auth
auth/token_test.go
Make all tests that deal with the store interfaces go through the Context. This is mainly important so that pre- and post- save/retrieval/deletion/whatever transforms can be done without doing them in every single implementation of the store. Change the Endpoint URI property to be a string, not a *url.URL. This makes testing easier, JSON responses cleaner, and is all around just a better strategy. Just because we turn it into a URL every now and then doesn't mean that's how we need to store it. Add JSON tags to the Client type and Endpoint type. Create normalizeURI and normalizeURIString methods to... well, normalize the Endpoint URIs. This makes it so that we can compare them, and forgive some arbitrary user behaviour (like slashes, etc.) Add a NormalizedURI property to the Endpoint type. This is where we store the NormalizedURI, which is what we'll be using when we want to check if an endpoint is valid or not. For the sake of tests and predictability, however, we always want to redirect to the URI, not the NormalizedURI. Add checks to the Client creation API endpoint to give better errors. Now leaving out the Type won't be considered an invalid type, it will be considered a missing parameter. An empty name will be reported as a missing parameter, a name with too few characters will be reported as an insufficient name, and a name with too many characters will be reported as an overflow name. We gather as many of these errors as apply before returning. Check if an Endpoint URI is absolute before adding it as an endpoint, or return an invalid value error if it is not. Always return the errors array when creating a client. We could succeed in creating one or more things and still have errors. We should return anything that's created _as well as_ any errors encountered. Add unit testing for our CreateClientHandler. Fix our oauth2 tests so that if there's an error in the body, it's in the test logs. This should help debugging significantly. Fix our oauth2 tests so that the Profile only requires 1 iteration for its password hashing. This means each time we want to validate a session, it doesn't add a full second to our test runs. This is a big speed improvement for our tests. Add test helper methods for comparing API errors, API responses, and filling in server-generated information in a response that it's impossible to have an expectation around (e.g., IDs) so that we can use our comparison helpers to check if a response is as we expect it. Fix a typo in our Context helpers that was reporting no sessionStore being set _only_ when a sessionStore was set. So yes, the opposite of what we wanted. Oops. This was discovered by passing all our tests through the context. methods instead of operating on the stores themselves.
| paddy@28 | 1 package auth |
| paddy@28 | 2 |
| paddy@28 | 3 import ( |
| paddy@28 | 4 "testing" |
| paddy@28 | 5 "time" |
| paddy@28 | 6 |
| paddy@107 | 7 "code.secondbit.org/uuid.hg" |
| paddy@28 | 8 ) |
| paddy@28 | 9 |
| paddy@57 | 10 var tokenStores = []tokenStore{NewMemstore()} |
| paddy@28 | 11 |
| paddy@35 | 12 func compareTokens(token1, token2 Token) (success bool, field string, val1, val2 interface{}) { |
| paddy@35 | 13 if token1.AccessToken != token2.AccessToken { |
| paddy@35 | 14 return false, "access token", token1.AccessToken, token2.AccessToken |
