86 lines
2.6 KiB
Rust
86 lines
2.6 KiB
Rust
use crate::api::main::{create_user_with_password, login_user, setup};
|
|
use axum::http::{header, HeaderName, StatusCode};
|
|
use http_body_util::BodyExt;
|
|
use serde_json::{json, Value};
|
|
use utils::testing::{make_jwt_request, make_request_with_headers};
|
|
|
|
#[tokio::test]
|
|
async fn test_api_key_flow() {
|
|
let app = setup().await;
|
|
let _ = create_user_with_password(
|
|
&app.db,
|
|
"apikey_user",
|
|
"password123",
|
|
"apikey_user@example.com",
|
|
)
|
|
.await;
|
|
let jwt = login_user(app.router.clone(), "apikey_user", "password123").await;
|
|
|
|
// 1. Create a new API key using JWT auth
|
|
let create_body = json!({ "name": "My Test Key" }).to_string();
|
|
let response = make_jwt_request(
|
|
app.router.clone(),
|
|
"/users/me/api-keys",
|
|
"POST",
|
|
Some(create_body),
|
|
&jwt,
|
|
)
|
|
.await;
|
|
assert_eq!(response.status(), StatusCode::CREATED);
|
|
|
|
let body = response.into_body().collect().await.unwrap().to_bytes();
|
|
let v: Value = serde_json::from_slice(&body).unwrap();
|
|
|
|
let plaintext_key = v["plaintextKey"]
|
|
.as_str()
|
|
.expect("Plaintext key not found")
|
|
.to_string();
|
|
let key_id = v["id"].as_str().expect("Key ID not found").to_string();
|
|
assert!(plaintext_key.starts_with("th_"));
|
|
|
|
// 2. Use the new API key to post a thought
|
|
|
|
let thought_body = json!({ "content": "Posting with an API key!" }).to_string();
|
|
let key = plaintext_key.clone();
|
|
let api_key_header = format!("ApiKey {}", key);
|
|
let content_type = "application/json";
|
|
let headers: Vec<(HeaderName, &str)> = vec![
|
|
(header::AUTHORIZATION, &api_key_header),
|
|
(header::CONTENT_TYPE, content_type),
|
|
];
|
|
|
|
let response = make_request_with_headers(
|
|
app.router.clone(),
|
|
"/thoughts",
|
|
"POST",
|
|
Some(thought_body),
|
|
headers,
|
|
)
|
|
.await;
|
|
|
|
assert_eq!(response.status(), StatusCode::CREATED);
|
|
|
|
// 3. Delete the API key using JWT auth
|
|
let response = make_jwt_request(
|
|
app.router.clone(),
|
|
&format!("/users/me/api-keys/{}", key_id),
|
|
"DELETE",
|
|
None,
|
|
&jwt,
|
|
)
|
|
.await;
|
|
assert_eq!(response.status(), StatusCode::NO_CONTENT);
|
|
|
|
// 4. Try to use the deleted key again, expecting failure
|
|
let body = json!({ "content": "This should fail" }).to_string();
|
|
let headers: Vec<(HeaderName, &str)> = vec![
|
|
(header::AUTHORIZATION, &api_key_header),
|
|
(header::CONTENT_TYPE, content_type),
|
|
];
|
|
|
|
let response =
|
|
make_request_with_headers(app.router.clone(), "/thoughts", "POST", Some(body), headers)
|
|
.await;
|
|
assert_eq!(response.status(), StatusCode::UNAUTHORIZED);
|
|
}
|