Finish signup tests.

This commit is contained in:
Joe Ardent 2023-06-03 15:45:19 -07:00
parent 38a6cdeb84
commit 8d040ad368
5 changed files with 233 additions and 48 deletions

View file

@ -30,10 +30,7 @@ pub async fn app(db_pool: SqlitePool, secret: &[u8]) -> Router {
Router::new()
.route("/", get(handle_slash).post(handle_slash))
.route("/signup", get(get_create_user).post(post_create_user))
.route(
"/signup_success/:id",
get(handle_signup_success).post(handle_signup_success),
)
.route("/signup_success/:id", get(handle_signup_success))
.route("/login", get(get_login).post(post_login))
.route("/logout", get(get_logout).post(post_logout))
.fallback(handle_slash_redir)

View file

@ -103,11 +103,9 @@ pub async fn post_logout(mut auth: AuthContext) -> impl IntoResponse {
#[cfg(test)]
mod test {
use axum::body::Bytes;
use crate::{
templates::{Index, LoginGet, LogoutGet, LogoutPost},
test_utils::{get_user, massage, server, FORM_CONTENT_TYPE},
test_utils::{get_test_user, massage, server, FORM_CONTENT_TYPE},
};
const LOGIN_FORM: &str = "username=test_user&password=a";
@ -201,7 +199,7 @@ mod test {
assert_eq!(resp.status_code(), 303);
let logged_in = Index {
user: Some(get_user()),
user: Some(get_test_user()),
}
.to_string();

