test: check pw is hashed and not unique

2025-03-13 16:32:37 +01:00 · 2025-03-13 16:32:37 +01:00 · 66d4312695
commit 66d4312695
parent 66791d32a5
4 changed files with 62 additions and 12 deletions
--- a/pkg/userstore/migrations/1741770848_init.up.sql
+++ b/pkg/userstore/migrations/1741770848_init.up.sql
@ -4,5 +4,16 @@ CREATE TABLE users (
  created_at DATETIME DEFAULT CURRENT_TIMESTAMP,
  updated_at DATETIME DEFAULT CURRENT_TIMESTAMP,
  username TEXT NOT NULL UNIQUE,
-  password TEXT NOT NULL UNIQUE
+  password TEXT NOT NULL
 );
+
+CREATE TABLE mail (
+  id INTEGER PRIMARY KEY AUTOINCREMENT,
+  created_at DATETIME DEFAULT CURRENT_TIMESTAMP,
+  updated_at DATETIME DEFAULT CURRENT_TIMESTAMP,
+  mail TEXT NOT NULL UNIQUE,
+  validationCode TEXT NOT NULL UNIQUE,
+  isValidated BOOLEAN NOT NULL DEFAULT 0,
+  isPrimary BOOLEAN NOT NULL DEFAULT 0
+)
+
--- a/pkg/userstore/migrations/schema.sql
+++ b/pkg/userstore/migrations/schema.sql
@ -9,6 +9,15 @@ CREATE TABLE users (
  created_at DATETIME DEFAULT CURRENT_TIMESTAMP,
  updated_at DATETIME DEFAULT CURRENT_TIMESTAMP,
  username TEXT NOT NULL UNIQUE,
-  password TEXT NOT NULL UNIQUE
+  password TEXT NOT NULL
 );
 CREATE TABLE sqlite_sequence(name,seq);
+CREATE TABLE mail (
+  id INTEGER PRIMARY KEY AUTOINCREMENT,
+  created_at DATETIME DEFAULT CURRENT_TIMESTAMP,
+  updated_at DATETIME DEFAULT CURRENT_TIMESTAMP,
+  mail TEXT NOT NULL UNIQUE,
+  validationCode TEXT NOT NULL UNIQUE,
+  isValidated BOOLEAN NOT NULL DEFAULT 0,
+  isPrimary BOOLEAN NOT NULL DEFAULT 0
+);
--- a/pkg/userstore/users.go
+++ b/pkg/userstore/users.go
@ -5,18 +5,23 @@ import (
 	"golang.org/x/crypto/bcrypt"
 )

-func (s Store) UserWrite(username, password string) error {
+func (s Store) UserWrite(username, password string) (int64, error) {
 	query := "INSERT INTO users (username, password) VALUES (?, ?);"
 	log := s.log.With().Str("query", query).Str("username", username).Logger()

 	pwHash, err := bcrypt.GenerateFromPassword([]byte(password), bcrypt.DefaultCost)
 	if err != nil {
-		return utils.WrapError(ErrCantEncryptPassword, err, log)
+		return 0, utils.WrapError(ErrCantEncryptPassword, err, log)
 	}

-	_, err = s.db.Exec(query, username, string(pwHash))
+	res, err := s.db.Exec(query, username, string(pwHash))
 	if err != nil {
-		return utils.WrapError(ErrCantExecuteQuery, err, log)
+		return 0, utils.WrapError(ErrCantExecuteQuery, err, log)
 	}
-	return nil
+
+	id, err := res.LastInsertId()
+	if err != nil {
+		return 0, utils.WrapError(ErrCantExecuteQuery, err, log)
+	}
+	return id, nil
 }
--- a/pkg/userstore/users_test.go
+++ b/pkg/userstore/users_test.go
@ -16,12 +16,14 @@ func TestWriteUser(t *testing.T) {
 		password        string
 		exptError       error
 		exptErrorString string
+		exptUserId      int64
 	}{
 		{
 			name:       "successfull-insert-first-user",
 			username:   "kekskurse",
 			password:   "kekskurse",
 			exptError:  nil,
+			exptUserId: 1,
 		},
 		{
 			name:            "failed-username-alreadey-used",
@ -29,6 +31,14 @@ func TestWriteUser(t *testing.T) {
 			password:        "kekskurse",
 			exptError:       ErrCantExecuteQuery,
 			exptErrorString: "cant execute query: constraint failed: UNIQUE constraint failed: users.username (2067)",
+			exptUserId:      0,
+		},
+		{
+			name:       "successfull-insert-first-user",
+			username:   "kekskurse2",
+			password:   "kekskurse",
+			exptError:  nil,
+			exptUserId: 2,
 		},
 	}

@ -36,7 +46,8 @@ func TestWriteUser(t *testing.T) {
 	initDabase(t, store)
 	for _, tt := range tts {
 		t.Run(tt.name, func(t *testing.T) {
-			err := store.UserWrite(tt.username, tt.password)
+			id, err := store.UserWrite(tt.username, tt.password)
+			assert.Equal(t, tt.exptUserId, id, "should return right user id")
 			if tt.exptError == nil {
 				assert.Nil(t, err, "should store user without error")
 			} else {
@ -45,6 +56,20 @@ func TestWriteUser(t *testing.T) {
 			}
 		})
 	}
+
+	// TODO: Check if pw hash are not unique
+	var pw1 string
+	var pw2 string
+	err := store.db.QueryRow("SELECT password FROM users WHERE id = 1").Scan(&pw1)
+	assert.Nil(t, err, "should be abel to query pw1")
+	err = store.db.QueryRow("SELECT password FROM users WHERE id = 2").Scan(&pw2)
+	assert.Nil(t, err, "should be abel to query pw2")
+
+	assert.NotEmpty(t, pw1)
+	assert.NotEmpty(t, pw2)
+	assert.NotEqual(t, "kekskurse", pw1)
+	assert.NotEqual(t, "kekskurse", pw2)
+	assert.NotEqual(t, pw1, pw2, "passwords should not be equal")
 }

 func getTestStore(t *testing.T) Store {