auth

Paddy 2015-03-21 Parent:d30a3a12d387 Child:762953f6a7f2

149:8267e1c8bcd1 Go to Latest

auth/token_test.go

Test our Postgres profileStore implementation. Update all our test cases to use time.Now().Round(time.Millisecond), because Go uses nanosecond precision on time values, but Postgres silently truncates that to millisecond precision. This caused our tests to report false failures that were just silent precision loss, not actual failures. Set up our authd server to use the Postgres store for profiles and automatically create a test scope when starting up. Log errors when creating Clients through the API, instead of just swallowing them and sending back cryptic act of god errors. Add a NewPostgres helper that returns a postgres profileStore from a connection string (passed through pq transparently). Add an Empty() bool helper to ProfileChange and BulkProfileChange types, so we can determine if there are any changes we need to act on easily. Log errors when creating Pofiles through the API, instead of just swalloing them and sending back cryptic act of god errors. Remove the ` quotes around field and table names, which are not supported in Postgres. This required adding a few functions/methods to pan. Detect situations where a profile was expected and not found, and return ErrProfileNotFound. Detect pq errors thrown when the profiles_pkey constraint is violated, and transform them to the ErrProfileAlreadyExists error. Detect empty ProfileChange and BulkProfileChange variables and abort the updateProfile and updateProfiles methods early, before invalid SQL is generated. Detect pq errors thrown when the logins_pkey constraint is violated, and transform them to the ErrLoginAlreadyExists error. Detect when removing a Login and no rows were affected, and return an ErrLoginNotFound. Create an sql dir with a postgres_init script that will initialize the schema of the tables expected in the database.

