209 lines
8.1 KiB
Go
209 lines
8.1 KiB
Go
package integration
|
|
|
|
import (
|
|
"fmt"
|
|
"net/http"
|
|
"net/http/httptest"
|
|
"net/url"
|
|
"strings"
|
|
"testing"
|
|
|
|
"goyco/internal/middleware"
|
|
"goyco/internal/testutils"
|
|
)
|
|
|
|
func TestIntegration_PageHandlerFormWorkflows(t *testing.T) {
|
|
ctx := setupPageHandlerTestContext(t)
|
|
router := ctx.Router
|
|
authService := ctx.AuthService
|
|
|
|
t.Run("Settings_Email_Update_Form", func(t *testing.T) {
|
|
middleware.StopAllRateLimiters()
|
|
ctx.Suite.EmailSender.Reset()
|
|
user := createAuthenticatedUser(t, authService, ctx.Suite.UserRepo, "settings_email_user", "settings_email@example.com")
|
|
|
|
getRequest := httptest.NewRequest("GET", "/settings", nil)
|
|
getRequest.AddCookie(&http.Cookie{Name: "auth_token", Value: user.Token})
|
|
getRecorder := httptest.NewRecorder()
|
|
router.ServeHTTP(getRecorder, getRequest)
|
|
|
|
csrfToken := getCSRFToken(t, router, "/settings", &http.Cookie{Name: "auth_token", Value: user.Token})
|
|
|
|
requestBody := url.Values{}
|
|
requestBody.Set("email", "newemail@example.com")
|
|
requestBody.Set("csrf_token", csrfToken)
|
|
|
|
request := httptest.NewRequest("POST", "/settings/email", strings.NewReader(requestBody.Encode()))
|
|
request.Header.Set("Content-Type", "application/x-www-form-urlencoded")
|
|
request.AddCookie(&http.Cookie{Name: "auth_token", Value: user.Token})
|
|
request.AddCookie(&http.Cookie{Name: "csrf_token", Value: csrfToken})
|
|
recorder := httptest.NewRecorder()
|
|
|
|
router.ServeHTTP(recorder, request)
|
|
|
|
assertStatusRange(t, recorder, http.StatusOK, http.StatusSeeOther)
|
|
})
|
|
|
|
t.Run("Settings_Username_Update_Form", func(t *testing.T) {
|
|
middleware.StopAllRateLimiters()
|
|
ctx.Suite.EmailSender.Reset()
|
|
user := createAuthenticatedUser(t, authService, ctx.Suite.UserRepo, "settings_username_user", "settings_username@example.com")
|
|
|
|
csrfToken := getCSRFToken(t, router, "/settings", &http.Cookie{Name: "auth_token", Value: user.Token})
|
|
|
|
requestBody := url.Values{}
|
|
requestBody.Set("username", "new_username")
|
|
requestBody.Set("csrf_token", csrfToken)
|
|
|
|
request := httptest.NewRequest("POST", "/settings/username", strings.NewReader(requestBody.Encode()))
|
|
request.Header.Set("Content-Type", "application/x-www-form-urlencoded")
|
|
request.AddCookie(&http.Cookie{Name: "auth_token", Value: user.Token})
|
|
request.AddCookie(&http.Cookie{Name: "csrf_token", Value: csrfToken})
|
|
recorder := httptest.NewRecorder()
|
|
|
|
router.ServeHTTP(recorder, request)
|
|
|
|
assertStatusRange(t, recorder, http.StatusOK, http.StatusSeeOther)
|
|
})
|
|
|
|
t.Run("Settings_Password_Update_Form", func(t *testing.T) {
|
|
middleware.StopAllRateLimiters()
|
|
freshCtx := setupPageHandlerTestContext(t)
|
|
freshCtx.Suite.EmailSender.Reset()
|
|
user := createAuthenticatedUser(t, freshCtx.AuthService, freshCtx.Suite.UserRepo, "settings_password_user", "settings_password@example.com")
|
|
|
|
csrfToken := getCSRFToken(t, freshCtx.Router, "/settings", &http.Cookie{Name: "auth_token", Value: user.Token})
|
|
|
|
requestBody := url.Values{}
|
|
requestBody.Set("current_password", "SecurePass123!")
