github.com/mssola/todo@v0.0.0-20181029153210-d25348dc3f48/app/sessions_test.go (about) 1 // Copyright (C) 2014-2017 Miquel Sabaté Solà <mikisabate@gmail.com> 2 // 3 // This Source Code Form is subject to the terms of the Mozilla Public 4 // License, v. 2.0. If a copy of the MPL was not distributed with this 5 // file, You can obtain one at http://mozilla.org/MPL/2.0/. 6 7 package app 8 9 import ( 10 "encoding/json" 11 "net/http" 12 "net/http/httptest" 13 "net/url" 14 "strings" 15 "testing" 16 17 "github.com/mssola/go-utils/security" 18 "github.com/mssola/todo/lib" 19 ) 20 21 func login(res http.ResponseWriter, req *http.Request) { 22 var user User 23 err := Db.SelectOne(&user, "select * from users") 24 if err != nil { 25 panic("There are no users...") 26 } 27 lib.SetCookie(res, req, "userId", user.ID) 28 } 29 30 func TestLogin(t *testing.T) { 31 initTestDB() 32 defer closeTestDB() 33 34 // This guy will be re-used throughout this test. 35 param := make(url.Values) 36 param["name"] = []string{"user"} 37 param["password"] = []string{"1234"} 38 39 // No users. 40 req, err := http.NewRequest("POST", "/", nil) 41 if err != nil { 42 t.Fatalf("Expected to be nil: %v", err) 43 } 44 req.PostForm = param 45 w := httptest.NewRecorder() 46 Login(w, req) 47 48 if w.Code != 302 { 49 t.Fatalf("Got %v, Expected: %v", w.Code, 302) 50 } 51 if w.HeaderMap["Location"][0] != "/" { 52 t.Fatalf("Got %v, Expected: %v", w.HeaderMap["Location"][0], "/") 53 } 54 if lib.GetCookie(req, "userId") != nil { 55 t.Fatalf("Expected to be empty") 56 } 57 58 // Wrong password. 59 password := security.PasswordSalt("1111") 60 createUser("user", password) 61 62 req, err = http.NewRequest("POST", "/", nil) 63 if err != nil { 64 t.Fatalf("Expected to be nil: %v", err) 65 } 66 req.PostForm = param 67 w = httptest.NewRecorder() 68 Login(w, req) 69 70 if w.Code != 302 { 71 t.Fatalf("Got %v, Expected: %v", w.Code, 302) 72 } 73 if w.HeaderMap["Location"][0] != "/" { 74 t.Fatalf("Got %v, Expected: %v", w.HeaderMap["Location"][0], "/") 75 } 76 if lib.GetCookie(req, "userId") != nil { 77 t.Fatalf("Expected to be empty") 78 } 79 80 // Ok. 81 req, err = http.NewRequest("POST", "/", nil) 82 if err != nil { 83 t.Fatalf("Expected to be nil: %v", err) 84 } 85 param["password"] = []string{"1111"} 86 req.PostForm = param 87 w = httptest.NewRecorder() 88 Login(w, req) 89 90 if w.Code != 302 { 91 t.Fatalf("Got %v, Expected: %v", w.Code, 302) 92 } 93 if w.HeaderMap["Location"][0] != "/" { 94 t.Fatalf("Got %v, Expected: %v", w.HeaderMap["Location"][0], "/") 95 } 96 if lib.GetCookie(req, "userId") == nil { 97 t.Fatalf("Expected to be empty") 98 } 99 var user User 100 err = Db.SelectOne(&user, "select * from users") 101 if err != nil { 102 t.Fatalf("Expected to be nil: %v", err) 103 } 104 if lib.GetCookie(req, "userId") != user.ID { 105 t.Fatalf("Wrong values") 106 } 107 } 108 109 func TestLoginJson(t *testing.T) { 110 initTestDB() 111 defer closeTestDB() 112 113 // The body is nil. 114 req, err := http.NewRequest("POST", "/login", nil) 115 if err != nil { 116 t.Fatalf("Expected to be nil: %v", err) 117 } 118 req.Header.Set("Content-Type", "application/json") 119 w := httptest.NewRecorder() 120 Login(w, req) 121 122 decoder := json.NewDecoder(w.Body) 123 var r lib.Response 124 err = decoder.Decode(&r) 125 if err != nil { 126 t.Fatalf("Expected to be nil: %v", err) 127 } 128 if r.Error != "Failed!" { 129 t.Fatalf("Got %v, Expected: %v", r.Error, "Failed!") 