Beispiel #1
0
// Authenticate process the request and returns a populated UserProfile.
// If the Authenticate method can not authenticate the User based on the
// request, an error or a redirect URL wll be return.
func (p *Provider) Authenticate(w http.ResponseWriter, r *http.Request) (
	up *profile.Profile, redirectURL string, err error) {

	c := context.NewContext(r)

	url := r.FormValue("provider")
	// Set provider info.
	up = profile.New(p.Name, url)

	// Check for current User.

	u := aeuser.Current(c)

	if u == nil {
		redirectURL := r.URL.Path + "/callback"
		loginUrl, err := aeuser.LoginURLFederated(c, redirectURL, url)
		return up, loginUrl, err
	}

	if u.FederatedIdentity != "" {
		up.ID = u.FederatedIdentity
	} else {
		up.ID = u.ID
	}

	per := new(person.Person)
	per.Email = u.Email
	per.Emails = []*person.PersonEmails{
		&person.PersonEmails{true, "home", u.Email},
	}
	per.URL = u.FederatedIdentity
	up.Person = per

	return up, "", nil
}
Beispiel #2
0
// Authenticate process the request and returns a populated Profile.
// If the Authenticate method can not authenticate the User based on the
// request, an error or a redirect URL wll be return.
func (p *Provider) Authenticate(w http.ResponseWriter, r *http.Request) (
	pf *profile.Profile, url string, err error) {

	p.URL = r.URL.Host
	pf = profile.New(p.Name, p.URL)

	pass := &Password{
		New:     r.FormValue("Password.New"),
		Current: r.FormValue("Password.Current"),
		Email:   r.FormValue("Email"),
	}
	c := context.NewContext(r)
	userID, _ := user.CurrentUserIDByEmail(r, pass.Email)
	pers := decodePerson(r)
	pf, err = authenticate(c, pass, pers, userID)
	return pf, "", err
}
Beispiel #3
0
Datei: dev.go Projekt: gaego/auth
// Authenticate process the request and returns a populated Profile.
// If the Authenticate method can not authenticate the User based on the
// request, an error or a redirect URL wll be return.
func (p *Provider) Authenticate(w http.ResponseWriter, r *http.Request) (
	up *profile.Profile, url string, err error) {

	up = profile.New(p.Name, p.URL)
	// Add the User's Unique ID. If an ID is not provided make this
	// value "default"
	up.ID = r.FormValue("ID")
	if up.ID == "" {
		up.ID = "default"
	}

	// Decode the form data and add the resulting Person type to the Profile.
	per := &person.Person{}
	decoder := schema.NewDecoder()
	decoder.Decode(per, r.Form)
	up.Person = per

	return up, "", nil
}
Beispiel #4
0
func create(c appengine.Context, pass string, pers *person.Person, userID string) (
	pf *profile.Profile, err error) {

	var id string
	if userID == "" {
		u := user.New()
		u.SetKey(c)
		if err = u.Put(c); err != nil {
			return
		}
		id = u.Key.StringID()
	} else {
		id = userID
	}
	pf = profile.New("Password", "")
	pf.ID = id
	pf.UserID = id
	pf.Auth, _ = GenerateFromPassword([]byte(pass))
	pf.Person = pers
	return
}
Beispiel #5
0
// Scenario #2:
// - No User session
// - Yes Email Saved
// - Yes Profile Saved
func TestAuthenticate_Scenario2(t *testing.T) {
	pro := setup()
	defer tearDown()

	var pf *profile.Profile
	var uRL string
	var err error
	var v url.Values
	var r *http.Request

	c := context.NewContext(nil)
	w := httptest.NewRecorder()

	// Profile Not found
	v = url.Values{}
	v.Set("Email", "*****@*****.**")
	v.Set("Password.Current", "secret1")
	r = createRequest(v)
	// Check.
	if pf, uRL, err = pro.Authenticate(w, r); uRL != "" || err != ErrProfileNotFound {
		t.Errorf(`url: %v, want: ""`, uRL)
		t.Errorf(`err: %v, want: %v`, err, ErrProfileNotFound)
	}

