adding test for missing secret key

2020-08-20 20:39:26 -07:00 · 2020-08-20 20:39:26 -07:00 · 6dfc6ed687
commit 6dfc6ed687
parent 0d146f5dc1
1 changed files with 31 additions and 1 deletions
--- a/server/src/auth.rs
+++ b/server/src/auth.rs
@ -27,7 +27,7 @@ fn valid_user(secret: &str, row: &Option<(VarChar, VarChar, BigInt, Integer, UBi
    }
 }

-pub async fn wall_entry(path: &str, pool: &Pool, params: &mut serde_json::Value) -> Result<AuthReason, mysql_async::error::Error> {
+pub async fn wall_entry(path: &str, pool: &Pool, params: &serde_json::Value) -> Result<AuthReason, mysql_async::error::Error> {
    // Start by Checking if the api key is in our keystore
    if routes::is_open(path) {
        Ok(AuthReason::OpenAuth)
@ -67,3 +67,33 @@ pub fn generate_secret() -> String {
    encode_config(buf,URL_SAFE) 
 }

+
+
+#[cfg(test)]
+mod auth_tests {
+    use crate::testing::get_pool;
+    use serde_json::Value;
+    use mysql_async::prelude::Queryable;
+
+    #[tokio::test]
+    async fn missing_key() {
+        let pool = get_pool();
+        let conn = pool.get_conn().await.unwrap();
+        let conn = conn.drop_exec(
+            r#"INSERT INTO members (id, secret, name, joindate, status,permissions)
+            VALUES(1, "abc", "bsname", 1,0,0)
+            "#, 
+            ()).await.unwrap();
+
+        let params: Value = serde_json::from_str(r#"
+        {
+            "id": 1
+        }
+        "#).unwrap();
+        
+        let result  = super::wall_entry("/channels/list", &pool, &params).await;
+        let _ = conn.drop_exec(r#"DELETE FROM members WHERE secret = "abc""#,()).await;
+        assert_eq!(true, result.is_ok());
+    }
+
+}