130 } 131 132 // The body is correct but there are no users. 133 body := "{\"name\":\"mssola\",\"password\":\"1234\"}" 134 req, err = http.NewRequest("POST", "/login", strings.NewReader(body)) 135 if err != nil { 136 t.Fatalf("Expected to be nil: %v", err) 137 } 138 req.Header.Set("Content-Type", "application/json") 139 w = httptest.NewRecorder() 140 Login(w, req) 141 142 decoder = json.NewDecoder(w.Body) 143 err = decoder.Decode(&r) 144 if err != nil { 145 t.Fatalf("Expected to be nil: %v", err) 146 } 147 if r.Error != "Failed!" { 148 t.Fatalf("Got %v, Expected: %v", r.Error, "Failed!") 149 } 150 151 // Everything is fine. 152 err = createUser("mssola", security.PasswordSalt("1234")) 153 if err != nil { 154 t.Fatalf("Expected to be nil: %v", err) 155 } 156 req, err = http.NewRequest("POST", "/login", strings.NewReader(body)) 157 if err != nil { 158 t.Fatalf("Expected to be nil: %v", err) 159 } 160 req.Header.Set("Content-Type", "application/json") 161 w1 := httptest.NewRecorder() 162 Login(w1, req) 163 164 decoder = json.NewDecoder(w1.Body) 165 var u1, u2 User 166 err = decoder.Decode(&u1) 167 if err != nil { 168 t.Fatalf("Expected to be nil: %v", err) 169 } 170 err = Db.SelectOne(&u2, "select * from users") 171 if err != nil { 172 t.Fatalf("Expected to be nil: %v", err) 173 } 174 if u1.ID != u2.ID { 175 t.Fatalf("Got %v, Expected: %v", u1.ID, u2) 176 } 177 178 // Malformed JSON 179 body1 := "{\"password\":\"1234\"" 180 req, err = http.NewRequest("POST", "/login", strings.NewReader(body1)) 181 if err != nil { 182 t.Fatalf("Expected to be nil: %v", err) 183 } 184 req.Header.Set("Content-Type", "application/json") 185 w2 := httptest.NewRecorder() 186 Login(w2, req) 187 188 decoder = json.NewDecoder(w2.Body) 189 err = decoder.Decode(&r) 190 if err != nil { 191 t.Fatalf("Expected to be nil: %v", err) 192 } 193 if r.Error != "Failed!" { 194 t.Fatalf("Got %v, Expected: %v", r.Error, "Failed!") 195 } 196 } 197 198 func TestLogout(t *testing.T) { 199 initTestDB() 200 defer closeTestDB() 201 202 // Create the user and loggin it in. 203 password := security.PasswordSalt("1111") 204 createUser("user", password) 205 206 req, err := http.NewRequest("POST", "/", nil) 207 if err != nil { 208 t.Fatalf("Expected to be nil: %v", err) 209 } 210 w := httptest.NewRecorder() 211 login(w, req) 212 213 // Check that the user has really been logged in. 214 var user User 215 err = Db.SelectOne(&user, "select * from users") 216 if err != nil { 217 t.Fatalf("Expected to be nil: %v", err) 218 } 219 if ck := lib.GetCookie(req, "userId"); ck != user.ID { 220 t.Fatalf("Got: %v; expected: %v", ck, user.ID) 221 } 222 223 // Logout 224 Logout(w, req) 225 if lib.GetCookie(req, "userId") != nil { 226 t.Fatalf("Expected to be empty") 227 } 228 }