fix #61 : write all auth related tests

LeGroupeDeFer · Mar 23, 2020 · 4639b1f · 4639b1f
1 parent 27eb3f5
commit 4639b1f
Show file tree

Hide file tree

Showing 6 changed files with 286 additions and 25 deletions.
diff --git a/changelog.md b/changelog.md
@@ -10,6 +10,7 @@ Summary of implemented features classified by release (github tag)
 - add check_email documentation test
 - improve documentation
 - model & db refactoring
+- write all auth related tests
 
 ## [0.1.0] - 2019-03-02
 

diff --git a/tests/auth/activation.rs b/tests/auth/activation.rs
@@ -0,0 +1,167 @@
+//! # Activation
+//!
+//! Here are grouped the registration tests
+//! Those tests attack the `/api/auth/activate` route.
+
+/************************* REQUIRE *******************************************/
+
+use rocket::http::{ContentType, Status};
+
+use unanimitylibrary::database::models::user::User;
+
+use super::super::init;
+
+const ROUTE: &'static str = "/api/auth/activate/";
+
+/**************************** TESTS ******************************************/
+
+#[test]
+fn activation_good_id_good_token() {
+    let client = init::clean_client();
+    let (user, _passwd) = init::get_user(false);
+    let connection = init::database_connection();
+
+    // assert the user is inactive
+    assert!(!user.active);
+
+    let data = format!(
+        "{{\"id\":{}, \"token\":\"{}\"}}",
+        user.id,
+        user.token.unwrap()
+    );
+
+    let request = client.post(ROUTE).header(ContentType::JSON).body(data);
+
+    let response = request.dispatch();
+
+    assert_eq!(response.status(), Status::Ok);
+
+    let activated_user = User::by_email(&connection, &user.email).unwrap();
+
+    assert!(activated_user.active);
+    assert!(activated_user.token.is_none());
+}
+
+#[test]
+fn activation_wrong_id_good_token() {
+    let client = init::clean_client();
+    let (user, _passwd) = init::get_user(false);
+    let connection = init::database_connection();
+
+    // assert the user is inactive
+    assert!(!user.active);
+
+    let mut fake_id = 12;
+    while fake_id == user.id {
+        fake_id += 1;
+    }
+
+    let data = format!(
+        "{{\"id\":{}, \"token\":\"{}\"}}",
+        fake_id,
+        user.token.unwrap()
+    );
+
+    let request = client.post(ROUTE).header(ContentType::JSON).body(data);
+
+    let response = request.dispatch();
+
+    assert_eq!(response.status(), Status::Forbidden);
+
+    let not_so_activated_user = User::by_email(&connection, &user.email).unwrap();
+
+    assert!(!not_so_activated_user.active);
+    assert!(not_so_activated_user.token.is_some());
+}
+
+#[test]
+fn activation_good_id_wrong_token() {
+    let client = init::clean_client();
+    let (user, _passwd) = init::get_user(false);
+    let connection = init::database_connection();
+
+    // assert the user is inactive
+    assert!(!user.active);
+
+    let data = format!(
+        "{{\"id\":{}, \"token\":\"{}\"}}",
+        user.id, "thisisafaketoken"
+    );
+
+    let request = client.post(ROUTE).header(ContentType::JSON).body(data);
+
+    let response = request.dispatch();
+
+    assert_eq!(response.status(), Status::Forbidden);
+
+    let not_so_activated_user = User::by_email(&connection, &user.email).unwrap();
+
+    assert!(!not_so_activated_user.active);
+    assert!(not_so_activated_user.token.is_some());
+}
+
+#[test]
+fn activation_wrong_id_wrong_token() {
+    let client = init::clean_client();
+    let (user, _passwd) = init::get_user(false);
+    let connection = init::database_connection();
+
+    // assert the user is inactive
+    assert!(!user.active);
+
+    let mut fake_id = 12;
+    while fake_id == user.id {
+        fake_id += 1;
+    }
+
+    let data = format!(
+        "{{\"id\":{}, \"token\":\"{}\"}}",
+        fake_id, "thisisafaketoken"
+    );
+
