wallet-sync-server/server/auth_test.go

package server

import (
	"bytes"
	"encoding/json"
	"fmt"
	"io/ioutil"
	"net/http"
	"net/http/httptest"
	"orblivion/lbry-id/auth"
	"orblivion/lbry-id/store"
	"testing"
)

func TestServerAuthHandlerSuccess(t *testing.T) {
	testAuth := TestAuth{TestToken: auth.TokenString("seekrit")}
	testStore := TestStore{}
	s := Server{&testAuth, &testStore}

	requestBody := []byte(`{"deviceId": "dev-1", "email": "abc@example.com", "password": "123"}`)

	req := httptest.NewRequest(http.MethodPost, PathAuthToken, bytes.NewBuffer(requestBody))
	w := httptest.NewRecorder()

	s.getAuthToken(w, req)
	body, _ := ioutil.ReadAll(w.Body)

	if want, got := http.StatusOK, w.Result().StatusCode; want != got {
		t.Errorf("StatusCode: expected %s (%d), got %s (%d)", http.StatusText(want), want, http.StatusText(got), got)
	}

	var result auth.AuthToken
	err := json.Unmarshal(body, &result)

	if err != nil || result.Token != testAuth.TestToken {
		t.Errorf("Expected auth response to contain token: result: %+v err: %+v", string(body), err)
	}

	if !testStore.Called.SaveToken {
		t.Errorf("Expected Store.SaveToken to be called")
	}
}

func TestServerAuthHandlerErrors(t *testing.T) {
	tt := []struct {
		name                string
		expectedStatusCode  int
		expectedErrorString string

		storeErrors      TestStoreFunctionsErrors
		authFailGenToken bool
	}{
		{
			name:                "login fail",
			expectedStatusCode:  http.StatusUnauthorized,
			expectedErrorString: http.StatusText(http.StatusUnauthorized) + ": No match for email and password",

			storeErrors: TestStoreFunctionsErrors{GetUserId: store.ErrNoUId},
		},
		{
			name:                "generate token fail",
			expectedStatusCode:  http.StatusInternalServerError,
			expectedErrorString: http.StatusText(http.StatusInternalServerError),

			authFailGenToken: true,
		},
		{
			name:                "save token fail",
			expectedStatusCode:  http.StatusInternalServerError,
			expectedErrorString: http.StatusText(http.StatusInternalServerError),

			storeErrors: TestStoreFunctionsErrors{SaveToken: fmt.Errorf("TestStore.SaveToken fail")},
		},
	}
	for _, tc := range tt {
		t.Run(tc.name, func(t *testing.T) {

			// Set this up to fail according to specification
			testAuth := TestAuth{TestToken: auth.TokenString("seekrit")}
			testStore := TestStore{Errors: tc.storeErrors}
			if tc.authFailGenToken { // TODO - TestAuth{Errors:authErrors}
				testAuth.FailGenToken = true
			}
			server := Server{&testAuth, &testStore}

			// Make request
			// So long as the JSON is well-formed, the content doesn't matter here since the password check will be stubbed out
			requestBody := `{"deviceId": "dev-1", "email": "abc@example.com", "password": "123"}`
			req := httptest.NewRequest(http.MethodPost, PathAuthToken, bytes.NewBuffer([]byte(requestBody)))
			w := httptest.NewRecorder()

			server.getAuthToken(w, req)

			expectErrorResponse(t, w, tc.expectedStatusCode, tc.expectedErrorString)
		})
	}
}

func TestServerValidateAuthRequest(t *testing.T) {
	authRequest := AuthRequest{DeviceId: "dId", Email: "joe@example.com", Password: "aoeu"}
	if !authRequest.validate() {
		t.Fatalf("Expected valid AuthRequest to successfully validate")
	}

	authRequest = AuthRequest{Email: "joe@example.com", Password: "aoeu"}
	if authRequest.validate() {
		t.Fatalf("Expected AuthRequest with missing device to not successfully validate")
	}

	authRequest = AuthRequest{DeviceId: "dId", Email: "joe-example.com", Password: "aoeu"}
	if authRequest.validate() {
		t.Fatalf("Expected AuthRequest with invalid email to not successfully validate")
	}

