feat: add initial tests for login endpoint

purefunctor · May 1, 2024 · 3deb3f8 · 3deb3f8
1 parent b2a2003
commit 3deb3f8
Show file tree

Hide file tree

Showing 3 changed files with 77 additions and 4 deletions.
diff --git a/test/backend/Backend_test.ml b/test/backend/Backend_test.ml
@@ -4,16 +4,19 @@ let () =
      to use colors if this isn't called, so it's better overall to keep
      it here. *)
   Dream.initialize_log ();
-  let cipher_secret = Dream.random 128 in
-  let server_random = Dream.random 16 in
 
-  Backend_lib.Cipher.set_cipher_secret cipher_secret;
-  Backend_lib.Cipher.set_server_random server_random;
+  Backend_lib.Cipher.set_cipher_secret Utils.cipher_secret;
+  Backend_lib.Cipher.set_server_random Utils.server_random;
   Backend_lib.Vite.enable_dev ();
 
   Lwt_main.run
   @@ Alcotest_lwt.run "Backend"
        [
+         ( "/api/login",
+           List.map
+             (fun f -> f "login")
+             Login_Api_test.
+               [ login_returns_client_salt; login_returns_server_salt ] );
          ( "/api/register",
            List.map
              (fun f -> f "register")

diff --git a/test/backend/Login_Api_test.ml b/test/backend/Login_Api_test.ml
@@ -0,0 +1,68 @@
+open Cohttp
+open Cohttp_lwt_unix
+open Types_native.Definitions_j
+open Utils
+open Vault_native
+
+let username = "purefunctor"
+let auth_token = String.make 128 'A'
+let client_random_raw = String.make 16 'P'
+let client_random = Base64.encode_string client_random_raw
+let client_salt = Salt.compute_digest @@ Bytes.of_string client_random_raw
+let server_salt = Salt.compute_digest @@ Bytes.of_string server_random
+
+let default_register () =
+  let%lwt cookie_headers = get_cookie_headers () in
+  let%lwt _, body =
+    let json =
+      string_of_register_user_payload { username; auth_token; client_random }
+    in
+    post_json cookie_headers json "http://localhost:8080/api/register"
+  in
+  Cohttp_lwt.Body.drain_body body
+
+let login_returns_client_salt prefix =
+  let inner () =
+    default_register ();%lwt
+
+    let%lwt cookie_headers = get_cookie_headers () in
+    let%lwt response, body =
+      let json = string_of_login_payload { username; auth_token = None } in
+      post_json cookie_headers json "http://localhost:8080/api/login"
+    in
+
+    let code = Response.status response |> Code.code_of_status in
+    let%lwt body = Cohttp_lwt.Body.to_string body in
+    let { salt } = login_salt_response_of_string body in
+
+    let _ =
+      Alcotest.(check int) "status code is 200" 200 code;
+      Alcotest.(check string) "salt is from client" client_salt salt
+    in
+
+    Lwt.return ()
+  in
+  make_test_case prefix "it returns client salt" inner
+
+let login_returns_server_salt prefix =
+  let inner () =
+    default_register ();%lwt
+
+    let%lwt cookie_headers = get_cookie_headers () in
+    let%lwt response, body =
+      let json = string_of_login_payload { username; auth_token = None } in
+      post_json cookie_headers json "http://localhost:8080/api/login"
+    in
+
+    let code = Response.status response |> Code.code_of_status in
+    let%lwt body = Cohttp_lwt.Body.to_string body in
+    let { salt } = login_salt_response_of_string body in
+
+    let _ =
+      Alcotest.(check int) "status code is 200" 200 code;
+      Alcotest.(check string) "salt is from server" client_salt salt
+    in
+
+    Lwt.return ()
+  in
+  make_test_case prefix "it returns server salt" inner
diff --git a/test/backend/Utils.ml b/test/backend/Utils.ml
@@ -1,6 +1,8 @@
 let options = Test_toolbox.Database.get_options_from_env ()
 let default_db_url = Test_toolbox.Database.make_url ~options ""
 let server_secret = "a_totally_legit_server_secret_you_should_use"
+let cipher_secret = String.make 128 'C'
+let server_random = String.make 16 'S'
 
 let perish action =
   Lwt.bind action (function