From 4c820a144be831037056e2b4aac2ee598f7fae4c Mon Sep 17 00:00:00 2001 From: "joel@joellee.org" Date: Mon, 4 Sep 2023 12:56:34 +0400 Subject: [PATCH] chore: add initial test --- internal/api/verify_test.go | 63 +++++++++++++++++++++++++++++++++++-- 1 file changed, 60 insertions(+), 3 deletions(-) diff --git a/internal/api/verify_test.go b/internal/api/verify_test.go index af1fcfd1d..941f3d894 100644 --- a/internal/api/verify_test.go +++ b/internal/api/verify_test.go @@ -622,7 +622,6 @@ func (ts *VerifyTestSuite) TestVerifySignupWithredirectURLContainedPath() { } func (ts *VerifyTestSuite) TestVerifyPKCEOTP() { - u, err := models.FindUserByEmailAndAudience(ts.API.db, "test@example.com", ts.Config.JWT.Aud) require.NoError(ts.T(), err) u.ConfirmationToken = "pkce_confirmation_token" @@ -769,8 +768,8 @@ func (ts *VerifyTestSuite) TestVerifyValidOtp() { u, err := models.FindUserByEmailAndAudience(ts.API.db, "test@example.com", ts.Config.JWT.Aud) require.NoError(ts.T(), err) u.EmailChange = "new@example.com" - u.Phone = "12345678" - u.PhoneChange = "1234567890" + u.Phone = "12345677" + u.PhoneChange = "1234567888" require.NoError(ts.T(), ts.API.db.Update(u)) type expected struct { @@ -935,6 +934,64 @@ func (ts *VerifyTestSuite) TestVerifyValidOtp() { } } +func (ts *VerifyTestSuite) TestSecureEmailChangeWithTokenHash() { + ts.Config.Mailer.SecureEmailChangeEnabled = true + u, err := models.FindUserByEmailAndAudience(ts.API.db, "test@example.com", ts.Config.JWT.Aud) + require.NoError(ts.T(), err) + u.EmailChange = "new@example.com" + u.Phone = "12345677" + u.PhoneChange = "1234567888" + require.NoError(ts.T(), ts.API.db.Update(u)) + + cases := []struct { + desc string + emailChangeTokenNew string + emailChangeTokenCurrent string + shouldBeSuccessful bool + }{ + { + desc: "Secure Email Change with Token Hash. Calling Token hash with the two respective token hashes should return token", + emailChangeTokenNew: "TODO: to fill", + emailChangeTokenCurrent: "TODO: to fill", + shouldBeSuccessful: true, + }, + { + desc: "Secure Email Change with Token Hash. Using the same token hash twice should fail.", + emailChangeTokenNew: "TODO: to fill", + emailChangeTokenCurrent: "TODO: same as firstTokenHash", + shouldBeSuccessful: false, + }, + } + for _, c := range cases { + ts.Run(c.desc, func() { + // Set the corresponding email change tokens + u.EmailChangeSentAt = &c.sentTime + u.EmailChangeTokenNew = c.tokenHash + require.NoError(ts.T(), ts.API.db.Update(u)) + + var buffer bytes.Buffer + require.NoError(ts.T(), json.NewEncoder(&buffer).Encode(c.body)) + + // Setup request + req := httptest.NewRequest(http.MethodPost, "http://localhost/verify", &buffer) + req.Header.Set("Content-Type", "application/json") + + // Setup response recorder + w := httptest.NewRecorder() + ts.API.handler.ServeHTTP(w, req) + assert.Equal(ts.T(), c.expected.code, w.Code) + // Check that response is adequate + // + + // Make another request here + // if it shouldBeSuccessful, check that it returns a token. + // Else make sure that it properly returns an error. + }) + + } + +} + func (ts *VerifyTestSuite) TestPrepRedirectURL() { escapedMessage := url.QueryEscape(singleConfirmationAccepted) cases := []struct {