saasitone/pkg/middleware/auth_test.go

package middleware

import (
	"fmt"
	"net/http"
	"testing"

	"github.com/stretchr/testify/assert"
	"github.com/stretchr/testify/require"

	"git.grosinger.net/tgrosinger/saasitone/pkg/context"
	"git.grosinger.net/tgrosinger/saasitone/pkg/tests"
	"git.grosinger.net/tgrosinger/saasitone/pkg/models/sqlc"
)

func TestLoadAuthenticatedUser(t *testing.T) {
	ctx, _ := tests.NewContext(c.Web, "/")
	tests.InitSession(ctx)
	mw := LoadAuthenticatedUser(c.Auth)

	// Not authenticated
	_ = tests.ExecuteMiddleware(ctx, mw)
	assert.Nil(t, ctx.Get(context.AuthenticatedUserKey))

	// Login
	err := c.Auth.Login(ctx, usr.ID)
	require.NoError(t, err)

	// Verify the midldeware returns the authenticated user
	_ = tests.ExecuteMiddleware(ctx, mw)
	require.NotNil(t, ctx.Get(context.AuthenticatedUserKey))
	ctxUsr, ok := ctx.Get(context.AuthenticatedUserKey).(*sqlc.User)
	require.True(t, ok)
	assert.Equal(t, usr.ID, ctxUsr.ID)
}

func TestRequireAuthentication(t *testing.T) {
	ctx, _ := tests.NewContext(c.Web, "/")
	tests.InitSession(ctx)

	// Not logged in
	err := tests.ExecuteMiddleware(ctx, RequireAuthentication())
	tests.AssertHTTPErrorCode(t, err, http.StatusUnauthorized)

	// Login
	err = c.Auth.Login(ctx, usr.ID)
	require.NoError(t, err)
	_ = tests.ExecuteMiddleware(ctx, LoadAuthenticatedUser(c.Auth))

	// Logged in
	err = tests.ExecuteMiddleware(ctx, RequireAuthentication())
	assert.Nil(t, err)
}

func TestRequireNoAuthentication(t *testing.T) {
	ctx, _ := tests.NewContext(c.Web, "/")
	tests.InitSession(ctx)

	// Not logged in
	err := tests.ExecuteMiddleware(ctx, RequireNoAuthentication())
	assert.Nil(t, err)

	// Login
	err = c.Auth.Login(ctx, usr.ID)
	require.NoError(t, err)
	_ = tests.ExecuteMiddleware(ctx, LoadAuthenticatedUser(c.Auth))

	// Logged in
	err = tests.ExecuteMiddleware(ctx, RequireNoAuthentication())
	tests.AssertHTTPErrorCode(t, err, http.StatusForbidden)
}

func TestLoadValidPasswordToken(t *testing.T) {
	ctx, _ := tests.NewContext(c.Web, "/")
	tests.InitSession(ctx)

	// Missing user context
	err := tests.ExecuteMiddleware(ctx, LoadValidPasswordToken(c.Auth))
	tests.AssertHTTPErrorCode(t, err, http.StatusInternalServerError)

	// Add user and password token context but no token and expect a redirect
	ctx.SetParamNames("user", "password_token")
	ctx.SetParamValues(fmt.Sprintf("%d", usr.ID), "1")
	_ = tests.ExecuteMiddleware(ctx, LoadUser(c.DB))
	err = tests.ExecuteMiddleware(ctx, LoadValidPasswordToken(c.Auth))
	assert.NoError(t, err)
	assert.Equal(t, http.StatusFound, ctx.Response().Status)

	// Add user context and invalid password token and expect a redirect
	ctx.SetParamNames("user", "password_token", "token")
	ctx.SetParamValues(fmt.Sprintf("%d", usr.ID), "1", "faketoken")
	_ = tests.ExecuteMiddleware(ctx, LoadUser(c.DB))
	err = tests.ExecuteMiddleware(ctx, LoadValidPasswordToken(c.Auth))
	assert.NoError(t, err)
	assert.Equal(t, http.StatusFound, ctx.Response().Status)

	// Create a valid token
	token, pt, err := c.Auth.GeneratePasswordResetToken(ctx, usr.ID)
	require.NoError(t, err)

