mirror of
https://github.com/philomena-dev/philomena.git
synced 2024-12-05 00:57:59 +01:00
193 lines
7.1 KiB
Elixir
193 lines
7.1 KiB
Elixir
defmodule PhilomenaWeb.UserAuthTest do
|
|
use PhilomenaWeb.ConnCase, async: true
|
|
|
|
alias Philomena.Users
|
|
alias PhilomenaWeb.UserAuth
|
|
import Philomena.UsersFixtures
|
|
|
|
setup %{conn: conn} do
|
|
conn =
|
|
conn
|
|
|> Map.replace!(:secret_key_base, PhilomenaWeb.Endpoint.config(:secret_key_base))
|
|
|> init_test_session(%{})
|
|
|
|
%{user: user_fixture(), conn: conn}
|
|
end
|
|
|
|
describe "log_in_user/3" do
|
|
test "stores the user token in the session", %{conn: conn, user: user} do
|
|
conn = UserAuth.log_in_user(conn, user)
|
|
assert token = get_session(conn, :user_token)
|
|
assert get_session(conn, :live_socket_id) == "users_sessions:#{Base.url_encode64(token)}"
|
|
assert redirected_to(conn) == "/"
|
|
assert Users.get_user_by_session_token(token)
|
|
end
|
|
|
|
test "clears everything previously stored in the session", %{conn: conn, user: user} do
|
|
conn = conn |> put_session(:to_be_removed, "value") |> UserAuth.log_in_user(user)
|
|
refute get_session(conn, :to_be_removed)
|
|
end
|
|
|
|
test "redirects to the configured path", %{conn: conn, user: user} do
|
|
conn = conn |> put_session(:user_return_to, "/hello") |> UserAuth.log_in_user(user)
|
|
assert redirected_to(conn) == "/hello"
|
|
end
|
|
|
|
test "writes a cookie if remember_me is configured", %{conn: conn, user: user} do
|
|
conn = conn |> fetch_cookies() |> UserAuth.log_in_user(user, %{"remember_me" => "true"})
|
|
assert get_session(conn, :user_token) == conn.cookies["user_remember_me"]
|
|
|
|
assert %{value: signed_token, max_age: max_age} = conn.resp_cookies["user_remember_me"]
|
|
assert signed_token != get_session(conn, :user_token)
|
|
assert max_age == 31_536_000
|
|
end
|
|
end
|
|
|
|
describe "totp_auth_user/3" do
|
|
test "stores the user token in the session", %{conn: conn, user: user} do
|
|
conn = UserAuth.totp_auth_user(conn, user)
|
|
assert token = get_session(conn, :totp_token)
|
|
assert redirected_to(conn) == "/"
|
|
assert Users.user_totp_token_valid?(user, token)
|
|
end
|
|
|
|
test "redirects to the configured path", %{conn: conn, user: user} do
|
|
conn = conn |> put_session(:user_return_to, "/hello") |> UserAuth.totp_auth_user(user)
|
|
assert redirected_to(conn) == "/hello"
|
|
end
|
|
|
|
test "writes a cookie if remember_me is configured", %{conn: conn, user: user} do
|
|
conn = conn |> fetch_cookies() |> UserAuth.totp_auth_user(user, %{"remember_me" => "true"})
|
|
assert get_session(conn, :totp_token) == conn.cookies["user_totp_auth"]
|
|
|
|
assert %{value: signed_token, max_age: max_age} = conn.resp_cookies["user_totp_auth"]
|
|
assert signed_token != get_session(conn, :totp_token)
|
|
assert max_age == 31_536_000
|
|
end
|
|
end
|
|
|
|
describe "logout_user/1" do
|
|
test "erases session and cookies", %{conn: conn, user: user} do
|
|
user_token = Users.generate_user_session_token(user)
|
|
totp_token = Users.generate_user_totp_token(user)
|
|
|
|
conn =
|
|
conn
|
|
|> put_session(:user_token, user_token)
|
|
|> put_session(:totp_token, totp_token)
|
|
|> put_req_cookie("user_remember_me", user_token)
|
|
|> put_req_cookie("user_totp_auth", totp_token)
|
|
|> fetch_cookies()
|
|
|> UserAuth.log_out_user()
|
|
|
|
refute get_session(conn, :user_token)
|
|
refute get_session(conn, :totp_token)
|
|
refute conn.cookies["user_remember_me"]
|
|
refute conn.cookies["user_totp_auth"]
|
|
assert %{max_age: 0} = conn.resp_cookies["user_remember_me"]
|
|
assert %{max_age: 0} = conn.resp_cookies["user_totp_auth"]
|
|
assert redirected_to(conn) == "/"
