zero-to-axum/tests/auth.rs

pub mod fixture;
use fixture::TestServer;

use anyhow::Result;
use test_log::test as traced;

#[traced(tokio::test)]
async fn login_succeeds_with_valid_credentials() -> Result<()> {
    let server = TestServer::spawn().await;
    let mut client = server.browser_client();
    client.get_csrf_token().await?;

    // Signup
    let resp = client
        .post("/auth/signup")
        .csrf_form(&[("email", "admin@example.com"), ("password", "hunter2")])
        .send()
        .await?;

    assert_eq!(resp.status(), 200, "signup succeeds");

    // Login
    let resp = client
        .post("/auth/login")
        .csrf_form(&[("email", "admin@example.com"), ("password", "hunter2")])
        .send()
        .await?;

    assert_eq!(resp.status(), 200, "login succeeds");

    // Logout
    let resp = client
        .post("/auth/logout")
        .csrf_form::<[(&str, &str)]>(&[])
        .send()
        .await?;

    assert_eq!(resp.status(), 200, "logout succeeds");

    server.shutdown().await
}

#[traced(tokio::test)]
async fn login_fails_with_invalid_credentials() -> Result<()> {
    let server = TestServer::spawn().await;
    let mut client = server.browser_client();
    client.get_csrf_token().await?;

    // Signup
    let resp = client
        .post("/auth/signup")
        .csrf_form(&[("email", "admin@example.com"), ("password", "hunter2")])
        .send()
        .await?;

    assert_eq!(resp.status(), 200, "signup succeeds");

    // Login
    let resp = client
        .post("/auth/login")
        .csrf_form(&[("email", "admin@example.com"), ("password", "hunter3")])
        .send()
        .await?;

    assert_eq!(
        resp.status(),
        401,
        "login didn't reject invalid credentials"
    );

    server.shutdown().await
}

#[traced(tokio::test)]
async fn login_rejects_missing_credentials() -> Result<()> {
    let server = TestServer::spawn().await;
    let mut client = server.browser_client();
    client.get_csrf_token().await?;

    let resp = client
        .post("/auth/login")
        .csrf_form(&[("email", ""), ("password", "")])
        .send()
        .await?;

    assert_eq!(
        resp.status(),
        401,
        "login didn't reject missing credentials"
    );

    server.shutdown().await
}