fix: auth flow

2022-03-02 17:42:31 +05:30
parent 5399ea8f32
commit f0f2e0b6c8
47 changed files with 786 additions and 972 deletions
--- a/server/test/is_valid_jwt_test.go
+++ b/server/test/is_valid_jwt_test.go
@@ -1,38 +0,0 @@
-package test
-
-import (
-	"testing"
-
-	"github.com/authorizerdev/authorizer/server/db/models"
-	"github.com/authorizerdev/authorizer/server/graph/model"
-	"github.com/authorizerdev/authorizer/server/resolvers"
-	"github.com/authorizerdev/authorizer/server/token"
-	"github.com/google/uuid"
-	"github.com/stretchr/testify/assert"
-)
-
-func isValidJWTTests(t *testing.T, s TestSetup) {
-	t.Helper()
-	_, ctx := createContext(s)
-	expiredToken := "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhbGxvd2VkX3JvbGVzIjpbIiJdLCJiaXJ0aGRhdGUiOm51bGwsImNyZWF0ZWRfYXQiOjAsImVtYWlsIjoiam9obi5kb2VAZ21haWwuY29tIiwiZW1haWxfdmVyaWZpZWQiOmZhbHNlLCJleHAiOjE2NDI5NjEwMTEsImV4dHJhIjp7IngtZXh0cmEtaWQiOiJkMmNhMjQwNy05MzZmLTQwYzQtOTQ2NS05Y2M5MWYxZTJhNDQifSwiZmFtaWx5X25hbWUiOm51bGwsImdlbmRlciI6bnVsbCwiZ2l2ZW5fbmFtZSI6bnVsbCwiaWF0IjoxNjQyOTYwOTgxLCJpZCI6ImQyY2EyNDA3LTkzNmYtNDBjNC05NDY1LTljYzkxZjFlMmE0NCIsIm1pZGRsZV9uYW1lIjpudWxsLCJuaWNrbmFtZSI6bnVsbCwicGhvbmVfbnVtYmVyIjpudWxsLCJwaG9uZV9udW1iZXJfdmVyaWZpZWQiOmZhbHNlLCJwaWN0dXJlIjpudWxsLCJwcmVmZXJyZWRfdXNlcm5hbWUiOiJqb2huLmRvZUBnbWFpbC5jb20iLCJyb2xlIjpbXSwic2lnbnVwX21ldGhvZHMiOiIiLCJ0b2tlbl90eXBlIjoiYWNjZXNzX3Rva2VuIiwidXBkYXRlZF9hdCI6MH0.FrdyeOC5e8uU1SowGj0omFJuwRnh4BrEk89S_fbEkzs"
-
-	t.Run(`should fail for invalid jwt`, func(t *testing.T) {
-		_, err := resolvers.IsValidJwtResolver(ctx, &model.IsValidJWTQueryInput{
-			Jwt: &expiredToken,
-		})
-		assert.NotNil(t, err)
-	})
-
-	t.Run(`should pass with valid jwt`, func(t *testing.T) {
-		authToken, err := token.CreateAuthToken(models.User{
-			ID:    uuid.New().String(),
-			Email: "john.doe@gmail.com",
-		}, []string{})
-		assert.Nil(t, err)
-		res, err := resolvers.IsValidJwtResolver(ctx, &model.IsValidJWTQueryInput{
-			Jwt: &authToken.AccessToken.Token,
-		})
-		assert.Nil(t, err)
-		assert.True(t, res.Valid)
-	})
-}
--- a/server/test/jwt_test.go
+++ b/server/test/jwt_test.go
@@ -9,6 +9,7 @@ import (
 	"github.com/authorizerdev/authorizer/server/envstore"
 	"github.com/authorizerdev/authorizer/server/token"
 	"github.com/golang-jwt/jwt"
+	"github.com/google/uuid"
 	"github.com/stretchr/testify/assert"
 )

