tests: Use cookie header to authenticate

... instead of adding the `TrustedUserId` extension directly

Author: Turbo87

src/tests/authentication.rs

@@ -1,8 +1,7 @@
 use crate::{util::RequestHelper, TestApp};
 
-use cargo_registry::middleware::current_user::TrustedUserId;
-
-use conduit::{header, Handler, HandlerResult, Method, RequestExt, StatusCode};
+use crate::util::encode_session_header;
+use conduit::{header, Handler, HandlerResult, Method, StatusCode};
 use conduit_test::MockRequest;
 
 static URL: &str = "/api/v1/me/updates";
@@ -49,8 +48,12 @@ fn token_auth_cannot_find_token() {
 #[test]
 fn cookie_auth_cannot_find_user() {
     let (app, anon) = TestApp::init().empty();
+
+    let session_key = &app.as_inner().session_key;
+    let cookie = encode_session_header(session_key, -1);
+
     let mut request = anon.request_builder(Method::GET, URL);
-    request.mut_extensions().insert(TrustedUserId(-1));
+    request.header(header::COOKIE, &cookie);
 
     let response = call(&app, request);
     let log_message = response.map(|_| ()).unwrap_err().to_string();

src/tests/util.rs

@@ -27,7 +27,6 @@ use cargo_registry::{
     background_jobs::Environment,
     db::DieselPool,
     git::{Credentials, RepositoryConfig},
-    middleware::current_user::TrustedUserId,
     models::{ApiToken, CreatedApiToken, User},
     util::AppResponse,
     App, Config,
@@ -37,7 +36,8 @@ use serde_json::Value;
 use std::{marker::PhantomData, rc::Rc, sync::Arc, time::Duration};
 use swirl::Runner;
 
-use conduit::{Handler, HandlerResult, Method, RequestExt};
+use conduit::{Handler, HandlerResult, Method};
+use conduit_cookie::SessionMiddleware;
 use conduit_test::MockRequest;
 
 use cargo_registry::git::Repository as WorkerRepository;
@@ -46,6 +46,8 @@ use git2::Repository as UpstreamRepository;
 use url::Url;
 
 pub use conduit::{header, StatusCode};
+use cookie::Cookie;
+use std::collections::HashMap;
 
 pub fn init_logger() {
     let _ = tracing_subscriber::fmt()
@@ -209,6 +211,37 @@ impl TestApp {
     }
 }
 
+/// This function can be used to create a `Cookie` header for mock requests that
+/// include cookie-based authentication.
+///
+/// ```
+/// let cookie = encode_session_header(session_key, user_id);
+/// request.header(header::COOKIE, &cookie);
+/// ```
+///
+/// The implementation matches roughly what is happening inside of the
+/// `SessionMiddleware` from `conduit_cookie`.
+pub fn encode_session_header(session_key: &str, user_id: i32) -> String {
+    let cookie_name = "cargo_session";
+    let cookie_key = cookie::Key::derive_from(session_key.as_bytes());
+
+    // build session data map
+    let mut map = HashMap::new();
+    map.insert("user_id".into(), user_id.to_string());
+
+    // encode the map into a cookie value string
+    let session_middleware = SessionMiddleware::new(cookie_name, cookie_key.clone(), false);
+    let encoded = session_middleware.encode(&map);
+
+    // put the cookie into a signed cookie jar
+    let cookie = Cookie::build(cookie_name, encoded).finish();
+    let mut jar = cookie::CookieJar::new();
+    jar.signed(&cookie_key).add(cookie);
+
+    // read the raw cookie from the cookie jar
+    jar.get(&cookie_name).unwrap().to_string()
+}
+
 pub struct TestAppBuilder {
     config: Config,
     proxy: Option<String>,
@@ -463,9 +496,11 @@ pub struct MockCookieUser {
 
 impl RequestHelper for MockCookieUser {
     fn request_builder(&self, method: Method, path: &str) -> MockRequest {
+        let session_key = &self.app.as_inner().session_key;
+        let cookie = encode_session_header(session_key, self.user.id);
+
         let mut request = req(method, path);
-        let id = TrustedUserId(self.user.id);
-        request.mut_extensions().insert(id);
+        request.header(header::COOKIE, &cookie);
         request
     }