auth

Paddy 2015-04-11 Parent:5f670aba87b4

159:cf6c1f05eb21 Go to Latest

auth/session_test.go

Enable terminating sessions through the API. Add a terminateSession method to the sessionStore that sets the Active property of the Session to false. Create a Context.TerminateSession wrapper for the terminateSession method on the sessionStore. Add a Sessions property to our response type so we can return a []Session in API responses. Use the URL-safe encoding when base64 encoding our session ID and CSRFToken, so the ID can be passed in the URL and so our encodings are consistent. Add a TerminateSessionHandler function that will extract a Session ID from the request URL, authenticate the user, check that the authenticated user owns the session in question, and terminate the session. Add implementations for our new terminateSession method for the memstore and postgres types. Test both the memstore and postgres implementation of our terminateSession helper in session_test.go.

Download raw file
View source Diff to previous Annotate
History
paddy@77 1 package auth
paddy@77 2
paddy@77 3 import (
paddy@154 4 "os"
paddy@77 5 "testing"
paddy@77 6 "time"
paddy@77 7
paddy@107 8 "code.secondbit.org/uuid.hg"
paddy@77 9 )
paddy@77 10
paddy@154 11 func init() {
paddy@154 12 if os.Getenv("PG_TEST_DB") != "" {
paddy@154 13 p, err := NewPostgres(os.Getenv("PG_TEST_DB"))
paddy@154 14 if err != nil {
paddy@154 15 panic(err)
paddy@154 16 }
paddy@154 17 sessionStores = append(sessionStores, &p)
paddy@154 18 }
paddy@154 19 }
paddy@154 20
paddy@77 21 var sessionStores = []sessionStore{NewMemstore()}
paddy@77 22
paddy@77 23 func compareSessions(session1, session2 Session) (success bool, field string, val1, val2 interface{}) {
paddy@77 24 if session1.ID != session2.ID {
paddy@77 25 return false, "ID", session1.ID, session2.ID
paddy@77 26 }
paddy@77 27 if session1.IP != session2.IP {
paddy@77 28 return false, "IP", session1.IP, session2.IP
paddy@77 29 }
paddy@77 30 if session1.UserAgent != session2.UserAgent {
paddy@77 31 return false, "UserAgent", session1.UserAgent, session2.UserAgent
paddy@77 32 }
paddy@77 33 if !session1.ProfileID.Equal(session2.ProfileID) {
paddy@77 34 return false, "ProfileID", session1.ProfileID, session2.ProfileID
paddy@77 35 }
paddy@77 36 if !session1.Created.Equal(session2.Created) {
paddy@77 37 return false, "Created", session1.Created, session2.Created
paddy@77 38 }
paddy@132 39 if !session1.Expires.Equal(session2.Expires) {
paddy@132 40 return false, "Expires", session1.Expires, session2.Expires
paddy@132 41 }
paddy@77 42 if session1.Login != session2.Login {
paddy@77 43 return false, "Login", session1.Login, session2.Login
paddy@77 44 }
paddy@77 45 if session1.Active != session2.Active {
paddy@77 46 return false, "Active", session1.Active, session2.Active
paddy@77 47 }
paddy@132 48 if session1.CSRFToken != session2.CSRFToken {
paddy@132 49 return false, "CSRFToken", session1.CSRFToken, session2.CSRFToken
paddy@132 50 }
paddy@77 51 return true, "", nil, nil
paddy@77 52 }
paddy@77 53
paddy@77 54 func TestSessionStoreSuccess(t *testing.T) {
paddy@77 55 t.Parallel()
paddy@77 56 session := Session{
paddy@77 57 ID: uuid.NewID().String() + uuid.NewID().String(),
paddy@77 58 IP: "127.0.0.1",
paddy@77 59 UserAgent: "TestRunner",
paddy@77 60 ProfileID: uuid.NewID(),
paddy@149 61 Created: time.Now().Round(time.Millisecond),
paddy@77 62 Login: "test@example.com",
paddy@77 63 Active: true,
paddy@77 64 }
paddy@77 65 for _, store := range sessionStores {
paddy@116 66 context := Context{sessions: store}
paddy@116 67 err := context.CreateSession(session)
paddy@77 68 if err != nil {
paddy@77 69 t.Errorf("Error saving session to %T: %s", store, err)
paddy@77 70 }
paddy@116 71 err = context.CreateSession(session)
paddy@77 72 if err != ErrSessionAlreadyExists {
