398 lines
13 KiB
Elixir
398 lines
13 KiB
Elixir
defmodule BeetRoundServer.AdminsTest do
|
|
use BeetRoundServer.DataCase
|
|
|
|
alias BeetRoundServer.Admins
|
|
|
|
import BeetRoundServer.AdminsFixtures
|
|
alias BeetRoundServer.Admins.{Admin, AdminToken}
|
|
|
|
describe "get_admin_by_email/1" do
|
|
test "does not return the admin if the email does not exist" do
|
|
refute Admins.get_admin_by_email("unknown@example.com")
|
|
end
|
|
|
|
test "returns the admin if the email exists" do
|
|
%{id: id} = admin = admin_fixture()
|
|
assert %Admin{id: ^id} = Admins.get_admin_by_email(admin.email)
|
|
end
|
|
end
|
|
|
|
describe "get_admin_by_email_and_password/2" do
|
|
test "does not return the admin if the email does not exist" do
|
|
refute Admins.get_admin_by_email_and_password("unknown@example.com", "hello world!")
|
|
end
|
|
|
|
test "does not return the admin if the password is not valid" do
|
|
admin = admin_fixture() |> set_password()
|
|
refute Admins.get_admin_by_email_and_password(admin.email, "invalid")
|
|
end
|
|
|
|
test "returns the admin if the email and password are valid" do
|
|
%{id: id} = admin = admin_fixture() |> set_password()
|
|
|
|
assert %Admin{id: ^id} =
|
|
Admins.get_admin_by_email_and_password(admin.email, valid_admin_password())
|
|
end
|
|
end
|
|
|
|
describe "get_admin!/1" do
|
|
test "raises if id is invalid" do
|
|
assert_raise Ecto.NoResultsError, fn ->
|
|
Admins.get_admin!("11111111-1111-1111-1111-111111111111")
|
|
end
|
|
end
|
|
|
|
test "returns the admin with the given id" do
|
|
%{id: id} = admin = admin_fixture()
|
|
assert %Admin{id: ^id} = Admins.get_admin!(admin.id)
|
|
end
|
|
end
|
|
|
|
describe "register_admin/1" do
|
|
test "requires email to be set" do
|
|
{:error, changeset} = Admins.register_admin(%{})
|
|
|
|
assert %{email: ["can't be blank"]} = errors_on(changeset)
|
|
end
|
|
|
|
test "validates email when given" do
|
|
{:error, changeset} = Admins.register_admin(%{email: "not valid"})
|
|
|
|
assert %{email: ["must have the @ sign and no spaces"]} = errors_on(changeset)
|
|
end
|
|
|
|
test "validates maximum values for email for security" do
|
|
too_long = String.duplicate("db", 100)
|
|
{:error, changeset} = Admins.register_admin(%{email: too_long})
|
|
assert "should be at most 160 character(s)" in errors_on(changeset).email
|
|
end
|
|
|
|
test "validates email uniqueness" do
|
|
%{email: email} = admin_fixture()
|
|
{:error, changeset} = Admins.register_admin(%{email: email})
