auth
2015-04-11
Parent:5f670aba87b4
auth/session_test.go
Enable terminating sessions through the API. Add a terminateSession method to the sessionStore that sets the Active property of the Session to false. Create a Context.TerminateSession wrapper for the terminateSession method on the sessionStore. Add a Sessions property to our response type so we can return a []Session in API responses. Use the URL-safe encoding when base64 encoding our session ID and CSRFToken, so the ID can be passed in the URL and so our encodings are consistent. Add a TerminateSessionHandler function that will extract a Session ID from the request URL, authenticate the user, check that the authenticated user owns the session in question, and terminate the session. Add implementations for our new terminateSession method for the memstore and postgres types. Test both the memstore and postgres implementation of our terminateSession helper in session_test.go.
1 package auth
3 import (
4 "os"
5 "testing"
6 "time"
8 "code.secondbit.org/uuid.hg"
9 )
11 func init() {
12 if os.Getenv("PG_TEST_DB") != "" {
13 p, err := NewPostgres(os.Getenv("PG_TEST_DB"))
14 if err != nil {
15 panic(err)
16 }
17 sessionStores = append(sessionStores, &p)
18 }
19 }
21 var sessionStores = []sessionStore{NewMemstore()}
23 func compareSessions(session1, session2 Session) (success bool, field string, val1, val2 interface{}) {
24 if session1.ID != session2.ID {
25 return false, "ID", session1.ID, session2.ID
26 }
27 if session1.IP != session2.IP {
28 return false, "IP", session1.IP, session2.IP
29 }
30 if session1.UserAgent != session2.UserAgent {
31 return false, "UserAgent", session1.UserAgent, session2.UserAgent
32 }
33 if !session1.ProfileID.Equal(session2.ProfileID) {
34 return false, "ProfileID", session1.ProfileID, session2.ProfileID
35 }
36 if !session1.Created.Equal(session2.Created) {
37 return false, "Created", session1.Created, session2.Created
38 }
39 if !session1.Expires.Equal(session2.Expires) {
40 return false, "Expires", session1.Expires, session2.Expires
41 }
42 if session1.Login != session2.Login {
43 return false, "Login", session1.Login, session2.Login
44 }
45 if session1.Active != session2.Active {
46 return false, "Active", session1.Active, session2.Active
47 }
48 if session1.CSRFToken != session2.CSRFToken {
49 return false, "CSRFToken", session1.CSRFToken, session2.CSRFToken
50 }
51 return true, "", nil, nil
52 }
54 func TestSessionStoreSuccess(t *testing.T) {
55 t.Parallel()
56 session := Session{
57 ID: uuid.NewID().String() + uuid.NewID().String(),
58 IP: "127.0.0.1",
59 UserAgent: "TestRunner",
60 ProfileID: uuid.NewID(),
61 Created: time.Now().Round(time.Millisecond),
62 Login: "test@example.com",
63 Active: true,
64 }
65 for _, store := range sessionStores {
66 context := Context{sessions: store}
67 err := context.CreateSession(session)
68 if err != nil {
69 t.Errorf("Error saving session to %T: %s", store, err)
70 }
71 err = context.CreateSession(session)
72 if err != ErrSessionAlreadyExists {
73 t.Errorf("Expected ErrSessionAlreadyExists from %T, got %s", store, err)
74 }
75 retrieved, err := context.GetSession(session.ID)
76 if err != nil {
77 t.Errorf("Error retrieving session from %T: %s", store, err)
78 }
79 success, field, expectation, result := compareSessions(session, retrieved)
80 if !success {
81 t.Errorf("Expected field %s to be %v, but got %v from %T", field, expectation, result, store)
82 }
83 retrievedList, err := context.ListSessions(session.ProfileID, time.Time{}, 10)
84 if err != nil {
85 t.Errorf("Error retrieving sessions by profile from %T: %s", store, err)
86 }
87 if len(retrievedList) != 1 {
88 t.Errorf("Expected 1 session retrieved by profile from %T, got %d", store, len(retrievedList))
89 }
90 success, field, expectation, result = compareSessions(session, retrievedList[0])
91 if !success {
92 t.Errorf("Expected field %s to be %v, but got %v from %T", field, expectation, result, store)
93 }
94 err = context.TerminateSession(session.ID)
95 if err != nil {
96 t.Errorf("Error terminating session in %T: %s", store, err)
97 }
98 retrieved, err = context.GetSession(session.ID)
99 if err != nil {
100 t.Errorf("Error retrieving session from %T: %s", store, err)
101 }
102 expected := session
103 expected.Active = false
104 success, field, expectation, result = compareSessions(expected, retrieved)
105 if !success {
106 t.Errorf("Expected field %s to be %v, but got %v from %T", field, expectation, result, store)
107 }
108 retrievedList, err = context.ListSessions(session.ProfileID, time.Time{}, 10)
109 if err != nil {
110 t.Errorf("Error retrieving sessions by profile from %T: %s", store, err)
111 }
112 if len(retrievedList) != 1 {
113 t.Errorf("Expected 1 session retrieved by profile from %T, got %d", store, len(retrievedList))
114 }
115 success, field, expectation, result = compareSessions(expected, retrievedList[0])
116 if !success {
117 t.Errorf("Expected field %s to be %v, but got %v from %T", field, expectation, result, store)
118 }
119 err = context.RemoveSession(session.ID)
120 if err != nil {
121 t.Errorf("Error removing session from %T: %s", store, err)
122 }
123 retrieved, err = context.GetSession(session.ID)
124 if err != ErrSessionNotFound {
125 t.Errorf("Expected ErrSessionNotFound from %T, got %s", store, err)
126 }
127 retrievedList, err = context.ListSessions(session.ProfileID, time.Time{}, 10)
128 if err != nil {
129 t.Errorf("Error retrieving sessions by profile from %T: %s", store, err)
130 }
131 if len(retrievedList) != 0 {
132 t.Errorf("Expected 0 sessions retrieved by profile from %T, got %d", store, len(retrievedList))
133 }
134 err = context.RemoveSession(session.ID)
135 if err != ErrSessionNotFound {
136 t.Errorf("Expected ErrSessionNotFound from %T, got %s", store, err)
137 }
138 err = context.TerminateSession(session.ID)
139 if err != ErrSessionNotFound {
140 t.Errorf("Expected ERrSessionNotFound from %T, got %s", store, err)
141 }
142 }
143 }
145 // BUG(paddy): We need to test the CreateSessionHandler.
146 // BUG(paddy): We need to test the credentialsValidate function.