View file

@ -2,7 +2,6 @@ use argon2::{
password_hash::{rand_core::OsRng, PasswordHasher, SaltString},
Argon2,
};
use askama::Template;
use axum::{
extract::{Form, Path, State},
http::StatusCode,
@ -12,7 +11,10 @@ use sqlx::{query_as, SqlitePool};
use unicode_segmentation::UnicodeSegmentation;
use uuid::Uuid;
use crate::{templates::CreateUser, User};
use crate::{
templates::{CreateUser, CreateUserSuccess},
User,
};
pub(crate) const CREATE_QUERY: &str =
"insert into witches (id, username, displayname, email, pwhash) values ($1, $2, $3, $4, $5)";
@ -22,10 +24,6 @@ const ID_QUERY: &str = "select * from witches where id = $1";
// Result types for user creation
//-************************************************************************
#[derive(Debug, Clone, Template)]
#[template(path = "signup_success.html")]
pub struct CreateUserSuccess(User);
#[Error(desc = "Could not create user.")]
#[non_exhaustive]
pub struct CreateUserError(#[from] CreateUserErrorKind);
@ -36,7 +34,7 @@ impl IntoResponse for CreateUserError {
CreateUserErrorKind::UnknownDBError => {
(StatusCode::INTERNAL_SERVER_ERROR, format!("{self}")).into_response()
}
_ => (StatusCode::BAD_REQUEST, format!("{self}")).into_response(),
_ => (StatusCode::OK, format!("{self}")).into_response(),
}
}
}
@ -133,7 +131,7 @@ pub async fn post_create_user(
let id = user.id.as_simple().to_string();
let location = format!("/signup_success/{id}");
let resp = axum::response::Redirect::temporary(&location);
let resp = axum::response::Redirect::to(&location);
Ok(resp)
}
@ -157,7 +155,7 @@ pub async fn handle_signup_success(
if user.username.is_empty() || id.is_empty() {
// redirect to front page if we got here without a valid witch ID
*resp.status_mut() = StatusCode::TEMPORARY_REDIRECT;
*resp.status_mut() = StatusCode::SEE_OTHER;
resp.headers_mut().insert("Location", "/".parse().unwrap());
}
@ -229,53 +227,241 @@ pub(crate) async fn create_user(
}
}
//-************************************************************************
// TESTS
//-************************************************************************
#[cfg(test)]
mod test {
use crate::{
db::get_pool,
test_utils::{get_user, server_with_pool},
templates::{CreateUser, CreateUserSuccess},
test_utils::{get_test_user, insert_user, massage, server_with_pool, FORM_CONTENT_TYPE},
User,
};
const GOOD_FORM: &str = "username=test_user&displayname=Test+User&password=aaaa&pw_verify=aaaa";
#[tokio::test]
async fn post_create_user_success() {
todo!()
}
async fn post_create_user() {
let pool = get_pool().await;
let server = server_with_pool(&pool).await;
let body = massage(GOOD_FORM);
mod failure {
// various ways to fuck up signup
const MISMATCH_PW_FORM: &str =
"username=test_user&displayname=Test+User&password=aaaa&pw_verify=bbbb";
const SHORT_PW_FORM: &str =
"username=test_user&displayname=Test+User&password=a&pw_verify=a";
const LONG_USERNAME_FORM: &str =
"username=test_user12345678901234567890&displayname=Test+User&
password=aaaa&pw_verify=aaaa";
let _resp = server
.post("/signup")
.expect_failure() // 303 is "failure"
.bytes(body)
.content_type(FORM_CONTENT_TYPE)
.await;
#[tokio::test]
async fn mismatch_pw() {
todo!()
}
#[tokio::test]
async fn too_short_pw() {
todo!()
}
#[tokio::test]
async fn too_long_username() {
todo!()
}
// get the new user from the db
let user = User::try_get("test_user", &pool).await;
assert!(user.is_ok());
}
#[tokio::test]
async fn get_create_user() {
todo!()
let pool = get_pool().await;
let server = server_with_pool(&pool).await;
let resp = server.get("/signup").await;
let body = std::str::from_utf8(resp.bytes()).unwrap();
let expected = CreateUser::default().to_string();
assert_eq!(&expected, body);
}
#[tokio::test]
async fn handle_signup_success() {
todo!()
let pool = get_pool().await;
let server = server_with_pool(&pool).await;
let user = get_test_user();
insert_user(&user, &pool).await;
let id = user.id.as_simple().to_string();
let path = format!("/signup_success/{id}");
let resp = server.get(&path).expect_success().await;
let body = std::str::from_utf8(resp.bytes()).unwrap();
let expected = CreateUserSuccess(user).to_string();
assert_eq!(&expected, body);
}
//-************************************************************************
// honestly this is basically the whole suite here
//-************************************************************************
mod failure {
use axum::http::StatusCode;
use super::*;
use crate::signup::CreateUserError;
// various ways to fuck up signup
const PASSWORD_MISMATCH_FORM: &str =
"username=test_user&displayname=Test+User&password=aaaa&pw_verify=bbbb";
const PASSWORD_SHORT_FORM: &str =
"username=test_user&displayname=Test+User&password=a&pw_verify=a";
const PASSWORD_LONG_FORM: &str = "username=test_user&displayname=Test+User&password=sphinx+of+black+qwartz+judge+my+vow+etc+etc+yadd+yadda&pw_verify=sphinx+of+black+qwartz+judge+my+vow+etc+etc+yadd+yadda";
const USERNAME_SHORT_FORM: &str =
"username=&displayname=Test+User&password=aaaa&pw_verify=aaaa";
const USERNAME_LONG_FORM: &str =
"username=test_user12345678901234567890&displayname=Test+User&password=aaaa&pw_verify=aaaa";