	// Add user and valid password token
	ctx.SetParamNames("user", "password_token", "token")
	ctx.SetParamValues(fmt.Sprintf("%d", usr.ID), fmt.Sprintf("%d", pt.ID), token)
	_ = tests.ExecuteMiddleware(ctx, LoadUser(c.DB))
	err = tests.ExecuteMiddleware(ctx, LoadValidPasswordToken(c.Auth))
	assert.Nil(t, err)
	ctxPt, ok := ctx.Get(context.PasswordTokenKey).(*sqlc.PasswordToken)
	require.True(t, ok)
	assert.Equal(t, pt.ID, ctxPt.ID)
}
Added tests package with helpers. Started on middleware tests. 2021-12-21 12:18:17 -08:00			`package middleware`

			`import (`
Added tests for auth middleware. 2021-12-21 17:29:15 -08:00			`"fmt"`
Added tests package with helpers. Started on middleware tests. 2021-12-21 12:18:17 -08:00			`"net/http"`
			`"testing"`

Rename package 2024-07-09 17:57:05 -07:00			`"github.com/stretchr/testify/assert"`
Added tests package with helpers. Started on middleware tests. 2021-12-21 12:18:17 -08:00			`"github.com/stretchr/testify/require"`

Rename package 2024-07-09 17:57:05 -07:00			`"git.grosinger.net/tgrosinger/saasitone/pkg/context"`
			`"git.grosinger.net/tgrosinger/saasitone/pkg/tests"`
Migrate from ent to sqlc 2024-07-11 21:09:15 -07:00			`"git.grosinger.net/tgrosinger/saasitone/pkg/models/sqlc"`
Added tests package with helpers. Started on middleware tests. 2021-12-21 12:18:17 -08:00			`)`

			`func TestLoadAuthenticatedUser(t *testing.T) {`
			`ctx, _ := tests.NewContext(c.Web, "/")`
			`tests.InitSession(ctx)`
			`mw := LoadAuthenticatedUser(c.Auth)`

			`// Not authenticated`
			`_ = tests.ExecuteMiddleware(ctx, mw)`
			`assert.Nil(t, ctx.Get(context.AuthenticatedUserKey))`

			`// Login`
			`err := c.Auth.Login(ctx, usr.ID)`
			`require.NoError(t, err)`

			`// Verify the midldeware returns the authenticated user`
			`_ = tests.ExecuteMiddleware(ctx, mw)`
			`require.NotNil(t, ctx.Get(context.AuthenticatedUserKey))`
Migrate from ent to sqlc 2024-07-11 21:09:15 -07:00			`ctxUsr, ok := ctx.Get(context.AuthenticatedUserKey).(*sqlc.User)`
Added tests package with helpers. Started on middleware tests. 2021-12-21 12:18:17 -08:00			`require.True(t, ok)`
			`assert.Equal(t, usr.ID, ctxUsr.ID)`
			`}`

			`func TestRequireAuthentication(t *testing.T) {`
			`ctx, _ := tests.NewContext(c.Web, "/")`
			`tests.InitSession(ctx)`

			`// Not logged in`
			`err := tests.ExecuteMiddleware(ctx, RequireAuthentication())`
Added tests for auth middleware. 2021-12-21 17:29:15 -08:00			`tests.AssertHTTPErrorCode(t, err, http.StatusUnauthorized)`
Added tests package with helpers. Started on middleware tests. 2021-12-21 12:18:17 -08:00
			`// Login`
			`err = c.Auth.Login(ctx, usr.ID)`
			`require.NoError(t, err)`
			`_ = tests.ExecuteMiddleware(ctx, LoadAuthenticatedUser(c.Auth))`

			`// Logged in`
			`err = tests.ExecuteMiddleware(ctx, RequireAuthentication())`
Use nil error response for testing middleware execution. 2021-12-22 11:38:00 -08:00			`assert.Nil(t, err)`
Added tests package with helpers. Started on middleware tests. 2021-12-21 12:18:17 -08:00			`}`

			`func TestRequireNoAuthentication(t *testing.T) {`
			`ctx, _ := tests.NewContext(c.Web, "/")`
			`tests.InitSession(ctx)`

