gotosocial/internal/processing/user/emailconfirm_test.go

/*
   GoToSocial
   Copyright (C) 2021 GoToSocial Authors admin@gotosocial.org

   This program is free software: you can redistribute it and/or modify
   it under the terms of the GNU Affero General Public License as published by
   the Free Software Foundation, either version 3 of the License, or
   (at your option) any later version.

   This program is distributed in the hope that it will be useful,
   but WITHOUT ANY WARRANTY; without even the implied warranty of
   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
   GNU Affero General Public License for more details.

   You should have received a copy of the GNU Affero General Public License
   along with this program.  If not, see <http://www.gnu.org/licenses/>.
*/

package user_test

import (
	"context"
	"fmt"
	"testing"
	"time"

	"github.com/stretchr/testify/suite"
)

type EmailConfirmTestSuite struct {
	UserStandardTestSuite
}

func (suite *EmailConfirmTestSuite) TestSendConfirmEmail() {
	user := suite.testUsers["local_account_1"]

	// set a bunch of stuff on the user as though zork hasn't been confirmed (perish the thought)
	user.UnconfirmedEmail = "some.email@example.org"
	user.Email = ""
	user.ConfirmedAt = time.Time{}
	user.ConfirmationSentAt = time.Time{}
	user.ConfirmationToken = ""

	err := suite.user.SendConfirmEmail(context.Background(), user, "the_mighty_zork")
	suite.NoError(err)

	// zork should have an email now
	suite.Len(suite.sentEmails, 1)
	email, ok := suite.sentEmails["some.email@example.org"]
	suite.True(ok)

	// a token should be set on zork
	token := user.ConfirmationToken
	suite.NotEmpty(token)

	// email should contain the token
	emailShould := fmt.Sprintf("Subject: GoToSocial Email Confirmation\r\nFrom: GoToSocial <test@example.org>\r\nTo: some.email@example.org\r\nMIME-version: 1.0;\nContent-Type: text/html;\r\n<!DOCTYPE html>\n<html>\n    </head>\n    <body>\n        <div>\n            <h1>\n                Hello the_mighty_zork!\n            </h1>\n        </div>\n        <div>\n            <p>\n                You are receiving this mail because you've requested an account on <a href=\"http://localhost:8080\">localhost:8080</a>.\n            </p>\n            <p>\n                We just need to confirm that this is your email address. To confirm your email, <a href=\"http://localhost:8080/confirm_email?token=%s\">click here</a> or paste the following in your browser's address bar:\n            </p>\n            <p>\n                <code>\n                    http://localhost:8080/confirm_email?token=%s\n                </code>\n            </p>\n        </div>\n        <div>\n            <p>\n                If you believe you've been sent this email in error, feel free to ignore it, or contact the administrator of <a href=\"http://localhost:8080\">localhost:8080</a>.\n            </p>\n        </div>\n    </body>\n</html>\r\n", token, token)
	suite.Equal(emailShould, email)

	// confirmationSentAt should be recent
	suite.WithinDuration(time.Now(), user.ConfirmationSentAt, 1*time.Minute)
}

func (suite *EmailConfirmTestSuite) TestConfirmEmail() {
	ctx := context.Background()

	user := suite.testUsers["local_account_1"]

	// set a bunch of stuff on the user as though zork hasn't been confirmed yet, but has had an email sent 5 minutes ago
	user.UnconfirmedEmail = "some.email@example.org"
	user.Email = ""
	user.ConfirmedAt = time.Time{}
	user.ConfirmationSentAt = time.Now().Add(-5 * time.Minute)
	user.ConfirmationToken = "1d1aa44b-afa4-49c8-ac4b-eceb61715cc6"

	err := suite.db.UpdateByPrimaryKey(ctx, user)
	suite.NoError(err)

	// confirm with the token set above
	updatedUser, errWithCode := suite.user.ConfirmEmail(ctx, "1d1aa44b-afa4-49c8-ac4b-eceb61715cc6")
	suite.NoError(errWithCode)

