE_OTHER, resp.status_code());
// get the new user from the db
let user = User::try_get("test_user", &pool).await;
assert!(user.is_ok());
}
#[tokio::test]
async fn get_create_user() {
let pool = get_pool().await;
let server = server_with_pool(&pool).await;
let resp = server.get("/signup").await;
let body = std::str::from_utf8(resp.bytes()).unwrap();
let expected = CreateUser::default().to_string();
assert_eq!(&expected, body);
}
#[tokio::test]
async fn handle_signup_success() {
let pool = get_pool().await;
let server = server_with_pool(&pool).await;
let user = get_test_user();
insert_user(&user, &pool).await;
let id = user.id.as_simple().to_string();
let path = format!("/signup_success/{id}");
let resp = server.get(&path).expect_success().await;
let body = std::str::from_utf8(resp.bytes()).unwrap();
let expected = CreateUserSuccess(user).to_string();
assert_eq!(&expected, body);
}
//-************************************************************************
// honestly this is basically the whole suite here
//-************************************************************************
mod failure {
use super::*;
use crate::signup::{CreateUserError, CreateUserErrorKind};
// various ways to fuck up signup
const PASSWORD_MISMATCH_FORM: &str =
"username=test_user&displayname=Test+User&password=aaaa&pw_verify=bbbb";
const PASSWORD_SHORT_FORM: &str =
"username=test_user&displayname=Test+User&password=a&pw_verify=a";
const PASSWORD_LONG_FORM: &str = "username=test_user&displayname=Test+User&password=sphinx+of+black+qwartz+judge+my+vow+etc+etc+yadd+yadda&pw_verify=sphinx+of+black+qwartz+judge+my+vow+etc+etc+yadd+yadda";
const USERNAME_SHORT_FORM: &str =
"username=&displayname=Test+User&password=aaaa&pw_verify=aaaa";
const USERNAME_LONG_FORM: &str =
"username=test_user12345678901234567890&displayname=Test+User&password=aaaa&pw_verify=aaaa";
const DISPLAYNAME_LONG_FORM: &str = "username=test_user&displayname=Since+time+immemorial%2C+display+names+have+been+subject+to+a+number+of+conventions%2C+restrictions%2C+usages%2C+and+even+incentives.+Have+we+finally+gone+too+far%3F+In+this+essay%2C+&password=aaaa&pw_verify=aaaa";
#[tokio::test]
async fn password_mismatch() {
let pool = get_pool().await;
let server = server_with_pool(&pool).await;
let body = massage(PASSWORD_MISMATCH_FORM);
let resp = server
.post("/signup")
// failure to sign up is not failure to submit the request
.expect_success()
.bytes(body)
.content_type(FORM_CONTENT_TYPE)
.await;
// no user in db
let user = User::try_get("test_user", &pool).await;
assert!(user.is_err());
let body = std::str::from_utf8(resp.bytes()).unwrap();
let expected = CreateUserError(CreateUserErrorKind::PasswordMismatch).to_string();
assert_eq!(&expected, body);
}
#[tokio::test]
async fn password_short() {
let pool = get_pool().await;
let server = server_with_pool(&pool).await;
let body = massage(PASSWORD_SHORT_FORM);
let resp = server
.post("/signup")
// failure to sign up is not failure to submit the request
.expect_success()
.bytes(body)
.content_type(FORM_CONTENT_TYPE)
.await;
// no user in db
let user = User::try_get("test_user", &pool).await;
assert!(user.is_err());
let body = std::str::from_utf8(resp.bytes()).unwrap();
let expected = CreateUserError(CreateUserErrorKind::BadPassword).to_string();
assert_eq!(&expected, body);
}
#[tokio::test]
async fn password_long() {
let pool = get_pool().await;
let server = server_with_pool(&pool).await;
let body = massage(PASSWORD_LONG_FORM);
let resp = server
.post("/signup")
// failure to sign up is not failure to submit the request
.expect_success()
.bytes(body)
.content_type(FORM_CONTENT_TYPE)
.await;
// no user in db
let user = User::try_get("test_user", &pool).await;
assert!(user.is_err());
let body = std::str::from_utf8(resp.bytes()).unwrap();
let expected = CreateUserError(CreateUserErrorKind::BadPassword).to_string();
assert_eq!(&expected, body);
}
#[tokio::test]
async fn username_short() {
let pool = get_pool().await;
let server = server_with_pool(&pool).await;
let body = massage(USERNAME_SHORT_FORM);
let resp = server
.post("/signup")
// failure to sign up is not failure to submit the request
.expect_success()
.bytes(body)
.content_type(FORM_CONTENT_TYPE)
.await;
// no user in db
let user = User::try_get("test_user", &pool).await;
assert!(user.is_err());
let body = std::str::from_utf8(resp.bytes()).unwrap();
let expected = CreateUserError(CreateUserErrorKind::BadUsername).to_string();
assert_eq!(&expected, body);
}
#[tokio::test]
async fn username_long() {
let pool = get_pool().await;
let server = server_with_pool(&pool).await;
let body = massage(USERNAME_LONG_FORM);
let resp = server
.post("/signup")
// failure to sign up is not failure to submit the request
.expect_success()
.bytes(body)
.content_type(FORM_CONTENT_TYPE)
.await;
// no user in db
let user = User::try_get("test_user", &pool).await;
assert!(user.is_err());
let body = std::str::from_utf8(resp.bytes()).unwrap();
let expected = CreateUserError(CreateUserErrorKind::BadUsername).to_string();
assert_eq!(&expected, body);
}
#[tokio::test]
async fn username_duplicate() {
let pool = get_pool().await;
let server = server_with_pool(&pool).await;
let body = massage(GOOD_FORM);
let _resp = server
.post("/signup")
.expect_failure() // 303 is "failure"
.bytes(body.clone())
.content_type(FORM_CONTENT_TYPE)
.await;
// get the new user from the db
let user = User::try_get("test_user", &pool).await;
assert!(user.is_ok());
// now try again
let resp = server
.post("/signup")
.expect_success()
.bytes(body)
.content_type(FORM_CONTENT_TYPE)
.await;
assert_eq!(resp.status_code(), StatusCode::OK);
let expected = CreateUserError(CreateUserErrorKind::AlreadyExists).to_string();
let body = std::str::from_utf8(resp.bytes()).unwrap();
assert_eq!(&expected, body);
}
#[tokio::test]
async fn displayname_long() {
let pool = get_pool().await;
let server = server_with_pool(&pool).await;
let body = massage(DISPLAYNAME_LONG_FORM);
let resp = server
.post("/signup")
// failure to sign up is not failure to submit the request
.expect_success()
.bytes(body)
.content_type(FORM_CONTENT_TYPE)
.await;
// no user in db
let user = User::try_get("test_user", &pool).await;
assert!(user.is_err());
let body = std::str::from_utf8(resp.bytes()).unwrap();
let expected = CreateUserError(CreateUserErrorKind::BadDisplayname).to_string();
assert_eq!(&expected, body);
}
#[tokio::test]
async fn handle_signup_success() {
let pool = get_pool().await;
let server = server_with_pool(&pool).await;
let path = format!("/signup_success/nope");
let resp = server.get(&path).expect_failure().await;
assert_eq!(resp.status_code(), StatusCode::SEE_OTHER);
}
}
}

