Finish register module.

2025-04-11 11:41:48 +02:00 · 2015-02-23 02:03:39 -08:00 · 2015-02-23 02:03:39 -08:00 · ec5da7694e
commit ec5da7694e
parent 6f074543f4
5 changed files with 121 additions and 18 deletions
--- a/internal/render/bindata.go
+++ b/internal/render/bindata.go
@ -201,7 +201,7 @@ func recover_tpl() (*asset, error) {
 	return a, nil
 }

-var _register_html_tpl = []byte("\x1f\x8b\x08\x00\x00\x09\x6e\x88\x00\xff\x94\x93\x41\x6f\xea\x30\x0c\xc7\xcf\xf4\x53\x58\x11\xe7\xf6\x8e\xd2\x5e\xde\xbb\x3c\xe9\x69\xe2\x30\xed\x3a\x85\xc6\xa5\xd1\xd2\x24\x4a\xc2\x00\x55\xfd\xee\x4b\x68\xd7\x12\xd0\x36\x76\x81\xd8\xfa\xdb\xfe\xff\x2c\x97\x36\xda\x76\xc0\x6a\x2f\xb4\x2a\x89\xc5\xbd\x70\x1e\x2d\x81\x0e\x7d\xab\x79\x49\x8c\x76\x9e\x54\xd9\x8a\x4a\xb6\x43\x09\x41\x5d\x92\xbe\xcf\x8d\x15\x1d\xb3\xe7\x7f\x7f\x87\x81\x54\x69\xbc\xa1\xc5\x45\x1b\x8b\x84\x32\x07\x0f\x8a\x75\x58\xa6\x22\xf0\x67\x83\x25\xf1\x78\xf2\x04\xde\x99\x3c\x60\x6c\x2b\x1a\x58\x44\x2f\x31\x3b\x0c\xd7\x75\x73\x0a\x15\x0f\x83\xc1\x48\x56\x63\xab\x25\xc7\x7b\x57\x50\x54\x74\x67\xc3\x6f\xb6\xea\xfb\xb5\x11\x1c\x36\x25\x5c\x2b\xfa\xfe\x28\x7c\x0b\x39\x5a\xeb\xe6\x68\x1d\x22\x19\x56\x10\xc5\x42\x71\x3c\x41\x0e\xb1\x38\x0a\x2c\x53\x7b\x9c\x15\xc3\x40\x9d\x61\x2a\xc2\x87\x67\x71\x79\x8f\x03\x27\x7b\xe9\x5f\xba\x41\xc3\x9c\x3b\x6a\xcb\x49\xb5\x9d\x5e\x5f\x6c\x6d\x51\x4e\x1b\x5b\xe2\x04\x7e\x3b\xa7\xaf\xb1\x53\xc0\xd1\x7f\xfe\xd9\xe1\x51\x80\xd4\x79\xad\x55\x23\x6c\xf7\xba\x10\xfc\x19\x33\xf0\x13\xc9\x5d\xe5\xf7\x44\xb7\x6d\x1f\x20\xbb\x9d\xf0\x0b\xc2\xd1\xe8\x68\xc8\x1d\x76\x9d\x58\xce\xf2\xbf\xde\x0b\x45\xe6\xd9\x94\x41\x6b\xb1\x29\x49\x11\xd0\x99\xaa\x51\xd2\x82\x55\xd9\x4d\x8f\x56\x70\x8e\x8a\x4c\xe8\xc1\xc0\xc9\xd9\xe6\x29\x04\xf1\x32\xe7\x7b\xbf\x64\x9f\xf5\x1b\xaa\xf1\x60\x33\x5a\xc4\xcf\xb1\xfa\x08\x00\x00\xff\xff\x3c\x36\x7b\x13\x95\x03\x00\x00")
