51 lines
1.7 KiB
Rust
51 lines
1.7 KiB
Rust
use db::Db;
|
|
use domain::Role;
|
|
use sqlx::PgPool;
|
|
|
|
// Note: `server::create_user` opens its own DB connection by URL, but `#[sqlx::test]`
|
|
// provisions a temporary database whose URL is not directly exposed. The test below
|
|
// exercises the same building blocks that `server::create_user` composes —
|
|
// `auth::hash_password` + `db::users::create_user` + `db::users::credentials_by_email` —
|
|
// against the test pool, which fully validates the end-to-end bootstrap logic.
|
|
|
|
#[sqlx::test(migrations = "../db/migrations")]
|
|
async fn create_user_persists_and_password_verifies(pool: PgPool) {
|
|
let db = Db::from_pool(pool.clone());
|
|
|
|
let hash = auth::hash_password("bootstrap-pw-123").unwrap();
|
|
|
|
let mut tx = db.pool().begin().await.unwrap();
|
|
|
|
db::users::create_user(
|
|
&mut tx,
|
|
domain::AuditActor::System,
|
|
&domain::NewUser {
|
|
email: domain::Email::parse("boss@example.com").unwrap(),
|
|
password_hash: hash,
|
|
role: Role::Admin,
|
|
},
|
|
)
|
|
.await
|
|
.unwrap();
|
|
|
|
tx.commit().await.unwrap();
|
|
|
|
let (user, stored_hash) = db::users::credentials_by_email(db.pool(), "boss@example.com")
|
|
.await
|
|
.unwrap()
|
|
.unwrap();
|
|
|
|
assert_eq!(user.role, Role::Admin);
|
|
assert!(auth::verify_password("bootstrap-pw-123", &stored_hash));
|
|
}
|
|
|
|
#[tokio::test]
|
|
async fn create_user_rejects_invalid_email() {
|
|
// The email is parsed before the password is read or the DB is touched, so an
|
|
// invalid email errors out without reaching the (unreachable) database URL.
|
|
let err = server::create_user("postgres://unused", "not-an-email", Role::Admin)
|
|
.await
|
|
.unwrap_err();
|
|
assert!(err.to_string().contains("email"), "got: {err}");
|
|
}
|