auth
auth/token_test.go
Update token test for revocation and new properties. Add the new properties of Token to the compareTokens helper so they're tested for equality. Add a test for revoking tokens. We still need a test that checks revoking tokens by their refresh token.
| paddy@28 | 1 package auth |
| paddy@28 | 2 |
| paddy@28 | 3 import ( |
| paddy@28 | 4 "testing" |
| paddy@28 | 5 "time" |
| paddy@28 | 6 |
| paddy@45 | 7 "code.secondbit.org/uuid" |
| paddy@28 | 8 ) |
| paddy@28 | 9 |
| paddy@57 | 10 var tokenStores = []tokenStore{NewMemstore()} |
| paddy@28 | 11 |
| paddy@35 | 12 func compareTokens(token1, token2 Token) (success bool, field string, val1, val2 interface{}) { |
| paddy@35 | 13 if token1.AccessToken != token2.AccessToken { |
| paddy@35 | 14 return false, "access token", token1.AccessToken, token2.AccessToken |
| paddy@35 | 15 } |
| paddy@35 | 16 if token1.RefreshToken != token2.RefreshToken { |
| paddy@35 | 17 return false, "refresh token", token1.RefreshToken, token2.RefreshToken |
| paddy@35 | 18 } |
| paddy@35 | 19 if !token1.Created.Equal(token2.Created) { |
| paddy@35 | 20 return false, "created", token1.Created, token2.Created |
| paddy@35 | 21 } |
| paddy@97 | 22 if token1.CreatedFrom != token2.CreatedFrom { |
| paddy@97 | 23 return false, "created from", token1.CreatedFrom, token2.CreatedFrom |
| paddy@97 | 24 } |
| paddy@35 | 25 if token1.ExpiresIn != token2.ExpiresIn { |
| paddy@35 | 26 return false, "expires in", token1.ExpiresIn, token2.ExpiresIn |
| paddy@35 | 27 } |
| paddy@97 | 28 if token1.RefreshExpiresIn != token2.RefreshExpiresIn { |
| paddy@97 | 29 return false, "refresh expires in", token1.RefreshExpiresIn, token2.RefreshExpiresIn |
| paddy@97 | 30 } |
| paddy@35 | 31 if token1.TokenType != token2.TokenType { |
| paddy@35 | 32 return false, "token type", token1.TokenType, token2.TokenType |
| paddy@35 | 33 } |
| paddy@35 | 34 if token1.Scope != token2.Scope { |
| paddy@35 | 35 return false, "scope", token1.Scope, token2.Scope |
| paddy@35 | 36 } |
| paddy@35 | 37 if !token1.ProfileID.Equal(token2.ProfileID) { |
| paddy@35 | 38 return false, "profile ID", token1.ProfileID, token2.ProfileID |
| paddy@35 | 39 } |
| paddy@97 | 40 if token1.Revoked != token2.Revoked { |
| paddy@97 | 41 return false, "revoked", token1.Revoked, token2.Revoked |
| paddy@97 | 42 } |
| paddy@35 | 43 return true, "", nil, nil |
| paddy@35 | 44 } |
| paddy@35 | 45 |
| paddy@28 | 46 func TestTokenStoreSuccess(t *testing.T) { |
| paddy@37 | 47 t.Parallel() |
| paddy@28 | 48 token := Token{ |
| paddy@28 | 49 AccessToken: "access", |
| paddy@28 | 50 RefreshToken: "refresh", |
| paddy@28 | 51 Created: time.Now(), |
| paddy@28 | 52 ExpiresIn: 3600, |
| paddy@28 | 53 TokenType: "bearer", |
| paddy@28 | 54 Scope: "scope", |
| paddy@28 | 55 ProfileID: uuid.NewID(), |
| paddy@28 | 56 } |
| paddy@35 | 57 for _, store := range tokenStores { |
| paddy@57 | 58 err := store.saveToken(token) |
| paddy@28 | 59 if err != nil { |
| paddy@37 | 60 t.Errorf("Error saving token to %T: %s", store, err) |
| paddy@37 | 61 } |
| paddy@57 | 62 err = store.saveToken(token) |
| paddy@37 | 63 if err != ErrTokenAlreadyExists { |
| paddy@37 | 64 t.Errorf("Expected ErrTokenAlreadyExists from %T, got %s", store, err) |
| paddy@28 | 65 } |
| paddy@57 | 66 retrievedAccess, err := store.getToken(token.AccessToken, false) |
| paddy@28 | 67 if err != nil { |
| paddy@35 | 68 t.Errorf("Error retrieving token from %T: %s", store, err) |
| paddy@28 | 69 } |
| paddy@35 | 70 success, field, expectation, result := compareTokens(token, retrievedAccess) |
| paddy@35 | 71 if !success { |
| paddy@35 | 72 t.Errorf("Expected field %s to be %v, but got %v from %T", field, expectation, result, store) |
