// Copyright (C) 2021 Aravinth Manivannan // SPDX-FileCopyrightText: 2023 Aravinth Manivannan // // SPDX-License-Identifier: AGPL-3.0-or-later use actix_web::http::{header, StatusCode}; use actix_web::test; use crate::api::v1::admin::auth::runners::{Login, Register}; use crate::api::v1::ROUTES; use crate::errors::*; use crate::*; use crate::tests::*; #[actix_rt::test] async fn auth_works() { let data = get_test_data().await; const NAME: &str = "testuser"; const PASSWORD: &str = "longpassword"; const EMAIL: &str = "testuser1@a.com"; let app = get_app!(data).await; delete_user(NAME, &data).await; // 1. Register with email == None let msg = Register { username: NAME.into(), password: PASSWORD.into(), confirm_password: PASSWORD.into(), email: None, }; let resp = test::call_service( &app, post_request!(&msg, ROUTES.admin.auth.register).to_request(), ) .await; assert_eq!(resp.status(), StatusCode::OK); // delete user delete_user(NAME, &data).await; // 1. Register and signin let (_, signin_resp) = register_and_signin(&data, NAME, EMAIL, PASSWORD).await; let cookies = get_cookie!(signin_resp); // Sign in with email signin(&data, EMAIL, PASSWORD).await; // 2. check if duplicate username is allowed let mut msg = Register { username: NAME.into(), password: PASSWORD.into(), confirm_password: PASSWORD.into(), email: Some(EMAIL.into()), }; bad_post_req_test( &data, NAME, PASSWORD, ROUTES.admin.auth.register, &msg, ServiceError::UsernameTaken, ) .await; let name = format!("{}dupemail", NAME); msg.username = name; bad_post_req_test( &data, NAME, PASSWORD, ROUTES.admin.auth.register, &msg, ServiceError::EmailTaken, ) .await; // 3. sigining in with non-existent user let mut creds = Login { login: "nonexistantuser".into(), password: msg.password.clone(), }; bad_post_req_test( &data, NAME, PASSWORD, ROUTES.admin.auth.login, &creds, ServiceError::AccountNotFound, ) .await; creds.login = "nonexistantuser@example.com".into(); bad_post_req_test( &data, NAME, PASSWORD, ROUTES.admin.auth.login, &creds, ServiceError::AccountNotFound, ) .await; // 4. trying to signin with wrong password creds.login = NAME.into(); creds.password = NAME.into(); bad_post_req_test( &data, NAME, PASSWORD, ROUTES.admin.auth.login, &creds, ServiceError::WrongPassword, ) .await; // 5. signout let signout_resp = test::call_service( &app, test::TestRequest::get() .uri(ROUTES.admin.auth.logout) .cookie(cookies) .to_request(), ) .await; assert_eq!(signout_resp.status(), StatusCode::FOUND); let headers = signout_resp.headers(); assert_eq!( headers.get(header::LOCATION).unwrap(), crate::V1_API_ROUTES.admin.auth.register, ) } #[actix_rt::test] async fn serverside_password_validation_works() { const NAME: &str = "testuser542"; const PASSWORD: &str = "longpassword2"; let data = get_test_data().await; delete_user(NAME, &data).await; let app = get_app!(data).await; // checking to see if server-side password validation (password == password_config) // works let register_msg = Register { username: NAME.into(), password: PASSWORD.into(), confirm_password: NAME.into(), email: None, }; let resp = test::call_service( &app, post_request!(®ister_msg, ROUTES.admin.auth.register).to_request(), ) .await; assert_eq!(resp.status(), StatusCode::BAD_REQUEST); let txt: ErrorToResponse = test::read_body_json(resp).await; assert_eq!(txt.error, format!("{}", ServiceError::PasswordsDontMatch)); }