package server import ( "bytes" "encoding/json" "fmt" "io/ioutil" "net/http" "net/http/httptest" "testing" "orblivion/lbry-id/auth" "orblivion/lbry-id/store" "orblivion/lbry-id/wallet" ) func TestServerGetWallet(t *testing.T) { tt := []struct { name string tokenString auth.TokenString expectedStatusCode int expectedErrorString string storeErrors TestStoreFunctionsErrors }{ { name: "success", tokenString: auth.TokenString("seekrit"), expectedStatusCode: http.StatusOK, }, { name: "validation error", // missing auth token tokenString: auth.TokenString(""), expectedStatusCode: http.StatusBadRequest, expectedErrorString: http.StatusText(http.StatusBadRequest) + ": Missing token parameter", // Just check one validation error (missing auth token) to make sure the // validate function is called. We'll check the rest of the validation // errors in the other test below. }, { name: "auth error", tokenString: auth.TokenString("seekrit"), expectedStatusCode: http.StatusUnauthorized, expectedErrorString: http.StatusText(http.StatusUnauthorized) + ": Token Not Found", storeErrors: TestStoreFunctionsErrors{GetToken: store.ErrNoToken}, }, { name: "db error getting wallet", tokenString: auth.TokenString("seekrit"), expectedStatusCode: http.StatusInternalServerError, expectedErrorString: http.StatusText(http.StatusInternalServerError), storeErrors: TestStoreFunctionsErrors{GetWallet: fmt.Errorf("Some random DB Error!")}, }, } for _, tc := range tt { t.Run(tc.name, func(t *testing.T) { testAuth := TestAuth{} testStore := TestStore{ TestAuthToken: auth.AuthToken{ Token: auth.TokenString(tc.tokenString), Scope: auth.ScopeFull, }, TestEncryptedWallet: wallet.EncryptedWallet("my-encrypted-wallet"), TestSequence: wallet.Sequence(2), TestHmac: wallet.WalletHmac("my-hmac"), Errors: tc.storeErrors, } s := Server{&testAuth, &testStore} req := httptest.NewRequest(http.MethodGet, PathWallet, nil) q := req.URL.Query() q.Add("token", string(testStore.TestAuthToken.Token)) req.URL.RawQuery = q.Encode() w := httptest.NewRecorder() // test handleWallet while we're at it, which is a dispatch for get and post // wallet s.handleWallet(w, req) // Make sure we tried to get an auth based on the `token` param (whether or // not it was a valid `token`) // NOTE: For tests that set testStore.TestAuthToken.Token=="", this will // pass even if GetToken isn't called. But we don't care, we expect the // request to fail for other reasons at that point. if want, got := testStore.TestAuthToken.Token, testStore.Called.GetToken; want != got { t.Errorf("testStore.Called.GetToken called with: expected %s, got %s", want, got) } body, _ := ioutil.ReadAll(w.Body) expectStatusCode(t, w, tc.expectedStatusCode) expectErrorString(t, body, tc.expectedErrorString) // In this case, a wallet body is expected iff there is no error string expectWalletBody := len(tc.expectedErrorString) == 0 if !expectWalletBody { return // The rest of the test does not apply } var result WalletResponse err := json.Unmarshal(body, &result) if err != nil || result.EncryptedWallet != testStore.TestEncryptedWallet || result.Hmac != testStore.TestHmac || result.Sequence != testStore.TestSequence { t.Errorf("Expected wallet response to have the test wallet values: result: %+v err: %+v", string(body), err) } if !testStore.Called.GetWallet { t.Errorf("Expected Store.GetWallet to be called") } }) } } func TestServerPostWallet(t *testing.T) { tt := []struct { name string expectedStatusCode int expectedErrorString string expectSetWalletCall bool // This is getting messy, but in the case of validation failures, we don't // even get around to trying to get an auth token, since the token string is // part of what's being validated. So, we want to be able to skip that // check in that case. skipAuthCheck bool // `new...` refers to what is being passed into the via POST request (and // what gets passed into SetWallet for the *non-error* cases below) newEncryptedWallet wallet.EncryptedWallet newSequence wallet.Sequence newHmac wallet.WalletHmac storeErrors TestStoreFunctionsErrors }{ { name: "success", expectedStatusCode: http.StatusOK, expectSetWalletCall: true, // Simulates a situation where the existing sequence is 1, the new // sequence is 2. newEncryptedWallet: wallet.EncryptedWallet("my-encrypted-wallet"), newSequence: wallet.Sequence(2), newHmac: wallet.WalletHmac("my-hmac"), }, { name: "conflict", expectedStatusCode: http.StatusConflict, expectedErrorString: http.StatusText(http.StatusConflict) + ": Bad sequence number", expectSetWalletCall: true, // Simulates a situation where the existing sequence