forked from torrust/torrust-tracker
-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathauthentication.rs
130 lines (94 loc) · 3.8 KB
/
authentication.rs
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
use torrust_axum_rest_tracker_api_server::environment::Started;
use torrust_rest_tracker_api_client::common::http::{Query, QueryParam};
use torrust_rest_tracker_api_client::v1::client::{headers_with_request_id, Client};
use torrust_tracker_test_helpers::logging::logs_contains_a_line_with;
use torrust_tracker_test_helpers::{configuration, logging};
use uuid::Uuid;
use crate::server::v1::asserts::{assert_token_not_valid, assert_unauthorized};
#[tokio::test]
async fn should_authenticate_requests_by_using_a_token_query_param() {
logging::setup();
let env = Started::new(&configuration::ephemeral().into()).await;
let token = env.get_connection_info().api_token.unwrap();
let response = Client::new(env.get_connection_info())
.unwrap()
.get_request_with_query("stats", Query::params([QueryParam::new("token", &token)].to_vec()), None)
.await;
assert_eq!(response.status(), 200);
env.stop().await;
}
#[tokio::test]
async fn should_not_authenticate_requests_when_the_token_is_missing() {
logging::setup();
let env = Started::new(&configuration::ephemeral().into()).await;
let request_id = Uuid::new_v4();
let response = Client::new(env.get_connection_info())
.unwrap()
.get_request_with_query("stats", Query::default(), Some(headers_with_request_id(request_id)))
.await;
assert_unauthorized(response).await;
assert!(
logs_contains_a_line_with(&["ERROR", "API", &format!("{request_id}")]),
"Expected logs to contain: ERROR ... API ... request_id={request_id}"
);
env.stop().await;
}
#[tokio::test]
async fn should_not_authenticate_requests_when_the_token_is_empty() {
logging::setup();
let env = Started::new(&configuration::ephemeral().into()).await;
let request_id = Uuid::new_v4();
let response = Client::new(env.get_connection_info())
.unwrap()
.get_request_with_query(
"stats",
Query::params([QueryParam::new("token", "")].to_vec()),
Some(headers_with_request_id(request_id)),
)
.await;
assert_token_not_valid(response).await;
assert!(
logs_contains_a_line_with(&["ERROR", "API", &format!("{request_id}")]),
"Expected logs to contain: ERROR ... API ... request_id={request_id}"
);
env.stop().await;
}
#[tokio::test]
async fn should_not_authenticate_requests_when_the_token_is_invalid() {
logging::setup();
let env = Started::new(&configuration::ephemeral().into()).await;
let request_id = Uuid::new_v4();
let response = Client::new(env.get_connection_info())
.unwrap()
.get_request_with_query(
"stats",
Query::params([QueryParam::new("token", "INVALID TOKEN")].to_vec()),
Some(headers_with_request_id(request_id)),
)
.await;
assert_token_not_valid(response).await;
assert!(
logs_contains_a_line_with(&["ERROR", "API", &format!("{request_id}")]),
"Expected logs to contain: ERROR ... API ... request_id={request_id}"
);
env.stop().await;
}
#[tokio::test]
async fn should_allow_the_token_query_param_to_be_at_any_position_in_the_url_query() {
logging::setup();
let env = Started::new(&configuration::ephemeral().into()).await;
let token = env.get_connection_info().api_token.unwrap();
// At the beginning of the query component
let response = Client::new(env.get_connection_info())
.unwrap()
.get_request(&format!("torrents?token={token}&limit=1"))
.await;
assert_eq!(response.status(), 200);
// At the end of the query component
let response = Client::new(env.get_connection_info())
.unwrap()
.get_request(&format!("torrents?limit=1&token={token}"))
.await;
assert_eq!(response.status(), 200);
env.stop().await;
}