hermod-api 0.1.2

Rapid and seamless customer interaction, designed for CS 495 at The University of Alabama.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189

use core::time;
use std::thread;

use uuid::Uuid;

use crate::helpers::{login, spawn_app};

#[actix_rt::test]
async fn auth_request_with_invalid_credentials_is_rejected() {
    let app = spawn_app().await;

    let response = login(&app, "".to_string(), "".to_string()).await;

    assert_eq!(401, response.status().as_u16());
    assert_eq!(Some(0), response.content_length());
    assert_eq!(
        r#"Basic realm="publish""#,
        response.headers()["WWW-Authenticate"]
    );
}

#[actix_rt::test]
async fn auth_request_with_nonexisting_username_is_rejected() {
    let app = spawn_app().await;
    let username = "john".to_string();
    let password = "cs495".to_string();

    let response = login(&app, username, password).await;

    assert_eq!(401, response.status().as_u16());
    assert_eq!(Some(0), response.content_length());
    assert_eq!(
        r#"Basic realm="publish""#,
        response.headers()["WWW-Authenticate"]
    );
}

#[actix_rt::test]
async fn auth_request_with_invalid_password_is_rejected() {
    let app = spawn_app().await;
    let username = app.test_user.username.to_string();
    let password = "cs495".to_string();

    let response = login(&app, username, password).await;

    assert_eq!(401, response.status().as_u16());
    assert_eq!(Some(0), response.content_length());
    assert_eq!(
        r#"Basic realm="publish""#,
        response.headers()["WWW-Authenticate"]
    );
}

#[actix_rt::test]
async fn auth_request_with_valid_credentials_is_accepted() {
    let app = spawn_app().await;
    let username = app.test_user.username.to_string();
    let password = app.test_user.password.to_string();

    let response = login(&app, username.clone(), password).await;

    assert_eq!(200, response.status().as_u16());

    let token = response.text().await.unwrap();
    let claim = app.jwt_client.decode_token(token.as_str());
    assert_eq!(claim.unwrap().sub, app.test_user.id.to_string());
}

#[actix_rt::test]
async fn who_am_i_provides_correct_username_if_logged_in() {
    let app = spawn_app().await;
    let username = app.test_user.username.to_string();
    let password = app.test_user.password.to_string();

    let response = login(&app, username.clone(), password).await;
    assert_eq!(200, response.status().as_u16());
    let client = reqwest::Client::new();
    let response = client
        .get(format!("{}/whoami", app.address))
        .header("Authorization", response.text().await.unwrap())
        .send()
        .await
        .expect("Failed to execute request.");

    assert_eq!(response.text().await.unwrap(), username);
}

#[actix_rt::test]
async fn who_am_i_responds_with_error_if_not_logged_in() {
    let app = spawn_app().await;
    let username = app.test_user.username.to_string();
    let password = app.test_user.password.to_string();

    let response = login(&app, username.clone(), password).await;
    assert_eq!(200, response.status().as_u16());
    let client = reqwest::Client::new();
    let response = client
        .get(format!("{}/whoami", app.address))
        .send()
        .await
        .expect("Failed to execute request.");

    assert_ne!(response.status(), 200);
    assert_ne!(response.text().await.unwrap(), username);
}

#[actix_rt::test]
async fn expired_jwt_tokens_are_rejected() {
    let app = spawn_app().await;
    let username = app.test_user.username.to_string();
    let client = reqwest::Client::new();
    let token = app
        .jwt_client
        .encode_token_with_exp(app.test_user.id, 1)
        .unwrap();
    thread::sleep(time::Duration::from_secs(2));
    let response = client
        .get(format!("{}/whoami", app.address))
        .header("Authorization", token)
        .send()
        .await
        .expect("Failed to execute request.");

    assert_ne!(response.status(), 200);
    assert_ne!(response.text().await.unwrap(), username);
}

#[actix_rt::test]
async fn test_encode_and_decode_token() {
    let app = spawn_app().await;
    let user_id = Uuid::new_v4();
    let token = app.jwt_client.encode_token(user_id).unwrap();
    let result = app.jwt_client.decode_token(&token).unwrap();
    assert_eq!(result.sub, user_id.to_string());
}

#[actix_rt::test]
async fn registration_request_with_valid_credentials_is_accepted() {
    let app = spawn_app().await;

    let client = reqwest::Client::new();
    let response = client
        .post(format!("{}/register", app.address))
        .header("Content-Type", "application/x-www-form-urlencoded")
        .body("username=russ&password=russ")
        .send()
        .await
        .expect("Failed to execute request.");

    assert_eq!(200, response.status().as_u16());
}

#[actix_rt::test]
async fn registration_request_with_malformed_input_is_rejected() {
    let app = spawn_app().await;

    let malformed_inputs = vec!["username=russ", "password=russ"];

    for body in malformed_inputs {
        let client = reqwest::Client::new();
        let response = client
            .post(format!("{}/register", app.address))
            .header("Content-Type", "application/x-www-form-urlencoded")
            .body(body)
            .send()
            .await
            .expect("Failed to execute request.");

        assert_eq!(400, response.status().as_u16());
    }
}

#[actix_rt::test]
async fn registration_request_with_duplicate_username_is_rejected() {
    let app = spawn_app().await;
    let username = app.test_user.username.to_string();
    let body = format!("username={}&password=russ", username);

    let client = reqwest::Client::new();
    let response = client
        .post(format!("{}/register", app.address))
        .header("Content-Type", "application/x-www-form-urlencoded")
        .body(body)
        .send()
        .await
        .expect("Failed to execute request.");

    assert_eq!(500, response.status().as_u16());
}