auth
auth/token_test.go
Update to use a generic event emitter. Rather can creating a purpose-built event emitter for each and every event we need to emit (I'm looking at you, login verification event) which is _downright silly_, we're now using a generic event publisher that's based on saying "HEY A MODEL UPDATED". This means we need to change all our setup code in authd to use events.NewNSQPublisher or events.NewStdoutPublisher instead of our homegrown solutions. Which also means updating our config to take an events.Publisher instead of our LoginVerificationNotifier (blergh). Our Context also now uses an events.Publisher instead of a LoginVerificationNotifier. Party all around! We also replaced our SendLoginVerification helper method on Context with a SendModelEvent helper method on Context, which is just a light wrapper around events.PublishModelEvent. Of course, all this means we need to update our email_verification listener to listen to the correct channel (based on the model we want updates about) and filter down to a Created action or our new custom action for "the customer wants their verification resent", which I'm OK making a special case and not generic, because c'mon. But we had a subtle change to all our constants, some of which are unofficial constants now. I'm unsure how I feel about this. We also updated our email_verification listener so that we're unmarshalling to a custom loginEvent, which is just an events.Event that overwrites the Data property to be an auth.Login instance. This is to make sure we don't need to wrangle a map[string]interface{}, which is no fun. I'm also OK with special-casing like this, because it's 1) a tiny amount of code, 2) properly utilising composition, and 3) the only way I can think of to cleanly accomplish what I want. I also added a note about GetLogin's deficient handling of logins, namely that it doesn't recognise admins and return Verification codes to them, which would be a useful property for internal tools to take advantage of. Ah well. I updated the Profile and Login implementations so they're now event.Model instances, mainly by just exporting some strings from them through getters that will let us automatically build an Event from them. This lets us use the PublishModelEvent helper. I updated our CreateProfileHandler to properly mangle the login Verification property, and to fire off the ActionCreated events for the new Login and the new Profile. I updated our GetLoginHandler and UpdateLoginHandler to properly mangle the loginVerification property. God that's annoying. :-/ You'll note I didn't start publishing the events.ActionUpdated or events.ActionDeleted events for Profiles or Logins yet, and didn't bother publishing any events for literally any other type. That's because I'm a lazy piece of crap and will end up publishing them when I absolutely have to. Part of that is because if a channel isn't created/being read for a topic, the messages will just stack up in NSQ, and I don't want that. But mostly I'm lazy. Finally, I got to delete the entire profile_verification.go file, because we're no longer special-casing that. Hooray!
| paddy@28 | 1 package auth |
| paddy@28 | 2 |
| paddy@28 | 3 import ( |
| paddy@155 | 4 "os" |
| paddy@28 | 5 "testing" |
| paddy@28 | 6 "time" |
| paddy@28 | 7 |
| paddy@107 | 8 "code.secondbit.org/uuid.hg" |
| paddy@28 | 9 ) |
| paddy@28 | 10 |
| paddy@155 | 11 func init() { |
