From b8ae1a898d6dc743e6cfe6280e5214f1e78d2023 Mon Sep 17 00:00:00 2001
From: Sebastian Pravda <sebastian.pravda@gmail.com>
Date: Sun, 20 Nov 2022 21:17:45 +0100
Subject: [PATCH] feat: candidate endpoints tests

---
 api/tests/candidate.rs        | 108 +++++++++++++++++++++++++++++++++-
 core/src/candidate_details.rs |   2 +-
 2 files changed, 108 insertions(+), 2 deletions(-)

diff --git a/api/tests/candidate.rs b/api/tests/candidate.rs
index 4d47a0c..68d5981 100644
--- a/api/tests/candidate.rs
+++ b/api/tests/candidate.rs
@@ -1,7 +1,26 @@
 mod common;
 use common::*;
 use portfolio_api::test::APPLICATION_ID;
-use rocket::http::Status;
+use portfolio_core::{candidate_details::ApplicationDetails, sea_orm::prelude::Uuid, crypto};
+use rocket::{http::{Status, Cookie}};
+
+
+const CANDIDATE_DETAILS: &'static str = "{
+    \"name\": \"idk\",
+    \"surname\": \"idk\",
+    \"birthplace\": \"Praha 1\",
+    \"birthdate\": \"2015-09-18\",
+    \"address\": \"Stefanikova jidelna\",
+    \"telephone\": \"000111222333\",
+    \"citizenship\": \"Czech Republic\",
+    \"email\": \"magor@magor.cz\",
+    \"sex\": \"MALE\",
+    \"study\": \"KB\",
+    \"parent_name\": \"maminka\",
+    \"parent_surname\": \"chad\",
+    \"parent_telephone\": \"420111222333\",
+    \"parent_email\": \"maminka@centrum.cz\"
+}";
 
 #[test]
 fn test_login_valid_credentials() {
@@ -30,4 +49,91 @@ fn test_auth_candidate() {
 
     assert_eq!(response.status(), Status::Ok);
     assert_eq!(response.into_string().unwrap(), APPLICATION_ID.to_string());
+}
+
+#[test]
+fn test_add_get_candidate_details() {
+    let client = test_client().lock().unwrap();
+    let cookies = candidate_login(&client);
+
+    let details_orig: ApplicationDetails = serde_json::from_str(CANDIDATE_DETAILS).unwrap();
+
+    let response = client
+        .post("/candidate/add/details")
+        .cookie(cookies.0.clone())
+        .cookie(cookies.1.clone())
+        .body(CANDIDATE_DETAILS.to_string())
+        .dispatch();
+
+    assert_eq!(response.status(), Status::Ok);
+    
+    let response = client
+        .post("/candidate/get_details")
+        .cookie(cookies.0)
+        .cookie(cookies.1)
+        .dispatch();
+
+    assert_eq!(response.status(), Status::Ok);
+    
+    let details_resp: ApplicationDetails = serde_json::from_str(&response.into_string().unwrap()).unwrap();
+    assert_eq!(details_orig, details_resp);
+}
+
+#[test]
+fn test_invalid_token_every_secured_endpoint() {
+    let client = test_client().lock().unwrap();
+
+    let id = Cookie::new("id", Uuid::new_v4().to_string());
+    let (private_key, _) = crypto::create_identity();
+    let key = Cookie::new("key", private_key);
+
+    let response = client
+        .post("/candidate/add/details")
+        .cookie(id.clone())
+        .cookie(key.clone())
+        .body(CANDIDATE_DETAILS.to_string())
+        .dispatch();
+    assert_eq!(response.status(), Status::Unauthorized);
+
+    let response = client
+        .post("/candidate/get_details")
+        .cookie(id.clone())
+        .cookie(key.clone())
+        .dispatch();
+    assert_eq!(response.status(), Status::Unauthorized);
+
+    let response = client
+        .get("/candidate/whoami")
+        .cookie(id.clone())
+        .cookie(key.clone())
+        .dispatch();
+    assert_eq!(response.status(), Status::Unauthorized);
+}
+
+#[test]
+fn test_admin_token_on_secured_candidate_endpoints() {
+    let client = test_client().lock().unwrap();
+    let cookies = admin_login(&client);
+
+    let response = client
+        .post("/candidate/add/details")
+        .cookie(cookies.0.clone())
+        .cookie(cookies.1.clone())
+        .body(CANDIDATE_DETAILS.to_string())
+        .dispatch();
+    assert_eq!(response.status(), Status::Unauthorized);
+
+    let response = client
+        .post("/candidate/get_details")
+        .cookie(cookies.0.clone())
+        .cookie(cookies.1.clone())
+        .dispatch();
+    assert_eq!(response.status(), Status::Unauthorized);
+
+    let response = client
+        .get("/candidate/whoami")
+        .cookie(cookies.0.clone())
+        .cookie(cookies.1.clone())
+        .dispatch();
+    assert_eq!(response.status(), Status::Unauthorized);
 }
\ No newline at end of file
diff --git a/core/src/candidate_details.rs b/core/src/candidate_details.rs
index 47c483e..ea4616a 100644
--- a/core/src/candidate_details.rs
+++ b/core/src/candidate_details.rs
@@ -185,7 +185,7 @@ impl TryFrom<(candidate::Model, parent::Model)> for EncryptedApplicationDetails
 }
 
 
-#[derive(Debug, Serialize, Deserialize)]
+#[derive(Debug, Serialize, Deserialize, PartialEq, Eq)]
 pub struct ApplicationDetails {
     // Candidate
     pub name: String,