auth
auth/token_test.go
Add Client updating from the API. Add a handler to update Clients using the API. Add a helper that will decode a request for us based on its Content-Type header. Change the ClientChange.Validate function to return as many errors as possible, as opposed to just the first error it encounters. Update the ClientChange.Validate tests to take advantage of the new signature.
1 package auth
3 import (
4 "testing"
5 "time"
7 "code.secondbit.org/uuid.hg"
8 )
10 var tokenStores = []tokenStore{NewMemstore()}
12 func compareTokens(token1, token2 Token) (success bool, field string, val1, val2 interface{}) {
13 if token1.AccessToken != token2.AccessToken {
14 return false, "access token", token1.AccessToken, token2.AccessToken
15 }
16 if token1.RefreshToken != token2.RefreshToken {
17 return false, "refresh token", token1.RefreshToken, token2.RefreshToken
18 }
19 if !token1.Created.Equal(token2.Created) {
20 return false, "created", token1.Created, token2.Created
21 }
22 if token1.CreatedFrom != token2.CreatedFrom {
23 return false, "created from", token1.CreatedFrom, token2.CreatedFrom
24 }
25 if token1.ExpiresIn != token2.ExpiresIn {
26 return false, "expires in", token1.ExpiresIn, token2.ExpiresIn
27 }
28 if token1.TokenType != token2.TokenType {
29 return false, "token type", token1.TokenType, token2.TokenType
30 }
31 if token1.Scope != token2.Scope {
32 return false, "scope", token1.Scope, token2.Scope
33 }
34 if !token1.ProfileID.Equal(token2.ProfileID) {
35 return false, "profile ID", token1.ProfileID, token2.ProfileID
36 }
37 if token1.Revoked != token2.Revoked {
38 return false, "revoked", token1.Revoked, token2.Revoked
39 }
40 return true, "", nil, nil
41 }
43 func TestTokenStoreSuccess(t *testing.T) {
44 t.Parallel()
45 token := Token{
46 AccessToken: "access",
47 RefreshToken: "refresh",
48 Created: time.Now(),
49 ExpiresIn: 3600,
50 TokenType: "bearer",
51 Scope: "scope",
52 ProfileID: uuid.NewID(),
53 }
54 for _, store := range tokenStores {
55 context := Context{tokens: store}
56 retrievedAccess, err := context.GetToken(token.AccessToken, false)
57 if err == nil {
58 t.Errorf("Expected ErrTokenNotFound from %T, got %+v", store, retrievedAccess)
59 } else if err != ErrTokenNotFound {
60 t.Errorf("Expected ErrTokenNotFound from %T, got %s", store, err)
61 }
62 retrievedRefresh, err := context.GetToken(token.RefreshToken, true)
63 if err == nil {
64 t.Errorf("Expected ErrTokenNotFound from %T, got %+v", store, retrievedRefresh)
65 } else if err != ErrTokenNotFound {
66 t.Errorf("Expected ErrTokenNotFound from %T, got %s", store, err)
67 }
68 err = context.RevokeToken(token.AccessToken, false)
69 if err != ErrTokenNotFound {
70 t.Errorf("Expected ErrTokenNotFound from %T, got %s", store, err)
71 }
72 err = context.RevokeToken(token.RefreshToken, true)
73 if err != ErrTokenNotFound {
74 t.Errorf("Expected ErrTokenNotFound from %T, got %s", store, err)
75 }
76 err = context.SaveToken(token)
77 if err != nil {
78 t.Errorf("Error saving token to %T: %s", store, err)
79 }
80 err = context.SaveToken(token)
81 if err != ErrTokenAlreadyExists {
82 t.Errorf("Expected ErrTokenAlreadyExists from %T, got %s", store, err)
83 }
84 retrievedAccess, err = context.GetToken(token.AccessToken, false)
85 if err != nil {
86 t.Errorf("Error retrieving token from %T: %s", store, err)
87 }
88 success, field, expectation, result := compareTokens(token, retrievedAccess)
89 if !success {
90 t.Errorf("Expected field %s to be %v, but got %v from %T", field, expectation, result, store)
91 }
92 retrievedRefresh, err = context.GetToken(token.RefreshToken, true)
93 if err != nil {
94 t.Errorf("Error retrieving refresh token from %T: %s", store, err)
95 }
96 success, field, expectation, result = compareTokens(token, retrievedRefresh)
97 if !success {
98 t.Errorf("Expected field %s to be %v, but got %v from %T", field, expectation, result, store)
99 }
100 retrievedProfile, err := context.GetTokensByProfileID(token.ProfileID, 25, 0)
101 if err != nil {
102 t.Errorf("Error retrieving token by profile from %T: %s", store, err)
103 }
104 if len(retrievedProfile) != 1 {
105 t.Errorf("Expected 1 token retrieved by profile ID from %T, got %+v", store, retrievedProfile)
106 }
107 success, field, expectation, result = compareTokens(token, retrievedProfile[0])
108 if !success {
109 t.Errorf("Expected field %s to be %v, but got %v from %T", field, expectation, result, store)
110 }
111 err = context.RevokeToken(token.AccessToken, false)
112 if err != nil {
113 t.Errorf("Error revoking token in %T: %s", store, err)
114 }
115 retrievedRevoked, err := context.GetToken(token.AccessToken, false)
116 if err != nil {
117 t.Errorf("Error retrieving token from %T: %s", store, err)
118 }
119 token.Revoked = true
120 success, field, expectation, result = compareTokens(token, retrievedRevoked)
121 if !success {
122 t.Errorf("Expected field %s to be %v, but got %v from %T", field, expectation, result, store)
123 }
124 err = context.RevokeToken(token.RefreshToken, true)
125 if err != nil {
126 t.Errorf("Error revoking token in %T: %s", store, err)
127 }
128 retrievedRevoked, err = context.GetToken(token.RefreshToken, true)
129 if err != nil {
130 t.Errorf("Error retrieving token from %T: %s", store, err)
131 }
132 token.RefreshRevoked = true
133 success, field, expectation, result = compareTokens(token, retrievedRevoked)
134 if !success {
135 t.Errorf("Expected field %s to be %v, but got %v from %T", field, expectation, result, store)
136 }
137 }
138 }
140 // BUG(paddy): We need to test the refreshTokenValidate function.
141 // BUG(paddy): We need to test the refreshTokenInvalidate function.