//creates a new Session object with no Id.
func NewSession(id string) *Session {
return &Session{
Id: orm.String(id),
Authenticated: orm.Bool(false),
ProfileId: nil,
Values: &map[string]string{},
}
}
func Login(w http.ResponseWriter, r *perfect.Request) {
var (
profile_id *string
err error
)
//get the session
session, err := r.Session()
if err != nil {
perfect.Error(w, r, err)
return
}
//if the user is already authenticated, redirect to home
if *session.Authenticated {
perfect.Redirect(w, r, "/")
return
}
//TODO: make this work! (and delete the hard-coded built-in strategy!)
//user, err := r.Module.Auth.Login(w, r);
bauth := NewBuiltinStrategy(&Config{Type: BUILTIN})
profile_id, err = bauth.Login(w, r)
if err != nil {
log.Println("login error:", err)
perfect.JSONResult(w, r, false, err.Error())
return
}
//mark the session as authenticated
session.Authenticated = orm.Bool(true)
//regenerate the session Id
session.Id = orm.String(r.Module.Db.UniqueId())
//set the current user profile id
session.ProfileId = profile_id
// update the session
err = r.Module.Db.Save(session)
if err != nil {
perfect.Error(w, r, err)
return
}
session.SetCookie(w, r)
//success
perfect.JSONResult(w, r, true, r.Module.MountPoint+"/")
}
func TestSession_Partial(t *testing.T) {
type testCase struct {
Update, Expected *Session
}
db, clean := ormtest.NewTestDatabase(ormtest.DbUrl, t)
defer clean()
//create a sample Session
s := &Session{}
//clean the collection at the start and end of this test
db.DropCollection(s)
defer db.DropCollection(s)
//insert the first session
err := db.Save(s)
if err != nil {
t.Fatalf("err = %v", err)
}
var (
oid orm.Object = s.Object
sid1 *string = orm.String("1")
sid2 *string = orm.String("2")
yes *bool = orm.Bool(true)
no *bool = orm.Bool(false)
val1 *map[string]string = &map[string]string{"1": "2"}
val2 *map[string]string = &map[string]string{"1": "3"}
val3 *map[string]string = &map[string]string{"2": "1"}
partial_session_updates []testCase = []testCase{
{Update: &Session{Object: oid}, Expected: &Session{Object: oid}},
{Update: &Session{Object: oid, Id: sid1}, Expected: &Session{Object: oid, Id: sid1}},
{Update: &Session{Object: oid, Id: sid2}, Expected: &Session{Object: oid, Id: sid2}},
{Update: &Session{Object: oid, Id: sid1}, Expected: &Session{Object: oid, Id: sid1}},
{Update: &Session{Object: oid, Id: sid1, Authenticated: no}, Expected: &Session{Object: oid, Id: sid1, Authenticated: no}},
{Update: &Session{Object: oid, Id: sid1, Authenticated: yes}, Expected: &Session{Object: oid, Id: sid1, Authenticated: yes}},
{Update: &Session{Object: oid, Id: sid2, Authenticated: no}, Expected: &Session{Object: oid, Id: sid2, Authenticated: no}},
{Update: &Session{Object: oid, Id: sid2, Authenticated: yes}, Expected: &Session{Object: oid, Id: sid2, Authenticated: yes}},
{Update: &Session{Object: oid, Id: sid2}, Expected: &Session{Object: oid, Id: sid2, Authenticated: yes}},
{Update: &Session{Object: oid, Id: sid1}, Expected: &Session{Object: oid, Id: sid1, Authenticated: yes}},
{Update: &Session{Object: oid, Authenticated: no}, Expected: &Session{Object: oid, Id: sid1, Authenticated: no}},
{Update: &Session{Object: oid, Values: val1}, Expected: &Session{Object: oid, Id: sid1, Authenticated: no, Values: val1}},
{Update: &Session{Object: oid, Values: val2}, Expected: &Session{Object: oid, Id: sid1, Authenticated: no, Values: val2}},
{Update: &Session{Object: oid, Values: val1}, Expected: &Session{Object: oid, Id: sid1, Authenticated: no, Values: val1}},
{Update: &Session{Object: oid, Values: val2}, Expected: &Session{Object: oid, Id: sid1, Authenticated: no, Values: val2}},
{Update: &Session{Object: oid, Id: sid2}, Expected: &Session{Object: oid, Id: sid2, Authenticated: no, Values: val2}},
{Update: &Session{Object: oid, Authenticated: yes}, Expected: &Session{Object: oid, Id: sid2, Authenticated: yes, Values: val2}},
{Update: &Session{Object: oid, Values: val3}, Expected: &Session{Object: oid, Id: sid2, Authenticated: yes, Values: val3}},
{Update: &Session{Object: oid, Id: sid1}, Expected: &Session{Object: oid, Id: sid1, Authenticated: yes, Values: val3}},
}
)
for i, test := range partial_session_updates {
err := db.Save(test.Update)
if err != nil {
t.Fatalf("partial session %v: err = %v", i+1, err)
}
actual := &Session{
Object: test.Update.Object,
}
err = db.Find(actual)
if err != nil {
t.Fatalf("partial session %v: err = %v", i+1, err)
}
if !reflect.DeepEqual(actual, test.Expected) {
t.Fatalf("partial session %v: actual session is not exactly the same as expected session\n actual: %v\n expected: %v\n update: %v", i+1, actual, test.Expected, test.Update)
}
}
}
func TestNotLoggedIn(t *testing.T) {
module_mount_point := "/testing"
request_method := "GET"
request_path := "/test"
query_string := "?arg1=val1"
session_id := "123ABC"
session := NewSession(session_id)
module := &Module{
MountPoint: module_mount_point,
}
request_url, err := url.Parse("http://localhost" + module.MountPoint + request_path + query_string)
if err != nil {
t.Errorf("err = %v", err)
}
response := httptest.NewRecorder()
http_request := &http.Request{
Method: request_method,
URL: request_url,
Header: http.Header{},
}
request := NewRequest(http_request, request_path, module)
request.SetSession(session)
handler := func(w http.ResponseWriter, r *Request) {
if *session.Authenticated {
t.Errorf("session.Authenticated is %v, did not expect the handler to be called", session.Authenticated)
}
w.WriteHeader(http.StatusOK)
}
auth_handler := NotLoggedIn(handler)
//call the auth handler
auth_handler(response, request)
if response.Code == http.StatusSeeOther {
t.Errorf("response.Code is %v, expected %v (http.StatusOK)", response.Code, http.StatusSeeOther)
}
//perform another test, but this time the session is going to be authenticated
session.Authenticated = orm.Bool(true)
request.SetSession(session)
response = httptest.NewRecorder()
handler2_called := false
handler2 := func(w http.ResponseWriter, r *Request) {
handler2_called = true
}
auth_handler = NotLoggedIn(handler2)
auth_handler(response, request)
if handler2_called {
t.Errorf("expected handler2 to not be called")
}
if response.Code != http.StatusSeeOther {
t.Errorf("response.Code is %v, expected %v (http.StatusSeeOther)", response.Code, http.StatusSeeOther)
}
}