Merge branch 'prop/rename-login-to-user'

1 files changed, 128 insertions, 0 deletions

diff --git a/src/user/routes/login/test.rs b/src/user/routes/login/test.rs
new file mode 100644
index 0000000..d2e7ee2
--- /dev/null
+++ b/src/user/routes/login/test.rs
@@ -0,0 +1,128 @@
+use axum::extract::{Json, State};
+
+use super::post;
+use crate::{test::fixtures, token::app};
+
+#[tokio::test]
+async fn correct_credentials() {
+    // Set up the environment
+
+    let app = fixtures::scratch_app().await;
+    let (name, password) = fixtures::user::create_with_password(&app, &fixtures::now()).await;
+
+    // Call the endpoint
+
+    let identity = fixtures::cookie::not_logged_in();
+    let logged_in_at = fixtures::now();
+    let request = post::Request {
+        name: name.clone(),
+        password,
+    };
+    let (identity, Json(response)) =
+        post::handler(State(app.clone()), logged_in_at, identity, Json(request))
+            .await
+            .expect("logged in with valid credentials");
+
+    // Verify the return value's basic structure
+
+    assert_eq!(name, response.name);
+    let secret = identity
+        .secret()
+        .expect("logged in with valid credentials issues an identity cookie");
+
+    // Verify the semantics
+
+    let validated_at = fixtures::now();
+    let (_, validated_login) = app
+        .tokens()
+        .validate(&secret, &validated_at)
+        .await
+        .expect("identity secret is valid");
+
+    assert_eq!(response, validated_login);
+}
+
+#[tokio::test]
+async fn invalid_name() {
+    // Set up the environment
+
+    let app = fixtures::scratch_app().await;
+
+    // Call the endpoint
+
+    let identity = fixtures::cookie::not_logged_in();
+    let logged_in_at = fixtures::now();
+    let (name, password) = fixtures::user::propose();
+    let request = post::Request {
+        name: name.clone(),
+        password,
+    };
+    let post::Error(error) =
+        post::handler(State(app.clone()), logged_in_at, identity, Json(request))
+            .await
+            .expect_err("logged in with an incorrect password fails");
+
+    // Verify the return value's basic structure
+
+    assert!(matches!(error, app::LoginError::Rejected));
+}
+
+#[tokio::test]
+async fn incorrect_password() {
+    // Set up the environment
+
+    let app = fixtures::scratch_app().await;
+    let login = fixtures::user::create(&app, &fixtures::now()).await;
+
+    // Call the endpoint
+
+    let logged_in_at = fixtures::now();
+    let identity = fixtures::cookie::not_logged_in();
+    let request = post::Request {
+        name: login.name,
+        password: fixtures::user::propose_password(),
+    };
+    let post::Error(error) =
+        post::handler(State(app.clone()), logged_in_at, identity, Json(request))
+            .await
+            .expect_err("logged in with an incorrect password");
+
+    // Verify the return value's basic structure
+
+    assert!(matches!(error, app::LoginError::Rejected));
+}
+
+#[tokio::test]
+async fn token_expires() {
+    // Set up the environment
+
+    let app = fixtures::scratch_app().await;
+    let (name, password) = fixtures::user::create_with_password(&app, &fixtures::now()).await;
+
+    // Call the endpoint
+
+    let logged_in_at = fixtures::ancient();
+    let identity = fixtures::cookie::not_logged_in();
+    let request = post::Request { name, password };
+    let (identity, _) = post::handler(State(app.clone()), logged_in_at, identity, Json(request))
+        .await
+        .expect("logged in with valid credentials");
+    let secret = identity.secret().expect("logged in with valid credentials");
+
+    // Verify the semantics
+
+    let expired_at = fixtures::now();
+    app.tokens()
+        .expire(&expired_at)
+        .await
+        .expect("expiring tokens never fails");
+
+    let verified_at = fixtures::now();
+    let error = app
+        .tokens()
+        .validate(&secret, &verified_at)
+        .await
+        .expect_err("validating an expired token");
+
+    assert!(matches!(error, app::ValidateError::InvalidToken));
+}