	// email should now be confirmed and token cleared
	suite.Equal("some.email@example.org", updatedUser.Email)
	suite.Empty(updatedUser.UnconfirmedEmail)
	suite.Empty(updatedUser.ConfirmationToken)
	suite.WithinDuration(updatedUser.ConfirmedAt, time.Now(), 1*time.Minute)
	suite.WithinDuration(updatedUser.UpdatedAt, time.Now(), 1*time.Minute)
}

func (suite *EmailConfirmTestSuite) TestConfirmEmailOldToken() {
	ctx := context.Background()

	user := suite.testUsers["local_account_1"]

	// set a bunch of stuff on the user as though zork hasn't been confirmed yet, but has had an email sent 8 days ago
	user.UnconfirmedEmail = "some.email@example.org"
	user.Email = ""
	user.ConfirmedAt = time.Time{}
	user.ConfirmationSentAt = time.Now().Add(-192 * time.Hour)
	user.ConfirmationToken = "1d1aa44b-afa4-49c8-ac4b-eceb61715cc6"

	err := suite.db.UpdateByPrimaryKey(ctx, user)
	suite.NoError(err)

	// confirm with the token set above
	updatedUser, errWithCode := suite.user.ConfirmEmail(ctx, "1d1aa44b-afa4-49c8-ac4b-eceb61715cc6")
	suite.Nil(updatedUser)
	suite.EqualError(errWithCode, "ConfirmEmail: confirmation token expired")
}

func TestEmailConfirmTestSuite(t *testing.T) {
	suite.Run(t, &EmailConfirmTestSuite{})
}
smtp + email confirmation (#285) * add smtp configuration * add email confirm + reset templates * add email sender to testrig * flesh out the email sender interface * go fmt * golint * update from field with more clarity * tidy up the email formatting * fix tests * add email sender to processor * tidy client api processing a bit * further tidying in fromClientAPI * pin new account to user * send msg to processor on new account creation * generate confirm email uri * remove emailer from account processor again * add processCreateAccountFromClientAPI * move emailer accountprocessor => userprocessor * add email sender to user processor * SendConfirmEmail function * add noop email sender * use noop email sender in tests * only assemble message if callback is not nil * use noop email sender if no smtp host is defined * minify email html before sending * fix wrong email address * email confirm test * fmt * serve web hndler * add email confirm handler * init test log properly on testrig * log emails that would have been sent * go fmt ./... * unexport confirm email handler * updatedAt * test confirm email function * don't allow tokens older than 7 days * change error message a bit * add basic smtp docs * add a few more snippets * typo * add email sender to outbox tests * don't use dutch wikipedia link * don't minify email html 2021-10-31 14:46:23 +00:00			`/*`
			`GoToSocial`
			`Copyright (C) 2021 GoToSocial Authors admin@gotosocial.org`

			`This program is free software: you can redistribute it and/or modify`
			`it under the terms of the GNU Affero General Public License as published by`
			`the Free Software Foundation, either version 3 of the License, or`
			`(at your option) any later version.`

			`This program is distributed in the hope that it will be useful,`
			`but WITHOUT ANY WARRANTY; without even the implied warranty of`
			`MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the`
			`GNU Affero General Public License for more details.`

			`You should have received a copy of the GNU Affero General Public License`
			`along with this program. If not, see <http://www.gnu.org/licenses/>.`
			`*/`

			`package user_test`

			`import (`
			`"context"`
			`"fmt"`
			`"testing"`
			`"time"`

			`"github.com/stretchr/testify/suite"`
			`)`

			`type EmailConfirmTestSuite struct {`
			`UserStandardTestSuite`
			`}`

			`func (suite *EmailConfirmTestSuite) TestSendConfirmEmail() {`
			`user := suite.testUsers["local_account_1"]`

			`// set a bunch of stuff on the user as though zork hasn't been confirmed (perish the thought)`
			`user.UnconfirmedEmail = "some.email@example.org"`
			`user.Email = ""`
			`user.ConfirmedAt = time.Time{}`
			`user.ConfirmationSentAt = time.Time{}`
			`user.ConfirmationToken = ""`

			`err := suite.user.SendConfirmEmail(context.Background(), user, "the_mighty_zork")`
			`suite.NoError(err)`

			`// zork should have an email now`
			`suite.Len(suite.sentEmails, 1)`
			`email, ok := suite.sentEmails["some.email@example.org"]`
			`suite.True(ok)`

