zero-to-production/tests/api/newsletter.rs

use crate::helpers::{spawn_app, ConfirmationLinks, TestApp};
use uuid::Uuid;
use wiremock::matchers::{any, method, path};
use wiremock::{Mock, ResponseTemplate};

async fn create_unconfirmed_subscriber(app: &TestApp) -> ConfirmationLinks {
    let body = "name=le%20guin&email=ursula_le_guin%40gmail.com";

    let _mock_guard = Mock::given(path("/email"))
        .and(method("POST"))
        .respond_with(ResponseTemplate::new(200))
        .named("Create unconfirmed subscriber")
        .expect(1)
        .mount_as_scoped(&app.email_server)
        .await;
    app.post_subscriptions(body.into())
        .await
        .error_for_status()
        .unwrap();

    let email_request = &app
        .email_server
        .received_requests()
        .await
        .unwrap()
        .pop()
        .unwrap();
    app.get_confirmation_links(email_request)
}

async fn create_confirmed_subscriber(app: &TestApp) {
    let confirmation_link = create_unconfirmed_subscriber(app).await.html;
    reqwest::get(confirmation_link)
        .await
        .unwrap()
        .error_for_status()
        .unwrap();
}

#[actix_rt::test]
async fn newsletters_are_not_delivered_to_unconfirmed_subscribers() {
    // Arrange
    let app = spawn_app().await;
    create_unconfirmed_subscriber(&app).await;

    Mock::given(any())
        .respond_with(ResponseTemplate::new(200))
        .expect(0)
        .mount(&app.email_server)
        .await;

    // Act
    let newsletter_request_body = serde_json::json!({
        "title": "Newsletter title",
        "content": {
            "text": "Newsletter body as plain text",
            "html": "<p>Newsletter body as HTML</p>",
        }
    });
    let response = app.post_newsletters(newsletter_request_body).await;

    // Assert
    assert_eq!(response.status().as_u16(), 200);
    // Mock verifies on Drop that we haven't sent the newsletter email
}

#[actix_rt::test]
async fn newsletters_are_delivered_to_confirmed_subscribers() {
    // Arrange
    let app = spawn_app().await;
    create_confirmed_subscriber(&app).await;

    Mock::given(path("/email"))
        .and(method("POST"))
        .respond_with(ResponseTemplate::new(200))
        .expect(1)
        .mount(&app.email_server)
        .await;

    // Act
    let newsletter_request_body = serde_json::json!({
        "title": "Newsletter title",
        "content": {
            "text": "Newsletter body as plain text",
            "html": "<p>Newsletter body as HTML</p>",
        }
    });
    let response = app.post_newsletters(newsletter_request_body).await;

    // Assert
    assert_eq!(response.status().as_u16(), 200);
    // Mock verifies on Drop that we have sent the newsletter email
}

#[actix_rt::test]
async fn newsletters_returns_400_for_invalid_data() {
    // Arrange
    let app = spawn_app().await;
    let test_cases = vec![
        (
            serde_json::json!({
                "content": {
                    "text": "Newsletter body as plain text",
                    "html": "<p>Newsletter body as HTML</p>",
                }
            }),
            "missing title",
        ),
        (
            serde_json::json!({
                "title": "Newsletter!"
            }),
            "missing content",
        ),
    ];

    for (invalid_body, error_message) in test_cases {
        let response = app.post_newsletters(invalid_body).await;

        // Assert
        assert_eq!(
            400,
            response.status().as_u16(),
            // Additional customised error message on test failure
            "The API did not fail with 400 Bad Request when the payload was {}.",
            error_message
        );
    }
}

#[actix_rt::test]
async fn requests_missing_authorization_are_rejected() {
    // Arrange
    let app = spawn_app().await;

    let response = reqwest::Client::new()
        .post(&format!("{}/newsletters", &app.address))
        .json(&serde_json::json!({
            "title": "Newsletter title",
            "content": {
                "text": "Newsletter body as plain text",
                "html": "<p>Newsletter body as HTML</p>",
            }
        }))
        .send()
        .await
        .expect("Failed to execute request.");

    // Assert
    assert_eq!(401, response.status().as_u16());
    assert_eq!(
        r#"Basic realm="publish""#,
        response.headers()["WWW-Authenticate"]
    );
}

#[actix_rt::test]
async fn non_existing_user_is_rejected() {
    // Arrange
    let app = spawn_app().await;
    // Random credentials
    let username = Uuid::new_v4().to_string();
    let password = Uuid::new_v4().to_string();

    let response = reqwest::Client::new()
        .post(&format!("{}/newsletters", &app.address))
        .basic_auth(username, Some(password))
        .json(&serde_json::json!({
            "title": "Newsletter title",
            "content": {
                "text": "Newsletter body as plain text",
                "html": "<p>Newsletter body as HTML</p>",
            }
        }))
        .send()
        .await
        .expect("Failed to execute request.");

