alphonse/zero2prod
1
0
Fork 0
Code Issues 6 Pull Requests Actions Packages Projects Releases Wiki Activity

Authentication and form for newsletter publishing

Browse Source
This commit is contained in:
Alphonse Paix
2025-09-01 15:47:27 +02:00
parent d96a401d99
commit 9a184b93ac
17 changed files with 399 additions and 410 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
tests/api/helpers.rs
View File

@@ -182,11 +182,25 @@ impl TestApp {
.expect("Failed to execute request")
}
pub async fn post_newsletters(&self, body: serde_json::Value) -> reqwest::Response {
reqwest::Client::new()
.post(format!("{}/newsletters", self.address))
.json(&body)
.basic_auth(&self.test_user.username, Some(&self.test_user.password))
pub async fn get_newsletter_form(&self) -> reqwest::Response {
self.api_client
.get(format!("{}/admin/password", &self.address))
.send()
.await
.expect("Failed to execute request")
}
pub async fn get_newsletter_form_html(&self) -> String {
self.get_newsletter_form().await.text().await.unwrap()
}
pub async fn post_newsletters<Body>(&self, body: &Body) -> reqwest::Response
where
Body: serde::Serialize,
{
self.api_client
.post(format!("{}/admin/newsletters", self.address))
.form(body)
.send()
.await
.expect("Failed to execute request")

3
tests/api/login.rs
View File

@@ -16,9 +16,6 @@ async fn an_error_flash_message_is_set_on_failure() {
let login_page_html = app.get_login_html().await;
assert!(login_page_html.contains("Authentication failed"));
let login_page_html = app.get_login_html().await;
assert!(!login_page_html.contains("Authentication failed"));
}
#[tokio::test]

