auth

Paddy 2015-03-07 Parent:026adb0c7fc4 Child:8267e1c8bcd1

auth/client_test.go

Require authentication to update Clients. Require the Client's owner to supply basic authentication when updating a client.

Download raw file

View source Diff to previous Annotate

paddy@31	1 package auth
paddy@31	2
paddy@31	3 import (
paddy@113	4 "bytes"
paddy@116	5 "encoding/json"
paddy@39	6 "fmt"
paddy@139	7 "github.com/gorilla/mux"
paddy@113	8 "io/ioutil"
paddy@113	9 "net/http"
paddy@113	10 "net/http/httptest"
paddy@41	11 "net/url"
paddy@82	12 "sort"
paddy@113	13 "strings"
paddy@31	14 "testing"
paddy@41	15 "time"
paddy@31	16
paddy@107	17 "code.secondbit.org/uuid.hg"
paddy@31	18 )
paddy@31	19
paddy@39	20 const (
paddy@39	21 clientChangeSecret = 1 << iota
paddy@39	22 clientChangeOwnerID
paddy@39	23 clientChangeName
paddy@39	24 clientChangeLogo
paddy@39	25 clientChangeWebsite
paddy@39	26 )
paddy@39	27
paddy@57	28 var clientStores = []clientStore{NewMemstore()}
paddy@31	29
paddy@33	30 func compareClients(client1, client2 Client) (success bool, field string, val1, val2 interface{}) {
paddy@33	31 if !client1.ID.Equal(client2.ID) {
paddy@33	32 return false, "ID", client1.ID, client2.ID
paddy@33	33 }
paddy@33	34 if client1.Secret != client2.Secret {
paddy@33	35 return false, "secret", client1.Secret, client2.Secret
paddy@33	36 }
paddy@33	37 if !client1.OwnerID.Equal(client2.OwnerID) {
paddy@33	38 return false, "owner ID", client1.OwnerID, client2.OwnerID
paddy@33	39 }
paddy@33	40 if client1.Name != client2.Name {
paddy@33	41 return false, "name", client1.Name, client2.Name
paddy@33	42 }
paddy@33	43 if client1.Logo != client2.Logo {
paddy@33	44 return false, "logo", client1.Logo, client2.Logo
paddy@33	45 }
paddy@33	46 if client1.Website != client2.Website {
paddy@33	47 return false, "website", client1.Website, client2.Website
paddy@33	48 }
paddy@41	49 if client1.Type != client2.Type {
paddy@41	50 return false, "type", client1.Type, client2.Type
paddy@41	51 }
paddy@41	52 return true, "", nil, nil
paddy@41	53 }
paddy@41	54
paddy@41	55 func compareEndpoints(endpoint1, endpoint2 Endpoint) (success bool, field string, val1, val2 interface{}) {
paddy@41	56 if !endpoint1.ID.Equal(endpoint2.ID) {
paddy@41	57 return false, "ID", endpoint1.ID, endpoint2.ID
paddy@41	58 }
paddy@41	59 if !endpoint1.ClientID.Equal(endpoint2.ClientID) {
paddy@41	60 return false, "OwnerID", endpoint1.ClientID, endpoint2.ClientID
paddy@41	61 }
paddy@41	62 if !endpoint1.Added.Equal(endpoint2.Added) {
paddy@41	63 return false, "Added", endpoint1.Added, endpoint2.Added
paddy@41	64 }
paddy@116	65 if endpoint1.URI != endpoint2.URI {
paddy@41	66 return false, "URI", endpoint1.URI, endpoint2.URI
paddy@41	67 }
paddy@33	68 return true, "", nil, nil
paddy@33	69 }
paddy@33	70
paddy@31	71 func TestClientStoreSuccess(t *testing.T) {
paddy@36	72 t.Parallel()
paddy@31	73 client := Client{
paddy@41	74 ID: uuid.NewID(),
paddy@41	75 Secret: "secret",
paddy@41	76 OwnerID: uuid.NewID(),
paddy@41	77 Name: "name",
paddy@41	78 Logo: "logo",
paddy@41	79 Website: "website",
paddy@31	80 }
paddy@31	81 for _, store := range clientStores {
paddy@116	82 context := Context{clients: store}
paddy@116	83 err := context.SaveClient(client)
paddy@31	84 if err != nil {
paddy@41	85 t.Fatalf("Error saving client to %T: %s", store, err)
paddy@31	86 }
paddy@116	87 err = context.SaveClient(client)
paddy@33	88 if err != ErrClientAlreadyExists {
paddy@41	89 t.Fatalf("Expected ErrClientAlreadyExists, got %v from %T", err, store)
paddy@33	90 }
paddy@116	91 retrieved, err := context.GetClient(client.ID)
paddy@31	92 if err != nil {
paddy@41	93 t.Fatalf("Error retrieving client from %T: %s", store, err)
paddy@31	94 }
paddy@33	95 success, field, expectation, result := compareClients(client, retrieved)
paddy@33	96 if !success {
paddy@41	97 t.Fatalf("Expected field %s to be %v, but %T returned %v", field, expectation, store, result)
paddy@33	98 }
paddy@116	99 clients, err := context.ListClientsByOwner(client.OwnerID, 25, 0)
paddy@31	100 if err != nil {
paddy@41	101 t.Fatalf("Error retrieving clients by owner from %T: %s", store, err)
paddy@31	102 }
paddy@31	103 if len(clients) != 1 {
paddy@41	104 t.Fatalf("Expected 1 client in response from %T, got %+v", store, clients)
paddy@31	105 }
paddy@33	106 success, field, expectation, result = compareClients(client, clients[0])
paddy@33	107 if !success {
paddy@41	108 t.Fatalf("Expected field %s to be %v, but %T returned %v", field, expectation, store, result)
paddy@33	109 }
paddy@116	110 err = context.DeleteClient(client.ID)
paddy@31	111 if err != nil {
paddy@41	112 t.Fatalf("Error deleting client from %T: %s", store, err)
paddy@31	113 }
paddy@116	114 err = context.DeleteClient(client.ID)
paddy@33	115 if err != ErrClientNotFound {
paddy@41	116 t.Fatalf("Expected ErrClientNotFound, got %s from %T", err, store)
paddy@33	117 }
paddy@116	118 retrieved, err = context.GetClient(client.ID)
paddy@31	119 if err != ErrClientNotFound {
paddy@41	120 t.Fatalf("Expected ErrClientNotFound from %T, got %+v and %s", store, retrieved, err)
paddy@31	121 }
paddy@116	122 clients, err = context.ListClientsByOwner(client.OwnerID, 25, 0)
paddy@31	123 if err != nil {
paddy@41	124 t.Fatalf("Error listing clients by owner from %T: %s", store, err)
paddy@31	125 }
paddy@31	126 if len(clients) != 0 {
paddy@41	127 t.Fatalf("Expected 0 clients in response from %T, got %+v", store, clients)
paddy@41	128 }
paddy@41	129 }
paddy@41	130 }
paddy@41	131
paddy@41	132 func TestEndpointStoreSuccess(t *testing.T) {
paddy@41	133 t.Parallel()
paddy@41	134 client := Client{
paddy@41	135 ID: uuid.NewID(),
paddy@41	136 Secret: "secret",
paddy@41	137 OwnerID: uuid.NewID(),
paddy@41	138 Name: "name",
paddy@41	139 Logo: "logo",
paddy@41	140 Website: "website",
paddy@41	141 }
paddy@41	142 endpoint1 := Endpoint{
paddy@41	143 ID: uuid.NewID(),
paddy@41	144 ClientID: client.ID,
paddy@41	145 Added: time.Now(),
paddy@116	146 URI: "https://www.example.com/",
paddy@41	147 }
paddy@41	148 endpoint2 := Endpoint{
paddy@41	149 ID: uuid.NewID(),
paddy@41	150 ClientID: client.ID,
paddy@41	151 Added: time.Now(),
paddy@116	152 URI: "https://www.example.com/my/full/path",
paddy@41	153 }
paddy@41	154 for _, store := range clientStores {
paddy@116	155 context := Context{clients: store}
paddy@116	156 err := context.SaveClient(client)
paddy@41	157 if err != nil {
paddy@41	158 t.Fatalf("Error saving client to %T: %s", store, err)
paddy@41	159 }
paddy@116	160 err = context.AddEndpoints(client.ID, []Endpoint{endpoint1})
paddy@41	161 if err != nil {
paddy@41	162 t.Fatalf("Error adding endpoint to client in %T: %s", store, err)
paddy@41	163 }
paddy@116	164 endpoints, err := context.ListEndpoints(client.ID, 10, 0)
paddy@41	165 if err != nil {
paddy@41	166 t.Fatalf("Error retrieving endpoints from %T: %s", store, err)
paddy@41	167 }
paddy@41	168 if len(endpoints) != 1 {
paddy@41	169 t.Fatalf("Expected %d endpoints, got %+v from %T", 1, endpoints, store)
paddy@41	170 }
