auth
auth/session_test.go
Return client Secrets when listing clients with basic auth. If the request to list clients is sent with basic auth containing the login and password for the owner of the client, its secret is not removed from the response before sending it.
1 package auth
3 import (
4 "testing"
5 "time"
7 "code.secondbit.org/uuid.hg"
8 )
10 var sessionStores = []sessionStore{NewMemstore()}
12 func compareSessions(session1, session2 Session) (success bool, field string, val1, val2 interface{}) {
13 if session1.ID != session2.ID {
14 return false, "ID", session1.ID, session2.ID
15 }
16 if session1.IP != session2.IP {
17 return false, "IP", session1.IP, session2.IP
18 }
19 if session1.UserAgent != session2.UserAgent {
20 return false, "UserAgent", session1.UserAgent, session2.UserAgent
21 }
22 if !session1.ProfileID.Equal(session2.ProfileID) {
23 return false, "ProfileID", session1.ProfileID, session2.ProfileID
24 }
25 if !session1.Created.Equal(session2.Created) {
26 return false, "Created", session1.Created, session2.Created
27 }
28 if !session1.Expires.Equal(session2.Expires) {
29 return false, "Expires", session1.Expires, session2.Expires
30 }
31 if session1.Login != session2.Login {
32 return false, "Login", session1.Login, session2.Login
33 }
34 if session1.Active != session2.Active {
35 return false, "Active", session1.Active, session2.Active
36 }
37 if session1.CSRFToken != session2.CSRFToken {
38 return false, "CSRFToken", session1.CSRFToken, session2.CSRFToken
39 }
40 return true, "", nil, nil
41 }
43 func TestSessionStoreSuccess(t *testing.T) {
44 t.Parallel()
45 session := Session{
46 ID: uuid.NewID().String() + uuid.NewID().String(),
47 IP: "127.0.0.1",
48 UserAgent: "TestRunner",
49 ProfileID: uuid.NewID(),
50 Created: time.Now(),
51 Login: "test@example.com",
52 Active: true,
53 }
54 for _, store := range sessionStores {
55 context := Context{sessions: store}
56 err := context.CreateSession(session)
57 if err != nil {
58 t.Errorf("Error saving session to %T: %s", store, err)
59 }
60 err = context.CreateSession(session)
61 if err != ErrSessionAlreadyExists {
62 t.Errorf("Expected ErrSessionAlreadyExists from %T, got %s", store, err)
63 }
64 retrieved, err := context.GetSession(session.ID)
65 if err != nil {
66 t.Errorf("Error retrieving session from %T: %s", store, err)
67 }
68 success, field, expectation, result := compareSessions(session, retrieved)
69 if !success {
70 t.Errorf("Expected field %s to be %v, but got %v from %T", field, expectation, result, store)
71 }
72 retrievedList, err := context.ListSessions(session.ProfileID, time.Time{}, 10)
73 if err != nil {
74 t.Errorf("Error retrieving sessions by profile from %T: %s", store, err)
75 }
76 if len(retrievedList) != 1 {
77 t.Errorf("Expected 1 session retrieved by profile from %T, got %d", store, len(retrievedList))
78 }
79 success, field, expectation, result = compareSessions(session, retrievedList[0])
80 if !success {
81 t.Errorf("Expected field %s to be %v, but got %v from %T", field, expectation, result, store)
82 }
83 err = context.RemoveSession(session.ID)
84 if err != nil {
85 t.Errorf("Error removing session from %T: %s", store, err)
86 }
87 retrieved, err = context.GetSession(session.ID)
88 if err != ErrSessionNotFound {
89 t.Errorf("Expected ErrSessionNotFound from %T, got %s", store, err)
90 }
91 retrievedList, err = context.ListSessions(session.ProfileID, time.Time{}, 10)
92 if err != nil {
93 t.Errorf("Error retrieving sessions by profile from %T: %s", store, err)
94 }
95 if len(retrievedList) != 0 {
96 t.Errorf("Expected 0 sessions retrieved by profile from %T, got %d", store, len(retrievedList))
97 }
98 err = context.RemoveSession(session.ID)
99 if err != ErrSessionNotFound {
100 t.Errorf("Expected ErrSessionNotFound from %T, got %s", store, err)
101 }
102 }
103 }
105 // BUG(paddy): We need to test the CreateSessionHandler.
106 // BUG(paddy): We need to test the credentialsValidate function.