is *not* 1, the new // proposed sequence is 2, and it thus fails with a conflict. newEncryptedWallet: wallet.EncryptedWallet("my-encrypted-wallet-new"), newSequence: wallet.Sequence(2), newHmac: wallet.WalletHmac("my-hmac-new"), storeErrors: TestStoreFunctionsErrors{SetWallet: store.ErrWrongSequence}, }, { name: "validation error", expectedStatusCode: http.StatusBadRequest, expectedErrorString: http.StatusText(http.StatusBadRequest) + ": Request failed validation", skipAuthCheck: true, // we can't get an auth token without the data we just failed to validate // Just check one validation error (empty encrypted wallet) to make sure the // validate function is called. We'll check the rest of the validation // errors in the other test below. newEncryptedWallet: wallet.EncryptedWallet(""), newSequence: wallet.Sequence(2), newHmac: wallet.WalletHmac("my-hmac"), }, { name: "auth error", expectedStatusCode: http.StatusUnauthorized, expectedErrorString: http.StatusText(http.StatusUnauthorized) + ": Token Not Found", // Putting in valid data here so it's clear that this isn't what causes // the error newEncryptedWallet: wallet.EncryptedWallet("my-encrypted-wallet"), newSequence: wallet.Sequence(2), newHmac: wallet.WalletHmac("my-hmac"), // What causes the error storeErrors: TestStoreFunctionsErrors{GetToken: store.ErrNoToken}, }, { name: "db error setting wallet", expectedStatusCode: http.StatusInternalServerError, expectedErrorString: http.StatusText(http.StatusInternalServerError), expectSetWalletCall: true, // Putting in valid data here so it's clear that this isn't what causes // the error newEncryptedWallet: wallet.EncryptedWallet("my-encrypted-wallet"), newSequence: wallet.Sequence(2), newHmac: wallet.WalletHmac("my-hmac"), // What causes the error storeErrors: TestStoreFunctionsErrors{SetWallet: fmt.Errorf("Some random db problem")}, }, // TODO // Future test case when we get lastSynced back: Error if // lastSynced.device_id doesn't match authToken.device_id } for _, tc := range tt { t.Run(tc.name, func(t *testing.T) { testAuth := TestAuth{} testStore := TestStore{ TestAuthToken: auth.AuthToken{ Token: auth.TokenString("seekrit"), Scope: auth.ScopeFull, }, Errors: tc.storeErrors, } s := Server{&testAuth, &testStore} requestBody := []byte( fmt.Sprintf(`{ "token": "%s", "encryptedWallet": "%s", "sequence": %d, "hmac": "%s" }`, testStore.TestAuthToken.Token, tc.newEncryptedWallet, tc.newSequence, tc.newHmac), ) req := httptest.NewRequest(http.MethodPost, PathWallet, bytes.NewBuffer(requestBody)) w := httptest.NewRecorder() // test handleWallet while we're at it, which is a dispatch for get and post // wallet s.handleWallet(w, req) // Make sure we tried to get an auth based on the `token` param (whether or // not it was a valid `token`) if want, got := testStore.TestAuthToken.Token, testStore.Called.GetToken; !tc.skipAuthCheck && want != got { t.Errorf("testStore.Called.GetToken called with: expected %s, got %s", want, got) } body, _ := ioutil.ReadAll(w.Body) expectStatusCode(t, w, tc.expectedStatusCode) expectErrorString(t, body, tc.expectedErrorString) if tc.expectedErrorString == "" && string(body) != "{}" { t.Errorf("Expected post wallet response to be \"{}\": result: %+v", string(body)) } if want, got := (SetWalletCall{tc.newEncryptedWallet, tc.newSequence, tc.newHmac}), testStore.Called.SetWallet; tc.expectSetWalletCall && want != got { t.Errorf("Store.SetWallet called with: expected %+v, got %+v", want, got) } }) } } func TestServerValidateWalletRequest(t *testing.T) { walletRequest := WalletRequest{Token: "seekrit", EncryptedWallet: "my-encrypted-wallet", Hmac: "my-hmac", Sequence: 2} if !walletRequest.validate() { t.Fatalf("Expected valid WalletRequest to successfully validate") } tt := []struct { walletRequest WalletRequest failureDescription string }{ { WalletRequest{EncryptedWallet: "my-encrypted-wallet", Hmac: "my-hmac", Sequence: 2}, "Expected WalletRequest with missing token to not successfully validate", }, { WalletRequest{Token: "seekrit", Hmac: "my-hmac", Sequence: 2}, "Expected WalletRequest with missing encrypted wallet to not successfully validate", }, { WalletRequest{Token: "seekrit", EncryptedWallet: "my-encrypted-wallet", Sequence: 2}, "Expected WalletRequest with missing hmac to not successfully validate", }, { WalletRequest{Token: "seekrit", EncryptedWallet: "my-encrypted-wallet", Hmac: "my-hmac", Sequence: 0}, "Expected WalletRequest with sequence < 1 to not successfully validate", }, } for _, tc := range tt { if tc.walletRequest.validate() { t.Errorf(tc.failureDescription) } } }