Adding validation to horusec login errors (#118)

ZupIT · Nov 9, 2020 · 4069ed6 · 4069ed6
1 parent eaf32fe
commit 4069ed6
Show file tree

Hide file tree

Showing 3 changed files with 147 additions and 2 deletions.
diff --git a/development-kit/pkg/entities/account/repository_test.go b/development-kit/pkg/entities/account/repository_test.go
@@ -52,7 +52,7 @@ func TestToAccountRepository(t *testing.T) {
 func TestSetUpdateData(t *testing.T) {
 	t.Run("should success set update data", func(t *testing.T) {
 		repository := &Repository{RepositoryID: uuid.New()}
-		repository.SetUpdateData("test", "test")
+		repository.SetUpdateData("test", "test", "test", "test", "test")
 		assert.NotEmpty(t, repository)
 		assert.Equal(t, "test", repository.Name)
 		assert.Equal(t, "test", repository.Description)

diff --git a/horusec-auth/internal/handler/auth/auth.go b/horusec-auth/internal/handler/auth/auth.go
@@ -15,6 +15,8 @@
 package auth
 
 import (
+	authEnums "github.com/ZupIT/horusec/development-kit/pkg/enums/auth"
+	"github.com/ZupIT/horusec/development-kit/pkg/enums/errors"
 	netHTTP "net/http"
 
 	"github.com/ZupIT/horusec/development-kit/pkg/databases/relational"
@@ -78,7 +80,7 @@ func (h *Handler) AuthByType(w netHTTP.ResponseWriter, r *netHTTP.Request) {
 
 	response, err := h.authController.AuthByType(credentials)
 	if err != nil {
-		httpUtil.StatusInternalServerError(w, err)
+		h.checkLoginErrors(w, err)
 		return
 	}
 
@@ -93,3 +95,30 @@ func (h *Handler) getCredentials(r *netHTTP.Request) (*auth.Credentials, error)
 
 	return credentials, nil
 }
+
+func (h *Handler) checkLoginErrors(w netHTTP.ResponseWriter, err error) {
+	switch h.appConfig.GetAuthType() {
+	case authEnums.Horusec:
+		h.checkLoginErrorsHorusec(w, err)
+	case authEnums.Ldap:
+		httpUtil.StatusInternalServerError(w, err)
+	case authEnums.Keycloak:
+		httpUtil.StatusInternalServerError(w, err)
+	default:
+		httpUtil.StatusInternalServerError(w, err)
+	}
+}
+
+func (h *Handler) checkLoginErrorsHorusec(w netHTTP.ResponseWriter, err error) {
+	if err == errors.ErrorWrongEmailOrPassword || err == errors.ErrNotFoundRecords {
+		httpUtil.StatusForbidden(w, errors.ErrorWrongEmailOrPassword)
+		return
+	}
+
+	if err == errors.ErrorAccountEmailNotConfirmed || err == errors.ErrorUserAlreadyLogged {
+		httpUtil.StatusForbidden(w, err)
+		return
+	}
+
+	httpUtil.StatusInternalServerError(w, err)
+}
diff --git a/horusec-auth/internal/handler/auth/auth_test.go b/horusec-auth/internal/handler/auth/auth_test.go
@@ -4,6 +4,7 @@ import (
 	"bytes"
 	"encoding/json"
 	"errors"
+	errorsEnums "github.com/ZupIT/horusec/development-kit/pkg/enums/errors"
 	"net/http"
 	"net/http/httptest"
 	"testing"
@@ -137,4 +138,119 @@ func TestHandler_AuthTypes(t *testing.T) {
 
