auth

Paddy 2015-05-15 Parent:cf6c1f05eb21

168:581c60f8dd23 Go to Latest

auth/session_test.go

Switch to a JWT approach. We're going to use a JWT as our access tokens (as discussed in &yet's excellent post https://blog.andyet.com/2015/05/12/micro-services-user-info-and-auth and my ensuing conversation with Fritzy). The benefit of this approach is that we can do authentication and even some authorization without touching the database at all. The drawback is that we can no longer revoke access tokens, only the refresh tokens that grant the access tokens. We need a new config variable to set our private key, used to sign the JWT. We get to remove our token handlers, as we no longer can revoke tokens, so there's no purpose in getting information about it or listing them. Our tokenStore revokeToken gets to be simplified, as it will only ever be used for refresh tokens now. We also updated our postgres and memstore implementations. We added a helper method for generating the signed "access token" (our JWT) and started using it in the places where we're creating a Token. We get to remove the `revoked` SQL column for the tokens table, and rename the `refresh_revoked` column to just be `revoked`. We shortened our access token expiration to 15 minutes instead of an hour, to deal with the token not being revokable.

Download raw file
View source Diff to previous Annotate
History
paddy@77 1 package auth
paddy@77 2
paddy@77 3 import (
paddy@154 4 "os"
paddy@77 5 "testing"
paddy@77 6 "time"
paddy@77 7
paddy@107 8 "code.secondbit.org/uuid.hg"
paddy@77 9 )
paddy@77 10
paddy@154 11 func init() {
paddy@154 12 if os.Getenv("PG_TEST_DB") != "" {
paddy@154 13 p, err := NewPostgres(os.Getenv("PG_TEST_DB"))
paddy@154 14 if err != nil {
paddy@154 15 panic(err)
paddy@154 16 }
paddy@154 17 sessionStores = append(sessionStores, &p)
paddy@154 18 }
paddy@154 19 }
paddy@154 20
paddy@77 21 var sessionStores = []sessionStore{NewMemstore()}
paddy@77 22
paddy@77 23 func compareSessions(session1, session2 Session) (success bool, field string, val1, val2 interface{}) {
paddy@77 24 if session1.ID != session2.ID {
paddy@77 25 return false, "ID", session1.ID, session2.ID
paddy@77 26 }
paddy@77 27 if session1.IP != session2.IP {
paddy@77 28 return false, "IP", session1.IP, session2.IP
paddy@77 29 }
paddy@77 30 if session1.UserAgent != session2.UserAgent {
paddy@77 31 return false, "UserAgent", session1.UserAgent, session2.UserAgent
paddy@77 32 }
paddy@77 33 if !session1.ProfileID.Equal(session2.ProfileID) {
paddy@77 34 return false, "ProfileID", session1.ProfileID, session2.ProfileID
paddy@77 35 }
paddy@77 36 if !session1.Created.Equal(session2.Created) {
paddy@77 37 return false, "Created", session1.Created, session2.Created
paddy@77 38 }
paddy@132 39 if !session1.Expires.Equal(session2.Expires) {
paddy@132 40 return false, "Expires", session1.Expires, session2.Expires
paddy@132 41 }
paddy@77 42 if session1.Login != session2.Login {
paddy@77 43 return false, "Login", session1.Login, session2.Login
paddy@77 44 }
paddy@77 45 if session1.Active != session2.Active {
paddy@77 46 return false, "Active", session1.Active, session2.Active
paddy@77 47 }
paddy@132 48 if session1.CSRFToken != session2.CSRFToken {
paddy@132 49 return false, "CSRFToken", session1.CSRFToken, session2.CSRFToken
paddy@132 50 }
paddy@77 51 return true, "", nil, nil
paddy@77 52 }
paddy@77 53
paddy@77 54 func TestSessionStoreSuccess(t *testing.T) {
paddy@77 55 t.Parallel()
paddy@77 56 session := Session{
paddy@77 57 ID: uuid.NewID().String() + uuid.NewID().String(),
paddy@77 58 IP: "127.0.0.1",
paddy@77 59 UserAgent: "TestRunner",
paddy@77 60 ProfileID: uuid.NewID(),
paddy@149 61 Created: time.Now().Round(time.Millisecond),
paddy@77 62 Login: "test@example.com",
paddy@77 63 Active: true,
paddy@77 64 }
paddy@77 65 for _, store := range sessionStores {
paddy@116 66 context := Context{sessions: store}
paddy@116 67 err := context.CreateSession(session)
paddy@77 68 if err != nil {