+var _register_html_tpl = []byte("\x1f\x8b\x08\x00\x00\x09\x6e\x88\x00\xff\x94\x93\x31\x6f\xf3\x20\x10\x86\xe7\xf8\x57\x9c\x50\xe6\x78\x8f\x30\xcb\xf7\x2d\x95\xaa\x2a\x43\xd5\xb5\x22\xe6\x1c\xa3\x62\x40\x40\x9a\x44\x96\xff\x7b\xc1\x4e\xec\x38\x51\xdb\x74\xc1\xdc\xe9\x3d\xee\x7d\x4e\x67\x5a\x19\xd7\x00\x2f\x83\x34\xba\x20\x0e\x77\xd2\x07\x74\x04\x1a\x0c\xb5\x11\x05\xb1\xc6\x07\xc2\xb2\x05\x55\x7c\x8b\x0a\xa2\xba\x20\x6d\xbb\xb2\x4e\x36\xdc\x9d\x9e\xfe\x77\x1d\x61\xf3\x78\x4d\xf3\x5e\x9b\x8a\xa4\xb6\xfb\x00\x9a\x37\x78\x57\x05\xe1\x64\x63\x36\xe0\x31\x10\xf8\xe4\x6a\xdf\x4b\x0e\x32\xd4\x30\xe9\xde\x52\xbe\xeb\x62\x69\x3a\x50\x8b\x54\x68\x15\x2f\xb1\x36\x4a\xe0\xbd\x17\xc8\x19\xdd\xba\x78\x66\x8b\xb6\x5d\x5a\x29\x60\x5d\xc0\xb5\xe2\xd2\x02\x9d\xf3\x63\xb4\x8c\x91\x8a\xe0\x49\x2c\xb5\xc0\x23\xac\x20\x15\x27\x81\xe3\x7a\x87\xa3\xa2\xeb\xa8\xb7\x5c\xb3\xde\x11\xcd\xfb\xfb\xd0\xf0\x6c\x6f\xfe\x99\xcf\xcd\x72\xef\x0f\xc6\x09\xc2\x36\xe7\xdb\x77\xb3\x1a\x95\xe7\x29\x4d\xf1\x0c\x7e\x33\xa6\xaf\xb1\xe7\x80\x83\xff\xd5\xe5\x85\x47\x01\xe6\xce\x4b\xa3\x2b\xe9\x9a\xf7\x89\xe0\xdf\x90\x81\xdf\x48\xee\x2a\x7f\x26\xba\x7d\xf6\x01\xb2\xdb\x0e\x7f\x20\x1c\x8c\x0e\x86\xfc\x7e\xdb\xc8\x69\x15\x9f\xcd\x4e\x6a\x32\xf6\xa6\x1c\x6a\x87\x55\x41\xf2\x88\xce\x75\x89\x8a\xe6\x9c\x65\x37\x6f\xd4\x52\x08\xd4\x64\x5a\xf8\xa3\x77\xd5\x4b\x0c\xd2\x66\x8e\x3b\xde\x67\x5f\xcd\x07\xea\x61\x61\x33\x9a\xa7\x9f\x90\x7d\x05\x00\x00\xff\xff\xe5\x8f\x49\x7c\x8b\x03\x00\x00")