| paddy@35 | 15 } |
| paddy@35 | 16 if token1.RefreshToken != token2.RefreshToken { |
| paddy@35 | 17 return false, "refresh token", token1.RefreshToken, token2.RefreshToken |
| paddy@35 | 18 } |
| paddy@35 | 19 if !token1.Created.Equal(token2.Created) { |
| paddy@35 | 20 return false, "created", token1.Created, token2.Created |
| paddy@35 | 21 } |
| paddy@97 | 22 if token1.CreatedFrom != token2.CreatedFrom { |
| paddy@97 | 23 return false, "created from", token1.CreatedFrom, token2.CreatedFrom |
| paddy@97 | 24 } |
| paddy@35 | 25 if token1.ExpiresIn != token2.ExpiresIn { |
| paddy@35 | 26 return false, "expires in", token1.ExpiresIn, token2.ExpiresIn |
| paddy@35 | 27 } |
| paddy@97 | 28 if token1.RefreshExpiresIn != token2.RefreshExpiresIn { |
| paddy@97 | 29 return false, "refresh expires in", token1.RefreshExpiresIn, token2.RefreshExpiresIn |
| paddy@97 | 30 } |
| paddy@35 | 31 if token1.TokenType != token2.TokenType { |
| paddy@35 | 32 return false, "token type", token1.TokenType, token2.TokenType |
| paddy@35 | 33 } |
| paddy@35 | 34 if token1.Scope != token2.Scope { |
| paddy@35 | 35 return false, "scope", token1.Scope, token2.Scope |
| paddy@35 | 36 } |
| paddy@35 | 37 if !token1.ProfileID.Equal(token2.ProfileID) { |
| paddy@35 | 38 return false, "profile ID", token1.ProfileID, token2.ProfileID |
| paddy@35 | 39 } |
| paddy@97 | 40 if token1.Revoked != token2.Revoked { |
| paddy@97 | 41 return false, "revoked", token1.Revoked, token2.Revoked |
| paddy@97 | 42 } |
| paddy@35 | 43 return true, "", nil, nil |
| paddy@35 | 44 } |
| paddy@35 | 45 |
| paddy@28 | 46 func TestTokenStoreSuccess(t *testing.T) { |
| paddy@37 | 47 t.Parallel() |
| paddy@28 | 48 token := Token{ |
| paddy@28 | 49 AccessToken: "access", |
| paddy@28 | 50 RefreshToken: "refresh", |
| paddy@28 | 51 Created: time.Now(), |
| paddy@28 | 52 ExpiresIn: 3600, |
| paddy@28 | 53 TokenType: "bearer", |
| paddy@28 | 54 Scope: "scope", |
| paddy@28 | 55 ProfileID: uuid.NewID(), |
| paddy@28 | 56 } |
| paddy@35 | 57 for _, store := range tokenStores { |
| paddy@116 | 58 context := Context{tokens: store} |
| paddy@116 | 59 err := context.SaveToken(token) |
| paddy@28 | 60 if err != nil { |
| paddy@37 | 61 t.Errorf("Error saving token to %T: %s", store, err) |
| paddy@37 | 62 } |
| paddy@116 | 63 err = context.SaveToken(token) |
| paddy@37 | 64 if err != ErrTokenAlreadyExists { |
| paddy@37 | 65 t.Errorf("Expected ErrTokenAlreadyExists from %T, got %s", store, err) |
| paddy@28 | 66 } |
| paddy@116 | 67 retrievedAccess, err := context.GetToken(token.AccessToken, false) |
| paddy@28 | 68 if err != nil { |
| paddy@35 | 69 t.Errorf("Error retrieving token from %T: %s", store, err) |
| paddy@28 | 70 } |
| paddy@35 | 71 success, field, expectation, result := compareTokens(token, retrievedAccess) |
| paddy@35 | 72 if !success { |
| paddy@35 | 73 t.Errorf("Expected field %s to be %v, but got %v from %T", field, expectation, result, store) |
| paddy@35 | 74 } |
| paddy@116 | 75 retrievedRefresh, err := context.GetToken(token.RefreshToken, true) |
| paddy@28 | 76 if err != nil { |
| paddy@35 | 77 t.Errorf("Error retrieving refresh token from %T: %s", store, err) |
| paddy@28 | 78 } |
| paddy@35 | 79 success, field, expectation, result = compareTokens(token, retrievedRefresh) |
| paddy@35 | 80 if !success { |
