github.com/mssola/todo@v0.0.0-20181029153210-d25348dc3f48/app/sessions_test.go (about)

     1  // Copyright (C) 2014-2017 Miquel Sabaté Solà <mikisabate@gmail.com>
     2  //
     3  // This Source Code Form is subject to the terms of the Mozilla Public
     4  // License, v. 2.0. If a copy of the MPL was not distributed with this
     5  // file, You can obtain one at http://mozilla.org/MPL/2.0/.
     6  
     7  package app
     8  
     9  import (
    10  	"encoding/json"
    11  	"net/http"
    12  	"net/http/httptest"
    13  	"net/url"
    14  	"strings"
    15  	"testing"
    16  
    17  	"github.com/mssola/go-utils/security"
    18  	"github.com/mssola/todo/lib"
    19  )
    20  
    21  func login(res http.ResponseWriter, req *http.Request) {
    22  	var user User
    23  	err := Db.SelectOne(&user, "select * from users")
    24  	if err != nil {
    25  		panic("There are no users...")
    26  	}
    27  	lib.SetCookie(res, req, "userId", user.ID)
    28  }
    29  
    30  func TestLogin(t *testing.T) {
    31  	initTestDB()
    32  	defer closeTestDB()
    33  
    34  	// This guy will be re-used throughout this test.
    35  	param := make(url.Values)
    36  	param["name"] = []string{"user"}
    37  	param["password"] = []string{"1234"}
    38  
    39  	// No users.
    40  	req, err := http.NewRequest("POST", "/", nil)
    41  	if err != nil {
    42  		t.Fatalf("Expected to be nil: %v", err)
    43  	}
    44  	req.PostForm = param
    45  	w := httptest.NewRecorder()
    46  	Login(w, req)
    47  
    48  	if w.Code != 302 {
    49  		t.Fatalf("Got %v, Expected: %v", w.Code, 302)
    50  	}
    51  	if w.HeaderMap["Location"][0] != "/" {
    52  		t.Fatalf("Got %v, Expected: %v", w.HeaderMap["Location"][0], "/")
    53  	}
    54  	if lib.GetCookie(req, "userId") != nil {
    55  		t.Fatalf("Expected to be empty")
    56  	}
    57  
    58  	// Wrong password.
    59  	password := security.PasswordSalt("1111")
    60  	createUser("user", password)
    61  
    62  	req, err = http.NewRequest("POST", "/", nil)
    63  	if err != nil {
    64  		t.Fatalf("Expected to be nil: %v", err)
    65  	}
    66  	req.PostForm = param
    67  	w = httptest.NewRecorder()
    68  	Login(w, req)
    69  
    70  	if w.Code != 302 {
    71  		t.Fatalf("Got %v, Expected: %v", w.Code, 302)
    72  	}
    73  	if w.HeaderMap["Location"][0] != "/" {
    74  		t.Fatalf("Got %v, Expected: %v", w.HeaderMap["Location"][0], "/")
    75  	}
    76  	if lib.GetCookie(req, "userId") != nil {
    77  		t.Fatalf("Expected to be empty")
    78  	}
    79  
    80  	// Ok.
    81  	req, err = http.NewRequest("POST", "/", nil)
    82  	if err != nil {
    83  		t.Fatalf("Expected to be nil: %v", err)
    84  	}
    85  	param["password"] = []string{"1111"}
    86  	req.PostForm = param
    87  	w = httptest.NewRecorder()
    88  	Login(w, req)
    89  
    90  	if w.Code != 302 {
    91  		t.Fatalf("Got %v, Expected: %v", w.Code, 302)
    92  	}
    93  	if w.HeaderMap["Location"][0] != "/" {
    94  		t.Fatalf("Got %v, Expected: %v", w.HeaderMap["Location"][0], "/")
    95  	}
    96  	if lib.GetCookie(req, "userId") == nil {
    97  		t.Fatalf("Expected to be empty")
    98  	}
    99  	var user User
   100  	err = Db.SelectOne(&user, "select * from users")
   101  	if err != nil {
   102  		t.Fatalf("Expected to be nil: %v", err)
   103  	}
   104  	if lib.GetCookie(req, "userId") != user.ID {
   105  		t.Fatalf("Wrong values")
   106  	}
   107  }
   108  
   109  func TestLoginJson(t *testing.T) {
   110  	initTestDB()
   111  	defer closeTestDB()
   112  
   113  	// The body is nil.
