philipp/hacky-ruadat
1
0
Fork 0
forked from Ruderverein-Donau-Linz/rowt
Code Pull Requests 1 Actions Activity

craete login tests

Browse Source
This commit is contained in:
philipp 2023-04-03 17:21:34 +02:00
parent d50f3d9746
commit ff73accb52
7 changed files with 103 additions and 62 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
seeds.sql
View File

@ -1,4 +1,4 @@
INSERT INTO "user" (name, is_cox, is_admin, is_guest) VALUES('admin', false, true, false); INSERT INTO "user" (name, is_cox, is_admin, is_guest, pw) VALUES('admin', false, true, false, '$argon2id$v=19$m=19456,t=2,p=1$dS/X5/sPEKTj4Rzs/CuvzQ$4P4NCw4Ukhv80/eQYTsarHhnw61JuL1KMx/L9dm82YM');
INSERT INTO "user" (name, is_cox, is_admin, is_guest) VALUES('rower', false, false, false); INSERT INTO "user" (name, is_cox, is_admin, is_guest) VALUES('rower', false, false, false);
INSERT INTO "user" (name, is_cox, is_admin, is_guest) VALUES('guest', false, false, true); INSERT INTO "user" (name, is_cox, is_admin, is_guest) VALUES('guest', false, false, true);
INSERT INTO "user" (name, is_cox, is_admin, is_guest) VALUES('cox', true, false, false); INSERT INTO "user" (name, is_cox, is_admin, is_guest) VALUES('cox', true, false, false);

3
src/main.rs
View File

@ -1,4 +1,4 @@
use rot::{model::user::Users, rest}; use rot::rest;
use sqlx::SqlitePool; use sqlx::SqlitePool;
#[macro_use] #[macro_use]
@ -10,7 +10,6 @@ async fn rocket() -> _ {
//let pool = SqlitePool::connect(":memory:").await.unwrap(); //let pool = SqlitePool::connect(":memory:").await.unwrap();
let pool = SqlitePool::connect("db.sqlite").await.unwrap(); //TODO: fixme let pool = SqlitePool::connect("db.sqlite").await.unwrap(); //TODO: fixme
let users = Users::new(&pool).await.unwrap(); //TODO: fixme
rest::start(pool) rest::start(pool)
} }

1
src/model/mod.rs
View File

@ -1 +1,2 @@
pub mod user; pub mod user;
//pub mod users;

94
src/model/user.rs
View File

@ -1,7 +1,10 @@
use std::ops::Deref; use std::ops::Deref;
use argon2::{password_hash::SaltString, Argon2, PasswordHash, PasswordHasher, PasswordVerifier}; use argon2::{
use base64::{engine, prelude::BASE64_STANDARD_NO_PAD}; password_hash::{rand_core::OsRng, SaltString},
Argon2, PasswordHash, PasswordHasher, PasswordVerifier,
};
use base64::{engine, prelude::BASE64_STANDARD_NO_PAD, Engine};
use rocket::{ use rocket::{
request::{self, FromRequest}, request::{self, FromRequest},
Request, Request,
@ -18,6 +21,7 @@ pub struct User {
is_guest: bool, is_guest: bool,
} }
#[derive(Debug)]
pub enum LoginError { pub enum LoginError {
SqlxError(sqlx::Error), SqlxError(sqlx::Error),
InvalidAuthenticationCombo, InvalidAuthenticationCombo,
@ -29,7 +33,7 @@ impl From<sqlx::Error> for LoginError {
} }
} }
impl User { impl User {
pub async fn find_by_name(db: &SqlitePool, name: String) -> Result<Self, sqlx::Error> { async fn find_by_name(db: &SqlitePool, name: String) -> Result<Self, sqlx::Error> {
let user: User = sqlx::query_as!( let user: User = sqlx::query_as!(
User, User,
" "
@ -48,72 +52,27 @@ WHERE name like ?
pub async fn login(db: &SqlitePool, name: String, pw: String) -> Result<Self, LoginError> { pub async fn login(db: &SqlitePool, name: String, pw: String) -> Result<Self, LoginError> {
let user = User::find_by_name(db, name).await?; let user = User::find_by_name(db, name).await?;
let salt = SaltString::from_b64("dS/X5/sPEKTj4Rzs/CuvzQ").unwrap();
let argon2 = Argon2::default(); let argon2 = Argon2::default();
let salt = SaltString::from_b64("CdR4i0HA9e0CM").unwrap(); //TODO: generate salt for each user
let password_hash = argon2 let password_hash = argon2
.hash_password(&pw.as_bytes(), &salt) .hash_password(&pw.as_bytes(), &salt)
.unwrap() .unwrap()
.to_string(); .to_string();
//TODO: fixme
let parsed_hash = PasswordHash::new(&password_hash).unwrap(); //TODO: fixme
//TODO: If user.pw == "" -> set new pw! if password_hash == user.pw {
match Argon2::default() return Ok(user);
.verify_password(base64::encode(pw.as_bytes()).as_bytes(), &parsed_hash)
{
Ok(_) => Ok(user),
Err(_) => Err(LoginError::InvalidAuthenticationCombo),
} }
}
}
pub struct Users { Err(LoginError::InvalidAuthenticationCombo)
users: Vec<User>,
}
#[derive(Debug)]
pub enum Error {}
//#[rocket::async_trait]
//impl<'r> FromRequest<'r> for User {
// type Error = Error;
//
// async fn from_request(req: &'r Request<'_>) -> request::Outcome<Self, Self::Error> {
// //TODO: https://betterprogramming.pub/building-the-rust-web-app-multiple-users-and-authentication-5ca5988ddfe4
// }
//}
impl Deref for Users {
type Target = Vec<User>;
fn deref(&self) -> &Self::Target {
&self.users
}
}
impl Users {
pub async fn new(pool: &SqlitePool) -> Result<Self, sqlx::Error> {
let users: Vec<User> = sqlx::query_as!(
User,
r#"
SELECT id, name, pw, is_cox, is_admin, is_guest
FROM user
"#,
)
.fetch_all(pool)
.await?;
Ok(Self { users })
} }
} }
#[cfg(test)] #[cfg(test)]
mod test { mod test {
use super::Users; use super::User;
use sqlx::SqlitePool; use sqlx::SqlitePool;
#[sqlx::test] async fn setup() -> SqlitePool {
fn user_with_test_db() {
let pool = SqlitePool::connect(":memory:").await.unwrap(); let pool = SqlitePool::connect(":memory:").await.unwrap();
sqlx::query_file!("./migration.sql") sqlx::query_file!("./migration.sql")
.execute(&pool) .execute(&pool)
@ -124,7 +83,30 @@ mod test {
.await .await
.unwrap(); .unwrap();
let users = Users::new(&pool).await.unwrap(); pool
assert_eq!(users.len(), 4); }
#[sqlx::test]
fn succ_login_with_test_db() {
let pool = setup().await;
User::login(&pool, "admin".into(), "admin".into())
.await
.unwrap();
}
#[sqlx::test]
fn wrong_pw() {
let pool = setup().await;
assert!(User::login(&pool, "admin".into(), "admi".into())
.await
.is_err());
}
#[sqlx::test]
fn wrong_username() {
let pool = setup().await;
assert!(User::login(&pool, "admi".into(), "admin".into())
.await
.is_err());
} }
} }