    // Assert
    assert_eq!(401, response.status().as_u16());
    assert_eq!(
        r#"Basic realm="publish""#,
        response.headers()["WWW-Authenticate"]
    );
}

#[actix_rt::test]
async fn invalid_password_is_rejected() {
    // Arrange
    let app = spawn_app().await;
    let username = &app.test_user.username;
    // Random password
    let password = Uuid::new_v4().to_string();
    assert_ne!(app.test_user.password, password);

    let response = reqwest::Client::new()
        .post(&format!("{}/newsletters", &app.address))
        .basic_auth(username, Some(password))
        .json(&serde_json::json!({
            "title": "Newsletter title",
            "content": {
                "text": "Newsletter body as plain text",
                "html": "<p>Newsletter body as HTML</p>",
            }
        }))
        .send()
        .await
        .expect("Failed to execute request.");

    // Assert
    assert_eq!(401, response.status().as_u16());
    assert_eq!(
        r#"Basic realm="publish""#,
        response.headers()["WWW-Authenticate"]
    );
}
First integration tests for newsletter delivery. 2021-07-17 18:43:47 +00:00			`use crate::helpers::{spawn_app, ConfirmationLinks, TestApp};`
Add tests to highlight timing attack. 2021-08-30 15:57:35 +00:00			`use uuid::Uuid;`
Add handler. 2021-07-25 15:40:01 +00:00			`use wiremock::matchers::{any, method, path};`
First integration tests for newsletter delivery. 2021-07-17 18:43:47 +00:00			`use wiremock::{Mock, ResponseTemplate};`

			`async fn create_unconfirmed_subscriber(app: &TestApp) -> ConfirmationLinks {`
			`let body = "name=le%20guin&email=ursula_le_guin%40gmail.com";`

Use scoped mock. 2021-07-21 20:41:13 +00:00			`let _mock_guard = Mock::given(path("/email"))`
First integration tests for newsletter delivery. 2021-07-17 18:43:47 +00:00			`.and(method("POST"))`
			`.respond_with(ResponseTemplate::new(200))`
Name helper mock. 2021-07-21 21:21:23 +00:00			`.named("Create unconfirmed subscriber")`
Set expectation on helper mock. 2021-07-21 20:59:32 +00:00			`.expect(1)`
Use scoped mock. 2021-07-21 20:41:13 +00:00			`.mount_as_scoped(&app.email_server)`
First integration tests for newsletter delivery. 2021-07-17 18:43:47 +00:00			`.await;`
			`app.post_subscriptions(body.into())`
			`.await`
			`.error_for_status()`
			`.unwrap();`

			`let email_request = &app`
			`.email_server`
			`.received_requests()`
			`.await`
			`.unwrap()`
			`.pop()`
			`.unwrap();`
Fix clippy lints. 2021-09-11 20:00:34 +00:00			`app.get_confirmation_links(email_request)`
First integration tests for newsletter delivery. 2021-07-17 18:43:47 +00:00			`}`

			`async fn create_confirmed_subscriber(app: &TestApp) {`
			`let confirmation_link = create_unconfirmed_subscriber(app).await.html;`
			`reqwest::get(confirmation_link)`
			`.await`
			`.unwrap()`
			`.error_for_status()`
			`.unwrap();`
			`}`

			`#[actix_rt::test]`
			`async fn newsletters_are_not_delivered_to_unconfirmed_subscribers() {`
			`// Arrange`
			`let app = spawn_app().await;`
			`create_unconfirmed_subscriber(&app).await;`

Add handler. 2021-07-22 07:31:57 +00:00			`Mock::given(any())`
First integration tests for newsletter delivery. 2021-07-17 18:43:47 +00:00			`.respond_with(ResponseTemplate::new(200))`
			`.expect(0)`
			`.mount(&app.email_server)`
			`.await;`

			`// Act`
			`let newsletter_request_body = serde_json::json!({`
			`"title": "Newsletter title",`
Add handler. 2021-07-25 15:40:01 +00:00			`"content": {`
First integration tests for newsletter delivery. 2021-07-17 18:43:47 +00:00			`"text": "Newsletter body as plain text",`
			`"html": "<p>Newsletter body as HTML</p>",`
			`}`
			`});`
Refactor tests. 2021-07-25 16:37:00 +00:00			`let response = app.post_newsletters(newsletter_request_body).await;`
First integration tests for newsletter delivery. 2021-07-17 18:43:47 +00:00
			`// Assert`
			`assert_eq!(response.status().as_u16(), 200);`
			`// Mock verifies on Drop that we haven't sent the newsletter email`
			`}`

			`#[actix_rt::test]`
			`async fn newsletters_are_delivered_to_confirmed_subscribers() {`
			`// Arrange`
			`let app = spawn_app().await;`
			`create_confirmed_subscriber(&app).await;`

			`Mock::given(path("/email"))`
			`.and(method("POST"))`
			`.respond_with(ResponseTemplate::new(200))`
			`.expect(1)`
			`.mount(&app.email_server)`
			`.await;`

