12 files changed, 135 insertions, 45 deletions

diff --git a/src/test/fixtures/cookie.rs b/src/test/fixtures/cookie.rs
index f5a32a6..7dc5083 100644
--- a/src/test/fixtures/cookie.rs
+++ b/src/test/fixtures/cookie.rs
@@ -1,11 +1,7 @@
 use uuid::Uuid;
 
 use crate::{
-    app::App,
-    clock::RequestedAt,
-    name::Name,
-    password::Password,
-    token::{Secret, extract::IdentityCookie},
+    app::App, clock::RequestedAt, name::Name, password::Password, token::extract::IdentityCookie,
 };
 
 pub fn not_logged_in() -> IdentityCookie {
@@ -19,18 +15,14 @@ pub async fn logged_in(
 ) -> IdentityCookie {
     let (name, password) = credentials;
     let secret = app
-        .tokens()
-        .login(name, password, now)
+        .logins()
+        .with_password(name, password, now)
         .await
         .expect("should succeed given known-valid credentials");
 
     IdentityCookie::new().set(secret)
 }
 
-pub fn secret(identity: &IdentityCookie) -> Secret {
-    identity.secret().expect("identity contained a secret")
-}
-
 pub fn fictitious() -> IdentityCookie {
     let token = Uuid::new_v4().to_string();
     IdentityCookie::new().set(token)
diff --git a/src/test/fixtures/identity.rs b/src/test/fixtures/identity.rs
index 84e1cf6..93e4a38 100644
--- a/src/test/fixtures/identity.rs
+++ b/src/test/fixtures/identity.rs
@@ -5,7 +5,7 @@ use crate::{
     password::Password,
     test::fixtures,
     token::{
-        self,
+        Token,
         extract::{Identity, IdentityCookie},
     },
 };
@@ -21,13 +21,10 @@ pub async fn from_cookie(
     validated_at: &RequestedAt,
 ) -> Identity {
     let secret = cookie.secret().expect("identity token has a secret");
-    let (token, user) = app
-        .tokens()
+    app.tokens()
         .validate(&secret, validated_at)
         .await
-        .expect("always validates newly-issued secret");
-
-    Identity { token, user }
+        .expect("always validates newly-issued secret")
 }
 
 pub async fn logged_in(
@@ -40,8 +37,8 @@ pub async fn logged_in(
 }
 
 pub fn fictitious() -> Identity {
-    let token = token::Id::generate();
-    let user = fixtures::user::fictitious();
+    let login = fixtures::login::fictitious();
+    let (token, _) = Token::generate(&login, &fixtures::now());
 
-    Identity { token, user }
+    Identity { token, login }
 }
diff --git a/src/test/fixtures/invite.rs b/src/test/fixtures/invite.rs
index 7a41eb6..654d1b4 100644
--- a/src/test/fixtures/invite.rs
+++ b/src/test/fixtures/invite.rs
@@ -2,10 +2,10 @@ use crate::{
     app::App,
     clock::DateTime,
     invite::{self, Invite},
-    user::User,
+    login::Login,
 };
 
-pub async fn issue(app: &App, issuer: &User, issued_at: &DateTime) -> Invite {
+pub async fn issue(app: &App, issuer: &Login, issued_at: &DateTime) -> Invite {
     app.invites()
         .issue(issuer, issued_at)
         .await
diff --git a/src/test/fixtures/login.rs b/src/test/fixtures/login.rs
new file mode 100644
index 0000000..d9aca81
--- /dev/null
+++ b/src/test/fixtures/login.rs
@@ -0,0 +1,21 @@
+use crate::{
+    app::App,
+    clock::DateTime,
+    login::{self, Login},
+    test::fixtures::user::{propose, propose_name},
+};
+
+pub async fn create(app: &App, created_at: &DateTime) -> Login {
+    let (name, password) = propose();
+    app.users()
+        .create(&name, &password, created_at)
+        .await
+        .expect("should always succeed if the user is actually new")
+}
+
+pub fn fictitious() -> Login {
+    Login {
+        id: login::Id::generate(),
+        name: propose_name(),
+    }
+}
diff --git a/src/test/fixtures/message.rs b/src/test/fixtures/message.rs
index 03f8072..92ac1f5 100644
--- a/src/test/fixtures/message.rs
+++ b/src/test/fixtures/message.rs
@@ -4,14 +4,14 @@ use crate::{
     app::App,
     clock::RequestedAt,
     conversation::Conversation,
+    login::Login,
     message::{self, Body, Message},
-    user::User,
 };
 
 pub async fn send(
     app: &App,
     conversation: &Conversation,
-    sender: &User,
+    sender: &Login,
     sent_at: &RequestedAt,
 ) -> Message {
     let body = propose();
diff --git a/src/test/fixtures/mod.rs b/src/test/fixtures/mod.rs
index 87d3fa1..3d69cfa 100644
--- a/src/test/fixtures/mod.rs
+++ b/src/test/fixtures/mod.rs
@@ -9,6 +9,7 @@ pub mod event;
 pub mod future;
 pub mod identity;
 pub mod invite;
+pub mod login;
 pub mod message;
 pub mod user;
 
diff --git a/src/test/fixtures/user.rs b/src/test/fixtures/user.rs
index 086f866..d4d8db4 100644
--- a/src/test/fixtures/user.rs
+++ b/src/test/fixtures/user.rs
@@ -1,13 +1,7 @@
 use faker_rand::{en_us::internet, lorem::Paragraphs};
 use uuid::Uuid;
 
