mirror of
https://github.com/LukeMathWalker/zero-to-production.git
synced 2024-12-18 14:06:37 +00:00
Add tests to highlight timing attack.
This commit is contained in:
Luca Palmieri
parent
00ab3e9252
commit
5492da0b38
2 changed files with 64 additions and 2 deletions
|
|
@ -148,8 +148,8 @@ async fn configure_database(config: &DatabaseSettings) -> PgPool {
|
||||||
|
|
||||||
pub struct TestUser {
|
pub struct TestUser {
|
||||||
user_id: Uuid,
|
user_id: Uuid,
|
||||||
username: String,
|
pub username: String,
|
||||||
password: String,
|
pub password: String,
|
||||||
}
|
}
|
||||||
|
|
||||||
impl TestUser {
|
impl TestUser {
|
||||||
|
|
|
||||||
|
|
@ -1,4 +1,5 @@
|
||||||
use crate::helpers::{spawn_app, ConfirmationLinks, TestApp};
|
use crate::helpers::{spawn_app, ConfirmationLinks, TestApp};
|
||||||
|
use uuid::Uuid;
|
||||||
use wiremock::matchers::{any, method, path};
|
use wiremock::matchers::{any, method, path};
|
||||||
use wiremock::{Mock, ResponseTemplate};
|
use wiremock::{Mock, ResponseTemplate};
|
||||||
|
|
||||||
|
|
@ -152,3 +153,64 @@ async fn requests_missing_authorization_are_rejected() {
|
||||||
response.headers()["WWW-Authenticate"]
|
response.headers()["WWW-Authenticate"]
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#[actix_rt::test]
|
||||||
|
async fn non_existing_user_is_rejected() {
|
||||||
|
// Arrange
|
||||||
|
let app = spawn_app().await;
|
||||||
|
// Random credentials
|
||||||
|
let username = Uuid::new_v4().to_string();
|
||||||
|
let password = Uuid::new_v4().to_string();
|
||||||
|
|
||||||
|
let response = reqwest::Client::new()
|
||||||
|
.post(&format!("{}/newsletters", &app.address))
|
||||||
|
.basic_auth(username, Some(password))
|
||||||
|
.json(&serde_json::json!({
|
||||||
|
"title": "Newsletter title",
|
||||||
|
"content": {
|
||||||
|
"text": "Newsletter body as plain text",
|
||||||
|
"html": "<p>Newsletter body as HTML</p>",
|
||||||
|
}
|
||||||
|
}))
|
||||||
|
.send()
|
||||||
|
.await
|
||||||
|
.expect("Failed to execute request.");
|
||||||
|
|
||||||
|
// Assert
|
||||||
|
assert_eq!(401, response.status().as_u16());
|
||||||
|
assert_eq!(
|
||||||
|
r#"Basic realm="publish""#,
|
||||||
|
response.headers()["WWW-Authenticate"]
|
||||||
|
);
|
||||||
|
}
|
||||||
|
|
||||||
|
#[actix_rt::test]
|
||||||
|
async fn invalid_password_is_rejected() {
|
||||||
|
// Arrange
|
||||||
|
let app = spawn_app().await;
|
||||||
|
let username = &app.test_user.username;
|
||||||
|
// Random password
|
||||||
|
let password = Uuid::new_v4().to_string();
|
||||||
|
assert_ne!(app.test_user.password, password);
|
||||||
|
|
||||||
|
let response = reqwest::Client::new()
|
||||||
|
.post(&format!("{}/newsletters", &app.address))
|
||||||
|
.basic_auth(username, Some(password))
|
||||||
|
.json(&serde_json::json!({
|
||||||
|
"title": "Newsletter title",
|
||||||
|
"content": {
|
||||||
|
"text": "Newsletter body as plain text",
|
||||||
|
"html": "<p>Newsletter body as HTML</p>",
|
||||||
|
}
|
||||||
|
}))
|
||||||
|
.send()
|
||||||
|
.await
|
||||||
|
.expect("Failed to execute request.");
|
||||||
|
|
||||||
|
// Assert
|
||||||
|
assert_eq!(401, response.status().as_u16());
|
||||||
|
assert_eq!(
|
||||||
|
r#"Basic realm="publish""#,
|
||||||
|
response.headers()["WWW-Authenticate"]
|
||||||
|
);
|
||||||
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue