Skip to content

Commit 166ef4d

Browse files
wolfgangwaltherwolfgangwalther
committed
test(spec): inline config into test suite
Previously, information about each test-suite was repeated in 3 separate places: - as a label and as implicit knowledge in the test-suite itself, - as a comment in Main.hs, and - as a configuration in SpecHelper.hs. With this change, there will be a single source of truth in the test suite itself. This will allow a single test-suite to easily test multiple different configurations.
1 parent a02af03 commit 166ef4d

52 files changed

Lines changed: 277 additions & 436 deletions

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

test/spec/Feature/Auth/AsymmetricJwtSpec.hs

Lines changed: 29 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -1,19 +1,39 @@
11
module Feature.Auth.AsymmetricJwtSpec where
22

3-
import Network.Wai (Application)
4-
53
import Network.HTTP.Types
64
import Test.Hspec
75
import Test.Hspec.Wai
6+
import Text.Heredoc
7+
8+
import PostgREST.Config (AppConfig (..), parseSecret)
89

910
import Protolude
1011
import SpecHelper
1112

12-
spec :: SpecWith ((), Application)
13-
spec = describe "server started with asymmetric JWK" $
13+
-- these tests will stop working 9999999999s after the UNIX EPOCH
14+
spec :: SpecWithConfig
15+
spec withConfig =
16+
let
17+
auth = authHeaderJWT "eyJhbGciOiJSUzI1NiJ9.eyJyb2xlIjogInBvc3RncmVzdF90ZXN0X2F1dGhvciJ9Cg.CBOYWDvqgAR0YYnZnyDGTQi6AJLc2Pds6_eV3YuBG6I36mj_h05eLhkEKNEDA5ZteMzCiY83P60rC_xtxVd7B6vo3BeF5uoanPS3rrbuHzKPwzsrgrD_CqvEuJ4n7Q9epkQiLsNkcexneENZDRqFjbwZx3DrXiCWwlK3Ytr5NAIGxmy0od-0xNpb2U1nXQyO_Q3mumWFViRt4tmFn_3goDHNKG3Ha_AzImfUNvHnWL78kAc4rbn15vLtWXD8PwtSnZaB4lY4V6RfsaW937srQsmRetvytM1i_bHBnjkjQLAqGbXPyItjtlXPs0uGNBadE8-wgkLtfmSCC4v2DjUthw"
18+
jwk = encodeUtf8 [str|{"alg":"RS256","e":"AQAB","key_ops":["verify"],"kty":"RSA","n":"0etQ2Tg187jb04MWfpuogYGV75IFrQQBxQaGH75eq_FpbkyoLcEpRUEWSbECP2eeFya2yZ9vIO5ScD-lPmovePk4Aa4SzZ8jdjhmAbNykleRPCxMg0481kz6PQhnHRUv3nF5WP479CnObJKqTVdEagVL66oxnX9VhZG9IZA7k0Th5PfKQwrKGyUeTGczpOjaPqbxlunP73j9AfnAt4XCS8epa-n3WGz1j-wfpr_ys57Aq-zBCfqP67UYzNpeI1AoXsJhD9xSDOzvJgFRvc3vm2wjAW4LEMwi48rCplamOpZToIHEPIaPzpveYQwDnB1HFTR1ove9bpKJsHmi-e2uzQ","use":"sig"}|]
19+
jwks = encodeUtf8 [str|{"keys": [{"alg":"RS256","e":"AQAB","key_ops":["verify"],"kty":"RSA","n":"0etQ2Tg187jb04MWfpuogYGV75IFrQQBxQaGH75eq_FpbkyoLcEpRUEWSbECP2eeFya2yZ9vIO5ScD-lPmovePk4Aa4SzZ8jdjhmAbNykleRPCxMg0481kz6PQhnHRUv3nF5WP479CnObJKqTVdEagVL66oxnX9VhZG9IZA7k0Th5PfKQwrKGyUeTGczpOjaPqbxlunP73j9AfnAt4XCS8epa-n3WGz1j-wfpr_ys57Aq-zBCfqP67UYzNpeI1AoXsJhD9xSDOzvJgFRvc3vm2wjAW4LEMwi48rCplamOpZToIHEPIaPzpveYQwDnB1HFTR1ove9bpKJsHmi-e2uzQ","use":"sig"}]}|]
20+
in
21+
describe "server started with asymmetric JWK" $ do
22+
23+
context "secret provided as JWK" $ withConfig (
24+
baseCfg {
25+
configJwtSecret = Just jwk
26+
, configJWKS = rightToMaybe $ parseSecret jwk
27+
}
28+
) $ it "succeeds with jwt token signed with an asymmetric key" $
29+
request methodGet "/authors_only" [auth] ""
30+
`shouldRespondWith` 200
1431

15-
-- this test will stop working 9999999999s after the UNIX EPOCH
16-
it "succeeds with jwt token signed with an asymmetric key" $ do
17-
let auth = authHeaderJWT "eyJhbGciOiJSUzI1NiJ9.eyJyb2xlIjogInBvc3RncmVzdF90ZXN0X2F1dGhvciJ9Cg.CBOYWDvqgAR0YYnZnyDGTQi6AJLc2Pds6_eV3YuBG6I36mj_h05eLhkEKNEDA5ZteMzCiY83P60rC_xtxVd7B6vo3BeF5uoanPS3rrbuHzKPwzsrgrD_CqvEuJ4n7Q9epkQiLsNkcexneENZDRqFjbwZx3DrXiCWwlK3Ytr5NAIGxmy0od-0xNpb2U1nXQyO_Q3mumWFViRt4tmFn_3goDHNKG3Ha_AzImfUNvHnWL78kAc4rbn15vLtWXD8PwtSnZaB4lY4V6RfsaW937srQsmRetvytM1i_bHBnjkjQLAqGbXPyItjtlXPs0uGNBadE8-wgkLtfmSCC4v2DjUthw"
18-
request methodGet "/authors_only" [auth] ""
19-
`shouldRespondWith` 200
32+
context "secret provided as JWKSet" $ withConfig (
33+
baseCfg {
34+
configJwtSecret = Just jwks
35+
, configJWKS = rightToMaybe $ parseSecret jwks
36+
}
37+
) $ it "succeeds with jwt token signed with an asymmetric key" $
38+
request methodGet "/authors_only" [auth] ""
39+
`shouldRespondWith` 200

test/spec/Feature/Auth/AudienceJwtSecretSpec.hs

Lines changed: 12 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -1,16 +1,22 @@
11
module Feature.Auth.AudienceJwtSecretSpec where
22

3-
import Network.Wai (Application)
4-
53
import Network.HTTP.Types
64
import Protolude hiding (get)
75
import SpecHelper
86
import Test.Hspec
97
import Test.Hspec.Wai
108
import Test.Hspec.Wai.JSON
119

12-
spec :: SpecWith ((), Application)
13-
spec = describe "test handling of aud claims in JWT when the jwt-aud config is set" $ do
10+
import PostgREST.Config (AppConfig (..), parseSecret)
11+
12+
spec :: SpecWithConfig
13+
spec withConfig = withConfig (
14+
baseCfg {
15+
configJwtSecret = Just generateSecret
16+
, configJwtAudience = Just "youraudience"
17+
, configJWKS = rightToMaybe $ parseSecret generateSecret
18+
}
19+
) $ describe "test handling of aud claims in JWT when the jwt-aud config is set" $ do
1420

1521
context "when the audience claim is a string" $ do
1622
-- this test will stop working 9999999999s after the UNIX EPOCH
@@ -147,8 +153,8 @@ spec = describe "test handling of aud claims in JWT when the jwt-aud config is s
147153
it "succeeds without a JWT" $
148154
get "/has_count_column" `shouldRespondWith` 200
149155