 func register_html_tpl_bytes() ([]byte, error) {
 	return bindata_read(
@ -216,7 +216,7 @@ func register_html_tpl() (*asset, error) {
 		return nil, err
 	}

-	info := bindata_file_info{name: "register.html.tpl", size: 917, mode: os.FileMode(438), modTime: time.Unix(1424682732, 0)}
+	info := bindata_file_info{name: "register.html.tpl", size: 907, mode: os.FileMode(438), modTime: time.Unix(1424683974, 0)}
 	a := &asset{bytes: bytes, info:  info}
 	return a, nil
 }
--- a/internal/render/render.go
+++ b/internal/render/render.go
@ -133,10 +133,10 @@ func (t Templates) RenderEmail(email authboss.Email, nameHTML, namePlain string,
 // Redirect sets any flash messages given and redirects the user.
 func Redirect(ctx *authboss.Context, w http.ResponseWriter, r *http.Request, path, flashSuccess, flashError string) {
 	if len(flashSuccess) > 0 {
-		ctx.CookieStorer.Put(authboss.FlashSuccessKey, flashSuccess)
+		ctx.SessionStorer.Put(authboss.FlashSuccessKey, flashSuccess)
 	}
 	if len(flashError) > 0 {
-		ctx.CookieStorer.Put(authboss.FlashErrorKey, flashError)
+		ctx.SessionStorer.Put(authboss.FlashErrorKey, flashError)
 	}
 	http.Redirect(w, r, path, http.StatusTemporaryRedirect)
 }
--- a/internal/render/templates/register.html.tpl
+++ b/internal/render/templates/register.html.tpl
@ -1,6 +1,6 @@
 <form action="register" method="post">
 	<label for="{{.primaryID}}">{{.primaryID}}:</label>
-	<input name={{.primaryID}} type="text" value="{{if .primaryIDValue}}{{.primaryIDValue}}{{end}}" placeholder="{{.primaryID}}" /><br />
+	<input name="{{.primaryID}}" type="text" value="{{with .primaryIDValue}}{{.}}{{end}}" placeholder="{{.primaryID}}" /><br />
 	{{$pid := .primaryID}}{{with .errs}}{{with $errlist := index . $pid}}{{range $errlist}}<span>{{.}}</span><br />{{end}}{{end}}{{end}}
 	<label for="password">Password:</label>
 	<input name="password" type="password" placeholder="Password" /><br />
--- a/register/register.go
+++ b/register/register.go
@ -4,6 +4,7 @@ package register
 import (
 	"net/http"

+	"golang.org/x/crypto/bcrypt"
 	"gopkg.in/authboss.v0"
 	"gopkg.in/authboss.v0/internal/render"
 )
@ -85,8 +86,15 @@ func (reg *Register) registerPostHandler(ctx *authboss.Context, w http.ResponseW
 	if err != nil {
 		return err
 	}
+
+	pass, err := bcrypt.GenerateFromPassword([]byte(password), authboss.Cfg.BCryptCost)
+	if err != nil {
+		return err
+	}
+
 	attr[authboss.Cfg.PrimaryID] = key
-	attr[authboss.StorePassword] = password
+	attr[authboss.StorePassword] = string(pass)
+	delete(attr, authboss.ConfirmPrefix+authboss.StorePassword)
 	ctx.User = attr

 	if err := authboss.Cfg.Storer.Create(key, attr); err != nil {
--- a/register/register_test.go
+++ b/register/register_test.go
@ -1,9 +1,11 @@
 package register

 import (
+	"bytes"
 	"html/template"
 	"net/http"
 	"net/http/httptest"
+	"net/url"
 	"strings"
 	"testing"

@ -11,6 +13,24 @@ import (
 	"gopkg.in/authboss.v0/internal/mocks"
 )

+func setup() *Register {
+	authboss.Cfg = authboss.NewConfig()
+	authboss.Cfg.Layout = template.Must(template.New("").Parse(`{{template "authboss" .}}`))
+	authboss.Cfg.XSRFName = "xsrf"
+	authboss.Cfg.XSRFMaker = func(_ http.ResponseWriter, _ *http.Request) string {
+		return "xsrfvalue"
+	}
+	authboss.Cfg.ConfirmFields = []string{"password", "confirm_password"}
+	authboss.Cfg.Storer = mocks.NewMockStorer()
+
+	reg := Register{}
+	if err := reg.Initialize(); err != nil {
+		panic(err)
+	}
+
+	return &reg
+}
+
 func TestRegister(t *testing.T) {
 	authboss.Cfg = authboss.NewConfig()
 	r := Register{}
@ -33,18 +53,7 @@ func TestRegister(t *testing.T) {
 }

 func TestRegisterGet(t *testing.T) {
-	authboss.Cfg = &authboss.Config{
-		Layout:   template.Must(template.New("").Parse(`{{template "authboss"}}`)),
-		XSRFName: "xsrf",
-		XSRFMaker: func(_ http.ResponseWriter, _ *http.Request) string {
-			return "xsrfvalue"
-		},
-	}
-	reg := Register{}
-
-	if err := reg.Initialize(); err != nil {
-		t.Error(err)
-	}
+	reg := setup()