			`// Act`
			`let newsletter_request_body = serde_json::json!({`
			`"title": "Newsletter title",`
Add handler. 2021-07-25 15:40:01 +00:00			`"content": {`
First integration tests for newsletter delivery. 2021-07-17 18:43:47 +00:00			`"text": "Newsletter body as plain text",`
			`"html": "<p>Newsletter body as HTML</p>",`
			`}`
			`});`
Refactor tests. 2021-07-25 16:37:00 +00:00			`let response = app.post_newsletters(newsletter_request_body).await;`
First integration tests for newsletter delivery. 2021-07-17 18:43:47 +00:00
			`// Assert`
			`assert_eq!(response.status().as_u16(), 200);`
			`// Mock verifies on Drop that we have sent the newsletter email`
			`}`
Refactor tests. 2021-07-25 16:37:00 +00:00
			`#[actix_rt::test]`
			`async fn newsletters_returns_400_for_invalid_data() {`
			`// Arrange`
			`let app = spawn_app().await;`
			`let test_cases = vec![`
			`(`
			`serde_json::json!({`
			`"content": {`
			`"text": "Newsletter body as plain text",`
			`"html": "<p>Newsletter body as HTML</p>",`
			`}`
			`}),`
			`"missing title",`
			`),`
			`(`
			`serde_json::json!({`
			`"title": "Newsletter!"`
			`}),`
			`"missing content",`
			`),`
			`];`

			`for (invalid_body, error_message) in test_cases {`
			`let response = app.post_newsletters(invalid_body).await;`

			`// Assert`
			`assert_eq!(`
			`400,`
			`response.status().as_u16(),`
			`// Additional customised error message on test failure`
			`"The API did not fail with 400 Bad Request when the payload was {}.",`
			`error_message`
			`);`
			`}`
			`}`
Missing auth test. 2021-08-14 18:35:46 +00:00
			`#[actix_rt::test]`
			`async fn requests_missing_authorization_are_rejected() {`
			`// Arrange`
			`let app = spawn_app().await;`

			`let response = reqwest::Client::new()`
			`.post(&format!("{}/newsletters", &app.address))`
Extract basic credentials. 2021-08-14 21:57:03 +00:00			`.json(&serde_json::json!({`
			`"title": "Newsletter title",`
			`"content": {`
			`"text": "Newsletter body as plain text",`
			`"html": "<p>Newsletter body as HTML</p>",`
			`}`
			`}))`
Missing auth test. 2021-08-14 18:35:46 +00:00			`.send()`
			`.await`
			`.expect("Failed to execute request.");`

			`// Assert`
			`assert_eq!(401, response.status().as_u16());`
Extract basic credentials. 2021-08-14 21:57:03 +00:00			`assert_eq!(`
			`r#"Basic realm="publish""#,`
			`response.headers()["WWW-Authenticate"]`
			`);`
			`}`
Add tests to highlight timing attack. 2021-08-30 15:57:35 +00:00
			`#[actix_rt::test]`
			`async fn non_existing_user_is_rejected() {`
			`// Arrange`
			`let app = spawn_app().await;`
			`// Random credentials`
			`let username = Uuid::new_v4().to_string();`
			`let password = Uuid::new_v4().to_string();`

			`let response = reqwest::Client::new()`
			`.post(&format!("{}/newsletters", &app.address))`
			`.basic_auth(username, Some(password))`
			`.json(&serde_json::json!({`
			`"title": "Newsletter title",`
			`"content": {`
			`"text": "Newsletter body as plain text",`
			`"html": "<p>Newsletter body as HTML</p>",`
			`}`
			`}))`
			`.send()`
			`.await`
			`.expect("Failed to execute request.");`

			`// Assert`
			`assert_eq!(401, response.status().as_u16());`
			`assert_eq!(`
			`r#"Basic realm="publish""#,`
			`response.headers()["WWW-Authenticate"]`
			`);`
			`}`

			`#[actix_rt::test]`
			`async fn invalid_password_is_rejected() {`
			`// Arrange`
			`let app = spawn_app().await;`
			`let username = &app.test_user.username;`
			`// Random password`
			`let password = Uuid::new_v4().to_string();`
			`assert_ne!(app.test_user.password, password);`

			`let response = reqwest::Client::new()`
			`.post(&format!("{}/newsletters", &app.address))`
			`.basic_auth(username, Some(password))`
			`.json(&serde_json::json!({`
			`"title": "Newsletter title",`
			`"content": {`
			`"text": "Newsletter body as plain text",`
			`"html": "<p>Newsletter body as HTML</p>",`
			`}`
			`}))`
			`.send()`
			`.await`
			`.expect("Failed to execute request.");`

			`// Assert`
			`assert_eq!(401, response.status().as_u16());`
			`assert_eq!(`
			`r#"Basic realm="publish""#,`
			`response.headers()["WWW-Authenticate"]`
			`);`
			`}`