@@ -18,12 +19,17 @@ func TestJwt(t *testing.T) {
 	publicKey := envstore.EnvStoreObj.GetStringStoreEnvVariable(constants.EnvKeyJwtPublicKey)
 	privateKey := envstore.EnvStoreObj.GetStringStoreEnvVariable(constants.EnvKeyJwtPrivateKey)
 	clientID := envstore.EnvStoreObj.GetStringStoreEnvVariable(constants.EnvKeyClientID)
+	nonce := uuid.New().String()
+	hostname := "localhost"
+	subject := "test"
 	claims := jwt.MapClaims{
 		"exp":   time.Now().Add(time.Minute * 30).Unix(),
 		"iat":   time.Now().Unix(),
 		"email": "test@yopmail.com",
-		"sub":   "test",
+		"sub":   subject,
 		"aud":   clientID,
+		"nonce": nonce,
+		"iss":   hostname,
 	}

 	t.Run("invalid jwt type", func(t *testing.T) {
@@ -42,7 +48,7 @@ func TestJwt(t *testing.T) {
 		}
 		jwtToken, err := token.SignJWTToken(expiredClaims)
 		assert.NoError(t, err)
-		_, err = token.ParseJWTToken(jwtToken)
+		_, err = token.ParseJWTToken(jwtToken, hostname, nonce, subject)
 		assert.Error(t, err, err.Error(), "Token is expired")
 	})
 	t.Run("HMAC algorithms", func(t *testing.T) {
@@ -52,7 +58,7 @@ func TestJwt(t *testing.T) {
 			jwtToken, err := token.SignJWTToken(claims)
 			assert.NoError(t, err)
 			assert.NotEmpty(t, jwtToken)
-			c, err := token.ParseJWTToken(jwtToken)
+			c, err := token.ParseJWTToken(jwtToken, hostname, nonce, subject)
 			assert.NoError(t, err)
 			assert.Equal(t, c["email"].(string), claims["email"])
 		})
@@ -61,7 +67,7 @@ func TestJwt(t *testing.T) {
 			jwtToken, err := token.SignJWTToken(claims)
 			assert.NoError(t, err)
 			assert.NotEmpty(t, jwtToken)
-			c, err := token.ParseJWTToken(jwtToken)
+			c, err := token.ParseJWTToken(jwtToken, hostname, nonce, subject)
 			assert.NoError(t, err)
 			assert.Equal(t, c["email"].(string), claims["email"])
 		})
@@ -70,7 +76,7 @@ func TestJwt(t *testing.T) {
 			jwtToken, err := token.SignJWTToken(claims)
 			assert.NoError(t, err)
 			assert.NotEmpty(t, jwtToken)
-			c, err := token.ParseJWTToken(jwtToken)
+			c, err := token.ParseJWTToken(jwtToken, hostname, nonce, subject)
 			assert.NoError(t, err)
 			assert.Equal(t, c["email"].(string), claims["email"])
 		})
@@ -86,7 +92,7 @@ func TestJwt(t *testing.T) {
 			jwtToken, err := token.SignJWTToken(claims)
 			assert.NoError(t, err)
 			assert.NotEmpty(t, jwtToken)
-			c, err := token.ParseJWTToken(jwtToken)
+			c, err := token.ParseJWTToken(jwtToken, hostname, nonce, subject)
 			assert.NoError(t, err)
 			assert.Equal(t, c["email"].(string), claims["email"])
 		})
@@ -99,7 +105,7 @@ func TestJwt(t *testing.T) {
 			jwtToken, err := token.SignJWTToken(claims)
 			assert.NoError(t, err)
 			assert.NotEmpty(t, jwtToken)
-			c, err := token.ParseJWTToken(jwtToken)
+			c, err := token.ParseJWTToken(jwtToken, hostname, nonce, subject)
 			assert.NoError(t, err)
 			assert.Equal(t, c["email"].(string), claims["email"])
 		})
@@ -112,7 +118,7 @@ func TestJwt(t *testing.T) {
 			jwtToken, err := token.SignJWTToken(claims)
 			assert.NoError(t, err)
 			assert.NotEmpty(t, jwtToken)
-			c, err := token.ParseJWTToken(jwtToken)
+			c, err := token.ParseJWTToken(jwtToken, hostname, nonce, subject)
 			assert.NoError(t, err)
 			assert.Equal(t, c["email"].(string), claims["email"])
 		})
@@ -128,7 +134,7 @@ func TestJwt(t *testing.T) {
 			jwtToken, err := token.SignJWTToken(claims)
 			assert.NoError(t, err)
 			assert.NotEmpty(t, jwtToken)
-			c, err := token.ParseJWTToken(jwtToken)
+			c, err := token.ParseJWTToken(jwtToken, hostname, nonce, subject)
 			assert.NoError(t, err)
 			assert.Equal(t, c["email"].(string), claims["email"])
 		})
@@ -141,7 +147,7 @@ func TestJwt(t *testing.T) {
 			jwtToken, err := token.SignJWTToken(claims)
 			assert.NoError(t, err)
 			assert.NotEmpty(t, jwtToken)
-			c, err := token.ParseJWTToken(jwtToken)
+			c, err := token.ParseJWTToken(jwtToken, hostname, nonce, subject)
 			assert.NoError(t, err)
 			assert.Equal(t, c["email"].(string), claims["email"])
 		})
@@ -154,7 +160,7 @@ func TestJwt(t *testing.T) {
 			jwtToken, err := token.SignJWTToken(claims)
 			assert.NoError(t, err)
 			assert.NotEmpty(t, jwtToken)
-			c, err := token.ParseJWTToken(jwtToken)
+			c, err := token.ParseJWTToken(jwtToken, hostname, nonce, subject)
 			assert.NoError(t, err)
 			assert.Equal(t, c["email"].(string), claims["email"])
 		})
--- a/server/test/login_test.go
+++ b/server/test/login_test.go
@@ -5,14 +5,17 @@ import (

