mirror of
https://tangled.org/tranquil.farm/tranquil-pds
synced 2026-02-08 21:30:08 +00:00
124 lines
6.7 KiB
Rust
124 lines
6.7 KiB
Rust
mod common;
|
|
mod helpers;
|
|
use common::*;
|
|
use helpers::verify_new_account;
|
|
use reqwest::StatusCode;
|
|
use serde_json::{Value, json};
|
|
|
|
#[tokio::test]
|
|
async fn test_server_basics() {
|
|
let client = client();
|
|
let base = base_url().await;
|
|
let health = client.get(format!("{}/health", base)).send().await.unwrap();
|
|
assert_eq!(health.status(), StatusCode::OK);
|
|
assert_eq!(health.text().await.unwrap(), "OK");
|
|
let describe = client.get(format!("{}/xrpc/com.atproto.server.describeServer", base)).send().await.unwrap();
|
|
assert_eq!(describe.status(), StatusCode::OK);
|
|
let body: Value = describe.json().await.unwrap();
|
|
assert!(body.get("availableUserDomains").is_some());
|
|
}
|
|
|
|
#[tokio::test]
|
|
async fn test_account_and_session_lifecycle() {
|
|
let client = client();
|
|
let base = base_url().await;
|
|
let handle = format!("user_{}", uuid::Uuid::new_v4());
|
|
let payload = json!({ "handle": handle, "email": format!("{}@example.com", handle), "password": "password" });
|
|
let create_res = client.post(format!("{}/xrpc/com.atproto.server.createAccount", base))
|
|
.json(&payload).send().await.unwrap();
|
|
assert_eq!(create_res.status(), StatusCode::OK);
|
|
let create_body: Value = create_res.json().await.unwrap();
|
|
let did = create_body["did"].as_str().unwrap();
|
|
let _ = verify_new_account(&client, did).await;
|
|
let login = client.post(format!("{}/xrpc/com.atproto.server.createSession", base))
|
|
.json(&json!({ "identifier": handle, "password": "password" })).send().await.unwrap();
|
|
assert_eq!(login.status(), StatusCode::OK);
|
|
let login_body: Value = login.json().await.unwrap();
|
|
let access_jwt = login_body["accessJwt"].as_str().unwrap().to_string();
|
|
let refresh_jwt = login_body["refreshJwt"].as_str().unwrap().to_string();
|
|
let refresh = client.post(format!("{}/xrpc/com.atproto.server.refreshSession", base))
|
|
.bearer_auth(&refresh_jwt).send().await.unwrap();
|
|
assert_eq!(refresh.status(), StatusCode::OK);
|
|
let refresh_body: Value = refresh.json().await.unwrap();
|
|
assert!(refresh_body["accessJwt"].as_str().is_some());
|
|
assert_ne!(refresh_body["accessJwt"].as_str().unwrap(), access_jwt);
|
|
assert_ne!(refresh_body["refreshJwt"].as_str().unwrap(), refresh_jwt);
|
|
let missing_id = client.post(format!("{}/xrpc/com.atproto.server.createSession", base))
|
|
.json(&json!({ "password": "password" })).send().await.unwrap();
|
|
assert!(missing_id.status() == StatusCode::BAD_REQUEST || missing_id.status() == StatusCode::UNPROCESSABLE_ENTITY);
|
|
let invalid_handle = client.post(format!("{}/xrpc/com.atproto.server.createAccount", base))
|
|
.json(&json!({ "handle": "invalid!handle.com", "email": "test@example.com", "password": "password" }))
|
|
.send().await.unwrap();
|
|
assert_eq!(invalid_handle.status(), StatusCode::BAD_REQUEST);
|
|
let unauth_session = client.get(format!("{}/xrpc/com.atproto.server.getSession", base))
|
|
.bearer_auth(AUTH_TOKEN).send().await.unwrap();
|
|
assert_eq!(unauth_session.status(), StatusCode::UNAUTHORIZED);
|
|
let delete_session = client.post(format!("{}/xrpc/com.atproto.server.deleteSession", base))
|
|
.bearer_auth(AUTH_TOKEN).send().await.unwrap();
|
|
assert_eq!(delete_session.status(), StatusCode::UNAUTHORIZED);
|
|
}
|
|
|
|
#[tokio::test]
|
|
async fn test_service_auth() {