+    let request = client.post(ROUTE).header(ContentType::JSON).body(data);
+
+    let response = request.dispatch();
+
+    assert_eq!(response.status(), Status::Forbidden);
+
+    let not_so_activated_user = User::by_email(&connection, &user.email).unwrap();
+
+    assert!(!not_so_activated_user.active);
+    assert!(not_so_activated_user.token.is_some());
+}
+
+#[test]
+fn double_activation() {
+    let client = init::clean_client();
+    let (user, _passwd) = init::get_user(false);
+    let connection = init::database_connection();
+
+    // assert the user is inactive
+    assert!(!user.active);
+
+    let data = format!(
+        "{{\"id\":{}, \"token\":\"{}\"}}",
+        user.id,
+        user.token.unwrap()
+    );
+
+    let request = client.post(ROUTE).header(ContentType::JSON).body(&data);
+    let response = request.dispatch();
+
+    assert_eq!(response.status(), Status::Ok);
+
+    let activated_user = User::by_email(&connection, &user.email).unwrap();
+
+    assert!(activated_user.active);
+    assert!(activated_user.token.is_none());
+
+    let request_bis = client.post(ROUTE).header(ContentType::JSON).body(&data);
+    let response_bis = request_bis.dispatch();
+
+    assert_eq!(response_bis.status(), Status::Forbidden);
+
+    // the request failed, but the user is still activated
+    assert!(activated_user.active);
+    assert!(activated_user.token.is_none());
+}
diff --git a/tests/auth/login.rs b/tests/auth/login.rs
@@ -0,0 +1,82 @@
+//! # Login
+//!
+//! Here are grouped the login tests
+//! Those tests attack the `/api/auth/login` route.
+
+/************************* REQUIRE *******************************************/
+
+use rocket::http::{ContentType, Status};
+
+use super::super::init;
+
+const ROUTE: &'static str = "/api/auth/login/";
+
+/**************************** TESTS ******************************************/
+
+#[test]
+fn login_user_activated_correct_credentials() {
+    let client = init::clean_client();
+    let (user, password) = init::get_user(true);
+
+    let data = format!(
+        "{{\"email\":\"{}\", \"password\":\"{}\"}}",
+        user.email, password
+    );
+
+    let request = client.post(ROUTE).header(ContentType::JSON).body(data);
+
+    let response = request.dispatch();
+
+    assert_eq!(response.status(), Status::Ok);
+}
+
+#[test]
+fn login_user_activated_wrong_credentials() {
+    let client = init::clean_client();
+    let (user, _password) = init::get_user(true);
+
+    let data = format!(
+        "{{\"email\":\"{}\", \"password\":\"{}\"}}",
+        user.email, "thisisnotacorrectpassword"
+    );
+
+    let request = client.post(ROUTE).header(ContentType::JSON).body(data);
+
+    let response = request.dispatch();
+
+    assert_eq!(response.status(), Status::Unauthorized);
+}
+
+#[test]
+fn login_user_not_activated_correct_credentials() {
+    let client = init::clean_client();
+    let (user, password) = init::get_user(false);
+
+    let data = format!(
+        "{{\"email\":\"{}\", \"password\":\"{}\"}}",
+        user.email, password
+    );
+
+    let request = client.post(ROUTE).header(ContentType::JSON).body(data);
+
+    let response = request.dispatch();
+
+    assert_eq!(response.status(), Status::Forbidden);
+}
+
+#[test]
+fn login_user_not_activated_wrong_credentials() {
+    let client = init::clean_client();
+    let (user, _password) = init::get_user(false);
+
+    let data = format!(
+        "{{\"email\":\"{}\", \"password\":\"{}\"}}",
+        user.email, "thisisnotacorrectpassword"
+    );
+
+    let request = client.post(ROUTE).header(ContentType::JSON).body(data);
+
+    let response = request.dispatch();
+
+    assert_eq!(response.status(), Status::Unauthorized);
+}
diff --git a/tests/auth/mod.rs b/tests/auth/mod.rs
@@ -3,4 +3,6 @@
 //! Here should be grouped every test that is related to the
 //! user's authentication.
 
