oauth2-proxy/pkg/sessions/session_store_test.go

package sessions_test

import (
	"encoding/base64"
	"math/rand"
	"testing"
	"time"

	"github.com/oauth2-proxy/oauth2-proxy/pkg/apis/options"
	"github.com/oauth2-proxy/oauth2-proxy/pkg/logger"
	"github.com/oauth2-proxy/oauth2-proxy/pkg/sessions"
	sessionscookie "github.com/oauth2-proxy/oauth2-proxy/pkg/sessions/cookie"
	"github.com/oauth2-proxy/oauth2-proxy/pkg/sessions/persistence"
	"github.com/oauth2-proxy/oauth2-proxy/pkg/sessions/redis"
	. "github.com/onsi/ginkgo"
	. "github.com/onsi/gomega"
)

func TestSessionStore(t *testing.T) {
	logger.SetOutput(GinkgoWriter)

	RegisterFailHandler(Fail)
	RunSpecs(t, "SessionStore")
}

var _ = Describe("NewSessionStore", func() {
	var opts *options.SessionOptions
	var cookieOpts *options.Cookie

	BeforeEach(func() {
		opts = &options.SessionOptions{}

		// A secret is required to create a Cipher, validation ensures it is the correct
		// length before a session store is initialised.
		secret := make([]byte, 32)
		_, err := rand.Read(secret)
		Expect(err).ToNot(HaveOccurred())

		// Set default options in CookieOptions
		cookieOpts = &options.Cookie{
			Name:     "_oauth2_proxy",
			Secret:   base64.URLEncoding.EncodeToString(secret),
			Path:     "/",
			Expire:   time.Duration(168) * time.Hour,
			Refresh:  time.Duration(1) * time.Hour,
			Secure:   true,
			HTTPOnly: true,
			SameSite: "",
		}
	})

	Context("with type 'cookie'", func() {
		BeforeEach(func() {
			opts.Type = options.CookieSessionStoreType
		})

		It("creates a cookie.SessionStore", func() {
			ss, err := sessions.NewSessionStore(opts, cookieOpts)
			Expect(err).NotTo(HaveOccurred())
			Expect(ss).To(BeAssignableToTypeOf(&sessionscookie.SessionStore{}))
		})
	})

	Context("with type 'redis'", func() {
		BeforeEach(func() {
			opts.Type = options.RedisSessionStoreType
			opts.Redis.ConnectionURL = "redis://"
		})

		It("creates a persistence.Manager that wraps a redis.SessionStore", func() {
			ss, err := sessions.NewSessionStore(opts, cookieOpts)
			Expect(err).NotTo(HaveOccurred())
			Expect(ss).To(BeAssignableToTypeOf(&persistence.Manager{}))
			Expect(ss.(*persistence.Manager).Store).To(BeAssignableToTypeOf(&redis.SessionStore{}))
		})
	})

	Context("with an invalid type", func() {
		BeforeEach(func() {
			opts.Type = "invalid-type"
		})

		It("returns an error", func() {
			ss, err := sessions.NewSessionStore(opts, cookieOpts)
			Expect(err).To(HaveOccurred())
			Expect(err.Error()).To(Equal("unknown session store type 'invalid-type'"))
			Expect(ss).To(BeNil())
		})
	})
})
Define session options and cookie session store types 2019-05-06 15:33:33 +02:00			`package sessions_test`

