1 files changed, 33 insertions, 20 deletions

diff --git a/src/api/users.rs b/src/api/users.rs
index e73e229..e07bf7e 100644
--- a/src/api/users.rs
+++ b/src/api/users.rs
@@ -81,13 +81,9 @@ pub async fn create(
 pub async fn show(
     Path(uuid): Path<Uuid>,
     State(pool): State<PgPool>,
-    AccessClaims { sub, .. }: AccessClaims,
+    _: AccessClaims,
 ) -> Result<impl IntoResponse, Error> {
-    if uuid != sub {
-        return Err(Error::InvalidToken);
-    }
-
-    sqlx::query_as!(User, "SELECT * FROM user_ WHERE id = $1 LIMIT 1", sub)
+    sqlx::query_as!(User, "SELECT * FROM user_ WHERE id = $1 LIMIT 1", uuid)
         .fetch_optional(&pool)
         .await?
         .ok_or_else(|| Error::UserNotFound)
@@ -102,7 +98,7 @@ mod tests {
         body::Body,
         http::{
             header::{CONTENT_TYPE, COOKIE},
-            HeaderValue, Request, StatusCode,
+            Request, StatusCode,
         },
         Router,
     };
@@ -121,14 +117,17 @@ mod tests {
     const USER_PASSWORD: &str = "solongandthanksforallthefish";
 
     #[sqlx::test(fixtures(path = "../../fixtures", scripts("users")))]
-    async fn test_uuid_ok(pool: PgPool) -> TestResult {
+    async fn test_get_ok_self(pool: PgPool) -> TestResult {
         setup_test_env();
 
         let router = Router::new().merge(router()).with_state(AppState { pool });
 
         let request = Request::builder()
             .uri(format!("/users/{}", USER_ID))
-            .header(COOKIE, HeaderValue::try_from(AccessClaims::issue(USER_ID))?)
+            .header(
+                COOKIE,
+                AccessClaims::issue(USER_ID).as_cookie()?.to_string(),
+            )
             .body(Body::empty())?;
 
         let response = router.oneshot(request).await?;
@@ -147,26 +146,40 @@ mod tests {
         Ok(())
     }
 
-    #[sqlx::test]
-    async fn test_uuid_not_found(pool: PgPool) -> TestResult {
+    #[sqlx::test(fixtures(path = "../../fixtures", scripts("users")))]
+    async fn test_get_ok_other(pool: PgPool) -> TestResult {
         setup_test_env();
 
         let router = Router::new().merge(router()).with_state(AppState { pool });
 
         let request = Request::builder()
             .uri(format!("/users/{}", USER_ID))
-            .header(COOKIE, HeaderValue::try_from(AccessClaims::issue(USER_ID))?)
+            .header(
+                COOKIE,
+                AccessClaims::issue(uuid::Uuid::new_v4())
+                    .as_cookie()?
+                    .to_string(),
+            )
             .body(Body::empty())?;
 
         let response = router.oneshot(request).await?;
 
-        assert_eq!(StatusCode::NOT_FOUND, response.status());
+        assert_eq!(StatusCode::OK, response.status());
+
+        let body_bytes = response.into_body().collect().await?.to_bytes();
+        let User {
+            id, name, email, ..
+        } = serde_json::from_slice(&body_bytes)?;
+
+        assert_eq!(USER_ID, id);
+        assert_eq!(USER_NAME, name);
+        assert_eq!(USER_EMAIL, email);
 
         Ok(())
     }
 
     #[sqlx::test]
-    async fn test_unauthorized_invalid_token_signature(pool: PgPool) -> TestResult {
+    async fn test_get_not_found(pool: PgPool) -> TestResult {
         setup_test_env();
 
         let router = Router::new().merge(router()).with_state(AppState { pool });
@@ -175,19 +188,19 @@ mod tests {
             .uri(format!("/users/{}", USER_ID))
             .header(
                 COOKIE,
-                HeaderValue::try_from(AccessClaims::issue(uuid::Uuid::new_v4()))?,
+                AccessClaims::issue(USER_ID).as_cookie()?.to_string(),
             )
             .body(Body::empty())?;
 
         let response = router.oneshot(request).await?;
 
-        assert_eq!(StatusCode::UNAUTHORIZED, response.status());
+        assert_eq!(StatusCode::NOT_FOUND, response.status());
 
         Ok(())
     }
 
     #[sqlx::test]
-    async fn test_unauthorized_invalid_token_format(pool: PgPool) -> TestResult {
+    async fn test_get_unauthorized_invalid_token_format(pool: PgPool) -> TestResult {
         setup_test_env();
 
         let router = Router::new().merge(router()).with_state(AppState { pool });
@@ -205,7 +218,7 @@ mod tests {
     }
 
     #[sqlx::test]
-    async fn test_unauthorized_missing_token(pool: PgPool) -> TestResult {
+    async fn test_get_unauthorized_missing_token(pool: PgPool) -> TestResult {
         setup_test_env();
 
         let router = Router::new().merge(router()).with_state(AppState { pool });
@@ -222,7 +235,7 @@ mod tests {
     }
 
     #[sqlx::test]
-    async fn test_create_created(pool: PgPool) -> TestResult {
+    async fn test_post_created(pool: PgPool) -> TestResult {
         setup_test_env();
 
         let router = Router::new().merge(router()).with_state(AppState { pool });
@@ -253,7 +266,7 @@ mod tests {
     }
 
     #[sqlx::test(fixtures(path = "../../fixtures", scripts("users")))]
-    async fn test_create_conflict(pool: PgPool) -> TestResult {
+    async fn test_post_conflict(pool: PgPool) -> TestResult {
         setup_test_env();
 
         let router = Router::new().merge(router()).with_state(AppState { pool });