auth

Paddy 2014-11-11 Parent:e45bfa2abc00 Child:c03b5eb3179e

69:42bc3e44f4fe Go to Latest

auth/profile_test.go

Stub out sessions. Stop using the Login type when getting profile by Login, removing Logins, or recording Login use. The Login value has to be unique, anyways, and we don't actually know the Login type when getting a profile by Login. That's sort of the point. Create the concept of Sessions and a sessionStore type to manage our authentication sessions with the server. As per OWASP, we're basically just going to use a transparent, SHA256-generated random string as an ID, and store it client-side and server-side and just pass it back and forth. Add the ProfileID to the Grant type, because we need to remember who granted access. That's sort of important. Set a defaultGrantExpiration constant to an hour, so we have that one constant when creating new Grants. Create a helper that pulls the session ID out of an auth cookie, checks it against the sessionStore, and returns the Session if it's valid. Create a helper that pulls the username and password out of a basic auth header. Create a helper that authenticates a user's login and passphrase, checking them against the profileStore securely. Stub out how the cookie checking is going to work for getting grant approval. Fix the stored Grant RedirectURI to be the passed in redirect URI, not the RedirectURI that we ultimately redirect to. This is in accordance with the spec. Store the profile ID from our session in the created Grant. Stub out a GetTokenHandler that will allow users to exchange a Grant for a Token. Set a constant for the current passphrase scheme, which we will increment for each revision to the passphrase scheme, for backwards compatibility. Change the Profile iterations property to an int, not an int64, to match the code.secondbit.org/pass library (which is matching the PBKDF2 library).

Download raw file
View source Diff to previous Annotate
History 
     1.1 --- a/profile_test.go	Sun Nov 09 00:22:38 2014 -0500
     1.2 +++ b/profile_test.go	Tue Nov 11 21:13:16 2014 -0500
     1.3 @@ -149,7 +149,7 @@
     1.4  	}
     1.5  	for i := 0; i < variations; i++ {
     1.6  		var name, passphrase, salt, passphraseReset string
     1.7 -		var iterations int64
     1.8 +		var iterations int
     1.9  		var lockedUntil, passphraseResetCreated, lastSeen time.Time
    1.10  		var passphraseScheme int
    1.11  		var compromised bool
    1.12 @@ -168,7 +168,7 @@
    1.13  			expectation.Passphrase = passphrase
    1.14  		}
    1.15  		if i&profileChangeIterations != 0 {
    1.16 -			iterations = int64(i)
    1.17 +			iterations = i
    1.18  			change.Iterations = &iterations
    1.19  			expectation.Iterations = iterations
    1.20  		}
    1.21 @@ -331,7 +331,7 @@
    1.22  			t.Errorf("Expected `%v` in the `%s` field of login retrieved from %T, got `%v`", expectation, field, store, result)
    1.23  		}
    1.24  		lastUsed := time.Now()
    1.25 -		err = store.recordLoginUse(login.Type, login.Value, lastUsed)
    1.26 +		err = store.recordLoginUse(login.Value, lastUsed)
    1.27  		if err != nil {
    1.28  			t.Errorf("Error recording use of login to %T: %s", store, err)
    1.29  		}
    1.30 @@ -347,7 +347,7 @@
    1.31  		if !match {
    1.32  			t.Errorf("Expected `%v` in the `%s` field of login retrieved from %T, got `%v`", expectation, field, store, result)
    1.33  		}
    1.34 -		err = store.removeLogin(login.Type, login.Value, login.ProfileID)
    1.35 +		err = store.removeLogin(login.Value, login.ProfileID)
    1.36  		if err != nil {
    1.37  			t.Errorf("Error removing login from %T: %s", store, err)
    1.38  		}
    1.39 @@ -355,7 +355,7 @@
    1.40  		if len(retrieved) != 0 {
    1.41  			t.Errorf("Expected 0 login results from %T, got %d: %+v", store, len(retrieved), retrieved)
    1.42  		}
    1.43 -		err = store.removeLogin(login.Type, login.Value, login.ProfileID)
    1.44 +		err = store.removeLogin(login.Value, login.ProfileID)
    1.45  		if err != ErrLoginNotFound {
    1.46  			t.Errorf("Expected ErrLoginNotFound from %T, got %+v", store, err)
    1.47  		}
    1.48 @@ -394,7 +394,7 @@
    1.49  		if err != nil {
    1.50  			t.Errorf("Error storing login in %T: %s", store, err)
    1.51  		}
    1.52 -		retrieved, err := store.getProfileByLogin(login.Type, login.Value)
    1.53 +		retrieved, err := store.getProfileByLogin(login.Value)
    1.54  		if err != nil {
    1.55  			t.Errorf("Error retrieving profile by login from %T: %s", store, err)
    1.56  		}
    1.57 @@ -410,7 +410,7 @@
    1.58  	passphraseScheme := 1
    1.59  	passphraseReset := "reset"
    1.60  	salt := "salt"
    1.61 -	iterations := int64(100)
    1.62 +	iterations := 100
    1.63  	shortPassphrase := "a"
    1.64  	longPassphrase := "this passphrase is much too long for anyone to remember, and therefore should probably be discouraged by the software, don't you think?"
    1.65  	emptyName := ""