Add tests for handlers and middleware
- drop migration 2022052601_drop_unused_decisions_colums because it was implicitly part of an earlier migration - add /health endpoint for database health check - add tests for the health check endpoint - add tests for middleware secureHeaders, logRequest and tryAuthenticate - add models.UserModel.CreateUser methodmain
parent
c3d0733e27
commit
335ce16547
@ -0,0 +1,92 @@
|
||||
/*
|
||||
Copyright 2022 CAcert Inc.
|
||||
SPDX-License-Identifier: Apache-2.0
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/
|
||||
|
||||
package main
|
||||
|
||||
import (
|
||||
"database/sql"
|
||||
"net/http"
|
||||
"net/http/httptest"
|
||||
"path"
|
||||
"testing"
|
||||
|
||||
"github.com/jmoiron/sqlx"
|
||||
"github.com/stretchr/testify/assert"
|
||||
"github.com/stretchr/testify/require"
|
||||
|
||||
"git.cacert.org/cacert-boardvoting/internal/models"
|
||||
)
|
||||
|
||||
func prepareTestDb(t *testing.T) *sqlx.DB {
|
||||
t.Helper()
|
||||
|
||||
testDir := t.TempDir()
|
||||
|
||||
db, err := sql.Open("sqlite3", path.Join(testDir, "test.sqlite"))
|
||||
require.NoError(t, err)
|
||||
|
||||
dbx := sqlx.NewDb(db, "sqlite3")
|
||||
|
||||
return dbx
|
||||
}
|
||||
|
||||
func TestApplication_healthCheck(t *testing.T) {
|
||||
t.Run("check with valid DB", func(t *testing.T) {
|
||||
rr := httptest.NewRecorder()
|
||||
|
||||
r, err := http.NewRequest(http.MethodGet, "/health", nil)
|
||||
require.NoError(t, err)
|
||||
|
||||
testDB := prepareTestDb(t)
|
||||
|
||||
app := &application{
|
||||
motions: &models.MotionModel{DB: testDB},
|
||||
}
|
||||
|
||||
app.healthCheck(rr, r)
|
||||
|
||||
rs := rr.Result()
|
||||
|
||||
assert.Equal(t, http.StatusOK, rs.StatusCode)
|
||||
})
|
||||
|
||||
t.Run("check with broken DB", func(t *testing.T) {
|
||||
rr := httptest.NewRecorder()
|
||||
|
||||
r, err := http.NewRequest(http.MethodGet, "/health", nil)
|
||||
require.NoError(t, err)
|
||||
|
||||
testDir := t.TempDir()
|
||||
|
||||
db, err := sql.Open("sqlite3", path.Join(testDir, "test.sqlite"))
|
||||
require.NoError(t, err)
|
||||
|
||||
testDB := sqlx.NewDb(db, "sqlite3")
|
||||
|
||||
_ = db.Close()
|
||||
|
||||
app := &application{
|
||||
motions: &models.MotionModel{DB: testDB},
|
||||
}
|
||||
|
||||
app.healthCheck(rr, r)
|
||||
|
||||
rs := rr.Result()
|
||||
|
||||
assert.Equal(t, http.StatusInternalServerError, rs.StatusCode)
|
||||
})
|
||||
}
|
@ -0,0 +1,169 @@
|
||||
/*
|
||||
Copyright 2022 CAcert Inc.
|
||||
SPDX-License-Identifier: Apache-2.0
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/
|
||||
|
||||
package main
|
||||
|
||||
import (
|
||||
"bytes"
|
||||
"context"
|
||||
"crypto/tls"
|
||||
"crypto/x509"
|
||||
"fmt"
|
||||
"log"
|
||||
"net/http"
|
||||
"net/http/httptest"
|
||||
"os"
|
||||
"testing"
|
||||
|
||||
"github.com/stretchr/testify/assert"
|
||||
"github.com/stretchr/testify/require"
|
||||
|
||||
"git.cacert.org/cacert-boardvoting/internal"
|
||||
"git.cacert.org/cacert-boardvoting/internal/models"
|
||||
)
|
||||
|
||||
func Test_secureHeaders(t *testing.T) {
|
||||
rr := httptest.NewRecorder()
|
||||
|
||||
r, err := http.NewRequest(http.MethodGet, "/", nil)
|
||||
require.NoError(t, err)
|
||||
|
||||
next := http.HandlerFunc(func(w http.ResponseWriter, _ *http.Request) {
|
||||
_, _ = w.Write([]byte("OK"))
|
||||
})
|
||||
|
||||
secureHeaders(next).ServeHTTP(rr, r)
|
||||
|
||||
rs := rr.Result()
|
||||
|
||||
assert.Equal(t, "default-src 'self'; font-src 'self' data:", rs.Header.Get("Content-Security-Policy"))
|
||||
assert.Equal(t, "origin-when-cross-origin", rs.Header.Get("Referrer-Policy"))
|
||||
assert.Equal(t, "nosniff", rs.Header.Get("X-Content-Type-Options"))
|
||||