paddy@41	171 success, field, expectation, result := compareEndpoints(endpoint1, endpoints[0])
paddy@41	172 if !success {
paddy@41	173 t.Fatalf("Expected field %s to be %v, but %T returned %v", field, expectation, store, result)
paddy@41	174 }
paddy@116	175 err = context.AddEndpoints(client.ID, []Endpoint{endpoint2})
paddy@41	176 if err != nil {
paddy@41	177 t.Fatalf("Error adding endpoint to client in %T: %s", store, err)
paddy@41	178 }
paddy@116	179 endpoints, err = context.ListEndpoints(client.ID, 10, 0)
paddy@41	180 if err != nil {
paddy@41	181 t.Fatalf("Error retrieving endpoints from %T: %s", store, err)
paddy@41	182 }
paddy@41	183 if len(endpoints) != 2 {
paddy@41	184 t.Fatalf("Expected %d endpoints, got %+v from %T", 2, endpoints, store)
paddy@41	185 }
paddy@41	186 sortedEnd := sortedEndpoints(endpoints)
paddy@41	187 sort.Sort(sortedEnd)
paddy@41	188 endpoints = []Endpoint(sortedEnd)
paddy@41	189 success, field, expectation, result = compareEndpoints(endpoint1, endpoints[0])
paddy@41	190 if !success {
paddy@41	191 t.Fatalf("Expected field %s to be %v, but %T returned %v", field, expectation, store, result)
paddy@41	192 }
paddy@41	193 success, field, expectation, result = compareEndpoints(endpoint2, endpoints[1])
paddy@41	194 if !success {
paddy@41	195 t.Fatalf("Expected field %s to be %v, but %T returned %v", field, expectation, store, result)
paddy@41	196 }
paddy@116	197 err = context.RemoveEndpoint(client.ID, endpoint1.ID)
paddy@41	198 if err != nil {
paddy@41	199 t.Fatalf("Error removing endpoint from client in %T: %s", store, err)
paddy@41	200 }
paddy@116	201 endpoints, err = context.ListEndpoints(client.ID, 10, 0)
paddy@41	202 if err != nil {
paddy@41	203 t.Fatalf("Error listing endpoints in %T: %s", store, err)
paddy@41	204 }
paddy@41	205 if len(endpoints) != 1 {
paddy@41	206 t.Fatalf("Expected %d endpoints, got %+v from %T", 1, endpoints, store)
paddy@41	207 }
paddy@41	208 success, field, expectation, result = compareEndpoints(endpoint2, endpoints[0])
paddy@41	209 if !success {
paddy@41	210 t.Fatalf("Expected field %s to be %v, but %T returned %v", field, expectation, store, result)
paddy@41	211 }
paddy@116	212 err = context.RemoveEndpoint(client.ID, endpoint2.ID)
paddy@41	213 if err != nil {
paddy@41	214 t.Fatalf("Error removing endpoint from client in %T: %s", store, err)
paddy@41	215 }
paddy@116	216 endpoints, err = context.ListEndpoints(client.ID, 10, 0)
paddy@41	217 if err != nil {
paddy@41	218 t.Fatalf("Error listing endpoints in %T: %s", store, err)
paddy@41	219 }
paddy@41	220 if len(endpoints) != 0 {
paddy@41	221 t.Fatalf("Expected %d endpoints, got %+v from %T", 0, endpoints, store)
paddy@31	222 }
paddy@31	223 }
paddy@31	224 }
paddy@39	225
paddy@39	226 func TestClientUpdates(t *testing.T) {
paddy@39	227 t.Parallel()
paddy@41	228 variations := 1 << 5
paddy@39	229 client := Client{
paddy@41	230 ID: uuid.NewID(),
paddy@41	231 Secret: "secret",
paddy@41	232 OwnerID: uuid.NewID(),
paddy@41	233 Name: "name",
paddy@41	234 Logo: "logo",
paddy@41	235 Website: "website",
paddy@39	236 }
paddy@39	237 for i := 0; i < variations; i++ {
paddy@41	238 var secret, name, logo, website string
paddy@39	239 change := ClientChange{}
paddy@39	240 expectation := client
paddy@39	241 result := client
paddy@39	242 if i&clientChangeSecret != 0 {
paddy@39	243 secret = fmt.Sprintf("secret-%d", i)
paddy@39	244 change.Secret = &secret
paddy@39	245 expectation.Secret = secret
paddy@39	246 }
paddy@39	247 if i&clientChangeOwnerID != 0 {
paddy@39	248 change.OwnerID = uuid.NewID()
paddy@39	249 expectation.OwnerID = change.OwnerID
paddy@39	250 }
paddy@39	251 if i&clientChangeName != 0 {
paddy@39	252 name = fmt.Sprintf("name-%d", i)
paddy@39	253 change.Name = &name
paddy@39	254 expectation.Name = name
paddy@39	255 }
paddy@39	256 if i&clientChangeLogo != 0 {
paddy@39	257 logo = fmt.Sprintf("logo-%d", i)
paddy@39	258 change.Logo = &logo
paddy@39	259 expectation.Logo = logo
paddy@39	260 }
paddy@39	261 if i&clientChangeWebsite != 0 {
paddy@39	262 website = fmt.Sprintf("website-%d", i)
paddy@39	263 change.Website = &website
paddy@39	264 expectation.Website = website
paddy@39	265 }
paddy@39	266 result.ApplyChange(change)
paddy@39	267 match, field, expected, got := compareClients(expectation, result)
paddy@39	268 if !match {
paddy@41	269 t.Fatalf("Expected field `%s` to be `%v`, got `%v`", field, expected, got)
paddy@39	270 }
paddy@39	271 for _, store := range clientStores {
paddy@116	272 context := Context{clients: store}
paddy@116	273 err := context.SaveClient(client)
paddy@39	274 if err != nil {
paddy@41	275 t.Fatalf("Error saving client in %T: %s", store, err)
paddy@39	276 }
paddy@116	277 err = context.UpdateClient(client.ID, change)
paddy@39	278 if err != nil {
paddy@41	279 t.Fatalf("Error updating client in %T: %s", store, err)
paddy@39	280 }
paddy@116	281 retrieved, err := context.GetClient(client.ID)
paddy@39	282 if err != nil {
paddy@116	283 t.Fatalf("Error getting client from %T: %s", store, err)
paddy@39	284 }
paddy@39	285 match, field, expected, got = compareClients(expectation, retrieved)
paddy@39	286 if !match {
paddy@41	287 t.Fatalf("Expected field `%s` to be `%v`, got `%v` from %T", field, expected, got, store)
paddy@39	288 }
paddy@116	289 err = context.DeleteClient(client.ID)
paddy@39	290 if err != nil {
paddy@41	291 t.Fatalf("Error deleting client from %T: %s", store, err)
paddy@39	292 }
paddy@116	293 err = context.UpdateClient(client.ID, change)
paddy@39	294 if err != ErrClientNotFound {
paddy@41	295 t.Fatalf("Expected ErrClientNotFound, got %v from %T", err, store)
paddy@39	296 }
paddy@39	297 }
paddy@39	298 }
paddy@39	299 }
paddy@41	300
paddy@41	301 func TestClientEndpointChecks(t *testing.T) {
paddy@41	302 t.Parallel()
paddy@41	303 client := Client{
paddy@41	304 ID: uuid.NewID(),
paddy@41	305 Secret: "secret",
paddy@41	306 OwnerID: uuid.NewID(),
paddy@41	307 Name: "name",
paddy@41	308 Logo: "logo",
paddy@41	309 Website: "website",
paddy@41	310 }
paddy@41	311 endpoint1 := Endpoint{
paddy@41	312 ID: uuid.NewID(),
paddy@41	313 ClientID: client.ID,
paddy@41	314 Added: time.Now(),
paddy@116	315 URI: "https://www.example.com/first",
paddy@41	316 }
paddy@41	317 endpoint2 := Endpoint{
paddy@41	318 ID: uuid.NewID(),
paddy@41	319 ClientID: client.ID,
paddy@41	320 Added: time.Now(),
paddy@116	321 URI: "https://www.example.com/my/full/path",
paddy@41	322 }
paddy@41	323 candidates := map[string]bool{
paddy@41	324 "https://www.example.com/": false,
paddy@41	325 "https://www.example.com/first": true,
paddy@58	326 "https://www.example.com/first/extra/path": false,
paddy@41	327 "https://www.example.com/my": false,
paddy@41	328 "https://www.example.com/my/full/path": true,
paddy@41	329 }
paddy@41	330 for _, store := range clientStores {
paddy@116	331 context := Context{clients: store}
paddy@116	332 err := context.SaveClient(client)
paddy@41	333 if err != nil {
paddy@41	334 t.Fatalf("Error saving client in %T: %s", store, err)
paddy@41	335 }
paddy@116	336 err = context.AddEndpoints(client.ID, []Endpoint{endpoint1})
