Beispiel #1
0
func TestUserShow(t *testing.T) {
	record := request.TestServer{t, TestHandler}

	Describe("when fetching a user that exists", func() {
		BeforeEach(func() {
			user := &models.User{Name: "jason", Email: "*****@*****.**"}
			if _, err := models.DB.Create(user); err != nil {
				t.Error(err)
			}
		})

		AfterEach(func() {
			clearTable := "TRUNCATE TABLE users; ALTER SEQUENCE users_id_seq RESTART WITH 1"
			if _, err := models.DB.Exec(clearTable); err != nil {
				t.Error(err)
			}
		})

		It("should return 200", func() {
			record.Get("/user/1").Expect(200)
		})

		It("should return the user's profile page", func() {
			record.Get("/user/1").Expect("jason")
			record.Get("/user/1").Expect("*****@*****.**")
			record.Get("/user/1").Expect("Profile")
		})

		It("should clear the flash cookie", func() {
			// Make an http.ResponseWriter and *http.Request.
			w := httptest.NewRecorder()
			r, err := http.NewRequest("GET", "/", nil)
			if err != nil {
				t.Error(err)
			}

			// Make a flash cookie.
			session, err := models.Store.Get(r, models.FlashName)
			if err != nil {
				t.Error(err)
			}
			session.AddFlash("this is a flash")
			session.Save(r, w)

			// Do a GET with the flash cookie.
			header := w.Header()
			header["Cookie"] = header["Set-Cookie"]
			header.Del("Set-Cookie")
			ctx := record.GetWithHeaders("/user/1", header).Expect("this is a flash")

			// Assert that the response has a Set-Cookie header, meaning that the
			// flash value was changed.
			assert.NotEmpty(t, ctx.ResponseRecorder.Header().Get("Set-Cookie"))
		})
	})

	Describe("when fetching a user that doesn't exist", func() {
		It("should return the not found page", func() {
			record.Get("/user/9000").Expect(404)
			record.Get("/user/9000").Expect("here be a 404")
		})
	})
}
Beispiel #2
0
func TestSessionCreate(t *testing.T) {
	record := request.TestServer{t, TestHandler}

	Describe("when submitting a malformed request", func() {
		body := url.Values{
			"not email":    {"asdf"},
			"not password": {"asdf"},
		}

		It("should return 400", func() {
			record.Post("/login", body).Expect(400).Expect(`schema: invalid path`)
		})
	})

	Describe("when the request fails validation", func() {
		body := url.Values{
			"email":    {"not an actual email"},
			"password": {"password"},
		}

		It("should return 422", func() {
			record.Post("/login", body).Expect(422).Expect("invalid email or password")
		})

		It("should fill in form values after failed submission", func() {
			record.Post("/login", body).
				Expect(`value="not an actual email"`).
				Expect(`value="password"`)
		})
	})

	Describe("when signing in", func() {
		var (
			email    = "*****@*****.**"
			password = "******"
		)

		body := url.Values{
			"email":    {email},
			"password": {password},
		}

		BeforeEach(func() {
			body := url.Values{
				"name":     {"jason"},
				"email":    {email},
				"password": {password},
				"confirm":  {password},
			}

			record.Post("/signup", body).Expect(302)
		})

		AfterEach(func() {
			query := "TRUNCATE TABLE users; ALTER SEQUENCE users_id_seq RESTART WITH 1"
			_, err := models.DB.Exec(query)
			if err != nil {
				t.Error(err)
			}
		})

		// http://stackoverflow.com/questions/15721238/go-serial-execution-of-package-tests
		It("should return 302", func() {
			user := &models.User{ID: 1}
			if err := models.DB.Read(user); err != nil {
				t.Error(err)
			}

			record.Post("/login", body).Expect(302)
		})

		It("should return a session cookie", func() {
			c := record.Post("/login", body).ResponseRecorder.Header().Get("Set-Cookie")
			assert.NotEmpty(t, c)
		})

		It("regression :: should fill in the user's remember digest", func() {
			user := &models.User{ID: 1}
			if err := models.DB.Read(user); err != nil {
				t.Error(err)
			}

			user.RememberDigest = ""
			if err := models.DB.Update(user); err != nil {
				t.Error(err)
			}

			record.Post("/login", body)
			if err := models.DB.Read(user); err != nil {
				t.Error(err)
			}

			assert.NotEmpty(t, user.RememberDigest)
		})

		It("should show a flash message", func() {
			h := record.Post("/login", body).ResponseRecorder.Header()
			h["Cookie"] = h["Set-Cookie"]
			h.Del("Set-Cookie")
			record.GetWithHeaders("/user/1", h).Expect("welcome jason!")
		})

