authboss/authboss_test.go

package authboss

import (
	"context"
	"net/http"
	"net/http/httptest"
	"testing"
)

func TestAuthBossInit(t *testing.T) {
	t.Parallel()

	ab := New()
	err := ab.Init()
	if err != nil {
		t.Error("Unexpected error:", err)
	}
}

func TestAuthbossUpdatePassword(t *testing.T) {
	t.Parallel()

	user := &mockUser{}
	storer := newMockServerStorer()

	ab := New()
	ab.Config.Storage.Server = storer

	if err := ab.UpdatePassword(context.Background(), user, "hello world"); err != nil {
		t.Error(err)
	}

	if len(user.Password) == 0 {
		t.Error("password was not updated")
	}
}

type testRedirector struct {
	Opts RedirectOptions
}

func (r *testRedirector) Redirect(w http.ResponseWriter, req *http.Request, ro RedirectOptions) error {
	r.Opts = ro
	if len(ro.RedirectPath) == 0 {
		panic("no redirect path on redirect call")
	}
	http.Redirect(w, req, ro.RedirectPath, ro.Code)
	return nil
}

func TestAuthbossMiddleware(t *testing.T) {
	t.Parallel()

	ab := New()
	ab.Core.Logger = mockLogger{}
	ab.Storage.Server = &mockServerStorer{
		Users: map[string]*mockUser{
			"test@test.com": &mockUser{},
		},
	}

	setupMore := func(mountPathed, redirect, allowHalfAuth, force2fa bool) (*httptest.ResponseRecorder, bool, bool) {
		r := httptest.NewRequest("GET", "/super/secret", nil)
		rec := httptest.NewRecorder()
		w := ab.NewResponse(rec)

		var err error
		r, err = ab.LoadClientState(w, r)
		if err != nil {
			t.Fatal(err)
		}

		var mid func(http.Handler) http.Handler
		if !mountPathed {
			mid = Middleware(ab, redirect, allowHalfAuth, force2fa)
		} else {
			mid = MountedMiddleware(ab, true, redirect, allowHalfAuth, force2fa)
		}
		var called, hadUser bool
		server := mid(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
			called = true
			hadUser = r.Context().Value(CTXKeyUser) != nil
			w.WriteHeader(http.StatusOK)
		}))

		server.ServeHTTP(w, r)

		return rec, called, hadUser
	}

	t.Run("Accept", func(t *testing.T) {
		ab.Storage.SessionState = mockClientStateReadWriter{
			state: mockClientState{SessionKey: "test@test.com"},
		}

		_, called, hadUser := setupMore(false, false, false, false)

		if !called {
			t.Error("should have been called")
		}
		if !hadUser {
			t.Error("should have had user")
		}
	})
	t.Run("AcceptHalfAuth", func(t *testing.T) {
		ab.Storage.SessionState = mockClientStateReadWriter{
			state: mockClientState{SessionKey: "test@test.com", SessionHalfAuthKey: "true"},
		}

		_, called, hadUser := setupMore(false, false, false, false)

		if !called {
			t.Error("should have been called")
		}
		if !hadUser {
			t.Error("should have had user")
		}
	})
	t.Run("Accept2FA", func(t *testing.T) {
		ab.Storage.SessionState = mockClientStateReadWriter{
			state: mockClientState{SessionKey: "test@test.com", Session2FA: "sms"},
		}

		_, called, hadUser := setupMore(false, false, false, true)

		if !called {
			t.Error("should have been called")
		}
		if !hadUser {
			t.Error("should have had user")
		}
	})
	t.Run("Reject404", func(t *testing.T) {
		ab.Storage.SessionState = mockClientStateReadWriter{}

		rec, called, hadUser := setupMore(false, false, false, false)

		if rec.Code != http.StatusNotFound {
			t.Error("wrong code:", rec.Code)
		}
		if called {
			t.Error("should not have been called")
		}
		if hadUser {
			t.Error("should not have had user")
		}
	})
	t.Run("RejectRedirect", func(t *testing.T) {
		redir := &testRedirector{}
		ab.Config.Core.Redirector = redir

		ab.Storage.SessionState = mockClientStateReadWriter{}

		_, called, hadUser := setupMore(false, true, false, false)

		if redir.Opts.Code != http.StatusTemporaryRedirect {
			t.Error("code was wrong:", redir.Opts.Code)
		}
		if redir.Opts.RedirectPath != "/auth/login?redir=%2Fsuper%2Fsecret" {
			t.Error("redirect path was wrong:", redir.Opts.RedirectPath)
		}
		if called {
			t.Error("should not have been called")
		}
		if hadUser {
			t.Error("should not have had user")
		}
	})
	t.Run("RejectMountpathedRedirect", func(t *testing.T) {
		redir := &testRedirector{}
		ab.Config.Core.Redirector = redir