	// Note that Golang's email address parser, which I use, will accept
	// "Joe <joe@example.com>" so we need to make sure to avoid accepting it. See
	// the implementation.
	authRequest = AuthRequest{DeviceId: "dId", Email: "Joe <joe@example.com>", Password: "aoeu"}
	if authRequest.validate() {
		t.Fatalf("Expected AuthRequest with email with unexpected formatting to not successfully validate")
	}

	authRequest = AuthRequest{DeviceId: "dId", Password: "aoeu"}
	if authRequest.validate() {
		t.Fatalf("Expected AuthRequest with missing email to not successfully validate")
	}

	authRequest = AuthRequest{DeviceId: "dId", Email: "joe@example.com"}
	if authRequest.validate() {
		t.Fatalf("Expected AuthRequest with missing password to not successfully validate")
	}
}
Get/Post WalletState, account recover, test client A few things at once because it was faster to get a demo out the door. Skipping most test implementation though I made failing stubs so I know what to fill in later. * Get/Post WalletState * downloadKey/email so that a second client can log in, and/or recover from lost client * Test client in Python to demonstrate the above * Organize into packages 2021-12-25 02:16:58 +01:00			`package server`
Tested auth endpoint 2021-12-10 22:35:47 +01:00
			`import (`
			`"bytes"`
			`"encoding/json"`
Switch to specifying errors to return for mocked store functions. 2022-06-19 22:40:16 +02:00			`"fmt"`
Tested auth endpoint 2021-12-10 22:35:47 +01:00			`"io/ioutil"`
			`"net/http"`
			`"net/http/httptest"`
Get/Post WalletState, account recover, test client A few things at once because it was faster to get a demo out the door. Skipping most test implementation though I made failing stubs so I know what to fill in later. * Get/Post WalletState * downloadKey/email so that a second client can log in, and/or recover from lost client * Test client in Python to demonstrate the above * Organize into packages 2021-12-25 02:16:58 +01:00			`"orblivion/lbry-id/auth"`
Switch to specifying errors to return for mocked store functions. 2022-06-19 22:40:16 +02:00			`"orblivion/lbry-id/store"`
Tested auth endpoint 2021-12-10 22:35:47 +01:00			`"testing"`
			`)`

Implement and test a basic sqlite store 2021-12-19 23:24:43 +01:00			`func TestServerAuthHandlerSuccess(t *testing.T) {`
Protocol changes * Regress from `lastSynced` to just `sequence` to start with something simpler * Simplified payload: separate metadata, assume canonical way to hmac it together * No more "wallet state" except as a simple wrapper on the front end * Version number in wallet payloads 2022-06-09 23:04:49 +02:00			`testAuth := TestAuth{TestToken: auth.TokenString("seekrit")}`
Tested auth endpoint 2021-12-10 22:35:47 +01:00			`testStore := TestStore{}`
Protocol changes * Regress from `lastSynced` to just `sequence` to start with something simpler * Simplified payload: separate metadata, assume canonical way to hmac it together * No more "wallet state" except as a simple wrapper on the front end * Version number in wallet payloads 2022-06-09 23:04:49 +02:00			`s := Server{&testAuth, &testStore}`
Tested auth endpoint 2021-12-10 22:35:47 +01:00
Change to normal password auth, and various things 2022-06-07 19:25:14 +02:00			requestBody := []byte(`{"deviceId": "dev-1", "email": "abc@example.com", "password": "123"}`)
Tested auth endpoint 2021-12-10 22:35:47 +01:00
"Full" in Auth endpoint name is no longer useful 2022-06-08 00:24:01 +02:00			`req := httptest.NewRequest(http.MethodPost, PathAuthToken, bytes.NewBuffer(requestBody))`
Tested auth endpoint 2021-12-10 22:35:47 +01:00			`w := httptest.NewRecorder()`

"Full" in Auth endpoint name is no longer useful 2022-06-08 00:24:01 +02:00			`s.getAuthToken(w, req)`
Tested auth endpoint 2021-12-10 22:35:47 +01:00			`body, _ := ioutil.ReadAll(w.Body)`