|
|
assert "has already been taken" in errors_on(changeset).email
|
|
|
|
# Now try with the uppercased email too, to check that email case is ignored.
|
|
{:error, changeset} = Admins.register_admin(%{email: String.upcase(email)})
|
|
assert "has already been taken" in errors_on(changeset).email
|
|
end
|
|
|
|
test "registers admins without password" do
|
|
email = unique_admin_email()
|
|
{:ok, admin} = Admins.register_admin(valid_admin_attributes(email: email))
|
|
assert admin.email == email
|
|
assert is_nil(admin.hashed_password)
|
|
assert is_nil(admin.confirmed_at)
|
|
assert is_nil(admin.password)
|
|
end
|
|
end
|
|
|
|
describe "sudo_mode?/2" do
|
|
test "validates the authenticated_at time" do
|
|
now = DateTime.utc_now()
|
|
|
|
assert Admins.sudo_mode?(%Admin{authenticated_at: DateTime.utc_now()})
|
|
assert Admins.sudo_mode?(%Admin{authenticated_at: DateTime.add(now, -19, :minute)})
|
|
refute Admins.sudo_mode?(%Admin{authenticated_at: DateTime.add(now, -21, :minute)})
|
|
|
|
# minute override
|
|
refute Admins.sudo_mode?(
|
|
%Admin{authenticated_at: DateTime.add(now, -11, :minute)},
|
|
-10
|
|
)
|
|
|
|
# not authenticated
|
|
refute Admins.sudo_mode?(%Admin{})
|
|
end
|
|
end
|
|
|
|
describe "change_admin_email/3" do
|
|
test "returns a admin changeset" do
|
|
assert %Ecto.Changeset{} = changeset = Admins.change_admin_email(%Admin{})
|
|
assert changeset.required == [:email]
|
|
end
|
|
end
|
|
|
|
describe "deliver_admin_update_email_instructions/3" do
|
|
setup do
|
|
%{admin: admin_fixture()}
|
|
end
|
|
|
|
test "sends token through notification", %{admin: admin} do
|
|
token =
|
|
extract_admin_token(fn url ->
|
|
Admins.deliver_admin_update_email_instructions(admin, "current@example.com", url)
|
|
end)
|
|
|
|
{:ok, token} = Base.url_decode64(token, padding: false)
|
|
assert admin_token = Repo.get_by(AdminToken, token: :crypto.hash(:sha256, token))
|
|
assert admin_token.admin_id == admin.id
|
|
assert admin_token.sent_to == admin.email
|
|
assert admin_token.context == "change:current@example.com"
|
|
end
|
|
end
|
|
|
|
describe "update_admin_email/2" do
|
|
setup do
|
|
admin = unconfirmed_admin_fixture()
|
|
email = unique_admin_email()
|
|
|
|
token =
|
|
extract_admin_token(fn url ->
|
|
Admins.deliver_admin_update_email_instructions(%{admin | email: email}, admin.email, url)
|
|
end)
|
|
|
|
%{admin: admin, token: token, email: email}
|
|
end
|
|
|
|
test "updates the email with a valid token", %{admin: admin, token: token, email: email} do
|
|
assert {:ok, %{email: ^email}} = Admins.update_admin_email(admin, token)
|
|
changed_admin = Repo.get!(Admin, admin.id)
|
|
assert changed_admin.email != admin.email
|
|
assert changed_admin.email == email
|
|
refute Repo.get_by(AdminToken, admin_id: admin.id)
|
|
end
|
|
|
|
test "does not update email with invalid token", %{admin: admin} do
|
|
assert Admins.update_admin_email(admin, "oops") ==
|
|
{:error, :transaction_aborted}
|
|
|
|
assert Repo.get!(Admin, admin.id).email == admin.email
|
|
assert Repo.get_by(AdminToken, admin_id: admin.id)
|
|
end
|
|
|
|
test "does not update email if admin email changed", %{admin: admin, token: token} do
|
|
assert Admins.update_admin_email(%{admin | email: "current@example.com"}, token) ==
|
|
{:error, :transaction_aborted}
|
|
|
|
assert Repo.get!(Admin, admin.id).email == admin.email
|
|
assert Repo.get_by(AdminToken, admin_id: admin.id)
|
|
end
|
|
|
|
test "does not update email if token expired", %{admin: admin, token: token} do
|
|
{1, nil} = Repo.update_all(AdminToken, set: [inserted_at: ~N[2020-01-01 00:00:00]])
|
|
|
|
assert Admins.update_admin_email(admin, token) ==
|
|
{:error, :transaction_aborted}
|
|
|
|
assert Repo.get!(Admin, admin.id).email == admin.email
|
|
assert Repo.get_by(AdminToken, admin_id: admin.id)
|
|
end
|
|
end
|
|
|
|
describe "change_admin_password/3" do
|
|
test "returns a admin changeset" do
|
|
assert %Ecto.Changeset{} = changeset = Admins.change_admin_password(%Admin{})
|
|
assert changeset.required == [:password]
|
|
end
|
|
|
|
test "allows fields to be set" do
|
|
changeset =
|
|
Admins.change_admin_password(
|
|
%Admin{},
|
|
%{
|
|
"password" => "new valid password"
|
|
},
|
|
hash_password: false
|
|
)
|
|
|
|
assert changeset.valid?
