Splitting our users and accounts, creating new user_account package

2025-06-15 00:15:15 +02:00 · 2019-06-22 10:05:03 -08:00
parent d1ceb71265
commit abccc1f658
11 changed files with 222 additions and 1803 deletions
--- a/example-project/internal/user/auth_test.go
+++ b/example-project/internal/user/auth_test.go
@ -1,203 +0,0 @@
-package user
-
-import (
-	"crypto/rsa"
-	"testing"
-	"time"
-
-	"geeks-accelerator/oss/saas-starter-kit/example-project/internal/platform/auth"
-	"geeks-accelerator/oss/saas-starter-kit/example-project/internal/platform/tests"
-	"github.com/dgrijalva/jwt-go"
-	"github.com/google/go-cmp/cmp"
-	"github.com/pborman/uuid"
-	"github.com/pkg/errors"
-)
-
-// mockTokenGenerator is used for testing that Authenticate calls its provided
-// token generator in a specific way.
-type mockTokenGenerator struct {
-	// Private key generated by GenerateToken that is need for ParseClaims
-	key *rsa.PrivateKey
-	// algorithm is the method used to generate the private key.
-	algorithm string
-}
-
-// GenerateToken implements the TokenGenerator interface. It returns a "token"
-// that includes some information about the claims it was passed.
-func (g *mockTokenGenerator) GenerateToken(claims auth.Claims) (string, error) {
-	privateKey, err := auth.Keygen()
-	if err != nil {
-		return "", err
-	}
-
-	g.key, err = jwt.ParseRSAPrivateKeyFromPEM(privateKey)
-	if err != nil {
-		return "", err
-	}
-
-	g.algorithm = "RS256"
-	method := jwt.GetSigningMethod(g.algorithm)
-
-	tkn := jwt.NewWithClaims(method, claims)
-	tkn.Header["kid"] = "1"
-
-	str, err := tkn.SignedString(g.key)
-	if err != nil {
-		return "", err
-	}
-
-	return str, nil
-}
-
-// ParseClaims recreates the Claims that were used to generate a token. It
-// verifies that the token was signed using our key.
-func (g *mockTokenGenerator) ParseClaims(tknStr string) (auth.Claims, error) {
-	parser := jwt.Parser{
-		ValidMethods: []string{g.algorithm},
-	}
-
-	if g.key == nil {
-		return auth.Claims{}, errors.New("Private key is empty.")
-	}
-
-	f := func(t *jwt.Token) (interface{}, error) {
-		return g.key.Public().(*rsa.PublicKey), nil
-	}
-
-	var claims auth.Claims
-	tkn, err := parser.ParseWithClaims(tknStr, &claims, f)
-	if err != nil {
-		return auth.Claims{}, errors.Wrap(err, "parsing token")
-	}
-
-	if !tkn.Valid {
-		return auth.Claims{}, errors.New("Invalid token")
-	}
-
-	return claims, nil
-}
-
-// TestAuthenticate validates the behavior around authenticating users.
-func TestAuthenticate(t *testing.T) {
-	defer tests.Recover(t)
-
-	t.Log("Given the need to authenticate users")
-	{
-		t.Log("\tWhen handling a single User.")
-		{
-			ctx := tests.Context()
-
-			tknGen := &mockTokenGenerator{}
-
-			// Auth tokens are valid for an our and is verified against current time.
-			// Issue the token one hour ago.
-			now := time.Now().Add(time.Hour * -1)
-
-			// Try to authenticate an invalid user.
-			_, err := Authenticate(ctx, test.MasterDB, tknGen, "doesnotexist@gmail.com", "xy7", time.Hour, now)
-			if errors.Cause(err) != ErrAuthenticationFailure {
-				t.Logf("\t\tGot : %+v", err)
-				t.Logf("\t\tWant: %+v", ErrAuthenticationFailure)
-				t.Fatalf("\t%s\tAuthenticate non existant user failed.", tests.Failed)
-			}
-			t.Logf("\t%s\tAuthenticate non existant user ok.", tests.Success)
-
-			// Create a new user for testing.
-			initPass := uuid.NewRandom().String()
-			user, err := Create(ctx, auth.Claims{}, test.MasterDB, CreateUserRequest{
-				Name:            "Lee Brown",
-				Email:           uuid.NewRandom().String() + "@geeksinthewoods.com",
-				Password:        initPass,
-				PasswordConfirm: initPass,
-			}, now)
-			if err != nil {
-				t.Log("\t\tGot :", err)
-				t.Fatalf("\t%s\tCreate user failed.", tests.Failed)
-			}
-			t.Logf("\t%s\tCreate user ok.", tests.Success)
-
-			// Create a new random account and associate that with the user.
-			// This defined role should be the claims.
