44 "context"
55 "database/sql"
66 "encoding/base64"
7- "strings"
87 "testing"
98
109 "github.com/google/uuid"
@@ -42,9 +41,15 @@ func TestServerDBCrypt(t *testing.T) {
4241 })
4342 db := database .New (sqlDB )
4443
44+ t .Cleanup (func () {
45+ if t .Failed () {
46+ t .Logf ("Dumping data due to failed test. I hope you find what you're looking for!" )
47+ dumpUsers (t , sqlDB )
48+ }
49+ })
50+
4551 // Populate the database with some unencrypted data.
4652 users := genData (t , db )
47- dumpUsers (t , sqlDB , "NOT ENCRYPTED" )
4853
4954 // Setup an initial cipher A
5055 keyA := mustString (t , 32 )
@@ -57,7 +62,6 @@ func TestServerDBCrypt(t *testing.T) {
5762
5863 // Populate the database with some encrypted data using cipher A.
5964 newUsers := genData (t , cryptdb )
60- dumpUsers (t , sqlDB , "PARTIALLY ENCRYPTED A" )
6165
6266 // Validate that newly created users were encrypted with cipher A
6367 for _ , usr := range newUsers {
@@ -76,7 +80,6 @@ func TestServerDBCrypt(t *testing.T) {
7680 err = inv .Run ()
7781 require .NoError (t , err )
7882
79- dumpUsers (t , sqlDB , "ENCRYPTED A" )
8083 // Validate that all existing data has been encrypted with cipher A.
8184 for _ , usr := range users {
8285 requireEncryptedWithCipher (ctx , t , db , cipherA [0 ], usr .ID )
@@ -89,7 +92,6 @@ func TestServerDBCrypt(t *testing.T) {
8992
9093 // Generate some more encrypted data using the new cipher
9194 users = append (users , genData (t , db )... )
92- dumpUsers (t , sqlDB , "ENCRYPTED AB" )
9395
9496 inv , _ = newCLI (t , "server" , "dbcrypt" , "rotate" ,
9597 "--postgres-url" , connectionURL ,
@@ -103,7 +105,6 @@ func TestServerDBCrypt(t *testing.T) {
103105 require .NoError (t , err )
104106
105107 // Validate that all data has been re-encrypted with cipher B.
106- dumpUsers (t , sqlDB , "ENCRYPTED B" )
107108 for _ , usr := range users {
108109 requireEncryptedWithCipher (ctx , t , db , cipherBA [0 ], usr .ID )
109110 }
@@ -150,7 +151,6 @@ func TestServerDBCrypt(t *testing.T) {
150151 }
151152
152153 // Validate that all data has been decrypted.
153- dumpUsers (t , sqlDB , "DECRYPTED" )
154154 for _ , usr := range users {
155155 requireEncryptedWithCipher (ctx , t , db , & nullCipher {}, usr .ID )
156156 }
@@ -172,7 +172,6 @@ func TestServerDBCrypt(t *testing.T) {
172172 require .NoError (t , err )
173173
174174 // Validate that all data has been re-encrypted with cipher C.
175- dumpUsers (t , sqlDB , "ENCRYPTED C" )
176175 for _ , usr := range users {
177176 requireEncryptedWithCipher (ctx , t , db , cipherC [0 ], usr .ID )
178177 }
@@ -189,7 +188,6 @@ func TestServerDBCrypt(t *testing.T) {
189188 require .NoError (t , err )
190189
191190 // Assert that no user links remain.
192- dumpUsers (t , sqlDB , "DELETED" )
193191 for _ , usr := range users {
194192 userLinks , err := db .GetUserLinksByUserID (ctx , usr .ID )
195193 require .NoError (t , err , "failed to get user links for user %s" , usr .ID )
@@ -227,6 +225,9 @@ func genData(t *testing.T, db database.Store) []database.User {
227225 OAuthAccessToken : "access-" + usr .ID .String (),
228226 OAuthRefreshToken : "refresh-" + usr .ID .String (),
229227 })
228+ // Fun fact: our schema allows _all_ login types to have
229+ // a user_link. Even though I'm not sure how it could occur
230+ // in practice, making sure to test all combinations here.
230231 _ = dbgen .UserLink (t , db , database.UserLink {
231232 UserID : usr .ID ,
232233 LoginType : usr .LoginType ,
@@ -240,8 +241,8 @@ func genData(t *testing.T, db database.Store) []database.User {
240241 return users
241242}
242243
243- func dumpUsers (t * testing.T , db * sql.DB , header string ) {
244- t .Logf ( "%s %s %s" , strings . Repeat ( "=" , 20 ), header , strings . Repeat ( "=" , 20 ) )
244+ func dumpUsers (t * testing.T , db * sql.DB ) {
245+ t .Helper ( )
245246 rows , err := db .QueryContext (context .Background (), `SELECT
246247 u.id,
247248 u.login_type,
0 commit comments