diff --git a/Makefile b/Makefile index 668ccf1..97db62e 100644 --- a/Makefile +++ b/Makefile @@ -27,6 +27,10 @@ clean: remove-podman-containers cd backend && make clean @echo "Cleaned up!" +.PHONY: itest +itest: + python testing.py + # Cleans up everything related to podman, not just the project. Make sure you understand what this means. podman-clean: podman system reset --force diff --git a/backend/internal/database/db.go b/backend/internal/database/db.go index 6b8a990..ef365cd 100644 --- a/backend/internal/database/db.go +++ b/backend/internal/database/db.go @@ -14,6 +14,7 @@ import ( type Database interface { // Insert a new user into the database, password should be hashed before calling AddUser(username string, password string) error + CheckUser(username string, password string) bool RemoveUser(username string) error PromoteToAdmin(username string) error GetUserId(username string) (int, error) @@ -77,6 +78,15 @@ func DbConnect(dbpath string) Database { return &Db{db} } +func (d *Db) CheckUser(username string, password string) bool { + var dbPassword string + err := d.Get(&dbPassword, "SELECT password FROM users WHERE username = ?", username) + if err != nil { + return false + } + return dbPassword == password +} + // GetProjectsForUser retrieves all projects associated with a specific user. func (d *Db) GetProjectsForUser(username string) ([]types.Project, error) { var projects []types.Project diff --git a/backend/internal/handlers/global_state.go b/backend/internal/handlers/global_state.go index f7172f5..415b215 100644 --- a/backend/internal/handlers/global_state.go +++ b/backend/internal/handlers/global_state.go @@ -106,18 +106,20 @@ func (gs *GState) IncrementButtonCount(c *fiber.Ctx) error { // Login is a simple login handler that returns a JWT token func (gs *GState) Login(c *fiber.Ctx) error { - // To test: curl --data "user=user&pass=pass" http://localhost:8080/api/login - user := c.FormValue("user") - pass := c.FormValue("pass") + // The body type is identical to a NewUser + u := new(types.NewUser) + if err := c.BodyParser(u); err != nil { + return c.Status(400).SendString(err.Error()) + } - // Throws Unauthorized error - if user != "user" || pass != "pass" { + if !gs.Db.CheckUser(u.Username, u.Password) { + println("User not found") return c.SendStatus(fiber.StatusUnauthorized) } // Create the Claims claims := jwt.MapClaims{ - "name": user, + "name": u.Username, "admin": false, "exp": time.Now().Add(time.Hour * 72).Unix(), } diff --git a/testing.py b/testing.py new file mode 100644 index 0000000..fa97567 --- /dev/null +++ b/testing.py @@ -0,0 +1,75 @@ +import requests +import string +import random + + +def randomString(len=10): + """Generate a random string of fixed length""" + letters = string.ascii_lowercase + return "".join(random.choice(letters) for i in range(len)) + + +# Defined once per test run +username = randomString() +token = None + +# The base URL of the API +base_url = "http://localhost:8080" + +# Endpoint to test +registerPath = base_url + "/api/register" +loginPath = base_url + "/api/login" +addProjectPath = base_url + "/api/project" + + +# Define a function to prform POST request with data and return response +def register(username: string, password: string): + print("Registering with username: ", username, " and password: ", password) + response = requests.post( + registerPath, json={"username": username, "password": password} + ) + print(response.text) + return response + + +def login(username: string, password: string): + print("Logging in with username: ", username, " and password: ", password) + response = requests.post( + loginPath, json={"username": username, "password": password} + ) + print(response.text) + return response + + +def test_login(): + response = login(username, "always_same") + assert response.status_code == 200, "Login failed" + print("Login successful") + return response.json()["token"] + + +# Define a function to test the POST request +def test_create_user(): + response = register(username, "always_same") + assert response.status_code == 200, "Registration failed" + print("Registration successful") + + +def test_add_project(): + loginResponse = login(username, "always_same") + token = loginResponse.json()["token"] + projectName = randomString() + response = requests.post( + addProjectPath, + json={"name": projectName, "description": "This is a project"}, + headers={"Authorization": "Bearer " + token}, + ) + print(response.text) + assert response.status_code == 200, "Add project failed" + print("Add project successful") + + +if __name__ == "__main__": + test_create_user() + test_login() + test_add_project()