const DISPLAYNAME_LONG_FORM: &str = "username=test_user&displayname=Since+time+immemorial%2C+display+names+have+been+subject+to+a+number+of+conventions%2C+restrictions%2C+usages%2C+and+even+incentives.+Have+we+finally+gone+too+far%3F+In+this+essay%2C+&password=aaaa&pw_verify=aaaa";
#[tokio::test]
async fn password_mismatch() {
let pool = get_pool().await;
let server = server_with_pool(&pool).await;
let body = massage(PASSWORD_MISMATCH_FORM);
let resp = server
.post("/signup")
// failure to sign up is not failure to submit the request
.expect_success()
.bytes(body)
.content_type(FORM_CONTENT_TYPE)
.await;
// no user in db
let user = User::try_get("test_user", &pool).await;
assert!(user.is_err());
let body = std::str::from_utf8(resp.bytes()).unwrap();
let expected =
CreateUserError(crate::signup::CreateUserErrorKind::PasswordMismatch).to_string();
assert_eq!(&expected, body);
}
#[tokio::test]
async fn password_short() {
let pool = get_pool().await;
let server = server_with_pool(&pool).await;
let body = massage(PASSWORD_SHORT_FORM);
let resp = server
.post("/signup")
// failure to sign up is not failure to submit the request
.expect_success()
.bytes(body)
.content_type(FORM_CONTENT_TYPE)
.await;
// no user in db
let user = User::try_get("test_user", &pool).await;
assert!(user.is_err());
let body = std::str::from_utf8(resp.bytes()).unwrap();
let expected =
CreateUserError(crate::signup::CreateUserErrorKind::BadPassword).to_string();
assert_eq!(&expected, body);
}
#[tokio::test]
async fn password_long() {
let pool = get_pool().await;
let server = server_with_pool(&pool).await;
let body = massage(PASSWORD_LONG_FORM);
let resp = server
.post("/signup")
// failure to sign up is not failure to submit the request
.expect_success()
.bytes(body)
.content_type(FORM_CONTENT_TYPE)
.await;
// no user in db
let user = User::try_get("test_user", &pool).await;
assert!(user.is_err());
let body = std::str::from_utf8(resp.bytes()).unwrap();
let expected =
CreateUserError(crate::signup::CreateUserErrorKind::BadPassword).to_string();
assert_eq!(&expected, body);
}
#[tokio::test]
async fn username_short() {
let pool = get_pool().await;
let server = server_with_pool(&pool).await;
let body = massage(USERNAME_SHORT_FORM);
let resp = server
.post("/signup")
// failure to sign up is not failure to submit the request
.expect_success()
.bytes(body)
.content_type(FORM_CONTENT_TYPE)
.await;
// no user in db
let user = User::try_get("test_user", &pool).await;
assert!(user.is_err());
let body = std::str::from_utf8(resp.bytes()).unwrap();
let expected =
CreateUserError(crate::signup::CreateUserErrorKind::BadUsername).to_string();
assert_eq!(&expected, body);
}
#[tokio::test]
async fn username_long() {
let pool = get_pool().await;
let server = server_with_pool(&pool).await;
let body = massage(USERNAME_LONG_FORM);
let resp = server
.post("/signup")
// failure to sign up is not failure to submit the request
.expect_success()
.bytes(body)
.content_type(FORM_CONTENT_TYPE)
.await;
// no user in db
let user = User::try_get("test_user", &pool).await;
assert!(user.is_err());
let body = std::str::from_utf8(resp.bytes()).unwrap();
let expected =
CreateUserError(crate::signup::CreateUserErrorKind::BadUsername).to_string();
assert_eq!(&expected, body);
}
#[tokio::test]
async fn displayname_long() {
let pool = get_pool().await;
let server = server_with_pool(&pool).await;
let body = massage(DISPLAYNAME_LONG_FORM);
let resp = server
.post("/signup")
// failure to sign up is not failure to submit the request
.expect_success()
.bytes(body)
.content_type(FORM_CONTENT_TYPE)
.await;
// no user in db
let user = User::try_get("test_user", &pool).await;
assert!(user.is_err());
let body = std::str::from_utf8(resp.bytes()).unwrap();
let expected =
CreateUserError(crate::signup::CreateUserErrorKind::BadDisplayname).to_string();
assert_eq!(&expected, body);
}
#[tokio::test]
async fn handle_signup_success() {
let pool = get_pool().await;
let server = server_with_pool(&pool).await;
let path = format!("/signup_success/nope");
let resp = server.get(&path).expect_failure().await;
assert_eq!(resp.status_code(), StatusCode::SEE_OTHER);
}
}
}

View file

@ -13,6 +13,10 @@ pub struct CreateUser {
pub pw_verify: String,
}
#[derive(Debug, Clone, Template, Default, Deserialize, Serialize, PartialEq, Eq)]
#[template(path = "signup_success.html")]
pub struct CreateUserSuccess(pub User);
#[derive(Debug, Default, Template, Deserialize, Serialize, PartialEq, Eq)]
#[template(path = "login_post.html")]
pub struct LoginPost {

View file

@ -7,7 +7,7 @@ use crate::User;
pub const FORM_CONTENT_TYPE: &str = "application/x-www-form-urlencoded";
pub fn get_user() -> User {
pub fn get_test_user() -> User {
User {
username: "test_user".to_string(),
// corresponding to a password of "a":
@ -22,7 +22,7 @@ pub async fn server() -> TestServer {
let pool = crate::db::get_pool().await;
let secret = [0u8; 64];
let user = get_user();
let user = get_test_user();
sqlx::query(crate::signup::CREATE_QUERY)
.bind(user.id)
.bind(&user.username)