auth

Paddy 2015-05-17 Parent:cf6c1f05eb21

auth/session_test.go

Make client use our auth(n/z) scheme. Our auth(n/z) scheme can be loosely defined as "encrypted tokens that nginx transforms into headers" and "scopes for bypassing ACL". Our Go client, which is what we'll be using to have services communicate with each other, follows this paradigm now by auto-injecting the headers we'll need to identify ourselves. This will work behind our firewall, but will be useless for the rest of the world, which will need to go through the nginx bastion that can strip the headers and replace them with the headers appropriate to the token attached to the request. This did involve setting a static client ID as the client for our email_verification listener. Ideally, this would cause Client registration (using that ID) when the listener starts up, ignoring ErrClientAlreadyExists. I don't want to have to write the code that will allow us to bypass the Client ACL properly right now, though, so we're just going to have to remember to manually create that Client. Or not. I don't think it will do any harm (outside the OAuth flow) to be using a Client ID that doesn't actually point to a Client. I just think it'd be good for record-keeping purposes.

Download raw file

View source Diff to previous Annotate

paddy@77	1 package auth
paddy@77	2
paddy@77	3 import (
paddy@154	4 "os"
paddy@77	5 "testing"
paddy@77	6 "time"
paddy@77	7
paddy@107	8 "code.secondbit.org/uuid.hg"
paddy@77	9 )
paddy@77	10
paddy@154	11 func init() {
paddy@154	12 if os.Getenv("PG_TEST_DB") != "" {
paddy@154	13 p, err := NewPostgres(os.Getenv("PG_TEST_DB"))
paddy@154	14 if err != nil {
paddy@154	15 panic(err)
paddy@154	16 }
paddy@154	17 sessionStores = append(sessionStores, &p)
paddy@154	18 }
paddy@154	19 }
paddy@154	20
paddy@77	21 var sessionStores = []sessionStore{NewMemstore()}
paddy@77	22
paddy@77	23 func compareSessions(session1, session2 Session) (success bool, field string, val1, val2 interface{}) {
paddy@77	24 if session1.ID != session2.ID {
paddy@77	25 return false, "ID", session1.ID, session2.ID
paddy@77	26 }
paddy@77	27 if session1.IP != session2.IP {
paddy@77	28 return false, "IP", session1.IP, session2.IP
paddy@77	29 }
paddy@77	30 if session1.UserAgent != session2.UserAgent {
paddy@77	31 return false, "UserAgent", session1.UserAgent, session2.UserAgent
paddy@77	32 }
paddy@77	33 if !session1.ProfileID.Equal(session2.ProfileID) {
paddy@77	34 return false, "ProfileID", session1.ProfileID, session2.ProfileID
paddy@77	35 }
paddy@77	36 if !session1.Created.Equal(session2.Created) {
paddy@77	37 return false, "Created", session1.Created, session2.Created
paddy@77	38 }
paddy@132	39 if !session1.Expires.Equal(session2.Expires) {
paddy@132	40 return false, "Expires", session1.Expires, session2.Expires
paddy@132	41 }
paddy@77	42 if session1.Login != session2.Login {
paddy@77	43 return false, "Login", session1.Login, session2.Login
paddy@77	44 }
paddy@77	45 if session1.Active != session2.Active {
paddy@77	46 return false, "Active", session1.Active, session2.Active
paddy@77	47 }
paddy@132	48 if session1.CSRFToken != session2.CSRFToken {
paddy@132	49 return false, "CSRFToken", session1.CSRFToken, session2.CSRFToken
paddy@132	50 }
paddy@77	51 return true, "", nil, nil
paddy@77	52 }
paddy@77	53
paddy@77	54 func TestSessionStoreSuccess(t *testing.T) {
paddy@77	55 t.Parallel()
paddy@77	56 session := Session{
paddy@77	57 ID: uuid.NewID().String() + uuid.NewID().String(),
paddy@77	58 IP: "127.0.0.1",
paddy@77	59 UserAgent: "TestRunner",
paddy@77	60 ProfileID: uuid.NewID(),
paddy@149	61 Created: time.Now().Round(time.Millisecond),
paddy@77	62 Login: "test@example.com",
paddy@77	63 Active: true,
paddy@77	64 }
paddy@77	65 for _, store := range sessionStores {
paddy@116	66 context := Context{sessions: store}
paddy@116	67 err := context.CreateSession(session)
paddy@77	68 if err != nil {
paddy@77	69 t.Errorf("Error saving session to %T: %s", store, err)
