auth
auth/token_test.go
Test our GetClientHandler function, add isAuthError helper. Add a helper that identifies whether the error passed to it is an authentication error or is some other type of error. This is useful fo checking whether or not an internal error occurred while authenticating users. Update all instances where we call our authentication helper to make them use the new error helper. All tests continue to pass. Add a new test case for retrieving a client as an unauthenticated user. This clears the client's secret from the response before sending it. Update the GetClientHandler function to return the secret when the owner of the client used Basic Auth in the request. Add a new test case for retrieving a client as an authenticated user, both the owner and a non-owner user. This makes sure the secret is divulged only in the appropriate cases.
1 package auth
3 import (
4 "testing"
5 "time"
7 "code.secondbit.org/uuid.hg"
8 )
10 var tokenStores = []tokenStore{NewMemstore()}
12 func compareTokens(token1, token2 Token) (success bool, field string, val1, val2 interface{}) {
13 if token1.AccessToken != token2.AccessToken {
14 return false, "access token", token1.AccessToken, token2.AccessToken
15 }
16 if token1.RefreshToken != token2.RefreshToken {
17 return false, "refresh token", token1.RefreshToken, token2.RefreshToken
18 }
19 if !token1.Created.Equal(token2.Created) {
20 return false, "created", token1.Created, token2.Created
21 }
22 if token1.CreatedFrom != token2.CreatedFrom {
23 return false, "created from", token1.CreatedFrom, token2.CreatedFrom
24 }
25 if token1.ExpiresIn != token2.ExpiresIn {
26 return false, "expires in", token1.ExpiresIn, token2.ExpiresIn
27 }
28 if token1.TokenType != token2.TokenType {
29 return false, "token type", token1.TokenType, token2.TokenType
30 }
31 if len(token1.Scopes) != len(token2.Scopes) {
32 return false, "scopes", token1.Scopes, token2.Scopes
33 }
34 for pos, scope := range token1.Scopes {
35 if scope != token2.Scopes[pos] {
36 return false, "scopes", token1.Scopes, token2.Scopes
37 }
38 }
39 if !token1.ProfileID.Equal(token2.ProfileID) {
40 return false, "profile ID", token1.ProfileID, token2.ProfileID
41 }
42 if token1.Revoked != token2.Revoked {
43 return false, "revoked", token1.Revoked, token2.Revoked
44 }
45 return true, "", nil, nil
46 }
48 func TestTokenStoreSuccess(t *testing.T) {
49 t.Parallel()
50 token := Token{
51 AccessToken: "access",
52 RefreshToken: "refresh",
53 Created: time.Now(),
54 ExpiresIn: 3600,
55 TokenType: "bearer",
56 Scopes: []string{"scope"},
57 ProfileID: uuid.NewID(),
58 }
59 for _, store := range tokenStores {
60 context := Context{tokens: store}
61 retrievedAccess, err := context.GetToken(token.AccessToken, false)
62 if err == nil {
63 t.Errorf("Expected ErrTokenNotFound from %T, got %+v", store, retrievedAccess)
64 } else if err != ErrTokenNotFound {
65 t.Errorf("Expected ErrTokenNotFound from %T, got %s", store, err)
66 }
67 retrievedRefresh, err := context.GetToken(token.RefreshToken, true)
68 if err == nil {
69 t.Errorf("Expected ErrTokenNotFound from %T, got %+v", store, retrievedRefresh)
70 } else if err != ErrTokenNotFound {
71 t.Errorf("Expected ErrTokenNotFound from %T, got %s", store, err)
72 }
73 err = context.RevokeToken(token.AccessToken, false)
74 if err != ErrTokenNotFound {
75 t.Errorf("Expected ErrTokenNotFound from %T, got %s", store, err)
76 }
77 err = context.RevokeToken(token.RefreshToken, true)
78 if err != ErrTokenNotFound {
79 t.Errorf("Expected ErrTokenNotFound from %T, got %s", store, err)
80 }
81 err = context.SaveToken(token)
82 if err != nil {
83 t.Errorf("Error saving token to %T: %s", store, err)
84 }
85 err = context.SaveToken(token)
86 if err != ErrTokenAlreadyExists {
87 t.Errorf("Expected ErrTokenAlreadyExists from %T, got %s", store, err)
88 }
89 retrievedAccess, err = context.GetToken(token.AccessToken, false)
90 if err != nil {
91 t.Errorf("Error retrieving token from %T: %s", store, err)
92 }
93 success, field, expectation, result := compareTokens(token, retrievedAccess)
94 if !success {
95 t.Errorf("Expected field %s to be %v, but got %v from %T", field, expectation, result, store)
96 }
97 retrievedRefresh, err = context.GetToken(token.RefreshToken, true)
98 if err != nil {
99 t.Errorf("Error retrieving refresh token from %T: %s", store, err)
100 }
101 success, field, expectation, result = compareTokens(token, retrievedRefresh)
102 if !success {
103 t.Errorf("Expected field %s to be %v, but got %v from %T", field, expectation, result, store)
104 }
105 retrievedProfile, err := context.GetTokensByProfileID(token.ProfileID, 25, 0)
106 if err != nil {
107 t.Errorf("Error retrieving token by profile from %T: %s", store, err)
108 }
109 if len(retrievedProfile) != 1 {
110 t.Errorf("Expected 1 token retrieved by profile ID from %T, got %+v", store, retrievedProfile)
111 }
112 success, field, expectation, result = compareTokens(token, retrievedProfile[0])
113 if !success {
114 t.Errorf("Expected field %s to be %v, but got %v from %T", field, expectation, result, store)
115 }
116 err = context.RevokeToken(token.AccessToken, false)
117 if err != nil {
118 t.Errorf("Error revoking token in %T: %s", store, err)
119 }
120 retrievedRevoked, err := context.GetToken(token.AccessToken, false)
121 if err != nil {
122 t.Errorf("Error retrieving token from %T: %s", store, err)
123 }
124 token.Revoked = true
125 success, field, expectation, result = compareTokens(token, retrievedRevoked)
126 if !success {
127 t.Errorf("Expected field %s to be %v, but got %v from %T", field, expectation, result, store)
128 }
129 err = context.RevokeToken(token.RefreshToken, true)
130 if err != nil {
131 t.Errorf("Error revoking token in %T: %s", store, err)
132 }
133 retrievedRevoked, err = context.GetToken(token.RefreshToken, true)
134 if err != nil {
135 t.Errorf("Error retrieving token from %T: %s", store, err)
136 }
137 token.RefreshRevoked = true
138 success, field, expectation, result = compareTokens(token, retrievedRevoked)
139 if !success {
140 t.Errorf("Expected field %s to be %v, but got %v from %T", field, expectation, result, store)
141 }
142 }
143 }
145 // BUG(paddy): We need to test the refreshTokenValidate function.
146 // BUG(paddy): We need to test the refreshTokenInvalidate function.