-use crate::{
-    app::App,
-    clock::RequestedAt,
-    name::Name,
-    password::Password,
-    user::{self, User},
-};
+use crate::{app::App, clock::RequestedAt, login::Login, name::Name, password::Password};
 
 pub async fn create_with_password(app: &App, created_at: &RequestedAt) -> (Name, Password) {
     let (name, password) = propose();
@@ -20,19 +14,8 @@ pub async fn create_with_password(app: &App, created_at: &RequestedAt) -> (Name,
     (user.name, password)
 }
 
-pub async fn create(app: &App, created_at: &RequestedAt) -> User {
-    let (name, password) = propose();
-    app.users()
-        .create(&name, &password, created_at)
-        .await
-        .expect("should always succeed if the login is actually new")
-}
-
-pub fn fictitious() -> User {
-    User {
-        id: user::Id::generate(),
-        name: propose_name(),
-    }
+pub async fn create(app: &App, created_at: &RequestedAt) -> Login {
+    super::login::create(app, created_at).await
 }
 
 pub fn propose() -> (Name, Password) {
@@ -43,7 +26,7 @@ pub fn propose_invalid_name() -> Name {
     rand::random::<Paragraphs>().to_string().into()
 }
 
-fn propose_name() -> Name {
+pub(crate) fn propose_name() -> Name {
     rand::random::<internet::Username>().to_string().into()
 }
 
diff --git a/src/test/mod.rs b/src/test/mod.rs
index d066349..ebbbfef 100644
--- a/src/test/mod.rs
+++ b/src/test/mod.rs
@@ -1 +1,2 @@
 pub mod fixtures;
+pub mod verify;
diff --git a/src/test/verify/identity.rs b/src/test/verify/identity.rs
new file mode 100644
index 0000000..8e2d36e
--- /dev/null
+++ b/src/test/verify/identity.rs
@@ -0,0 +1,33 @@
+use crate::{
+    app::App,
+    login::Login,
+    name::Name,
+    test::{fixtures, verify},
+    token::{app::ValidateError, extract::IdentityCookie},
+};
+
+pub async fn valid_for_name(app: &App, identity: &IdentityCookie, name: &Name) {
+    let secret = identity
+        .secret()
+        .expect("identity cookie must be set to be valid");
+    verify::token::valid_for_name(app, &secret, name).await;
+}
+
+pub async fn valid_for_login(app: &App, identity: &IdentityCookie, login: &Login) {
+    let secret = identity
+        .secret()
+        .expect("identity cookie must be set to be valid");
+    verify::token::valid_for_login(app, &secret, login).await;
+}
+
+pub async fn invalid(app: &App, identity: &IdentityCookie) {
+    let secret = identity
+        .secret()
+        .expect("identity cookie must be set to be invalid");
+    let validate_err = app
+        .tokens()
+        .validate(&secret, &fixtures::now())
+        .await
+        .expect_err("identity cookie secret must be invalid");
+    assert!(matches!(validate_err, ValidateError::InvalidToken));
+}
diff --git a/src/test/verify/login.rs b/src/test/verify/login.rs
new file mode 100644
index 0000000..ae2e91e
--- /dev/null
+++ b/src/test/verify/login.rs
@@ -0,0 +1,25 @@
+use crate::{
+    app::App,
+    login::app::LoginError,
+    name::Name,
+    password::Password,
+    test::{fixtures, verify},
+};
+
+pub async fn valid_login(app: &App, name: &Name, password: &Password) {
+    let secret = app
+        .logins()
+        .with_password(name, password, &fixtures::now())
+        .await
+        .expect("login credentials expected to be valid");
+    verify::token::valid_for_name(&app, &secret, &name).await;
+}
+
+pub async fn invalid_login(app: &App, name: &Name, password: &Password) {
+    let error = app
+        .logins()
+        .with_password(name, password, &fixtures::now())
+        .await
+        .expect_err("login credentials expected not to be valid");
+    assert!(matches!(error, LoginError::Rejected));
+}
diff --git a/src/test/verify/mod.rs b/src/test/verify/mod.rs
new file mode 100644
index 0000000..f809c90
--- /dev/null
+++ b/src/test/verify/mod.rs
@@ -0,0 +1,3 @@
+pub mod identity;
+pub mod login;
+pub mod token;
diff --git a/src/test/verify/token.rs b/src/test/verify/token.rs
new file mode 100644
index 0000000..adc4397
--- /dev/null
+++ b/src/test/verify/token.rs
@@ -0,0 +1,34 @@
+use crate::{
+    app::App,
+    login::Login,
+    name::Name,
+    test::fixtures,
+    token::{Secret, app},
+};
+
+pub async fn valid_for_name(app: &App, secret: &Secret, name: &Name) {
+    let identity = app
+        .tokens()
+        .validate(secret, &fixtures::now())
+        .await
+        .expect("provided secret is valid");
+    assert_eq!(name, &identity.login.name);
+}
+
+pub async fn valid_for_login(app: &App, secret: &Secret, login: &Login) {
+    let identity = app
+        .tokens()
+        .validate(secret, &fixtures::now())
+        .await
+        .expect("provided secret is valid");
+    assert_eq!(login, &identity.login);
+}
+
+pub async fn invalid(app: &App, secret: &Secret) {
+    let error = app
+        .tokens()
+        .validate(secret, &fixtures::now())
+        .await
+        .expect_err("provided secret is invalid");
+    assert!(matches!(error, app::ValidateError::InvalidToken));
+}