106 lines
3.7 KiB
PL/PgSQL
106 lines
3.7 KiB
PL/PgSQL
-- Test login
|
||
set client_min_messages to warning;
|
||
create extension if not exists pgtap;
|
||
reset client_min_messages;
|
||
|
||
begin;
|
||
|
||
select plan(20);
|
||
|
||
set search_path to auth, numerus, public;
|
||
|
||
select has_function('numerus', 'login', array ['email', 'text', 'inet']);
|
||
select function_lang_is('numerus', 'login', array ['email', 'text', 'inet'], 'plpgsql');
|
||
select function_returns('numerus', 'login', array ['email', 'text', 'inet'], 'text');
|
||
select is_definer('numerus', 'login', array ['email', 'text', 'inet']);
|
||
select volatility_is('numerus', 'login', array ['email', 'text', 'inet'], 'volatile');
|
||
select function_privs_are('numerus', 'login', array ['email', 'text', 'inet'], 'guest', array ['EXECUTE']);
|
||
select function_privs_are('numerus', 'login', array ['email', 'text', 'inet'], 'invoicer', array []::text[]);
|
||
select function_privs_are('numerus', 'login', array ['email', 'text', 'inet'], 'admin', array []::text[]);
|
||
select function_privs_are('numerus', 'login', array ['email', 'text', 'inet'], 'authenticator', array []::text[]);
|
||
|
||
set client_min_messages to warning;
|
||
truncate auth."user" cascade;
|
||
truncate auth.login_attempt cascade;
|
||
reset client_min_messages;
|
||
|
||
insert into auth."user" (email, name, password, role)
|
||
values ('info@tandem.blog', 'Tandem', 'test', 'invoicer');
|
||
|
||
create temp table _login_test (result_num integer, cookie text not null);
|
||
|
||
select lives_ok (
|
||
$$ insert into _login_test select 1, split_part(login('info@tandem.blog', 'test', '::1'::inet), '/', 1) $$,
|
||
'Should login with a correct user and password'
|
||
);
|
||
|
||
select isnt_empty (
|
||
$$ select cookie from _login_test join "user" using (cookie) where email = 'info@tandem.blog' $$,
|
||
'Should have returned the cookie that wrote to the user relation.'
|
||
);
|
||
|
||
select results_eq (
|
||
$$ select cookie_expires_at > current_timestamp from "user" where email = 'info@tandem.blog' $$,
|
||
$$ values (true) $$,
|
||
'Should have set an expiry date in the future.'
|
||
);
|
||
|
||
select isnt_empty (
|
||
$$ select cookie from _login_test where cookie in (select split_part(login('info@tandem.blog', 'test', '192.168.0.1'::inet), '/', 1)) $$,
|
||
'Should return the same cookie if not expired yet.'
|
||
);
|
||
|
||
update "user" set cookie_expires_at = current_timestamp - interval '1 hour' where email = 'info@tandem.blog';
|
||
|
||
select lives_ok (
|
||
$$ insert into _login_test select 2, split_part(login('info@tandem.blog', 'test', '::1'::inet), '/', 1) $$,
|
||
'Should login with a correct user and password even with an expired cookie'
|
||
);
|
||
|
||
|
||
select results_eq(
|
||
$$ select count(distinct cookie)::integer from _login_test $$,
|
||
$$ values (2) $$,
|
||
'Should have returned a new cookie'
|
||
);
|
||
|
||
select isnt_empty (
|
||
$$ select cookie from _login_test join "user" using (cookie) where email = 'info@tandem.blog' and result_num = 2 $$,
|
||
'Should have updated the user’s cookie.'
|
||
);
|
||
|
||
select results_eq(
|
||
$$ select cookie_expires_at > current_timestamp from "user" where email = 'info@tandem.blog' $$,
|
||
$$ values(true) $$,
|
||
'Should have set an expiry date in the future, again.'
|
||
);
|
||
|
||
select is(
|
||
login('info@tandem.blog'::email, 'mah password', '127.0.0.1'::inet),
|
||
''::text,
|
||
'Should not find any role with an invalid password'
|
||
);
|
||
|
||
select is(
|
||
login('nope@tandem.blog'::email, 'test'),
|
||
''::text,
|
||
'Should not find any role with an invalid email'
|
||
);
|
||
|
||
select results_eq(
|
||
'select user_name, ip_address, success, attempted_at from login_attempt order by attempt_id',
|
||
$$ values ('info@tandem.blog', '::1'::inet, true, current_timestamp)
|
||
, ('info@tandem.blog', '192.168.0.1'::inet, true, current_timestamp)
|
||
, ('info@tandem.blog', '::1'::inet, true, current_timestamp)
|
||
, ('info@tandem.blog', '127.0.0.1'::inet, false, current_timestamp)
|
||
, ('nope@tandem.blog', null, false, current_timestamp)
|
||
$$,
|
||
'Should have recorded all login attempts.'
|
||
);
|
||
|
||
|
||
select *
|
||
from finish();
|
||
|
||
rollback;
|