zero-to-axum/tests/auth.rs

pub mod fixture;
use fixture::TestServer;

use anyhow::Result;
use test_log::test as traced;

#[traced(tokio::test)]
async fn login_succeeds_with_valid_credentials() -> Result<()> {
    let server = TestServer::spawn().await;
    let client = reqwest::Client::builder().cookie_store(true).build()?;

    // Login
    let resp = client
        .post(server.url("/auth/login"))
        .header("Content-Type", "application/x-www-form-urlencoded")
        .body("username=admin&password=hunter2")
        .send()
        .await?;

    assert_eq!(resp.status(), 200, "login succeeds");
    assert!(
        resp.headers().get("Set-Cookie").is_some(),
        "cookie set on successful login"
    );

    // Logout
    let resp = client.post(server.url("/auth/logout")).send().await?;

    assert_eq!(resp.status(), 200, "logout succeeds");
    let set_cookie = resp
        .headers()
        .get("Set-Cookie")
        .expect("logout has set-cookie header");
    assert!(
        set_cookie.to_str().unwrap().starts_with("username=;"),
        "cookie unset on sucessful logout"
    );

    server.shutdown().await
}

#[traced(tokio::test)]
async fn login_fails_with_invalid_credentials() -> Result<()> {
    let server = TestServer::spawn().await;
    let client = reqwest::Client::new();
    let resp = client
        .post(server.url("/auth/login"))
        .header("Content-Type", "application/x-www-form-urlencoded")
        .body("username=admin&password=hunter3")
        .send()
        .await?;

    assert_ne!(
        resp.status(),
        200,
        "login suceeded with invalid credentials"
    );
    assert!(
        resp.headers().get("Set-Cookie").is_none(),
        "auth cookie was set for invalid crednetials"
    );

    server.shutdown().await
}

#[traced(tokio::test)]
async fn login_rejects_missing_credentials() -> Result<()> {
    let server = TestServer::spawn().await;
    let client = reqwest::Client::new();
    let resp = client
        .post(server.url("/auth/login"))
        .header("Content-Type", "application/x-www-form-urlencoded")
        .body("username=&password=")
        .send()
        .await?;

    assert_eq!(
        resp.status(),
        401,
        "login didn't reject missing credentials"
    );
    assert!(
        resp.headers().get("Set-Cookie").is_none(),
        "auth cookie was set for missing crednetials"
    );

    server.shutdown().await
}