 	w := httptest.NewRecorder()
 	r, _ := http.NewRequest("GET", "/register", nil)
@ -65,5 +74,91 @@ func TestRegisterGet(t *testing.T) {

 	if str := w.Body.String(); !strings.Contains(str, "<form") {
 		t.Error("It should have rendered a nice form:", str)
+	} else if !strings.Contains(str, `name="`+authboss.Cfg.PrimaryID) {
+		t.Error("Form should contain the primary ID:", str)
+	}
+}
+
+func TestRegisterPostValidationErrs(t *testing.T) {
+	reg := setup()
+
+	w := httptest.NewRecorder()
+	vals := url.Values{}
+
+	email := "email@address.com"
+	vals.Set(authboss.Cfg.PrimaryID, email)
+	vals.Set(authboss.StorePassword, "pass")
+	vals.Set(authboss.ConfirmPrefix+authboss.StorePassword, "pass2")
+
+	r, _ := http.NewRequest("POST", "/register", bytes.NewBufferString(vals.Encode()))
+	r.Header.Set("Content-Type", "application/x-www-form-urlencoded")
+	ctx, _ := authboss.ContextFromRequest(r)
+	ctx.SessionStorer = mocks.NewMockClientStorer()
+
+	if err := reg.registerHandler(ctx, w, r); err != nil {
+		t.Error(err)
+	}
+
+	if w.Code != http.StatusOK {
+		t.Error("It should have written a 200:", w.Code)
+	}
+
+	if w.Body.Len() == 0 {
+		t.Error("It should have wrote a response.")
+	}
+
+	if str := w.Body.String(); !strings.Contains(str, "Does not match password") {
+		t.Error("Confirm password should have an error:", str)
+	}
+
+	if _, err := authboss.Cfg.Storer.Get(email, authboss.AttributeMeta(reg.Storage())); err != authboss.ErrUserNotFound {
+		t.Error("The user should not have been saved.")
+	}
+}
+
+func TestRegisterPostSuccess(t *testing.T) {
+	reg := setup()
+
+	w := httptest.NewRecorder()
+	vals := url.Values{}
+
+	email := "email@address.com"
+	vals.Set(authboss.Cfg.PrimaryID, email)
+	vals.Set(authboss.StorePassword, "pass")
+	vals.Set(authboss.ConfirmPrefix+authboss.StorePassword, "pass")
+
+	r, _ := http.NewRequest("POST", "/register", bytes.NewBufferString(vals.Encode()))
+	r.Header.Set("Content-Type", "application/x-www-form-urlencoded")
+	ctx, _ := authboss.ContextFromRequest(r)
+	ctx.SessionStorer = mocks.NewMockClientStorer()
+
+	if err := reg.registerHandler(ctx, w, r); err != nil {
+		t.Error(err)
+	}
+
+	if w.Code != http.StatusTemporaryRedirect {
+		t.Error("It should have written a redirect:", w.Code)
+	}
+
+	if loc := w.Header().Get("Location"); loc != "/" {
+		t.Error("Redirected to the wrong location", loc)
+	}
+
+	user, err := authboss.Cfg.Storer.Get(email, authboss.AttributeMeta(reg.Storage()))
+	if err == authboss.ErrUserNotFound {
+		t.Error("The user have been saved.")
+	}
+
+	attrs := authboss.Unbind(user)
+	if e, err := attrs.StringErr(authboss.Cfg.PrimaryID); err != nil {
+		t.Error(err)
+	} else if e != email {
+		t.Errorf("Email was not set properly, want: %s, got: %s", email, e)
+	}
+
+	if p, err := attrs.StringErr(authboss.StorePassword); err != nil {
+		t.Error(err)
+	} else if p == "pass" {
+		t.Error("Password was not hashed.")
 	}
 }