refactor: general improvements, better comments, structuring of oauth flow (but still broken)

2025-12-07 20:07:46 -06:00 · 2025-09-24 13:13:10 -05:00
parent 655c3c68d5
commit bdd3c74a2d
5 changed files with 237 additions and 180 deletions
--- a/pacman-server/tests/sessions.rs
+++ b/pacman-server/tests/sessions.rs
@@ -1,18 +1,50 @@
 mod common;
 use crate::common::{test_context, TestContext};
+use cookie::Cookie;
+use pacman_server::session;

 use pretty_assertions::assert_eq;

-/// Test session management endpoints
 #[tokio::test]
 async fn test_session_management() {
-    let TestContext { server, .. } = test_context().use_database(true).call().await;
+    let context = test_context().use_database(true).call().await;

-    // Test logout endpoint (should redirect)
-    let response = server.get("/logout").await;
-    assert_eq!(response.status_code(), 302); // Redirect to home
+    // 1. Create a user
+    let user =
+        pacman_server::data::user::create_user(&context.app_state.db, "testuser", None, None, None, "test_provider", "123")
+            .await
+            .unwrap();

-    // Test profile endpoint without session (should be unauthorized)
-    let response = server.get("/profile").await;
+    // 2. Create a session token for the user
+    let provider_account = pacman_server::data::user::list_user_providers(&context.app_state.db, user.id)
+        .await
+        .unwrap()
+        .into_iter()
+        .find(|p| p.provider == "test_provider")
+        .unwrap();
+
+    let auth_user = pacman_server::auth::provider::AuthUser {
+        id: provider_account.provider_user_id,
+        username: provider_account.username.unwrap(),
+        name: provider_account.display_name,
+        email: user.email,
+        avatar_url: provider_account.avatar_url,
+    };
+    let token = session::create_jwt_for_user("test_provider", &auth_user, &context.app_state.jwt_encoding_key);
+
+    // 3. Make a request to the protected route WITH the session, expect success
+    let response = context
+        .server
+        .get("/profile")
+        .add_cookie(Cookie::new(session::SESSION_COOKIE_NAME, token))
+        .await;
+    assert_eq!(response.status_code(), 200);
+
+    // 4. Sign out
+    let response = context.server.get("/logout").await;
+    assert_eq!(response.status_code(), 302); // Redirect after logout
+
+    // 5. Make a request to the protected route without a session, expect failure
+    let response = context.server.get("/profile").await;
    assert_eq!(response.status_code(), 401); // Unauthorized without session
 }