assert.Equal(t, "deny", rs.Header.Get("X-Frame-Options"))
|
||||
assert.Equal(t, "0", rs.Header.Get("X-XSS-Protection"))
|
||||
assert.Equal(t, "max-age=63072000", rs.Header.Get("Strict-Transport-Security"))
|
||||
}
|
||||
|
||||
func TestApplication_logRequest(t *testing.T) {
|
||||
rr := httptest.NewRecorder()
|
||||
|
||||
r, err := http.NewRequest(http.MethodGet, "/", nil)
|
||||
require.NoError(t, err)
|
||||
|
||||
r.RemoteAddr = "arg"
|
||||
|
||||
next := http.HandlerFunc(func(w http.ResponseWriter, _ *http.Request) {
|
||||
_, _ = w.Write([]byte("OK"))
|
||||
})
|
||||
|
||||
buf := new(bytes.Buffer)
|
||||
app := &application{infoLog: log.New(buf, "", log.LstdFlags)}
|
||||
|
||||
app.logRequest(next).ServeHTTP(rr, r)
|
||||
|
||||
rs := rr.Result()
|
||||
assert.Equal(t, http.StatusOK, rs.StatusCode)
|
||||
|
||||
assert.Contains(t, buf.String(), fmt.Sprintf(
|
||||
"%s - %s %s %s",
|
||||
r.RemoteAddr,
|
||||
r.Proto,
|
||||
r.Method,
|
||||
r.URL.RequestURI(),
|
||||
))
|
||||
}
|
||||
|
||||
func TestApplication_tryAuthenticate(t *testing.T) {
|
||||
db := prepareTestDb(t)
|
||||
|
||||
err := internal.InitializeDb(db.DB, log.New(os.Stdout, "", log.LstdFlags))
|
||||
|
||||
require.NoError(t, err)
|
||||
|
||||
users := &models.UserModel{DB: db}
|
||||
|
||||
_, err = users.CreateUser(
|
||||
context.Background(),
|
||||
"Test User",
|
||||
"test@example.org",
|
||||
[]string{"test@example.org"},
|
||||
)
|
||||
|
||||
var nextCtx context.Context
|
||||
|
||||
next := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
||||
_, _ = w.Write([]byte("OK"))
|
||||
|
||||
nextCtx = r.Context()
|
||||
})
|
||||
|
||||
require.NoError(t, err)
|
||||
|
||||
app := application{
|
||||
users: &models.UserModel{DB: db},
|
||||
}
|
||||
|
||||
t.Run("without TLS", func(t *testing.T) {
|
||||
rr := httptest.NewRecorder()
|
||||
|
||||
r, err := http.NewRequest(http.MethodGet, "/", nil)
|
||||
require.NoError(t, err)
|
||||
|
||||
app.tryAuthenticate(next).ServeHTTP(rr, r)
|
||||
|
||||
rs := rr.Result()
|
||||
assert.Equal(t, http.StatusOK, rs.StatusCode)
|
||||
assert.Nil(t, nextCtx.Value(ctxUser))
|
||||
})
|
||||
|
||||
t.Run("with TLS no certificate", func(t *testing.T) {
|
||||
rr := httptest.NewRecorder()
|
||||
|
||||
r, err := http.NewRequest(http.MethodGet, "/", nil)
|
||||
require.NoError(t, err)
|
||||
|
||||
r.TLS = &tls.ConnectionState{PeerCertificates: []*x509.Certificate{}}
|
||||
|
||||
app.tryAuthenticate(next).ServeHTTP(rr, r)
|
||||
|
||||
rs := rr.Result()
|
||||
assert.Equal(t, http.StatusOK, rs.StatusCode)
|
||||
assert.Nil(t, nextCtx.Value(ctxUser))
|
||||
})
|
||||
|
||||
t.Run("with TLS matching user", func(t *testing.T) {
|
||||
rr := httptest.NewRecorder()
|
||||
|
||||
r, err := http.NewRequest(http.MethodGet, "/", nil)
|
||||
require.NoError(t, err)
|
||||
|
||||
r.TLS = &tls.ConnectionState{PeerCertificates: []*x509.Certificate{{EmailAddresses: []string{"test@example.org"}}}}
|
||||
|
||||
app.tryAuthenticate(next).ServeHTTP(rr, r)
|
||||
|
||||
rs := rr.Result()
|
||||
assert.Equal(t, http.StatusOK, rs.StatusCode)
|
||||
user := nextCtx.Value(ctxUser)
|
||||
|
||||
assert.NotNil(t, user)
|
||||
|
||||
userInstance, ok := user.(*models.User)
|
||||
assert.True(t, ok)
|
||||
|
||||
assert.Equal(t, userInstance.Name, "Test User")
|
||||
})
|
||||
}
|
@ -1,3 +0,0 @@
|
||||
-- drop unused columns majority and quorum from decisions table
|
||||
ALTER TABLE decisions ADD COLUMN quorum INTEGER;
|
||||
ALTER TABLE decisions ADD COLUMN majority INTEGER;
|
@ -1,3 +0,0 @@
|
||||
-- drop unused columns majority and quorum from decisions table
|
||||
ALTER TABLE decisions DROP COLUMN quorum;
|
||||
ALTER TABLE decisions DROP COLUMN majority;
|
Loading…
Reference in New Issue