paddy@77	70 }
paddy@116	71 err = context.CreateSession(session)
paddy@77	72 if err != ErrSessionAlreadyExists {
paddy@77	73 t.Errorf("Expected ErrSessionAlreadyExists from %T, got %s", store, err)
paddy@77	74 }
paddy@116	75 retrieved, err := context.GetSession(session.ID)
paddy@77	76 if err != nil {
paddy@77	77 t.Errorf("Error retrieving session from %T: %s", store, err)
paddy@77	78 }
paddy@77	79 success, field, expectation, result := compareSessions(session, retrieved)
paddy@77	80 if !success {
paddy@77	81 t.Errorf("Expected field %s to be %v, but got %v from %T", field, expectation, result, store)
paddy@77	82 }
paddy@116	83 retrievedList, err := context.ListSessions(session.ProfileID, time.Time{}, 10)
paddy@77	84 if err != nil {
paddy@77	85 t.Errorf("Error retrieving sessions by profile from %T: %s", store, err)
paddy@77	86 }
paddy@77	87 if len(retrievedList) != 1 {
paddy@77	88 t.Errorf("Expected 1 session retrieved by profile from %T, got %d", store, len(retrievedList))
paddy@77	89 }
paddy@77	90 success, field, expectation, result = compareSessions(session, retrievedList[0])
paddy@77	91 if !success {
paddy@77	92 t.Errorf("Expected field %s to be %v, but got %v from %T", field, expectation, result, store)
paddy@77	93 }
paddy@159	94 err = context.TerminateSession(session.ID)
paddy@159	95 if err != nil {
paddy@159	96 t.Errorf("Error terminating session in %T: %s", store, err)
paddy@159	97 }
paddy@159	98 retrieved, err = context.GetSession(session.ID)
paddy@159	99 if err != nil {
paddy@159	100 t.Errorf("Error retrieving session from %T: %s", store, err)
paddy@159	101 }
paddy@159	102 expected := session
paddy@159	103 expected.Active = false
paddy@159	104 success, field, expectation, result = compareSessions(expected, retrieved)
paddy@159	105 if !success {
paddy@159	106 t.Errorf("Expected field %s to be %v, but got %v from %T", field, expectation, result, store)
paddy@159	107 }
paddy@159	108 retrievedList, err = context.ListSessions(session.ProfileID, time.Time{}, 10)
paddy@159	109 if err != nil {
paddy@159	110 t.Errorf("Error retrieving sessions by profile from %T: %s", store, err)
paddy@159	111 }
paddy@159	112 if len(retrievedList) != 1 {
paddy@159	113 t.Errorf("Expected 1 session retrieved by profile from %T, got %d", store, len(retrievedList))
paddy@159	114 }
paddy@159	115 success, field, expectation, result = compareSessions(expected, retrievedList[0])
paddy@159	116 if !success {
paddy@159	117 t.Errorf("Expected field %s to be %v, but got %v from %T", field, expectation, result, store)
paddy@159	118 }
paddy@116	119 err = context.RemoveSession(session.ID)
paddy@77	120 if err != nil {
paddy@77	121 t.Errorf("Error removing session from %T: %s", store, err)
paddy@77	122 }
paddy@116	123 retrieved, err = context.GetSession(session.ID)
paddy@77	124 if err != ErrSessionNotFound {
paddy@77	125 t.Errorf("Expected ErrSessionNotFound from %T, got %s", store, err)
paddy@77	126 }
paddy@116	127 retrievedList, err = context.ListSessions(session.ProfileID, time.Time{}, 10)
paddy@77	128 if err != nil {
paddy@77	129 t.Errorf("Error retrieving sessions by profile from %T: %s", store, err)
paddy@77	130 }
paddy@77	131 if len(retrievedList) != 0 {
paddy@77	132 t.Errorf("Expected 0 sessions retrieved by profile from %T, got %d", store, len(retrievedList))
paddy@77	133 }
paddy@116	134 err = context.RemoveSession(session.ID)
paddy@77	135 if err != ErrSessionNotFound {
paddy@77	136 t.Errorf("Expected ErrSessionNotFound from %T, got %s", store, err)
paddy@77	137 }
paddy@159	138 err = context.TerminateSession(session.ID)
paddy@159	139 if err != ErrSessionNotFound {
paddy@159	140 t.Errorf("Expected ERrSessionNotFound from %T, got %s", store, err)
paddy@159	141 }
paddy@77	142 }
paddy@77	143 }
paddy@128	144
paddy@128	145 // BUG(paddy): We need to test the CreateSessionHandler.
paddy@128	146 // BUG(paddy): We need to test the credentialsValidate function.