func TestMatchPassword(t *testing.T) {
initTestDB()
defer closeTestDB()
// User does not exist.
u, err := matchPassword("u", "1234")
if err == nil {
t.Fatalf("Should be not nil")
}
// User exists but has a different password.
password := security.PasswordSalt("1111")
err = createUser("u", password)
if err != nil {
t.Fatalf("Expected to be nil: %v", err)
}
u, err = matchPassword("u", "1234")
if err == nil {
t.Fatalf("Should be not nil")
}
// User exists and has this password.
u, err = matchPassword("u", "1111")
if err != nil {
t.Fatalf("Expected to be nil: %v", err)
}
if u == "" {
t.Fatalf("Expected to not be empty")
}
}
func TestLogout(t *testing.T) {
initTestDB()
defer closeTestDB()
// Create the user and loggin it in.
password := security.PasswordSalt("1111")
createUser("user", password)
req, err := http.NewRequest("POST", "/", nil)
if err != nil {
t.Fatalf("Expected to be nil: %v", err)
}
w := httptest.NewRecorder()
login(w, req)
// Check that the user has really been logged in.
var user User
err = Db.SelectOne(&user, "select * from users")
if err != nil {
t.Fatalf("Expected to be nil: %v", err)
}
if ck := lib.GetCookie(req, "userId"); ck != user.ID {
t.Fatalf("Got: %v; expected: %v", ck, user.ID)
}
// Logout
Logout(w, req)
if lib.GetCookie(req, "userId") != nil {
t.Fatalf("Expected to be empty")
}
}
// UsersCreate responds to: POST /users. It expects the "name" and the
// "password" form values to be present. Moreover, only one user is
// allowed in this application.
func UsersCreate(res http.ResponseWriter, req *http.Request) {
password := security.PasswordSalt(req.FormValue("password"))
if err := createUser(req.FormValue("name"), password); err != nil {
log.Printf("Could not create user: %v", err)
http.Redirect(res, req, "/", http.StatusForbidden)
} else {
http.Redirect(res, req, "/", http.StatusFound)
}
}
func TestUserCreateAlreadyExists(t *testing.T) {
initTestDB()
defer closeTestDB()
password := security.PasswordSalt("1234")
createUser("user", password)
param := make(url.Values)
param["name"] = []string{"another"}
param["password"] = []string{"1234"}
req, err := http.NewRequest("POST", "/", nil)
if err != nil {
t.Fatalf("Expected to be nil: %v", err)
}
req.PostForm = param
w := httptest.NewRecorder()
UsersCreate(w, req)
if w.Code != 403 {
t.Fatalf("Got %v; Expected: %v", w.Code, 403)
}
if w.HeaderMap["Location"][0] != "/" {
t.Fatalf("Got %v; Expected: %v", w.HeaderMap["Location"][0], "/")
}
var user User
err = Db.SelectOne(&user, "select * from users")
if err != nil {
t.Fatalf("Expected to be nil: %v", err)
}
if user.ID == "" {
t.Fatalf("Expected to not be empty")
}
if user.Name != "user" {
t.Fatalf("Got %v; Expected: %v", user.Name, "user")
}
if user.PasswordHash == "" {
t.Fatalf("Expected to not be empty")
}
}
func TestLoginPage(t *testing.T) {
initTestDB()
defer closeTestDB()
password := security.PasswordSalt("1111")
createUser("user", password)
req, err := http.NewRequest("GET", "/", nil)
if err != nil {
t.Fatalf("Expected to be nil: %v", err)
}
w := httptest.NewRecorder()
RootIndex(w, req)
if w.Code != 200 {
t.Fatalf("Got %v, Expected: %v", w.Code, 200)
}
if strings.Contains("<h1>Login</h1>", w.Body.String()) {
t.Fatalf("Body should've contained '<h1>Login</h1>'")
}
}
func TestTopicsRedirect(t *testing.T) {
initTestDB()
defer closeTestDB()
password := security.PasswordSalt("1111")
createUser("user", password)
req, err := http.NewRequest("GET", "/", nil)
if err != nil {
t.Fatalf("Expected to be nil: %v", err)
}
w := httptest.NewRecorder()
login(w, req)
RootIndex(w, req)
if w.Code != 302 {
t.Fatalf("Got %v, Expected: %v", w.Code, 302)
}
if w.HeaderMap["Location"][0] != "/topics" {
t.Fatalf("Got %v, Expected: %v", w.HeaderMap["Location"][0], "/topics")
}
}
func TestLogin(t *testing.T) {
initTestDB()
defer closeTestDB()
// This guy will be re-used throughout this test.
param := make(url.Values)
param["name"] = []string{"user"}
param["password"] = []string{"1234"}
// No users.