paddy@41	337 if err != nil {
paddy@41	338 t.Fatalf("Error saving endpoint in %T: %s", store, err)
paddy@41	339 }
paddy@116	340 err = context.AddEndpoints(client.ID, []Endpoint{endpoint2})
paddy@41	341 if err != nil {
paddy@41	342 t.Fatalf("Error saving endpoint in %T: %s", store, err)
paddy@41	343 }
paddy@41	344 for candidate, expectation := range candidates {
paddy@116	345 result, err := context.CheckEndpoint(client.ID, candidate)
paddy@54	346 if err != nil {
paddy@54	347 t.Fatalf("Error checking endpoint %s in %T: %s", candidate, store, err)
paddy@54	348 }
paddy@54	349 if result != expectation {
paddy@54	350 expectStr := "no"
paddy@54	351 resultStr := "a"
paddy@54	352 if expectation {
paddy@54	353 expectStr = "a"
paddy@54	354 resultStr = "no"
paddy@54	355 }
paddy@54	356 t.Errorf("Expected %s match for %s in %T, got %s match", expectStr, candidate, store, resultStr)
paddy@54	357 }
paddy@54	358 }
paddy@54	359 }
paddy@54	360 }
paddy@54	361
paddy@54	362 func TestClientEndpointChecksStrict(t *testing.T) {
paddy@54	363 t.Parallel()
paddy@54	364 client := Client{
paddy@54	365 ID: uuid.NewID(),
paddy@54	366 Secret: "secret",
paddy@54	367 OwnerID: uuid.NewID(),
paddy@54	368 Name: "name",
paddy@54	369 Logo: "logo",
paddy@54	370 Website: "website",
paddy@54	371 }
paddy@54	372 endpoint1 := Endpoint{
paddy@54	373 ID: uuid.NewID(),
paddy@54	374 ClientID: client.ID,
paddy@54	375 Added: time.Now(),
paddy@116	376 URI: "https://www.example.com/first",
paddy@54	377 }
paddy@54	378 endpoint2 := Endpoint{
paddy@54	379 ID: uuid.NewID(),
paddy@54	380 ClientID: client.ID,
paddy@54	381 Added: time.Now(),
paddy@116	382 URI: "https://www.example.com/my/full/path",
paddy@54	383 }
paddy@54	384 candidates := map[string]bool{
paddy@54	385 "https://www.example.com/": false,
paddy@54	386 "https://www.example.com/first": true,
paddy@54	387 "https://www.example.com/first/extra/path": false,
paddy@54	388 "https://www.example.com/my": false,
paddy@54	389 "https://www.example.com/my/full/path": true,
paddy@54	390 }
paddy@54	391 for _, store := range clientStores {
paddy@116	392 context := Context{clients: store}
paddy@116	393 err := context.SaveClient(client)
paddy@54	394 if err != nil {
paddy@54	395 t.Fatalf("Error saving client in %T: %s", store, err)
paddy@54	396 }
paddy@116	397 err = context.AddEndpoints(client.ID, []Endpoint{endpoint1})
paddy@54	398 if err != nil {
paddy@54	399 t.Fatalf("Error saving endpoint in %T: %s", store, err)
paddy@54	400 }
paddy@116	401 err = context.AddEndpoints(client.ID, []Endpoint{endpoint2})
paddy@54	402 if err != nil {
paddy@54	403 t.Fatalf("Error saving endpoint in %T: %s", store, err)
paddy@54	404 }
paddy@54	405 for candidate, expectation := range candidates {
paddy@116	406 result, err := context.CheckEndpoint(client.ID, candidate)
paddy@41	407 if err != nil {
paddy@41	408 t.Fatalf("Error checking endpoint %s in %T: %s", candidate, store, err)
paddy@41	409 }
paddy@41	410 if result != expectation {
paddy@41	411 expectStr := "no"
paddy@41	412 resultStr := "a"
paddy@41	413 if expectation {
paddy@41	414 expectStr = "a"
paddy@41	415 resultStr = "no"
paddy@41	416 }
paddy@41	417 t.Errorf("Expected %s match for %s in %T, got %s match", expectStr, candidate, store, resultStr)
paddy@41	418 }
paddy@41	419 }
paddy@41	420 }
paddy@41	421 }
paddy@43	422
paddy@43	423 func TestClientChangeValidation(t *testing.T) {
paddy@43	424 t.Parallel()
paddy@43	425 change := ClientChange{}
paddy@133	426 if err := change.Validate(); err[0] != ErrEmptyChange {
paddy@43	427 t.Errorf("Expected %s to give an error of %s, gave %s", "empty change", ErrEmptyChange, err)
paddy@43	428 }
paddy@133	429 names := map[string][]error{
paddy@133	430 "a": []error{ErrClientNameTooShort},
paddy@133	431 "ab": []error{},
paddy@133	432 "abc": []error{},
paddy@133	433 "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopq": []error{ErrClientNameTooLong},
paddy@43	434 }
paddy@43	435 for name, expectation := range names {
paddy@43	436 change = ClientChange{Name: &name}
paddy@133	437 errs := change.Validate()
paddy@133	438 if len(errs) != len(expectation) {
paddy@133	439 t.Errorf("Expected %s to give %d errors, gave %d", name, len(expectation), len(errs))
paddy@133	440 t.Logf("%+v", errs)
paddy@133	441 }
paddy@133	442 for pos, err := range errs {
paddy@133	443 if err != expectation[pos] {
paddy@133	444 t.Errorf("Expected %s to give an error of %s in position %d, gave %s", name, expectation[pos], pos, err)
paddy@133	445 }
paddy@43	446 }
paddy@43	447 }
paddy@43	448 longPath := ""
paddy@43	449 for i := 0; i < 1025; i++ {
paddy@43	450 longPath = fmt.Sprintf("%s%d", longPath, i)
paddy@43	451 }
paddy@133	452 logos := map[string][]error{
paddy@133	453 "https://www.example.com/" + longPath: []error{ErrClientLogoTooLong},
paddy@133	454 "https://www.example.com/ab": []error{},
paddy@133	455 "www.example.com/ab": []error{ErrClientLogoNotURL},
paddy@133	456 "test": []error{ErrClientLogoNotURL},
paddy@133	457 "": []error{},
paddy@43	458 }
paddy@43	459 for logo, expectation := range logos {
paddy@43	460 change = ClientChange{Logo: &logo}
paddy@133	461 errs := change.Validate()
paddy@133	462 if len(errs) != len(expectation) {
paddy@133	463 t.Errorf("Expected %s to give %d errors, gave %d", logo, len(expectation), len(errs))
paddy@133	464 }
paddy@133	465 for pos, err := range errs {
paddy@133	466 if err != expectation[pos] {
paddy@133	467 t.Errorf("Expected %s to give an error of %s in positiong %d, gave %s", logo, expectation[pos], pos, err)
paddy@133	468 }
paddy@43	469 }
paddy@43	470 }
paddy@133	471 websites := map[string][]error{
paddy@133	472 "https://www.example.com/" + longPath: []error{ErrClientWebsiteTooLong},
paddy@133	473 "https://www.example.com/ab": []error{},
paddy@133	474 "www.example.com/ab": []error{ErrClientWebsiteNotURL},
paddy@133	475 "test": []error{ErrClientWebsiteNotURL},
paddy@133	476 "": []error{},
paddy@43	477 }
paddy@43	478 for website, expectation := range websites {
paddy@43	479 change = ClientChange{Website: &website}
paddy@133	480 errs := change.Validate()
paddy@133	481 if len(errs) != len(expectation) {
paddy@133	482 t.Errorf("Expected %s to give %d errors, gave %d", website, len(expectation), len(errs))
paddy@133	483 }
paddy@133	484 for pos, err := range errs {
paddy@133	485 if err != expectation[pos] {
paddy@133	486 t.Errorf("Expected %s to give an error of %s in position %d, gave %s", website, expectation[pos], pos, err)
paddy@133	487 }
paddy@43	488 }
paddy@43	489 }
paddy@43	490 }
paddy@113	491
paddy@129	492 func TestGetClientAuth(t *testing.T) {
paddy@129	493 t.Parallel()
paddy@129	494 type clientAuthRequest struct {
paddy@129	495 username string
paddy@129	496 pass string
paddy@129	497 clientID string
paddy@129	498 allowPublic bool
paddy@129	499 expectedClientID uuid.ID
paddy@129	500 expectedClientSecret string
paddy@129	501 expectedValid bool
paddy@129	502 expectedCode int
paddy@129	503 expectedBody string
paddy@129	504 expectAuthenticateHeader bool
