auth

Paddy 2015-04-19 Parent:762953f6a7f2 Child:581c60f8dd23

163:73e12d5a1124 Go to Latest

auth/token_test.go

Use postgres arrays for scope associations. Use the new pqarrays library I wrote to store Scope associations for Tokens and AuthorizationCodes, instead of using our hacky and abstraction-breaking many-to-many code. We also created the authStore.deleteAuthorizationCodesByProfileID method, to clear out the AuthorizationCodes that belong to a Profile (used when the Profile is deleted). So we added the implementation for memstore and for our postgres store. Call Context.DeleteAuthorizationCodesByProfileID when deleting a Profile to clean up after it. Rename sortedScopes to Scopes, which we use pqarrays.StringArray's methods on to fulfill the sql.Scanner and driver.Valuer interfaces. This lets us store Scopes in postgres arrays. Create a stringsToScopes helper function that creates Scope objects, with their IDs filled by the strings specified. Update our GrantType.Validate function signature to return Scopes instead of []string. Create a Scopes.Strings() helper method that returns a []string of the IDs of the Scopes. Update our SQL init file to use the new postgres array definition, instead of the many-to-many definition.

Download raw file

View source Diff to previous Annotate

1 package auth

3 import (

4 "os"

5 "testing"

6 "time"

8 "code.secondbit.org/uuid.hg"

11 func init() {

12 if os.Getenv("PG_TEST_DB") != "" {

13 p, err := NewPostgres(os.Getenv("PG_TEST_DB"))

14 if err != nil {

15 panic(err)

17 tokenStores = append(tokenStores, &p)

21 var tokenStores = []tokenStore{NewMemstore()}

23 func compareTokens(token1, token2 Token) (success bool, field string, val1, val2 interface{}) {

24 if token1.AccessToken != token2.AccessToken {

25 return false, "access token", token1.AccessToken, token2.AccessToken

27 if token1.RefreshToken != token2.RefreshToken {

28 return false, "refresh token", token1.RefreshToken, token2.RefreshToken

30 if !token1.Created.Equal(token2.Created) {

31 return false, "created", token1.Created, token2.Created

33 if token1.CreatedFrom != token2.CreatedFrom {

34 return false, "created from", token1.CreatedFrom, token2.CreatedFrom

36 if token1.ExpiresIn != token2.ExpiresIn {

37 return false, "expires in", token1.ExpiresIn, token2.ExpiresIn

39 if token1.TokenType != token2.TokenType {

40 return false, "token type", token1.TokenType, token2.TokenType

42 if len(token1.Scopes) != len(token2.Scopes) {

43 return false, "scopes", token1.Scopes, token2.Scopes

45 for pos, scope := range token1.Scopes {

46 if scope != token2.Scopes[pos] {

47 return false, "scopes", token1.Scopes, token2.Scopes

50 if !token1.ProfileID.Equal(token2.ProfileID) {

51 return false, "profile ID", token1.ProfileID, token2.ProfileID

53 if token1.Revoked != token2.Revoked {

54 return false, "revoked", token1.Revoked, token2.Revoked

56 return true, "", nil, nil

59 func TestTokenStoreSuccess(t *testing.T) {

60 t.Parallel()

61 token := Token{

62 AccessToken: "access",

63 RefreshToken: "refresh",

64 Created: time.Now().Round(time.Millisecond),

65 ExpiresIn: 3600,

66 TokenType: "bearer",

67 Scopes: stringsToScopes([]string{"scope"}),

68 ProfileID: uuid.NewID(),

70 for _, store := range tokenStores {

71 context := Context{tokens: store}

72 retrievedAccess, err := context.GetToken(token.AccessToken, false)

73 if err == nil {

74 t.Errorf("Expected ErrTokenNotFound from %T, got %+v", store, retrievedAccess)

75 } else if err != ErrTokenNotFound {

76 t.Errorf("Expected ErrTokenNotFound from %T, got %s", store, err)

78 retrievedRefresh, err := context.GetToken(token.RefreshToken, true)

79 if err == nil {

80 t.Errorf("Expected ErrTokenNotFound from %T, got %+v", store, retrievedRefresh)

81 } else if err != ErrTokenNotFound {

82 t.Errorf("Expected ErrTokenNotFound from %T, got %s", store, err)

84 err = context.RevokeToken(token.AccessToken, false)

85 if err != ErrTokenNotFound {

86 t.Errorf("Expected ErrTokenNotFound from %T, got %s", store, err)

88 err = context.RevokeToken(token.RefreshToken, true)

89 if err != ErrTokenNotFound {

90 t.Errorf("Expected ErrTokenNotFound from %T, got %s", store, err)

92 err = context.SaveToken(token)

93 if err != nil {

94 t.Errorf("Error saving token to %T: %s", store, err)

96 err = context.SaveToken(token)

97 if err != ErrTokenAlreadyExists {

98 t.Errorf("Expected ErrTokenAlreadyExists from %T, got %s", store, err)

100 retrievedAccess, err = context.GetToken(token.AccessToken, false)

101 if err != nil {

102 t.Errorf("Error retrieving token from %T: %s", store, err)

104 success, field, expectation, result := compareTokens(token, retrievedAccess)

105 if !success {

106 t.Errorf("Expected field %s to be %v, but got %v from %T", field, expectation, result, store)

108 retrievedRefresh, err = context.GetToken(token.RefreshToken, true)

109 if err != nil {

110 t.Errorf("Error retrieving refresh token from %T: %s", store, err)

112 success, field, expectation, result = compareTokens(token, retrievedRefresh)

113 if !success {

114 t.Errorf("Expected field %s to be %v, but got %v from %T", field, expectation, result, store)

116 retrievedProfile, err := context.GetTokensByProfileID(token.ProfileID, 25, 0)

117 if err != nil {

118 t.Errorf("Error retrieving token by profile from %T: %s", store, err)

120 if len(retrievedProfile) != 1 {

121 t.Errorf("Expected 1 token retrieved by profile ID from %T, got %+v", store, retrievedProfile)

123 success, field, expectation, result = compareTokens(token, retrievedProfile[0])

124 if !success {

125 t.Errorf("Expected field %s to be %v, but got %v from %T", field, expectation, result, store)

127 err = context.RevokeToken(token.AccessToken, false)

128 if err != nil {

129 t.Errorf("Error revoking token in %T: %s", store, err)

131 retrievedRevoked, err := context.GetToken(token.AccessToken, false)

132 if err != nil {

133 t.Errorf("Error retrieving token from %T: %s", store, err)

135 token.Revoked = true

136 success, field, expectation, result = compareTokens(token, retrievedRevoked)

137 if !success {

138 t.Errorf("Expected field %s to be %v, but got %v from %T", field, expectation, result, store)

140 err = context.RevokeToken(token.RefreshToken, true)

141 if err != nil {

142 t.Errorf("Error revoking token in %T: %s", store, err)

144 retrievedRevoked, err = context.GetToken(token.RefreshToken, true)

145 if err != nil {

146 t.Errorf("Error retrieving token from %T: %s", store, err)

148 token.RefreshRevoked = true

149 success, field, expectation, result = compareTokens(token, retrievedRevoked)

150 if !success {

151 t.Errorf("Expected field %s to be %v, but got %v from %T", field, expectation, result, store)

156 // BUG(paddy): We need to test the refreshTokenValidate function.

157 // BUG(paddy): We need to test the refreshTokenInvalidate function.