150-
disabledSpec :: SpecWith ((), Application)
151-
disabledSpec = describe "test handling of aud claims in JWT when the jwt-aud config is not set" $ do
156+
disabledSpec :: SpecWithConfig
157+
disabledSpec withConfig = withConfig baseCfg $ describe "test handling of aud claims in JWT when the jwt-aud config is not set" $ do
152158

153159
context "when the audience claim is a string" $ do
154160
it "ignores the audience claim and suceeds" $ do

test/spec/Feature/Auth/AuthSpec.hs

Lines changed: 2 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,5 @@
11
module Feature.Auth.AuthSpec where
22

3-
import Network.Wai (Application)
4-
53
import Network.HTTP.Types
64
import Test.Hspec
75
import Test.Hspec.Wai
@@ -10,8 +8,8 @@ import Test.Hspec.Wai.JSON
108
import Protolude hiding (get)
119
import SpecHelper
1210

13-
spec :: SpecWith ((), Application)
14-
spec = describe "authorization" $ do
11+
spec :: SpecWithConfig
12+
spec withConfig = withConfig baseCfg $ describe "authorization" $ do
1513
let single = ("Accept","application/vnd.pgrst.object+json")
1614

1715
it "denies access to tables that anonymous does not own" $

test/spec/Feature/Auth/BinaryJwtSecretSpec.hs

Lines changed: 9 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -1,16 +1,21 @@
11
module Feature.Auth.BinaryJwtSecretSpec where
22

3-
import Network.Wai (Application)
4-
53
import Network.HTTP.Types
64
import Test.Hspec
75
import Test.Hspec.Wai
86

7+
import PostgREST.Config (AppConfig (..), parseSecret)
8+
99
import Protolude
1010
import SpecHelper
1111

12-
spec :: SpecWith ((), Application)
13-
spec = describe "server started with binary JWT secret" $
12+
spec :: SpecWithConfig
13+
spec withConfig = withConfig (
14+
baseCfg {
15+
configJwtSecret = Just generateSecret
16+
, configJWKS = rightToMaybe $ parseSecret generateSecret
17+
}
18+
) $ describe "server started with binary JWT secret" $
1419

1520
-- this test will stop working 9999999999s after the UNIX EPOCH
1621
it "succeeds with jwt token encoded with a binary secret" $ do

test/spec/Feature/Auth/NoAnonSpec.hs

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -1,17 +1,17 @@
11
module Feature.Auth.NoAnonSpec where
22

3-
import Network.Wai (Application)
4-
53
import Network.HTTP.Types
64
import Test.Hspec
75
import Test.Hspec.Wai
86
import Test.Hspec.Wai.JSON
97

8+
import PostgREST.Config (AppConfig (..))
9+
1010
import Protolude hiding (get)
1111
import SpecHelper
1212

13-
spec :: SpecWith ((), Application)
14-
spec = describe "server started without anonymous role" $ do
13+
spec :: SpecWithConfig
14+
spec withConfig = withConfig (baseCfg { configDbAnonRole = Nothing }) $ describe "server started without anonymous role" $ do
1515
it "behaves normally on attempted auth" $ do
1616
-- token body: { "role": "postgrest_test_author" }
1717
let auth = authHeaderJWT "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJyb2xlIjoicG9zdGdyZXN0X3Rlc3RfYXV0aG9yIn0.Xod-F15qsGL0WhdOCr2j3DdKuTw9QJERVgoFD3vGaWA"

test/spec/Feature/Auth/NoJwtSecretSpec.hs

Lines changed: 9 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -1,17 +1,22 @@
11
module Feature.Auth.NoJwtSecretSpec where
22

3-
import Network.Wai (Application)
4-
53
import Network.HTTP.Types
64
import Test.Hspec
75
import Test.Hspec.Wai
86
import Test.Hspec.Wai.JSON
97