paddy@129	505 }
paddy@129	506 id := uuid.NewID()
paddy@129	507 tests := []clientAuthRequest{
paddy@129	508 {"", "", "", false, nil, "", false, http.StatusUnauthorized, `{"error":"invalid_client"}`, false},
paddy@129	509 {"", "", "", true, nil, "", false, http.StatusUnauthorized, `{"error":"invalid_client"}`, false},
paddy@129	510 {"", "no clientID set", "", false, nil, "", false, http.StatusUnauthorized, `{"error":"invalid_client"}`, true},
paddy@129	511 {"", "no clientID set", "", true, nil, "", false, http.StatusUnauthorized, `{"error":"invalid_client"}`, true},
paddy@129	512 {"not an actual id", "invalid client ID set", "", false, nil, "", false, http.StatusUnauthorized, `{"error":"invalid_client"}`, true},
paddy@129	513 {"not an actual id", "invalid client ID set", "", true, nil, "", false, http.StatusUnauthorized, `{"error":"invalid_client"}`, true},
paddy@129	514 {"", "", "not an actual id", true, nil, "", false, http.StatusUnauthorized, `{"error":"invalid_client"}`, false},
paddy@129	515 {id.String(), "secret", "", true, id, "secret", true, http.StatusOK, "", false},
paddy@129	516 {id.String(), "secret", "", false, id, "secret", true, http.StatusOK, "", false},
paddy@129	517 {"", "", id.String(), true, id, "", true, http.StatusOK, "", false},
paddy@129	518 {"", "", id.String(), false, nil, "", false, http.StatusBadRequest, `{"error":"unauthorized_client"}`, false},
paddy@129	519 }
paddy@129	520 for pos, test := range tests {
paddy@129	521 t.Logf("Running test #%d, with request %+v", pos, test)
paddy@129	522 w := httptest.NewRecorder()
paddy@129	523 r, err := http.NewRequest("POST", "https://test.auth.secondbit.org/oauth2/grant", nil)
paddy@129	524 if err != nil {
paddy@129	525 t.Fatal("Can't build request:", err)
paddy@129	526 }
paddy@129	527 if test.username != "" \|\| test.pass != "" {
paddy@129	528 r.SetBasicAuth(test.username, test.pass)
paddy@129	529 }
paddy@129	530 r.Header.Set("Content-Type", "application/x-www-form-urlencoded")
paddy@129	531 params := url.Values{}
paddy@129	532 params.Set("client_id", test.clientID)
paddy@129	533 body := bytes.NewBufferString(params.Encode())
paddy@129	534 r.Body = ioutil.NopCloser(body)
paddy@129	535 respID, respSecret, success := getClientAuth(w, r, test.allowPublic)
paddy@129	536 if (respID == nil && test.expectedClientID != nil) \|\| (respID != nil && test.expectedClientID == nil) \|\| !respID.Equal(test.expectedClientID) {
paddy@129	537 t.Errorf("Expected response ID to be %v, got %v", test.expectedClientID, respID)
paddy@129	538 }
paddy@129	539 if test.expectedClientSecret != respSecret {
paddy@129	540 t.Errorf("Expected response secret to be '%s', got '%s'", test.expectedClientSecret, respSecret)
paddy@129	541 }
paddy@129	542 if test.expectedValid != success {
paddy@129	543 t.Errorf("Expected success result to be %v, got %v", test.expectedValid, success)
paddy@129	544 }
paddy@129	545 if test.expectedCode != w.Code {
paddy@129	546 t.Errorf("Expected response code to be %d, got %d", test.expectedCode, w.Code)
paddy@129	547 }
paddy@129	548 if test.expectedBody != strings.TrimSpace(w.Body.String()) {
paddy@129	549 t.Errorf("Expected body to be '%s', got '%s'", test.expectedBody, strings.TrimSpace(w.Body.String()))
paddy@129	550 }
paddy@129	551 if test.expectAuthenticateHeader && w.Header().Get("WWW-Authenticate") != "Basic" {
paddy@129	552 t.Errorf(`Expected header WWW-Authenticate to be set to "Basic", got "%s"`, w.Header().Get("WWW-Authenticate"))
paddy@129	553 }
paddy@129	554 }
paddy@129	555 }
paddy@129	556
paddy@113	557 func TestVerifyClient(t *testing.T) {
paddy@113	558 t.Parallel()
paddy@129	559 type verifyClientRequest struct {
paddy@129	560 username string
paddy@129	561 pass string
paddy@129	562 clientID string
paddy@129	563 allowPublic bool
paddy@129	564 expectedClientID uuid.ID
paddy@129	565 expectedValid bool
paddy@129	566 expectedCode int
paddy@129	567 expectedBody string
paddy@129	568 expectAuthenticateHeader bool
paddy@129	569 }
paddy@113	570 memstore := NewMemstore()
paddy@113	571 context := Context{
paddy@113	572 clients: memstore,
paddy@113	573 }
paddy@113	574 client := Client{
paddy@113	575 ID: uuid.NewID(),
paddy@113	576 Secret: "super secret!",
paddy@113	577 OwnerID: uuid.NewID(),
paddy@113	578 Name: "My test client",
paddy@113	579 Logo: "https://secondbit.org/logo.png",
paddy@113	580 Website: "https://secondbit.org/",
paddy@113	581 Type: "confidential",
paddy@113	582 }
paddy@113	583 err := context.SaveClient(client)
paddy@113	584 if err != nil {
paddy@113	585 t.Fatal("Could not save client:", err)
paddy@113	586 }
paddy@113	587 publicClient := Client{
paddy@113	588 ID: uuid.NewID(),
paddy@113	589 Secret: "",
paddy@113	590 OwnerID: uuid.NewID(),
paddy@113	591 Name: "A public client",
paddy@113	592 Logo: "https://secondbit.org/logo.png",
paddy@113	593 Website: "https://secondbit.org/",
paddy@113	594 Type: "public",
paddy@113	595 }
paddy@113	596 err = context.SaveClient(publicClient)
paddy@113	597 if err != nil {
paddy@113	598 t.Fatal("Could not save client:", err)
paddy@113	599 }
paddy@129	600 id := uuid.NewID()
paddy@129	601 tests := []verifyClientRequest{
paddy@129	602 {"", "", "", false, nil, false, http.StatusUnauthorized, `{"error":"invalid_client"}`, false},
paddy@129	603 {"", "", "", true, nil, false, http.StatusUnauthorized, `{"error":"invalid_client"}`, false},
paddy@129	604 {"", "no clientID set", "", false, nil, false, http.StatusUnauthorized, `{"error":"invalid_client"}`, true},
paddy@129	605 {"", "no clientID set", "", true, nil, false, http.StatusUnauthorized, `{"error":"invalid_client"}`, true},
paddy@129	606 {"not an actual id", "invalid client ID set", "", false, nil, false, http.StatusUnauthorized, `{"error":"invalid_client"}`, true},
paddy@129	607 {"not an actual id", "invalid client ID set", "", true, nil, false, http.StatusUnauthorized, `{"error":"invalid_client"}`, true},
paddy@129	608 {id.String(), "unsaved client ID set", "", false, nil, false, http.StatusUnauthorized, `{"error":"invalid_client"}`, true},
paddy@129	609 {id.String(), "unsaved client ID set", "", true, nil, false, http.StatusUnauthorized, `{"error":"invalid_client"}`, true},
paddy@129	610 {client.ID.String(), "wrong secret", "", false, nil, false, http.StatusUnauthorized, `{"error":"invalid_client"}`, true},
paddy@129	611 {client.ID.String(), "wrong secret", "", true, nil, false, http.StatusUnauthorized, `{"error":"invalid_client"}`, true},
paddy@129	612 {"", "", "not an actual id", true, nil, false, http.StatusUnauthorized, `{"error":"invalid_client"}`, false},
paddy@129	613 {"", "", id.String(), true, nil, false, http.StatusUnauthorized, `{"error":"invalid_client"}`, false},
paddy@129	614 {client.ID.String(), client.Secret, "", true, client.ID, true, http.StatusOK, "", false},
paddy@129	615 {client.ID.String(), client.Secret, "", false, client.ID, true, http.StatusOK, "", false},
paddy@129	616 {"", "", publicClient.ID.String(), true, publicClient.ID, true, http.StatusOK, "", false},
