authorizer/server/test/session_test.go

package test

import (
	"fmt"
	"strings"
	"testing"

	"github.com/authorizerdev/authorizer/server/constants"
	"github.com/authorizerdev/authorizer/server/db"
	"github.com/authorizerdev/authorizer/server/graph/model"
	"github.com/authorizerdev/authorizer/server/memorystore"
	"github.com/authorizerdev/authorizer/server/resolvers"
	"github.com/authorizerdev/authorizer/server/token"
	"github.com/stretchr/testify/assert"
)

func sessionTests(t *testing.T, s TestSetup) {
	t.Helper()
	t.Run(`should allow access to profile with session only`, func(t *testing.T) {
		req, ctx := createContext(s)
		email := "session." + s.TestInfo.Email

		resolvers.SignupResolver(ctx, model.SignUpInput{
			Email:           email,
			Password:        s.TestInfo.Password,
			ConfirmPassword: s.TestInfo.Password,
		})

		_, err := resolvers.SessionResolver(ctx, &model.SessionQueryInput{})
		assert.NotNil(t, err, "unauthorized")

		verificationRequest, err := db.Provider.GetVerificationRequestByEmail(ctx, email, constants.VerificationTypeBasicAuthSignup)
		verifyRes, err := resolvers.VerifyEmailResolver(ctx, model.VerifyEmailInput{
			Token: verificationRequest.Token,
		})

		accessToken := *verifyRes.AccessToken
		assert.NotEmpty(t, accessToken)

		claims, err := token.ParseJWTToken(accessToken)
		assert.NoError(t, err)
		assert.NotEmpty(t, claims)

		sessionKey := constants.AuthRecipeMethodBasicAuth + ":" + verifyRes.User.ID
		sessionToken, err := memorystore.Provider.GetUserSession(sessionKey, constants.TokenTypeSessionToken+"_"+claims["nonce"].(string))
		assert.NoError(t, err)
		assert.NotEmpty(t, sessionToken)

		cookie := fmt.Sprintf("%s=%s;", constants.AppCookieName+"_session", sessionToken)
		cookie = strings.TrimSuffix(cookie, ";")

		req.Header.Set("Cookie", cookie)
		_, err = resolvers.SessionResolver(ctx, &model.SessionQueryInput{})
		assert.Nil(t, err)

		cleanData(email)
	})
}
feat: add tests for all resolvers 2021-12-24 00:57:39 +00:00			`package test`

			`import (`
Add _admin_signup mutation 2022-01-09 12:05:37 +00:00			`"fmt"`
fix: auth flow 2022-03-02 12:12:31 +00:00			`"strings"`
feat: add tests for all resolvers 2021-12-24 00:57:39 +00:00			`"testing"`

Add _admin_signup mutation 2022-01-09 12:05:37 +00:00			`"github.com/authorizerdev/authorizer/server/constants"`
feat: add tests for all resolvers 2021-12-24 00:57:39 +00:00			`"github.com/authorizerdev/authorizer/server/db"`
			`"github.com/authorizerdev/authorizer/server/graph/model"`
fix: move sessionstore -> memstore 2022-05-27 17:50:38 +00:00			`"github.com/authorizerdev/authorizer/server/memorystore"`
feat: add tests for all resolvers 2021-12-24 00:57:39 +00:00			`"github.com/authorizerdev/authorizer/server/resolvers"`
fix: user session access 2022-06-11 18:57:21 +00:00			`"github.com/authorizerdev/authorizer/server/token"`
feat: add tests for all resolvers 2021-12-24 00:57:39 +00:00			`"github.com/stretchr/testify/assert"`
			`)`

Feat/dashboard (#105) 2022-01-17 06:02:13 +00:00			`func sessionTests(t *testing.T, s TestSetup) {`
			`t.Helper()`
feat: add tests for all resolvers 2021-12-24 00:57:39 +00:00			t.Run(`should allow access to profile with session only`, func(t *testing.T) {
			`req, ctx := createContext(s)`
			`email := "session." + s.TestInfo.Email`

Feat/dashboard (#105) 2022-01-17 06:02:13 +00:00			`resolvers.SignupResolver(ctx, model.SignUpInput{`
feat: add tests for all resolvers 2021-12-24 00:57:39 +00:00			`Email: email,`
			`Password: s.TestInfo.Password,`
			`ConfirmPassword: s.TestInfo.Password,`
			`})`

feat(server): add is_valid_jwt query 2022-01-23 19:02:06 +00:00			`_, err := resolvers.SessionResolver(ctx, &model.SessionQueryInput{})`
feat: add tests for all resolvers 2021-12-24 00:57:39 +00:00			`assert.NotNil(t, err, "unauthorized")`

feat: implement resolvers 2022-07-10 16:19:33 +00:00			`verificationRequest, err := db.Provider.GetVerificationRequestByEmail(ctx, email, constants.VerificationTypeBasicAuthSignup)`
Feat/dashboard (#105) 2022-01-17 06:02:13 +00:00			`verifyRes, err := resolvers.VerifyEmailResolver(ctx, model.VerifyEmailInput{`
feat: add tests for all resolvers 2021-12-24 00:57:39 +00:00			`Token: verificationRequest.Token,`
			`})`

fix: user session access 2022-06-11 18:57:21 +00:00			`accessToken := *verifyRes.AccessToken`
			`assert.NotEmpty(t, accessToken)`

			`claims, err := token.ParseJWTToken(accessToken)`
			`assert.NoError(t, err)`
			`assert.NotEmpty(t, claims)`

fix: add namespace to session token keys 2022-06-29 16:54:00 +00:00			`sessionKey := constants.AuthRecipeMethodBasicAuth + ":" + verifyRes.User.ID`
			`sessionToken, err := memorystore.Provider.GetUserSession(sessionKey, constants.TokenTypeSessionToken+"_"+claims["nonce"].(string))`
fix: session invalidation 2022-06-11 13:40:39 +00:00			`assert.NoError(t, err)`
fix: user session access 2022-06-11 18:57:21 +00:00			`assert.NotEmpty(t, sessionToken)`

			`cookie := fmt.Sprintf("%s=%s;", constants.AppCookieName+"_session", sessionToken)`
fix: auth flow 2022-03-02 12:12:31 +00:00			`cookie = strings.TrimSuffix(cookie, ";")`
Add _admin_signup mutation 2022-01-09 12:05:37 +00:00
Implement refresh token logic with fingerprint + rotation 2022-01-22 19:54:41 +00:00			`req.Header.Set("Cookie", cookie)`
feat(server): add is_valid_jwt query 2022-01-23 19:02:06 +00:00			`_, err = resolvers.SessionResolver(ctx, &model.SessionQueryInput{})`
feat: add tests for all resolvers 2021-12-24 00:57:39 +00:00			`assert.Nil(t, err)`

			`cleanData(email)`
			`})`
			`}`