 	"github.com/authorizerdev/authorizer/server/constants"
 	"github.com/authorizerdev/authorizer/server/db"
+	"github.com/authorizerdev/authorizer/server/envstore"
 	"github.com/authorizerdev/authorizer/server/graph/model"
 	"github.com/authorizerdev/authorizer/server/resolvers"
+	"github.com/authorizerdev/authorizer/server/utils"
 	"github.com/stretchr/testify/assert"
 )

 func loginTests(t *testing.T, s TestSetup) {
 	t.Helper()
 	t.Run(`should login`, func(t *testing.T) {
+		t.Logf("=> is enabled: %v", envstore.EnvStoreObj.GetBoolStoreEnvVariable(constants.EnvKeyDisableEmailVerification))
 		_, ctx := createContext(s)
 		email := "login." + s.TestInfo.Email
 		_, err := resolvers.SignupResolver(ctx, model.SignUpInput{
@@ -21,15 +24,19 @@ func loginTests(t *testing.T, s TestSetup) {
 			ConfirmPassword: s.TestInfo.Password,
 		})

-		_, err = resolvers.LoginResolver(ctx, model.LoginInput{
+		res, err := resolvers.LoginResolver(ctx, model.LoginInput{
 			Email:    email,
 			Password: s.TestInfo.Password,
 		})

 		assert.NotNil(t, err, "should fail because email is not verified")
-
+		assert.Nil(t, res)
 		verificationRequest, err := db.Provider.GetVerificationRequestByEmail(email, constants.VerificationTypeBasicAuthSignup)
-		res, err := resolvers.VerifyEmailResolver(ctx, model.VerifyEmailInput{
+		n, err := utils.EncryptNonce(verificationRequest.Nonce)
+		assert.NoError(t, err)
+		assert.NotEmpty(t, n)
+		assert.NotNil(t, verificationRequest)
+		res, err = resolvers.VerifyEmailResolver(ctx, model.VerifyEmailInput{
 			Token: verificationRequest.Token,
 		})
 		assert.NoError(t, err)
--- a/server/test/logout_test.go
+++ b/server/test/logout_test.go
@@ -2,11 +2,9 @@ package test

 import (
 	"fmt"
-	"net/url"
 	"testing"

 	"github.com/authorizerdev/authorizer/server/constants"
-	"github.com/authorizerdev/authorizer/server/crypto"
 	"github.com/authorizerdev/authorizer/server/db"
 	"github.com/authorizerdev/authorizer/server/envstore"
 	"github.com/authorizerdev/authorizer/server/graph/model"
@@ -30,18 +28,15 @@ func logoutTests(t *testing.T, s TestSetup) {
 			Token: verificationRequest.Token,
 		})