paddy@129	617 {"", "", publicClient.ID.String(), false, nil, false, http.StatusBadRequest, `{"error":"unauthorized_client"}`, false},
paddy@113	618 }
paddy@113	619
paddy@129	620 for pos, test := range tests {
paddy@129	621 t.Logf("Running test #%d, with request %+v", pos, test)
paddy@129	622 w := httptest.NewRecorder()
paddy@129	623 r, err := http.NewRequest("POST", "https://test.auth.secondbit.org/oauth2/grant", nil)
paddy@129	624 if err != nil {
paddy@129	625 t.Fatal("Can't build request:", err)
paddy@129	626 }
paddy@129	627 if test.username != "" \|\| test.pass != "" {
paddy@129	628 r.SetBasicAuth(test.username, test.pass)
paddy@129	629 }
paddy@129	630 r.Header.Set("Content-Type", "application/x-www-form-urlencoded")
paddy@129	631 params := url.Values{}
paddy@129	632 params.Set("client_id", test.clientID)
paddy@129	633 body := bytes.NewBufferString(params.Encode())
paddy@129	634 r.Body = ioutil.NopCloser(body)
paddy@129	635 respID, success := verifyClient(w, r, test.allowPublic, context)
paddy@129	636 if (respID == nil && test.expectedClientID != nil) \|\| (respID != nil && test.expectedClientID == nil) \|\| !respID.Equal(test.expectedClientID) {
paddy@129	637 t.Errorf("Expected response ID to be %v, got %v", test.expectedClientID, respID)
paddy@129	638 }
paddy@129	639 if test.expectedValid != success {
paddy@129	640 t.Errorf("Expected success result to be %v, got %v", test.expectedValid, success)
paddy@129	641 }
paddy@129	642 if test.expectedCode != w.Code {
paddy@129	643 t.Errorf("Expected response code to be %d, got %d", test.expectedCode, w.Code)
paddy@129	644 }
paddy@129	645 if test.expectedBody != strings.TrimSpace(w.Body.String()) {
paddy@129	646 t.Errorf("Expected body to be '%s', got '%s'", test.expectedBody, strings.TrimSpace(w.Body.String()))
paddy@129	647 }
paddy@129	648 if test.expectAuthenticateHeader && w.Header().Get("WWW-Authenticate") != "Basic" {
paddy@129	649 t.Errorf(`Expected header WWW-Authenticate to be set to "Basic", got "%s"`, w.Header().Get("WWW-Authenticate"))
paddy@129	650 }
paddy@113	651 }
paddy@113	652 }
paddy@116	653
paddy@116	654 func TestCreateClientHandler(t *testing.T) {
paddy@116	655 t.Parallel()
paddy@116	656 memstore := NewMemstore()
paddy@116	657 c := Context{
paddy@116	658 clients: memstore,
paddy@116	659 profiles: memstore,
paddy@116	660 }
paddy@116	661 w := httptest.NewRecorder()
paddy@116	662 r, err := http.NewRequest("POST", "https://test.auth.secondbit.org/clients", nil)
paddy@116	663 if err != nil {
paddy@116	664 t.Fatal("Can't build request:", err)
paddy@116	665 }
paddy@116	666 r.Header.Set("Content-Type", "application/json")
paddy@116	667 CreateClientHandler(w, r, c)
paddy@116	668 if w.Code != http.StatusUnauthorized {
paddy@116	669 t.Errorf("Expected status of %d, got status %d", http.StatusUnauthorized, w.Code)
paddy@116	670 }
paddy@116	671 expected := `{"errors":[{"error":"access_denied"}]}`
paddy@116	672 result := strings.TrimSpace(w.Body.String())
paddy@116	673 if result != expected {
paddy@116	674 t.Errorf("Expected response to be `%s`, got `%s`", expected, result)
paddy@116	675 }
paddy@116	676 w = httptest.NewRecorder()
paddy@116	677 r.Header.Set("Authorization", "Not basic at all...")
paddy@116	678 CreateClientHandler(w, r, c)
paddy@116	679 if w.Code != http.StatusUnauthorized {
paddy@116	680 t.Errorf("Expected status of %d, got status %d", http.StatusUnauthorized, w.Code)
paddy@116	681 }
paddy@116	682 expected = `{"errors":[{"error":"access_denied"}]}`
paddy@116	683 result = strings.TrimSpace(w.Body.String())
paddy@116	684 if result != expected {
paddy@116	685 t.Errorf("Expected response to be `%s`, got `%s`", expected, result)
paddy@116	686 }
paddy@116	687 w = httptest.NewRecorder()
paddy@116	688 r.Header.Set("Authorization", "Basic TotallyNotBase64Encoded")
paddy@116	689 CreateClientHandler(w, r, c)
paddy@116	690 if w.Code != http.StatusUnauthorized {
paddy@116	691 t.Errorf("Expected status of %d, got status %d", http.StatusUnauthorized, w.Code)
paddy@116	692 }
paddy@116	693 expected = `{"errors":[{"error":"access_denied"}]}`
paddy@116	694 result = strings.TrimSpace(w.Body.String())
paddy@116	695 if result != expected {
paddy@116	696 t.Errorf("Expected response to be `%s`, got `%s`", expected, result)
paddy@116	697 }
paddy@116	698 w = httptest.NewRecorder()
paddy@116	699 r.Header.Set("Authorization", "Basic dGhpc2hhc25vY29sb24=")
paddy@116	700 CreateClientHandler(w, r, c)
paddy@116	701 if w.Code != http.StatusUnauthorized {
paddy@116	702 t.Errorf("Expected status of %d, got status %d", http.StatusUnauthorized, w.Code)
paddy@116	703 }
paddy@116	704 expected = `{"errors":[{"error":"access_denied"}]}`
paddy@116	705 result = strings.TrimSpace(w.Body.String())
paddy@116	706 if result != expected {
paddy@116	707 t.Errorf("Expected response to be `%s`, got `%s`", expected, result)
paddy@116	708 }
paddy@116	709 profile := Profile{
paddy@116	710 ID: uuid.NewID(),
paddy@116	711 Name: "Test User",
paddy@116	712 Passphrase: "f3a4ac4f1d657b2e6e776d24213e39406d50a87a52691a2a78891425af1271d0",
paddy@116	713 Iterations: 1,
paddy@116	714 Salt: "d82d92cfa8bfb5a08270ebbf39a3710d24b352b937fcc8959ebcb40384cc616b",
paddy@116	715 PassphraseScheme: 1,
paddy@116	716 Compromised: false,
paddy@116	717 LockedUntil: time.Time{},
paddy@116	718 PassphraseReset: "",
paddy@116	719 PassphraseResetCreated: time.Time{},
paddy@116	720 Created: time.Now(),
paddy@116	721 LastSeen: time.Time{},
paddy@116	722 }
paddy@116	723 login := Login{
paddy@116	724 Type: "email",
paddy@116	725 Value: "test@example.com",
paddy@116	726 ProfileID: profile.ID,
paddy@116	727 Created: time.Now(),
paddy@116	728 LastUsed: time.Time{},
paddy@116	729 }
paddy@116	730 w = httptest.NewRecorder()
paddy@116	731 r.SetBasicAuth("test@example.com", "mysecurepassphrase")
paddy@116	732 CreateClientHandler(w, r, c)
paddy@116	733 if w.Code != http.StatusUnauthorized {
paddy@116	734 t.Errorf("Expected status of %d, got status %d", http.StatusUnauthorized, w.Code)
paddy@116	735 }
paddy@116	736 expected = `{"errors":[{"error":"access_denied"}]}`
paddy@116	737 result = strings.TrimSpace(w.Body.String())
paddy@116	738 if result != expected {
paddy@116	739 t.Errorf("Expected response to be `%s`, got `%s`", expected, result)
paddy@116	740 }
paddy@116	741 err = c.SaveProfile(profile)
paddy@116	742 if err != nil {
paddy@116	743 t.Error("Error saving profile:", err)
paddy@116	744 }
paddy@116	745 err = c.AddLogin(login)
paddy@116	746 if err != nil {
paddy@116	747 t.Error("Error adding login:", err)
paddy@116	748 }
paddy@116	749 r.SetBasicAuth("test@example.com", "mysecurepassphrase")
paddy@116	750 type testStruct struct {
paddy@116	751 request string
paddy@116	752 code int
paddy@116	753 resp response
paddy@116	754 }
paddy@116	755 tests := []testStruct{
paddy@116	756 {``, http.StatusBadRequest, response{Errors: []requestError{{Slug: requestErrInvalidFormat, Field: "/"}}}},