Download raw file
View source Diff to previous Annotate
History
1 package auth
2
3 import (
4 "testing"
5 "time"
6
7 "code.secondbit.org/uuid.hg"
8 )
9
10 var tokenStores = []tokenStore{NewMemstore()}
11
12 func compareTokens(token1, token2 Token) (success bool, field string, val1, val2 interface{}) {
13 if token1.AccessToken != token2.AccessToken {
14 return false, "access token", token1.AccessToken, token2.AccessToken
15 }
16 if token1.RefreshToken != token2.RefreshToken {
17 return false, "refresh token", token1.RefreshToken, token2.RefreshToken
18 }
19 if !token1.Created.Equal(token2.Created) {
20 return false, "created", token1.Created, token2.Created
21 }
22 if token1.CreatedFrom != token2.CreatedFrom {
23 return false, "created from", token1.CreatedFrom, token2.CreatedFrom
24 }
25 if token1.ExpiresIn != token2.ExpiresIn {
26 return false, "expires in", token1.ExpiresIn, token2.ExpiresIn
27 }
28 if token1.TokenType != token2.TokenType {
29 return false, "token type", token1.TokenType, token2.TokenType
30 }
31 if len(token1.Scopes) != len(token2.Scopes) {
32 return false, "scopes", token1.Scopes, token2.Scopes
33 }
34 for pos, scope := range token1.Scopes {
35 if scope != token2.Scopes[pos] {
36 return false, "scopes", token1.Scopes, token2.Scopes
37 }
38 }
39 if !token1.ProfileID.Equal(token2.ProfileID) {
40 return false, "profile ID", token1.ProfileID, token2.ProfileID
41 }
42 if token1.Revoked != token2.Revoked {
43 return false, "revoked", token1.Revoked, token2.Revoked
44 }
45 return true, "", nil, nil
46 }
47
48 func TestTokenStoreSuccess(t *testing.T) {
49 t.Parallel()
50 token := Token{
51 AccessToken: "access",
52 RefreshToken: "refresh",
53 Created: time.Now().Round(time.Millisecond),
54 ExpiresIn: 3600,
55 TokenType: "bearer",
56 Scopes: []string{"scope"},
57 ProfileID: uuid.NewID(),
58 }
59 for _, store := range tokenStores {
60 context := Context{tokens: store}
61 retrievedAccess, err := context.GetToken(token.AccessToken, false)
62 if err == nil {
63 t.Errorf("Expected ErrTokenNotFound from %T, got %+v", store, retrievedAccess)
64 } else if err != ErrTokenNotFound {
65 t.Errorf("Expected ErrTokenNotFound from %T, got %s", store, err)
66 }
67 retrievedRefresh, err := context.GetToken(token.RefreshToken, true)
68 if err == nil {
69 t.Errorf("Expected ErrTokenNotFound from %T, got %+v", store, retrievedRefresh)
70 } else if err != ErrTokenNotFound {
71 t.Errorf("Expected ErrTokenNotFound from %T, got %s", store, err)
72 }
73 err = context.RevokeToken(token.AccessToken, false)
74 if err != ErrTokenNotFound {
75 t.Errorf("Expected ErrTokenNotFound from %T, got %s", store, err)
76 }
77 err = context.RevokeToken(token.RefreshToken, true)
78 if err != ErrTokenNotFound {
79 t.Errorf("Expected ErrTokenNotFound from %T, got %s", store, err)
80 }
81 err = context.SaveToken(token)
82 if err != nil {
83 t.Errorf("Error saving token to %T: %s", store, err)
84 }
85 err = context.SaveToken(token)
86 if err != ErrTokenAlreadyExists {
87 t.Errorf("Expected ErrTokenAlreadyExists from %T, got %s", store, err)
88 }
89 retrievedAccess, err = context.GetToken(token.AccessToken, false)
90 if err != nil {
91 t.Errorf("Error retrieving token from %T: %s", store, err)
92 }
93 success, field, expectation, result := compareTokens(token, retrievedAccess)
94 if !success {
95 t.Errorf("Expected field %s to be %v, but got %v from %T", field, expectation, result, store)
96 }
97 retrievedRefresh, err = context.GetToken(token.RefreshToken, true)
98 if err != nil {
99 t.Errorf("Error retrieving refresh token from %T: %s", store, err)
100 }
101 success, field, expectation, result = compareTokens(token, retrievedRefresh)
102 if !success {
103 t.Errorf("Expected field %s to be %v, but got %v from %T", field, expectation, result, store)
104 }
105 retrievedProfile, err := context.GetTokensByProfileID(token.ProfileID, 25, 0)
106 if err != nil {
107 t.Errorf("Error retrieving token by profile from %T: %s", store, err)
108 }
109 if len(retrievedProfile) != 1 {
110 t.Errorf("Expected 1 token retrieved by profile ID from %T, got %+v", store, retrievedProfile)
111 }
112 success, field, expectation, result = compareTokens(token, retrievedProfile[0])
113 if !success {
114 t.Errorf("Expected field %s to be %v, but got %v from %T", field, expectation, result, store)
115 }
116 err = context.RevokeToken(token.AccessToken, false)
117 if err != nil {
118 t.Errorf("Error revoking token in %T: %s", store, err)
119 }
120 retrievedRevoked, err := context.GetToken(token.AccessToken, false)
121 if err != nil {
122 t.Errorf("Error retrieving token from %T: %s", store, err)
123 }
124 token.Revoked = true
125 success, field, expectation, result = compareTokens(token, retrievedRevoked)
126 if !success {
127 t.Errorf("Expected field %s to be %v, but got %v from %T", field, expectation, result, store)
128 }
129 err = context.RevokeToken(token.RefreshToken, true)
130 if err != nil {
131 t.Errorf("Error revoking token in %T: %s", store, err)
132 }
133 retrievedRevoked, err = context.GetToken(token.RefreshToken, true)
134 if err != nil {
135 t.Errorf("Error retrieving token from %T: %s", store, err)
136 }
137 token.RefreshRevoked = true
138 success, field, expectation, result = compareTokens(token, retrievedRevoked)
139 if !success {
140 t.Errorf("Expected field %s to be %v, but got %v from %T", field, expectation, result, store)
141 }
142 }
143 }
144
145 // BUG(paddy): We need to test the refreshTokenValidate function.
146 // BUG(paddy): We need to test the refreshTokenInvalidate function.