auth
auth/session_test.go
Randomly generate codes. We've been using our IDs for auth codes. But our IDs may at some point be non-random, for the purpose of optimising database performance, or some other perfectly valid reason. Auth codes we always want to be random, and have no relation to IDs, so why conflate them? Instead, we pull 16 random bytes out of crypto/rand.Reader and hex encode them.
| paddy@77 | 1 package auth |
| paddy@77 | 2 |
| paddy@77 | 3 import ( |
| paddy@77 | 4 "testing" |
| paddy@77 | 5 "time" |
| paddy@77 | 6 |
| paddy@107 | 7 "code.secondbit.org/uuid.hg" |
| paddy@77 | 8 ) |
| paddy@77 | 9 |
| paddy@77 | 10 var sessionStores = []sessionStore{NewMemstore()} |
| paddy@77 | 11 |
| paddy@77 | 12 func compareSessions(session1, session2 Session) (success bool, field string, val1, val2 interface{}) { |
| paddy@77 | 13 if session1.ID != session2.ID { |
| paddy@77 | 14 return false, "ID", session1.ID, session2.ID |
| paddy@77 | 15 } |
| paddy@77 | 16 if session1.IP != session2.IP { |
| paddy@77 | 17 return false, "IP", session1.IP, session2.IP |
| paddy@77 | 18 } |
| paddy@77 | 19 if session1.UserAgent != session2.UserAgent { |
| paddy@77 | 20 return false, "UserAgent", session1.UserAgent, session2.UserAgent |
| paddy@77 | 21 } |
| paddy@77 | 22 if !session1.ProfileID.Equal(session2.ProfileID) { |
| paddy@77 | 23 return false, "ProfileID", session1.ProfileID, session2.ProfileID |
| paddy@77 | 24 } |
| paddy@77 | 25 if !session1.Created.Equal(session2.Created) { |
| paddy@77 | 26 return false, "Created", session1.Created, session2.Created |
| paddy@77 | 27 } |
| paddy@132 | 28 if !session1.Expires.Equal(session2.Expires) { |
| paddy@132 | 29 return false, "Expires", session1.Expires, session2.Expires |
| paddy@132 | 30 } |
| paddy@77 | 31 if session1.Login != session2.Login { |
| paddy@77 | 32 return false, "Login", session1.Login, session2.Login |
| paddy@77 | 33 } |
| paddy@77 | 34 if session1.Active != session2.Active { |
| paddy@77 | 35 return false, "Active", session1.Active, session2.Active |
| paddy@77 | 36 } |
| paddy@132 | 37 if session1.CSRFToken != session2.CSRFToken { |
| paddy@132 | 38 return false, "CSRFToken", session1.CSRFToken, session2.CSRFToken |
| paddy@132 | 39 } |
| paddy@77 | 40 return true, "", nil, nil |
| paddy@77 | 41 } |
| paddy@77 | 42 |
| paddy@77 | 43 func TestSessionStoreSuccess(t *testing.T) { |
| paddy@77 | 44 t.Parallel() |
| paddy@77 | 45 session := Session{ |
| paddy@77 | 46 ID: uuid.NewID().String() + uuid.NewID().String(), |
| paddy@77 | 47 IP: "127.0.0.1", |
| paddy@77 | 48 UserAgent: "TestRunner", |
| paddy@77 | 49 ProfileID: uuid.NewID(), |
| paddy@77 | 50 Created: time.Now(), |
| paddy@77 | 51 Login: "test@example.com", |
| paddy@77 | 52 Active: true, |
| paddy@77 | 53 } |
| paddy@77 | 54 for _, store := range sessionStores { |
| paddy@116 | 55 context := Context{sessions: store} |
| paddy@116 | 56 err := context.CreateSession(session) |
| paddy@77 | 57 if err != nil { |
| paddy@77 | 58 t.Errorf("Error saving session to %T: %s", store, err) |
| paddy@77 | 59 } |
| paddy@116 | 60 err = context.CreateSession(session) |
| paddy@77 | 61 if err != ErrSessionAlreadyExists { |
| paddy@77 | 62 t.Errorf("Expected ErrSessionAlreadyExists from %T, got %s", store, err) |
| paddy@77 | 63 } |
| paddy@116 | 64 retrieved, err := context.GetSession(session.ID) |
| paddy@77 | 65 if err != nil { |
| paddy@77 | 66 t.Errorf("Error retrieving session from %T: %s", store, err) |
| paddy@77 | 67 } |
| paddy@77 | 68 success, field, expectation, result := compareSessions(session, retrieved) |
| paddy@77 | 69 if !success { |
| paddy@77 | 70 t.Errorf("Expected field %s to be %v, but got %v from %T", field, expectation, result, store) |
| paddy@77 | 71 } |
| paddy@116 | 72 retrievedList, err := context.ListSessions(session.ProfileID, time.Time{}, 10) |
| paddy@77 | 73 if err != nil { |
| paddy@77 | 74 t.Errorf("Error retrieving sessions by profile from %T: %s", store, err) |
| paddy@77 | 75 } |
| paddy@77 | 76 if len(retrievedList) != 1 { |
| paddy@77 | 77 t.Errorf("Expected 1 session retrieved by profile from %T, got %d", store, len(retrievedList)) |
| paddy@77 | 78 } |
| paddy@77 | 79 success, field, expectation, result = compareSessions(session, retrievedList[0]) |
| paddy@77 | 80 if !success { |
| paddy@77 | 81 t.Errorf("Expected field %s to be %v, but got %v from %T", field, expectation, result, store) |
| paddy@77 | 82 } |
| paddy@116 | 83 err = context.RemoveSession(session.ID) |
| paddy@77 | 84 if err != nil { |
| paddy@77 | 85 t.Errorf("Error removing session from %T: %s", store, err) |
| paddy@77 | 86 } |
| paddy@116 | 87 retrieved, err = context.GetSession(session.ID) |
| paddy@77 | 88 if err != ErrSessionNotFound { |
| paddy@77 | 89 t.Errorf("Expected ErrSessionNotFound from %T, got %s", store, err) |
| paddy@77 | 90 } |
| paddy@116 | 91 retrievedList, err = context.ListSessions(session.ProfileID, time.Time{}, 10) |
| paddy@77 | 92 if err != nil { |
| paddy@77 | 93 t.Errorf("Error retrieving sessions by profile from %T: %s", store, err) |
| paddy@77 | 94 } |
| paddy@77 | 95 if len(retrievedList) != 0 { |
| paddy@77 | 96 t.Errorf("Expected 0 sessions retrieved by profile from %T, got %d", store, len(retrievedList)) |
| paddy@77 | 97 } |
| paddy@116 | 98 err = context.RemoveSession(session.ID) |
| paddy@77 | 99 if err != ErrSessionNotFound { |
| paddy@77 | 100 t.Errorf("Expected ErrSessionNotFound from %T, got %s", store, err) |
| paddy@77 | 101 } |
| paddy@77 | 102 } |
| paddy@77 | 103 } |
| paddy@128 | 104 |
| paddy@128 | 105 // BUG(paddy): We need to test the CreateSessionHandler. |
| paddy@128 | 106 // BUG(paddy): We need to test the credentialsValidate function. |