|
|
refute Users.get_user_by_session_token(user_token)
|
|
refute Users.user_totp_token_valid?(user, totp_token)
|
|
end
|
|
|
|
test "broadcasts to the given live_socket_id", %{conn: conn} do
|
|
live_socket_id = "users_sessions:abcdef-token"
|
|
PhilomenaWeb.Endpoint.subscribe(live_socket_id)
|
|
|
|
conn
|
|
|> put_session(:live_socket_id, live_socket_id)
|
|
|> UserAuth.log_out_user()
|
|
|
|
assert_receive %Phoenix.Socket.Broadcast{
|
|
event: "disconnect",
|
|
topic: "users_sessions:abcdef-token"
|
|
}
|
|
end
|
|
|
|
test "works even if user is already logged out", %{conn: conn} do
|
|
conn = conn |> fetch_cookies() |> UserAuth.log_out_user()
|
|
refute get_session(conn, :user_token)
|
|
assert %{max_age: 0} = conn.resp_cookies["user_remember_me"]
|
|
assert redirected_to(conn) == "/"
|
|
end
|
|
end
|
|
|
|
describe "fetch_current_user/2" do
|
|
test "authenticates user from session", %{conn: conn, user: user} do
|
|
user_token = Users.generate_user_session_token(user)
|
|
conn = conn |> put_session(:user_token, user_token) |> UserAuth.fetch_current_user([])
|
|
assert conn.assigns.current_user.id == user.id
|
|
end
|
|
|
|
test "authenticates user from cookies", %{conn: conn, user: user} do
|
|
logged_in_conn =
|
|
conn |> fetch_cookies() |> UserAuth.log_in_user(user, %{"remember_me" => "true"})
|
|
|
|
user_token = logged_in_conn.cookies["user_remember_me"]
|
|
%{value: signed_token} = logged_in_conn.resp_cookies["user_remember_me"]
|
|
|
|
conn =
|
|
conn
|
|
|> put_req_cookie("user_remember_me", signed_token)
|
|
|> UserAuth.fetch_current_user([])
|
|
|
|
assert get_session(conn, :user_token) == user_token
|
|
assert conn.assigns.current_user.id == user.id
|
|
end
|
|
|
|
test "does not authenticate if data is missing", %{conn: conn, user: user} do
|
|
_ = Users.generate_user_session_token(user)
|
|
conn = UserAuth.fetch_current_user(conn, [])
|
|
refute get_session(conn, :user_token)
|
|
refute conn.assigns.current_user
|
|
end
|
|
end
|
|
|
|
describe "redirect_if_user_is_authenticated/2" do
|
|
test "redirects if user is authenticated", %{conn: conn, user: user} do
|
|
conn = conn |> assign(:current_user, user) |> UserAuth.redirect_if_user_is_authenticated([])
|
|
assert conn.halted
|
|
assert redirected_to(conn) == "/"
|
|
end
|
|
|
|
test "does not redirect if user is not authenticated", %{conn: conn} do
|
|
conn = UserAuth.redirect_if_user_is_authenticated(conn, [])
|
|
refute conn.halted
|
|
refute conn.status
|
|
end
|
|
end
|
|
|
|
describe "require_authenticated_user/2" do
|
|
test "redirects if user is not authenticated", %{conn: conn} do
|
|
conn = conn |> fetch_flash() |> UserAuth.require_authenticated_user([])
|
|
assert conn.halted
|
|
assert redirected_to(conn) == Routes.session_path(conn, :new)
|
|
assert get_flash(conn, :error) == "You must log in to access this page."
|
|
end
|
|
|
|
test "stores the path to redirect to on GET", %{conn: conn} do
|
|
halted_conn =
|
|
%{conn | request_path: "/foo?bar"}
|
|
|> fetch_flash()
|
|
|> UserAuth.require_authenticated_user([])
|
|
|
|
assert halted_conn.halted
|
|
assert get_session(halted_conn, :user_return_to) == "/foo?bar"
|
|
|
|
halted_conn =
|
|
%{conn | request_path: "/foo?bar", method: "POST"}
|
|
|> fetch_flash()
|
|
|> UserAuth.require_authenticated_user([])
|
|
|
|
assert halted_conn.halted
|
|
refute get_session(halted_conn, :user_return_to)
|
|
end
|
|
|
|
test "does not redirect if user is authenticated", %{conn: conn, user: user} do
|
|
conn = conn |> assign(:current_user, user) |> UserAuth.require_authenticated_user([])
|
|
refute conn.halted
|
|
refute conn.status
|
|
end
|
|
end
|
|
end
|