req, err := http.NewRequest("POST", "/", nil)
if err != nil {
t.Fatalf("Expected to be nil: %v", err)
}
req.PostForm = param
w := httptest.NewRecorder()
Login(w, req)
if w.Code != 302 {
t.Fatalf("Got %v, Expected: %v", w.Code, 302)
}
if w.HeaderMap["Location"][0] != "/" {
t.Fatalf("Got %v, Expected: %v", w.HeaderMap["Location"][0], "/")
}
if lib.GetCookie(req, "userId") != nil {
t.Fatalf("Expected to be empty")
}
// Wrong password.
password := security.PasswordSalt("1111")
createUser("user", password)
req, err = http.NewRequest("POST", "/", nil)
if err != nil {
t.Fatalf("Expected to be nil: %v", err)
}
req.PostForm = param
w = httptest.NewRecorder()
Login(w, req)
if w.Code != 302 {
t.Fatalf("Got %v, Expected: %v", w.Code, 302)
}
if w.HeaderMap["Location"][0] != "/" {
t.Fatalf("Got %v, Expected: %v", w.HeaderMap["Location"][0], "/")
}
if lib.GetCookie(req, "userId") != nil {
t.Fatalf("Expected to be empty")
}
// Ok.
req, err = http.NewRequest("POST", "/", nil)
if err != nil {
t.Fatalf("Expected to be nil: %v", err)
}
param["password"] = []string{"1111"}
req.PostForm = param
w = httptest.NewRecorder()
Login(w, req)
if w.Code != 302 {
t.Fatalf("Got %v, Expected: %v", w.Code, 302)
}
if w.HeaderMap["Location"][0] != "/" {
t.Fatalf("Got %v, Expected: %v", w.HeaderMap["Location"][0], "/")
}
if lib.GetCookie(req, "userId") == nil {
t.Fatalf("Expected to be empty")
}
var user User
err = Db.SelectOne(&user, "select * from users")
if err != nil {
t.Fatalf("Expected to be nil: %v", err)
}
if lib.GetCookie(req, "userId") != user.ID {
t.Fatalf("Wrong values")
}
}
func TestLoginJson(t *testing.T) {
initTestDB()
defer closeTestDB()
// The body is nil.
req, err := http.NewRequest("POST", "/login", nil)
if err != nil {
t.Fatalf("Expected to be nil: %v", err)
}
req.Header.Set("Content-Type", "application/json")
w := httptest.NewRecorder()
Login(w, req)
decoder := json.NewDecoder(w.Body)
var r lib.Response
err = decoder.Decode(&r)
if err != nil {
t.Fatalf("Expected to be nil: %v", err)
}
if r.Error != "Failed!" {
t.Fatalf("Got %v, Expected: %v", r.Error, "Failed!")
}
// The body is correct but there are no users.
body := "{\"name\":\"mssola\",\"password\":\"1234\"}"
req, err = http.NewRequest("POST", "/login", strings.NewReader(body))
if err != nil {
t.Fatalf("Expected to be nil: %v", err)
}
req.Header.Set("Content-Type", "application/json")
w = httptest.NewRecorder()
Login(w, req)
decoder = json.NewDecoder(w.Body)
err = decoder.Decode(&r)
if err != nil {
t.Fatalf("Expected to be nil: %v", err)
}
if r.Error != "Failed!" {
t.Fatalf("Got %v, Expected: %v", r.Error, "Failed!")
}
// Everything is fine.
err = createUser("mssola", security.PasswordSalt("1234"))
if err != nil {
t.Fatalf("Expected to be nil: %v", err)
}
req, err = http.NewRequest("POST", "/login", strings.NewReader(body))
if err != nil {
t.Fatalf("Expected to be nil: %v", err)
}
req.Header.Set("Content-Type", "application/json")
w1 := httptest.NewRecorder()
Login(w1, req)
decoder = json.NewDecoder(w1.Body)
var u1, u2 User
err = decoder.Decode(&u1)
if err != nil {
t.Fatalf("Expected to be nil: %v", err)
}
err = Db.SelectOne(&u2, "select * from users")
if err != nil {
t.Fatalf("Expected to be nil: %v", err)
}
if u1.ID != u2.ID {
t.Fatalf("Got %v, Expected: %v", u1.ID, u2)
}
// Malformed JSON
body1 := "{\"password\":\"1234\""
req, err = http.NewRequest("POST", "/login", strings.NewReader(body1))
if err != nil {
t.Fatalf("Expected to be nil: %v", err)
}
req.Header.Set("Content-Type", "application/json")
w2 := httptest.NewRecorder()
Login(w2, req)
decoder = json.NewDecoder(w2.Body)
err = decoder.Decode(&r)
if err != nil {
t.Fatalf("Expected to be nil: %v", err)
}
if r.Error != "Failed!" {
t.Fatalf("Got %v, Expected: %v", r.Error, "Failed!")
}
}