auth

Paddy 2015-12-14 Parent:581c60f8dd23

181:b7e685839a1b Go to Latest

auth/token_test.go

Break out scopes and events. This repo has gotten unwieldy, and there are portions of it that need to be imported by a large number of other packages. For example, scopes will be used in almost every API we write. Rather than importing the entirety of this codebase into every API we write, I've opted to move the scope logic out into a scopes package, with a subpackage for the defined types, which is all most projects actually want to import. We also define some event type constants, and importing those shouldn't require a project to import all our dependencies, either. So I made an events subpackage that just holds those constants. This package has become a little bit of a red-headed stepchild and is do for a refactor, but I'm trying to put that off as long as I can. The refactoring of our scopes stuff has left a bug wherein a token can be granted for scopes that don't exist. I'm going to need to revisit that, and also how to limit scopes to only be granted to the users that should be able to request them. But that's a battle for another day.

Download raw file
View source Diff to previous Annotate
History
1 package auth
2
3 import (
4 "os"
5 "testing"
6 "time"
7
8 "code.secondbit.org/scopes.hg/types"
9 "code.secondbit.org/uuid.hg"
10 )
11
12 func init() {
13 if os.Getenv("PG_TEST_DB") != "" {
14 p, err := NewPostgres(os.Getenv("PG_TEST_DB"))
15 if err != nil {
16 panic(err)
17 }
18 tokenStores = append(tokenStores, &p)
19 }
20 }
21
22 var tokenStores = []tokenStore{NewMemstore()}
23
24 func compareTokens(token1, token2 Token) (success bool, field string, val1, val2 interface{}) {
25 if token1.AccessToken != token2.AccessToken {
26 return false, "access token", token1.AccessToken, token2.AccessToken
27 }
28 if token1.RefreshToken != token2.RefreshToken {
29 return false, "refresh token", token1.RefreshToken, token2.RefreshToken
30 }
31 if !token1.Created.Equal(token2.Created) {
32 return false, "created", token1.Created, token2.Created
33 }
34 if token1.CreatedFrom != token2.CreatedFrom {
35 return false, "created from", token1.CreatedFrom, token2.CreatedFrom
36 }
37 if token1.ExpiresIn != token2.ExpiresIn {
38 return false, "expires in", token1.ExpiresIn, token2.ExpiresIn
39 }
40 if token1.TokenType != token2.TokenType {
41 return false, "token type", token1.TokenType, token2.TokenType
42 }
43 if len(token1.Scopes) != len(token2.Scopes) {
44 return false, "scopes", token1.Scopes, token2.Scopes
45 }
46 for pos, scope := range token1.Scopes {
47 if scope != token2.Scopes[pos] {
48 return false, "scopes", token1.Scopes, token2.Scopes
49 }
50 }
51 if !token1.ProfileID.Equal(token2.ProfileID) {
52 return false, "profile ID", token1.ProfileID, token2.ProfileID
53 }
54 if token1.Revoked != token2.Revoked {
55 return false, "revoked", token1.Revoked, token2.Revoked
56 }
57 return true, "", nil, nil
58 }
59
60 func TestTokenStoreSuccess(t *testing.T) {
61 t.Parallel()
62 token := Token{
63 AccessToken: "access",
64 RefreshToken: "refresh",
65 Created: time.Now().Round(time.Millisecond),
66 ExpiresIn: 3600,
67 TokenType: "bearer",
68 Scopes: scopeTypes.StringsToScopes([]string{"scope"}),
69 ProfileID: uuid.NewID(),
70 }
71 for _, store := range tokenStores {
72 context := Context{tokens: store}
73 retrievedAccess, err := context.GetToken(token.AccessToken, false)
74 if err == nil {
75 t.Errorf("Expected ErrTokenNotFound from %T, got %+v", store, retrievedAccess)
76 } else if err != ErrTokenNotFound {
77 t.Errorf("Expected ErrTokenNotFound from %T, got %s", store, err)
78 }
79 retrievedRefresh, err := context.GetToken(token.RefreshToken, true)
80 if err == nil {
81 t.Errorf("Expected ErrTokenNotFound from %T, got %+v", store, retrievedRefresh)
82 } else if err != ErrTokenNotFound {
83 t.Errorf("Expected ErrTokenNotFound from %T, got %s", store, err)
84 }
85 err = context.RevokeToken(token.RefreshToken)
86 if err != ErrTokenNotFound {
87 t.Errorf("Expected ErrTokenNotFound from %T, got %s", store, err)
88 }
89 err = context.SaveToken(token)
90 if err != nil {
91 t.Errorf("Error saving token to %T: %s", store, err)
92 }
93 err = context.SaveToken(token)
94 if err != ErrTokenAlreadyExists {
95 t.Errorf("Expected ErrTokenAlreadyExists from %T, got %s", store, err)
96 }
97 retrievedAccess, err = context.GetToken(token.AccessToken, false)
98 if err != nil {
99 t.Errorf("Error retrieving token from %T: %s", store, err)
100 }
101 success, field, expectation, result := compareTokens(token, retrievedAccess)
102 if !success {
103 t.Errorf("Expected field %s to be %v, but got %v from %T", field, expectation, result, store)
104 }
105 retrievedRefresh, err = context.GetToken(token.RefreshToken, true)
106 if err != nil {
107 t.Errorf("Error retrieving refresh token from %T: %s", store, err)
108 }
109 success, field, expectation, result = compareTokens(token, retrievedRefresh)
110 if !success {
111 t.Errorf("Expected field %s to be %v, but got %v from %T", field, expectation, result, store)
112 }
113 retrievedProfile, err := context.GetTokensByProfileID(token.ProfileID, 25, 0)
114 if err != nil {
115 t.Errorf("Error retrieving token by profile from %T: %s", store, err)
116 }
117 if len(retrievedProfile) != 1 {
118 t.Errorf("Expected 1 token retrieved by profile ID from %T, got %+v", store, retrievedProfile)
119 }
120 success, field, expectation, result = compareTokens(token, retrievedProfile[0])
121 if !success {
122 t.Errorf("Expected field %s to be %v, but got %v from %T", field, expectation, result, store)
123 }
124 err = context.RevokeToken(token.RefreshToken)
125 if err != nil {
126 t.Errorf("Error revoking token in %T: %s", store, err)
127 }
128 retrievedRevoked, err := context.GetToken(token.AccessToken, false)
129 if err != nil {
130 t.Errorf("Error retrieving token from %T: %s", store, err)
131 }
132 token.Revoked = true
133 success, field, expectation, result = compareTokens(token, retrievedRevoked)
134 if !success {
135 t.Errorf("Expected field %s to be %v, but got %v from %T", field, expectation, result, store)
136 }
137 }
138 }
139
140 // BUG(paddy): We need to test the refreshTokenValidate function.
141 // BUG(paddy): We need to test the refreshTokenInvalidate function.