	// Setup.
	pf = profile.New("Password", "")
	pf.UserID = "1"
	pf.ID = "1"
	passHash, _ := GenerateFromPassword([]byte("secret1"))
	pf.Auth = passHash
	pf.SetKey(c)
	pf.Person = &person.Person{
		Name: &person.PersonName{
			GivenName:  "Barack",
			FamilyName: "Obama",
		},
	}
	_ = pf.Put(c)
	e := email.New()
	e.UserID = "1"
	e.SetKey(c, "*****@*****.**")
	_ = e.Put(c)

	// 1. Login
	// a. Correct password.
	v = url.Values{}
	v.Set("Email", "*****@*****.**")
	v.Set("Password.Current", "secret1")
	v.Set("Name.GivenName", "Berry")
	r = createRequest(v)
	// Check.
	if pf, uRL, err = pro.Authenticate(w, r); uRL != "" || err != nil {
		t.Errorf(`url: %v, want: ""`, uRL)
		t.Fatalf(`err: %v, want: %v`, err, nil)
	}
	if x := pf.Person.Name.GivenName; x != "Barack" {
		t.Errorf(`.Person should not be updated on login`)
	}
	// b. In-Correct password.
	v = url.Values{}
	v.Set("Email", "*****@*****.**")
	v.Set("Password.Current", "fakepass")
	r = createRequest(v)
	// Check.
	if _, _, err = pro.Authenticate(w, r); err != ErrPasswordMismatch {
		t.Errorf(`err: %v, want: %v`, err, ErrPasswordMismatch)
	}
	// 2. Update
	// a. Correct password.
	v = url.Values{}
	v.Set("Email", "*****@*****.**")
	v.Set("Password.Current", "secret1")
	v.Set("Password.New", "secret2")
	v.Set("Name.GivenName", "Berry")
	r = createRequest(v)
	// Check.
	if pf, uRL, err = pro.Authenticate(w, r); uRL != "" || err != nil {
		t.Errorf(`url: %v, want: ""`, uRL)
		t.Errorf(`err: %v, want: %v`, err, nil)
	}
	if x := pf.Person.Name.GivenName; x != "Berry" {
		t.Errorf(`pf.Person should be updated on update`)
	}
	if x := pf.UserID; x != "1" {
		t.Errorf(`pf.UserID: %v, want %v`, x, "1")
	}
	if err := CompareHashAndPassword(pf.Auth, []byte("secret2")); err != nil {
		t.Errorf(`Password was not changed`)
	}
	// b. In-Correct password.
	v = url.Values{}
	v.Set("Email", "*****@*****.**")
	v.Set("Password.Current", "fakepass")
	v.Set("Password.New", "hacked")
	v.Set("Name.GivenName", "Bob")
	r = createRequest(v)
	// Check.
	if _, _, err = pro.Authenticate(w, r); err != ErrPasswordMismatch {
		t.Errorf(`err: %v, want: %v`, err, ErrPasswordMismatch)
	}
	// 2. Create - Should login user
	// a. Correct password.
	v = url.Values{}
	v.Set("Email", "*****@*****.**")
	v.Set("Password.New", "secret1")
	v.Set("Name.GivenName", "Bob1")
	r = createRequest(v)
	// Check.
	if pf, uRL, err = pro.Authenticate(w, r); uRL != "" || err != nil {
		t.Errorf(`url: %v, want: ""`, uRL)
		t.Errorf(`err: %v, want: %v`, err, nil)
	}
	if x := pf.Person.Name.GivenName; x != "Bob1" {
		t.Errorf(`.Person should be updated on update`)
	}
	if x := pf.UserID; x != "1" {
		t.Errorf(`pf.UserID: %v, want %v`, x, "1")
	}
	if err := CompareHashAndPassword(pf.Auth, []byte("secret1")); err != nil {
		t.Errorf(`Password was not changed`)
	}
	// b. In-Correct password.
	v = url.Values{}
	v.Set("Email", "*****@*****.**")
	v.Set("Password.New", "fakepass")
	v.Set("Name.GivenName", "Bob2")
	r = createRequest(v)
	// Check.
	if _, _, err = pro.Authenticate(w, r); err != ErrPasswordMismatch {
		t.Errorf(`err: %v, want: %v`, err, ErrPasswordMismatch)
	}
}
Beispiel #6
0
func (p *TPComplete) Authenticate(w http.ResponseWriter, r *http.Request) (
	up *profile.Profile, url string, err error) {
	up = profile.New("Example", "example.com")
	up.ID = "1"
	return up, "", nil
}
Beispiel #7
0
func Test_CreateAndLogin(t *testing.T) {
	setup()
	defer teardown()
	c := context.NewContext(nil)