			`import (`
Check all information is encoded when cookie-secret set 2019-05-07 14:55:49 +02:00			`"encoding/base64"`
Move SessionStore tests to independent package 2020-05-10 17:59:17 +02:00			`"math/rand"`
Define session options and cookie session store types 2019-05-06 15:33:33 +02:00			`"testing"`
Add tests to check cookies set by SessionStores 2019-05-06 23:34:43 +02:00			`"time"`
Define session options and cookie session store types 2019-05-06 15:33:33 +02:00
Migrate to oauth2-proxy/oauth2-proxy 2020-03-29 15:54:36 +02:00			`"github.com/oauth2-proxy/oauth2-proxy/pkg/apis/options"`
Improvements to Session State code (#536) * Drop SessionStateJSON wrapper * Use EncrpytInto/DecryptInto to reduce sessionstate Co-authored-by: Henry Jenkins <henry@henryjenkins.name> 2020-05-30 09:53:38 +02:00			`"github.com/oauth2-proxy/oauth2-proxy/pkg/logger"`
Migrate to oauth2-proxy/oauth2-proxy 2020-03-29 15:54:36 +02:00			`"github.com/oauth2-proxy/oauth2-proxy/pkg/sessions"`
			`sessionscookie "github.com/oauth2-proxy/oauth2-proxy/pkg/sessions/cookie"`
Centralize Ticket management of persistent stores (#682) * Centralize Ticket management of persistent stores persistence package with Manager & Ticket will handle all the details about keys, secrets, ticket into cookies, etc. Persistent stores just need to pass Save, Load & Clear function handles to the persistent manager now. * Shift to persistence.Manager wrapping a persistence.Store * Break up the Redis client builder logic * Move error messages to Store from Manager * Convert ticket to private for Manager use only * Add persistence Manager & ticket tests * Make a custom MockStore that handles time FastForwards 2020-07-19 22:25:13 +02:00			`"github.com/oauth2-proxy/oauth2-proxy/pkg/sessions/persistence"`
Migrate to oauth2-proxy/oauth2-proxy 2020-03-29 15:54:36 +02:00			`"github.com/oauth2-proxy/oauth2-proxy/pkg/sessions/redis"`
Define session options and cookie session store types 2019-05-06 15:33:33 +02:00			`. "github.com/onsi/ginkgo"`
			`. "github.com/onsi/gomega"`
			`)`

			`func TestSessionStore(t *testing.T) {`
Improvements to Session State code (#536) * Drop SessionStateJSON wrapper * Use EncrpytInto/DecryptInto to reduce sessionstate Co-authored-by: Henry Jenkins <henry@henryjenkins.name> 2020-05-30 09:53:38 +02:00			`logger.SetOutput(GinkgoWriter)`

Define session options and cookie session store types 2019-05-06 15:33:33 +02:00			`RegisterFailHandler(Fail)`
			`RunSpecs(t, "SessionStore")`
			`}`

			`var _ = Describe("NewSessionStore", func() {`
			`var opts *options.SessionOptions`
Rename CookieOptions to Cookie 2020-05-25 13:43:24 +02:00			`var cookieOpts *options.Cookie`
Define session options and cookie session store types 2019-05-06 15:33:33 +02:00
			`BeforeEach(func() {`
			`opts = &options.SessionOptions{}`
Add tests to check cookies set by SessionStores 2019-05-06 23:34:43 +02:00
Move Cipher intialisation to session store initialisation 2020-05-25 14:36:44 +02:00			`// A secret is required to create a Cipher, validation ensures it is the correct`
			`// length before a session store is initialised.`
			`secret := make([]byte, 32)`
			`_, err := rand.Read(secret)`
			`Expect(err).ToNot(HaveOccurred())`

Add tests to check cookies set by SessionStores 2019-05-06 23:34:43 +02:00			`// Set default options in CookieOptions`
Rename CookieOptions to Cookie 2020-05-25 13:43:24 +02:00			`cookieOpts = &options.Cookie{`
Rename Cookie Options to remove extra 'Cookie' 2020-04-12 15:00:59 +02:00			`Name: "_oauth2_proxy",`
Move Cipher intialisation to session store initialisation 2020-05-25 14:36:44 +02:00			`Secret: base64.URLEncoding.EncodeToString(secret),`
Rename Cookie Options to remove extra 'Cookie' 2020-04-12 15:00:59 +02:00			`Path: "/",`
			`Expire: time.Duration(168) * time.Hour,`
			`Refresh: time.Duration(1) * time.Hour,`
			`Secure: true,`
			`HTTPOnly: true,`
			`SameSite: "",`
Add tests to check cookies set by SessionStores 2019-05-06 23:34:43 +02:00			`}`
Define session options and cookie session store types 2019-05-06 15:33:33 +02:00			`})`

			`Context("with type 'cookie'", func() {`
			`BeforeEach(func() {`
			`opts.Type = options.CookieSessionStoreType`
			`})`

