summaryrefslogtreecommitdiff
path: root/src/user/handlers
diff options
context:
space:
mode:
authorOwen Jacobson <owen@grimoire.ca>2025-08-24 16:37:41 -0400
committerOwen Jacobson <owen@grimoire.ca>2025-08-26 00:57:57 -0400
commitc52e24f17ed615b2e2dd55a285eb272014a2ccbf (patch)
tree757fbef4a4e8236f831d859370e4774e86138bd5 /src/user/handlers
parent6c65e97e49d1d56380aa7d71abb0394b08ff60ca (diff)
Factor out common authentication test verification steps into helpers.
These checks tended to be wordy, and were prone to being done subtly differently in different locations for no good reason. Centralizing them cleans this up and makes the tests easier to follow, at the expense of making it somewhat harder to follow what the test is specifically checking.
Diffstat (limited to 'src/user/handlers')
-rw-r--r--src/user/handlers/login/test.rs29
-rw-r--r--src/user/handlers/logout/test.rs14
-rw-r--r--src/user/handlers/password/test.rs44
3 files changed, 18 insertions, 69 deletions
diff --git a/src/user/handlers/login/test.rs b/src/user/handlers/login/test.rs
index cb387ad..56fc2c4 100644
--- a/src/user/handlers/login/test.rs
+++ b/src/user/handlers/login/test.rs
@@ -1,6 +1,10 @@
use axum::extract::{Json, State};
-use crate::{empty::Empty, test::fixtures, token::app};
+use crate::{
+ empty::Empty,
+ test::{fixtures, verify},
+ token::app,
+};
#[tokio::test]
async fn correct_credentials() {
@@ -24,19 +28,7 @@ async fn correct_credentials() {
// Verify the return value's basic structure
- let secret = identity
- .secret()
- .expect("logged in with valid credentials issues an identity cookie");
-
- // Verify the semantics
-
- let validated = app
- .tokens()
- .validate(&secret, &fixtures::now())
- .await
- .expect("identity secret is valid");
-
- assert_eq!(name, validated.user.name);
+ verify::identity::valid_for_name(&app, &identity, &name).await;
}
#[tokio::test]
@@ -114,12 +106,5 @@ async fn token_expires() {
.await
.expect("expiring tokens never fails");
- let verified_at = fixtures::now();
- let error = app
- .tokens()
- .validate(&secret, &verified_at)
- .await
- .expect_err("validating an expired token");
-
- assert!(matches!(error, app::ValidateError::InvalidToken));
+ verify::token::invalid(&app, &secret).await;
}
diff --git a/src/user/handlers/logout/test.rs b/src/user/handlers/logout/test.rs
index 7151ddf..8ad4853 100644
--- a/src/user/handlers/logout/test.rs
+++ b/src/user/handlers/logout/test.rs
@@ -1,6 +1,10 @@
use axum::extract::{Json, State};
-use crate::{empty::Empty, test::fixtures, token::app};
+use crate::{
+ empty::Empty,
+ test::{fixtures, verify},
+ token::app,
+};
#[tokio::test]
async fn successful() {
@@ -24,16 +28,10 @@ async fn successful() {
.expect("logged out with a valid token");
// Verify the return value's basic structure
-
assert!(response_identity.secret().is_none());
// Verify the semantics
- let error = app
- .tokens()
- .validate(&secret, &now)
- .await
- .expect_err("secret is invalid");
- assert!(matches!(error, app::ValidateError::InvalidToken));
+ verify::token::invalid(&app, &secret).await;
}
#[tokio::test]
diff --git a/src/user/handlers/password/test.rs b/src/user/handlers/password/test.rs
index c0f789b..81020a1 100644
--- a/src/user/handlers/password/test.rs
+++ b/src/user/handlers/password/test.rs
@@ -2,8 +2,7 @@ use axum::extract::{Json, State};
use crate::{
empty::Empty,
- test::fixtures,
- token::app::{LoginError, ValidateError},
+ test::{fixtures, verify},
};
#[tokio::test]
@@ -35,47 +34,14 @@ async fn password_change() {
assert_ne!(cookie.secret(), new_cookie.secret());
// Verify that we're still ourselves
- let new_secret = new_cookie
- .secret()
- .expect("we should have a secret after changing our password");
- let new_identity = app
- .tokens()
- .validate(&new_secret, &fixtures::now())
- .await
- .expect("the newly-issued secret should be valid");
- assert_eq!(identity.user, new_identity.user);
+ verify::identity::valid_for_user(&app, &new_cookie, &identity.user).await;
// Verify that our original token is no longer valid
- let validate_err = app
- .tokens()
- .validate(
- &cookie
- .secret()
- .expect("original identity cookie has a secret"),
- &fixtures::now(),
- )
- .await
- .expect_err("validating the original identity secret should fail");
- assert!(matches!(validate_err, ValidateError::InvalidToken));
+ verify::identity::invalid(&app, &cookie).await;
// Verify that our original password is no longer valid
- let login_err = app
- .tokens()
- .login(&name, &password, &fixtures::now())
- .await
- .expect_err("logging in with the original password should fail");
- assert!(matches!(login_err, LoginError::Rejected));
+ verify::login::invalid_login(&app, &name, &password).await;
// Verify that our new password is valid
- let secret = app
- .tokens()
- .login(&name, &to, &fixtures::now())
- .await
- .expect("logging in with the new password should succeed");
- let identity = app
- .tokens()
- .validate(&secret, &fixtures::now())
- .await
- .expect("validating a newly-issued token secret succeeds");
- assert_eq!(name, identity.user.name);
+ verify::login::valid_login(&app, &name, &to).await;
}
generated by cgit v1.2.3 (git 2.39.1) at 2026-01-02 08:14:06 +0000