-		sessions := sessionstore.GetUserSessions(verifyRes.User.ID)
-		fingerPrint := ""
-		refreshToken := ""
-		for key, val := range sessions {
-			fingerPrint = key
-			refreshToken = val
-		}
-
-		fingerPrintHash, _ := crypto.EncryptAES([]byte(fingerPrint))
-
 		token := *verifyRes.AccessToken
-		cookie := fmt.Sprintf("%s=%s;%s=%s;%s=%s", envstore.EnvStoreObj.GetStringStoreEnvVariable(constants.EnvKeyCookieName)+".fingerprint", url.QueryEscape(string(fingerPrintHash)), envstore.EnvStoreObj.GetStringStoreEnvVariable(constants.EnvKeyCookieName)+".refresh_token", refreshToken, envstore.EnvStoreObj.GetStringStoreEnvVariable(constants.EnvKeyCookieName)+".access_token", token)
+		sessions := sessionstore.GetUserSessions(verifyRes.User.ID)
+		cookie := ""
+		// set all they keys in cookie one of them should be session cookie
+		for key := range sessions {
+			if key != token {
+				cookie += fmt.Sprintf("%s=%s;", envstore.EnvStoreObj.GetStringStoreEnvVariable(constants.EnvKeyCookieName)+"_session", key)
+			}
+		}

 		req.Header.Set("Cookie", cookie)
 		_, err = resolvers.LogoutResolver(ctx)
--- a/server/test/magic_link_login_test.go
+++ b/server/test/magic_link_login_test.go
@@ -1,12 +1,11 @@
 package test

 import (
-	"fmt"
+	"context"
 	"testing"

 	"github.com/authorizerdev/authorizer/server/constants"
 	"github.com/authorizerdev/authorizer/server/db"
-	"github.com/authorizerdev/authorizer/server/envstore"
 	"github.com/authorizerdev/authorizer/server/graph/model"
 	"github.com/authorizerdev/authorizer/server/resolvers"
 	"github.com/stretchr/testify/assert"
@@ -27,12 +26,13 @@ func magicLinkLoginTests(t *testing.T, s TestSetup) {
 		verifyRes, err := resolvers.VerifyEmailResolver(ctx, model.VerifyEmailInput{
 			Token: verificationRequest.Token,
 		})
-
-		token := *verifyRes.AccessToken
-		req.Header.Set("Cookie", fmt.Sprintf("%s=%s", envstore.EnvStoreObj.GetStringStoreEnvVariable(constants.EnvKeyCookieName)+".access_token", token))
+		assert.NoError(t, err)
+		assert.NotNil(t, verifyRes.AccessToken)
+		s.GinContext.Request.Header.Set("Authorization", "Bearer "+*verifyRes.AccessToken)
+		ctx = context.WithValue(req.Context(), "GinContextKey", s.GinContext)
 		_, err = resolvers.ProfileResolver(ctx)
 		assert.Nil(t, err)
-
+		s.GinContext.Request.Header.Set("Authorization", "")
 		cleanData(email)
 	})
 }
--- a/server/test/profile_test.go
+++ b/server/test/profile_test.go
@@ -1,12 +1,11 @@
 package test

 import (
-	"fmt"
+	"context"
 	"testing"

 	"github.com/authorizerdev/authorizer/server/constants"
 	"github.com/authorizerdev/authorizer/server/db"
-	"github.com/authorizerdev/authorizer/server/envstore"
 	"github.com/authorizerdev/authorizer/server/graph/model"
 	"github.com/authorizerdev/authorizer/server/resolvers"
 	"github.com/stretchr/testify/assert"
@@ -14,7 +13,7 @@ import (

 func profileTests(t *testing.T, s TestSetup) {
 	t.Helper()
-	t.Run(`should get profile only with token`, func(t *testing.T) {
+	t.Run(`should get profile only access_token token`, func(t *testing.T) {
 		req, ctx := createContext(s)
 		email := "profile." + s.TestInfo.Email

@@ -31,11 +30,14 @@ func profileTests(t *testing.T, s TestSetup) {
 		verifyRes, err := resolvers.VerifyEmailResolver(ctx, model.VerifyEmailInput{
 			Token: verificationRequest.Token,
 		})
+		assert.NoError(t, err)
+		assert.NotNil(t, verifyRes.AccessToken)