Add tests to check cookies set by SessionStores 2019-05-06 23:34:43 +02:00			`It("creates a cookie.SessionStore", func() {`
Define session options and cookie session store types 2019-05-06 15:33:33 +02:00			`ss, err := sessions.NewSessionStore(opts, cookieOpts)`
			`Expect(err).NotTo(HaveOccurred())`
Move cipher creation to options and away from oauth2_proxy.go 2019-05-15 17:56:05 +02:00			`Expect(ss).To(BeAssignableToTypeOf(&sessionscookie.SessionStore{}))`
Define session options and cookie session store types 2019-05-06 15:33:33 +02:00			`})`
			`})`

Add support for a redis session store 2019-05-10 01:09:22 +02:00			`Context("with type 'redis'", func() {`
			`BeforeEach(func() {`
			`opts.Type = options.RedisSessionStoreType`
Move SessionStore tests to independent package 2020-05-10 17:59:17 +02:00			`opts.Redis.ConnectionURL = "redis://"`
Stop miniredis after each test 2019-05-16 18:32:54 +02:00			`})`

Centralize Ticket management of persistent stores (#682) * Centralize Ticket management of persistent stores persistence package with Manager & Ticket will handle all the details about keys, secrets, ticket into cookies, etc. Persistent stores just need to pass Save, Load & Clear function handles to the persistent manager now. * Shift to persistence.Manager wrapping a persistence.Store * Break up the Redis client builder logic * Move error messages to Store from Manager * Convert ticket to private for Manager use only * Add persistence Manager & ticket tests * Make a custom MockStore that handles time FastForwards 2020-07-19 22:25:13 +02:00			`It("creates a persistence.Manager that wraps a redis.SessionStore", func() {`
Add support for a redis session store 2019-05-10 01:09:22 +02:00			`ss, err := sessions.NewSessionStore(opts, cookieOpts)`
			`Expect(err).NotTo(HaveOccurred())`
Centralize Ticket management of persistent stores (#682) * Centralize Ticket management of persistent stores persistence package with Manager & Ticket will handle all the details about keys, secrets, ticket into cookies, etc. Persistent stores just need to pass Save, Load & Clear function handles to the persistent manager now. * Shift to persistence.Manager wrapping a persistence.Store * Break up the Redis client builder logic * Move error messages to Store from Manager * Convert ticket to private for Manager use only * Add persistence Manager & ticket tests * Make a custom MockStore that handles time FastForwards 2020-07-19 22:25:13 +02:00			`Expect(ss).To(BeAssignableToTypeOf(&persistence.Manager{}))`
			`Expect(ss.(*persistence.Manager).Store).To(BeAssignableToTypeOf(&redis.SessionStore{}))`
Add support for a redis session store 2019-05-10 01:09:22 +02:00			`})`
Define session options and cookie session store types 2019-05-06 15:33:33 +02:00			`})`
Initialise Session Storage in NewOAuthProxy instead of validation 2020-05-25 15:00:49 +02:00
Switch to in session store initialisation 2020-06-28 13:44:12 +02:00			`Context("with an invalid type", func() {`
Initialise Session Storage in NewOAuthProxy instead of validation 2020-05-25 15:00:49 +02:00			`BeforeEach(func() {`
Switch to in session store initialisation 2020-06-28 13:44:12 +02:00			`opts.Type = "invalid-type"`
Initialise Session Storage in NewOAuthProxy instead of validation 2020-05-25 15:00:49 +02:00			`})`

			`It("returns an error", func() {`
			`ss, err := sessions.NewSessionStore(opts, cookieOpts)`
			`Expect(err).To(HaveOccurred())`
Switch to in session store initialisation 2020-06-28 13:44:12 +02:00			`Expect(err.Error()).To(Equal("unknown session store type 'invalid-type'"))`
Initialise Session Storage in NewOAuthProxy instead of validation 2020-05-25 15:00:49 +02:00			`Expect(ss).To(BeNil())`
			`})`
			`})`
Define session options and cookie session store types 2019-05-06 15:33:33 +02:00			`})`