// Scenario #2: // - No User session // - Yes Email Saved // - Yes Profile Saved func TestAuthenticate_Scenario2(t *testing.T) { pro := setup() defer tearDown() var pf *profile.Profile var uRL string var err error var v url.Values var r *http.Request c := context.NewContext(nil) w := httptest.NewRecorder() // Profile Not found v = url.Values{} v.Set("Email", "*****@*****.**") v.Set("Password.Current", "secret1") r = createRequest(v) // Check. if pf, uRL, err = pro.Authenticate(w, r); uRL != "" || err != ErrProfileNotFound { t.Errorf(`url: %v, want: ""`, uRL) t.Errorf(`err: %v, want: %v`, err, ErrProfileNotFound) } // Setup. pf = profile.New("Password", "") pf.UserID = "1" pf.ID = "1" passHash, _ := GenerateFromPassword([]byte("secret1")) pf.Auth = passHash pf.SetKey(c) pf.Person = &person.Person{ Name: &person.PersonName{ GivenName: "Barack", FamilyName: "Obama", }, } _ = pf.Put(c) e := email.New() e.UserID = "1" e.SetKey(c, "*****@*****.**") _ = e.Put(c) // 1. Login // a. Correct password. v = url.Values{} v.Set("Email", "*****@*****.**") v.Set("Password.Current", "secret1") v.Set("Name.GivenName", "Berry") r = createRequest(v) // Check. if pf, uRL, err = pro.Authenticate(w, r); uRL != "" || err != nil { t.Errorf(`url: %v, want: ""`, uRL) t.Fatalf(`err: %v, want: %v`, err, nil) } if x := pf.Person.Name.GivenName; x != "Barack" { t.Errorf(`.Person should not be updated on login`) } // b. In-Correct password. v = url.Values{} v.Set("Email", "*****@*****.**") v.Set("Password.Current", "fakepass") r = createRequest(v) // Check. if _, _, err = pro.Authenticate(w, r); err != ErrPasswordMismatch { t.Errorf(`err: %v, want: %v`, err, ErrPasswordMismatch) } // 2. Update // a. Correct password. v = url.Values{} v.Set("Email", "*****@*****.**") v.Set("Password.Current", "secret1") v.Set("Password.New", "secret2") v.Set("Name.GivenName", "Berry") r = createRequest(v) // Check. if pf, uRL, err = pro.Authenticate(w, r); uRL != "" || err != nil { t.Errorf(`url: %v, want: ""`, uRL) t.Errorf(`err: %v, want: %v`, err, nil) } if x := pf.Person.Name.GivenName; x != "Berry" { t.Errorf(`pf.Person should be updated on update`) } if x := pf.UserID; x != "1" { t.Errorf(`pf.UserID: %v, want %v`, x, "1") } if err := CompareHashAndPassword(pf.Auth, []byte("secret2")); err != nil { t.Errorf(`Password was not changed`) } // b. In-Correct password. v = url.Values{} v.Set("Email", "*****@*****.**") v.Set("Password.Current", "fakepass") v.Set("Password.New", "hacked") v.Set("Name.GivenName", "Bob") r = createRequest(v) // Check. if _, _, err = pro.Authenticate(w, r); err != ErrPasswordMismatch { t.Errorf(`err: %v, want: %v`, err, ErrPasswordMismatch) } // 2. Create - Should login user // a. Correct password. v = url.Values{} v.Set("Email", "*****@*****.**") v.Set("Password.New", "secret1") v.Set("Name.GivenName", "Bob1") r = createRequest(v) // Check. if pf, uRL, err = pro.Authenticate(w, r); uRL != "" || err != nil { t.Errorf(`url: %v, want: ""`, uRL) t.Errorf(`err: %v, want: %v`, err, nil) } if x := pf.Person.Name.GivenName; x != "Bob1" { t.Errorf(`.Person should be updated on update`) } if x := pf.UserID; x != "1" { t.Errorf(`pf.UserID: %v, want %v`, x, "1") } if err := CompareHashAndPassword(pf.Auth, []byte("secret1")); err != nil { t.Errorf(`Password was not changed`) } // b. In-Correct password. v = url.Values{} v.Set("Email", "*****@*****.**") v.Set("Password.New", "fakepass") v.Set("Name.GivenName", "Bob2") r = createRequest(v) // Check. if _, _, err = pro.Authenticate(w, r); err != ErrPasswordMismatch { t.Errorf(`err: %v, want: %v`, err, ErrPasswordMismatch) } }