Ilia Denisov
387 lines
11 KiB
Go
387 lines
11 KiB
Go
package authsessionuser_test
|
|
|
|
import (
|
|
"bytes"
|
|
"encoding/json"
|
|
"errors"
|
|
"fmt"
|
|
"io"
|
|
"net/http"
|
|
"testing"
|
|
"time"
|
|
|
|
"galaxy/integration/internal/harness"
|
|
|
|
"github.com/stretchr/testify/require"
|
|
)
|
|
|
|
const (
|
|
testClientPublicKey = "AAECAwQFBgcICQoLDA0ODxAREhMUFRYXGBkaGxwdHh8="
|
|
testTimeZone = "Europe/Kaliningrad"
|
|
)
|
|
|
|
type authsessionUserHarness struct {
|
|
mailStub *harness.MailStub
|
|
|
|
authsessionPublicURL string
|
|
userServiceURL string
|
|
|
|
authsessionProcess *harness.Process
|
|
userServiceProcess *harness.Process
|
|
}
|
|
|
|
func newAuthsessionUserHarness(t *testing.T) *authsessionUserHarness {
|
|
t.Helper()
|
|
|
|
redisServer := harness.StartMiniredis(t)
|
|
mailStub := harness.NewMailStub(t)
|
|
|
|
userServiceAddr := harness.FreeTCPAddress(t)
|
|
authsessionPublicAddr := harness.FreeTCPAddress(t)
|
|
authsessionInternalAddr := harness.FreeTCPAddress(t)
|
|
|
|
userServiceBinary := harness.BuildBinary(t, "userservice", "./user/cmd/userservice")
|
|
authsessionBinary := harness.BuildBinary(t, "authsession", "./authsession/cmd/authsession")
|
|
|
|
userServiceEnv := map[string]string{
|
|
"USERSERVICE_LOG_LEVEL": "info",
|
|
"USERSERVICE_INTERNAL_HTTP_ADDR": userServiceAddr,
|
|
"USERSERVICE_REDIS_ADDR": redisServer.Addr(),
|
|
"OTEL_TRACES_EXPORTER": "none",
|
|
"OTEL_METRICS_EXPORTER": "none",
|
|
}
|
|
userServiceProcess := harness.StartProcess(t, "userservice", userServiceBinary, userServiceEnv)
|
|
waitForUserServiceReady(t, userServiceProcess, "http://"+userServiceAddr)
|
|
|
|
authsessionEnv := map[string]string{
|
|
"AUTHSESSION_LOG_LEVEL": "info",
|
|
"AUTHSESSION_PUBLIC_HTTP_ADDR": authsessionPublicAddr,
|
|
"AUTHSESSION_INTERNAL_HTTP_ADDR": authsessionInternalAddr,
|
|
"AUTHSESSION_REDIS_ADDR": redisServer.Addr(),
|
|
"AUTHSESSION_USER_SERVICE_MODE": "rest",
|
|
"AUTHSESSION_USER_SERVICE_BASE_URL": "http://" + userServiceAddr,
|
|
"AUTHSESSION_MAIL_SERVICE_MODE": "rest",
|
|
"AUTHSESSION_MAIL_SERVICE_BASE_URL": mailStub.BaseURL(),
|
|
"OTEL_TRACES_EXPORTER": "none",
|
|
"OTEL_METRICS_EXPORTER": "none",
|
|
"AUTHSESSION_PUBLIC_HTTP_REQUEST_TIMEOUT": time.Second.String(),
|
|
"AUTHSESSION_INTERNAL_HTTP_REQUEST_TIMEOUT": time.Second.String(),
|
|
}
|
|
authsessionProcess := harness.StartProcess(t, "authsession", authsessionBinary, authsessionEnv)
|
|
waitForAuthsessionPublicReady(t, authsessionProcess, "http://"+authsessionPublicAddr)
|
|
|
|
return &authsessionUserHarness{
|
|
mailStub: mailStub,
|
|
authsessionPublicURL: "http://" + authsessionPublicAddr,
|
|
userServiceURL: "http://" + userServiceAddr,
|
|
authsessionProcess: authsessionProcess,
|
|
userServiceProcess: userServiceProcess,
|
|
}
|
|
}
|
|
|
|
func (h *authsessionUserHarness) sendChallenge(t *testing.T, email string) string {
|
|
t.Helper()
|
|
|
|
response := postJSONValue(t, h.authsessionPublicURL+"/api/v1/public/auth/send-email-code", map[string]string{
|
|
