|
|
|
@ -8,6 +8,7 @@ import (
|
|
|
|
|
"os"
|
|
|
|
|
"strings"
|
|
|
|
|
"testing"
|
|
|
|
|
"time"
|
|
|
|
|
|
|
|
|
|
"git.hatecomputers.club/hatecomputers/hatecomputers.club/api/auth"
|
|
|
|
|
"git.hatecomputers.club/hatecomputers/hatecomputers.club/api/types"
|
|
|
|
@ -23,24 +24,6 @@ func IdContinuation(context *types.RequestContext, req *http.Request, resp http.
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func setup() (*sql.DB, *types.RequestContext, func()) {
|
|
|
|
|
randomDb := utils.RandomId()
|
|
|
|
|
|
|
|
|
|
testDb := database.MakeConn(&randomDb)
|
|
|
|
|
database.Migrate(testDb)
|
|
|
|
|
|
|
|
|
|
context := &types.RequestContext{
|
|
|
|
|
DBConn: testDb,
|
|
|
|
|
Args: &args.Arguments{},
|
|
|
|
|
TemplateData: &(map[string]interface{}{}),
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return testDb, context, func() {
|
|
|
|
|
testDb.Close()
|
|
|
|
|
os.Remove(randomDb)
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func FakedOauthServer() *httptest.Server {
|
|
|
|
|
oauthServer := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
|
|
|
|
if r.URL.Path == "/auth" {
|
|
|
|
@ -89,7 +72,7 @@ func MockUserEndpointServer(context *types.RequestContext) *httptest.Server {
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if r.URL.Path == "/me" {
|
|
|
|
|
auth.VerifySessionContinuation(context, r, w)(EchoUsernameContinuation, auth.GoLoginContinuation)(IdContinuation, IdContinuation)
|
|
|
|
|
auth.VerifySessionContinuation(context, r, w)(auth.RefreshSessionContinuation, auth.GoLoginContinuation)(EchoUsernameContinuation, IdContinuation)(IdContinuation, IdContinuation)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if r.URL.Path == "/logout" {
|
|
|
|
@ -99,6 +82,30 @@ func MockUserEndpointServer(context *types.RequestContext) *httptest.Server {
|
|
|
|
|
return testServer
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func setup() (*sql.DB, *types.RequestContext, *httptest.Server, *httptest.Server, func()) {
|
|
|
|
|
randomDb := utils.RandomId()
|
|
|
|
|
|
|
|
|
|
testDb := database.MakeConn(&randomDb)
|
|
|
|
|
database.Migrate(testDb)
|
|
|
|
|
|
|
|
|
|
context := &types.RequestContext{
|
|
|
|
|
DBConn: testDb,
|
|
|
|
|
Args: &args.Arguments{},
|
|
|
|
|
TemplateData: &(map[string]interface{}{}),
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
oauthServer := FakedOauthServer()
|
|
|
|
|
testServer := MockUserEndpointServer(context)
|
|
|
|
|
|
|
|
|
|
return testDb, context, oauthServer, testServer, func() {
|
|
|
|
|
oauthServer.Close()
|
|
|
|
|
testServer.Close()
|
|
|
|
|
|
|
|
|
|
testDb.Close()
|
|
|
|
|
os.Remove(randomDb)
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func GetOauthConfig(oauthServerURL string, testServerURL string) (*oauth2.Config, string) {
|
|
|
|
|
return &oauth2.Config{
|
|
|
|
|
ClientID: "test",
|
|
|
|
@ -146,14 +153,9 @@ func FollowAuthentication(
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func TestOauthCreatesUserWithCorrectUsername(t *testing.T) {
|
|
|
|
|
db, context, cleanup := setup()
|
|
|
|
|
db, context, oauthServer, testServer, cleanup := setup()
|
|
|
|
|
defer cleanup()
|
|
|
|
|
|
|
|
|
|
oauthServer := FakedOauthServer()
|
|
|
|
|
testServer := MockUserEndpointServer(context)
|
|
|
|
|
defer oauthServer.Close()
|
|
|
|
|
defer testServer.Close()
|
|
|
|
|
|
|
|
|
|
context.Args.OauthConfig, context.Args.OauthUserInfoURI = GetOauthConfig(oauthServer.URL, testServer.URL)
|
|
|
|
|
|
|
|
|
|
user, _ := database.GetUser(db, "test")
|
|
|
|
@ -174,14 +176,9 @@ func TestOauthCreatesUserWithCorrectUsername(t *testing.T) {
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func TestOauthRedirectsToPreviousLockedPage(t *testing.T) {
|
|
|
|
|
_, context, cleanup := setup()
|
|
|
|
|
_, context, oauthServer, testServer, cleanup := setup()
|
|
|
|
|
defer cleanup()
|
|
|
|
|
|
|
|
|
|
oauthServer := FakedOauthServer()
|
|
|
|
|
testServer := MockUserEndpointServer(context)
|
|
|
|
|
defer oauthServer.Close()
|
|
|
|
|
defer testServer.Close()
|
|
|
|
|
|
|
|
|
|
context.Args.OauthConfig, context.Args.OauthUserInfoURI = GetOauthConfig(oauthServer.URL, testServer.URL)
|
|
|
|
|
|
|
|
|
|
req := httptest.NewRequest("GET", "/protected-path", nil)
|
|
|
|
@ -201,14 +198,9 @@ func TestOauthRedirectsToPreviousLockedPage(t *testing.T) {
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func TestOauthSetsUniqueSession(t *testing.T) {
|
|
|
|
|
db, context, cleanup := setup()
|
|
|
|
|
db, context, oauthServer, testServer, cleanup := setup()
|
|
|
|
|
defer cleanup()
|
|
|
|
|
|
|
|
|
|
oauthServer := FakedOauthServer()
|
|
|
|
|
testServer := MockUserEndpointServer(context)
|
|
|
|
|
defer oauthServer.Close()
|
|
|
|
|
defer testServer.Close()
|
|
|
|
|
|
|
|
|
|
context.Args.OauthConfig, context.Args.OauthUserInfoURI = GetOauthConfig(oauthServer.URL, testServer.URL)
|
|
|
|
|
|
|
|
|
|
cookies := make(map[string]*http.Cookie)
|
|
|
|
@ -230,14 +222,9 @@ func TestOauthSetsUniqueSession(t *testing.T) {
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func TestLogoutClearsSession(t *testing.T) {
|
|
|
|
|
db, context, cleanup := setup()
|
|
|
|
|
db, context, oauthServer, testServer, cleanup := setup()
|
|
|
|
|
defer cleanup()
|
|
|
|
|
|
|
|
|
|
oauthServer := FakedOauthServer()
|
|
|
|
|
testServer := MockUserEndpointServer(context)
|
|
|
|
|
defer oauthServer.Close()
|
|
|
|
|
defer testServer.Close()
|
|
|
|
|
|
|
|
|
|
context.Args.OauthConfig, context.Args.OauthUserInfoURI = GetOauthConfig(oauthServer.URL, testServer.URL)
|
|
|
|
|
|
|
|
|
|
cookies := make(map[string]*http.Cookie)
|
|
|
|
@ -270,13 +257,52 @@ func TestLogoutClearsSession(t *testing.T) {
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func TestRefreshUpdatesExpiration(t *testing.T) {
|
|
|
|
|
db, context, oauthServer, testServer, cleanup := setup()
|
|
|
|
|
defer cleanup()
|
|
|
|
|
|
|
|
|
|
context.Args.OauthConfig, context.Args.OauthUserInfoURI = GetOauthConfig(oauthServer.URL, testServer.URL)
|
|
|
|
|
|
|
|
|
|
cookies := make(map[string]*http.Cookie)
|
|
|
|
|
cookies, _ = FollowAuthentication(oauthServer, testServer, cookies, "/protected-path")
|
|
|
|
|
|
|
|
|
|
session, _ := database.GetSession(db, cookies["session"].Value)
|
|
|
|
|
|
|
|
|
|
req := httptest.NewRequest("GET", "/me", nil)
|
|
|
|
|
for _, cookie := range cookies {
|
|
|
|
|
req.AddCookie(cookie)
|
|
|
|
|
}
|
|
|
|
|
resp := httptest.NewRecorder()
|
|
|
|
|
testServer.Config.Handler.ServeHTTP(resp, req)
|
|
|
|
|
|
|
|
|
|
updatedSession, _ := database.GetSession(db, cookies["session"].Value)
|
|
|
|
|
|
|
|
|
|
// if session expiration is greater than or equal to updated session expiration
|
|
|
|
|
if session.ExpireAt.After(updatedSession.ExpireAt) || session.ExpireAt.Equal(updatedSession.ExpireAt) {
|
|
|
|
|
t.Errorf("expected session expiration to be updated, got %s and %s", session.ExpireAt, updatedSession.ExpireAt)
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func TestVerifySessionEnsuresNonExpired(t *testing.T) {
|
|
|
|
|
db, context, oauthServer, testServer, cleanup := setup()
|
|
|
|
|
defer cleanup()
|
|
|
|
|
|
|
|
|
|
context.Args.OauthConfig, context.Args.OauthUserInfoURI = GetOauthConfig(oauthServer.URL, testServer.URL)
|
|
|
|
|
|
|
|
|
|
cookies := make(map[string]*http.Cookie)
|
|
|
|
|
cookies, _ = FollowAuthentication(oauthServer, testServer, cookies, "/protected-path")
|
|
|
|
|
|
|
|
|
|
session, _ := database.GetSession(db, cookies["session"].Value)
|
|
|
|
|
session.ExpireAt = time.Now().Add(-time.Hour)
|
|
|
|
|
database.SaveSession(db, session)
|
|
|
|
|
|
|
|
|
|
req := httptest.NewRequest("GET", "/me", nil)
|
|
|
|
|
for _, cookie := range cookies {
|
|
|
|
|
req.AddCookie(cookie)
|
|
|
|
|
}
|
|
|
|
|
resp := httptest.NewRecorder()
|
|
|
|
|
testServer.Config.Handler.ServeHTTP(resp, req)
|
|
|
|
|
|
|
|
|
|
func TestAPITokensAreEquivalentToSessions(t *testing.T) {
|
|
|
|
|
|
|
|
|
|
if resp.Code != http.StatusFound && !strings.HasSuffix(resp.Header().Get("Location"), "/login") {
|
|
|
|
|
t.Errorf("expected redirect to /login after session expiration, got %d and %s", resp.Code, resp.Header().Get("Location"))
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|