|
|
requestBody.Set("new_password", "NewSecurePass123!")
|
|
requestBody.Set("csrf_token", csrfToken)
|
|
|
|
request := httptest.NewRequest("POST", "/settings/password", strings.NewReader(requestBody.Encode()))
|
|
request.Header.Set("Content-Type", "application/x-www-form-urlencoded")
|
|
request.AddCookie(&http.Cookie{Name: "auth_token", Value: user.Token})
|
|
request.AddCookie(&http.Cookie{Name: "csrf_token", Value: csrfToken})
|
|
recorder := httptest.NewRecorder()
|
|
|
|
freshCtx.Router.ServeHTTP(recorder, request)
|
|
|
|
assertStatusRange(t, recorder, http.StatusOK, http.StatusSeeOther)
|
|
})
|
|
|
|
t.Run("Logout_Page_Handler", func(t *testing.T) {
|
|
middleware.StopAllRateLimiters()
|
|
freshCtx := setupPageHandlerTestContext(t)
|
|
freshCtx.Suite.EmailSender.Reset()
|
|
user := createAuthenticatedUser(t, freshCtx.AuthService, freshCtx.Suite.UserRepo, "logout_page_user", "logout_page@example.com")
|
|
|
|
csrfToken := getCSRFToken(t, freshCtx.Router, "/settings", &http.Cookie{Name: "auth_token", Value: user.Token})
|
|
|
|
requestBody := url.Values{}
|
|
requestBody.Set("csrf_token", csrfToken)
|
|
|
|
request := httptest.NewRequest("POST", "/logout", strings.NewReader(requestBody.Encode()))
|
|
request.Header.Set("Content-Type", "application/x-www-form-urlencoded")
|
|
request.AddCookie(&http.Cookie{Name: "auth_token", Value: user.Token})
|
|
request.AddCookie(&http.Cookie{Name: "csrf_token", Value: csrfToken})
|
|
recorder := httptest.NewRecorder()
|
|
|
|
freshCtx.Router.ServeHTTP(recorder, request)
|
|
|
|
assertStatus(t, recorder, http.StatusSeeOther)
|
|
assertCookieCleared(t, recorder, "auth_token")
|
|
})
|
|
|
|
t.Run("Resend_Verification_Page_Handler", func(t *testing.T) {
|
|
middleware.StopAllRateLimiters()
|
|
freshCtx := setupPageHandlerTestContext(t)
|
|
freshCtx.Suite.EmailSender.Reset()
|
|
|
|
csrfToken := getCSRFToken(t, freshCtx.Router, "/resend-verification")
|
|
|
|
requestBody := url.Values{}
|
|
requestBody.Set("email", "resend_page@example.com")
|
|
requestBody.Set("csrf_token", csrfToken)
|
|
|
|
request := httptest.NewRequest("POST", "/resend-verification", strings.NewReader(requestBody.Encode()))
|
|
request.Header.Set("Content-Type", "application/x-www-form-urlencoded")
|
|
request.AddCookie(&http.Cookie{Name: "csrf_token", Value: csrfToken})
|
|
recorder := httptest.NewRecorder()
|
|
|
|
freshCtx.Router.ServeHTTP(recorder, request)
|
|
|
|
assertStatusRange(t, recorder, http.StatusOK, http.StatusSeeOther)
|
|
})
|
|
|
|
t.Run("Post_Vote_Page_Handler", func(t *testing.T) {
|
|
middleware.StopAllRateLimiters()
|
|
freshCtx := setupPageHandlerTestContext(t)
|
|
freshCtx.Suite.EmailSender.Reset()
|
|
user := createAuthenticatedUser(t, freshCtx.AuthService, freshCtx.Suite.UserRepo, "vote_page_user", "vote_page@example.com")