|
|
assert get_change(changeset, :password) == "new valid password"
|
|
assert is_nil(get_change(changeset, :hashed_password))
|
|
end
|
|
end
|
|
|
|
describe "update_admin_password/2" do
|
|
setup do
|
|
%{admin: admin_fixture()}
|
|
end
|
|
|
|
test "validates password", %{admin: admin} do
|
|
{:error, changeset} =
|
|
Admins.update_admin_password(admin, %{
|
|
password: "not valid",
|
|
password_confirmation: "another"
|
|
})
|
|
|
|
assert %{
|
|
password: ["should be at least 12 character(s)"],
|
|
password_confirmation: ["does not match password"]
|
|
} = errors_on(changeset)
|
|
end
|
|
|
|
test "validates maximum values for password for security", %{admin: admin} do
|
|
too_long = String.duplicate("db", 100)
|
|
|
|
{:error, changeset} =
|
|
Admins.update_admin_password(admin, %{password: too_long})
|
|
|
|
assert "should be at most 72 character(s)" in errors_on(changeset).password
|
|
end
|
|
|
|
test "updates the password", %{admin: admin} do
|
|
{:ok, {admin, expired_tokens}} =
|
|
Admins.update_admin_password(admin, %{
|
|
password: "new valid password"
|
|
})
|
|
|
|
assert expired_tokens == []
|
|
assert is_nil(admin.password)
|
|
assert Admins.get_admin_by_email_and_password(admin.email, "new valid password")
|
|
end
|
|
|
|
test "deletes all tokens for the given admin", %{admin: admin} do
|
|
_ = Admins.generate_admin_session_token(admin)
|
|
|
|
{:ok, {_, _}} =
|
|
Admins.update_admin_password(admin, %{
|
|
password: "new valid password"
|
|
})
|
|
|
|
refute Repo.get_by(AdminToken, admin_id: admin.id)
|
|
end
|
|
end
|
|
|
|
describe "generate_admin_session_token/1" do
|
|
setup do
|
|
%{admin: admin_fixture()}
|
|
end
|
|
|
|
test "generates a token", %{admin: admin} do
|
|
token = Admins.generate_admin_session_token(admin)
|
|
assert admin_token = Repo.get_by(AdminToken, token: token)
|
|
assert admin_token.context == "session"
|
|
assert admin_token.authenticated_at != nil
|
|
|
|
# Creating the same token for another admin should fail
|
|
assert_raise Ecto.ConstraintError, fn ->
|
|
Repo.insert!(%AdminToken{
|
|
token: admin_token.token,
|
|
admin_id: admin_fixture().id,
|
|
context: "session"
|
|
})
|
|
end
|
|
end
|
|
|
|
test "duplicates the authenticated_at of given admin in new token", %{admin: admin} do
|
|
admin = %{admin | authenticated_at: DateTime.add(DateTime.utc_now(:second), -3600)}
|
|
token = Admins.generate_admin_session_token(admin)
|
|
assert admin_token = Repo.get_by(AdminToken, token: token)
|
|
assert admin_token.authenticated_at == admin.authenticated_at
|
|
assert DateTime.compare(admin_token.inserted_at, admin.authenticated_at) == :gt
|
|
end
|
|
end
|
|
|
|
describe "get_admin_by_session_token/1" do
|
|
setup do
|
|
admin = admin_fixture()
|
|
token = Admins.generate_admin_session_token(admin)
|
|
%{admin: admin, token: token}
|
|
end
|
|
|
|
test "returns admin by token", %{admin: admin, token: token} do
|
|
assert {session_admin, token_inserted_at} = Admins.get_admin_by_session_token(token)
|
|
assert session_admin.id == admin.id
|
|
assert session_admin.authenticated_at != nil
|
|
assert token_inserted_at != nil
|
|
end
|
|
|
|
test "does not return admin for invalid token" do
|
|
refute Admins.get_admin_by_session_token("oops")
|
|
end
|
|
|
|