	up := profile.New("Example", "example.com")
	r, _ := http.NewRequest("GET", "http://localhost:8080/-/auth/example4", nil)
	w := httptest.NewRecorder()

	// Round 1: No User | No Profile

	// Confirm.

	q := datastore.NewQuery("User")
	if cnt, _ := q.Count(c); cnt != 0 {
		t.Errorf(`User cnt: %v, want 0`, cnt)
	}
	q = datastore.NewQuery("Profile")
	if cnt, _ := q.Count(c); cnt != 0 {
		t.Errorf(`Profile cnt: %v, want 0`, cnt)
	}
	u, err := user.Current(r)
	if err != user.ErrNoLoggedInUser {
		t.Errorf(`err: %v, want %v`, err, user.ErrNoLoggedInUser)
	}

	// Create.

	up.ID = "1"
	up.ProviderName = "Example"
	up.SetKey(c)
	u, err = CreateAndLogin(w, r, up)
	if err != nil {
		t.Errorf(`err: %v, want nil`, err)
	}

	if u.Key.StringID() != "1" {
		t.Errorf(`u.Key.StringID(): %v, want 1`, u.Key.StringID())
	}
	if up.Key.StringID() != "example|1" {
		t.Errorf(`up.Key.StringID(): %v, want "example|1"`, up.Key.StringID())
	}
	if up.UserID != u.Key.StringID() {
		t.Errorf(`up.UserID: %v, want %v`, up.UserID, u.Key.StringID())
	}

	// Confirm Profile.

	rup, err := profile.Get(c, "example|1")
	if err != nil {
		t.Errorf(`err: %v, want nil`, err)
	}
	if rup.ID != "1" {
		t.Errorf(`rup.ID: %v, want "1"`, rup.ID)
	}
	if rup.Key.StringID() != "example|1" {
		t.Errorf(`rup.Key.StringID(): %v, want "example|1"`, rup.Key.StringID())
	}
	if rup.UserID != u.Key.StringID() {
		t.Errorf(`rup.UserID: %v, want %v`, rup.UserID, u.Key.StringID())
	}

	// Confirm User.

	ru, err := user.Get(c, "1")
	if err != nil {
		t.Fatalf(`err: %v, want nil`, err)
	}
	if ru.AuthIDs[0] != "example|1" {
		t.Errorf(`ru.AuthIDs[0]: %v, want "example|1"`, ru.AuthIDs[0])
	}
	if ru.Key.StringID() != "1" {
		t.Errorf(`ru.Key.StringID(): %v, want 1`, ru.Key.StringID())
	}
	q2 := datastore.NewQuery("User")
	q4 := datastore.NewQuery("AuthProfile")

	// Confirm Logged in User.

	u, err = user.Current(r)
	if err != nil {
		t.Errorf(`err: %v, want %v`, err, nil)
	}
	if u.Key.StringID() != "1" {
		t.Errorf(`u.Key.StringID(): %v, want 1`, u.Key.StringID())
	}
	if len(u.AuthIDs) != 1 {
		t.Errorf(`len(u.AuthIDs): %v, want 1`, len(u.AuthIDs))
		t.Errorf(`u.AuthIDs: %v`, u.AuthIDs)
		t.Errorf(`u: %v`, u)
	}