 		assert.Equal(t, http.StatusOK, w.Code)
 	})
+
+	t.Run("should return 500 when something went wrong ldap", func(t *testing.T) {
+		controllerMock := &authController.MockAuthController{}
+
+		controllerMock.On("AuthByType").Return(map[string]interface{}{"test": "test"}, errors.New("test"))
+
+		handler := Handler{
+			appConfig:      &app.Config{AuthType: authEnums.Ldap},
+			authUseCases:   authUseCases.NewAuthUseCases(),
+			authController: controllerMock,
+		}
+
+		credentialsBytes, _ := json.Marshal(authEntities.Credentials{Username: "test", Password: "test"})
+
+		r, _ := http.NewRequest(http.MethodPost, "test", bytes.NewReader(credentialsBytes))
+		w := httptest.NewRecorder()
+
+		r.Header.Add("X_AUTH_TYPE", "horusec")
+
+		handler.AuthByType(w, r)
+
+		assert.Equal(t, http.StatusInternalServerError, w.Code)
+	})
+
+	t.Run("should return 500 when something went wrong keycloak", func(t *testing.T) {
+		controllerMock := &authController.MockAuthController{}
+
+		controllerMock.On("AuthByType").Return(map[string]interface{}{"test": "test"}, errors.New("test"))
+
+		handler := Handler{
+			appConfig:      &app.Config{AuthType: authEnums.Keycloak},
+			authUseCases:   authUseCases.NewAuthUseCases(),
+			authController: controllerMock,
+		}
+
+		credentialsBytes, _ := json.Marshal(authEntities.Credentials{Username: "test", Password: "test"})
+
+		r, _ := http.NewRequest(http.MethodPost, "test", bytes.NewReader(credentialsBytes))
+		w := httptest.NewRecorder()
+
+		r.Header.Add("X_AUTH_TYPE", "horusec")
+
+		handler.AuthByType(w, r)
+
+		assert.Equal(t, http.StatusInternalServerError, w.Code)
+	})
+
+	t.Run("should return 500 when something went wrong horusec", func(t *testing.T) {
+		controllerMock := &authController.MockAuthController{}
+
+		controllerMock.On("AuthByType").Return(map[string]interface{}{"test": "test"}, errors.New("test"))
+
+		handler := Handler{
+			appConfig:      &app.Config{AuthType: authEnums.Horusec},
+			authUseCases:   authUseCases.NewAuthUseCases(),
+			authController: controllerMock,
+		}
+
+		credentialsBytes, _ := json.Marshal(authEntities.Credentials{Username: "test", Password: "test"})
+
+		r, _ := http.NewRequest(http.MethodPost, "test", bytes.NewReader(credentialsBytes))
+		w := httptest.NewRecorder()
+
+		r.Header.Add("X_AUTH_TYPE", "horusec")
+
+		handler.AuthByType(w, r)
+
+		assert.Equal(t, http.StatusInternalServerError, w.Code)
+	})
+
+	t.Run("should return 403 when email not confirmed", func(t *testing.T) {
+		controllerMock := &authController.MockAuthController{}
+
+		controllerMock.On("AuthByType").Return(map[string]interface{}{"test": "test"}, errorsEnums.ErrorAccountEmailNotConfirmed)
+
+		handler := Handler{
+			appConfig:      &app.Config{AuthType: authEnums.Horusec},
+			authUseCases:   authUseCases.NewAuthUseCases(),
+			authController: controllerMock,
+		}
+
+		credentialsBytes, _ := json.Marshal(authEntities.Credentials{Username: "test", Password: "test"})
+
+		r, _ := http.NewRequest(http.MethodPost, "test", bytes.NewReader(credentialsBytes))
+		w := httptest.NewRecorder()
+
+		r.Header.Add("X_AUTH_TYPE", "horusec")
+
+		handler.AuthByType(w, r)
+
+		assert.Equal(t, http.StatusForbidden, w.Code)
+	})
+
+	t.Run("should return 403 when wrong email or password", func(t *testing.T) {
+		controllerMock := &authController.MockAuthController{}
+
+		controllerMock.On("AuthByType").Return(map[string]interface{}{"test": "test"}, errorsEnums.ErrorWrongEmailOrPassword)
+
+		handler := Handler{
+			appConfig:      &app.Config{AuthType: authEnums.Horusec},
+			authUseCases:   authUseCases.NewAuthUseCases(),
+			authController: controllerMock,
+		}
+
+		credentialsBytes, _ := json.Marshal(authEntities.Credentials{Username: "test", Password: "test"})
+
+		r, _ := http.NewRequest(http.MethodPost, "test", bytes.NewReader(credentialsBytes))
+		w := httptest.NewRecorder()
+
+		r.Header.Add("X_AUTH_TYPE", "horusec")
+
+		handler.AuthByType(w, r)
+
+		assert.Equal(t, http.StatusForbidden, w.Code)
+	})
 }