		It("should not show signup and login links", func() {
			h := record.Post("/login", body).ResponseRecorder.Header()
			h["Cookie"] = h["Set-Cookie"]
			h.Del("Set-Cookie")

			ctx := record.GetWithHeaders(h.Get("Location"), h)
			reader := strings.NewReader(ctx.ResponseRecorder.Body.String())
			doc, err := goquery.NewDocumentFromReader(reader)
			if err != nil {
				t.Error(err)
			}

			doc.Find(".nav-item").Each(func(_ int, sel *goquery.Selection) {
				text := sel.Text()
				if strings.Contains(text, "Signup") || strings.Contains(text, "Login") {
					t.Error("whoops, you're logged in but signup and login links are present")
				}
			})
		})
	})
}
Beispiel #3
0
func TestUserCreate(t *testing.T) {
	record := request.TestServer{t, TestHandler}

	Describe("when the request is malformed", func() {
		body := url.Values{}
		body.Set("name", "jason")
		body.Set("not a user field", "asdf")

		It("should return 400", func() {
			record.Post("/signup", body).Expect(400).Expect(`bad request`)
		})
	})

	Describe("when the request fails validation", func() {
		body := url.Values{}
		body.Set("name", "jesse")
		body.Set("email", "*****@*****.**")
		body.Set("password", "some random password")
		body.Set("confirm", "fail confirm")

		It("should return 422", func() {
			record.Post("/signup", body).Expect(422).Expect("password does not match")
		})

		It("should fill in form values after failed submission", func() {
			record.Post("/signup", body).
				Expect(`value="jesse"`).
				Expect(`value="*****@*****.**"`).
				Expect(`value="some random password"`).
				Expect(`value="fail confirm"`)
		})
	})

	Describe("when creating a user that already exists", func() {
		var (
			name  = "jason"
			email = "*****@*****.**"
		)

		BeforeEach(func() {
			user := &models.User{Name: name, Email: email}
			_, err := models.DB.Create(user)
			if err != nil {
				t.Error(err)
			}
		})

		AfterEach(func() {
			query := "TRUNCATE TABLE users; ALTER SEQUENCE users_id_seq RESTART WITH 1"
			_, err := models.DB.Exec(query)
			if err != nil {
				t.Error(err)
			}
		})

		It("should return a 409 for an existing email", func() {
			body := url.Values{}
			body.Set("name", name)
			body.Set("email", email)
			body.Set("password", "somepassword")
			body.Set("confirm", "somepassword")
			record.Post("/signup", body).Expect(409).Expect("email is taken")
		})
	})

	Describe("when creating a user that doesn't exist", func() {
		body := url.Values{
			"name":     {"jason"},
			"email":    {"*****@*****.**"},
			"password": {"somepassword"},
			"confirm":  {"somepassword"},
		}

		AfterEach(func() {
			query := "TRUNCATE TABLE users; ALTER SEQUENCE users_id_seq RESTART WITH 1"
			_, err := models.DB.Exec(query)
			if err != nil {
				t.Error(err)
			}
		})

		It("should sign in", func() {
			ctx := record.Post("/signup", body)
			assert.NotEmpty(t, ctx.ResponseRecorder.Header().Get("Set-Cookie"))
		})

		It("should redirect to the newly created profile", func() {
			ctx := record.Post("/signup", body).Expect(302)
			redirect := ctx.ResponseRecorder.Header().Get("Location")
			assert.Equal(t, "/user/1", redirect)
		})

		It("should work regardless of the current session cookie", func() {
			ctx := record.Post("/signup", body)

			header := ctx.ResponseRecorder.Header()
			header["Cookie"] = header["Set-Cookie"]
			header.Del("Set-Cookie")

			models.Store = sessions.NewCookieStore(
				securecookie.GenerateRandomKey(64),
				securecookie.GenerateRandomKey(16),
			)

			b2 := url.Values{
				"name":     {"jesse"},
				"email":    {"coolstory@bro"},
				"password": {"somepassword"},
				"confirm":  {"somepassword"},
			}

			record.PostWithHeaders("/signup", header, b2).Expect(302)
		})

		It("regression :: should set the password and remember digest", func() {
			record.Post("/signup", body)

			user := &models.User{ID: 1}
			err := models.DB.Read(user)
			if err != nil {
				t.Error(err)
			}

			assert.NotEmpty(t, user.PasswordDigest)
			assert.NotEmpty(t, user.RememberDigest)
		})

		It("should show a welcome flash message", func() {
			ctx := record.Post("/signup", body)
			h := ctx.ResponseRecorder.Header()
			h["Cookie"] = h["Set-Cookie"]
			h.Del("Set-Cookie")
			record.GetWithHeaders("/user/1", h).Expect("welcome jason!")
		})
	})

	Describe("when redirected after successful signup", func() {
		ctx := record.Post("/signup", url.Values{
			"name":     {"jason"},
			"email":    {"*****@*****.**"},
			"password": {"somepassword"},
			"confirm":  {"somepassword"},
		})

		h := ctx.ResponseRecorder.Header()
		h["Cookie"] = h["Set-Cookie"]
		h.Del("Set-Cookie")

		ctx = record.GetWithHeaders("/user/1", h)

		reader := strings.NewReader(ctx.ResponseRecorder.Body.String())
		doc, err := goquery.NewDocumentFromReader(reader)
		if err != nil {
			t.Error(err)
		}

