auth

Paddy 2015-03-22 Parent:8267e1c8bcd1 Child:762953f6a7f2

151:77db7c65216c Go to Latest

auth/token_test.go

Implement postgres clientStore. Stop requiring the client ID be passed to clientStore.addEndpoints and context.AddEndpoints. The Endpoints themselves contain the client ID. When using the authd server, set the log flags to include the file path and line number. Add an ErrEndpointAlreadyExists error, to return when creating an endpoint and its ID already exists in the database. Add a Deleted property to Clients and remove the clientStore.deleteClient and context.DeleteClient methods. We're not going to actually remove that data, and we want to be able to restore it, so include it in the ClientChange type and call it using UpdateClient. Create a ClientChange.Empty helper method that will return whether the ClientChange has any changes to perform. Return ErrClientNotFound from clientStore.getClient if the Client's Deleted property is set to true. This also requires us to ignore ErrClientNotFound errors when calling memstore.listClientsByOwner, as they should just be skipped instead of returning an error. Add the postgres type methods needed to implement clientStore. Include postgres as a clientStore if the testing.Short() flag is not set. Generate a new ID for the Client on every run in the tests, now that we can't actually remove it from the database/memstore in code. We really just need a *Store.Reset() function that erases all the data and starts over again, to give the tests a clean execution environment (and so they can clean up after themselves). Add the CREATE TABLE statements for the Clients table and the Endpoints table to sql/postgres_init.sql.

