func Test_LoginRedirectAfterLoginRequired(t *testing.T) {
recorder := httptest.NewRecorder()
n := negroni.New()
n.Use(sessions.Sessions("my_session", sessions.NewCookieStore([]byte("secret123"))))
n.Use(Google(
goauth2.Client("client_id", "client_secret"),
goauth2.RedirectURL("refresh_url"),
goauth2.Scope("x", "y"),
))
n.Use(LoginRequired())
mux := http.NewServeMux()
mux.HandleFunc("/login-required", func(w http.ResponseWriter, req *http.Request) {
t.Log("hi there")
fmt.Fprintf(w, "OK")
})
n.UseHandler(mux)
r, _ := http.NewRequest("GET", "/login-required?key=value", nil)
n.ServeHTTP(recorder, r)
location := recorder.HeaderMap["Location"][0]
if recorder.Code != 302 {
t.Errorf("Not being redirected to the auth page.")
}
if location != "/login?next=%2Flogin-required%3Fkey%3Dvalue" {
t.Errorf("Not being redirected to the right page, %v found", location)
}
}
func Test_LogoutOnAccessTokenExpiration(t *testing.T) {
recorder := httptest.NewRecorder()
s := sessions.NewCookieStore([]byte("secret123"))
n := negroni.Classic()
n.Use(sessions.Sessions("my_session", s))
n.Use(Google(
goauth2.Client("foo", "foo"),
goauth2.RedirectURL("foo"),
))
mux := http.NewServeMux()
mux.HandleFunc("/addtoken", func(w http.ResponseWriter, req *http.Request) {
SetToken(req, "dummy token")
fmt.Fprintf(w, "OK")
})
mux.HandleFunc("/", func(w http.ResponseWriter, req *http.Request) {
tok := GetToken(req)
if tok != nil {
t.Errorf("User not logged out although access token is expired. %v\n", tok)
}
})
n.UseHandler(mux)
addtoken, _ := http.NewRequest("GET", "/addtoken", nil)
index, _ := http.NewRequest("GET", "/", nil)
n.ServeHTTP(recorder, addtoken)
n.ServeHTTP(recorder, index)
}
func main() {
secureMux := http.NewServeMux()
// Routes that require a logged in user
// can be protected by using a separate route handler
// If the user is not authenticated, they will be
// redirected to the login path.
secureMux.HandleFunc("/restrict", func(w http.ResponseWriter, req *http.Request) {
token := oauth2.GetToken(req)
fmt.Fprintf(w, "OK: %s", token.Access())
})
secure := negroni.New()
secure.Use(oauth2.LoginRequired())
secure.UseHandler(secureMux)
n := negroni.New()
n.Use(sessions.Sessions("my_session", sessions.NewCookieStore([]byte("secret123"))))
n.Use(oauth2.Google(
goauth2.Client("client_id", "client_secret"),
goauth2.RedirectURL("redirect_url"),
goauth2.Scope("https://www.googleapis.com/auth/drive"),
))
router := http.NewServeMux()
//routes added to mux do not require authentication
router.HandleFunc("/", func(w http.ResponseWriter, req *http.Request) {
token := oauth2.GetToken(req)
if token == nil || token.Expired() {
fmt.Fprintf(w, "not logged in, or the access token is expired")
return
}
fmt.Fprintf(w, "logged in")
return
})
//There is probably a nicer way to handle this than repeat the restricted routes again
//of course, you could use something like gorilla/mux and define prefix / regex etc.
router.Handle("/restrict", secure)
n.UseHandler(router)
n.Run(":3000")
}
func Test_LoginRedirect(t *testing.T) {
recorder := httptest.NewRecorder()
n := negroni.New()
n.Use(sessions.Sessions("my_session", sessions.NewCookieStore([]byte("secret123"))))
n.Use(Google(
goauth2.Client("client_id", "client_secret"),
goauth2.RedirectURL("refresh_url"),
goauth2.Scope("x", "y"),
))
r, _ := http.NewRequest("GET", "/login", nil)
n.ServeHTTP(recorder, r)
location := recorder.HeaderMap["Location"][0]
if recorder.Code != 302 {
t.Errorf("Not being redirected to the auth page.")
}
t.Logf(location)
if strings.HasPrefix("https://accounts.google.com/o/oauth2/auth?access_type=online&approval_prompt=auto&client_id=client_id&redirect_uri=refresh_url&response_type=code&scope=x+y&state=", location) {
t.Errorf("Not being redirected to the right page, %v found", location)
}
}
func Test_Logout(t *testing.T) {
recorder := httptest.NewRecorder()
s := sessions.NewCookieStore([]byte("secret123"))
n := negroni.Classic()
n.Use(sessions.Sessions("my_session", s))
n.Use(Google(
goauth2.Client("foo", "foo"),
goauth2.RedirectURL("foo"),
))
mux := http.NewServeMux()
mux.HandleFunc("/", func(w http.ResponseWriter, req *http.Request) {
SetToken(req, "dummy token")
fmt.Fprintf(w, "OK")
})
mux.HandleFunc("/get", func(w http.ResponseWriter, req *http.Request) {
tok := GetToken(req)
if tok != nil {
t.Errorf("User credentials are still kept in the session.")
}
fmt.Fprintf(w, "OK")
})
n.UseHandler(mux)
logout, _ := http.NewRequest("GET", "/logout", nil)
index, _ := http.NewRequest("GET", "/", nil)
n.ServeHTTP(httptest.NewRecorder(), index)
n.ServeHTTP(recorder, logout)
if recorder.Code != 302 {
t.Errorf("Not being redirected to the next page.")
}
}
func Test_LoginRequired(t *testing.T) {
recorder := httptest.NewRecorder()
n := negroni.Classic()
n.Use(sessions.Sessions("my_session", sessions.NewCookieStore([]byte("secret123"))))
n.Use(Google(
goauth2.Client("foo", "foo"),
goauth2.RedirectURL("foo"),
))
n.Use(LoginRequired())
mux := http.NewServeMux()
mux.HandleFunc("/", func(w http.ResponseWriter, req *http.Request) {
fmt.Fprintf(w, "OK")
})
n.UseHandler(mux)
r, _ := http.NewRequest("GET", "/", nil)
n.ServeHTTP(recorder, r)
if recorder.Code != 302 {
t.Errorf("Not being redirected to the auth page although user is not logged in. %d\n", recorder.Code)
}
}