			`// a token should be set on zork`
			`token := user.ConfirmationToken`
			`suite.NotEmpty(token)`

			`// email should contain the token`
			emailShould := fmt.Sprintf("Subject: GoToSocial Email Confirmation\r\nFrom: GoToSocial <test@example.org>\r\nTo: some.email@example.org\r\nMIME-version: 1.0;\nContent-Type: text/html;\r\n<!DOCTYPE html>\n<html>\n </head>\n <body>\n <div>\n <h1>\n Hello the_mighty_zork!\n </h1>\n </div>\n <div>\n <p>\n You are receiving this mail because you've requested an account on <a href=\"http://localhost:8080\">localhost:8080</a>.\n </p>\n <p>\n We just need to confirm that this is your email address. To confirm your email, <a href=\"http://localhost:8080/confirm_email?token=%s\">click here</a> or paste the following in your browser's address bar:\n </p>\n <p>\n <code>\n http://localhost:8080/confirm_email?token=%s\n </code>\n </p>\n </div>\n <div>\n <p>\n If you believe you've been sent this email in error, feel free to ignore it, or contact the administrator of <a href=\"http://localhost:8080\">localhost:8080</a>.\n </p>\n </div>\n </body>\n</html>\r\n", token, token)
			`suite.Equal(emailShould, email)`

			`// confirmationSentAt should be recent`
			`suite.WithinDuration(time.Now(), user.ConfirmationSentAt, 1*time.Minute)`
			`}`

			`func (suite *EmailConfirmTestSuite) TestConfirmEmail() {`
			`ctx := context.Background()`

			`user := suite.testUsers["local_account_1"]`

			`// set a bunch of stuff on the user as though zork hasn't been confirmed yet, but has had an email sent 5 minutes ago`
			`user.UnconfirmedEmail = "some.email@example.org"`
			`user.Email = ""`
			`user.ConfirmedAt = time.Time{}`
			`user.ConfirmationSentAt = time.Now().Add(-5 * time.Minute)`
			`user.ConfirmationToken = "1d1aa44b-afa4-49c8-ac4b-eceb61715cc6"`

			`err := suite.db.UpdateByPrimaryKey(ctx, user)`
			`suite.NoError(err)`

			`// confirm with the token set above`
			`updatedUser, errWithCode := suite.user.ConfirmEmail(ctx, "1d1aa44b-afa4-49c8-ac4b-eceb61715cc6")`
			`suite.NoError(errWithCode)`

			`// email should now be confirmed and token cleared`
			`suite.Equal("some.email@example.org", updatedUser.Email)`
			`suite.Empty(updatedUser.UnconfirmedEmail)`
			`suite.Empty(updatedUser.ConfirmationToken)`
			`suite.WithinDuration(updatedUser.ConfirmedAt, time.Now(), 1*time.Minute)`
			`suite.WithinDuration(updatedUser.UpdatedAt, time.Now(), 1*time.Minute)`
			`}`

			`func (suite *EmailConfirmTestSuite) TestConfirmEmailOldToken() {`
			`ctx := context.Background()`

			`user := suite.testUsers["local_account_1"]`

			`// set a bunch of stuff on the user as though zork hasn't been confirmed yet, but has had an email sent 8 days ago`
			`user.UnconfirmedEmail = "some.email@example.org"`
			`user.Email = ""`
			`user.ConfirmedAt = time.Time{}`
			`user.ConfirmationSentAt = time.Now().Add(-192 * time.Hour)`
			`user.ConfirmationToken = "1d1aa44b-afa4-49c8-ac4b-eceb61715cc6"`

			`err := suite.db.UpdateByPrimaryKey(ctx, user)`
			`suite.NoError(err)`

			`// confirm with the token set above`
			`updatedUser, errWithCode := suite.user.ConfirmEmail(ctx, "1d1aa44b-afa4-49c8-ac4b-eceb61715cc6")`
			`suite.Nil(updatedUser)`
			`suite.EqualError(errWithCode, "ConfirmEmail: confirmation token expired")`
			`}`

			`func TestEmailConfirmTestSuite(t *testing.T) {`
			`suite.Run(t, &EmailConfirmTestSuite{})`
			`}`