Beispiel #1
0
func TestMatchPassword(t *testing.T) {
	initTestDB()
	defer closeTestDB()

	// User does not exist.
	u, err := matchPassword("u", "1234")
	if err == nil {
		t.Fatalf("Should be not nil")
	}

	// User exists but has a different password.
	password := security.PasswordSalt("1111")
	err = createUser("u", password)
	if err != nil {
		t.Fatalf("Expected to be nil: %v", err)
	}
	u, err = matchPassword("u", "1234")
	if err == nil {
		t.Fatalf("Should be not nil")
	}

	// User exists and has this password.
	u, err = matchPassword("u", "1111")
	if err != nil {
		t.Fatalf("Expected to be nil: %v", err)
	}
	if u == "" {
		t.Fatalf("Expected to not be empty")
	}
}
Beispiel #2
0
func TestLogout(t *testing.T) {
	initTestDB()
	defer closeTestDB()

	// Create the user and loggin it in.
	password := security.PasswordSalt("1111")
	createUser("user", password)

	req, err := http.NewRequest("POST", "/", nil)
	if err != nil {
		t.Fatalf("Expected to be nil: %v", err)
	}
	w := httptest.NewRecorder()
	login(w, req)

	// Check that the user has really been logged in.
	var user User
	err = Db.SelectOne(&user, "select * from users")
	if err != nil {
		t.Fatalf("Expected to be nil: %v", err)
	}
	if ck := lib.GetCookie(req, "userId"); ck != user.ID {
		t.Fatalf("Got: %v; expected: %v", ck, user.ID)
	}

	// Logout
	Logout(w, req)
	if lib.GetCookie(req, "userId") != nil {
		t.Fatalf("Expected to be empty")
	}
}
Beispiel #3
0
// UsersCreate responds to: POST /users. It expects the "name" and the
// "password" form values to be present. Moreover, only one user is
// allowed in this application.
func UsersCreate(res http.ResponseWriter, req *http.Request) {
	password := security.PasswordSalt(req.FormValue("password"))

	if err := createUser(req.FormValue("name"), password); err != nil {
		log.Printf("Could not create user: %v", err)
		http.Redirect(res, req, "/", http.StatusForbidden)
	} else {
		http.Redirect(res, req, "/", http.StatusFound)
	}
}
Beispiel #4
0
func TestUserCreateAlreadyExists(t *testing.T) {
	initTestDB()
	defer closeTestDB()

	password := security.PasswordSalt("1234")
	createUser("user", password)

	param := make(url.Values)
	param["name"] = []string{"another"}
	param["password"] = []string{"1234"}

	req, err := http.NewRequest("POST", "/", nil)
	if err != nil {
		t.Fatalf("Expected to be nil: %v", err)
	}
	req.PostForm = param
	w := httptest.NewRecorder()
	UsersCreate(w, req)

	if w.Code != 403 {
		t.Fatalf("Got %v; Expected: %v", w.Code, 403)
	}
	if w.HeaderMap["Location"][0] != "/" {
		t.Fatalf("Got %v; Expected: %v", w.HeaderMap["Location"][0], "/")
	}

	var user User
	err = Db.SelectOne(&user, "select * from users")
	if err != nil {
		t.Fatalf("Expected to be nil: %v", err)
	}
	if user.ID == "" {
		t.Fatalf("Expected to not be empty")
	}
	if user.Name != "user" {
		t.Fatalf("Got %v; Expected: %v", user.Name, "user")
	}
	if user.PasswordHash == "" {
		t.Fatalf("Expected to not be empty")
	}
}
Beispiel #5
0
func TestLoginPage(t *testing.T) {
	initTestDB()
	defer closeTestDB()

	password := security.PasswordSalt("1111")
	createUser("user", password)

	req, err := http.NewRequest("GET", "/", nil)
	if err != nil {
		t.Fatalf("Expected to be nil: %v", err)
	}
	w := httptest.NewRecorder()
	RootIndex(w, req)

	if w.Code != 200 {
		t.Fatalf("Got %v, Expected: %v", w.Code, 200)
	}
	if strings.Contains("<h1>Login</h1>", w.Body.String()) {
		t.Fatalf("Body should've contained '<h1>Login</h1>'")
	}
}
Beispiel #6
0
func TestTopicsRedirect(t *testing.T) {
	initTestDB()
	defer closeTestDB()

	password := security.PasswordSalt("1111")
	createUser("user", password)

	req, err := http.NewRequest("GET", "/", nil)
	if err != nil {
		t.Fatalf("Expected to be nil: %v", err)
	}
	w := httptest.NewRecorder()
	login(w, req)
	RootIndex(w, req)

	if w.Code != 302 {
		t.Fatalf("Got %v, Expected: %v", w.Code, 302)
	}
	if w.HeaderMap["Location"][0] != "/topics" {
		t.Fatalf("Got %v, Expected: %v", w.HeaderMap["Location"][0], "/topics")
	}
}
Beispiel #7
0
func TestLogin(t *testing.T) {
	initTestDB()
	defer closeTestDB()

	// This guy will be re-used throughout this test.
	param := make(url.Values)
	param["name"] = []string{"user"}
	param["password"] = []string{"1234"}

