auth tests

api/auth.go

@@ -6,6 +6,8 @@ import (
 	"github.com/simon987/task_tracker/storage"
 )
 
+const MinPasswordLength = 8
+const MinUsernameLength = 3
 const MaxUsernameLength = 16
 
 type LoginRequest struct {
@@ -30,7 +32,9 @@ type AccountDetails struct {
 }
 
 func (r *RegisterRequest) isValid() bool {
-	return len(r.Username) <= MaxUsernameLength
+	return MinUsernameLength <= len(r.Username) &&
+		len(r.Username) <= MaxUsernameLength &&
+		MinPasswordLength <= len(r.Password)
 }
 
 type RegisterResponse struct {
@@ -139,6 +143,11 @@ func (api *WebAPI) AccountDetails(r *Request) {
 	sess := api.Session.StartFasthttp(r.Ctx)
 	manager := sess.Get("manager")
 
+	logrus.WithFields(logrus.Fields{
+		"manager": manager,
+		"session": sess,
+	}).Trace("Account details request")
+
 	if manager == nil {
 		r.OkJson(AccountDetails{
 			LoggedIn: false,

test/api_auth_test.go

@@ -0,0 +1,165 @@
+package test
+
+import (
+	"encoding/json"
+	"github.com/simon987/task_tracker/api"
+	"github.com/simon987/task_tracker/config"
+	"io/ioutil"
+	"net/http"
+	"testing"
+)
+
+func TestLoginAndAccountInfo(t *testing.T) {
+
+	regResp := register(&api.RegisterRequest{
+		Username: "testusername",
+		Password: "testpassword",
+	})
+
+	if regResp.Ok != true {
+		t.Error()
+	}
+
+	loginResp, r := login(&api.LoginRequest{
+		Username: "testusername",
+		Password: "testpassword",
+	})
+
+	if loginResp.Ok != true {
+		t.Error()
+	}
+	if loginResp.Manager.Username != "testusername" {
+		t.Error()
+	}
+	if loginResp.Manager.Id == 0 {
+		t.Error()
+	}
+
+	ok := false
+	for _, c := range r.Cookies() {
+		if c.Name == config.Cfg.SessionCookieName {
+			ok = true
+		}
+	}
+	if ok != true {
+		t.Error()
+	}
+
+	url := "http://" + config.Cfg.ServerAddr + "/account"
+	req, err := http.NewRequest("GET", url, nil)
+	for _, c := range r.Cookies() {
+		req.AddCookie(c)
+	}
+
+	client := http.Client{}
+	r, err = client.Do(req)
+	handleErr(err)
+	details := &api.AccountDetails{}
+	data, _ := ioutil.ReadAll(r.Body)
+	err = json.Unmarshal(data, details)
+	handleErr(err)
+
+	if details.LoggedIn != true {
+		t.Error()
+	}
+	if details.Manager.Username != "testusername" {
+		t.Error()
+	}
+	if details.Manager.Id != loginResp.Manager.Id {
+		t.Error()
+	}
+}
+
+func TestInvalidUsernameRegister(t *testing.T) {
+
+	regResp := register(&api.RegisterRequest{
+		Username: "12",
+		Password: "testpassword",
+	})
+
+	if regResp.Ok != false || len(regResp.Message) <= 0 {
+		t.Error()
+	}
+
+	regResp2 := register(&api.RegisterRequest{
+		Username: "12345678901234567",
+		Password: "testpassword",
+	})
+
+	if regResp2.Ok != false || len(regResp2.Message) <= 0 {
+		t.Error()
+	}
+}
+
+func TestInvalidPasswordRegister(t *testing.T) {
+
+	regResp := register(&api.RegisterRequest{
+		Username: "testinvalidpassword1",
+		Password: "12345678",
+	})
+
+	if regResp.Ok != false || len(regResp.Message) <= 0 {
+		t.Error()
+	}
+}
+
+func TestDuplicateUsernameRegister(t *testing.T) {
+
+	r1 := register(&api.RegisterRequest{
+		Password: "testdupeusername",
+		Username: "testdupeusername",
+	})
+
+	if r1.Ok != true {
+		t.Error()
+	}
+
+	r2 := register(&api.RegisterRequest{
+		Password: "testdupeusername",
+		Username: "testdupeusername",
+	})
+	if r2.Ok != false || len(r2.Message) <= 0 {
+		t.Error()
+	}
+}
+
+func TestInvalidCredentialsLogin(t *testing.T) {
+
+	register(&api.RegisterRequest{
+		Password: "testinvalidcreds",
+		Username: "testinvalidcreds",
+	})
+
+	r, _ := login(&api.LoginRequest{
+		Username: "testinvalidcreds",
+		Password: "wrong",
+	})
+
+	if r.Ok != false || len(r.Message) <= 0 {
+		t.Error()
+	}
+}
+
+func register(request *api.RegisterRequest) *api.RegisterResponse {
+
+	r := Post("/register", request, nil)
+
+	resp := &api.RegisterResponse{}
+	data, _ := ioutil.ReadAll(r.Body)
+	err := json.Unmarshal(data, resp)
+	handleErr(err)
+
+	return resp
+}
+
+func login(request *api.LoginRequest) (*api.LoginResponse, *http.Response) {
+
+	r := Post("/login", request, nil)
+
+	resp := &api.LoginResponse{}
+	data, _ := ioutil.ReadAll(r.Body)
+	err := json.Unmarshal(data, resp)
+	handleErr(err)
+
+	return resp, r
+}

test/common.go

@@ -43,7 +43,6 @@ func Get(path string, worker *storage.Worker) *http.Response {
 
 	url := "http://" + config.Cfg.ServerAddr + path
 	req, err := http.NewRequest("GET", url, nil)
-	handleErr(err)
 
 	if worker != nil {