test "does not return admin for expired token", %{token: token} do
|
|
dt = ~N[2020-01-01 00:00:00]
|
|
{1, nil} = Repo.update_all(AdminToken, set: [inserted_at: dt, authenticated_at: dt])
|
|
refute Admins.get_admin_by_session_token(token)
|
|
end
|
|
end
|
|
|
|
describe "get_admin_by_magic_link_token/1" do
|
|
setup do
|
|
admin = admin_fixture()
|
|
{encoded_token, _hashed_token} = generate_admin_magic_link_token(admin)
|
|
%{admin: admin, token: encoded_token}
|
|
end
|
|
|
|
test "returns admin by token", %{admin: admin, token: token} do
|
|
assert session_admin = Admins.get_admin_by_magic_link_token(token)
|
|
assert session_admin.id == admin.id
|
|
end
|
|
|
|
test "does not return admin for invalid token" do
|
|
refute Admins.get_admin_by_magic_link_token("oops")
|
|
end
|
|
|
|
test "does not return admin for expired token", %{token: token} do
|
|
{1, nil} = Repo.update_all(AdminToken, set: [inserted_at: ~N[2020-01-01 00:00:00]])
|
|
refute Admins.get_admin_by_magic_link_token(token)
|
|
end
|
|
end
|
|
|
|
describe "login_admin_by_magic_link/1" do
|
|
test "confirms admin and expires tokens" do
|
|
admin = unconfirmed_admin_fixture()
|
|
refute admin.confirmed_at
|
|
{encoded_token, hashed_token} = generate_admin_magic_link_token(admin)
|
|
|
|
assert {:ok, {admin, [%{token: ^hashed_token}]}} =
|
|
Admins.login_admin_by_magic_link(encoded_token)
|
|
|
|
assert admin.confirmed_at
|
|
end
|
|
|
|
test "returns admin and (deleted) token for confirmed admin" do
|
|
admin = admin_fixture()
|
|
assert admin.confirmed_at
|
|
{encoded_token, _hashed_token} = generate_admin_magic_link_token(admin)
|
|
assert {:ok, {^admin, []}} = Admins.login_admin_by_magic_link(encoded_token)
|
|
# one time use only
|
|
assert {:error, :not_found} = Admins.login_admin_by_magic_link(encoded_token)
|
|
end
|
|
|
|
test "raises when unconfirmed admin has password set" do
|
|
admin = unconfirmed_admin_fixture()
|
|
{1, nil} = Repo.update_all(Admin, set: [hashed_password: "hashed"])
|
|
{encoded_token, _hashed_token} = generate_admin_magic_link_token(admin)
|
|
|
|
assert_raise RuntimeError, ~r/magic link log in is not allowed/, fn ->
|
|
Admins.login_admin_by_magic_link(encoded_token)
|
|
end
|
|
end
|
|
end
|
|
|
|
describe "delete_admin_session_token/1" do
|
|
test "deletes the token" do
|
|
admin = admin_fixture()
|
|
token = Admins.generate_admin_session_token(admin)
|
|
assert Admins.delete_admin_session_token(token) == :ok
|
|
refute Admins.get_admin_by_session_token(token)
|
|
end
|
|
end
|
|
|
|
describe "deliver_login_instructions/2" do
|
|
setup do
|
|
%{admin: unconfirmed_admin_fixture()}
|
|
end
|
|
|
|
test "sends token through notification", %{admin: admin} do
|
|
token =
|
|
extract_admin_token(fn url ->
|
|
Admins.deliver_login_instructions(admin, url)
|
|
end)
|
|
|
|
{:ok, token} = Base.url_decode64(token, padding: false)
|
|
assert admin_token = Repo.get_by(AdminToken, token: :crypto.hash(:sha256, token))
|
|
assert admin_token.admin_id == admin.id
|
|
assert admin_token.sent_to == admin.email
|
|
assert admin_token.context == "login"
|
|
end
|
|
end
|
|
|
|
describe "inspect/2 for the Admin module" do
|
|
test "does not include password" do
|
|
refute inspect(%Admin{password: "123456"}) =~ "password: \"123456\""
|
|
end
|
|
end
|
|
end
|