Beispiel #1
0
func (s *S) TestCreateTokenRemoveOldTokens(c *check.C) {
	config.Set("auth:max-simultaneous-sessions", 2)
	u := auth.User{Email: "*****@*****.**", Password: "******"}
	_, err := nativeScheme.Create(&u)
	c.Assert(err, check.IsNil)
	defer u.Delete()
	defer s.conn.Tokens().RemoveAll(bson.M{"useremail": u.Email})
	t1, err := newUserToken(&u)
	c.Assert(err, check.IsNil)
	t2 := t1
	t2.Token += "aa"
	err = s.conn.Tokens().Insert(t1, t2)
	_, err = createToken(&u, "123456")
	c.Assert(err, check.IsNil)
	ok := make(chan bool, 1)
	go func() {
		for {
			ct, err := s.conn.Tokens().Find(bson.M{"useremail": u.Email}).Count()
			c.Assert(err, check.IsNil)
			if ct == 2 {
				ok <- true
				return
			}
			runtime.Gosched()
		}
	}()
	select {
	case <-ok:
	case <-time.After(2e9):
		c.Fatal("Did not remove old tokens after 2 seconds")
	}
}
Beispiel #2
0
func (s *OAuthScheme) Remove(u *auth.User) error {
	err := deleteAllTokens(u.Email)
	if err != nil {
		return err
	}
	return u.Delete()
}
Beispiel #3
0
func (s *S) TestCreateTokenShouldValidateThePassword(c *check.C) {
	u := auth.User{Email: "*****@*****.**", Password: "******"}
	_, err := nativeScheme.Create(&u)
	c.Assert(err, check.IsNil)
	defer u.Delete()
	_, err = createToken(&u, "123")
	c.Assert(err, check.NotNil)
}
Beispiel #4
0
func (s *S) TestPasswordTokenUser(c *check.C) {
	u := auth.User{Email: "*****@*****.**", Password: "******"}
	err := u.Create()
	c.Assert(err, check.IsNil)
	defer u.Delete()
	t, err := createPasswordToken(&u)
	c.Assert(err, check.IsNil)
	u2, err := t.user()
	c.Assert(err, check.IsNil)
	c.Assert(*u2, check.DeepEquals, u)
}
Beispiel #5
0
func (s *S) TestCreateTokenShouldSaveTheTokenInTheDatabase(c *check.C) {
	u := auth.User{Email: "*****@*****.**", Password: "******"}
	_, err := nativeScheme.Create(&u)
	c.Assert(err, check.IsNil)
	defer u.Delete()
	_, err = createToken(&u, "123456")
	c.Assert(err, check.IsNil)
	var result Token
	err = s.conn.Tokens().Find(bson.M{"useremail": u.Email}).One(&result)
	c.Assert(err, check.IsNil)
	c.Assert(result.Token, check.NotNil)
}
Beispiel #6
0
func (s *S) TestResetPasswordThirdToken(c *check.C) {
	scheme := NativeScheme{}
	u := auth.User{Email: "*****@*****.**"}
	err := u.Create()
	c.Assert(err, check.IsNil)
	defer u.Delete()
	t, err := createPasswordToken(&u)
	c.Assert(err, check.IsNil)
	defer s.conn.PasswordTokens().Remove(bson.M{"_id": t.Token})
	u2 := auth.User{Email: "*****@*****.**"}
	err = scheme.ResetPassword(&u2, t.Token)
	c.Assert(err, check.Equals, auth.ErrInvalidToken)
}
Beispiel #7
0
func (s *S) TestCreateTokenUsesDefaultCostWhenHasCostIsUndefined(c *check.C) {
	err := config.Unset("auth:hash-cost")
	c.Assert(err, check.IsNil)
	defer config.Set("auth:hash-cost", bcrypt.MinCost)
	u := auth.User{Email: "*****@*****.**", Password: "******"}
	_, err = nativeScheme.Create(&u)
	c.Assert(err, check.IsNil)
	defer u.Delete()
	cost = 0
	tokenExpire = 0
	_, err = createToken(&u, "123456")
	c.Assert(err, check.IsNil)
}
Beispiel #8
0
func (s *S) TestResetPassword(c *check.C) {