			`// Not logged in`
			`err := tests.ExecuteMiddleware(ctx, RequireNoAuthentication())`
Use nil error response for testing middleware execution. 2021-12-22 11:38:00 -08:00			`assert.Nil(t, err)`
Added tests package with helpers. Started on middleware tests. 2021-12-21 12:18:17 -08:00
			`// Login`
			`err = c.Auth.Login(ctx, usr.ID)`
			`require.NoError(t, err)`
			`_ = tests.ExecuteMiddleware(ctx, LoadAuthenticatedUser(c.Auth))`

			`// Logged in`
			`err = tests.ExecuteMiddleware(ctx, RequireNoAuthentication())`
Added tests for auth middleware. 2021-12-21 17:29:15 -08:00			`tests.AssertHTTPErrorCode(t, err, http.StatusForbidden)`
Added tests package with helpers. Started on middleware tests. 2021-12-21 12:18:17 -08:00			`}`

			`func TestLoadValidPasswordToken(t *testing.T) {`
Added tests for auth middleware. 2021-12-21 17:29:15 -08:00			`ctx, _ := tests.NewContext(c.Web, "/")`
			`tests.InitSession(ctx)`
Added tests package with helpers. Started on middleware tests. 2021-12-21 12:18:17 -08:00
Added tests for auth middleware. 2021-12-21 17:29:15 -08:00			`// Missing user context`
			`err := tests.ExecuteMiddleware(ctx, LoadValidPasswordToken(c.Auth))`
			`tests.AssertHTTPErrorCode(t, err, http.StatusInternalServerError)`

Include password token entity ID in reset URL in order to prevent loading all tokens. 2022-01-27 05:44:12 -08:00			`// Add user and password token context but no token and expect a redirect`
			`ctx.SetParamNames("user", "password_token")`
			`ctx.SetParamValues(fmt.Sprintf("%d", usr.ID), "1")`
Migrate from ent to sqlc 2024-07-11 21:09:15 -07:00			`_ = tests.ExecuteMiddleware(ctx, LoadUser(c.DB))`
Added tests for auth middleware. 2021-12-21 17:29:15 -08:00			`err = tests.ExecuteMiddleware(ctx, LoadValidPasswordToken(c.Auth))`
			`assert.NoError(t, err)`
			`assert.Equal(t, http.StatusFound, ctx.Response().Status)`

			`// Add user context and invalid password token and expect a redirect`
Include password token entity ID in reset URL in order to prevent loading all tokens. 2022-01-27 05:44:12 -08:00			`ctx.SetParamNames("user", "password_token", "token")`
			`ctx.SetParamValues(fmt.Sprintf("%d", usr.ID), "1", "faketoken")`
Migrate from ent to sqlc 2024-07-11 21:09:15 -07:00			`_ = tests.ExecuteMiddleware(ctx, LoadUser(c.DB))`
Added tests for auth middleware. 2021-12-21 17:29:15 -08:00			`err = tests.ExecuteMiddleware(ctx, LoadValidPasswordToken(c.Auth))`
			`assert.NoError(t, err)`
			`assert.Equal(t, http.StatusFound, ctx.Response().Status)`

			`// Create a valid token`
			`token, pt, err := c.Auth.GeneratePasswordResetToken(ctx, usr.ID)`
			`require.NoError(t, err)`

			`// Add user and valid password token`
Include password token entity ID in reset URL in order to prevent loading all tokens. 2022-01-27 05:44:12 -08:00			`ctx.SetParamNames("user", "password_token", "token")`
			`ctx.SetParamValues(fmt.Sprintf("%d", usr.ID), fmt.Sprintf("%d", pt.ID), token)`
Migrate from ent to sqlc 2024-07-11 21:09:15 -07:00			`_ = tests.ExecuteMiddleware(ctx, LoadUser(c.DB))`
Added tests for auth middleware. 2021-12-21 17:29:15 -08:00			`err = tests.ExecuteMiddleware(ctx, LoadValidPasswordToken(c.Auth))`
Use nil error response for testing middleware execution. 2021-12-22 11:38:00 -08:00			`assert.Nil(t, err)`
Migrate from ent to sqlc 2024-07-11 21:09:15 -07:00			`ctxPt, ok := ctx.Get(context.PasswordTokenKey).(*sqlc.PasswordToken)`
Added tests for auth middleware. 2021-12-21 17:29:15 -08:00			`require.True(t, ok)`
			`assert.Equal(t, pt.ID, ctxPt.ID)`
Added tests package with helpers. Started on middleware tests. 2021-12-21 12:18:17 -08:00			`}`