numerus/test/login.sql

-- Test login
set client_min_messages to warning;
create extension if not exists pgtap;
reset client_min_messages;

begin;

select plan(20);

set search_path to auth, numerus, public;

select has_function('numerus', 'login', array ['email', 'text', 'inet']);
select function_lang_is('numerus', 'login', array ['email', 'text', 'inet'], 'plpgsql');
select function_returns('numerus', 'login', array ['email', 'text', 'inet'], 'text');
select is_definer('numerus', 'login', array ['email', 'text', 'inet']);
select volatility_is('numerus', 'login', array ['email', 'text', 'inet'], 'volatile');
select function_privs_are('numerus', 'login', array ['email', 'text', 'inet'], 'guest', array ['EXECUTE']);
select function_privs_are('numerus', 'login', array ['email', 'text', 'inet'], 'invoicer', array []::text[]);
select function_privs_are('numerus', 'login', array ['email', 'text', 'inet'], 'admin', array []::text[]);
select function_privs_are('numerus', 'login', array ['email', 'text', 'inet'], 'authenticator', array []::text[]);

set client_min_messages to warning;
truncate auth."user" cascade;
truncate auth.login_attempt cascade;
reset client_min_messages;

insert into auth."user" (email, name, password, role)
values ('info@tandem.blog', 'Tandem', 'test', 'invoicer');

create temp table _login_test (result_num integer, cookie text not null);

select lives_ok (
	$$ insert into _login_test select 1, split_part(login('info@tandem.blog', 'test', '::1'::inet), '/', 1) $$,
	'Should login with a correct user and password'
);

select isnt_empty (
	$$ select cookie from _login_test join "user" using (cookie) where email = 'info@tandem.blog' $$,
	'Should have returned the cookie that wrote to the user relation.'
);

select results_eq (
	$$ select cookie_expires_at > current_timestamp from "user" where email = 'info@tandem.blog' $$,
	$$ values (true) $$,
	'Should have set an expiry date in the future.'
);

select isnt_empty (
	$$ select cookie from _login_test where cookie in (select split_part(login('info@tandem.blog', 'test', '192.168.0.1'::inet), '/', 1)) $$,
	'Should return the same cookie if not expired yet.'
);

update "user" set cookie_expires_at = current_timestamp - interval '1 hour' where email = 'info@tandem.blog';

select lives_ok (
	$$ insert into _login_test select 2, split_part(login('info@tandem.blog', 'test', '::1'::inet), '/', 1) $$,
	'Should login with a correct user and password even with an expired cookie'
);


select results_eq(
	$$ select count(distinct cookie)::integer from _login_test $$,
	$$ values (2) $$,
	'Should have returned a new cookie'
);

select isnt_empty (
	$$ select cookie from _login_test join "user" using (cookie) where email = 'info@tandem.blog' and result_num = 2 $$,
	'Should have updated the user’s cookie.'
);

select results_eq(
	$$ select cookie_expires_at > current_timestamp from "user" where email = 'info@tandem.blog' $$,
	$$ values(true) $$,
	'Should have set an expiry date in the future, again.'
);

select is(
	login('info@tandem.blog'::email, 'mah password', '127.0.0.1'::inet),
	''::text,
	'Should not find any role with an invalid password'
);

select is(
	login('nope@tandem.blog'::email, 'test'),
	''::text,
	'Should not find any role with an invalid email'
);

select results_eq(
	'select user_name, ip_address, success, attempted_at from login_attempt order by attempt_id',
	$$ values ('info@tandem.blog', '::1'::inet, true, current_timestamp)
	        , ('info@tandem.blog', '192.168.0.1'::inet, true, current_timestamp)
		, ('info@tandem.blog', '::1'::inet, true, current_timestamp)
		, ('info@tandem.blog', '127.0.0.1'::inet, false, current_timestamp)
		, ('nope@tandem.blog', null, false, current_timestamp)
	$$,
	'Should have recorded all login attempts.'
);


select *
from finish();

rollback;