Fixed auth and auth tests.

- Added more error checking to remember module.
2024-11-28 08:58:38 +02:00 · 2015-01-15 13:24:12 -08:00 · 2015-01-15 13:24:12 -08:00 · 443f482b71
commit 443f482b71
parent 0b66578b88
5 changed files with 52 additions and 17 deletions
--- a/auth/auth.go
+++ b/auth/auth.go
@ -2,6 +2,7 @@ package auth

 import (
 	"errors"
+	"fmt"
 	"net/http"
 	"path/filepath"

@ -20,8 +21,8 @@ const (

 	pageLogin = "login.tpl"

-	attrUsername = "Username"
-	attrPassword = "Password"
+	attrUsername = "username"
+	attrPassword = "password"
 )

 func init() {
@ -37,7 +38,7 @@ type AuthPage struct {
 type Auth struct {
 	routes         authboss.RouteTable
 	storageOptions authboss.StorageOptions
-	users          authboss.Storer
+	storer         authboss.Storer
 	logoutRedirect string
 	loginRedirect  string
 	logger         io.Writer
@ -64,9 +65,10 @@ func (a *Auth) Initialize(c *authboss.Config) (err error) {
 		attrUsername: authboss.String,
 		attrPassword: authboss.String,
 	}
-	a.users = c.Storer
+	a.storer = c.Storer
 	a.logoutRedirect = c.AuthLogoutRoute
 	a.loginRedirect = c.AuthLoginSuccessRoute
+	a.logger = c.LogWriter

 	return nil
 }
@ -88,6 +90,7 @@ func (a *Auth) loginHandlerFunc(c *authboss.Context, w http.ResponseWriter, r *h
 		p := r.PostFormValue("password")

 		if err := a.authenticate(u, p); err != nil {
+			fmt.Fprintln(a.logger, err)
 			w.WriteHeader(http.StatusForbidden)
 			a.templates.ExecuteTemplate(w, pageLogin, AuthPage{"invalid username and/or password", u})
 			return
@ -99,13 +102,26 @@ func (a *Auth) loginHandlerFunc(c *authboss.Context, w http.ResponseWriter, r *h
 }

 func (a *Auth) authenticate(username, password string) error {
-	if userInter, err := a.users.Get(username, nil); err != nil {
+	var userInter interface{}
+	var err error
+	if userInter, err = a.storer.Get(username, nil); err != nil {
 		return err
-	} else {
-		userAttrs := authboss.Unbind(userInter)
-		if err := bcrypt.CompareHashAndPassword([]byte(userAttrs[attrPassword].Value.(string)), []byte(password)); err != nil {
-			return errors.New("invalid password")
-		}
+	}
+
+	userAttrs := authboss.Unbind(userInter)
+
+	pwdIntf, ok := userAttrs[attrPassword]
+	if !ok {
+		return errors.New("auth: User attributes did not include a password.")
+	}
+
+	pwd, ok := pwdIntf.(string)
+	if !ok {
+		return errors.New("auth: User password was not a string somehow.")
+	}
+
+	if err := bcrypt.CompareHashAndPassword([]byte(pwd), []byte(password)); err != nil {
+		return errors.New("invalid password")
 	}

 	return nil
--- a/auth/auth_test.go
+++ b/auth/auth_test.go
@ -51,8 +51,8 @@ func TestAuth_Storage(t *testing.T) {
 		Name string
 		Type authboss.DataType
 	}{
-		{"Username", authboss.String},
-		{"Password", authboss.String},
+		{"username", authboss.String},
+		{"password", authboss.String},
 	}

 	for i, test := range tests {
@ -143,10 +143,9 @@ func TestAuth_loginHandlerFunc_POST(t *testing.T) {
 		{"mike", "", http.StatusForbidden, "", &AuthPage{"invalid username and/or password", "jane"}},
 	}

-	c := &authboss.Config{
-		Storer:                NewMockUserStorer(),
-		AuthLoginSuccessRoute: "/dashboard",
-	}
+	c := authboss.NewConfig()
+	c.Storer = NewMockUserStorer()
+	c.AuthLoginSuccessRoute = "/dashboard"

 	for i, test := range tests {
 		a := &Auth{}
--- a/auth/mocks_test.go
+++ b/auth/mocks_test.go
--- a/authboss_test.go
+++ b/authboss_test.go
@ -8,6 +8,11 @@ import (
 	"testing"
 )

+type clientStoreMock struct{}
+
+func (c clientStoreMock) Get(_ string) (string, bool) { return "", false }
+func (c clientStoreMock) Put(_, _ string)             {}
+
 func TestMain(main *testing.M) {
 	RegisterModule("testmodule", testMod)
 	Init(NewConfig())
@ -37,6 +42,10 @@ func TestAuthBossRouter(t *testing.T) {
 	t.Parallel()

 	c := NewConfig()
+	c.CookieStoreMaker = func(_ *http.Request) ClientStorer {
+		return clientStoreMock{}
+	}
+	c.SessionStoreMaker = SessionStoreMaker(c.CookieStoreMaker)
 	c.MountPath = "/candycanes"
 	c.LogWriter = os.Stdout

--- a/remember/remember.go
+++ b/remember/remember.go
@ -74,9 +74,20 @@ func (r *Remember) AfterAuth(ctx *authboss.Context) {

 	if ctx.User == nil {
 		fmt.Fprintf(r.logger, "remember: AfterAuth no user loaded")
+		return
+	}
+
+	keyIntf, ok := ctx.User["username"]
+	if !ok {
+		fmt.Fprintf(r.logger, "remember: username not present")
+		return
+	}
+	key, ok := keyIntf.(string)
+	if !ok {
+		fmt.Fprintf(r.logger, "remember: username not a string")
+		return
 	}

-	key := ctx.User["username"].(string)
 	if _, err := r.New(ctx.CookieStorer, key); err != nil {
 		fmt.Fprintf(r.logger, "remember: Failed to create remember token: %v", err)
 	}