"email": email,
|
|
})
|
|
require.Equal(t, http.StatusOK, response.StatusCode)
|
|
|
|
var body struct {
|
|
ChallengeID string `json:"challenge_id"`
|
|
}
|
|
require.NoError(t, decodeStrictJSONPayload([]byte(response.Body), &body))
|
|
require.NotEmpty(t, body.ChallengeID)
|
|
|
|
return body.ChallengeID
|
|
}
|
|
|
|
func (h *authsessionUserHarness) confirmCode(t *testing.T, challengeID string, code string) httpResponse {
|
|
t.Helper()
|
|
|
|
return postJSONValue(t, h.authsessionPublicURL+"/api/v1/public/auth/confirm-email-code", map[string]string{
|
|
"challenge_id": challengeID,
|
|
"code": code,
|
|
"client_public_key": testClientPublicKey,
|
|
"time_zone": testTimeZone,
|
|
})
|
|
}
|
|
|
|
type httpResponse struct {
|
|
StatusCode int
|
|
Body string
|
|
Header http.Header
|
|
}
|
|
|
|
func postJSONValue(t *testing.T, targetURL string, body any) httpResponse {
|
|
t.Helper()
|
|
|
|
payload, err := json.Marshal(body)
|
|
require.NoError(t, err)
|
|
|
|
request, err := http.NewRequest(http.MethodPost, targetURL, bytes.NewReader(payload))
|
|
require.NoError(t, err)
|
|
request.Header.Set("Content-Type", "application/json")
|
|
|
|
client := &http.Client{
|
|
Timeout: 250 * time.Millisecond,
|
|
Transport: &http.Transport{
|
|
DisableKeepAlives: true,
|
|
},
|
|
}
|
|
t.Cleanup(client.CloseIdleConnections)
|
|
|
|
response, err := client.Do(request)
|
|
require.NoError(t, err)
|
|
defer response.Body.Close()
|
|
|
|
responseBody, err := io.ReadAll(response.Body)
|
|
require.NoError(t, err)
|
|
|
|
return httpResponse{
|
|
StatusCode: response.StatusCode,
|
|
Body: string(responseBody),
|
|
Header: response.Header.Clone(),
|
|
}
|
|
}
|
|
|
|
func decodeStrictJSONPayload(payload []byte, target any) error {
|
|
decoder := json.NewDecoder(bytes.NewReader(payload))
|
|
decoder.DisallowUnknownFields()
|
|
|
|
if err := decoder.Decode(target); err != nil {
|
|
return err
|
|
}
|
|
if err := decoder.Decode(&struct{}{}); err != io.EOF {
|
|
if err == nil {
|
|
return errors.New("unexpected trailing JSON input")
|
|
}
|
|
return err
|
|
}
|
|
|
|
return nil
|
|
}
|
|
|
|
func waitForUserServiceReady(t *testing.T, process *harness.Process, baseURL string) {
|
|
t.Helper()
|
|
|
|
client := &http.Client{Timeout: 250 * time.Millisecond}
|
|
deadline := time.Now().Add(10 * time.Second)
|
|
|
|
for time.Now().Before(deadline) {
|
|
request, err := http.NewRequest(http.MethodGet, baseURL+"/api/v1/internal/users/user-missing/exists", nil)
|
|
require.NoError(t, err)
|
|
|
|
response, err := client.Do(request)
|
|
if err == nil {
|
|
_, _ = io.Copy(io.Discard, response.Body)
|
|
response.Body.Close()
|
|
if response.StatusCode == http.StatusOK {
|
|
return
|
|
}
|
|
}
|
|
|
|
time.Sleep(25 * time.Millisecond)
|
|
}
|
|
|
|
t.Fatalf("wait for userservice readiness: timeout\n%s", process.Logs())
|
|
}
|
|
|
|
func waitForAuthsessionPublicReady(t *testing.T, process *harness.Process, baseURL string) {
|
|
t.Helper()
|
|
|
|
client := &http.Client{Timeout: 250 * time.Millisecond}
|
|