			`if want, got := http.StatusOK, w.Result().StatusCode; want != got {`
			`t.Errorf("StatusCode: expected %s (%d), got %s (%d)", http.StatusText(want), want, http.StatusText(got), got)`
			`}`

Test getWallet (via handleWallet) 2022-06-20 00:54:59 +02:00			`var result auth.AuthToken`
Tested auth endpoint 2021-12-10 22:35:47 +01:00			`err := json.Unmarshal(body, &result)`

			`if err != nil \|\| result.Token != testAuth.TestToken {`
			`t.Errorf("Expected auth response to contain token: result: %+v err: %+v", string(body), err)`
			`}`

Better organized fake store functions for server test 2022-06-17 18:52:17 +02:00			`if !testStore.Called.SaveToken {`
Tested auth endpoint 2021-12-10 22:35:47 +01:00			`t.Errorf("Expected Store.SaveToken to be called")`
			`}`
			`}`

Implement and test a basic sqlite store 2021-12-19 23:24:43 +01:00			`func TestServerAuthHandlerErrors(t *testing.T) {`
Tested auth endpoint 2021-12-10 22:35:47 +01:00			`tt := []struct {`
			`name string`
			`expectedStatusCode int`
			`expectedErrorString string`

Switch to specifying errors to return for mocked store functions. 2022-06-19 22:40:16 +02:00			`storeErrors TestStoreFunctionsErrors`
Tested auth endpoint 2021-12-10 22:35:47 +01:00			`authFailGenToken bool`
			`}{`
			`{`
Switch to specifying errors to return for mocked store functions. 2022-06-19 22:40:16 +02:00			`name: "login fail",`
Change to normal password auth, and various things 2022-06-07 19:25:14 +02:00			`expectedStatusCode: http.StatusUnauthorized,`
			`expectedErrorString: http.StatusText(http.StatusUnauthorized) + ": No match for email and password",`
Tested auth endpoint 2021-12-10 22:35:47 +01:00
Switch to specifying errors to return for mocked store functions. 2022-06-19 22:40:16 +02:00			`storeErrors: TestStoreFunctionsErrors{GetUserId: store.ErrNoUId},`
Tested auth endpoint 2021-12-10 22:35:47 +01:00			`},`
			`{`
			`name: "generate token fail",`
			`expectedStatusCode: http.StatusInternalServerError,`
Get/Post WalletState, account recover, test client A few things at once because it was faster to get a demo out the door. Skipping most test implementation though I made failing stubs so I know what to fill in later. * Get/Post WalletState * downloadKey/email so that a second client can log in, and/or recover from lost client * Test client in Python to demonstrate the above * Organize into packages 2021-12-25 02:16:58 +01:00			`expectedErrorString: http.StatusText(http.StatusInternalServerError),`
Tested auth endpoint 2021-12-10 22:35:47 +01:00
			`authFailGenToken: true,`
			`},`
			`{`
			`name: "save token fail",`
			`expectedStatusCode: http.StatusInternalServerError,`
Get/Post WalletState, account recover, test client A few things at once because it was faster to get a demo out the door. Skipping most test implementation though I made failing stubs so I know what to fill in later. * Get/Post WalletState * downloadKey/email so that a second client can log in, and/or recover from lost client * Test client in Python to demonstrate the above * Organize into packages 2021-12-25 02:16:58 +01:00			`expectedErrorString: http.StatusText(http.StatusInternalServerError),`
Tested auth endpoint 2021-12-10 22:35:47 +01:00
Switch to specifying errors to return for mocked store functions. 2022-06-19 22:40:16 +02:00			`storeErrors: TestStoreFunctionsErrors{SaveToken: fmt.Errorf("TestStore.SaveToken fail")},`
Tested auth endpoint 2021-12-10 22:35:47 +01:00			`},`
			`}`
			`for _, tc := range tt {`
			`t.Run(tc.name, func(t *testing.T) {`

