Test validation errors for get/post wallet

This commit is contained in:
Daniel Krol 2022-06-21 18:25:22 -04:00
parent db1c55dff0
commit 408a4817dc
2 changed files with 51 additions and 15 deletions

View file

@ -45,7 +45,7 @@ func (s *Server) handleWallet(w http.ResponseWriter, req *http.Request) {
func getWalletParams(req *http.Request) (token auth.TokenString, err error) {
tokenSlice, hasTokenSlice := req.URL.Query()["token"]
if !hasTokenSlice {
if !hasTokenSlice || tokenSlice[0] == "" {
err = fmt.Errorf("Missing token parameter")
}

View file

@ -17,6 +17,7 @@ import (
func TestServerGetWallet(t *testing.T) {
tt := []struct {
name string
tokenString auth.TokenString
expectedStatusCode int
expectedErrorString string
@ -25,10 +26,18 @@ func TestServerGetWallet(t *testing.T) {
}{
{
name: "success",
tokenString: auth.TokenString("seekrit"),
expectedStatusCode: http.StatusOK,
},
{
name: "validation error", // mising auth token
tokenString: auth.TokenString(""),
expectedStatusCode: http.StatusBadRequest,
expectedErrorString: http.StatusText(http.StatusBadRequest) + ": Missing token parameter",
},
{
name: "auth error",
tokenString: auth.TokenString("seekrit"),
expectedStatusCode: http.StatusUnauthorized,
expectedErrorString: http.StatusText(http.StatusUnauthorized) + ": Token Not Found",
@ -37,6 +46,7 @@ func TestServerGetWallet(t *testing.T) {
},
{
name: "db error getting wallet",
tokenString: auth.TokenString("seekrit"),
expectedStatusCode: http.StatusInternalServerError,
expectedErrorString: http.StatusText(http.StatusInternalServerError),
@ -50,7 +60,7 @@ func TestServerGetWallet(t *testing.T) {
testAuth := TestAuth{}
testStore := TestStore{
TestAuthToken: auth.AuthToken{
Token: auth.TokenString("seekrit"),
Token: auth.TokenString(tc.tokenString),
Scope: auth.ScopeFull,
},
@ -75,6 +85,9 @@ func TestServerGetWallet(t *testing.T) {
// Make sure we tried to get an auth based on the `token` param (whether or
// not it was a valid `token`)
// NOTE: For tests that set testStore.TestAuthToken.Token=="", this will
// pass even if GetToken isn't called. But we don't care, we expect the
// request to fail for other reasons at that point.
if want, got := testStore.TestAuthToken.Token, testStore.Called.GetToken; want != got {
t.Errorf("testStore.Called.GetToken called with: expected %s, got %s", want, got)
}
@ -117,6 +130,12 @@ func TestServerPostWallet(t *testing.T) {
// body fields. So, this needs to be separate.
expectWalletBody bool
// This is getting messy, but in the case of validation failures, we don't
// even get around to trying to get an auth token, since the token string is
// part of what's being validated. So, we want to be able to skip that
// check in that case.
skipAuthCheck bool
// `new...` refers to what is being passed into the via POST request (and
// what gets passed into SetWallet for the *non-error* cases below)
// `returned...` refers to what the SetWallet function returns (and what
@ -205,6 +224,25 @@ func TestServerPostWallet(t *testing.T) {
storeErrors: TestStoreFunctionsErrors{SetWallet: store.ErrNoWallet},
},
{
name: "validation error",
expectedStatusCode: http.StatusBadRequest,
expectedErrorString: http.StatusText(http.StatusBadRequest) + ": Request failed validation",
skipAuthCheck: true, // we can't get an auth token without the data we just failed to validate
// Just check one validation error (empty encrypted wallet) to make sure the
// validate function is called. We'll check the rest of the validation
// errors in the other test below.
sequenceCorrect: true,
newEncryptedWallet: wallet.EncryptedWallet(""),
returnedEncryptedWallet: wallet.EncryptedWallet("my-encrypted-wallet"),
newSequence: wallet.Sequence(2),
returnedSequence: wallet.Sequence(2),
newHmac: wallet.WalletHmac("my-hmac"),
returnedHmac: wallet.WalletHmac("my-hmac"),
},
{
name: "auth error",
expectedStatusCode: http.StatusUnauthorized,
@ -241,6 +279,11 @@ func TestServerPostWallet(t *testing.T) {
// What causes the error
storeErrors: TestStoreFunctionsErrors{SetWallet: fmt.Errorf("Some random db problem")},
},
// TODO
// Future test case when we get lastSynced back: Error if
// lastSynced.device_id doesn't match authToken.device_id
}
for _, tc := range tt {
t.Run(tc.name, func(t *testing.T) {
@ -280,7 +323,7 @@ func TestServerPostWallet(t *testing.T) {
// Make sure we tried to get an auth based on the `token` param (whether or
// not it was a valid `token`)
if want, got := testStore.TestAuthToken.Token, testStore.Called.GetToken; want != got {
if want, got := testStore.TestAuthToken.Token, testStore.Called.GetToken; !tc.skipAuthCheck && want != got {
t.Errorf("testStore.Called.GetToken called with: expected %s, got %s", want, got)
}
@ -313,13 +356,6 @@ func TestServerPostWallet(t *testing.T) {
}
}
func TestServerPostWalletErrors(t *testing.T) {
// (malformed json, db fail, auth token not found, wallet metadata invalid (via stub, make sure the validation function is even called), sequence too high, device id doesn't match token device id)
// Client sends sequence != 1 for first entry
// Client sends sequence == x + 10 for xth entry or whatever
t.Fatalf("Test me: PostWallet fails for various reasons")
}
func TestServerValidateWalletRequest(t *testing.T) {
// also add a basic test case for this in TestServerAuthHandlerSuccess to make sure it's called at all
t.Fatalf("Test me: Implement and test WalletRequest.validate()")