211
tests/api/newsletters.rs
View File

@@ -1,5 +1,4 @@
use crate::helpers::{ConfirmationLinks, TestApp};
use uuid::Uuid;
use crate::helpers::{ConfirmationLinks, TestApp, assert_is_redirect_to};
use wiremock::{
Mock, ResponseTemplate,
matchers::{any, method, path},
@@ -10,97 +9,43 @@ async fn newsletters_are_not_delivered_to_unconfirmed_subscribers() {
let app = TestApp::spawn().await;
create_unconfirmed_subscriber(&app).await;
let login_body = serde_json::json!({
"username": app.test_user.username,
"password": app.test_user.password
});
app.post_login(&login_body).await;
Mock::given(any())
.respond_with(ResponseTemplate::new(200))
.expect(0)
.mount(&app.email_server)
.await;
let newsletter_request_body = serde_json::json!({"title": "Newsletter title", "content": { "text": "Newsletter body as plain text", "html": "<p>Newsletter body as HTML</p>"}});
let response = app.post_newsletters(newsletter_request_body).await;
assert_eq!(response.status().as_u16(), 200);
let newsletter_request_body = serde_json::json!({
"title": "Newsletter title",
"text": "Newsletter body as plain text",
"html": "<p>Newsletter body as HTML</p>"
});
app.post_newsletters(&newsletter_request_body).await;
}
#[tokio::test]
async fn request_missing_authorization_are_rejected() {
async fn requests_without_authentication_are_redirected() {
let app = TestApp::spawn().await;
Mock::given(any())
.respond_with(ResponseTemplate::new(200))
.expect(0)
.mount(&app.email_server)
.await;
let newsletter_request_body = serde_json::json!({
"title": "Newsletter title",
"content": {
"text": "Newsletter body as plain text",
"html": "<p>Newsletter body as HTML</p>"
}
"text": "Newsletter body as plain text",
"html": "<p>Newsletter body as HTML</p>"
});
let response = reqwest::Client::new()
.post(format!("{}/newsletters", &app.address))
.json(&newsletter_request_body)
.send()
.await
.expect("Failed to execute request");
assert_eq!(response.status().as_u16(), 401);
assert_eq!(
response.headers()["WWW-Authenticate"],
r#"Basic realm="publish""#
);
}
#[tokio::test]
async fn non_existing_user_is_rejected() {
let app = TestApp::spawn().await;
let newsletter_request_body = serde_json::json!({
"title": "Newsletter title",
"content": {
"text": "Newsletter body as plain text",
"html": "<p>Newsletter body as HTML</p>"
}
});
let username = Uuid::new_v4().to_string();
let password = Uuid::new_v4().to_string();
let response = reqwest::Client::new()
.post(format!("{}/newsletters", &app.address))
.json(&newsletter_request_body)
.basic_auth(username, Some(password))
.send()
.await
.expect("Failed to execute request");
assert_eq!(response.status().as_u16(), 401);
assert_eq!(
response.headers()["WWW-Authenticate"],
r#"Basic realm="publish""#
);
}
#[tokio::test]
async fn invalid_password_is_rejected() {
let app = TestApp::spawn().await;
let newsletter_request_body = serde_json::json!({
"title": "Newsletter title",
"content": {
"text": "Newsletter body as plain text",
"html": "<p>Newsletter body as HTML</p>"
}
});
let username = app.test_user.username;
let password = Uuid::new_v4().to_string();
let response = reqwest::Client::new()
.post(format!("{}/newsletters", &app.address))
.json(&newsletter_request_body)
.basic_auth(username, Some(password))
.send()
.await
.expect("Failed to execute request");
assert_eq!(response.status().as_u16(), 401);
assert_eq!(
response.headers()["WWW-Authenticate"],
r#"Basic realm="publish""#
);
let response = app.post_newsletters(&newsletter_request_body).await;
assert_is_redirect_to(&response, "/login");
}
#[tokio::test]
@@ -108,56 +53,116 @@ async fn newsletters_are_delivered_to_confirmed_subscribers() {
let app = TestApp::spawn().await;
create_confirmed_subscriber(&app).await;
let login_body = serde_json::json!({
"username": app.test_user.username,
"password": app.test_user.password
});
app.post_login(&login_body).await;
Mock::given(any())
.respond_with(ResponseTemplate::new(200))
.expect(1)
.mount(&app.email_server)
.await;
let newsletter_title = "Newsletter title";
let newsletter_request_body = serde_json::json!({
"title": "Newsletter title",
"content": {
"text": "Newsletter body as plain text",
"html": "<p>Newsletter body as HTML</p>"
}
"title": newsletter_title,
"text": "Newsletter body as plain text",
"html": "<p>Newsletter body as HTML</p>"
});
let response = app.post_newsletters(newsletter_request_body).await;
assert_eq!(response.status().as_u16(), 200);
let response = app.post_newsletters(&newsletter_request_body).await;
assert_is_redirect_to(&response, "/admin/newsletters");
let html_page = app.get_newsletter_form_html().await;
assert!(html_page.contains(&format!(
"The newsletter issue '{}' has been published",
newsletter_title
)));
}
#[tokio::test]
async fn newsletters_returns_422_for_invalid_data() {
async fn form_shows_error_for_invalid_data() {
let app = TestApp::spawn().await;
let login_body = serde_json::json!({
"username": app.test_user.username,
"password": app.test_user.password
});
app.post_login(&login_body).await;
Mock::given(any())
.respond_with(ResponseTemplate::new(200))
.expect(0)
.mount(&app.email_server)
.await;
let test_cases = [
(
serde_json::json!({
"content": {
"text": "Newsletter body as plain text",
"html": "<p>Newsletter body as HTML</p>"
}
}),
"missing the title",
"title": "",
"text": "Newsletter body as plain text",
"html": "<p>Newsletter body as HTML</p>"
}),
"The title was empty",
),
(
serde_json::json!({ "title": "Newsletter" }),
"missing the title",
serde_json::json!({ "title": "Newsletter", "text": "", "html": "" }),
"The content was empty",
),
];
for (invalid_body, error_message) in test_cases {
let response = app.post_newsletters(invalid_body).await;
assert_eq!(
response.status().as_u16(),
422,
"The API did not fail with 422 Unprocessable Entity when the payload was {}.",
error_message
);
app.post_newsletters(&invalid_body).await;
let html_page = app.get_newsletter_form_html().await;
assert!(html_page.contains(error_message));
}
}
#[tokio::test]
async fn newsletter_creation_is_idempotent() {
let app = TestApp::spawn().await;
create_confirmed_subscriber(&app).await;
let login_body = serde_json::json!({
"username": app.test_user.username,
"password": app.test_user.password
});
app.post_login(&login_body).await;
Mock::given(any())
.respond_with(ResponseTemplate::new(200))
.expect(1)
.mount(&app.email_server)
.await;
let newsletter_title = "Newsletter title";
let newsletter_request_body = serde_json::json!({
"title": newsletter_title,
"text": "Newsletter body as plain text",
"html": "<p>Newsletter body as HTML</p>"
});
let response = app.post_newsletters(&newsletter_request_body).await;
assert_is_redirect_to(&response, "/admin/newsletters");
let html_page = app.get_newsletter_form_html().await;
assert!(html_page.contains(&format!(
"The newsletter issue '{}' has been published",
newsletter_title
)));
let response = app.post_newsletters(&newsletter_request_body).await;
assert_is_redirect_to(&response, "/admin/newsletters");
let html_page = app.get_newsletter_form_html().await;
assert!(html_page.contains(&format!(
"The newsletter issue '{}' has been published",
newsletter_title
)));
}
async fn create_unconfirmed_subscriber(app: &TestApp) -> ConfirmationLinks {
let body = "name=Alphonse&email=alphonse.paix%40outlook.com";