|
|
let client = client();
|
|
let base = base_url().await;
|
|
let (access_jwt, did) = create_account_and_login(&client).await;
|
|
let res = client.get(format!("{}/xrpc/com.atproto.server.getServiceAuth", base))
|
|
.bearer_auth(&access_jwt).query(&[("aud", "did:web:example.com")]).send().await.unwrap();
|
|
assert_eq!(res.status(), StatusCode::OK);
|
|
let body: Value = res.json().await.unwrap();
|
|
let token = body["token"].as_str().unwrap();
|
|
let parts: Vec<&str> = token.split('.').collect();
|
|
assert_eq!(parts.len(), 3, "Token should be a valid JWT");
|
|
use base64::{Engine as _, engine::general_purpose::URL_SAFE_NO_PAD};
|
|
let payload_bytes = URL_SAFE_NO_PAD.decode(parts[1]).unwrap();
|
|
let claims: Value = serde_json::from_slice(&payload_bytes).unwrap();
|
|
assert_eq!(claims["iss"], did);
|
|
assert_eq!(claims["sub"], did);
|
|
assert_eq!(claims["aud"], "did:web:example.com");
|
|
let lxm_res = client.get(format!("{}/xrpc/com.atproto.server.getServiceAuth", base))
|
|
.bearer_auth(&access_jwt).query(&[("aud", "did:web:example.com"), ("lxm", "com.atproto.repo.getRecord")])
|
|
.send().await.unwrap();
|
|
assert_eq!(lxm_res.status(), StatusCode::OK);
|
|
let lxm_body: Value = lxm_res.json().await.unwrap();
|
|
let lxm_token = lxm_body["token"].as_str().unwrap();
|
|
let lxm_parts: Vec<&str> = lxm_token.split('.').collect();
|
|
let lxm_payload = URL_SAFE_NO_PAD.decode(lxm_parts[1]).unwrap();
|
|
let lxm_claims: Value = serde_json::from_slice(&lxm_payload).unwrap();
|
|
assert_eq!(lxm_claims["lxm"], "com.atproto.repo.getRecord");
|
|
let unauth = client.get(format!("{}/xrpc/com.atproto.server.getServiceAuth", base))
|
|
.query(&[("aud", "did:web:example.com")]).send().await.unwrap();
|
|
assert_eq!(unauth.status(), StatusCode::UNAUTHORIZED);
|
|
let missing_aud = client.get(format!("{}/xrpc/com.atproto.server.getServiceAuth", base))
|
|
.bearer_auth(&access_jwt).send().await.unwrap();
|
|
assert_eq!(missing_aud.status(), StatusCode::BAD_REQUEST);
|
|
}
|
|
|
|
#[tokio::test]
|
|
async fn test_account_status_and_activation() {
|
|
let client = client();
|
|
let base = base_url().await;
|
|
let (access_jwt, _) = create_account_and_login(&client).await;
|
|
let status = client.get(format!("{}/xrpc/com.atproto.server.checkAccountStatus", base))
|
|
.bearer_auth(&access_jwt).send().await.unwrap();
|
|
assert_eq!(status.status(), StatusCode::OK);
|
|
let body: Value = status.json().await.unwrap();
|
|
assert_eq!(body["activated"], true);
|
|
assert_eq!(body["validDid"], true);
|
|
assert!(body["repoCommit"].is_string());
|
|
assert!(body["repoRev"].is_string());
|
|
assert!(body["indexedRecords"].is_number());
|
|
let unauth_status = client.get(format!("{}/xrpc/com.atproto.server.checkAccountStatus", base))
|
|
.send().await.unwrap();
|
|
assert_eq!(unauth_status.status(), StatusCode::UNAUTHORIZED);
|
|
let activate = client.post(format!("{}/xrpc/com.atproto.server.activateAccount", base))
|
|
.bearer_auth(&access_jwt).send().await.unwrap();
|
|
assert_eq!(activate.status(), StatusCode::OK);
|
|
let unauth_activate = client.post(format!("{}/xrpc/com.atproto.server.activateAccount", base))
|
|
.send().await.unwrap();
|
|
assert_eq!(unauth_activate.status(), StatusCode::UNAUTHORIZED);
|
|
let deactivate = client.post(format!("{}/xrpc/com.atproto.server.deactivateAccount", base))
|
|
.bearer_auth(&access_jwt).json(&json!({})).send().await.unwrap();
|
|
assert_eq!(deactivate.status(), StatusCode::OK);
|
|
}
|