-			account1Id := uuid.NewRandom().String()
-			account1Role := UserAccountRole_Admin
-			_, err = AddAccount(tests.Context(), auth.Claims{}, test.MasterDB, AddAccountRequest{
-				UserID:    user.ID,
-				AccountID: account1Id,
-				Roles:     []UserAccountRole{account1Role},
-			}, now)
-			if err != nil {
-				t.Log("\t\tGot :", err)
-				t.Fatalf("\t%s\tAddAccount failed.", tests.Failed)
-			}
-
-			// Create a second new random account and associate that with the user.
-			account2Id := uuid.NewRandom().String()
-			account2Role := UserAccountRole_User
-			_, err = AddAccount(tests.Context(), auth.Claims{}, test.MasterDB, AddAccountRequest{
-				UserID:    user.ID,
-				AccountID: account2Id,
-				Roles:     []UserAccountRole{account2Role},
-			}, now.Add(time.Second))
-			if err != nil {
-				t.Log("\t\tGot :", err)
-				t.Fatalf("\t%s\tAddAccount failed.", tests.Failed)
-			}
-
-			// Add 30 minutes to now to simulate time passing.
-			now = now.Add(time.Minute * 30)
-
-			// Try to authenticate valid user with invalid password.
-			_, err = Authenticate(ctx, test.MasterDB, tknGen, user.Email, "xy7", time.Hour, now)
-			if errors.Cause(err) != ErrAuthenticationFailure {
-				t.Logf("\t\tGot : %+v", err)
-				t.Logf("\t\tWant: %+v", ErrAuthenticationFailure)
-				t.Fatalf("\t%s\tAuthenticate user w/invalid password failed.", tests.Failed)
-			}
-			t.Logf("\t%s\tAuthenticate user w/invalid password ok.", tests.Success)
-
-			// Verify that the user can be authenticated with the created user.
-			tkn1, err := Authenticate(ctx, test.MasterDB, tknGen, user.Email, initPass, time.Hour, now)
-			if err != nil {
-				t.Log("\t\tGot :", err)
-				t.Fatalf("\t%s\tAuthenticate user failed.", tests.Failed)
-			}
-			t.Logf("\t%s\tAuthenticate user ok.", tests.Success)
-
-			// Ensure the token string was correctly generated.
-			claims1, err := tknGen.ParseClaims(tkn1.Token)
-			if err != nil {
-				t.Log("\t\tGot :", err)
-				t.Fatalf("\t%s\tParse claims from token failed.", tests.Failed)
-			} else if diff := cmp.Diff(claims1, tkn1.claims); diff != "" {
-				t.Fatalf("\t%s\tExpected parsed claims to match from token. Diff:\n%s", tests.Failed, diff)
-			} else if diff := cmp.Diff(claims1.Roles, []string{account1Role.String()}); diff != "" {
-				t.Fatalf("\t%s\tExpected parsed claims roles to match user account. Diff:\n%s", tests.Failed, diff)
-			} else if diff := cmp.Diff(claims1.AccountIds, []string{account1Id, account2Id}); diff != "" {
-				t.Fatalf("\t%s\tExpected parsed claims account IDs to match the single user account. Diff:\n%s", tests.Failed, diff)
-			}
-			t.Logf("\t%s\tAuthenticate parse claims from token ok.", tests.Success)
-
-			// Try switching to a second account using the first set of claims.
-			tkn2, err := SwitchAccount(ctx, test.MasterDB, tknGen, claims1, account2Id, time.Hour, now)
-			if err != nil {
-				t.Log("\t\tGot :", err)
-				t.Fatalf("\t%s\tSwitchAccount user failed.", tests.Failed)
-			}
-			t.Logf("\t%s\tSwitchAccount user ok.", tests.Success)
-
-			// Ensure the token string was correctly generated.
-			claims2, err := tknGen.ParseClaims(tkn2.Token)
-			if err != nil {
-				t.Log("\t\tGot :", err)
-				t.Fatalf("\t%s\tParse claims from token failed.", tests.Failed)
-			} else if diff := cmp.Diff(claims2, tkn2.claims); diff != "" {
-				t.Fatalf("\t%s\tExpected parsed claims to match from token. Diff:\n%s", tests.Failed, diff)
-			} else if diff := cmp.Diff(claims2.Roles, []string{account2Role.String()}); diff != "" {
-				t.Fatalf("\t%s\tExpected parsed claims roles to match user account. Diff:\n%s", tests.Failed, diff)
-			} else if diff := cmp.Diff(claims2.AccountIds, []string{account1Id, account2Id}); diff != "" {
-				t.Fatalf("\t%s\tExpected parsed claims account IDs to match the single user account. Diff:\n%s", tests.Failed, diff)
-			}
-			t.Logf("\t%s\tSwitchAccount parse claims from token ok.", tests.Success)
-		}
-	}
-}