-		token := *verifyRes.AccessToken
-		req.Header.Set("Cookie", fmt.Sprintf("%s=%s", envstore.EnvStoreObj.GetStringStoreEnvVariable(constants.EnvKeyCookieName)+".access_token", token))
+		s.GinContext.Request.Header.Set("Authorization", "Bearer "+*verifyRes.AccessToken)
+		ctx = context.WithValue(req.Context(), "GinContextKey", s.GinContext)
 		profileRes, err := resolvers.ProfileResolver(ctx)
 		assert.Nil(t, err)
+		s.GinContext.Request.Header.Set("Authorization", "")

 		newEmail := *&profileRes.Email
 		assert.Equal(t, email, newEmail, "emails should be equal")
--- a/server/test/resolvers_test.go
+++ b/server/test/resolvers_test.go
@@ -15,15 +15,16 @@ func TestResolvers(t *testing.T) {
 		// constants.DbTypeArangodb: "http://localhost:8529",
 		// constants.DbTypeMongodb:  "mongodb://localhost:27017",
 	}
-	envstore.EnvStoreObj.ResetStore()
 	envstore.EnvStoreObj.UpdateEnvVariable(constants.StringStoreIdentifier, constants.EnvKeyVersion, "test")
 	for dbType, dbURL := range databases {
+		s := testSetup()
 		envstore.EnvStoreObj.UpdateEnvVariable(constants.StringStoreIdentifier, constants.EnvKeyDatabaseURL, dbURL)
 		envstore.EnvStoreObj.UpdateEnvVariable(constants.StringStoreIdentifier, constants.EnvKeyDatabaseType, dbType)
-
-		s := testSetup()
 		defer s.Server.Close()
-		db.InitDB()
+		err := db.InitDB()
+		if err != nil {
+			t.Errorf("Error initializing database: %s", err)
+		}

 		// clean the persisted config for test to use fresh config
 		envData, err := db.Provider.GetEnv()
@@ -31,12 +32,10 @@ func TestResolvers(t *testing.T) {
 			envData.EnvData = ""
 			db.Provider.UpdateEnv(envData)
 		}
-		err = env.InitAllEnv()
-		if err != nil {
-			t.Error(err)
-		}
 		env.PersistEnv()

+		envstore.EnvStoreObj.UpdateEnvVariable(constants.StringStoreIdentifier, constants.EnvKeyEnv, "test")
+		envstore.EnvStoreObj.UpdateEnvVariable(constants.BoolStoreIdentifier, constants.EnvKeyIsProd, false)
 		t.Run("should pass tests for "+dbType, func(t *testing.T) {
 			// admin tests
 			adminSignupTests(t, s)
@@ -63,7 +62,6 @@ func TestResolvers(t *testing.T) {
 			magicLinkLoginTests(t, s)
 			logoutTests(t, s)
 			metaTests(t, s)
-			isValidJWTTests(t, s)
 		})
 	}
 }
--- a/server/test/session_test.go
+++ b/server/test/session_test.go
@@ -2,11 +2,10 @@ package test

 import (
 	"fmt"
-	"net/url"
+	"strings"
 	"testing"

 	"github.com/authorizerdev/authorizer/server/constants"
-	"github.com/authorizerdev/authorizer/server/crypto"
 	"github.com/authorizerdev/authorizer/server/db"
 	"github.com/authorizerdev/authorizer/server/envstore"
 	"github.com/authorizerdev/authorizer/server/graph/model"
@@ -36,17 +35,15 @@ func sessionTests(t *testing.T, s TestSetup) {
 		})

 		sessions := sessionstore.GetUserSessions(verifyRes.User.ID)
-		fingerPrint := ""
-		refreshToken := ""
-		for key, val := range sessions {
-			fingerPrint = key
-			refreshToken = val
-		}
-
-		fingerPrintHash, _ := crypto.EncryptAES([]byte(fingerPrint))
-
+		cookie := ""
 		token := *verifyRes.AccessToken
-		cookie := fmt.Sprintf("%s=%s;%s=%s;%s=%s", envstore.EnvStoreObj.GetStringStoreEnvVariable(constants.EnvKeyCookieName)+".fingerprint", url.QueryEscape(string(fingerPrintHash)), envstore.EnvStoreObj.GetStringStoreEnvVariable(constants.EnvKeyCookieName)+".refresh_token", refreshToken, envstore.EnvStoreObj.GetStringStoreEnvVariable(constants.EnvKeyCookieName)+".access_token", token)
+		// set all they keys in cookie one of them should be session cookie
+		for key := range sessions {
+			if key != token {
+				cookie += fmt.Sprintf("%s=%s;", envstore.EnvStoreObj.GetStringStoreEnvVariable(constants.EnvKeyCookieName)+"_session", key)
+			}
+		}
+		cookie = strings.TrimSuffix(cookie, ";")

 		req.Header.Set("Cookie", cookie)

