oauth2-passkey 0.6.1

OAuth2 and Passkey authentication library for Rust web applications
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181

use super::*;
use chrono::Duration;
use proptest::prelude::*;

/// Test that a new user can be created with the expected properties
/// and that the timestamps are set correctly
/// This test checks:
/// 1. The user has the correct id, account, label
/// 2. is_admin defaults to false
/// 3. sequence_number is None
/// 4. created_at and updated_at are set to the current time
#[test]
fn test_user_new() {
    // Given user information
    let id = "user123".to_string();
    let account = "test@example.com".to_string();
    let label = "Test User".to_string();

    // When creating a new user
    let user = User::new(id.clone(), account.clone(), label.clone());

    // Then the user should have the correct properties
    assert_eq!(user.id, id);
    assert_eq!(user.account, account);
    assert_eq!(user.label, label);
    assert!(!user.is_admin);
    assert_eq!(user.sequence_number, None);

    // And created_at and updated_at should be within the last second
    let now = Utc::now();
    let one_second_ago = now - Duration::seconds(1);
    assert!(user.created_at > one_second_ago);
    assert!(user.updated_at > one_second_ago);
    assert_eq!(user.created_at, user.updated_at);
}

/// Test that has_admin_privileges works correctly
/// This test checks:
/// 1. If is_admin is true, has_admin_privileges should return true
/// 2. If sequence_number is 1, has_admin_privileges should return true
/// 3. If neither condition is met, has_admin_privileges should return false
#[test]
fn test_has_admin_privileges_with_is_admin_true() {
    // Given a user with is_admin set to true
    let mut user = User::new(
        "user123".to_string(),
        "test@example.com".to_string(),
        "Test User".to_string(),
    );
    user.is_admin = true;

    // When checking admin privileges
    let has_privileges = user.has_admin_privileges();

    // Then the user should have admin privileges
    assert!(has_privileges);
}

/// Test that has_admin_privileges works correctly with sequence_number
/// This test checks:
/// 1. If sequence_number is 1, has_admin_privileges should return true
/// 2. If sequence_number is not 1, has_admin_privileges should return false
#[test]
fn test_has_admin_privileges_with_sequence_number_1() {
    // Given a user with sequence_number set to 1
    let mut user = User::new(
        "user123".to_string(),
        "test@example.com".to_string(),
        "Test User".to_string(),
    );
    user.is_admin = false;
    user.sequence_number = Some(1);

    // When checking admin privileges
    let has_privileges = user.has_admin_privileges();

    // Then the user should have admin privileges
    assert!(has_privileges);
}

/// Test that has_admin_privileges works correctly when user has no admin privileges
/// This test checks:
/// 1. If is_admin is false and sequence_number is not 1, has_admin_privileges should return false
#[test]
fn test_has_admin_privileges_with_no_privileges() {
    // Given a user with no admin privileges
    let mut user = User::new(
        "user123".to_string(),
        "test@example.com".to_string(),
        "Test User".to_string(),
    );
    user.is_admin = false;
    user.sequence_number = Some(2);

    // When checking admin privileges
    let has_privileges = user.has_admin_privileges();

    // Then the user should not have admin privileges
    assert!(!has_privileges);
}

// Property-based tests for User struct
proptest! {
    /// Test that any valid User can be serialized and deserialized correctly
    #[test]
    fn test_user_serde_roundtrip(
        id in "[a-zA-Z0-9_-]{1,64}",
        account in "[a-zA-Z0-9._%+-]{1,64}@[a-zA-Z0-9.-]{1,64}\\.[a-zA-Z]{2,8}",
        label in "[\\p{L}\\p{N}\\p{P}\\p{Z}]{1,128}",
        is_admin in proptest::bool::ANY,
        sequence_number in proptest::option::of(1..10000i64)
    ) {
        // Create a user with the generated properties
        let now = Utc::now();
        let user = User {
            id,
            account,
            label,
            is_admin,
            sequence_number,
            created_at: now,
            updated_at: now,
        };

        // Serialize and deserialize
        let serialized = serde_json::to_string(&user).expect("Failed to serialize");
        let deserialized: User = serde_json::from_str(&serialized).expect("Failed to deserialize");

        // Check equality for all fields except timestamps
        // (timestamps might have precision issues during serialization/deserialization)
        prop_assert_eq!(user.id, deserialized.id);
        prop_assert_eq!(user.account, deserialized.account);
        prop_assert_eq!(user.label, deserialized.label);
        prop_assert_eq!(user.is_admin, deserialized.is_admin);
        // sequence_number is #[serde(skip_serializing)] so it's always None after roundtrip
        prop_assert_eq!(deserialized.sequence_number, None);
    }

    /// Test that User::new creates valid users with expected properties
    #[test]
    fn test_user_new_properties(
        id in "[a-zA-Z0-9_-]{1,64}",
        account in "[a-zA-Z0-9._%+-]{1,64}@[a-zA-Z0-9.-]{1,64}\\.[a-zA-Z]{2,8}",
        label in "[\\p{L}\\p{N}\\p{P}\\p{Z}]{1,128}"
    ) {
        let user = User::new(id.clone(), account.clone(), label.clone());

        prop_assert_eq!(user.id, id);
        prop_assert_eq!(user.account, account);
        prop_assert_eq!(user.label, label);
        prop_assert_eq!(user.is_admin, false);
        prop_assert_eq!(user.sequence_number, None);

        // created_at and updated_at should be the same
        prop_assert_eq!(user.created_at, user.updated_at);

        // created_at should be recent (within the last second)
        let now = Utc::now();
        let one_second_ago = now - Duration::seconds(1);
        prop_assert!(user.created_at > one_second_ago);
    }

    /// Test that has_admin_privileges works correctly with various inputs
    #[test]
    fn test_has_admin_privileges_properties(
        is_admin in proptest::bool::ANY,
        sequence_number in proptest::option::of(0..10000i64)
    ) {
        let mut user = User::new(
            "test_user".to_string(),
            "test@example.com".to_string(),
            "Test User".to_string()
        );

        user.is_admin = is_admin;
        user.sequence_number = sequence_number;

        let expected_has_privileges = is_admin || sequence_number == Some(1);
        prop_assert_eq!(user.has_admin_privileges(), expected_has_privileges);
    }
}