		ab.Storage.SessionState = mockClientStateReadWriter{}

		_, called, hadUser := setupMore(true, true, false, false)

		if redir.Opts.Code != http.StatusTemporaryRedirect {
			t.Error("code was wrong:", redir.Opts.Code)
		}
		if redir.Opts.RedirectPath != "/auth/login?redir=%2Fauth%2Fsuper%2Fsecret" {
			t.Error("redirect path was wrong:", redir.Opts.RedirectPath)
		}
		if called {
			t.Error("should not have been called")
		}
		if hadUser {
			t.Error("should not have had user")
		}
	})
	t.Run("RejectHalfAuth", func(t *testing.T) {
		ab.Storage.SessionState = mockClientStateReadWriter{
			state: mockClientState{SessionKey: "test@test.com", SessionHalfAuthKey: "true"},
		}

		rec, called, hadUser := setupMore(false, false, true, false)

		if rec.Code != http.StatusNotFound {
			t.Error("wrong code:", rec.Code)
		}
		if called {
			t.Error("should not have been called")
		}
		if hadUser {
			t.Error("should not have had user")
		}
	})
	t.Run("RejectNo2FA", func(t *testing.T) {
		ab.Storage.SessionState = mockClientStateReadWriter{
			state: mockClientState{SessionKey: "test@test.com"},
		}

		rec, called, hadUser := setupMore(false, false, true, true)

		if rec.Code != http.StatusNotFound {
			t.Error("wrong code:", rec.Code)
		}
		if called {
			t.Error("should not have been called")
		}
		if hadUser {
			t.Error("should not have had user")
		}
	})
}
Add a lot of module related stuff. - Leave a failing test to make hate not love. 2015-01-05 00:18:41 -08:00			`package authboss`

			`import (`
Finish TODOs 2018-03-09 13:11:08 -08:00			`"context"`
Load and verify user logged in middleware 2018-04-30 18:17:07 -07:00			`"net/http"`
			`"net/http/httptest"`
Add a lot of module related stuff. - Leave a failing test to make hate not love. 2015-01-05 00:18:41 -08:00			`"testing"`
			`)`

			`func TestAuthBossInit(t *testing.T) {`
Stop reliance on global scope. - This change was necessary because multi-tenancy sites could not use authboss properly. 2015-03-31 12:34:03 -07:00			`t.Parallel()`

			`ab := New()`
			`err := ab.Init()`
Add a lot of module related stuff. - Leave a failing test to make hate not love. 2015-01-05 00:18:41 -08:00			`if err != nil {`
			`t.Error("Unexpected error:", err)`
			`}`
			`}`

Add UpdatePassword. - Fix #50 2015-03-16 22:58:32 -07:00			`func TestAuthbossUpdatePassword(t *testing.T) {`
Finish TODOs 2018-03-09 13:11:08 -08:00			`t.Parallel()`
Add UpdatePassword. - Fix #50 2015-03-16 22:58:32 -07:00
Finish TODOs 2018-03-09 13:11:08 -08:00			`user := &mockUser{}`
			`storer := newMockServerStorer()`
More gigantic edits. - Change response to be more central to Authboss. Make sure it has useful methods and works with the new rendering idioms. - Change the load user methods to all work with context keys, and even be able to set context keys on the current request to avoid setting contexts everywhere in the code base. 2017-02-23 16:13:25 -08:00
Finish TODOs 2018-03-09 13:11:08 -08:00			`ab := New()`
			`ab.Config.Storage.Server = storer`
More gigantic edits. - Change response to be more central to Authboss. Make sure it has useful methods and works with the new rendering idioms. - Change the load user methods to all work with context keys, and even be able to set context keys on the current request to avoid setting contexts everywhere in the code base. 2017-02-23 16:13:25 -08:00
Finish TODOs 2018-03-09 13:11:08 -08:00			`if err := ab.UpdatePassword(context.Background(), user, "hello world"); err != nil {`
			`t.Error(err)`
			`}`
More gigantic edits. - Change response to be more central to Authboss. Make sure it has useful methods and works with the new rendering idioms. - Change the load user methods to all work with context keys, and even be able to set context keys on the current request to avoid setting contexts everywhere in the code base. 2017-02-23 16:13:25 -08:00
Finish TODOs 2018-03-09 13:11:08 -08:00			`if len(user.Password) == 0 {`
			`t.Error("password was not updated")`
			`}`
Add UpdatePassword. - Fix #50 2015-03-16 22:58:32 -07:00			`}`
Load and verify user logged in middleware 2018-04-30 18:17:07 -07:00
Finish otp module 2018-07-17 15:25:25 -07:00			`type testRedirector struct {`
			`Opts RedirectOptions`
			`}`