	// No users.
	req, err := http.NewRequest("POST", "/", nil)
	if err != nil {
		t.Fatalf("Expected to be nil: %v", err)
	}
	req.PostForm = param
	w := httptest.NewRecorder()
	Login(w, req)

	if w.Code != 302 {
		t.Fatalf("Got %v, Expected: %v", w.Code, 302)
	}
	if w.HeaderMap["Location"][0] != "/" {
		t.Fatalf("Got %v, Expected: %v", w.HeaderMap["Location"][0], "/")
	}
	if lib.GetCookie(req, "userId") != nil {
		t.Fatalf("Expected to be empty")
	}

	// Wrong password.
	password := security.PasswordSalt("1111")
	createUser("user", password)

	req, err = http.NewRequest("POST", "/", nil)
	if err != nil {
		t.Fatalf("Expected to be nil: %v", err)
	}
	req.PostForm = param
	w = httptest.NewRecorder()
	Login(w, req)

	if w.Code != 302 {
		t.Fatalf("Got %v, Expected: %v", w.Code, 302)
	}
	if w.HeaderMap["Location"][0] != "/" {
		t.Fatalf("Got %v, Expected: %v", w.HeaderMap["Location"][0], "/")
	}
	if lib.GetCookie(req, "userId") != nil {
		t.Fatalf("Expected to be empty")
	}

	// Ok.
	req, err = http.NewRequest("POST", "/", nil)
	if err != nil {
		t.Fatalf("Expected to be nil: %v", err)
	}
	param["password"] = []string{"1111"}
	req.PostForm = param
	w = httptest.NewRecorder()
	Login(w, req)

	if w.Code != 302 {
		t.Fatalf("Got %v, Expected: %v", w.Code, 302)
	}
	if w.HeaderMap["Location"][0] != "/" {
		t.Fatalf("Got %v, Expected: %v", w.HeaderMap["Location"][0], "/")
	}
	if lib.GetCookie(req, "userId") == nil {
		t.Fatalf("Expected to be empty")
	}
	var user User
	err = Db.SelectOne(&user, "select * from users")
	if err != nil {
		t.Fatalf("Expected to be nil: %v", err)
	}
	if lib.GetCookie(req, "userId") != user.ID {
		t.Fatalf("Wrong values")
	}
}
Beispiel #8
0
func TestLoginJson(t *testing.T) {
	initTestDB()
	defer closeTestDB()

	// The body is nil.
	req, err := http.NewRequest("POST", "/login", nil)
	if err != nil {
		t.Fatalf("Expected to be nil: %v", err)
	}
	req.Header.Set("Content-Type", "application/json")
	w := httptest.NewRecorder()
	Login(w, req)

	decoder := json.NewDecoder(w.Body)
	var r lib.Response
	err = decoder.Decode(&r)
	if err != nil {
		t.Fatalf("Expected to be nil: %v", err)
	}
	if r.Error != "Failed!" {
		t.Fatalf("Got %v, Expected: %v", r.Error, "Failed!")
	}

	// The body is correct but there are no users.
	body := "{\"name\":\"mssola\",\"password\":\"1234\"}"
	req, err = http.NewRequest("POST", "/login", strings.NewReader(body))
	if err != nil {
		t.Fatalf("Expected to be nil: %v", err)
	}
	req.Header.Set("Content-Type", "application/json")
	w = httptest.NewRecorder()
	Login(w, req)

	decoder = json.NewDecoder(w.Body)
	err = decoder.Decode(&r)
	if err != nil {
		t.Fatalf("Expected to be nil: %v", err)
	}
	if r.Error != "Failed!" {
		t.Fatalf("Got %v, Expected: %v", r.Error, "Failed!")
	}

	// Everything is fine.
	err = createUser("mssola", security.PasswordSalt("1234"))
	if err != nil {
		t.Fatalf("Expected to be nil: %v", err)
	}
	req, err = http.NewRequest("POST", "/login", strings.NewReader(body))
	if err != nil {
		t.Fatalf("Expected to be nil: %v", err)
	}
	req.Header.Set("Content-Type", "application/json")
	w1 := httptest.NewRecorder()
	Login(w1, req)

	decoder = json.NewDecoder(w1.Body)
	var u1, u2 User
	err = decoder.Decode(&u1)
	if err != nil {
		t.Fatalf("Expected to be nil: %v", err)
	}
	err = Db.SelectOne(&u2, "select * from users")
	if err != nil {
		t.Fatalf("Expected to be nil: %v", err)
	}
	if u1.ID != u2.ID {
		t.Fatalf("Got %v, Expected: %v", u1.ID, u2)
	}

	// Malformed JSON
	body1 := "{\"password\":\"1234\""
	req, err = http.NewRequest("POST", "/login", strings.NewReader(body1))
	if err != nil {
		t.Fatalf("Expected to be nil: %v", err)
	}
	req.Header.Set("Content-Type", "application/json")
	w2 := httptest.NewRecorder()
	Login(w2, req)

	decoder = json.NewDecoder(w2.Body)
	err = decoder.Decode(&r)
	if err != nil {
		t.Fatalf("Expected to be nil: %v", err)
	}
	if r.Error != "Failed!" {
		t.Fatalf("Got %v, Expected: %v", r.Error, "Failed!")
	}
}