import { api, API_CLIENT } from '../../../utils/api.ts'; import * as asserts from '@std/assert'; import { USER } from '../../../models/user.ts'; import { EPHEMERAL_SERVER, get_ephemeral_listen_server, random_username } from '../../helpers.ts'; import { Cookie, getSetCookies } from '@std/http/cookie'; import { encodeBase64 } from '@std/encoding'; import { generateTotp } from '@stdext/crypto/totp'; Deno.test({ name: 'API - USERS - Login (password)', permissions: { env: true, read: true, write: true, net: true }, fn: async () => { let test_server_info: EPHEMERAL_SERVER | null = null; try { test_server_info = await get_ephemeral_listen_server(); const client: API_CLIENT = api({ prefix: '/api', hostname: test_server_info.hostname, port: test_server_info.port }); const username = random_username(); const password = 'password'; const user_creation_response: Record = await client.fetch('/users', { method: 'POST', json: { username, password } }); asserts.assert(user_creation_response?.user); asserts.assert(user_creation_response?.session); let cookies: Cookie[] = []; const auth_response: any = await client.fetch('/auth', { method: 'POST', json: { username, password: 'password' }, done: (response) => { cookies = getSetCookies(response.headers); } }); const user: USER | undefined = auth_response.user; const session: Record | undefined = auth_response.session; cookies.push({ name: 'totp', value: await generateTotp(session?.secret ?? ''), maxAge: 30, expires: Date.now() + 30_000, path: '/' }); const headers_for_get = new Headers(); for (const cookie of cookies) { headers_for_get.append(`x-${cookie.name}`, cookie.value); } headers_for_get.append( 'cookie', cookies.map((cookie) => `${cookie.name}=${cookie.value}`).join('; ') ); const retrieved_user: USER = await client.fetch(`/users/${user?.id}`, { headers: headers_for_get }) as USER; asserts.assertObjectMatch(retrieved_user, user ?? {}); } finally { if (test_server_info) { await test_server_info?.server?.stop(); } } } }); Deno.test({ name: 'API - USERS - Login (password_hash)', permissions: { env: true, read: true, write: true, net: true }, fn: async () => { let test_server_info: EPHEMERAL_SERVER | null = null; try { test_server_info = await get_ephemeral_listen_server(); const client: API_CLIENT = api({ prefix: '/api', hostname: test_server_info.hostname, port: test_server_info.port }); const username = random_username(); const password = 'hashed password!!!'; const password_hash = encodeBase64( await crypto.subtle.digest('SHA-256', new TextEncoder().encode(password)) ); let cookies: Cookie[] = []; const user_creation_response: Record = await client.fetch('/users', { method: 'POST', json: { username, password_hash }, done: (response) => { cookies = getSetCookies(response.headers); } }); asserts.assert(user_creation_response?.user); asserts.assert(user_creation_response?.session); const user: USER | undefined = user_creation_response.user; const session: Record | undefined = user_creation_response.session; cookies.push({ name: 'totp', value: await generateTotp(session?.secret), maxAge: 30, expires: Date.now() + 30_000, path: '/' }); const headers_for_get = new Headers(); for (const cookie of cookies) { headers_for_get.append(`x-${cookie.name}`, cookie.value); } headers_for_get.append( 'cookie', cookies.map((cookie) => `${cookie.name}=${cookie.value}`).join('; ') ); const retrieved_user: USER = await client.fetch(`/users/${user?.id}`, { headers: headers_for_get }) as USER; asserts.assertObjectMatch(retrieved_user, user ?? {}); } finally { if (test_server_info) { await test_server_info?.server?.stop(); } } } });