View file

@ -13,6 +13,10 @@ pub struct CreateUser {
pub pw_verify: String, pub pw_verify: String,
} }
#[derive(Debug, Clone, Template, Default, Deserialize, Serialize, PartialEq, Eq)]
#[template(path = "signup_success.html")]
pub struct CreateUserSuccess(pub User);
#[derive(Debug, Default, Template, Deserialize, Serialize, PartialEq, Eq)] #[derive(Debug, Default, Template, Deserialize, Serialize, PartialEq, Eq)]
#[template(path = "login_post.html")] #[template(path = "login_post.html")]
pub struct LoginPost { pub struct LoginPost {

View file

@ -1,22 +1,28 @@
use axum::body::Bytes;
use axum_test::{TestServer, TestServerConfig}; use axum_test::{TestServer, TestServerConfig};
use sqlx::SqlitePool;
use uuid::Uuid; use uuid::Uuid;
use crate::User; use crate::User;
pub fn get_user() -> User { pub const FORM_CONTENT_TYPE: &str = "application/x-www-form-urlencoded";
pub fn get_test_user() -> User {
User { User {
username: "test_user".to_string(), username: "test_user".to_string(),
// corresponding to a password of "a":
pwhash: "$argon2id$v=19$m=19456,t=2,p=1$GWsCH1w5RYaP9WWmq+xw0g$hmOEqC+MU+vnEk3bOdkoE+z01mOmmOeX08XyPyjqua8".to_string(), pwhash: "$argon2id$v=19$m=19456,t=2,p=1$GWsCH1w5RYaP9WWmq+xw0g$hmOEqC+MU+vnEk3bOdkoE+z01mOmmOeX08XyPyjqua8".to_string(),
id: Uuid::nil(), id: Uuid::nil(),
displayname: Some("Test User".to_string()),
..Default::default() ..Default::default()
} }
} }
pub async fn tserver() -> TestServer { pub async fn server() -> TestServer {
let pool = crate::db::get_pool().await; let pool = crate::db::get_pool().await;
let secret = [0u8; 64]; let secret = [0u8; 64];
let user = get_user(); let user = get_test_user();
sqlx::query(crate::signup::CREATE_QUERY) sqlx::query(crate::signup::CREATE_QUERY)
.bind(user.id) .bind(user.id)
.bind(&user.username) .bind(&user.username)
@ -40,3 +46,37 @@ pub async fn tserver() -> TestServer {
}; };
TestServer::new_with_config(app, config).unwrap() TestServer::new_with_config(app, config).unwrap()
} }
pub async fn server_with_pool(pool: &SqlitePool) -> TestServer {
let secret = [0u8; 64];
let r = sqlx::query("select count(*) from witches")
.fetch_one(pool)
.await;
assert!(r.is_ok());
let app = crate::app(pool.clone(), &secret).await.into_make_service();
let config = TestServerConfig {
save_cookies: true,
..Default::default()
};
TestServer::new_with_config(app, config).unwrap()
}
pub async fn insert_user(user: &User, pool: &SqlitePool) {
sqlx::query(crate::signup::CREATE_QUERY)
.bind(user.id)
.bind(&user.username)
.bind(&user.displayname)
.bind(&user.email)
.bind(&user.pwhash)
.execute(pool)
.await
.unwrap();
}
// https://www.youtube.com/watch?v=29MJySO7PGg
pub fn massage(s: &str) -> Bytes {
Bytes::from_iter(s.chars().map(|c| c as u8))
}