paddy@77 73 t.Errorf("Expected ErrSessionAlreadyExists from %T, got %s", store, err)
paddy@77 74 }
paddy@116 75 retrieved, err := context.GetSession(session.ID)
paddy@77 76 if err != nil {
paddy@77 77 t.Errorf("Error retrieving session from %T: %s", store, err)
paddy@77 78 }
paddy@77 79 success, field, expectation, result := compareSessions(session, retrieved)
paddy@77 80 if !success {
paddy@77 81 t.Errorf("Expected field %s to be %v, but got %v from %T", field, expectation, result, store)
paddy@77 82 }
paddy@116 83 retrievedList, err := context.ListSessions(session.ProfileID, time.Time{}, 10)
paddy@77 84 if err != nil {
paddy@77 85 t.Errorf("Error retrieving sessions by profile from %T: %s", store, err)
paddy@77 86 }
paddy@77 87 if len(retrievedList) != 1 {
paddy@77 88 t.Errorf("Expected 1 session retrieved by profile from %T, got %d", store, len(retrievedList))
paddy@77 89 }
paddy@77 90 success, field, expectation, result = compareSessions(session, retrievedList[0])
paddy@77 91 if !success {
paddy@77 92 t.Errorf("Expected field %s to be %v, but got %v from %T", field, expectation, result, store)
paddy@77 93 }
paddy@159 94 err = context.TerminateSession(session.ID)
paddy@159 95 if err != nil {
paddy@159 96 t.Errorf("Error terminating session in %T: %s", store, err)
paddy@159 97 }
paddy@159 98 retrieved, err = context.GetSession(session.ID)
paddy@159 99 if err != nil {
paddy@159 100 t.Errorf("Error retrieving session from %T: %s", store, err)
paddy@159 101 }
paddy@159 102 expected := session
paddy@159 103 expected.Active = false
paddy@159 104 success, field, expectation, result = compareSessions(expected, retrieved)
paddy@159 105 if !success {
paddy@159 106 t.Errorf("Expected field %s to be %v, but got %v from %T", field, expectation, result, store)
paddy@159 107 }
paddy@159 108 retrievedList, err = context.ListSessions(session.ProfileID, time.Time{}, 10)
paddy@159 109 if err != nil {
paddy@159 110 t.Errorf("Error retrieving sessions by profile from %T: %s", store, err)
paddy@159 111 }
paddy@159 112 if len(retrievedList) != 1 {
paddy@159 113 t.Errorf("Expected 1 session retrieved by profile from %T, got %d", store, len(retrievedList))
paddy@159 114 }
paddy@159 115 success, field, expectation, result = compareSessions(expected, retrievedList[0])
paddy@159 116 if !success {
paddy@159 117 t.Errorf("Expected field %s to be %v, but got %v from %T", field, expectation, result, store)
paddy@159 118 }
paddy@116 119 err = context.RemoveSession(session.ID)
paddy@77 120 if err != nil {
paddy@77 121 t.Errorf("Error removing session from %T: %s", store, err)
paddy@77 122 }
paddy@116 123 retrieved, err = context.GetSession(session.ID)
paddy@77 124 if err != ErrSessionNotFound {
paddy@77 125 t.Errorf("Expected ErrSessionNotFound from %T, got %s", store, err)
paddy@77 126 }
paddy@116 127 retrievedList, err = context.ListSessions(session.ProfileID, time.Time{}, 10)
paddy@77 128 if err != nil {
paddy@77 129 t.Errorf("Error retrieving sessions by profile from %T: %s", store, err)
paddy@77 130 }
paddy@77 131 if len(retrievedList) != 0 {
paddy@77 132 t.Errorf("Expected 0 sessions retrieved by profile from %T, got %d", store, len(retrievedList))
paddy@77 133 }
paddy@116 134 err = context.RemoveSession(session.ID)
paddy@77 135 if err != ErrSessionNotFound {
paddy@77 136 t.Errorf("Expected ErrSessionNotFound from %T, got %s", store, err)
paddy@77 137 }
paddy@159 138 err = context.TerminateSession(session.ID)
paddy@159 139 if err != ErrSessionNotFound {
paddy@159 140 t.Errorf("Expected ERrSessionNotFound from %T, got %s", store, err)
paddy@159 141 }
paddy@77 142 }
paddy@77 143 }
paddy@128 144
paddy@128 145 // BUG(paddy): We need to test the CreateSessionHandler.
paddy@128 146 // BUG(paddy): We need to test the credentialsValidate function.