use argon2::password_hash::SaltString; use argon2::{Algorithm, Argon2, Params, PasswordHasher, Version}; use once_cell::sync::Lazy; use sqlx::{Connection, Executor, PgConnection, PgPool}; use uuid::Uuid; use wiremock::MockServer; use zero2prod::configuration::{get_configuration, DatabaseSettings}; use zero2prod::startup::{get_connection_pool, Application}; use zero2prod::telemetry::{get_subscriber, init_subscriber}; // Ensure that the `tracing` stack is only initialised once using `once_cell` static TRACING: Lazy<()> = Lazy::new(|| { let default_filter_level = "info".to_string(); let subscriber_name = "test".to_string(); if std::env::var("TEST_LOG").is_ok() { let subscriber = get_subscriber(subscriber_name, default_filter_level, std::io::stdout); init_subscriber(subscriber); } else { let subscriber = get_subscriber(subscriber_name, default_filter_level, std::io::sink); init_subscriber(subscriber); }; }); pub struct TestApp { pub address: String, pub port: u16, pub db_pool: PgPool, pub email_server: MockServer, pub test_user: TestUser, pub api_client: reqwest::Client, } /// Confirmation links embedded in the request to the email API. pub struct ConfirmationLinks { pub html: reqwest::Url, pub plain_text: reqwest::Url, } impl TestApp { pub async fn post_subscriptions(&self, body: String) -> reqwest::Response { self.api_client .post(&format!("{}/subscriptions", &self.address)) .header("Content-Type", "application/x-www-form-urlencoded") .body(body) .send() .await .expect("Failed to execute request.") } pub async fn post_newsletters(&self, body: serde_json::Value) -> reqwest::Response { self.api_client .post(&format!("{}/newsletters", &self.address)) .basic_auth(&self.test_user.username, Some(&self.test_user.password)) .json(&body) .send() .await .expect("Failed to execute request.") } pub async fn post_login(&self, body: &Body) -> reqwest::Response where Body: serde::Serialize, { self.api_client .post(&format!("{}/login", &self.address)) .form(body) .send() .await .expect("Failed to execute request.") } pub async fn get_login_html(&self) -> String { self.api_client .get(&format!("{}/login", &self.address)) .send() .await .expect("Failed to execute request.") .text() .await .unwrap() } pub async fn get_admin_dashboard(&self) -> reqwest::Response { self.api_client .get(&format!("{}/admin/dashboard", &self.address)) .send() .await .expect("Failed to execute request.") } pub async fn get_admin_dashboard_html(&self) -> String { self.get_admin_dashboard().await.text().await.unwrap() } pub async fn get_change_password(&self) -> reqwest::Response { self.api_client .get(&format!("{}/admin/password", &self.address)) .send() .await .expect("Failed to execute request.") } pub async fn get_change_password_html(&self) -> String { self.get_change_password().await.text().await.unwrap() } pub async fn post_logout(&self) -> reqwest::Response { self.api_client .post(&format!("{}/admin/logout", &self.address)) .send() .await .expect("Failed to execute request.") } pub async fn post_change_password(&self, body: &Body) -> reqwest::Response where Body: serde::Serialize, { self.api_client .post(&format!("{}/admin/password", &self.address)) .form(body) .send() .await .expect("Failed to execute request.") } /// Extract the confirmation links embedded in the request to the email API. pub fn get_confirmation_links(&self, email_request: &wiremock::Request) -> ConfirmationLinks { let body: serde_json::Value = serde_json::from_slice(&email_request.body).unwrap(); // Extract the link from one of the request fields. let get_link = |s: &str| { let links: Vec<_> = linkify::LinkFinder::new() .links(s) .filter(|l| *l.kind() == linkify::LinkKind::Url) .collect(); assert_eq!(links.len(), 1); let raw_link = links[0].as_str().to_owned(); let mut confirmation_link = reqwest::Url::parse(&raw_link).unwrap(); // Let's make sure we don't call random APIs on the web assert_eq!(confirmation_link.host_str().unwrap(), "127.0.0.1"); confirmation_link.set_port(Some(self.port)).unwrap(); confirmation_link }; let html = get_link(body["HtmlBody"].as_str().unwrap()); let plain_text = get_link(body["TextBody"].as_str().unwrap()); ConfirmationLinks { html, plain_text } } } pub async fn spawn_app() -> TestApp { Lazy::force(&TRACING); // Launch a mock server to stand in for Postmark's API let email_server = MockServer::start().await; // Randomise configuration to ensure test isolation let configuration = { let mut c = get_configuration().expect("Failed to read configuration."); // Use a different database for each test case c.database.database_name = Uuid::new_v4().to_string(); // Use a random OS port c.application.port = 0; // Use the mock server as email API c.email_client.base_url = email_server.uri(); c }; // Create and migrate the database configure_database(&configuration.database).await; // Launch the application as a background task let application = Application::build(configuration.clone()) .await .expect("Failed to build application."); let application_port = application.port(); let _ = tokio::spawn(application.run_until_stopped()); let client = reqwest::Client::builder() .redirect(reqwest::redirect::Policy::none()) .cookie_store(true) .build() .unwrap(); let test_app = TestApp { address: format!("http://localhost:{}", application_port), port: application_port, db_pool: get_connection_pool(&configuration.database) .await .expect("Failed to connect to the database"), email_server, test_user: TestUser::generate(), api_client: client, }; test_app.test_user.store(&test_app.db_pool).await; test_app } async fn configure_database(config: &DatabaseSettings) -> PgPool { // Create database let mut connection = PgConnection::connect_with(&config.without_db()) .await .expect("Failed to connect to Postgres"); connection .execute(&*format!(r#"CREATE DATABASE "{}";"#, config.database_name)) .await .expect("Failed to create database."); // Migrate database let connection_pool = PgPool::connect_with(config.with_db()) .await .expect("Failed to connect to Postgres."); sqlx::migrate!("./migrations") .run(&connection_pool) .await .expect("Failed to migrate the database"); connection_pool } pub struct TestUser { user_id: Uuid, pub username: String, pub password: String, } impl TestUser { pub fn generate() -> Self { Self { user_id: Uuid::new_v4(), username: Uuid::new_v4().to_string(), password: Uuid::new_v4().to_string(), } } async fn store(&self, pool: &PgPool) { let salt = SaltString::generate(&mut rand::thread_rng()); // Match production parameters let password_hash = Argon2::new( Algorithm::Argon2id, Version::V0x13, Params::new(15000, 2, 1, None).unwrap(), ) .hash_password(self.password.as_bytes(), &salt) .unwrap() .to_string(); sqlx::query!( "INSERT INTO users (user_id, username, password_hash) VALUES ($1, $2, $3)", self.user_id, self.username, password_hash, ) .execute(pool) .await .expect("Failed to store test user."); } } pub fn assert_is_redirect_to(response: &reqwest::Response, location: &str) { assert_eq!(response.status().as_u16(), 303); assert_eq!(response.headers().get("Location").unwrap(), location); }