| paddy@155 | 12 if os.Getenv("PG_TEST_DB") != "" { |
| paddy@155 | 13 p, err := NewPostgres(os.Getenv("PG_TEST_DB")) |
| paddy@155 | 14 if err != nil { |
| paddy@155 | 15 panic(err) |
| paddy@155 | 16 } |
| paddy@155 | 17 tokenStores = append(tokenStores, &p) |
| paddy@155 | 18 } |
| paddy@155 | 19 } |
| paddy@155 | 20 |
| paddy@57 | 21 var tokenStores = []tokenStore{NewMemstore()} |
| paddy@28 | 22 |
| paddy@35 | 23 func compareTokens(token1, token2 Token) (success bool, field string, val1, val2 interface{}) { |
| paddy@35 | 24 if token1.AccessToken != token2.AccessToken { |
| paddy@35 | 25 return false, "access token", token1.AccessToken, token2.AccessToken |
| paddy@35 | 26 } |
| paddy@35 | 27 if token1.RefreshToken != token2.RefreshToken { |
| paddy@35 | 28 return false, "refresh token", token1.RefreshToken, token2.RefreshToken |
| paddy@35 | 29 } |
| paddy@35 | 30 if !token1.Created.Equal(token2.Created) { |
| paddy@35 | 31 return false, "created", token1.Created, token2.Created |
| paddy@35 | 32 } |
| paddy@97 | 33 if token1.CreatedFrom != token2.CreatedFrom { |
| paddy@97 | 34 return false, "created from", token1.CreatedFrom, token2.CreatedFrom |
| paddy@97 | 35 } |
| paddy@35 | 36 if token1.ExpiresIn != token2.ExpiresIn { |
| paddy@35 | 37 return false, "expires in", token1.ExpiresIn, token2.ExpiresIn |
| paddy@35 | 38 } |
| paddy@35 | 39 if token1.TokenType != token2.TokenType { |
| paddy@35 | 40 return false, "token type", token1.TokenType, token2.TokenType |
| paddy@35 | 41 } |
| paddy@135 | 42 if len(token1.Scopes) != len(token2.Scopes) { |
| paddy@135 | 43 return false, "scopes", token1.Scopes, token2.Scopes |
| paddy@135 | 44 } |
| paddy@135 | 45 for pos, scope := range token1.Scopes { |
| paddy@135 | 46 if scope != token2.Scopes[pos] { |
| paddy@135 | 47 return false, "scopes", token1.Scopes, token2.Scopes |
| paddy@135 | 48 } |
| paddy@35 | 49 } |
| paddy@35 | 50 if !token1.ProfileID.Equal(token2.ProfileID) { |
| paddy@35 | 51 return false, "profile ID", token1.ProfileID, token2.ProfileID |
| paddy@35 | 52 } |
| paddy@97 | 53 if token1.Revoked != token2.Revoked { |
| paddy@97 | 54 return false, "revoked", token1.Revoked, token2.Revoked |
| paddy@97 | 55 } |
| paddy@35 | 56 return true, "", nil, nil |
| paddy@35 | 57 } |
| paddy@35 | 58 |
| paddy@28 | 59 func TestTokenStoreSuccess(t *testing.T) { |
| paddy@37 | 60 t.Parallel() |
| paddy@28 | 61 token := Token{ |
| paddy@28 | 62 AccessToken: "access", |
| paddy@28 | 63 RefreshToken: "refresh", |
| paddy@149 | 64 Created: time.Now().Round(time.Millisecond), |
| paddy@28 | 65 ExpiresIn: 3600, |
| paddy@28 | 66 TokenType: "bearer", |
| paddy@163 | 67 Scopes: stringsToScopes([]string{"scope"}), |
| paddy@28 | 68 ProfileID: uuid.NewID(), |
| paddy@28 | 69 } |
| paddy@35 | 70 for _, store := range tokenStores { |
| paddy@116 | 71 context := Context{tokens: store} |
| paddy@127 | 72 retrievedAccess, err := context.GetToken(token.AccessToken, false) |
| paddy@127 | 73 if err == nil { |
| paddy@127 | 74 t.Errorf("Expected ErrTokenNotFound from %T, got %+v", store, retrievedAccess) |
| paddy@127 | 75 } else if err != ErrTokenNotFound { |
| paddy@127 | 76 t.Errorf("Expected ErrTokenNotFound from %T, got %s", store, err) |
| paddy@127 | 77 } |
| paddy@127 | 78 retrievedRefresh, err := context.GetToken(token.RefreshToken, true) |
| paddy@127 | 79 if err == nil { |
| paddy@127 | 80 t.Errorf("Expected ErrTokenNotFound from %T, got %+v", store, retrievedRefresh) |
