Factor out common authentication test verification steps into helpers.

These checks tended to be wordy, and were prone to being done subtly differently in different locations for no good reason. Centralizing them cleans this up and makes the tests easier to follow, at the expense of making it somewhat harder to follow what the test is specifically checking.

5 files changed, 96 insertions, 0 deletions

diff --git a/src/test/mod.rs b/src/test/mod.rs
index d066349..ebbbfef 100644
--- a/src/test/mod.rs
+++ b/src/test/mod.rs
@@ -1 +1,2 @@
 pub mod fixtures;
+pub mod verify;
diff --git a/src/test/verify/identity.rs b/src/test/verify/identity.rs
new file mode 100644
index 0000000..226ee74
--- /dev/null
+++ b/src/test/verify/identity.rs
@@ -0,0 +1,33 @@
+use crate::{
+    app::App,
+    name::Name,
+    test::{fixtures, verify},
+    token::{app::ValidateError, extract::IdentityCookie},
+    user::User,
+};
+
+pub async fn valid_for_name(app: &App, identity: &IdentityCookie, name: &Name) {
+    let secret = identity
+        .secret()
+        .expect("identity cookie must be set to be valid");
+    verify::token::valid_for_name(app, &secret, name).await;
+}
+
+pub async fn valid_for_user(app: &App, identity: &IdentityCookie, user: &User) {
+    let secret = identity
+        .secret()
+        .expect("identity cookie must be set to be valid");
+    verify::token::valid_for_user(app, &secret, user).await;
+}
+
+pub async fn invalid(app: &App, identity: &IdentityCookie) {
+    let secret = identity
+        .secret()
+        .expect("identity cookie must be set to be invalid");
+    let validate_err = app
+        .tokens()
+        .validate(&secret, &fixtures::now())
+        .await
+        .expect_err("identity cookie secret must be invalid");
+    assert!(matches!(validate_err, ValidateError::InvalidToken));
+}
diff --git a/src/test/verify/login.rs b/src/test/verify/login.rs
new file mode 100644
index 0000000..3f291a3
--- /dev/null
+++ b/src/test/verify/login.rs
@@ -0,0 +1,25 @@
+use crate::{
+    app::App,
+    name::Name,
+    password::Password,
+    test::{fixtures, verify},
+    token::app::LoginError,
+};
+
+pub async fn valid_login(app: &App, name: &Name, password: &Password) {
+    let secret = app
+        .tokens()
+        .login(&name, &password, &fixtures::now())
+        .await
+        .expect("login credentials expected to be valid");
+    verify::token::valid_for_name(&app, &secret, &name).await;
+}
+
+pub async fn invalid_login(app: &App, name: &Name, password: &Password) {
+    let error = app
+        .tokens()
+        .login(name, password, &fixtures::now())
+        .await
+        .expect_err("login credentials expected not to be valid");
+    assert!(matches!(error, LoginError::Rejected));
+}
diff --git a/src/test/verify/mod.rs b/src/test/verify/mod.rs
new file mode 100644
index 0000000..f809c90
--- /dev/null
+++ b/src/test/verify/mod.rs
@@ -0,0 +1,3 @@
+pub mod identity;
+pub mod login;
+pub mod token;
diff --git a/src/test/verify/token.rs b/src/test/verify/token.rs
new file mode 100644
index 0000000..99cd31f
--- /dev/null
+++ b/src/test/verify/token.rs
@@ -0,0 +1,34 @@
+use crate::{
+    app::App,
+    name::Name,
+    test::fixtures,
+    token::{Secret, app},
+    user::User,
+};
+
+pub async fn valid_for_name(app: &App, secret: &Secret, name: &Name) {
+    let identity = app
+        .tokens()
+        .validate(secret, &fixtures::now())
+        .await
+        .expect("provided secret is valid");
+    assert_eq!(name, &identity.user.name);
+}
+
+pub async fn valid_for_user(app: &App, secret: &Secret, user: &User) {
+    let identity = app
+        .tokens()
+        .validate(secret, &fixtures::now())
+        .await
+        .expect("provided secret is valid");
+    assert_eq!(user, &identity.user);
+}
+
+pub async fn invalid(app: &App, secret: &Secret) {
+    let error = app
+        .tokens()
+        .validate(secret, &fixtures::now())
+        .await
+        .expect_err("provided secret is invalid");
+    assert!(matches!(error, app::ValidateError::InvalidToken));
+}