	scheme := NativeScheme{}
	defer s.server.Reset()
	u := auth.User{Email: "*****@*****.**"}
	err := u.Create()
	c.Assert(err, check.IsNil)
	defer u.Delete()
	p := u.Password
	err = scheme.StartPasswordReset(&u)
	c.Assert(err, check.IsNil)
	err = tsurutest.WaitCondition(time.Second, func() bool {
		s.server.RLock()
		defer s.server.RUnlock()
		return len(s.server.MailBox) == 1
	})
	c.Assert(err, check.IsNil)
	var token passwordToken
	err = s.conn.PasswordTokens().Find(bson.M{"useremail": u.Email}).One(&token)
	c.Assert(err, check.IsNil)
	err = scheme.ResetPassword(&u, token.Token)
	c.Assert(err, check.IsNil)
	u2, _ := auth.GetUserByEmail(u.Email)
	c.Assert(u2.Password, check.Not(check.Equals), p)
	var m authtest.Mail
	err = tsurutest.WaitCondition(time.Second, func() bool {
		s.server.RLock()
		defer s.server.RUnlock()
		if len(s.server.MailBox) != 2 {
			return false
		}
		m = s.server.MailBox[1]
		return true
	})
	c.Assert(err, check.IsNil)
	c.Assert(m.From, check.Equals, "root")
	c.Assert(m.To, check.DeepEquals, []string{u.Email})
	var buf bytes.Buffer
	template, err := getEmailResetPasswordSucessfullyTemplate()
	c.Assert(err, check.IsNil)
	err = template.Execute(&buf, map[string]string{"email": u.Email, "password": ""})
	c.Assert(err, check.IsNil)
	expected := strings.Replace(buf.String(), "\n", "\r\n", -1) + "\r\n"
	lines := strings.Split(string(m.Data), "\r\n")
	lines[len(lines)-4] = ""
	c.Assert(strings.Join(lines, "\r\n"), check.Equals, expected)
	err = s.conn.PasswordTokens().Find(bson.M{"useremail": u.Email}).One(&token)
	c.Assert(err, check.IsNil)
	c.Assert(token.Used, check.Equals, true)
}
Beispiel #9
0
func (s *S) TestResetPassword(c *check.C) {
	scheme := NativeScheme{}
	defer s.server.Reset()
	u := auth.User{Email: "*****@*****.**"}
	err := u.Create()
	c.Assert(err, check.IsNil)
	defer u.Delete()
	p := u.Password
	err = scheme.StartPasswordReset(&u)
	c.Assert(err, check.IsNil)
	time.Sleep(1e6) // Let the email flow
	var token passwordToken
	err = s.conn.PasswordTokens().Find(bson.M{"useremail": u.Email}).One(&token)
	c.Assert(err, check.IsNil)
	err = scheme.ResetPassword(&u, token.Token)
	c.Assert(err, check.IsNil)
	u2, _ := auth.GetUserByEmail(u.Email)
	c.Assert(u2.Password, check.Not(check.Equals), p)
	time.Sleep(1e9) // Let the email flow
	s.server.Lock()
	defer s.server.Unlock()
	c.Assert(s.server.MailBox, check.HasLen, 2)
	m := s.server.MailBox[1]
	c.Assert(m.From, check.Equals, "root")
	c.Assert(m.To, check.DeepEquals, []string{u.Email})
	var buf bytes.Buffer
	err = passwordResetConfirm.Execute(&buf, map[string]string{"email": u.Email, "password": ""})
	c.Assert(err, check.IsNil)
	expected := strings.Replace(buf.String(), "\n", "\r\n", -1) + "\r\n"
	lines := strings.Split(string(m.Data), "\r\n")
	lines[len(lines)-4] = ""
	c.Assert(strings.Join(lines, "\r\n"), check.Equals, expected)
	err = s.conn.PasswordTokens().Find(bson.M{"useremail": u.Email}).One(&token)
	c.Assert(err, check.IsNil)
	c.Assert(token.Used, check.Equals, true)
}