61
src/model/users.rs Normal file
View File

@ -0,0 +1,61 @@
pub struct Users {
users: Vec<User>,
}
#[derive(Debug)]
pub enum Error {}
//#[rocket::async_trait]
//impl<'r> FromRequest<'r> for User {
// type Error = Error;
//
// async fn from_request(req: &'r Request<'_>) -> request::Outcome<Self, Self::Error> {
// //TODO: https://betterprogramming.pub/building-the-rust-web-app-multiple-users-and-authentication-5ca5988ddfe4
// }
//}
impl Deref for Users {
type Target = Vec<User>;
fn deref(&self) -> &Self::Target {
&self.users
}
}
impl Users {
pub async fn new(pool: &SqlitePool) -> Result<Self, sqlx::Error> {
let users: Vec<User> = sqlx::query_as!(
User,
r#"
SELECT id, name, pw, is_cox, is_admin, is_guest
FROM user
"#,
)
.fetch_all(pool)
.await?;
Ok(Self { users })
}
}
#[cfg(test)]
mod test {
use super::Users;
use sqlx::SqlitePool;
#[sqlx::test]
fn user_with_test_db() {
let pool = SqlitePool::connect(":memory:").await.unwrap();
sqlx::query_file!("./migration.sql")
.execute(&pool)
.await
.unwrap();
sqlx::query_file!("./seeds.sql")
.execute(&pool)
.await
.unwrap();
let users = Users::new(&pool).await.unwrap();
assert_eq!(users.len(), 4);
}
}

2
src/rest/auth.rs
View File

@ -8,7 +8,7 @@ use rocket::{
use rocket_dyn_templates::{context, tera, Template}; use rocket_dyn_templates::{context, tera, Template};
use sqlx::SqlitePool; use sqlx::SqlitePool;
use crate::model::user::{self, User, Users}; use crate::model::user::{self, User};
#[get("/")] #[get("/")]
async fn index(flash: Option<FlashMessage<'_>>) -> Template { async fn index(flash: Option<FlashMessage<'_>>) -> Template {

2
src/rest/mod.rs
View File

@ -2,8 +2,6 @@ use rocket::{get, routes, Build, Rocket};
use rocket_dyn_templates::{context, Template}; use rocket_dyn_templates::{context, Template};
use sqlx::SqlitePool; use sqlx::SqlitePool;
use crate::model::user::Users;
mod auth; mod auth;
#[get("/")] #[get("/")]