paddy@116	757 {`{}`, http.StatusBadRequest, response{Errors: []requestError{{Slug: requestErrMissing, Field: "/type"}, {Slug: requestErrMissing, Field: "/name"}}}},
paddy@116	758 {`{"type":"notarealtype"}`, http.StatusBadRequest, response{Errors: []requestError{{Slug: requestErrInvalidValue, Field: "/type"}, {Slug: requestErrMissing, Field: "/name"}}}},
paddy@116	759 {`{"type":"notarealtype","name":"myreallylongnameislongerthatthemaximumnamelength"}`, http.StatusBadRequest, response{Errors: []requestError{{Slug: requestErrInvalidValue, Field: "/type"}, {Slug: requestErrOverflow, Field: "/name"}}}},
paddy@116	760 {`{"type":"notarealtype","name":"a"}`, http.StatusBadRequest, response{Errors: []requestError{{Slug: requestErrInvalidValue, Field: "/type"}, {Slug: requestErrInsufficient, Field: "/name"}}}},
paddy@116	761 {`{"type":"public"}`, http.StatusBadRequest, response{Errors: []requestError{{Slug: requestErrMissing, Field: "/name"}}}},
paddy@116	762 {`{"type":"public","name":"myreallylongnameislongerthatthemaximumnamelength"}`, http.StatusBadRequest, response{Errors: []requestError{{Slug: requestErrOverflow, Field: "/name"}}}},
paddy@116	763 {`{"type":"public","name":"a"}`, http.StatusBadRequest, response{Errors: []requestError{{Slug: requestErrInsufficient, Field: "/name"}}}},
paddy@116	764 {`{"name":"My Client"}`, http.StatusBadRequest, response{Errors: []requestError{{Slug: requestErrMissing, Field: "/type"}}}},
paddy@116	765 {`{"type":"notarealtype","name":"My Client"}`, http.StatusBadRequest, response{Errors: []requestError{{Slug: requestErrInvalidValue, Field: "/type"}}}},
paddy@116	766 {`{"type":"public","name":"My Client"}`, http.StatusCreated, response{Clients: []Client{{Name: "My Client", OwnerID: profile.ID, Type: "public"}}}},
paddy@116	767 {`{"type":"public","name":"My Client", "endpoints": ["https://test.secondbit.org/", "https://paddy.io"]}`, http.StatusCreated, response{Clients: []Client{{Name: "My Client", OwnerID: profile.ID, Type: "public"}}, Endpoints: []Endpoint{{URI: "https://test.secondbit.org/"}, {URI: "https://paddy.io"}}}},
paddy@116	768 {`{"type":"public","name":"My Client", "endpoints": [":/not a url", "https://paddy.io"]}`, http.StatusCreated, response{Clients: []Client{{Name: "My Client", OwnerID: profile.ID, Type: "public"}}, Endpoints: []Endpoint{{URI: "https://paddy.io"}}, Errors: []requestError{{Slug: requestErrInvalidFormat, Field: "/endpoints/0"}}}},
paddy@116	769 {`{"type":"public","name":"My Client", "endpoints": [":/not a url", "/relative/uri", "https://paddy.io"]}`, http.StatusCreated, response{Clients: []Client{{Name: "My Client", OwnerID: profile.ID, Type: "public"}}, Endpoints: []Endpoint{{URI: "https://paddy.io"}}, Errors: []requestError{{Slug: requestErrInvalidFormat, Field: "/endpoints/0"}, {Slug: requestErrInvalidValue, Field: "/endpoints/1"}}}},
paddy@126	770 {`{"type":"confidential","name":"Secret Client", "endpoints": ["https://secondbit.org"]}`, http.StatusCreated, response{Clients: []Client{{Name: "Secret Client", OwnerID: profile.ID, Type: "confidential"}}, Endpoints: []Endpoint{{URI: "https://secondbit.org"}}}},
paddy@116	771 }
paddy@116	772 for pos, test := range tests {
paddy@116	773 t.Logf("Test #%d: `%s`", pos, test.request)
paddy@116	774 w = httptest.NewRecorder()
paddy@116	775 body := bytes.NewBufferString(test.request)
paddy@116	776 r.Body = ioutil.NopCloser(body)
paddy@116	777 CreateClientHandler(w, r, c)
paddy@116	778 if w.Code != test.code {
paddy@116	779 t.Errorf("Expected response code to be %d, got %d", test.code, w.Code)
paddy@116	780 }
paddy@116	781 t.Logf("Response: %s", w.Body.String())
paddy@116	782 var res response
paddy@116	783 err = json.Unmarshal(w.Body.Bytes(), &res)
paddy@116	784 if err != nil {
paddy@116	785 t.Error("Unexpected error unmarshalling response:", err)
paddy@116	786 }
paddy@126	787 if len(res.Clients) > 0 {
paddy@126	788 if res.Clients[0].Type == "confidential" && res.Clients[0].Secret == "" {
paddy@126	789 t.Log("Client:", res.Clients[0])
paddy@126	790 t.Error("Expected confidential client to have a secret, but does not.")
paddy@126	791 } else if res.Clients[0].Type == "public" && res.Clients[0].Secret != "" {
paddy@126	792 t.Log("Client:", res.Clients[0])
paddy@126	793 t.Error("Expected public client to not have a secret, but it does.")
paddy@126	794 }
paddy@126	795 }
paddy@116	796 fillInServerGenerated(test.resp, res)
paddy@116	797 success, field, expectation, result := compareResponses(test.resp, res)
paddy@116	798 if !success {
paddy@116	799 t.Errorf("Unexpected result for %s in response: expected %v, got %v", field, expectation, result)
paddy@116	800 }
paddy@116	801 }
paddy@116	802 }
paddy@128	803
paddy@139	804 func TestGetClientHandler(t *testing.T) {
paddy@139	805 t.Parallel()
paddy@139	806 memstore := NewMemstore()
paddy@139	807 c := Context{
paddy@139	808 clients: memstore,
paddy@139	809 profiles: memstore,
paddy@139	810 }
paddy@139	811 client := Client{
paddy@139	812 ID: uuid.NewID(),
paddy@139	813 Secret: "myawesomesecret",
paddy@139	814 OwnerID: uuid.NewID(),
paddy@139	815 Name: "Test Client",
paddy@139	816 Logo: "https://auth.secondbit.org/logo.png",
paddy@139	817 Website: "https://code.secondbit.org",
paddy@139	818 Type: clientTypeConfidential,
paddy@139	819 }
paddy@139	820 err := c.SaveClient(client)
paddy@139	821 if err != nil {
paddy@139	822 t.Fatal("Can't store client in memstore:", err)
paddy@139	823 }
paddy@139	824 profile := Profile{
paddy@139	825 ID: uuid.NewID(),
paddy@139	826 Name: "Test User",
paddy@139	827 Passphrase: "f3a4ac4f1d657b2e6e776d24213e39406d50a87a52691a2a78891425af1271d0",
paddy@139	828 Iterations: 1,
paddy@139	829 Salt: "d82d92cfa8bfb5a08270ebbf39a3710d24b352b937fcc8959ebcb40384cc616b",
paddy@139	830 PassphraseScheme: 1,
paddy@139	831 Compromised: false,
paddy@139	832 LockedUntil: time.Time{},
paddy@139	833 PassphraseReset: "",
paddy@139	834 PassphraseResetCreated: time.Time{},
paddy@139	835 Created: time.Now(),
paddy@139	836 LastSeen: time.Time{},
paddy@139	837 }
paddy@139	838 login := Login{
paddy@139	839 Type: "email",
paddy@139	840 Value: "test@example.com",
paddy@139	841 ProfileID: profile.ID,
paddy@139	842 Created: time.Now(),
paddy@139	843 LastUsed: time.Time{},
paddy@139	844 }
paddy@139	845 err = c.SaveProfile(profile)
paddy@139	846 if err != nil {
paddy@139	847 t.Error("Error saving profile:", err)
paddy@139	848 }
paddy@139	849 err = c.AddLogin(login)
paddy@139	850 if err != nil {
paddy@139	851 t.Error("Error adding login:", err)
paddy@139	852 }
paddy@139	853 router := mux.NewRouter()
paddy@139	854 RegisterClientHandlers(router, c)
paddy@139	855 w := httptest.NewRecorder()
paddy@139	856 u := "https://test.auth.secondbit.org/clients/" + client.ID.String()
paddy@139	857 r, err := http.NewRequest("GET", u, nil)
paddy@139	858 if err != nil {
paddy@139	859 t.Fatal("Can't build request:", err)
paddy@139	860 }
paddy@139	861 r.Header.Set("Content-Type", "application/json")
paddy@139	862 router.ServeHTTP(w, r)
paddy@139	863 if w.Code != http.StatusOK {