paddy@77 69 t.Errorf("Error saving session to %T: %s", store, err)
paddy@77 70 }
paddy@116 71 err = context.CreateSession(session)
paddy@77 72 if err != ErrSessionAlreadyExists {
paddy@77 73 t.Errorf("Expected ErrSessionAlreadyExists from %T, got %s", store, err)
paddy@77 74 }
paddy@116 75 retrieved, err := context.GetSession(session.ID)
paddy@77 76 if err != nil {
paddy@77 77 t.Errorf("Error retrieving session from %T: %s", store, err)
paddy@77 78 }
paddy@77 79 success, field, expectation, result := compareSessions(session, retrieved)
paddy@77 80 if !success {
paddy@77 81 t.Errorf("Expected field %s to be %v, but got %v from %T", field, expectation, result, store)
paddy@77 82 }
paddy@116 83 retrievedList, err := context.ListSessions(session.ProfileID, time.Time{}, 10)
paddy@77 84 if err != nil {
paddy@77 85 t.Errorf("Error retrieving sessions by profile from %T: %s", store, err)
paddy@77 86 }
paddy@77 87 if len(retrievedList) != 1 {
paddy@77 88 t.Errorf("Expected 1 session retrieved by profile from %T, got %d", store, len(retrievedList))
paddy@77 89 }
paddy@77 90 success, field, expectation, result = compareSessions(session, retrievedList[0])
paddy@77 91 if !success {
paddy@77 92 t.Errorf("Expected field %s to be %v, but got %v from %T", field, expectation, result, store)
paddy@77 93 }
paddy@159 94 err = context.TerminateSession(session.ID)
paddy@159 95 if err != nil {
paddy@159 96 t.Errorf("Error terminating session in %T: %s", store, err)
paddy@159 97 }
paddy@159 98 retrieved, err = context.GetSession(session.ID)
paddy@159 99 if err != nil {
paddy@159 100 t.Errorf("Error retrieving session from %T: %s", store, err)
paddy@159 101 }
paddy@159 102 expected := session
paddy@159 103 expected.Active = false
paddy@159 104 success, field, expectation, result = compareSessions(expected, retrieved)
paddy@159 105 if !success {
paddy@159 106 t.Errorf("Expected field %s to be %v, but got %v from %T", field, expectation, result, store)
paddy@159 107 }
paddy@159 108 retrievedList, err = context.ListSessions(session.ProfileID, time.Time{}, 10)
paddy@159 109 if err != nil {
paddy@159 110 t.Errorf("Error retrieving sessions by profile from %T: %s", store, err)
paddy@159 111 }
paddy@159 112 if len(retrievedList) != 1 {
paddy@159 113 t.Errorf("Expected 1 session retrieved by profile from %T, got %d", store, len(retrievedList))
paddy@159 114 }
paddy@159 115 success, field, expectation, result = compareSessions(expected, retrievedList[0])
paddy@159 116 if !success {
paddy@159 117 t.Errorf("Expected field %s to be %v, but got %v from %T", field, expectation, result, store)
paddy@159 118 }
paddy@116 119 err = context.RemoveSession(session.ID)
paddy@77 120 if err != nil {
paddy@77 121 t.Errorf("Error removing session from %T: %s", store, err)
paddy@77 122 }
paddy@116 123 retrieved, err = context.GetSession(session.ID)
paddy@77 124 if err != ErrSessionNotFound {
paddy@77 125 t.Errorf("Expected ErrSessionNotFound from %T, got %s", store, err)
paddy@77 126 }
paddy@116 127 retrievedList, err = context.ListSessions(session.ProfileID, time.Time{}, 10)
paddy@77 128 if err != nil {
paddy@77 129 t.Errorf("Error retrieving sessions by profile from %T: %s", store, err)
paddy@77 130 }
paddy@77 131 if len(retrievedList) != 0 {
paddy@77 132 t.Errorf("Expected 0 sessions retrieved by profile from %T, got %d", store, len(retrievedList))
paddy@77 133 }
paddy@116 134 err = context.RemoveSession(session.ID)
paddy@77 135 if err != ErrSessionNotFound {
paddy@77 136 t.Errorf("Expected ErrSessionNotFound from %T, got %s", store, err)
paddy@77 137 }
paddy@159 138 err = context.TerminateSession(session.ID)
paddy@159 139 if err != ErrSessionNotFound {
paddy@159 140 t.Errorf("Expected ERrSessionNotFound from %T, got %s", store, err)
paddy@159 141 }
paddy@77 142 }
paddy@77 143 }
paddy@128 144
paddy@128 145 // BUG(paddy): We need to test the CreateSessionHandler.
paddy@128 146 // BUG(paddy): We need to test the credentialsValidate function.