mirror of
https://github.com/raseels-repos/golang-saas-starter-kit.git
synced 2025-06-06 23:46:29 +02:00
209 lines
7.2 KiB
Go
209 lines
7.2 KiB
Go
package user
|
|
|
|
import (
|
|
"crypto/rsa"
|
|
"testing"
|
|
"time"
|
|
|
|
"geeks-accelerator/oss/saas-starter-kit/example-project/internal/platform/auth"
|
|
"geeks-accelerator/oss/saas-starter-kit/example-project/internal/platform/tests"
|
|
"github.com/dgrijalva/jwt-go"
|
|
"github.com/google/go-cmp/cmp"
|
|
"github.com/pborman/uuid"
|
|
"github.com/pkg/errors"
|
|
)
|
|
|
|
// mockTokenGenerator is used for testing that Authenticate calls its provided
|
|
// token generator in a specific way.
|
|
type mockTokenGenerator struct {
|
|
// Private key generated by GenerateToken that is need for ParseClaims
|
|
key *rsa.PrivateKey
|
|
// algorithm is the method used to generate the private key.
|
|
algorithm string
|
|
}
|
|
|
|
// GenerateToken implements the TokenGenerator interface. It returns a "token"
|
|
// that includes some information about the claims it was passed.
|
|
func (g *mockTokenGenerator) GenerateToken(claims auth.Claims) (string, error) {
|
|
privateKey, err := auth.Keygen()
|
|
if err != nil {
|
|
return "", err
|
|
}
|
|
|
|
g.key, err = jwt.ParseRSAPrivateKeyFromPEM(privateKey)
|
|
if err != nil {
|
|
return "", err
|
|
}
|
|
|
|
g.algorithm = "RS256"
|
|
method := jwt.GetSigningMethod(g.algorithm)
|
|
|
|
tkn := jwt.NewWithClaims(method, claims)
|
|
tkn.Header["kid"] = "1"
|
|
|
|
str, err := tkn.SignedString(g.key)
|
|
if err != nil {
|
|
return "", err
|
|
}
|
|
|
|
return str, nil
|
|
}
|
|
|
|
// ParseClaims recreates the Claims that were used to generate a token. It
|
|
// verifies that the token was signed using our key.
|
|
func (g *mockTokenGenerator) ParseClaims(tknStr string) (auth.Claims, error) {
|
|
parser := jwt.Parser{
|
|
ValidMethods: []string{g.algorithm},
|
|
}
|
|
|
|
if g.key == nil {
|
|
return auth.Claims{}, errors.New("Private key is empty.")
|
|
}
|
|
|
|
f := func(t *jwt.Token) (interface{}, error) {
|
|
return g.key.Public().(*rsa.PublicKey), nil
|
|
}
|
|
|
|
var claims auth.Claims
|
|
tkn, err := parser.ParseWithClaims(tknStr, &claims, f)
|
|
if err != nil {
|
|
return auth.Claims{}, errors.Wrap(err, "parsing token")
|
|
}
|
|
|
|
if !tkn.Valid {
|
|
return auth.Claims{}, errors.New("Invalid token")
|
|
}
|
|
|
|
return claims, nil
|
|
}
|
|
|
|
// TestAuthenticate validates the behavior around authenticating users.
|
|
func TestAuthenticate(t *testing.T) {
|
|
defer tests.Recover(t)
|
|
|
|
t.Log("Given the need to authenticate users")
|
|
{
|
|
t.Log("\tWhen handling a single User.")
|
|
{
|
|
ctx := tests.Context()
|
|
|
|
tknGen := &mockTokenGenerator{}
|
|
|
|
// Auth tokens are valid for an our and is verified against current time.
|
|
// Issue the token one hour ago.
|
|
now := time.Now().Add(time.Hour * -1)
|
|
|
|
// Try to authenticate an invalid user.
|
|
_, err := Authenticate(ctx, test.MasterDB, tknGen, "doesnotexist@gmail.com", "xy7", time.Hour, now)
|
|
if errors.Cause(err) != ErrAuthenticationFailure {
|
|
t.Logf("\t\tGot : %+v", err)
|
|
t.Logf("\t\tWant: %+v", ErrAuthenticationFailure)
|
|
t.Fatalf("\t%s\tAuthenticate non existant user failed.", tests.Failed)
|
|
}
|
|
t.Logf("\t%s\tAuthenticate non existant user ok.", tests.Success)
|
|
|
|
// Create a new user for testing.
|
|
initPass := uuid.NewRandom().String()
|
|
user, err := Create(ctx, auth.Claims{}, test.MasterDB, CreateUserRequest{
|
|
Name: "Lee Brown",
|
|
Email: uuid.NewRandom().String() + "@geeksinthewoods.com",
|
|
Password: initPass,
|
|
PasswordConfirm: initPass,
|
|
}, now)
|
|
if err != nil {
|
|
t.Log("\t\tGot :", err)
|
|
t.Fatalf("\t%s\tCreate user failed.", tests.Failed)
|
|
}
|
|
t.Logf("\t%s\tCreate user ok.", tests.Success)
|
|
|
|
// Create a new random account.