paddy@139	864 t.Errorf("Expected response code to be %d, got %d", http.StatusOK, w.Code)
paddy@139	865 }
paddy@139	866 t.Logf("Response: %s", w.Body.String())
paddy@139	867 var res response
paddy@139	868 err = json.Unmarshal(w.Body.Bytes(), &res)
paddy@139	869 if err != nil {
paddy@139	870 t.Error("Unexpected error unmarshalling response:", err)
paddy@139	871 }
paddy@139	872 if len(res.Clients) != 1 {
paddy@139	873 t.Errorf("Expected %d results in response, got %d", 1, len(res.Clients))
paddy@139	874 }
paddy@139	875 if res.Clients[0].Secret != "" {
paddy@139	876 t.Error("Expected secret not to be set, but was set to", res.Clients[0].Secret)
paddy@139	877 }
paddy@139	878 // fill in the secret, which was omitted in the response
paddy@139	879 res.Clients[0].Secret = client.Secret
paddy@139	880 success, field, expectation, result := compareClients(client, res.Clients[0])
paddy@139	881 if !success {
paddy@139	882 t.Errorf("Unexpected result for %s in response: expected %v, got %v", field, expectation, result)
paddy@139	883 }
paddy@139	884
paddy@139	885 // test for improperly formatted ID
paddy@139	886 u = "https://test.auth.secondbit.org/clients/notanID"
paddy@139	887 w = httptest.NewRecorder()
paddy@139	888 r, err = http.NewRequest("GET", u, nil)
paddy@139	889 if err != nil {
paddy@139	890 t.Fatal("Can't build request:", err)
paddy@139	891 }
paddy@139	892 r.Header.Set("Content-Type", "application/json")
paddy@139	893 router.ServeHTTP(w, r)
paddy@139	894 if w.Code != http.StatusBadRequest {
paddy@139	895 t.Errorf("Expected response code to be %d, got %d", http.StatusBadRequest, w.Code)
paddy@139	896 }
paddy@139	897 t.Logf("Response: %s", w.Body.String())
paddy@139	898 res = response{}
paddy@139	899 err = json.Unmarshal(w.Body.Bytes(), &res)
paddy@139	900 if err != nil {
paddy@139	901 t.Error("Unexpected error unmarshalling response:", err)
paddy@139	902 }
paddy@139	903 if len(res.Errors) != 1 {
paddy@139	904 t.Errorf("Expected %d results in response, got %d", 1, len(res.Errors))
paddy@139	905 }
paddy@139	906 e := requestError{Slug: requestErrInvalidFormat, Param: "id"}
paddy@139	907 success, field, expectation, result = compareErrors(e, res.Errors[0])
paddy@139	908 if !success {
paddy@139	909 t.Errorf("Unexpected result for %s in error response: expected %v, got %v", field, expectation, result)
paddy@139	910 }
paddy@139	911
paddy@139	912 // test for a non-existent client
paddy@139	913 u = "https://test.auth.secondbit.org/clients/" + uuid.NewID().String()
paddy@139	914 w = httptest.NewRecorder()
paddy@139	915 r, err = http.NewRequest("GET", u, nil)
paddy@139	916 if err != nil {
paddy@139	917 t.Fatal("Can't build request:", err)
paddy@139	918 }
paddy@139	919 r.Header.Set("Content-Type", "application/json")
paddy@139	920 router.ServeHTTP(w, r)
paddy@139	921 if w.Code != http.StatusNotFound {
paddy@139	922 t.Errorf("Expected response code to be %d, got %d", http.StatusNotFound, w.Code)
paddy@139	923 }
paddy@139	924 t.Logf("Response: %s", w.Body.String())
paddy@139	925 res = response{}
paddy@139	926 err = json.Unmarshal(w.Body.Bytes(), &res)
paddy@139	927 if err != nil {
paddy@139	928 t.Error("Unexpected error unmarshalling response:", err)
paddy@139	929 }
paddy@139	930 if len(res.Errors) != 1 {
paddy@139	931 t.Errorf("Expected %d results in response, got %d", 1, len(res.Errors))
paddy@139	932 }
paddy@139	933 e = requestError{Slug: requestErrNotFound, Param: "id"}
paddy@139	934 success, field, expectation, result = compareErrors(e, res.Errors[0])
paddy@139	935 if !success {
paddy@139	936 t.Errorf("Unexpected result for %s in error response: expected %v, got %v", field, expectation, result)
paddy@139	937 }
paddy@139	938 }
paddy@139	939
paddy@139	940 func TestAuthenticatedGetClientHandler(t *testing.T) {
paddy@139	941 t.Parallel()
paddy@139	942 memstore := NewMemstore()
paddy@139	943 c := Context{
paddy@139	944 clients: memstore,
paddy@139	945 profiles: memstore,
paddy@139	946 }
paddy@139	947 client := Client{
paddy@139	948 ID: uuid.NewID(),
paddy@139	949 Secret: "myawesomesecret",
paddy@139	950 OwnerID: uuid.NewID(),
paddy@139	951 Name: "Test Client",
paddy@139	952 Logo: "https://auth.secondbit.org/logo.png",
paddy@139	953 Website: "https://code.secondbit.org",
paddy@139	954 Type: clientTypeConfidential,
paddy@139	955 }
paddy@139	956 err := c.SaveClient(client)
paddy@139	957 if err != nil {
paddy@139	958 t.Fatal("Can't store client in memstore:", err)
paddy@139	959 }
paddy@139	960 profile := Profile{
paddy@139	961 ID: client.OwnerID,
paddy@139	962 Name: "Test User",
paddy@139	963 Passphrase: "f3a4ac4f1d657b2e6e776d24213e39406d50a87a52691a2a78891425af1271d0",
paddy@139	964 Iterations: 1,
paddy@139	965 Salt: "d82d92cfa8bfb5a08270ebbf39a3710d24b352b937fcc8959ebcb40384cc616b",
paddy@139	966 PassphraseScheme: 1,
paddy@139	967 Compromised: false,
paddy@139	968 LockedUntil: time.Time{},
paddy@139	969 PassphraseReset: "",
paddy@139	970 PassphraseResetCreated: time.Time{},
paddy@139	971 Created: time.Now(),
paddy@139	972 LastSeen: time.Time{},
paddy@139	973 }
paddy@139	974 login := Login{
paddy@139	975 Type: "email",
paddy@139	976 Value: "test@example.com",
paddy@139	977 ProfileID: profile.ID,
paddy@139	978 Created: time.Now(),
paddy@139	979 LastUsed: time.Time{},
paddy@139	980 }
paddy@139	981 err = c.SaveProfile(profile)
paddy@139	982 if err != nil {
paddy@139	983 t.Error("Error saving profile:", err)
paddy@139	984 }
paddy@139	985 err = c.AddLogin(login)
paddy@139	986 if err != nil {
paddy@139	987 t.Error("Error adding login:", err)
paddy@139	988 }
paddy@139	989 profile2 := Profile{
paddy@139	990 ID: uuid.NewID(),
paddy@139	991 Name: "Test User",
paddy@139	992 Passphrase: "f3a4ac4f1d657b2e6e776d24213e39406d50a87a52691a2a78891425af1271d0",
paddy@139	993 Iterations: 1,
paddy@139	994 Salt: "d82d92cfa8bfb5a08270ebbf39a3710d24b352b937fcc8959ebcb40384cc616b",
paddy@139	995 PassphraseScheme: 1,
paddy@139	996 Compromised: false,
paddy@139	997 LockedUntil: time.Time{},
paddy@139	998 PassphraseReset: "",
paddy@139	999 PassphraseResetCreated: time.Time{},
paddy@139	1000 Created: time.Now(),
paddy@139	1001 LastSeen: time.Time{},
paddy@139	1002 }
paddy@139	1003 login2 := Login{
paddy@139	1004 Type: "email",
paddy@139	1005 Value: "test2@example.com",
paddy@139	1006 ProfileID: profile2.ID,
paddy@139	1007 Created: time.Now(),
paddy@139	1008 LastUsed: time.Time{},
paddy@139	1009 }
paddy@139	1010 err = c.SaveProfile(profile2)
paddy@139	1011 if err != nil {
paddy@139	1012 t.Error("Error saving profile:", err)
paddy@139	1013 }
paddy@139	1014 err = c.AddLogin(login2)
paddy@139	1015 if err != nil {
paddy@139	1016 t.Error("Error adding login:", err)
paddy@139	1017 }
paddy@139	1018 router := mux.NewRouter()
paddy@139	1019 RegisterClientHandlers(router, c)
paddy@139	1020 w := httptest.NewRecorder()
paddy@139	1021 u := "https://test.auth.secondbit.org/clients/" + client.ID.String()
paddy@139	1022 r, err := http.NewRequest("GET", u, nil)
paddy@139	1023 if err != nil {
paddy@139	1024 t.Fatal("Can't build request:", err)
