summaryrefslogtreecommitdiff
path: root/src/user/handlers/login/test.rs
diff options
context:
space:
mode:
Diffstat (limited to 'src/user/handlers/login/test.rs')
-rw-r--r--src/user/handlers/login/test.rs127
1 files changed, 127 insertions, 0 deletions
diff --git a/src/user/handlers/login/test.rs b/src/user/handlers/login/test.rs
new file mode 100644
index 0000000..b8f24f6
--- /dev/null
+++ b/src/user/handlers/login/test.rs
@@ -0,0 +1,127 @@
+use axum::extract::{Json, State};
+
+use crate::{test::fixtures, token::app};
+
+#[tokio::test]
+async fn correct_credentials() {
+ // Set up the environment
+
+ let app = fixtures::scratch_app().await;
+ let (name, password) = fixtures::user::create_with_password(&app, &fixtures::now()).await;
+
+ // Call the endpoint
+
+ let identity = fixtures::cookie::not_logged_in();
+ let logged_in_at = fixtures::now();
+ let request = super::Request {
+ name: name.clone(),
+ password,
+ };
+ let (identity, Json(response)) =
+ super::handler(State(app.clone()), logged_in_at, identity, Json(request))
+ .await
+ .expect("logged in with valid credentials");
+
+ // Verify the return value's basic structure
+
+ assert_eq!(name, response.name);
+ let secret = identity
+ .secret()
+ .expect("logged in with valid credentials issues an identity cookie");
+
+ // Verify the semantics
+
+ let validated_at = fixtures::now();
+ let (_, validated_login) = app
+ .tokens()
+ .validate(&secret, &validated_at)
+ .await
+ .expect("identity secret is valid");
+
+ assert_eq!(response, validated_login);
+}
+
+#[tokio::test]
+async fn invalid_name() {
+ // Set up the environment
+
+ let app = fixtures::scratch_app().await;
+
+ // Call the endpoint
+
+ let identity = fixtures::cookie::not_logged_in();
+ let logged_in_at = fixtures::now();
+ let (name, password) = fixtures::user::propose();
+ let request = super::Request {
+ name: name.clone(),
+ password,
+ };
+ let super::Error(error) =
+ super::handler(State(app.clone()), logged_in_at, identity, Json(request))
+ .await
+ .expect_err("logged in with an incorrect password fails");
+
+ // Verify the return value's basic structure
+
+ assert!(matches!(error, app::LoginError::Rejected));
+}
+
+#[tokio::test]
+async fn incorrect_password() {
+ // Set up the environment
+
+ let app = fixtures::scratch_app().await;
+ let login = fixtures::user::create(&app, &fixtures::now()).await;
+
+ // Call the endpoint
+
+ let logged_in_at = fixtures::now();
+ let identity = fixtures::cookie::not_logged_in();
+ let request = super::Request {
+ name: login.name,
+ password: fixtures::user::propose_password(),
+ };
+ let super::Error(error) =
+ super::handler(State(app.clone()), logged_in_at, identity, Json(request))
+ .await
+ .expect_err("logged in with an incorrect password");
+
+ // Verify the return value's basic structure
+
+ assert!(matches!(error, app::LoginError::Rejected));
+}
+
+#[tokio::test]
+async fn token_expires() {
+ // Set up the environment
+
+ let app = fixtures::scratch_app().await;
+ let (name, password) = fixtures::user::create_with_password(&app, &fixtures::now()).await;
+
+ // Call the endpoint
+
+ let logged_in_at = fixtures::ancient();
+ let identity = fixtures::cookie::not_logged_in();
+ let request = super::Request { name, password };
+ let (identity, _) = super::handler(State(app.clone()), logged_in_at, identity, Json(request))
+ .await
+ .expect("logged in with valid credentials");
+ let secret = identity.secret().expect("logged in with valid credentials");
+
+ // Verify the semantics
+
+ let expired_at = fixtures::now();
+ app.tokens()
+ .expire(&expired_at)
+ .await
+ .expect("expiring tokens never fails");
+
+ let verified_at = fixtures::now();
+ let error = app
+ .tokens()
+ .validate(&secret, &verified_at)
+ .await
+ .expect_err("validating an expired token");
+
+ assert!(matches!(error, app::ValidateError::InvalidToken));
+}
generated by cgit v1.2.3 (git 2.39.1) at 2026-01-02 07:26:09 +0000