[#49] test when calling /session with a wrong user

2018-08-11 07:30:03 -06:00 · 2018-08-11 07:30:03 -06:00 · 559de6910a
parent 221c855ccb
commit 559de6910a
2 changed files with 33 additions and 0 deletions
--- a/lib/poa_backend/auth.ex
+++ b/lib/poa_backend/auth.ex
@ -81,6 +81,7 @@ defmodule POABackend.Auth do
    alias Comeonin.Bcrypt

    with user <- get_user(user_name),
+         true <- user != nil,
         true <- Bcrypt.checkpw(password, user.password_hash),
         true <- user_active?(user)
    do
--- a/test/auth/api_test.exs
+++ b/test/auth/api_test.exs
@ -94,6 +94,38 @@ defmodule Auth.APITest do
    assert {401, :nobody} == result
  end

+  test "try with a user who doesn't exist [JSON]" do
+    url = @base_url <> "/session"
+    mime_type = "application/json"
+    headers = [
+      {"Content-Type", mime_type},
+      {"authorization", "Basic " <> Base.encode64("nonexistinguser" <> ":" <> "password")}
+    ]
+
+    result =
+      %{:'agent-id' => "agentID"}
+      |> Poison.encode!()
+      |> post(url, headers)
+
+    assert {401, :nobody} == result
+  end
+
+  test "try with a user who doesn't exist [MSGPACK]" do
+    url = @base_url <> "/session"
+    mime_type = "application/msgpack"
+    headers = [
+      {"Content-Type", mime_type},
+      {"authorization", "Basic " <> Base.encode64("nonexistinguser" <> ":" <> "password")}
+    ]
+
+    result =
+      %{:'agent-id' => "agentID"}
+      |> Msgpax.pack!()
+      |> post(url, headers)
+
+    assert {401, :nobody} == result
+  end
+
  test "testing an unnexisting endpoint" do
    url = @base_url <> "/thisdoesntexist"
    mime_type = "application/json"