auth

Paddy 2014-11-19 Parent:d43c3fbf00f3 Child:eb3f2938a319

78:a9936cf794ba Go to Latest

auth/oauth2_test.go

More tests, login redirect bugfix. Add tests for our cookie checking helper and our helper for generating login redirection URIs. Fix a bug where the URL to redirect to was being URL-encoded twice when included in the login redirect URI.

Download raw file
View source Diff to previous Annotate
History 
     1.1 --- a/oauth2_test.go	Tue Nov 18 03:28:14 2014 -0500
     1.2 +++ b/oauth2_test.go	Wed Nov 19 00:17:34 2014 -0500
     1.3 @@ -552,3 +552,121 @@
     1.4  		}
     1.5  	}
     1.6  }
     1.7 +
     1.8 +func TestCheckCookie(t *testing.T) {
     1.9 +	t.Parallel()
    1.10 +	req, err := http.NewRequest("GET", "https://auth.secondbit.org", nil)
    1.11 +	if err != nil {
    1.12 +		t.Error("Unexpected error creating base request:", err)
    1.13 +	}
    1.14 +	store := NewMemstore()
    1.15 +	testContext := Context{
    1.16 +		sessions: store,
    1.17 +	}
    1.18 +	session, err := checkCookie(req, testContext)
    1.19 +	if err != ErrNoSession {
    1.20 +		t.Errorf("Expected ErrNoSession, got %s", err)
    1.21 +	}
    1.22 +	session = Session{
    1.23 +		ID:     "testsession",
    1.24 +		Active: true,
    1.25 +	}
    1.26 +	err = testContext.CreateSession(session)
    1.27 +	if err != nil {
    1.28 +		t.Error("Unexpected error persisting session:", err)
    1.29 +	}
    1.30 +	invalidSession := Session{
    1.31 +		ID:     "testsession2",
    1.32 +		Active: false,
    1.33 +	}
    1.34 +	err = testContext.CreateSession(invalidSession)
    1.35 +	if err != nil {
    1.36 +		t.Error("Unexpected error persisting session:", err)
    1.37 +	}
    1.38 +	result, err := checkCookie(req, testContext)
    1.39 +	if err != ErrNoSession {
    1.40 +		t.Errorf("Expected ErrNoSession, got %s", err)
    1.41 +	}
    1.42 +	req.AddCookie(&http.Cookie{
    1.43 +		Name:  "wrongcookie",
    1.44 +		Value: "wrong value",
    1.45 +	})
    1.46 +	result, err = checkCookie(req, testContext)
    1.47 +	if err != ErrNoSession {
    1.48 +		t.Error("Expected ErrNoSession, got", err)
    1.49 +	}
    1.50 +	req, err = http.NewRequest("GET", "https://auth.secondbit.org", nil)
    1.51 +	if err != nil {
    1.52 +		t.Error("Unexpected error creating base request:", err)
    1.53 +	}
    1.54 +	req.AddCookie(&http.Cookie{
    1.55 +		Name:  "Stillwrongcookie",
    1.56 +		Value: session.ID,
    1.57 +	})
    1.58 +	result, err = checkCookie(req, testContext)
    1.59 +	if err != ErrNoSession {
    1.60 +		t.Error("Expected ErrNoSession, got", err)
    1.61 +	}
    1.62 +	req, err = http.NewRequest("GET", "https://auth.secondbit.org", nil)
    1.63 +	if err != nil {
    1.64 +		t.Error("Unexpected error creating base request:", err)
    1.65 +	}
    1.66 +	req.AddCookie(&http.Cookie{
    1.67 +		Name:  authCookieName,
    1.68 +		Value: "wrong value",
    1.69 +	})
    1.70 +	result, err = checkCookie(req, testContext)
    1.71 +	if err != ErrInvalidSession {
    1.72 +		t.Error("Expected ErrInvalidSession, got", err)
    1.73 +	}
    1.74 +	req, err = http.NewRequest("GET", "https://auth.secondbit.org", nil)
    1.75 +	if err != nil {
    1.76 +		t.Error("Unexpected error creating base request:", err)
    1.77 +	}
    1.78 +	req.AddCookie(&http.Cookie{
    1.79 +		Name:  authCookieName,
    1.80 +		Value: invalidSession.ID,
    1.81 +	})
    1.82 +	result, err = checkCookie(req, testContext)
    1.83 +	if err != ErrInvalidSession {
    1.84 +		t.Error("Expected ErrInvalidSession, got", err)
    1.85 +	}
    1.86 +	req, err = http.NewRequest("GET", "https://auth.secondbit.org", nil)
    1.87 +	if err != nil {
    1.88 +		t.Error("Unexpected error creating base request:", err)
    1.89 +	}
    1.90 +	req.AddCookie(&http.Cookie{
    1.91 +		Name:  authCookieName,
    1.92 +		Value: session.ID,
    1.93 +	})
    1.94 +	result, err = checkCookie(req, testContext)
    1.95 +	if err != nil {
    1.96 +		t.Error("Unexpected error:", err)
    1.97 +	}
    1.98 +	success, field, expectation, outcome := compareSessions(session, result)
    1.99 +	if !success {
   1.100 +		t.Errorf(`Expected field %s to be %v, but got %v`, field, expectation, outcome)
   1.101 +	}
   1.102 +}
   1.103 +
   1.104 +func TestBuildLoginRedirect(t *testing.T) {
   1.105 +	t.Parallel()
   1.106 +	req, err := http.NewRequest("GET", "https://client.secondbit.org/my/awesome/path?has=query&params=to&screw=this&all=up", nil)
   1.107 +	if err != nil {
   1.108 +		t.Error("Unexpected error creating base request:", err)
   1.109 +	}
   1.110 +	result := buildLoginRedirect(req, Context{})
   1.111 +	if result != "" {
   1.112 +		t.Error("Expected empty string as the result, got", result)
   1.113 +	}
   1.114 +	uri, err := url.Parse("https://auth.secondbit.org/login?query=string&other=param")
   1.115 +	if err != nil {
   1.116 +		t.Error("Unexpected error parsing URL:", err)
   1.117 +	}
   1.118 +	c := Context{loginURI: uri}
   1.119 +	result = buildLoginRedirect(req, c)
   1.120 +	expectation := "https://auth.secondbit.org/login?from=https%3A%2F%2Fclient.secondbit.org%2Fmy%2Fawesome%2Fpath%3Fhas%3Dquery%26params%3Dto%26screw%3Dthis%26all%3Dup&other=param&query=string"
   1.121 +	if result != expectation {
   1.122 +		t.Errorf(`Expected result string to be "%s", was "%s"`, expectation, result)
   1.123 +	}
   1.124 +}