			`func (r testRedirector) Redirect(w http.ResponseWriter, req http.Request, ro RedirectOptions) error {`
			`r.Opts = ro`
			`if len(ro.RedirectPath) == 0 {`
			`panic("no redirect path on redirect call")`
			`}`
			`http.Redirect(w, req, ro.RedirectPath, ro.Code)`
			`return nil`
			`}`

Load and verify user logged in middleware 2018-04-30 18:17:07 -07:00			`func TestAuthbossMiddleware(t *testing.T) {`
			`t.Parallel()`

			`ab := New()`
			`ab.Core.Logger = mockLogger{}`
			`ab.Storage.Server = &mockServerStorer{`
			`Users: map[string]*mockUser{`
			`"test@test.com": &mockUser{},`
			`},`
			`}`

Fix redirects using Middleware 2018-08-31 14:57:22 -07:00			`setupMore := func(mountPathed, redirect, allowHalfAuth, force2fa bool) (*httptest.ResponseRecorder, bool, bool) {`
Finish otp module 2018-07-17 15:25:25 -07:00			`r := httptest.NewRequest("GET", "/super/secret", nil)`
			`rec := httptest.NewRecorder()`
			`w := ab.NewResponse(rec)`
Load and verify user logged in middleware 2018-04-30 18:17:07 -07:00
Finish otp module 2018-07-17 15:25:25 -07:00			`var err error`
			`r, err = ab.LoadClientState(w, r)`
			`if err != nil {`
			`t.Fatal(err)`
			`}`

Fix redirects using Middleware 2018-08-31 14:57:22 -07:00			`var mid func(http.Handler) http.Handler`
			`if !mountPathed {`
			`mid = Middleware(ab, redirect, allowHalfAuth, force2fa)`
			`} else {`
			`mid = MountedMiddleware(ab, true, redirect, allowHalfAuth, force2fa)`
			`}`
Finish otp module 2018-07-17 15:25:25 -07:00			`var called, hadUser bool`
			`server := mid(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {`
			`called = true`
			`hadUser = r.Context().Value(CTXKeyUser) != nil`
			`w.WriteHeader(http.StatusOK)`
			`}))`

			`server.ServeHTTP(w, r)`

			`return rec, called, hadUser`
Load and verify user logged in middleware 2018-04-30 18:17:07 -07:00			`}`
Finish otp module 2018-07-17 15:25:25 -07:00
			`t.Run("Accept", func(t *testing.T) {`
			`ab.Storage.SessionState = mockClientStateReadWriter{`
			`state: mockClientState{SessionKey: "test@test.com"},`
			`}`

Fix redirects using Middleware 2018-08-31 14:57:22 -07:00			`_, called, hadUser := setupMore(false, false, false, false)`
Finish otp module 2018-07-17 15:25:25 -07:00
			`if !called {`
			`t.Error("should have been called")`
			`}`
			`if !hadUser {`
			`t.Error("should have had user")`
			`}`
			`})`
			`t.Run("AcceptHalfAuth", func(t *testing.T) {`
			`ab.Storage.SessionState = mockClientStateReadWriter{`
			`state: mockClientState{SessionKey: "test@test.com", SessionHalfAuthKey: "true"},`
			`}`

Fix redirects using Middleware 2018-08-31 14:57:22 -07:00			`_, called, hadUser := setupMore(false, false, false, false)`

			`if !called {`
			`t.Error("should have been called")`
			`}`
			`if !hadUser {`
			`t.Error("should have had user")`
			`}`
			`})`
			`t.Run("Accept2FA", func(t *testing.T) {`
			`ab.Storage.SessionState = mockClientStateReadWriter{`
			`state: mockClientState{SessionKey: "test@test.com", Session2FA: "sms"},`
			`}`

			`_, called, hadUser := setupMore(false, false, false, true)`
Finish otp module 2018-07-17 15:25:25 -07:00
			`if !called {`
			`t.Error("should have been called")`
			`}`
			`if !hadUser {`
			`t.Error("should have had user")`
			`}`
			`})`
			`t.Run("Reject404", func(t *testing.T) {`
			`ab.Storage.SessionState = mockClientStateReadWriter{}`

