Reject empty fields for insert token

2022-06-28 18:43:43 -04:00 · 2022-06-28 18:43:43 -04:00 · fac36a7931
commit fac36a7931
parent bb9b2b845e
2 changed files with 60 additions and 2 deletions
--- a/store/store.go
+++ b/store/store.go
@ -77,6 +77,19 @@ func (s *Store) Migrate() error {
 			device_id TEXT NOT NULL,
 			scope TEXT NOT NULL,
 			expiration DATETIME NOT NULL,
+			CHECK (
+			  -- should eventually fail for foreign key constraint instead
+			  user_id <> 0 AND
+
+			  token <> '' AND
+			  device_id <> '' AND
+			  scope <> '' AND
+
+			  -- Don't know when it uses either format to denote UTC
+			  expiration <> "0001-01-01 00:00:00+00:00" AND
+			  expiration <> "0001-01-01 00:00:00Z"
+
+			),
 			PRIMARY KEY (user_id, device_id)
 		);
 		CREATE TABLE IF NOT EXISTS wallets(
--- a/store/token_test.go
+++ b/store/token_test.go
@ -1,11 +1,14 @@
 package store

 import (
+	"errors"
 	"reflect"
 	"strings"
 	"testing"
 	"time"

+	"github.com/mattn/go-sqlite3"
+
 	"orblivion/lbry-id/auth"
 )

@ -339,8 +342,50 @@ func TestStoreTokenUTC(t *testing.T) {
 	}
 }

-// TODO - Tests each db method. Check for missing "NOT NULL" fields. Do the loop thing, and always just check for null error.
 func TestStoreTokenEmptyFields(t *testing.T) {
 	// Make sure expiration doesn't get set if sanitization fails
-	t.Fatalf("Test me")
+	tt := []struct {
+		name       string
+		authToken  auth.AuthToken
+		expiration time.Time
+	}{
+		{
+			name:       "missing token",
+			authToken:  auth.AuthToken{Token: "", DeviceId: "dId", Scope: "*", UserId: 123},
+			expiration: time.Now().Add(time.Hour * 24 * 14).UTC(),
+		}, {
+			name:       "missing device id",
+			authToken:  auth.AuthToken{Token: "seekrit-1", DeviceId: "", Scope: "*", UserId: 123},
+			expiration: time.Now().Add(time.Hour * 24 * 14).UTC(),
+		}, {
+			name:       "missing scope",
+			authToken:  auth.AuthToken{Token: "seekrit-1", DeviceId: "dId", Scope: "", UserId: 123},
+			expiration: time.Now().Add(time.Hour * 24 * 14).UTC(),
+		}, {
+			name:       "missing user id",
+			authToken:  auth.AuthToken{Token: "seekrit-1", DeviceId: "dId", Scope: "*", UserId: 0},
+			expiration: time.Now().Add(time.Hour * 24 * 14).UTC(),
+		}, {
+			name:       "missing expiration",
+			authToken:  auth.AuthToken{Token: "seekrit-1", DeviceId: "dId", Scope: "*", UserId: 123},
+			expiration: time.Time{},
+		},
+	}
+
+	for _, tc := range tt {
+		t.Run(tc.name, func(t *testing.T) {
+			s, sqliteTmpFile := StoreTestInit(t)
+			defer StoreTestCleanup(sqliteTmpFile)
+
+			var sqliteErr sqlite3.Error
+
+			err := s.insertToken(&tc.authToken, tc.expiration)
+			if errors.As(err, &sqliteErr) {
+				if errors.Is(sqliteErr.ExtendedCode, sqlite3.ErrConstraintCheck) {
+					return // We got the error we expected
+				}
+			}
+			t.Errorf("Expected check constraint error for empty field. Got %+v", err)
+		})
+	}
 }