Beispiel #1
0
//creates a new Session object with no Id.
func NewSession(id string) *Session {
	return &Session{
		Id:            orm.String(id),
		Authenticated: orm.Bool(false),
		ProfileId:     nil,
		Values:        &map[string]string{},
	}
}
Beispiel #2
0
func Login(w http.ResponseWriter, r *perfect.Request) {
	var (
		profile_id *string
		err        error
	)

	//get the session
	session, err := r.Session()
	if err != nil {
		perfect.Error(w, r, err)
		return
	}

	//if the user is already authenticated, redirect to home
	if *session.Authenticated {
		perfect.Redirect(w, r, "/")
		return
	}

	//TODO: make this work! (and delete the hard-coded built-in strategy!)
	//user, err := r.Module.Auth.Login(w, r);
	bauth := NewBuiltinStrategy(&Config{Type: BUILTIN})
	profile_id, err = bauth.Login(w, r)

	if err != nil {
		log.Println("login error:", err)
		perfect.JSONResult(w, r, false, err.Error())
		return
	}

	//mark the session as authenticated
	session.Authenticated = orm.Bool(true)

	//regenerate the session Id
	session.Id = orm.String(r.Module.Db.UniqueId())

	//set the current user profile id
	session.ProfileId = profile_id

	// update the session
	err = r.Module.Db.Save(session)
	if err != nil {
		perfect.Error(w, r, err)
		return
	}

	session.SetCookie(w, r)

	//success
	perfect.JSONResult(w, r, true, r.Module.MountPoint+"/")
}
Beispiel #3
0
func TestSession_Partial(t *testing.T) {

	type testCase struct {
		Update, Expected *Session
	}

	db, clean := ormtest.NewTestDatabase(ormtest.DbUrl, t)
	defer clean()

	//create a sample Session
	s := &Session{}

	//clean the collection at the start and end of this test
	db.DropCollection(s)
	defer db.DropCollection(s)

	//insert the first session
	err := db.Save(s)
	if err != nil {
		t.Fatalf("err = %v", err)
	}

	var (
		oid  orm.Object         = s.Object
		sid1 *string            = orm.String("1")
		sid2 *string            = orm.String("2")
		yes  *bool              = orm.Bool(true)
		no   *bool              = orm.Bool(false)
		val1 *map[string]string = &map[string]string{"1": "2"}
		val2 *map[string]string = &map[string]string{"1": "3"}
		val3 *map[string]string = &map[string]string{"2": "1"}

		partial_session_updates []testCase = []testCase{
			{Update: &Session{Object: oid}, Expected: &Session{Object: oid}},
			{Update: &Session{Object: oid, Id: sid1}, Expected: &Session{Object: oid, Id: sid1}},
			{Update: &Session{Object: oid, Id: sid2}, Expected: &Session{Object: oid, Id: sid2}},
			{Update: &Session{Object: oid, Id: sid1}, Expected: &Session{Object: oid, Id: sid1}},
			{Update: &Session{Object: oid, Id: sid1, Authenticated: no}, Expected: &Session{Object: oid, Id: sid1, Authenticated: no}},
			{Update: &Session{Object: oid, Id: sid1, Authenticated: yes}, Expected: &Session{Object: oid, Id: sid1, Authenticated: yes}},
			{Update: &Session{Object: oid, Id: sid2, Authenticated: no}, Expected: &Session{Object: oid, Id: sid2, Authenticated: no}},
			{Update: &Session{Object: oid, Id: sid2, Authenticated: yes}, Expected: &Session{Object: oid, Id: sid2, Authenticated: yes}},
			{Update: &Session{Object: oid, Id: sid2}, Expected: &Session{Object: oid, Id: sid2, Authenticated: yes}},
			{Update: &Session{Object: oid, Id: sid1}, Expected: &Session{Object: oid, Id: sid1, Authenticated: yes}},
			{Update: &Session{Object: oid, Authenticated: no}, Expected: &Session{Object: oid, Id: sid1, Authenticated: no}},
			{Update: &Session{Object: oid, Values: val1}, Expected: &Session{Object: oid, Id: sid1, Authenticated: no, Values: val1}},
			{Update: &Session{Object: oid, Values: val2}, Expected: &Session{Object: oid, Id: sid1, Authenticated: no, Values: val2}},
			{Update: &Session{Object: oid, Values: val1}, Expected: &Session{Object: oid, Id: sid1, Authenticated: no, Values: val1}},
			{Update: &Session{Object: oid, Values: val2}, Expected: &Session{Object: oid, Id: sid1, Authenticated: no, Values: val2}},
			{Update: &Session{Object: oid, Id: sid2}, Expected: &Session{Object: oid, Id: sid2, Authenticated: no, Values: val2}},
			{Update: &Session{Object: oid, Authenticated: yes}, Expected: &Session{Object: oid, Id: sid2, Authenticated: yes, Values: val2}},
			{Update: &Session{Object: oid, Values: val3}, Expected: &Session{Object: oid, Id: sid2, Authenticated: yes, Values: val3}},
			{Update: &Session{Object: oid, Id: sid1}, Expected: &Session{Object: oid, Id: sid1, Authenticated: yes, Values: val3}},
		}
	)

	for i, test := range partial_session_updates {
		err := db.Save(test.Update)
		if err != nil {
			t.Fatalf("partial session %v: err = %v", i+1, err)
		}

		actual := &Session{
			Object: test.Update.Object,
		}

		err = db.Find(actual)
		if err != nil {
			t.Fatalf("partial session %v: err = %v", i+1, err)
		}

		if !reflect.DeepEqual(actual, test.Expected) {
			t.Fatalf("partial session %v: actual session is not exactly the same as expected session\n actual: %v\n expected: %v\n update: %v", i+1, actual, test.Expected, test.Update)
		}
	}
}
Beispiel #4
0
func TestNotLoggedIn(t *testing.T) {
	module_mount_point := "/testing"
	request_method := "GET"
	request_path := "/test"
	query_string := "?arg1=val1"
	session_id := "123ABC"

	session := NewSession(session_id)

	module := &Module{
		MountPoint: module_mount_point,
	}

	request_url, err := url.Parse("http://localhost" + module.MountPoint + request_path + query_string)
	if err != nil {
		t.Errorf("err = %v", err)
	}

	response := httptest.NewRecorder()

	http_request := &http.Request{
		Method: request_method,
		URL:    request_url,
		Header: http.Header{},
	}

	request := NewRequest(http_request, request_path, module)

	request.SetSession(session)

	handler := func(w http.ResponseWriter, r *Request) {
		if *session.Authenticated {
			t.Errorf("session.Authenticated is %v, did not expect the handler to be called", session.Authenticated)
		}

		w.WriteHeader(http.StatusOK)
	}

	auth_handler := NotLoggedIn(handler)

	//call the auth handler
	auth_handler(response, request)

	if response.Code == http.StatusSeeOther {
		t.Errorf("response.Code is %v, expected %v (http.StatusOK)", response.Code, http.StatusSeeOther)
	}

	//perform another test, but this time the session is going to be authenticated
	session.Authenticated = orm.Bool(true)
	request.SetSession(session)
	response = httptest.NewRecorder()

	handler2_called := false

	handler2 := func(w http.ResponseWriter, r *Request) {
		handler2_called = true
	}

	auth_handler = NotLoggedIn(handler2)

	auth_handler(response, request)

	if handler2_called {
		t.Errorf("expected handler2 to not be called")
	}

	if response.Code != http.StatusSeeOther {
		t.Errorf("response.Code is %v, expected %v (http.StatusSeeOther)", response.Code, http.StatusSeeOther)
	}
}