| paddy@35 | 73 } |
| paddy@57 | 74 retrievedRefresh, err := store.getToken(token.RefreshToken, true) |
| paddy@28 | 75 if err != nil { |
| paddy@35 | 76 t.Errorf("Error retrieving refresh token from %T: %s", store, err) |
| paddy@28 | 77 } |
| paddy@35 | 78 success, field, expectation, result = compareTokens(token, retrievedRefresh) |
| paddy@35 | 79 if !success { |
| paddy@35 | 80 t.Errorf("Expected field %s to be %v, but got %v from %T", field, expectation, result, store) |
| paddy@35 | 81 } |
| paddy@57 | 82 retrievedProfile, err := store.getTokensByProfileID(token.ProfileID, 25, 0) |
| paddy@28 | 83 if err != nil { |
| paddy@35 | 84 t.Errorf("Error retrieving token by profile from %T: %s", store, err) |
| paddy@28 | 85 } |
| paddy@28 | 86 if len(retrievedProfile) != 1 { |
| paddy@35 | 87 t.Errorf("Expected 1 token retrieved by profile ID from %T, got %+v", store, retrievedProfile) |
| paddy@28 | 88 } |
| paddy@35 | 89 success, field, expectation, result = compareTokens(token, retrievedProfile[0]) |
| paddy@35 | 90 if !success { |
| paddy@35 | 91 t.Errorf("Expected field %s to be %v, but got %v from %T", field, expectation, result, store) |
| paddy@35 | 92 } |
| paddy@97 | 93 err = store.revokeToken(token.AccessToken, false) |
| paddy@97 | 94 if err != nil { |
| paddy@97 | 95 t.Errorf("Error revoking token in %T: %s", store, err) |
| paddy@97 | 96 } |
| paddy@97 | 97 retrievedRevoked, err := store.getToken(token.AccessToken, false) |
| paddy@97 | 98 if err != nil { |
| paddy@97 | 99 t.Errorf("Error retrieving token from %T: %s", store, err) |
| paddy@97 | 100 } |
| paddy@97 | 101 token.Revoked = true |
| paddy@97 | 102 success, field, expectation, result = compareTokens(token, retrievedRevoked) |
| paddy@97 | 103 if !success { |
| paddy@97 | 104 t.Errorf("Expected field %s to be %v, but got %v from %T", field, expectation, result, store) |
| paddy@97 | 105 } |
| paddy@97 | 106 // TODO(paddy): test revoking by refresh token. |
| paddy@57 | 107 err = store.removeToken(token.AccessToken) |
| paddy@28 | 108 if err != nil { |
| paddy@35 | 109 t.Errorf("Error removing token from %T: %s", store, err) |
| paddy@28 | 110 } |
| paddy@57 | 111 _, err = store.getToken(token.AccessToken, false) |
| paddy@28 | 112 if err != ErrTokenNotFound { |
| paddy@35 | 113 t.Errorf("Expected ErrTokenNotFound from %T, got %s", store, err) |
| paddy@28 | 114 } |
| paddy@57 | 115 _, err = store.getToken(token.RefreshToken, true) |
| paddy@28 | 116 if err != ErrTokenNotFound { |
| paddy@35 | 117 t.Errorf("Expected ErrTokenNotFound from %T, got %s", store, err) |
| paddy@28 | 118 } |
| paddy@57 | 119 retrievedProfile, err = store.getTokensByProfileID(token.ProfileID, 25, 0) |
| paddy@28 | 120 if err != nil { |
| paddy@35 | 121 t.Errorf("Error retrieving token by profile from %T: %s", store, err) |
| paddy@28 | 122 } |
| paddy@28 | 123 if len(retrievedProfile) != 0 { |
| paddy@35 | 124 t.Errorf("Expected list of 0 tokens from %T, got %+v", store, retrievedProfile) |
| paddy@28 | 125 } |
| paddy@57 | 126 err = store.removeToken(token.AccessToken) |
| paddy@37 | 127 if err != ErrTokenNotFound { |
| paddy@37 | 128 t.Errorf("Expected ErrTokenNotFound from %T, got %s", store, err) |
| paddy@37 | 129 } |
| paddy@97 | 130 err = store.revokeToken(token.AccessToken, false) |
| paddy@97 | 131 if err != ErrTokenNotFound { |
| paddy@97 | 132 t.Errorf("Expected ErrTokenNotFound from %T, got %s", store, err) |
| paddy@97 | 133 } |
| paddy@97 | 134 err = store.revokeToken(token.RefreshToken, true) |
| paddy@97 | 135 if err != ErrTokenNotFound { |
| paddy@97 | 136 t.Errorf("Expected ErrTokenNotFound from %T, got %s", store, err) |
| paddy@97 | 137 } |
| paddy@28 | 138 } |
| paddy@28 | 139 } |