mirror of
https://github.com/oauth2-proxy/oauth2-proxy.git
synced 2024-12-14 11:23:21 +02:00
d49c3e167f
* New SessionState to consolidate email, access token and refresh token * split ServeHttp into individual methods * log on session renewal * log on access token refresh * refactor cookie encription/decription and session state serialization
89 lines
2.5 KiB
Go
89 lines
2.5 KiB
Go
package providers
|
|
|
|
import (
|
|
"strings"
|
|
"testing"
|
|
"time"
|
|
|
|
"github.com/bitly/oauth2_proxy/cookie"
|
|
"github.com/bmizerany/assert"
|
|
)
|
|
|
|
const secret = "0123456789abcdefghijklmnopqrstuv"
|
|
const altSecret = "0000000000abcdefghijklmnopqrstuv"
|
|
|
|
func TestSessionStateSerialization(t *testing.T) {
|
|
c, err := cookie.NewCipher(secret)
|
|
assert.Equal(t, nil, err)
|
|
c2, err := cookie.NewCipher(altSecret)
|
|
assert.Equal(t, nil, err)
|
|
s := &SessionState{
|
|
Email: "user@domain.com",
|
|
AccessToken: "token1234",
|
|
ExpiresOn: time.Now().Add(time.Duration(1) * time.Hour),
|
|
RefreshToken: "refresh4321",
|
|
}
|
|
encoded, err := s.EncodeSessionState(c)
|
|
assert.Equal(t, nil, err)
|
|
assert.Equal(t, 3, strings.Count(encoded, "|"))
|
|
|
|
ss, err := DecodeSessionState(encoded, c)
|
|
t.Logf("%#v", ss)
|
|
assert.Equal(t, nil, err)
|
|
assert.Equal(t, s.Email, ss.Email)
|
|
assert.Equal(t, s.AccessToken, ss.AccessToken)
|
|
assert.Equal(t, s.ExpiresOn.Unix(), ss.ExpiresOn.Unix())
|
|
assert.Equal(t, s.RefreshToken, ss.RefreshToken)
|
|
|
|
// ensure a different cipher can't decode properly (ie: it gets gibberish)
|
|
ss, err = DecodeSessionState(encoded, c2)
|
|
t.Logf("%#v", ss)
|
|
assert.Equal(t, nil, err)
|
|
assert.Equal(t, s.Email, ss.Email)
|
|
assert.Equal(t, s.ExpiresOn.Unix(), ss.ExpiresOn.Unix())
|
|
assert.NotEqual(t, s.AccessToken, ss.AccessToken)
|
|
assert.NotEqual(t, s.RefreshToken, ss.RefreshToken)
|
|
}
|
|
|
|
func TestSessionStateSerializationNoCipher(t *testing.T) {
|
|
|
|
s := &SessionState{
|
|
Email: "user@domain.com",
|
|
AccessToken: "token1234",
|
|
ExpiresOn: time.Now().Add(time.Duration(1) * time.Hour),
|
|
RefreshToken: "refresh4321",
|
|
}
|
|
encoded, err := s.EncodeSessionState(nil)
|
|
assert.Equal(t, nil, err)
|
|
assert.Equal(t, s.Email, encoded)
|
|
|
|
// only email should have been serialized
|
|
ss, err := DecodeSessionState(encoded, nil)
|
|
assert.Equal(t, nil, err)
|
|
assert.Equal(t, s.Email, ss.Email)
|
|
assert.Equal(t, "", ss.AccessToken)
|
|
assert.Equal(t, "", ss.RefreshToken)
|
|
}
|
|
|
|
func TestSessionStateUserOrEmail(t *testing.T) {
|
|
|
|
s := &SessionState{
|
|
Email: "user@domain.com",
|
|
User: "just-user",
|
|
}
|
|
assert.Equal(t, "user@domain.com", s.userOrEmail())
|
|
s.Email = ""
|
|
assert.Equal(t, "just-user", s.userOrEmail())
|
|
}
|
|
|
|
func TestExpired(t *testing.T) {
|
|
s := &SessionState{ExpiresOn: time.Now().Add(time.Duration(-1) * time.Minute)}
|
|
assert.Equal(t, true, s.IsExpired())
|
|
|
|
s = &SessionState{ExpiresOn: time.Now().Add(time.Duration(1) * time.Minute)}
|
|
assert.Equal(t, false, s.IsExpired())
|
|
|
|
s = &SessionState{}
|
|
assert.Equal(t, false, s.IsExpired())
|
|
}
|