125 lines
2.7 KiB
Go
125 lines
2.7 KiB
Go
package auth
|
|
|
|
import (
|
|
"context"
|
|
"io"
|
|
"local/dndex/storage"
|
|
"local/dndex/storage/entity"
|
|
"net/http"
|
|
"net/http/httptest"
|
|
"os"
|
|
"strings"
|
|
"testing"
|
|
|
|
"github.com/google/uuid"
|
|
)
|
|
|
|
func TestGenerate(t *testing.T) {
|
|
os.Args = os.Args[:1]
|
|
os.Setenv("AUTH", "true")
|
|
defer os.Unsetenv("AUTH")
|
|
|
|
fresh := func() (storage.RateLimitedGraph, *http.Request, string) {
|
|
g := storage.NewRateLimitedGraph()
|
|
key := uuid.New().String()
|
|
namespace := uuid.New().String()
|
|
one := entity.One{
|
|
ID: UserKey,
|
|
Title: key,
|
|
}
|
|
if err := g.Insert(context.Background(), toAuthNamespace(namespace), one); err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
r := httptest.NewRequest(http.MethodPost, "/", strings.NewReader(UserKey+`=`+namespace))
|
|
r.Header.Set("content-type", "application/x-www-form-urlencoded")
|
|
return g,
|
|
r,
|
|
key
|
|
}
|
|
|
|
t.Run("ok", func(t *testing.T) {
|
|
g, r, key := fresh()
|
|
salt := uuid.New().String()
|
|
encoded, err := Generate(g, r, salt)
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
var token Token
|
|
if err := token.Decode(salt+key, encoded); err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
})
|
|
|
|
t.Run("ok plain", func(t *testing.T) {
|
|
g, r, _ := fresh()
|
|
obf, err := GeneratePlain(g, r)
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
var token Token
|
|
if err := token.Deobfuscate(obf); err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
})
|
|
|
|
t.Run("404", func(t *testing.T) {
|
|
g, r, _ := fresh()
|
|
r.Body = struct {
|
|
io.Reader
|
|
io.Closer
|
|
}{
|
|
Reader: strings.NewReader(UserKey + "=" + uuid.New().String()),
|
|
Closer: r.Body,
|
|
}
|
|
r.ParseForm()
|
|
salt := uuid.New().String()
|
|
_, err := Generate(g, r, salt)
|
|
if err == nil {
|
|
t.Fatal(err)
|
|
}
|
|
})
|
|
|
|
t.Run("404 plain", func(t *testing.T) {
|
|
g, r, _ := fresh()
|
|
r.Body = struct {
|
|
io.Reader
|
|
io.Closer
|
|
}{
|
|
Reader: strings.NewReader(UserKey + "=" + uuid.New().String()),
|
|
Closer: r.Body,
|
|
}
|
|
r.ParseForm()
|
|
_, err := GeneratePlain(g, r)
|
|
if err == nil {
|
|
t.Fatal(err)
|
|
}
|
|
})
|
|
}
|
|
|
|
func TestReadRequested(t *testing.T) {
|
|
t.Run("form: ignore query params", func(t *testing.T) {
|
|
r := httptest.NewRequest(http.MethodPost, "/a=c", nil)
|
|
r.Header.Set("Content-Type", "application/x-www-form-urlencoded")
|
|
if got := readRequested(r, "a"); got != "" {
|
|
t.Fatal(got)
|
|
}
|
|
})
|
|
|
|
t.Run("form: body beats query params", func(t *testing.T) {
|
|
r := httptest.NewRequest(http.MethodPost, "/a=c", strings.NewReader(`a=b`))
|
|
r.Header.Set("Content-Type", "application/x-www-form-urlencoded")
|
|
if got := readRequested(r, "a"); got != "b" {
|
|
t.Fatal(got)
|
|
}
|
|
})
|
|
|
|
t.Run("json: OK", func(t *testing.T) {
|
|
r := httptest.NewRequest(http.MethodPost, "/a=c", strings.NewReader(`{"a": "b"}`))
|
|
r.Header.Set("Content-Type", "application/json")
|
|
if got := readRequested(r, "a"); got != "b" {
|
|
t.Fatal(got)
|
|
}
|
|
})
|
|
|
|
}
|