diff --git a/routes/user/authenticate_endpoint.go b/routes/user/authenticate_endpoint.go index b81f8ac..7aa1182 100644 --- a/routes/user/authenticate_endpoint.go +++ b/routes/user/authenticate_endpoint.go @@ -30,6 +30,7 @@ func RegisterAuthenticate(r *gin.RouterGroup) { // @Failure 401 {object} docs.ResponseError "Unauthorized" // @Failure 404 {object} docs.ResponseError "Not found" // @Failure 422 {object} docs.ResponseError "Unprocessable entity." +// @Failure 500 {object} docs.ResponseError "Internal server error." // @Router /authenticate [post] func authenticate(c *gin.Context) { @@ -46,12 +47,6 @@ func authenticate(c *gin.Context) { return } - // Check if the Username or Password are empty - if credentials.Username == "" || credentials.Password == "" { - helper.UnauthorizedError(c, "Invalid credentials") - return - } - // Find the username in the database var user User err := user.ByUsername(credentials.Username) @@ -82,7 +77,7 @@ func authenticate(c *gin.Context) { tokenString, err := token.SignedString([]byte(jwtSigningSecret)) if err != nil { - helper.UnprocessableEntityError(c, err.Error()) + helper.InternalServerError(c, err.Error()) return } diff --git a/routes/user/user_test.go b/routes/user/user_test.go index 4e084f0..1518ff2 100644 --- a/routes/user/user_test.go +++ b/routes/user/user_test.go @@ -1,8 +1,12 @@ package user import ( + "bytes" + "encoding/json" "fmt" "git.rwth-aachen.de/acs/public/villas/villasweb-backend-go/helper" + "net/http" + "net/http/httptest" "os" "testing" @@ -38,6 +42,60 @@ func TestMain(m *testing.M) { os.Exit(m.Run()) } +func TestAuthenticate(t *testing.T) { + database.DropTables(db) + database.MigrateModels(db) + assert.NoError(t, database.DBAddAdminAndUserAndGuest(db)) + + // try to authenticate with non JSON body + // should result in unprocessable entity + w1 := httptest.NewRecorder() + body, _ := json.Marshal("This is no JSON") + req, err := http.NewRequest("POST", "/api/authenticate", bytes.NewBuffer(body)) + assert.NoError(t, err) + req.Header.Set("Content-Type", "application/json") + router.ServeHTTP(w1, req) + assert.Equalf(t, 422, w1.Code, "Response body: \n%v\n", w1.Body) + + malformedCredentials := helper.Credentials{ + Username: "TEST1", + } + // try to authenticate with non JSON body + // should result in bad request + w2 := httptest.NewRecorder() + body, _ = json.Marshal(malformedCredentials) + req, err = http.NewRequest("POST", "/api/authenticate", bytes.NewBuffer(body)) + assert.NoError(t, err) + req.Header.Set("Content-Type", "application/json") + router.ServeHTTP(w2, req) + assert.Equal(t, 400, w2.Code, w2.Body) + + // try to authenticate with a username that does not exist in the DB + // should result in not found + malformedCredentials.Username = "NOTEXIST" + malformedCredentials.Password = "blablabla" + w3 := httptest.NewRecorder() + body, _ = json.Marshal(malformedCredentials) + req, err = http.NewRequest("POST", "/api/authenticate", bytes.NewBuffer(body)) + assert.NoError(t, err) + req.Header.Set("Content-Type", "application/json") + router.ServeHTTP(w3, req) + assert.Equal(t, 404, w3.Code, w3.Body) + + // try to authenticate with a correct user name and a wrong password + // should result in unauthorized + malformedCredentials.Username = "User_A" + malformedCredentials.Password = "wrong password" + w4 := httptest.NewRecorder() + body, _ = json.Marshal(malformedCredentials) + req, err = http.NewRequest("POST", "/api/authenticate", bytes.NewBuffer(body)) + assert.NoError(t, err) + req.Header.Set("Content-Type", "application/json") + router.ServeHTTP(w4, req) + assert.Equal(t, 401, w4.Code, w4.Body) + +} + func TestAddGetUser(t *testing.T) { database.DropTables(db)