	// Round 2: Logged in User | Second Profile

	// Create.

	up = profile.New("AnotherExample", "anotherexample.com")
	up.ID = "2"
	up.SetKey(c)
	u, err = CreateAndLogin(w, r, up)
	if err != nil {
		t.Errorf(`err: %v, want nil`, err)
	}

	// Confirm Profile.

	rup, err = profile.Get(c, "anotherexample|2")
	if err != nil {
		t.Errorf(`err: %v, want nil`, err)
	}
	if rup.ID != "2" {
		t.Errorf(`rup.ID: %v, want "2"`, rup.ID)
	}
	if rup.Key.StringID() != "anotherexample|2" {
		t.Errorf(`rup.Key.StringID(): %v, want "anotherexample|2"`, rup.Key.StringID())
	}
	if rup.UserID != u.Key.StringID() {
		t.Errorf(`rup.UserID: %v, want %v`, rup.UserID, u.Key.StringID())
	}

	// Confirm Logged in User hasn't changed.

	u, err = user.Current(r)
	if err != nil {
		t.Errorf(`err: %v, want %v`, err, nil)
	}
	if u.Key.StringID() != "1" {
		t.Errorf(`u.Key.StringID(): %v, want 1`, u.Key.StringID())
	}
	if len(u.AuthIDs) != 2 {
		t.Errorf(`len(u.AuthIDs): %v, want 2`, len(u.AuthIDs))
		t.Errorf(`u.AuthIDs: %v`, u.AuthIDs)
		t.Errorf(`u: %v`, u)
	}
	if u.AuthIDs[0] != "example|1" {
		t.Errorf(`u.AuthIDs[0]: %v, want "example|1"`, u.AuthIDs[0])
	}
	if u.AuthIDs[1] != "anotherexample|2" {
		t.Errorf(`u.AuthIDs[1]: %v, want "anotherexample|2"`, u.AuthIDs[1])
	}

	// Confirm Counts

	q2 = datastore.NewQuery("User")
	if cnt, _ := q2.Count(c); cnt != 1 {
		t.Errorf(`User cnt: %v, want 1`, cnt)
	}
	q4 = datastore.NewQuery("AuthProfile")

	// Round 3: Logged out User | Existing Profile

	err = user.Logout(w, r)
	if err != nil {
		t.Errorf(`err: %v, want nil`, err)
	}

	// Confirm Logged out User.

	u, err = user.Current(r)
	if err != user.ErrNoLoggedInUser {
		t.Errorf(`err: %q, want %q`, err, user.ErrNoLoggedInUser)
	}

	// Login.

	up = profile.New("Example", "example.com")
	up.ID = "1"
	up.SetKey(c)
	u, err = CreateAndLogin(w, r, up)
	if err != nil {
		t.Errorf(`err: %v, want nil`, err)
	}

	// Confirm.

	q2 = datastore.NewQuery("User")
	if cnt, _ := q2.Count(c); cnt != 1 {
		t.Errorf(`User cnt: %v, want 1`, cnt)
	}
	q4 = datastore.NewQuery("AuthProfile")
	if cnt, _ := q4.Count(c); cnt != 2 {
		t.Errorf(`Profile cnt: %v, want 1`, cnt)
	}

	// Confirm Logged in User hasn't changed.

	u, err = user.Current(r)
	if err != nil {
		t.Errorf(`err: %v, want %v`, err, nil)
	}
	if u.Key.StringID() != "1" {
		t.Errorf(`u.Key.StringID(): %v, want "1"`, u.Key.StringID())
	}
	if len(u.AuthIDs) != 2 {
		t.Errorf(`len(u.AuthIDs): %v, want 2`, len(u.AuthIDs))
		t.Errorf(`u.AuthIDs: %s`, u.AuthIDs)
		t.Errorf(`u: %v`, u)
	}
}