users-test 0.1.0.0 → 0.2.0.0
raw patch · 2 files changed
+28/−35 lines, 2 filesdep ~users
Dependency ranges changed: users
Files
- src/Web/Users/TestSpec.hs +26/−33
- users-test.cabal +2/−2
src/Web/Users/TestSpec.hs view
@@ -8,6 +8,7 @@ import Web.Users.Types import Control.Concurrent (threadDelay)+import Control.Monad import Data.Aeson import GHC.Generics import Test.Hspec@@ -29,7 +30,7 @@ User { u_name = name , u_email = email- , u_password = PasswordPlain "1234"+ , u_password = makePassword "1234" , u_active = False , u_more = DummyDetails True 21 }@@ -70,12 +71,8 @@ assertRight (createUser backend userA) $ \userId1 -> assertRight (createUser backend userB) $ \userId2 -> do allUsers <- listUsers backend Nothing- if and [ (userId1, userA { u_password = PasswordHidden }) `elem` allUsers- , (userId2, userB { u_password = PasswordHidden }) `elem` allUsers- ]- then return ()- else expectationFailure $ "create users not in user list:" ++ show allUsers-+ unless ((userId1, hidePassword userA) `elem` allUsers && (userId2, hidePassword userB) `elem` allUsers)+ (expectationFailure $ "create users not in user list:" ++ show allUsers) countUsers backend `shouldReturn` 2 it "updating and loading users should work" $ assertRight (createUser backend userA) $ \userIdA ->@@ -90,9 +87,8 @@ updateUserDetails backend userIdA (\d -> d { dd_foo = False }) userA' <- getUserById backend userIdA userA' `shouldBe`- (Just $ userA+ (Just $ (hidePassword userA) { u_name = "changed"- , u_password = PasswordHidden , u_more = (u_more userA) { dd_foo = False@@ -103,18 +99,18 @@ assertRight (createUser backend userB) $ \userIdB -> do deleteUser backend userIdA (allUsers :: [(UserId b, DummyUser)]) <- listUsers backend Nothing- (map fst allUsers) `shouldBe` [userIdB]+ map fst allUsers `shouldBe` [userIdB] getUserById backend userIdA `shouldReturn` (Nothing :: Maybe DummyUser) it "reusing a deleted users name should work" $ assertRight (createUser backend userA) $ \userIdA -> do deleteUser backend userIdA assertRight (createUser backend userA) $ const (return ()) describe "initialisation" $- do it "calling initUserBackend multiple times should not result in errors" $- assertRight (createUser backend userA) $ \userIdA ->- do initUserBackend backend- userA' <- getUserById backend userIdA- userA' `shouldBe` (Just $ userA { u_password = PasswordHidden })+ it "calling initUserBackend multiple times should not result in errors" $+ assertRight (createUser backend userA) $ \userIdA ->+ do initUserBackend backend+ userA' <- getUserById backend userIdA+ userA' `shouldBe` (Just $ hidePassword userA) describe "authentification" $ do it "auth as valid user with username should work" $ withAuthedUser $ const (return ())@@ -122,11 +118,11 @@ withAuthedUser' "bar@baz.com" "1234" 500 0 $ const (return ()) it "auth with invalid credentials should fail" $ assertRight (createUser backend userA) $ \_ ->- do authUser backend "foo" "aaaa" 500 `shouldReturn` Nothing- authUser backend "foo" "123" 500 `shouldReturn` Nothing- authUser backend "bar@baz.com" "123" 500 `shouldReturn` Nothing- authUser backend "bar@baz.com' OR 1 = 1 --" "123" 500 `shouldReturn` Nothing- authUser backend "bar@baz.com' OR 1 = 1; --" "' OR 1 = 1; --" 500 `shouldReturn` Nothing+ do authUser backend "foo" (PasswordPlain "aaaa") 500 `shouldReturn` Nothing+ authUser backend "foo" (PasswordPlain "123") 500 `shouldReturn` Nothing+ authUser backend "bar@baz.com" (PasswordPlain "123") 500 `shouldReturn` Nothing+ authUser backend "bar@baz.com' OR 1 = 1 --" (PasswordPlain "123") 500 `shouldReturn` Nothing+ authUser backend "bar@baz.com' OR 1 = 1; --" (PasswordPlain "' OR 1 = 1; --") 500 `shouldReturn` Nothing it "destroy session should really remove the session" $ withAuthedUser $ \(sessionId, _) -> do destroySession backend sessionId@@ -144,14 +140,14 @@ do it "generates a valid token for a user" $ assertRight (createUser backend userA) $ \userIdA -> do token <- requestPasswordReset backend userIdA 500- verifyPasswordResetToken backend token `shouldReturn` (Just (userA { u_password = PasswordHidden }) :: Maybe DummyUser)+ verifyPasswordResetToken backend token `shouldReturn` (Just (hidePassword userA) :: Maybe DummyUser) it "a valid token should reset the password" $ assertRight (createUser backend userA) $ \userIdA -> do withAuthedUserNoCreate "foo" "1234" 500 0 userIdA $ const (return ()) -- old login token <- requestPasswordReset backend userIdA 500 housekeepBackend backend- verifyPasswordResetToken backend token `shouldReturn` (Just (userA { u_password = PasswordHidden }) :: Maybe DummyUser)- assertRight (applyNewPassword backend token "foobar") $ const $ return ()+ verifyPasswordResetToken backend token `shouldReturn` (Just (hidePassword userA) :: Maybe DummyUser)+ assertRight (applyNewPassword backend token $ makePassword "foobar") $ const $ return () withAuthedUserNoCreate "foo" "foobar" 500 0 userIdA $ const (return ()) -- new login it "expired tokens should not do any harm" $ assertRight (createUser backend userA) $ \userIdA ->@@ -159,7 +155,7 @@ token <- requestPasswordReset backend userIdA 1 threadDelay (seconds 1) verifyPasswordResetToken backend token `shouldReturn` (Nothing :: Maybe DummyUser)- assertLeft (applyNewPassword backend token "foobar")+ assertLeft (applyNewPassword backend token $ makePassword "foobar") "Reset password with expired token" $ const $ return () withAuthedUserNoCreate "foo" "1234" 500 0 userIdA $ const (return ()) -- still old login it "invalid tokens should not do any harm" $@@ -167,7 +163,7 @@ do withAuthedUserNoCreate "foo" "1234" 500 0 userIdA $ const (return ()) -- old login let token = PasswordResetToken "Foooooooo!!!!" verifyPasswordResetToken backend token `shouldReturn` (Nothing :: Maybe DummyUser)- assertLeft (applyNewPassword backend token "foobar")+ assertLeft (applyNewPassword backend token $ makePassword "foobar") "Reset password with random token" $ const $ return () withAuthedUserNoCreate "foo" "1234" 500 0 userIdA $ const (return ()) -- still old login describe "user activation" $@@ -178,20 +174,18 @@ assertRight (activateUser backend token) $ const $ return () userA' <- getUserById backend userIdA userA' `shouldBe`- (Just $ userA+ (Just $ (hidePassword userA) { u_active = True- , u_password = PasswordHidden }) it "does not allow expired tokens to activate a user" $ assertRight (createUser backend userA) $ \userIdA -> do token <- requestActivationToken backend userIdA 1 threadDelay (seconds 1)- assertLeft (activateUser backend token) "invalid token activated user" $ const $ return ()+ assertLeft (activateUser backend token) "expired token activated user" $ const $ return () userA' <- getUserById backend userIdA userA' `shouldBe`- (Just $ userA+ (Just $ (hidePassword userA) { u_active = False- , u_password = PasswordHidden }) it "does not allow invalid tokens to activate a user" $ assertRight (createUser backend userA) $ \userIdA ->@@ -199,9 +193,8 @@ assertLeft (activateUser backend token) "invalid token activated user" $ const $ return () userA' <- getUserById backend userIdA userA' `shouldBe`- (Just $ userA+ (Just $ (hidePassword userA) { u_active = False- , u_password = PasswordHidden }) where seconds x = x * 1000000@@ -213,7 +206,7 @@ assertRight (createUser backend userA) $ \userIdA -> withAuthedUserNoCreate username pass sTime extTime userIdA action withAuthedUserNoCreate username pass sTime extTime userIdA action =- do mAuthRes <- authUser backend username pass sTime+ do mAuthRes <- authUser backend username (PasswordPlain pass) sTime case mAuthRes of Nothing -> expectationFailure $ "Can not authenticate as user " ++ show username
users-test.cabal view
@@ -1,5 +1,5 @@ name: users-test-version: 0.1.0.0+version: 0.2.0.0 synopsis: Library to test backends for the users library description: Provides HSpec helpers for backends of <http://hackage.haskell.org/package/users users package>. .@@ -26,7 +26,7 @@ aeson >=0.8, base >=4.6 && <5, hspec >=2.1,- users >=0.1,+ users >=0.2, text >=1.2 hs-source-dirs: src default-language: Haskell2010