| paddy@35 | 81 t.Errorf("Expected field %s to be %v, but got %v from %T", field, expectation, result, store) |
| paddy@35 | 82 } |
| paddy@116 | 83 retrievedProfile, err := context.GetTokensByProfileID(token.ProfileID, 25, 0) |
| paddy@28 | 84 if err != nil { |
| paddy@35 | 85 t.Errorf("Error retrieving token by profile from %T: %s", store, err) |
| paddy@28 | 86 } |
| paddy@28 | 87 if len(retrievedProfile) != 1 { |
| paddy@35 | 88 t.Errorf("Expected 1 token retrieved by profile ID from %T, got %+v", store, retrievedProfile) |
| paddy@28 | 89 } |
| paddy@35 | 90 success, field, expectation, result = compareTokens(token, retrievedProfile[0]) |
| paddy@35 | 91 if !success { |
| paddy@35 | 92 t.Errorf("Expected field %s to be %v, but got %v from %T", field, expectation, result, store) |
| paddy@35 | 93 } |
| paddy@116 | 94 err = context.RevokeToken(token.AccessToken, false) |
| paddy@97 | 95 if err != nil { |
| paddy@97 | 96 t.Errorf("Error revoking token in %T: %s", store, err) |
| paddy@97 | 97 } |
| paddy@116 | 98 retrievedRevoked, err := context.GetToken(token.AccessToken, false) |
| paddy@97 | 99 if err != nil { |
| paddy@97 | 100 t.Errorf("Error retrieving token from %T: %s", store, err) |
| paddy@97 | 101 } |
| paddy@97 | 102 token.Revoked = true |
| paddy@97 | 103 success, field, expectation, result = compareTokens(token, retrievedRevoked) |
| paddy@97 | 104 if !success { |
| paddy@97 | 105 t.Errorf("Expected field %s to be %v, but got %v from %T", field, expectation, result, store) |
| paddy@97 | 106 } |
| paddy@97 | 107 // TODO(paddy): test revoking by refresh token. |
| paddy@116 | 108 err = context.RemoveToken(token.AccessToken) |
| paddy@28 | 109 if err != nil { |
| paddy@35 | 110 t.Errorf("Error removing token from %T: %s", store, err) |
| paddy@28 | 111 } |
| paddy@116 | 112 _, err = context.GetToken(token.AccessToken, false) |
| paddy@28 | 113 if err != ErrTokenNotFound { |
| paddy@35 | 114 t.Errorf("Expected ErrTokenNotFound from %T, got %s", store, err) |
| paddy@28 | 115 } |
| paddy@116 | 116 _, err = context.GetToken(token.RefreshToken, true) |
| paddy@28 | 117 if err != ErrTokenNotFound { |
| paddy@35 | 118 t.Errorf("Expected ErrTokenNotFound from %T, got %s", store, err) |
| paddy@28 | 119 } |
| paddy@116 | 120 retrievedProfile, err = context.GetTokensByProfileID(token.ProfileID, 25, 0) |
| paddy@28 | 121 if err != nil { |
| paddy@35 | 122 t.Errorf("Error retrieving token by profile from %T: %s", store, err) |
| paddy@28 | 123 } |
| paddy@28 | 124 if len(retrievedProfile) != 0 { |
| paddy@35 | 125 t.Errorf("Expected list of 0 tokens from %T, got %+v", store, retrievedProfile) |
| paddy@28 | 126 } |
| paddy@116 | 127 err = context.RemoveToken(token.AccessToken) |
| paddy@37 | 128 if err != ErrTokenNotFound { |
| paddy@37 | 129 t.Errorf("Expected ErrTokenNotFound from %T, got %s", store, err) |
| paddy@37 | 130 } |
| paddy@116 | 131 err = context.RevokeToken(token.AccessToken, false) |
| paddy@97 | 132 if err != ErrTokenNotFound { |
| paddy@97 | 133 t.Errorf("Expected ErrTokenNotFound from %T, got %s", store, err) |
| paddy@97 | 134 } |
| paddy@116 | 135 err = context.RevokeToken(token.RefreshToken, true) |
| paddy@97 | 136 if err != ErrTokenNotFound { |
| paddy@97 | 137 t.Errorf("Expected ErrTokenNotFound from %T, got %s", store, err) |
| paddy@97 | 138 } |
| paddy@28 | 139 } |
| paddy@28 | 140 } |