deadline := time.Now().Add(10 * time.Second)
|
|
|
|
for time.Now().Before(deadline) {
|
|
response, err := postJSONValueMaybe(client, baseURL+"/api/v1/public/auth/send-email-code", map[string]string{
|
|
"email": "",
|
|
})
|
|
if err == nil && response.StatusCode == http.StatusBadRequest {
|
|
return
|
|
}
|
|
|
|
time.Sleep(25 * time.Millisecond)
|
|
}
|
|
|
|
t.Fatalf("wait for authsession public readiness: timeout\n%s", process.Logs())
|
|
}
|
|
|
|
func postJSONValueMaybe(client *http.Client, targetURL string, body any) (httpResponse, error) {
|
|
payload, err := json.Marshal(body)
|
|
if err != nil {
|
|
return httpResponse{}, err
|
|
}
|
|
|
|
request, err := http.NewRequest(http.MethodPost, targetURL, bytes.NewReader(payload))
|
|
if err != nil {
|
|
return httpResponse{}, err
|
|
}
|
|
request.Header.Set("Content-Type", "application/json")
|
|
|
|
response, err := client.Do(request)
|
|
if err != nil {
|
|
return httpResponse{}, err
|
|
}
|
|
defer response.Body.Close()
|
|
|
|
responseBody, err := io.ReadAll(response.Body)
|
|
if err != nil {
|
|
return httpResponse{}, err
|
|
}
|
|
|
|
return httpResponse{
|
|
StatusCode: response.StatusCode,
|
|
Body: string(responseBody),
|
|
Header: response.Header.Clone(),
|
|
}, nil
|
|
}
|
|
|
|
func requireJSONStatus(t *testing.T, response httpResponse, wantStatus int, target any) {
|
|
t.Helper()
|
|
|
|
require.Equal(t, wantStatus, response.StatusCode, "response body: %s", response.Body)
|
|
require.NoError(t, decodeStrictJSONPayload([]byte(response.Body), target))
|
|
}
|
|
|
|
func requireJSONStatusRaw(t *testing.T, response httpResponse, wantStatus int, wantBody string) {
|
|
t.Helper()
|
|
|
|
require.Equal(t, wantStatus, response.StatusCode, "response body: %s", response.Body)
|
|
require.JSONEq(t, wantBody, response.Body)
|
|
}
|
|
|
|
func postEnsureUser(t *testing.T, baseURL string, email string, preferredLanguage string, timeZone string) ensureByEmailResponse {
|
|
t.Helper()
|
|
|
|
response := postJSONValue(t, baseURL+"/api/v1/internal/users/ensure-by-email", map[string]any{
|
|
"email": email,
|
|
"registration_context": map[string]string{
|
|
"preferred_language": preferredLanguage,
|
|
"time_zone": timeZone,
|
|
},
|
|
})
|
|
|
|
var body ensureByEmailResponse
|
|
requireJSONStatus(t, response, http.StatusOK, &body)
|
|
return body
|
|
}
|
|
|
|
func postBlockByEmail(t *testing.T, baseURL string, email string) {
|
|
t.Helper()
|
|
|
|
response := postJSONValue(t, baseURL+"/api/v1/internal/user-blocks/by-email", map[string]string{
|
|
"email": email,
|
|
"reason_code": "policy_blocked",
|
|
})
|
|
|
|
var body blockMutationResponse
|
|
requireJSONStatus(t, response, http.StatusOK, &body)
|
|
}
|
|
|
|
func lookupUserByEmail(t *testing.T, baseURL string, email string) (httpResponse, userLookupResponse) {
|
|
t.Helper()
|
|
|
|
response := postJSONValue(t, baseURL+"/api/v1/internal/user-lookups/by-email", map[string]string{
|
|
"email": email,
|
|
})
|
|
|
|
if response.StatusCode != http.StatusOK {
|
|
