From 4e3d5ccac99b24934c972e088cd7eb02bb95df06 Mon Sep 17 00:00:00 2001
From: Owen Jacobson <owen@grimoire.ca>
Date: Tue, 17 Jun 2025 02:11:45 -0400
Subject: Handlers are _named operations_, which can be exposed via routes.

Each domain module that exposes handlers does so through a `handlers` child module, ideally as a top-level symbol that can be plugged directly into Axum's `MethodRouter`. Modules could make exceptions to this - kill the doctrinaire inside yourself, after all - but none of the API modules that actually exist need such exceptions, and consistency is useful.

The related details of request types, URL types, response types, errors, &c &c are then organized into modules under `handlers`, along with their respective tests.
---
 src/user/handlers/login/test.rs | 127 ++++++++++++++++++++++++++++++++++++++++
 1 file changed, 127 insertions(+)
 create mode 100644 src/user/handlers/login/test.rs

(limited to 'src/user/handlers/login/test.rs')

diff --git a/src/user/handlers/login/test.rs b/src/user/handlers/login/test.rs
new file mode 100644
index 0000000..b8f24f6
--- /dev/null
+++ b/src/user/handlers/login/test.rs
@@ -0,0 +1,127 @@
+use axum::extract::{Json, State};
+
+use crate::{test::fixtures, token::app};
+
+#[tokio::test]
+async fn correct_credentials() {
+    // Set up the environment
+
+    let app = fixtures::scratch_app().await;
+    let (name, password) = fixtures::user::create_with_password(&app, &fixtures::now()).await;
+
+    // Call the endpoint
+
+    let identity = fixtures::cookie::not_logged_in();
+    let logged_in_at = fixtures::now();
+    let request = super::Request {
+        name: name.clone(),
+        password,
+    };
+    let (identity, Json(response)) =
+        super::handler(State(app.clone()), logged_in_at, identity, Json(request))
+            .await
+            .expect("logged in with valid credentials");
+
+    // Verify the return value's basic structure
+
+    assert_eq!(name, response.name);
+    let secret = identity
+        .secret()
+        .expect("logged in with valid credentials issues an identity cookie");
+
+    // Verify the semantics
+
+    let validated_at = fixtures::now();
+    let (_, validated_login) = app
+        .tokens()
+        .validate(&secret, &validated_at)
+        .await
+        .expect("identity secret is valid");
+
+    assert_eq!(response, validated_login);
+}
+
+#[tokio::test]
+async fn invalid_name() {
+    // Set up the environment
+
+    let app = fixtures::scratch_app().await;
+
+    // Call the endpoint
+
+    let identity = fixtures::cookie::not_logged_in();
+    let logged_in_at = fixtures::now();
+    let (name, password) = fixtures::user::propose();
+    let request = super::Request {
+        name: name.clone(),
+        password,
+    };
+    let super::Error(error) =
+        super::handler(State(app.clone()), logged_in_at, identity, Json(request))
+            .await
+            .expect_err("logged in with an incorrect password fails");
+
+    // Verify the return value's basic structure
+
+    assert!(matches!(error, app::LoginError::Rejected));
+}
+
+#[tokio::test]
+async fn incorrect_password() {
+    // Set up the environment
+
+    let app = fixtures::scratch_app().await;
+    let login = fixtures::user::create(&app, &fixtures::now()).await;
+
+    // Call the endpoint
+
+    let logged_in_at = fixtures::now();
+    let identity = fixtures::cookie::not_logged_in();
+    let request = super::Request {
+        name: login.name,
+        password: fixtures::user::propose_password(),
+    };
+    let super::Error(error) =
+        super::handler(State(app.clone()), logged_in_at, identity, Json(request))
+            .await
+            .expect_err("logged in with an incorrect password");
+
+    // Verify the return value's basic structure
+
+    assert!(matches!(error, app::LoginError::Rejected));
+}
+
+#[tokio::test]
+async fn token_expires() {
+    // Set up the environment
+
+    let app = fixtures::scratch_app().await;
+    let (name, password) = fixtures::user::create_with_password(&app, &fixtures::now()).await;
+
+    // Call the endpoint
+
+    let logged_in_at = fixtures::ancient();
+    let identity = fixtures::cookie::not_logged_in();
+    let request = super::Request { name, password };
+    let (identity, _) = super::handler(State(app.clone()), logged_in_at, identity, Json(request))
+        .await
+        .expect("logged in with valid credentials");
+    let secret = identity.secret().expect("logged in with valid credentials");
+
+    // Verify the semantics
+
+    let expired_at = fixtures::now();
+    app.tokens()
+        .expire(&expired_at)
+        .await
+        .expect("expiring tokens never fails");
+
+    let verified_at = fixtures::now();
+    let error = app
+        .tokens()
+        .validate(&secret, &verified_at)
+        .await
+        .expect_err("validating an expired token");
+
+    assert!(matches!(error, app::ValidateError::InvalidToken));
+}
-- 
cgit v1.2.3