|
|
account1Id := uuid.NewRandom().String()
|
|
err = mockAccount(account1Id, user.CreatedAt)
|
|
if err != nil {
|
|
t.Log("\t\tGot :", err)
|
|
t.Fatalf("\t%s\tCreate account failed.", tests.Failed)
|
|
}
|
|
|
|
// Associate new account with user user. This defined role should be the claims.
|
|
account1Role := auth.RoleAdmin
|
|
err = mockUserAccount(user.ID, account1Id, user.CreatedAt, account1Role)
|
|
if err != nil {
|
|
t.Log("\t\tGot :", err)
|
|
t.Fatalf("\t%s\tCreate user account failed.", tests.Failed)
|
|
}
|
|
|
|
// Create a second new random account.
|
|
account2Id := uuid.NewRandom().String()
|
|
err = mockAccount(account2Id, user.CreatedAt)
|
|
if err != nil {
|
|
t.Log("\t\tGot :", err)
|
|
t.Fatalf("\t%s\tCreate account failed.", tests.Failed)
|
|
}
|
|
|
|
// Associate secoend new account with user user.
|
|
account2Role := auth.RoleUser
|
|
err = mockUserAccount(user.ID, account2Id, user.CreatedAt, account2Role)
|
|
if err != nil {
|
|
t.Log("\t\tGot :", err)
|
|
t.Fatalf("\t%s\tCreate user account failed.", tests.Failed)
|
|
}
|
|
|
|
// Add 30 minutes to now to simulate time passing.
|
|
now = now.Add(time.Minute * 30)
|
|
|
|
// Try to authenticate valid user with invalid password.
|
|
_, err = Authenticate(ctx, test.MasterDB, tknGen, user.Email, "xy7", time.Hour, now)
|
|
if errors.Cause(err) != ErrAuthenticationFailure {
|
|
t.Logf("\t\tGot : %+v", err)
|
|
t.Logf("\t\tWant: %+v", ErrAuthenticationFailure)
|
|
t.Fatalf("\t%s\tAuthenticate user w/invalid password failed.", tests.Failed)
|
|
}
|
|
t.Logf("\t%s\tAuthenticate user w/invalid password ok.", tests.Success)
|
|
|
|
// Verify that the user can be authenticated with the created user.
|
|
tkn1, err := Authenticate(ctx, test.MasterDB, tknGen, user.Email, initPass, time.Hour, now)
|
|
if err != nil {
|
|
t.Log("\t\tGot :", err)
|
|
t.Fatalf("\t%s\tAuthenticate user failed.", tests.Failed)
|
|
}
|
|
t.Logf("\t%s\tAuthenticate user ok.", tests.Success)
|
|
|
|
// Ensure the token string was correctly generated.
|
|
claims1, err := tknGen.ParseClaims(tkn1.Token)
|
|
if err != nil {
|
|
t.Log("\t\tGot :", err)
|
|
t.Fatalf("\t%s\tParse claims from token failed.", tests.Failed)
|
|
} else if diff := cmp.Diff(claims1, tkn1.claims); diff != "" {
|
|
t.Fatalf("\t%s\tExpected parsed claims to match from token. Diff:\n%s", tests.Failed, diff)
|
|
} else if diff := cmp.Diff(claims1.Roles, []string{account1Role}); diff != "" {
|
|
t.Fatalf("\t%s\tExpected parsed claims roles to match user account. Diff:\n%s", tests.Failed, diff)
|
|
} else if diff := cmp.Diff(claims1.AccountIds, []string{account1Id, account2Id}); diff != "" {
|
|
t.Fatalf("\t%s\tExpected parsed claims account IDs to match the single user account. Diff:\n%s", tests.Failed, diff)
|
|
}
|
|
t.Logf("\t%s\tAuthenticate parse claims from token ok.", tests.Success)
|
|
|
|
// Try switching to a second account using the first set of claims.
|
|
tkn2, err := SwitchAccount(ctx, test.MasterDB, tknGen, claims1, account2Id, time.Hour, now)
|
|
if err != nil {
|
|
t.Log("\t\tGot :", err)
|
|
t.Fatalf("\t%s\tSwitchAccount user failed.", tests.Failed)
|
|
}
|
|
t.Logf("\t%s\tSwitchAccount user ok.", tests.Success)
|
|
|
|
// Ensure the token string was correctly generated.
|
|
claims2, err := tknGen.ParseClaims(tkn2.Token)
|
|
if err != nil {
|
|
t.Log("\t\tGot :", err)
|
|
t.Fatalf("\t%s\tParse claims from token failed.", tests.Failed)
|
|
} else if diff := cmp.Diff(claims2, tkn2.claims); diff != "" {
|
|
t.Fatalf("\t%s\tExpected parsed claims to match from token. Diff:\n%s", tests.Failed, diff)
|
|
} else if diff := cmp.Diff(claims2.Roles, []string{account2Role}); diff != "" {
|
|
t.Fatalf("\t%s\tExpected parsed claims roles to match user account. Diff:\n%s", tests.Failed, diff)
|
|
} else if diff := cmp.Diff(claims2.AccountIds, []string{account1Id, account2Id}); diff != "" {
|
|
t.Fatalf("\t%s\tExpected parsed claims account IDs to match the single user account. Diff:\n%s", tests.Failed, diff)
|
|
}
|
|
t.Logf("\t%s\tSwitchAccount parse claims from token ok.", tests.Success)
|
|
}
|
|
}
|
|
}
|