paddy@139	1025 }
paddy@139	1026 r.Header.Set("Content-Type", "application/json")
paddy@139	1027 r.SetBasicAuth(login.Value, "mysecurepassphrase")
paddy@139	1028 router.ServeHTTP(w, r)
paddy@139	1029 if w.Code != http.StatusOK {
paddy@139	1030 t.Errorf("Expected response code to be %d, got %d", http.StatusOK, w.Code)
paddy@139	1031 }
paddy@139	1032 t.Logf("Response: %s", w.Body.String())
paddy@139	1033 var res response
paddy@139	1034 err = json.Unmarshal(w.Body.Bytes(), &res)
paddy@139	1035 if err != nil {
paddy@139	1036 t.Error("Unexpected error unmarshalling response:", err)
paddy@139	1037 }
paddy@139	1038 if len(res.Clients) != 1 {
paddy@139	1039 t.Errorf("Expected %d results in response, got %d", 1, len(res.Clients))
paddy@139	1040 }
paddy@139	1041 success, field, expectation, result := compareClients(client, res.Clients[0])
paddy@139	1042 if !success {
paddy@139	1043 t.Errorf("Unexpected result for %s in response: expected %v, got %v", field, expectation, result)
paddy@139	1044 }
paddy@139	1045
paddy@139	1046 // test for improperly formatted ID
paddy@139	1047 u = "https://test.auth.secondbit.org/clients/notanID"
paddy@139	1048 w = httptest.NewRecorder()
paddy@139	1049 r, err = http.NewRequest("GET", u, nil)
paddy@139	1050 if err != nil {
paddy@139	1051 t.Fatal("Can't build request:", err)
paddy@139	1052 }
paddy@139	1053 r.Header.Set("Content-Type", "application/json")
paddy@139	1054 r.SetBasicAuth(login.Value, "mysecurepassphrase")
paddy@139	1055 router.ServeHTTP(w, r)
paddy@139	1056 if w.Code != http.StatusBadRequest {
paddy@139	1057 t.Errorf("Expected response code to be %d, got %d", http.StatusBadRequest, w.Code)
paddy@139	1058 }
paddy@139	1059 t.Logf("Response: %s", w.Body.String())
paddy@139	1060 res = response{}
paddy@139	1061 err = json.Unmarshal(w.Body.Bytes(), &res)
paddy@139	1062 if err != nil {
paddy@139	1063 t.Error("Unexpected error unmarshalling response:", err)
paddy@139	1064 }
paddy@139	1065 if len(res.Errors) != 1 {
paddy@139	1066 t.Errorf("Expected %d results in response, got %d", 1, len(res.Errors))
paddy@139	1067 }
paddy@139	1068 e := requestError{Slug: requestErrInvalidFormat, Param: "id"}
paddy@139	1069 success, field, expectation, result = compareErrors(e, res.Errors[0])
paddy@139	1070 if !success {
paddy@139	1071 t.Errorf("Unexpected result for %s in error response: expected %v, got %v", field, expectation, result)
paddy@139	1072 }
paddy@139	1073
paddy@139	1074 // test for a non-existent client
paddy@139	1075 u = "https://test.auth.secondbit.org/clients/" + uuid.NewID().String()
paddy@139	1076 w = httptest.NewRecorder()
paddy@139	1077 r, err = http.NewRequest("GET", u, nil)
paddy@139	1078 if err != nil {
paddy@139	1079 t.Fatal("Can't build request:", err)
paddy@139	1080 }
paddy@139	1081 r.Header.Set("Content-Type", "application/json")
paddy@139	1082 r.SetBasicAuth(login.Value, "mysecurepassphrase")
paddy@139	1083 router.ServeHTTP(w, r)
paddy@139	1084 if w.Code != http.StatusNotFound {
paddy@139	1085 t.Errorf("Expected response code to be %d, got %d", http.StatusNotFound, w.Code)
paddy@139	1086 }
paddy@139	1087 t.Logf("Response: %s", w.Body.String())
paddy@139	1088 res = response{}
paddy@139	1089 err = json.Unmarshal(w.Body.Bytes(), &res)
paddy@139	1090 if err != nil {
paddy@139	1091 t.Error("Unexpected error unmarshalling response:", err)
paddy@139	1092 }
paddy@139	1093 if len(res.Errors) != 1 {
paddy@139	1094 t.Errorf("Expected %d results in response, got %d", 1, len(res.Errors))
paddy@139	1095 }
paddy@139	1096 e = requestError{Slug: requestErrNotFound, Param: "id"}
paddy@139	1097 success, field, expectation, result = compareErrors(e, res.Errors[0])
paddy@139	1098 if !success {
paddy@139	1099 t.Errorf("Unexpected result for %s in error response: expected %v, got %v", field, expectation, result)
paddy@139	1100 }
paddy@139	1101
paddy@139	1102 // test for a wrong password
paddy@139	1103 u = "https://test.auth.secondbit.org/clients/" + client.ID.String()
paddy@139	1104 w = httptest.NewRecorder()
paddy@139	1105 r, err = http.NewRequest("GET", u, nil)
paddy@139	1106 if err != nil {
paddy@139	1107 t.Fatal("Can't build request:", err)
paddy@139	1108 }
paddy@139	1109 r.Header.Set("Content-Type", "application/json")
paddy@139	1110 r.SetBasicAuth(login.Value, "notmypassphrase")
paddy@139	1111 router.ServeHTTP(w, r)
paddy@139	1112 if w.Code != http.StatusUnauthorized {
paddy@139	1113 t.Errorf("Expected response code to be %d, got %d", http.StatusUnauthorized, w.Code)
paddy@139	1114 }
paddy@139	1115 t.Logf("Response: %s", w.Body.String())
paddy@139	1116 res = response{}
paddy@139	1117 err = json.Unmarshal(w.Body.Bytes(), &res)
paddy@139	1118 if err != nil {
paddy@139	1119 t.Error("Unexpected error unmarshalling response:", err)
paddy@139	1120 }
paddy@139	1121 if len(res.Errors) != 1 {
paddy@139	1122 t.Errorf("Expected %d results in response, got %d", 1, len(res.Errors))
paddy@139	1123 }
paddy@139	1124 e = requestError{Slug: requestErrAccessDenied}
paddy@139	1125 success, field, expectation, result = compareErrors(e, res.Errors[0])
paddy@139	1126 if !success {
paddy@139	1127 t.Errorf("Unexpected result for %s in error response: expected %v, got %v", field, expectation, result)
paddy@139	1128 }
paddy@139	1129
paddy@139	1130 // test for a wrong account
paddy@139	1131 u = "https://test.auth.secondbit.org/clients/" + client.ID.String()
paddy@139	1132 w = httptest.NewRecorder()
paddy@139	1133 r, err = http.NewRequest("GET", u, nil)
paddy@139	1134 if err != nil {
paddy@139	1135 t.Fatal("Can't build request:", err)
paddy@139	1136 }
paddy@139	1137 r.Header.Set("Content-Type", "application/json")
paddy@139	1138 r.SetBasicAuth(login2.Value, "mysecurepassphrase")
paddy@139	1139 router.ServeHTTP(w, r)
paddy@139	1140 if w.Code != http.StatusOK {
paddy@139	1141 t.Errorf("Expected response code to be %d, got %d", http.StatusOK, w.Code)
paddy@139	1142 }
paddy@139	1143 t.Logf("Response: %s", w.Body.String())
paddy@139	1144 res = response{}
paddy@139	1145 err = json.Unmarshal(w.Body.Bytes(), &res)
paddy@139	1146 if err != nil {
paddy@139	1147 t.Error("Unexpected error unmarshalling response:", err)
paddy@139	1148 }
paddy@139	1149 if len(res.Clients) != 1 {
paddy@139	1150 t.Errorf("Expected %d results in response, got %d", 1, len(res.Clients))
paddy@139	1151 }
paddy@139	1152 if res.Clients[0].Secret != "" {
paddy@139	1153 t.Errorf("Expected client secret to be empty, got %s", res.Clients[0].Secret)
paddy@139	1154 }
paddy@139	1155 // fill the client's secret for comparison
paddy@139	1156 res.Clients[0].Secret = client.Secret
paddy@139	1157 success, field, expectation, result = compareClients(client, res.Clients[0])
paddy@139	1158 if !success {
paddy@139	1159 t.Errorf("Unexpected result for %s in response: expected %v, got %v", field, expectation, result)
paddy@139	1160 }
paddy@139	1161 }
paddy@139	1162
paddy@128	1163 // BUG(paddy): We need to test the clientCredentialsValidate function.
paddy@131	1164 // BUG(paddy): We need to test the ListClientsHandler.