+mod activation;
+mod login;
 mod register;
diff --git a/tests/auth/register.rs b/tests/auth/register.rs
@@ -16,6 +16,8 @@ use unanimitylibrary::database::schema::users::dsl::users;
 
 use super::super::init;
 
+const ROUTE: &'static str = "/api/auth/register/";
+
 /**************************** TESTS ******************************************/
 
 #[test]
@@ -34,10 +36,7 @@ fn register_new_user() {
      }";
 
     // request the application on the route /api/register
-    let req = client
-        .post("/api/auth/register/")
-        .header(ContentType::JSON)
-        .body(test_user);
+    let req = client.post(ROUTE).header(ContentType::JSON).body(test_user);
     let response = req.dispatch();
 
     // check that the response is OK
@@ -79,10 +78,7 @@ fn register_full_address() {
      }";
 
     // request the application on the route /api/register
-    let req = client
-        .post("/api/auth/register/")
-        .header(ContentType::JSON)
-        .body(test_user);
+    let req = client.post(ROUTE).header(ContentType::JSON).body(test_user);
     let response = req.dispatch();
 
     // check that the response is OK
@@ -131,10 +127,7 @@ fn register_address_wrong_type() {
      }";
 
     // request the application on the route /api/register
-    let req = client
-        .post("/api/auth/register/")
-        .header(ContentType::JSON)
-        .body(test_user);
+    let req = client.post(ROUTE).header(ContentType::JSON).body(test_user);
     let response = req.dispatch();
 
     // check that the response is OK
@@ -167,10 +160,7 @@ fn register_incomplete_address() {
      }";
 
     // request the application on the route /api/register
-    let req = client
-        .post("/api/auth/register/")
-        .header(ContentType::JSON)
-        .body(test_user);
+    let req = client.post(ROUTE).header(ContentType::JSON).body(test_user);
     let response = req.dispatch();
 
     // check that the response is OK
@@ -197,10 +187,7 @@ fn register_with_existing_user() {
      }";
 
     // request the application on the route /api/register
-    let req = client
-        .post("/api/auth/register/")
-        .header(ContentType::JSON)
-        .body(test_user);
+    let req = client.post(ROUTE).header(ContentType::JSON).body(test_user);
     let response = req.dispatch();
 
     // check that the response is OK
@@ -217,10 +204,7 @@ fn register_with_existing_user() {
     // and there is nothing in the address table
     assert_eq!(addresses.load::<Address>(&conn).unwrap().len(), 0);
 
-    let req2 = client
-        .post("/api/auth/register/")
-        .header(ContentType::JSON)
-        .body(test_user);
+    let req2 = client.post(ROUTE).header(ContentType::JSON).body(test_user);
     let response2 = req2.dispatch();
     assert_eq!(response2.status(), Status::Conflict);
 

diff --git a/tests/init.rs b/tests/init.rs
@@ -8,11 +8,12 @@
 use unanimitylibrary::conf::env_setting;
 
 use unanimitylibrary::database;
-use unanimitylibrary::database::models::{address::Address, user::User};
+use unanimitylibrary::database::models::{address::Address, user::User, user::UserMinima};
 use unanimitylibrary::database::schema::addresses::dsl::addresses;
 use unanimitylibrary::database::schema::users::dsl::users;
 
 use diesel::query_dsl::RunQueryDsl;
+use either::*;
 
 /// Truncate all the tables
 pub fn clean() {
@@ -88,3 +89,27 @@ pub fn ignite() -> rocket::Rocket {
 
     rocket::custom(config)
 }
+
+pub fn get_user(active: bool) -> (User, String) {
+    let conn = database_connection();
+
+    let u = UserMinima {
+        email: String::from("guillaume.latour@student.unamur.be"),
+        password: String::from("mysuperpassword"),
+        firstname: String::from("Guillaume"),
+        lastname: String::from("Latour"),
+        address: None,
+        phone: None,
+    };
+
+    let user = match User::insert_minima(&conn, &u) {
+        Left(u) => u,
+        Right(u) => u,
+    };
+
+    if active {
+        user.activate(&conn);
+    }
+
+    (User::by_email(&conn, &u.email).unwrap(), u.password)
+}