   114  	req, err := http.NewRequest("POST", "/login", nil)
   115  	if err != nil {
   116  		t.Fatalf("Expected to be nil: %v", err)
   117  	}
   118  	req.Header.Set("Content-Type", "application/json")
   119  	w := httptest.NewRecorder()
   120  	Login(w, req)
   121  
   122  	decoder := json.NewDecoder(w.Body)
   123  	var r lib.Response
   124  	err = decoder.Decode(&r)
   125  	if err != nil {
   126  		t.Fatalf("Expected to be nil: %v", err)
   127  	}
   128  	if r.Error != "Failed!" {
   129  		t.Fatalf("Got %v, Expected: %v", r.Error, "Failed!")
   130  	}
   131  
   132  	// The body is correct but there are no users.
   133  	body := "{\"name\":\"mssola\",\"password\":\"1234\"}"
   134  	req, err = http.NewRequest("POST", "/login", strings.NewReader(body))
   135  	if err != nil {
   136  		t.Fatalf("Expected to be nil: %v", err)
   137  	}
   138  	req.Header.Set("Content-Type", "application/json")
   139  	w = httptest.NewRecorder()
   140  	Login(w, req)
   141  
   142  	decoder = json.NewDecoder(w.Body)
   143  	err = decoder.Decode(&r)
   144  	if err != nil {
   145  		t.Fatalf("Expected to be nil: %v", err)
   146  	}
   147  	if r.Error != "Failed!" {
   148  		t.Fatalf("Got %v, Expected: %v", r.Error, "Failed!")
   149  	}
   150  
   151  	// Everything is fine.
   152  	err = createUser("mssola", security.PasswordSalt("1234"))
   153  	if err != nil {
   154  		t.Fatalf("Expected to be nil: %v", err)
   155  	}
   156  	req, err = http.NewRequest("POST", "/login", strings.NewReader(body))
   157  	if err != nil {
   158  		t.Fatalf("Expected to be nil: %v", err)
   159  	}
   160  	req.Header.Set("Content-Type", "application/json")
   161  	w1 := httptest.NewRecorder()
   162  	Login(w1, req)
   163  
   164  	decoder = json.NewDecoder(w1.Body)
   165  	var u1, u2 User
   166  	err = decoder.Decode(&u1)
   167  	if err != nil {
   168  		t.Fatalf("Expected to be nil: %v", err)
   169  	}
   170  	err = Db.SelectOne(&u2, "select * from users")
   171  	if err != nil {
   172  		t.Fatalf("Expected to be nil: %v", err)
   173  	}
   174  	if u1.ID != u2.ID {
   175  		t.Fatalf("Got %v, Expected: %v", u1.ID, u2)
   176  	}
   177  
   178  	// Malformed JSON
   179  	body1 := "{\"password\":\"1234\""
   180  	req, err = http.NewRequest("POST", "/login", strings.NewReader(body1))
   181  	if err != nil {
   182  		t.Fatalf("Expected to be nil: %v", err)
   183  	}
   184  	req.Header.Set("Content-Type", "application/json")
   185  	w2 := httptest.NewRecorder()
   186  	Login(w2, req)
   187  
   188  	decoder = json.NewDecoder(w2.Body)
   189  	err = decoder.Decode(&r)
   190  	if err != nil {
   191  		t.Fatalf("Expected to be nil: %v", err)
   192  	}
   193  	if r.Error != "Failed!" {
   194  		t.Fatalf("Got %v, Expected: %v", r.Error, "Failed!")
   195  	}
   196  }
   197  
   198  func TestLogout(t *testing.T) {
   199  	initTestDB()
   200  	defer closeTestDB()
   201  
   202  	// Create the user and loggin it in.
   203  	password := security.PasswordSalt("1111")
   204  	createUser("user", password)
   205  
   206  	req, err := http.NewRequest("POST", "/", nil)
   207  	if err != nil {
   208  		t.Fatalf("Expected to be nil: %v", err)
   209  	}
   210  	w := httptest.NewRecorder()
   211  	login(w, req)
   212  
   213  	// Check that the user has really been logged in.
   214  	var user User
   215  	err = Db.SelectOne(&user, "select * from users")
   216  	if err != nil {
   217  		t.Fatalf("Expected to be nil: %v", err)
   218  	}
   219  	if ck := lib.GetCookie(req, "userId"); ck != user.ID {
   220  		t.Fatalf("Got: %v; expected: %v", ck, user.ID)
   221  	}
   222  
   223  	// Logout
   224  	Logout(w, req)
   225  	if lib.GetCookie(req, "userId") != nil {
   226  		t.Fatalf("Expected to be empty")
   227  	}
   228  }