aboutsummaryrefslogtreecommitdiff
path: root/internal/webui/login_test.go
diff options
context:
space:
mode:
Diffstat (limited to 'internal/webui/login_test.go')
-rw-r--r--internal/webui/login_test.go136
1 files changed, 136 insertions, 0 deletions
diff --git a/internal/webui/login_test.go b/internal/webui/login_test.go
new file mode 100644
index 0000000..562095f
--- /dev/null
+++ b/internal/webui/login_test.go
@@ -0,0 +1,136 @@
+package webui
+
+import (
+ "net/http"
+ "net/url"
+ "testing"
+
+ "git.adyxax.org/adyxax/trains/pkg/database"
+ "git.adyxax.org/adyxax/trains/pkg/model"
+ "github.com/stretchr/testify/require"
+)
+
+func TestLoginHandler(t *testing.T) {
+ // test environment setup
+ dbEnv, err := database.InitDB("sqlite3", "file::memory:?_foreign_keys=on")
+ require.Nil(t, err)
+ err = dbEnv.Migrate()
+ require.Nil(t, err)
+ user1, err := dbEnv.CreateUser(&model.UserRegistration{Username: "user1", Password: "password1", Email: "julien@adyxax.org"})
+ require.Nil(t, err)
+ _, err = dbEnv.Login(&model.UserLogin{Username: "user1", Password: "password1"})
+ require.Nil(t, err)
+ token1, err := dbEnv.CreateSession(user1)
+ require.Nil(t, err)
+ e := &env{dbEnv: dbEnv}
+ // test GET requests
+ runHttpTest(t, e, loginHandler, &httpTestCase{
+ name: "a simple get should display the login page",
+ input: httpTestInput{
+ method: http.MethodGet,
+ path: "/login",
+ },
+ expect: httpTestExpect{
+ code: http.StatusOK,
+ bodyString: "<form action=\"/login\"",
+ },
+ })
+ runHttpTest(t, e, loginHandler, &httpTestCase{
+ name: "an invalid or expired token should also just display the login page",
+ input: httpTestInput{
+ method: http.MethodGet,
+ path: "/login",
+ cookie: &http.Cookie{Name: sessionCookieName, Value: "graou"},
+ },
+ expect: httpTestExpect{
+ code: http.StatusOK,
+ bodyString: "<form action=\"/login\"",
+ },
+ })
+ runHttpTest(t, e, loginHandler, &httpTestCase{
+ name: "if already logged in we should be redirected to /",
+ input: httpTestInput{
+ method: http.MethodGet,
+ path: "/login",
+ cookie: &http.Cookie{Name: sessionCookieName, Value: *token1},
+ },
+ expect: httpTestExpect{
+ code: http.StatusFound,
+ location: "/",
+ },
+ })
+ runHttpTest(t, e, loginHandler, &httpTestCase{
+ name: "an invalid path should get a 404",
+ input: httpTestInput{
+ method: http.MethodGet,
+ path: "/login/non_existent",
+ },
+ expect: httpTestExpect{
+ code: http.StatusNotFound,
+ err: &statusError{http.StatusNotFound, simpleErrorMessage},
+ },
+ })
+ runHttpTest(t, e, loginHandler, &httpTestCase{
+ name: "an invalid path should get a 404 even if we are already logged in",
+ input: httpTestInput{
+ method: http.MethodGet,
+ path: "/login/non_existent",
+ cookie: &http.Cookie{Name: sessionCookieName, Value: *token1},
+ },
+ expect: httpTestExpect{
+ code: http.StatusNotFound,
+ err: &statusError{http.StatusNotFound, simpleErrorMessage},
+ },
+ })
+ // Test POST requests
+ runHttpTest(t, e, loginHandler, &httpTestCase{
+ name: "a valid login attempt should succeed and redirect to /",
+ input: httpTestInput{
+ method: http.MethodPost,
+ path: "/login",
+ data: url.Values{
+ "username": []string{"user1"},
+ "password": []string{"password1"},
+ },
+ },
+ expect: httpTestExpect{
+ code: http.StatusFound,
+ location: "/",
+ setsCookie: true,
+ },
+ })
+ //errorNoUsername := newTestRequest(t, http.MethodPost, "/login", nil)
+ //// too many username fields
+ //dataWtfUsername := url.Values{"username": []string{"user1", "user2"}}
+ //errorWtfUsername, err := http.NewRequest(http.MethodPost, "/login", strings.NewReader(dataWtfUsername.Encode()))
+ //require.Nil(t, err)
+ //errorWtfUsername.Header.Add("Content-Type", "application/x-www-form-urlencoded")
+ //// Invalid username
+ //dataInvalidUsername := url.Values{"username": []string{"%"}}
+ //errorInvalidUsername, err := http.NewRequest(http.MethodPost, "/login", strings.NewReader(dataInvalidUsername.Encode()))
+ //require.Nil(t, err)
+ //errorInvalidUsername.Header.Add("Content-Type", "application/x-www-form-urlencoded")
+ //// no password field
+ //dataNoPassword := url.Values{"username": []string{"user1"}}
+ //errorNoPassword, err := http.NewRequest(http.MethodPost, "/login", strings.NewReader(dataNoPassword.Encode()))
+ //require.Nil(t, err)
+ //errorNoPassword.Header.Add("Content-Type", "application/x-www-form-urlencoded")
+ //// too many password fields
+ //dataWtfPassword := url.Values{"username": []string{"user1"}, "password": []string{"user1", "user2"}}
+ //errorWtfPassword, err := http.NewRequest(http.MethodPost, "/login", strings.NewReader(dataWtfPassword.Encode()))
+ //require.Nil(t, err)
+ //errorWtfPassword.Header.Add("Content-Type", "application/x-www-form-urlencoded")
+ //// Invalid password
+ //dataInvalidPassword := url.Values{"username": []string{"user1"}, "password": []string{""}}
+ //errorInvalidPassword, err := http.NewRequest(http.MethodPost, "/login", strings.NewReader(dataInvalidPassword.Encode()))
+ //require.Nil(t, err)
+ //errorInvalidPassword.Header.Add("Content-Type", "application/x-www-form-urlencoded")
+ //// run the tests
+ //// {"error no username", &env{dbEnv: dbEnv}, errorNoUsername, &expected{err: &statusError{code: 500, err: simpleError}}},
+ //// {"error wtf username", &env{dbEnv: dbEnv}, errorWtfUsername, &expected{err: &statusError{code: 500, err: simpleError}}},
+ //// {"error invalid username", &env{dbEnv: dbEnv}, errorInvalidUsername, &expected{err: &statusError{code: 500, err: simpleError}}},
+ //// {"error no password", &env{dbEnv: dbEnv}, errorNoPassword, &expected{err: &statusError{code: 500, err: simpleError}}},
+ //// {"error wtf password", &env{dbEnv: dbEnv}, errorWtfPassword, &expected{err: &statusError{code: 500, err: simpleError}}},
+ //// {"error invalid password", &env{dbEnv: dbEnv}, errorInvalidPassword, &expected{err: &statusError{code: 500, err: simpleError}}},
+ ////}
+}
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-06 19:26:04 +0000