8+
import PostgREST.Config (AppConfig (..))
9+
1010
import Protolude hiding (get)
1111
import SpecHelper
1212

13-
spec :: SpecWith ((), Application)
14-
spec = describe "server started without JWT secret" $ do
13+
spec :: SpecWithConfig
14+
spec withConfig = withConfig (
15+
baseCfg {
16+
configJwtSecret = Nothing
17+
, configJWKS = Nothing
18+
}
19+
) $ describe "server started without JWT secret" $ do
1520

1621
it "responds with error on attempted auth" $ do
1722
-- token body: { "role": "postgrest_test_author" }

test/spec/Feature/ConcurrentSpec.hs

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -5,7 +5,6 @@
55
module Feature.ConcurrentSpec where
66

77
import Control.Concurrent.Async (mapConcurrently)
8-
import Network.Wai (Application)
98

109
import Control.Monad.Base
1110
import Control.Monad.Trans.Control
@@ -16,10 +15,11 @@ import Test.Hspec.Wai
1615
import Test.Hspec.Wai.Internal
1716
import Test.Hspec.Wai.JSON
1817

19-
import Protolude hiding (get)
18+
import Protolude hiding (get)
19+
import SpecHelper
2020

21-
spec :: SpecWith ((), Application)
22-
spec =
21+
spec :: SpecWithConfig
22+
spec withConfig = withConfig baseCfg $
2323
describe "Querying in parallel" $
2424
it "should not raise 'transaction in progress' error" $
2525
raceTest 10 $

test/spec/Feature/CorsSpec.hs

Lines changed: 3 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -1,15 +1,14 @@
11
module Feature.CorsSpec where
22

3-
import Network.Wai (Application)
4-
53
import Network.HTTP.Types
64
import Test.Hspec
75
import Test.Hspec.Wai
86

97
import Protolude
8+
import SpecHelper
109

11-
spec :: SpecWith ((), Application)
12-
spec =
10+
spec :: SpecWithConfig
11+
spec withConfig = withConfig baseCfg $
1312
describe "CORS" $ do
1413
it "replies naively and permissively to preflight request" $
1514
request methodOptions "/"

test/spec/Feature/ExtraSearchPathSpec.hs

Lines changed: 4 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1,16 +1,17 @@
11
module Feature.ExtraSearchPathSpec where
22

33
import Network.HTTP.Types
4-
import Network.Wai (Application)
54
import Test.Hspec
65
import Test.Hspec.Wai
76
import Test.Hspec.Wai.JSON
87

8+
import PostgREST.Config (AppConfig (..))
9+
910
import Protolude hiding (get)
1011
import SpecHelper
1112

12-
spec :: SpecWith ((), Application)
13-
spec = describe "extra search path" $ do
13+
spec :: SpecWithConfig
14+
spec withConfig = withConfig (baseCfg { configDbExtraSearchPath = ["public", "extensions", "EXTRA \"@/\\#~_-"] }) $ describe "extra search path" $ do
1415

1516
it "finds the ltree <@ operator on the public schema" $
1617
request methodGet "/ltree_sample?path=cd.Top.Science.Astronomy" [] ""

test/spec/Feature/NoSuperuserSpec.hs

Lines changed: 3 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -1,15 +1,14 @@
11
module Feature.NoSuperuserSpec where
22

3-
import Network.Wai (Application)
4-
53
import Network.HTTP.Types
64
import Test.Hspec
75
import Test.Hspec.Wai
86

97
import Protolude
8+
import SpecHelper
109

11-
spec :: SpecWith ((), Application)
12-
spec =
10+
spec :: SpecWithConfig
11+
spec withConfig = withConfig baseCfg $
1312
describe "No Superuser" $ do
1413
it "proves that the authenticator role is not a superuser" $ do
1514
request methodGet "/rpc/is_superuser"

0 commit comments

Comments
 (0)