--- a/server/test/test.go
+++ b/server/test/test.go
@@ -72,13 +72,13 @@ func testSetup() TestSetup {
 	}

 	envstore.EnvStoreObj.UpdateEnvVariable(constants.StringStoreIdentifier, constants.EnvKeyEnvPath, "../../.env.sample")
+	env.InitRequiredEnv()
 	envstore.EnvStoreObj.UpdateEnvVariable(constants.StringStoreIdentifier, constants.EnvKeySmtpHost, "smtp.yopmail.com")
 	envstore.EnvStoreObj.UpdateEnvVariable(constants.StringStoreIdentifier, constants.EnvKeySmtpPort, "2525")
 	envstore.EnvStoreObj.UpdateEnvVariable(constants.StringStoreIdentifier, constants.EnvKeySmtpUsername, "lakhan@yopmail.com")
 	envstore.EnvStoreObj.UpdateEnvVariable(constants.StringStoreIdentifier, constants.EnvKeySmtpPassword, "test")
 	envstore.EnvStoreObj.UpdateEnvVariable(constants.StringStoreIdentifier, constants.EnvKeySenderEmail, "info@yopmail.com")
 	envstore.EnvStoreObj.UpdateEnvVariable(constants.SliceStoreIdentifier, constants.EnvKeyProtectedRoles, []string{"admin"})
-	env.InitRequiredEnv()
 	db.InitDB()
 	env.InitAllEnv()
 	sessionstore.InitSession()
--- a/server/test/update_profile_test.go
+++ b/server/test/update_profile_test.go
@@ -1,12 +1,11 @@
 package test

 import (
-	"fmt"
+	"context"
 	"testing"

 	"github.com/authorizerdev/authorizer/server/constants"
 	"github.com/authorizerdev/authorizer/server/db"
-	"github.com/authorizerdev/authorizer/server/envstore"
 	"github.com/authorizerdev/authorizer/server/graph/model"
 	"github.com/authorizerdev/authorizer/server/resolvers"
 	"github.com/stretchr/testify/assert"
@@ -34,18 +33,16 @@ func updateProfileTests(t *testing.T, s TestSetup) {
 		verifyRes, err := resolvers.VerifyEmailResolver(ctx, model.VerifyEmailInput{
 			Token: verificationRequest.Token,
 		})
+		assert.NoError(t, err)

-		token := *verifyRes.AccessToken
-		req.Header.Set("Cookie", fmt.Sprintf("%s=%s", envstore.EnvStoreObj.GetStringStoreEnvVariable(constants.EnvKeyCookieName)+".access_token", token))
-		_, err = resolvers.UpdateProfileResolver(ctx, model.UpdateProfileInput{
-			FamilyName: &fName,
-		})
-		assert.Nil(t, err)
+		s.GinContext.Request.Header.Set("Authorization", "Bearer "+*verifyRes.AccessToken)
+		ctx = context.WithValue(req.Context(), "GinContextKey", s.GinContext)

 		newEmail := "new_" + email
 		_, err = resolvers.UpdateProfileResolver(ctx, model.UpdateProfileInput{
 			Email: &newEmail,
 		})
+		s.GinContext.Request.Header.Set("Authorization", "")
 		assert.Nil(t, err)
 		_, err = resolvers.ProfileResolver(ctx)
 		assert.NotNil(t, err, "unauthorized")
--- a/server/test/verification_requests_test.go
+++ b/server/test/verification_requests_test.go
@@ -19,12 +19,15 @@ func verificationRequestsTest(t *testing.T, s TestSetup) {
 		req, ctx := createContext(s)

 		email := "verification_requests." + s.TestInfo.Email
-		resolvers.SignupResolver(ctx, model.SignUpInput{
+		res, err := resolvers.SignupResolver(ctx, model.SignUpInput{
 			Email:           email,
 			Password:        s.TestInfo.Password,
 			ConfirmPassword: s.TestInfo.Password,
 		})

+		assert.NoError(t, err)
+		assert.NotNil(t, res)
+
 		limit := int64(10)
 		page := int64(1)
 		pagination := &model.PaginatedInput{