		It("should not show signup and login links", func() {
			doc.Find(".nav-item").Each(func(_ int, sel *goquery.Selection) {
				text := sel.Text()
				if strings.Contains(text, "Signup") || strings.Contains(text, "Login") {
					t.Errorf("whoops, you're logged in but signup and login links are present")
				}
			})
		})
	})
}
Beispiel #4
0
func TestSessionDestroy(t *testing.T) {
	record := request.TestServer{t, TestHandler}

	Describe("when logging out after logging in", func() {
		// Create a user.
		body := url.Values{
			"name":     {"jason"},
			"email":    {"*****@*****.**"},
			"password": {"password"},
			"confirm":  {"password"},
		}
		record.Post("/signup", body).Expect(302)

		// Defer cleanup.
		defer func() {
			clearTable := "TRUNCATE TABLE users; ALTER SEQUENCE users_id_seq RESTART WITH 1"
			_, err := models.DB.Exec(clearTable)
			if err != nil {
				t.Error(err)
			}
		}()

		// Login.
		b2 := url.Values{
			"email":    {"*****@*****.**"},
			"password": {"password"},
		}
		ctx := record.Post("/login", b2).Expect(302)
		header := ctx.ResponseRecorder.Header()
		header["Cookie"] = header["Set-Cookie"]
		header.Del("Set-Cookie")
		ctx = record.GetWithHeaders("/logout", header).Expect(302)

		It("should redirect to the home page", func() {
			assert.Equal(t, ctx.ResponseRecorder.Header().Get("Location"), "/")
		})

		It("should show a flash message", func() {
			redirect := ctx.ResponseRecorder.Header().Get("Location")

			header = ctx.ResponseRecorder.Header()
			header["Cookie"] = header["Set-Cookie"]
			header.Del("Set-Cookie")

			record.GetWithHeaders(redirect, header).Expect("you have been logged out")
		})
	})

	Describe("when the session is invalid", func() {
		// Make an invalid cookie.
		w, _ := NewReqRes(t)
		http.SetCookie(w, &http.Cookie{Name: models.SessionName, Value: "asdf"})

		// Do a GET with the invalid cookie.
		header := w.Header()
		header["Cookie"] = header["Set-Cookie"]
		header.Del("Set-Cookie")
		ctx := record.GetWithHeaders("/logout", header)

		It("should redirect to the home page", func() {
			assert.Equal(t, "/", ctx.ResponseRecorder.Header().Get("Location"))
		})
	})

	Describe("when the session is valid but the user ID is absent", func() {
		// Create a valid session cookie.
		w, r := NewReqRes(t)
		session, err := models.Store.Get(r, models.SessionName)
		if err != nil {
			t.Error(err)
		}
		if session.Save(r, w); err != nil {
			t.Error(err)
		}

		// Do a GET with the valid session cookie.
		header := w.Header()
		header["Cookie"] = header["Set-Cookie"]
		header.Del("Set-Cookie")
		ctx := record.GetWithHeaders("/logout", header)

		It("should clear the session cookie", func() {
			assert.NotEmpty(t, ctx.ResponseRecorder.Header().Get("Set-Cookie"))
		})

		It("should redirect to the home page", func() {
			assert.Equal(t, "/", ctx.ResponseRecorder.Header().Get("Location"))
		})
	})

	Describe("when the session is valid and the user ID is present", func() {
		// Create a user.
		body := url.Values{
			"name":     {"jason"},
			"email":    {"*****@*****.**"},
			"password": {"password"},
			"confirm":  {"password"},
		}
		record.Post("/signup", body).Expect(302)

		// Defer cleanup.
		defer func() {
			clearTable := "TRUNCATE TABLE users; ALTER SEQUENCE users_id_seq RESTART WITH 1"
			_, err := models.DB.Exec(clearTable)
			if err != nil {
				t.Error(err)
			}
		}()

		// Create a valid session cookie.
		w, r := NewReqRes(t)
		session, err := models.Store.Get(r, models.SessionName)
		if err != nil {
			t.Error(err)
		}
		session.Values[models.UserID] = 1
		if session.Save(r, w); err != nil {
			t.Error(err)
		}

		// Do a GET with the valid session cookie.
		header := w.Header()
		header["Cookie"] = header["Set-Cookie"]
		header.Del("Set-Cookie")
		ctx := record.GetWithHeaders("/logout", header)

		It("should clear the session cookie", func() {
			assert.NotEmpty(t, ctx.ResponseRecorder.Header().Get("Set-Cookie"))
		})

		It("should redirect to the home page", func() {
			assert.Equal(t, "/", ctx.ResponseRecorder.Header().Get("Location"))
		})

		It("should clear the remember fields", func() {
			user := &models.User{ID: 1}
			if err := models.DB.Read(user); err != nil {
				t.Error(err)
			}

			assert.Empty(t, user.RememberToken)
			assert.Empty(t, user.RememberDigest)
		})
	})
}