Download raw file
View source Diff to previous Annotate
History
1 package auth
2
3 import (
4 "testing"
5 "time"
6
7 "code.secondbit.org/uuid.hg"
8 )
9
10 var tokenStores = []tokenStore{NewMemstore()}
11
12 func compareTokens(token1, token2 Token) (success bool, field string, val1, val2 interface{}) {
13 if token1.AccessToken != token2.AccessToken {
14 return false, "access token", token1.AccessToken, token2.AccessToken
15 }
16 if token1.RefreshToken != token2.RefreshToken {
17 return false, "refresh token", token1.RefreshToken, token2.RefreshToken
18 }
19 if !token1.Created.Equal(token2.Created) {
20 return false, "created", token1.Created, token2.Created
21 }
22 if token1.CreatedFrom != token2.CreatedFrom {
23 return false, "created from", token1.CreatedFrom, token2.CreatedFrom
24 }
25 if token1.ExpiresIn != token2.ExpiresIn {
26 return false, "expires in", token1.ExpiresIn, token2.ExpiresIn
27 }
28 if token1.TokenType != token2.TokenType {
29 return false, "token type", token1.TokenType, token2.TokenType
30 }
31 if len(token1.Scopes) != len(token2.Scopes) {
32 return false, "scopes", token1.Scopes, token2.Scopes
33 }
34 for pos, scope := range token1.Scopes {
35 if scope != token2.Scopes[pos] {
36 return false, "scopes", token1.Scopes, token2.Scopes
37 }
38 }
39 if !token1.ProfileID.Equal(token2.ProfileID) {
40 return false, "profile ID", token1.ProfileID, token2.ProfileID
41 }
42 if token1.Revoked != token2.Revoked {
43 return false, "revoked", token1.Revoked, token2.Revoked
44 }
45 return true, "", nil, nil
46 }
47
48 func TestTokenStoreSuccess(t *testing.T) {
49 t.Parallel()
50 token := Token{
51 AccessToken: "access",
52 RefreshToken: "refresh",
53 Created: time.Now().Round(time.Millisecond),
54 ExpiresIn: 3600,
55 TokenType: "bearer",
56 Scopes: []string{"scope"},
57 ProfileID: uuid.NewID(),
58 }
59 for _, store := range tokenStores {
60 context := Context{tokens: store}
61 retrievedAccess, err := context.GetToken(token.AccessToken, false)
62 if err == nil {
63 t.Errorf("Expected ErrTokenNotFound from %T, got %+v", store, retrievedAccess)
64 } else if err != ErrTokenNotFound {
65 t.Errorf("Expected ErrTokenNotFound from %T, got %s", store, err)
66 }
67 retrievedRefresh, err := context.GetToken(token.RefreshToken, true)
68 if err == nil {
69 t.Errorf("Expected ErrTokenNotFound from %T, got %+v", store, retrievedRefresh)
70 } else if err != ErrTokenNotFound {
71 t.Errorf("Expected ErrTokenNotFound from %T, got %s", store, err)
72 }
73 err = context.RevokeToken(token.AccessToken, false)
74 if err != ErrTokenNotFound {
75 t.Errorf("Expected ErrTokenNotFound from %T, got %s", store, err)
76 }
77 err = context.RevokeToken(token.RefreshToken, true)
78 if err != ErrTokenNotFound {
79 t.Errorf("Expected ErrTokenNotFound from %T, got %s", store, err)
80 }
81 err = context.SaveToken(token)
82 if err != nil {
83 t.Errorf("Error saving token to %T: %s", store, err)
84 }
85 err = context.SaveToken(token)
86 if err != ErrTokenAlreadyExists {
87 t.Errorf("Expected ErrTokenAlreadyExists from %T, got %s", store, err)
88 }
89 retrievedAccess, err = context.GetToken(token.AccessToken, false)
90 if err != nil {
91 t.Errorf("Error retrieving token from %T: %s", store, err)
92 }
93 success, field, expectation, result := compareTokens(token, retrievedAccess)
94 if !success {
95 t.Errorf("Expected field %s to be %v, but got %v from %T", field, expectation, result, store)
96 }
97 retrievedRefresh, err = context.GetToken(token.RefreshToken, true)
98 if err != nil {
99 t.Errorf("Error retrieving refresh token from %T: %s", store, err)
100 }
101 success, field, expectation, result = compareTokens(token, retrievedRefresh)
102 if !success {
103 t.Errorf("Expected field %s to be %v, but got %v from %T", field, expectation, result, store)
104 }
105 retrievedProfile, err := context.GetTokensByProfileID(token.ProfileID, 25, 0)
106 if err != nil {
107 t.Errorf("Error retrieving token by profile from %T: %s", store, err)
108 }
109 if len(retrievedProfile) != 1 {
110 t.Errorf("Expected 1 token retrieved by profile ID from %T, got %+v", store, retrievedProfile)
111 }
112 success, field, expectation, result = compareTokens(token, retrievedProfile[0])
113 if !success {
114 t.Errorf("Expected field %s to be %v, but got %v from %T", field, expectation, result, store)
115 }
116 err = context.RevokeToken(token.AccessToken, false)
117 if err != nil {
118 t.Errorf("Error revoking token in %T: %s", store, err)
119 }
120 retrievedRevoked, err := context.GetToken(token.AccessToken, false)
121 if err != nil {
122 t.Errorf("Error retrieving token from %T: %s", store, err)
123 }
124 token.Revoked = true
125 success, field, expectation, result = compareTokens(token, retrievedRevoked)
126 if !success {
127 t.Errorf("Expected field %s to be %v, but got %v from %T", field, expectation, result, store)
128 }
129 err = context.RevokeToken(token.RefreshToken, true)
130 if err != nil {
131 t.Errorf("Error revoking token in %T: %s", store, err)
132 }
133 retrievedRevoked, err = context.GetToken(token.RefreshToken, true)
134 if err != nil {
135 t.Errorf("Error retrieving token from %T: %s", store, err)
136 }
137 token.RefreshRevoked = true
138 success, field, expectation, result = compareTokens(token, retrievedRevoked)
139 if !success {
140 t.Errorf("Expected field %s to be %v, but got %v from %T", field, expectation, result, store)
141 }
142 }
143 }
144
145 // BUG(paddy): We need to test the refreshTokenValidate function.
146 // BUG(paddy): We need to test the refreshTokenInvalidate function.