|
|
|
|
post := testutils.CreatePostWithRepo(t, freshCtx.Suite.PostRepo, user.User.ID, "Vote Page Test", "https://example.com/vote-page")
|
|
|
|
getRequest := httptest.NewRequest("GET", fmt.Sprintf("/posts/%d", post.ID), nil)
|
|
getRecorder := httptest.NewRecorder()
|
|
freshCtx.Router.ServeHTTP(getRecorder, getRequest)
|
|
|
|
csrfToken := getCSRFToken(t, freshCtx.Router, fmt.Sprintf("/posts/%d", post.ID))
|
|
|
|
requestBody := url.Values{}
|
|
requestBody.Set("action", "up")
|
|
requestBody.Set("csrf_token", csrfToken)
|
|
|
|
request := httptest.NewRequest("POST", fmt.Sprintf("/posts/%d/vote", post.ID), strings.NewReader(requestBody.Encode()))
|
|
request.Header.Set("Content-Type", "application/x-www-form-urlencoded")
|
|
request.AddCookie(&http.Cookie{Name: "auth_token", Value: user.Token})
|
|
request.AddCookie(&http.Cookie{Name: "csrf_token", Value: csrfToken})
|
|
request = testutils.WithURLParams(request, map[string]string{"id": fmt.Sprintf("%d", post.ID)})
|
|
recorder := httptest.NewRecorder()
|
|
|
|
freshCtx.Router.ServeHTTP(recorder, request)
|
|
|
|
assertStatusRange(t, recorder, http.StatusOK, http.StatusSeeOther)
|
|
})
|
|
|
|
t.Run("Login_Page_Handler_Workflow", func(t *testing.T) {
|
|
middleware.StopAllRateLimiters()
|
|
freshCtx := setupPageHandlerTestContext(t)
|
|
freshCtx.Suite.EmailSender.Reset()
|
|
createAuthenticatedUser(t, freshCtx.AuthService, freshCtx.Suite.UserRepo, "login_page_user", "login_page@example.com")
|
|
|
|
csrfToken := getCSRFToken(t, freshCtx.Router, "/login")
|
|
|
|
requestBody := url.Values{}
|
|
requestBody.Set("username", "login_page_user")
|
|
requestBody.Set("password", "SecurePass123!")
|
|
requestBody.Set("csrf_token", csrfToken)
|
|
|
|
request := httptest.NewRequest("POST", "/login", strings.NewReader(requestBody.Encode()))
|
|
request.Header.Set("Content-Type", "application/x-www-form-urlencoded")
|
|
request.AddCookie(&http.Cookie{Name: "csrf_token", Value: csrfToken})
|
|
recorder := httptest.NewRecorder()
|
|
|
|
freshCtx.Router.ServeHTTP(recorder, request)
|
|
|
|
assertStatus(t, recorder, http.StatusSeeOther)
|
|
assertCookie(t, recorder, "auth_token", "")
|
|
})
|
|
|
|
t.Run("Email_Confirmation_Page_Handler", func(t *testing.T) {
|
|
middleware.StopAllRateLimiters()
|
|
ctx.Suite.EmailSender.Reset()
|
|
createAuthenticatedUser(t, authService, ctx.Suite.UserRepo, "confirm_page_user", "confirm_page@example.com")
|
|
|
|
token := ctx.Suite.EmailSender.VerificationToken()
|
|
if token == "" {
|
|
token = "test-token"
|
|
}
|
|
|
|
request := httptest.NewRequest("GET", "/confirm?token="+url.QueryEscape(token), nil)
|
|
recorder := httptest.NewRecorder()
|
|
|
|
router.ServeHTTP(recorder, request)
|
|
|
|
assertStatusRange(t, recorder, http.StatusOK, http.StatusSeeOther)
|
|
})
|
|
}
|