Fix redirects using Middleware 2018-08-31 14:57:22 -07:00			`rec, called, hadUser := setupMore(false, false, false, false)`
Finish otp module 2018-07-17 15:25:25 -07:00
			`if rec.Code != http.StatusNotFound {`
			`t.Error("wrong code:", rec.Code)`
			`}`
			`if called {`
			`t.Error("should not have been called")`
			`}`
			`if hadUser {`
			`t.Error("should not have had user")`
			`}`
			`})`
			`t.Run("RejectRedirect", func(t *testing.T) {`
			`redir := &testRedirector{}`
			`ab.Config.Core.Redirector = redir`

			`ab.Storage.SessionState = mockClientStateReadWriter{}`

Fix redirects using Middleware 2018-08-31 14:57:22 -07:00			`_, called, hadUser := setupMore(false, true, false, false)`
Finish otp module 2018-07-17 15:25:25 -07:00
			`if redir.Opts.Code != http.StatusTemporaryRedirect {`
			`t.Error("code was wrong:", redir.Opts.Code)`
			`}`
			`if redir.Opts.RedirectPath != "/auth/login?redir=%2Fsuper%2Fsecret" {`
			`t.Error("redirect path was wrong:", redir.Opts.RedirectPath)`
			`}`
			`if called {`
			`t.Error("should not have been called")`
			`}`
			`if hadUser {`
			`t.Error("should not have had user")`
			`}`
			`})`
Fix redirects using Middleware 2018-08-31 14:57:22 -07:00			`t.Run("RejectMountpathedRedirect", func(t *testing.T) {`
			`redir := &testRedirector{}`
			`ab.Config.Core.Redirector = redir`

			`ab.Storage.SessionState = mockClientStateReadWriter{}`

			`_, called, hadUser := setupMore(true, true, false, false)`

			`if redir.Opts.Code != http.StatusTemporaryRedirect {`
			`t.Error("code was wrong:", redir.Opts.Code)`
			`}`
			`if redir.Opts.RedirectPath != "/auth/login?redir=%2Fauth%2Fsuper%2Fsecret" {`
			`t.Error("redirect path was wrong:", redir.Opts.RedirectPath)`
			`}`
			`if called {`
			`t.Error("should not have been called")`
			`}`
			`if hadUser {`
			`t.Error("should not have had user")`
			`}`
			`})`
Finish otp module 2018-07-17 15:25:25 -07:00			`t.Run("RejectHalfAuth", func(t *testing.T) {`
			`ab.Storage.SessionState = mockClientStateReadWriter{`
			`state: mockClientState{SessionKey: "test@test.com", SessionHalfAuthKey: "true"},`
			`}`

Fix redirects using Middleware 2018-08-31 14:57:22 -07:00			`rec, called, hadUser := setupMore(false, false, true, false)`
Finish otp module 2018-07-17 15:25:25 -07:00
			`if rec.Code != http.StatusNotFound {`
			`t.Error("wrong code:", rec.Code)`
			`}`
			`if called {`
			`t.Error("should not have been called")`
			`}`
			`if hadUser {`
			`t.Error("should not have had user")`
			`}`
			`})`
Fix redirects using Middleware 2018-08-31 14:57:22 -07:00			`t.Run("RejectNo2FA", func(t *testing.T) {`
Finish otp module 2018-07-17 15:25:25 -07:00			`ab.Storage.SessionState = mockClientStateReadWriter{`
			`state: mockClientState{SessionKey: "test@test.com"},`
			`}`

Fix redirects using Middleware 2018-08-31 14:57:22 -07:00			`rec, called, hadUser := setupMore(false, false, true, true)`
Finish otp module 2018-07-17 15:25:25 -07:00
Fix redirects using Middleware 2018-08-31 14:57:22 -07:00			`if rec.Code != http.StatusNotFound {`
			`t.Error("wrong code:", rec.Code)`
Finish otp module 2018-07-17 15:25:25 -07:00			`}`
Fix redirects using Middleware 2018-08-31 14:57:22 -07:00			`if called {`
			`t.Error("should not have been called")`
Finish otp module 2018-07-17 15:25:25 -07:00			`}`
Fix redirects using Middleware 2018-08-31 14:57:22 -07:00			`if hadUser {`
			`t.Error("should not have had user")`
Finish otp module 2018-07-17 15:25:25 -07:00			`}`
Fix redirects using Middleware 2018-08-31 14:57:22 -07:00			`})`
Load and verify user logged in middleware 2018-04-30 18:17:07 -07:00			`}`