return response, userLookupResponse{}
|
|
}
|
|
|
|
var body userLookupResponse
|
|
require.NoError(t, decodeStrictJSONPayload([]byte(response.Body), &body))
|
|
return response, body
|
|
}
|
|
|
|
type ensureByEmailResponse struct {
|
|
Outcome string `json:"outcome"`
|
|
UserID string `json:"user_id,omitempty"`
|
|
}
|
|
|
|
type blockMutationResponse struct {
|
|
Outcome string `json:"outcome"`
|
|
UserID string `json:"user_id,omitempty"`
|
|
}
|
|
|
|
type userLookupResponse struct {
|
|
User accountView `json:"user"`
|
|
}
|
|
|
|
type accountView struct {
|
|
UserID string `json:"user_id"`
|
|
Email string `json:"email"`
|
|
RaceName string `json:"race_name"`
|
|
PreferredLanguage string `json:"preferred_language"`
|
|
TimeZone string `json:"time_zone"`
|
|
DeclaredCountry string `json:"declared_country,omitempty"`
|
|
Entitlement entitlementSnapshotView `json:"entitlement"`
|
|
ActiveSanctions []activeSanctionView `json:"active_sanctions"`
|
|
ActiveLimits []activeLimitView `json:"active_limits"`
|
|
CreatedAt time.Time `json:"created_at"`
|
|
UpdatedAt time.Time `json:"updated_at"`
|
|
}
|
|
|
|
type entitlementSnapshotView struct {
|
|
PlanCode string `json:"plan_code"`
|
|
IsPaid bool `json:"is_paid"`
|
|
Source string `json:"source"`
|
|
Actor actorRefView `json:"actor"`
|
|
ReasonCode string `json:"reason_code"`
|
|
StartsAt time.Time `json:"starts_at"`
|
|
EndsAt *time.Time `json:"ends_at,omitempty"`
|
|
UpdatedAt time.Time `json:"updated_at"`
|
|
}
|
|
|
|
type activeSanctionView struct {
|
|
SanctionCode string `json:"sanction_code"`
|
|
Scope string `json:"scope"`
|
|
ReasonCode string `json:"reason_code"`
|
|
Actor actorRefView `json:"actor"`
|
|
AppliedAt time.Time `json:"applied_at"`
|
|
ExpiresAt *time.Time `json:"expires_at,omitempty"`
|
|
}
|
|
|
|
type activeLimitView struct {
|
|
LimitCode string `json:"limit_code"`
|
|
Value int `json:"value"`
|
|
ReasonCode string `json:"reason_code"`
|
|
Actor actorRefView `json:"actor"`
|
|
AppliedAt time.Time `json:"applied_at"`
|
|
ExpiresAt *time.Time `json:"expires_at,omitempty"`
|
|
}
|
|
|
|
type actorRefView struct {
|
|
Type string `json:"type"`
|
|
ID string `json:"id,omitempty"`
|
|
}
|
|
|
|
func requireLookupNotFound(t *testing.T, response httpResponse) {
|
|
t.Helper()
|
|
|
|
requireJSONStatusRaw(t, response, http.StatusNotFound, `{"error":{"code":"subject_not_found","message":"subject not found"}}`)
|
|
}
|
|
|
|
func lastMailCodeFor(t *testing.T, stub *harness.MailStub, email string) string {
|
|
t.Helper()
|
|
|
|
deliveries := stub.RecordedDeliveries()
|
|
for index := len(deliveries) - 1; index >= 0; index-- {
|
|
if deliveries[index].Email == email {
|
|
return deliveries[index].Code
|
|
}
|
|
}
|
|
|
|
t.Fatalf("mail stub did not record delivery for %s", email)
|
|
return ""
|
|
}
|
|
|
|
func sleepForDistinctCreatedAt() {
|
|
time.Sleep(10 * time.Millisecond)
|
|
}
|
|
|
|
func formatStatusError(response httpResponse) string {
|
|
return fmt.Sprintf("status=%d body=%s", response.StatusCode, response.Body)
|
|
}
|