add testing of authentication endpoint, revise authentication endpoint

2025-03-30 00:00:12 +01:00 · 2019-09-11 17:09:36 +02:00 · 2019-09-11 17:09:36 +02:00 · ed1d7677f2
commit ed1d7677f2
parent ddb4a9c8ca
2 changed files with 60 additions and 7 deletions
--- a/routes/user/authenticate_endpoint.go
+++ b/routes/user/authenticate_endpoint.go
@ -30,6 +30,7 @@ func RegisterAuthenticate(r *gin.RouterGroup) {
 // @Failure 401 {object} docs.ResponseError "Unauthorized"
 // @Failure 404 {object} docs.ResponseError "Not found"
 // @Failure 422 {object} docs.ResponseError "Unprocessable entity."
+// @Failure 500 {object} docs.ResponseError "Internal server error."
 // @Router /authenticate [post]
 func authenticate(c *gin.Context) {

@ -46,12 +47,6 @@ func authenticate(c *gin.Context) {
 		return
 	}

-	// Check if the Username or Password are empty
-	if credentials.Username == "" || credentials.Password == "" {
-		helper.UnauthorizedError(c, "Invalid credentials")
-		return
-	}
-
 	// Find the username in the database
 	var user User
 	err := user.ByUsername(credentials.Username)
@ -82,7 +77,7 @@ func authenticate(c *gin.Context) {

 	tokenString, err := token.SignedString([]byte(jwtSigningSecret))
 	if err != nil {
-		helper.UnprocessableEntityError(c, err.Error())
+		helper.InternalServerError(c, err.Error())
 		return
 	}

--- a/routes/user/user_test.go
+++ b/routes/user/user_test.go
@ -1,8 +1,12 @@
 package user

 import (
+	"bytes"
+	"encoding/json"
 	"fmt"
 	"git.rwth-aachen.de/acs/public/villas/villasweb-backend-go/helper"
+	"net/http"
+	"net/http/httptest"
 	"os"
 	"testing"

@ -38,6 +42,60 @@ func TestMain(m *testing.M) {
 	os.Exit(m.Run())
 }

+func TestAuthenticate(t *testing.T) {
+	database.DropTables(db)
+	database.MigrateModels(db)
+	assert.NoError(t, database.DBAddAdminAndUserAndGuest(db))
+
+	// try to authenticate with non JSON body
+	// should result in unprocessable entity
+	w1 := httptest.NewRecorder()
+	body, _ := json.Marshal("This is no JSON")
+	req, err := http.NewRequest("POST", "/api/authenticate", bytes.NewBuffer(body))
+	assert.NoError(t, err)
+	req.Header.Set("Content-Type", "application/json")
+	router.ServeHTTP(w1, req)
+	assert.Equalf(t, 422, w1.Code, "Response body: \n%v\n", w1.Body)
+
+	malformedCredentials := helper.Credentials{
+		Username: "TEST1",
+	}
+	// try to authenticate with non JSON body
+	// should result in bad request
+	w2 := httptest.NewRecorder()
+	body, _ = json.Marshal(malformedCredentials)
+	req, err = http.NewRequest("POST", "/api/authenticate", bytes.NewBuffer(body))
+	assert.NoError(t, err)
+	req.Header.Set("Content-Type", "application/json")
+	router.ServeHTTP(w2, req)
+	assert.Equal(t, 400, w2.Code, w2.Body)
+
+	// try to authenticate with a username that does not exist in the DB
+	// should result in not found
+	malformedCredentials.Username = "NOTEXIST"
+	malformedCredentials.Password = "blablabla"
+	w3 := httptest.NewRecorder()
+	body, _ = json.Marshal(malformedCredentials)
+	req, err = http.NewRequest("POST", "/api/authenticate", bytes.NewBuffer(body))
+	assert.NoError(t, err)
+	req.Header.Set("Content-Type", "application/json")
+	router.ServeHTTP(w3, req)
+	assert.Equal(t, 404, w3.Code, w3.Body)
+
+	// try to authenticate with a correct user name and a wrong password
+	// should result in unauthorized
+	malformedCredentials.Username = "User_A"
+	malformedCredentials.Password = "wrong password"
+	w4 := httptest.NewRecorder()
+	body, _ = json.Marshal(malformedCredentials)
+	req, err = http.NewRequest("POST", "/api/authenticate", bytes.NewBuffer(body))
+	assert.NoError(t, err)
+	req.Header.Set("Content-Type", "application/json")
+	router.ServeHTTP(w4, req)
+	assert.Equal(t, 401, w4.Code, w4.Body)
+
+}
+
 func TestAddGetUser(t *testing.T) {

 	database.DropTables(db)