| paddy@127 | 81 } else if err != ErrTokenNotFound { |
| paddy@127 | 82 t.Errorf("Expected ErrTokenNotFound from %T, got %s", store, err) |
| paddy@127 | 83 } |
| paddy@168 | 84 err = context.RevokeToken(token.RefreshToken) |
| paddy@127 | 85 if err != ErrTokenNotFound { |
| paddy@127 | 86 t.Errorf("Expected ErrTokenNotFound from %T, got %s", store, err) |
| paddy@127 | 87 } |
| paddy@127 | 88 err = context.SaveToken(token) |
| paddy@28 | 89 if err != nil { |
| paddy@37 | 90 t.Errorf("Error saving token to %T: %s", store, err) |
| paddy@37 | 91 } |
| paddy@116 | 92 err = context.SaveToken(token) |
| paddy@37 | 93 if err != ErrTokenAlreadyExists { |
| paddy@37 | 94 t.Errorf("Expected ErrTokenAlreadyExists from %T, got %s", store, err) |
| paddy@28 | 95 } |
| paddy@127 | 96 retrievedAccess, err = context.GetToken(token.AccessToken, false) |
| paddy@28 | 97 if err != nil { |
| paddy@35 | 98 t.Errorf("Error retrieving token from %T: %s", store, err) |
| paddy@28 | 99 } |
| paddy@35 | 100 success, field, expectation, result := compareTokens(token, retrievedAccess) |
| paddy@35 | 101 if !success { |
| paddy@35 | 102 t.Errorf("Expected field %s to be %v, but got %v from %T", field, expectation, result, store) |
| paddy@35 | 103 } |
| paddy@127 | 104 retrievedRefresh, err = context.GetToken(token.RefreshToken, true) |
| paddy@28 | 105 if err != nil { |
| paddy@35 | 106 t.Errorf("Error retrieving refresh token from %T: %s", store, err) |
| paddy@28 | 107 } |
| paddy@35 | 108 success, field, expectation, result = compareTokens(token, retrievedRefresh) |
| paddy@35 | 109 if !success { |
| paddy@35 | 110 t.Errorf("Expected field %s to be %v, but got %v from %T", field, expectation, result, store) |
| paddy@35 | 111 } |
| paddy@116 | 112 retrievedProfile, err := context.GetTokensByProfileID(token.ProfileID, 25, 0) |
| paddy@28 | 113 if err != nil { |
| paddy@35 | 114 t.Errorf("Error retrieving token by profile from %T: %s", store, err) |
| paddy@28 | 115 } |
| paddy@28 | 116 if len(retrievedProfile) != 1 { |
| paddy@35 | 117 t.Errorf("Expected 1 token retrieved by profile ID from %T, got %+v", store, retrievedProfile) |
| paddy@28 | 118 } |
| paddy@35 | 119 success, field, expectation, result = compareTokens(token, retrievedProfile[0]) |
| paddy@35 | 120 if !success { |
| paddy@35 | 121 t.Errorf("Expected field %s to be %v, but got %v from %T", field, expectation, result, store) |
| paddy@35 | 122 } |
| paddy@168 | 123 err = context.RevokeToken(token.RefreshToken) |
| paddy@97 | 124 if err != nil { |
| paddy@97 | 125 t.Errorf("Error revoking token in %T: %s", store, err) |
| paddy@97 | 126 } |
| paddy@116 | 127 retrievedRevoked, err := context.GetToken(token.AccessToken, false) |
| paddy@97 | 128 if err != nil { |
| paddy@97 | 129 t.Errorf("Error retrieving token from %T: %s", store, err) |
| paddy@97 | 130 } |
| paddy@97 | 131 token.Revoked = true |
| paddy@97 | 132 success, field, expectation, result = compareTokens(token, retrievedRevoked) |
| paddy@97 | 133 if !success { |
| paddy@97 | 134 t.Errorf("Expected field %s to be %v, but got %v from %T", field, expectation, result, store) |
| paddy@97 | 135 } |
| paddy@28 | 136 } |
| paddy@28 | 137 } |
| paddy@128 | 138 |
| paddy@128 | 139 // BUG(paddy): We need to test the refreshTokenValidate function. |
| paddy@128 | 140 // BUG(paddy): We need to test the refreshTokenInvalidate function. |