			`// Set this up to fail according to specification`
Protocol changes * Regress from `lastSynced` to just `sequence` to start with something simpler * Simplified payload: separate metadata, assume canonical way to hmac it together * No more "wallet state" except as a simple wrapper on the front end * Version number in wallet payloads 2022-06-09 23:04:49 +02:00			`testAuth := TestAuth{TestToken: auth.TokenString("seekrit")}`
Switch to specifying errors to return for mocked store functions. 2022-06-19 22:40:16 +02:00			`testStore := TestStore{Errors: tc.storeErrors}`
			`if tc.authFailGenToken { // TODO - TestAuth{Errors:authErrors}`
Tested auth endpoint 2021-12-10 22:35:47 +01:00			`testAuth.FailGenToken = true`
			`}`
Protocol changes * Regress from `lastSynced` to just `sequence` to start with something simpler * Simplified payload: separate metadata, assume canonical way to hmac it together * No more "wallet state" except as a simple wrapper on the front end * Version number in wallet payloads 2022-06-09 23:04:49 +02:00			`server := Server{&testAuth, &testStore}`
Tested auth endpoint 2021-12-10 22:35:47 +01:00
			`// Make request`
Switch to specifying errors to return for mocked store functions. 2022-06-19 22:40:16 +02:00			`// So long as the JSON is well-formed, the content doesn't matter here since the password check will be stubbed out`
Test getPostData, factor stuff out of auth test 2022-06-19 21:56:10 +02:00			requestBody := `{"deviceId": "dev-1", "email": "abc@example.com", "password": "123"}`
			`req := httptest.NewRequest(http.MethodPost, PathAuthToken, bytes.NewBuffer([]byte(requestBody)))`
Tested auth endpoint 2021-12-10 22:35:47 +01:00			`w := httptest.NewRecorder()`

"Full" in Auth endpoint name is no longer useful 2022-06-08 00:24:01 +02:00			`server.getAuthToken(w, req)`
Tested auth endpoint 2021-12-10 22:35:47 +01:00
Found a decent chunk of repeated code in http handler tests 2022-06-19 22:57:37 +02:00			`expectErrorResponse(t, w, tc.expectedStatusCode, tc.expectedErrorString)`
Tested auth endpoint 2021-12-10 22:35:47 +01:00			`})`
			`}`
			`}`

"Full" in Auth endpoint name is no longer useful 2022-06-08 00:24:01 +02:00			`func TestServerValidateAuthRequest(t *testing.T) {`
AuthRequest validate test 2022-06-08 02:08:41 +02:00			`authRequest := AuthRequest{DeviceId: "dId", Email: "joe@example.com", Password: "aoeu"}`
			`if !authRequest.validate() {`
			`t.Fatalf("Expected valid AuthRequest to successfully validate")`
			`}`

			`authRequest = AuthRequest{Email: "joe@example.com", Password: "aoeu"}`
			`if authRequest.validate() {`
			`t.Fatalf("Expected AuthRequest with missing device to not successfully validate")`
			`}`

			`authRequest = AuthRequest{DeviceId: "dId", Email: "joe-example.com", Password: "aoeu"}`
			`if authRequest.validate() {`
			`t.Fatalf("Expected AuthRequest with invalid email to not successfully validate")`
			`}`

			`// Note that Golang's email address parser, which I use, will accept`
			`// "Joe <joe@example.com>" so we need to make sure to avoid accepting it. See`
			`// the implementation.`
			`authRequest = AuthRequest{DeviceId: "dId", Email: "Joe <joe@example.com>", Password: "aoeu"}`
			`if authRequest.validate() {`
			`t.Fatalf("Expected AuthRequest with email with unexpected formatting to not successfully validate")`
			`}`

Test missing email explicitly 2022-06-17 22:15:27 +02:00			`authRequest = AuthRequest{DeviceId: "dId", Password: "aoeu"}`
			`if authRequest.validate() {`
			`t.Fatalf("Expected AuthRequest with missing email to not successfully validate")`
			`}`

AuthRequest validate test 2022-06-08 02:08:41 +02:00			`authRequest = AuthRequest{DeviceId: "dId", Email: "joe@example.com"}`
			`if authRequest.validate() {`
			`t.Fatalf("Expected AuthRequest with missing password to not successfully validate")`
			`}`
Implement NewFullToken for Auth. Add a couple test stubs for this and wallet. 2021-12-24 04:29:02 +01:00			`}`