Ejemplo n.º 1
0
func TestJwtUnknownUser(t *testing.T) {

	// Setup jwt
	c := &JwtAuthConfig{}
	c.Admin.PrivateKey = "Key"
	c.User.PrivateKey = "UserKey"
	j := NewJwtAuth(c)
	tests.Assert(t, j != nil)

	// Setup middleware framework
	n := negroni.New(j)
	tests.Assert(t, n != nil)

	// Create a simple middleware to check if it was called
	called := false
	mw := func(rw http.ResponseWriter, r *http.Request) {
		called = true
	}
	n.UseHandlerFunc(mw)

	// Create test server
	ts := httptest.NewServer(n)

	// Create token with invalid user
	token := jwt.New(jwt.SigningMethodHS256)
	token.Claims["iat"] = time.Now().Unix()
	token.Claims["exp"] = time.Now().Add(time.Second * 5).Unix()
	token.Claims["iss"] = "someotheruser"
	tokenString, err := token.SignedString([]byte("Key"))
	tests.Assert(t, err == nil)

	// Setup header
	req, err := http.NewRequest("GET", ts.URL, nil)
	tests.Assert(t, err == nil)

	// Miss 'bearer' string
	req.Header.Set("Authorization", "bearer "+tokenString)
	r, err := http.DefaultClient.Do(req)
	tests.Assert(t, err == nil)
	tests.Assert(t, r.StatusCode == http.StatusUnauthorized)
	tests.Assert(t, called == false)

	s, err := utils.GetStringFromResponse(r)
	tests.Assert(t, err == nil)
	tests.Assert(t, strings.Contains(s, "Unknown user"))
}
Ejemplo n.º 2
0
func TestNodePeerDetachFailure(t *testing.T) {
	tmpfile := tests.Tempfile()
	defer os.Remove(tmpfile)

	// Create the app
	app := NewTestApp(tmpfile)
	defer app.Close()
	router := mux.NewRouter()
	app.SetRoutes(router)

	// Setup the server
	ts := httptest.NewServer(router)
	defer ts.Close()

	// Create a cluster.  We do not want
	// any drives in the node so we can delete easily
	err := setupSampleDbWithTopology(app,
		1,     // clusters
		4,     // nodes_per_cluster
		0,     // devices_per_node,
		50*GB, // disksize)
	)
	tests.Assert(t, err == nil)

	// Setup the mock peer probe to fail
	peer_called := false
	peer_calls := 0
	app.xo.MockPeerDetach = func(exec_host, newnode string) error {
		peer_calls++
		peer_called = true
		return errors.New("Mock")
	}

	// Get a node id
	var nodeid string
	err = app.db.View(func(tx *bolt.Tx) error {
		clusterlist, err := ClusterList(tx)
		if err != nil {
			return err
		}

		cluster, err := NewClusterEntryFromId(tx, clusterlist[0])
		if err != nil {
			return err
		}

		nodeid = cluster.Info.Nodes[0]

		return nil

	})
	tests.Assert(t, err == nil)
	tests.Assert(t, nodeid != "")

	// Delete node
	req, err := http.NewRequest("DELETE", ts.URL+"/nodes/"+nodeid, nil)
	tests.Assert(t, err == nil)
	r, err := http.DefaultClient.Do(req)
	tests.Assert(t, err == nil)
	tests.Assert(t, r.StatusCode == http.StatusAccepted)
	location, err := r.Location()
	tests.Assert(t, err == nil)

	// Since we forced the MockPeerDetach above to fail, the request should fail
	for {
		r, err = http.Get(location.String())
		tests.Assert(t, err == nil)
		if r.Header.Get("X-Pending") == "true" {
			tests.Assert(t, r.StatusCode == http.StatusOK)
			time.Sleep(time.Millisecond * 10)
		} else {
			tests.Assert(t, r.StatusCode == http.StatusInternalServerError)
			s, err := utils.GetStringFromResponse(r)
			tests.Assert(t, err == nil)
			tests.Assert(t, strings.TrimSpace(s) == "Mock")
			tests.Assert(t, peer_called == true)
			tests.Assert(t, peer_calls == 1)
			break
		}
	}

	// Check that the node is still in the db
	err = app.db.View(func(tx *bolt.Tx) error {
		clusters, err := ClusterList(tx)
		if err != nil {
			return err
		}

		cluster, err := NewClusterEntryFromId(tx, clusters[0])
		if err != nil {
			return err
		}
		tests.Assert(t, utils.SortedStringHas(cluster.Info.Nodes, nodeid))

		_, err = NewNodeEntryFromId(tx, nodeid)
		return err
	})
	tests.Assert(t, err == nil)
}
Ejemplo n.º 3
0
func TestNodePeerProbeFailure(t *testing.T) {
	tmpfile := tests.Tempfile()
	defer os.Remove(tmpfile)

	// Create the app
	app := NewTestApp(tmpfile)
	defer app.Close()
	router := mux.NewRouter()
	app.SetRoutes(router)

	// Setup the server
	ts := httptest.NewServer(router)
	defer ts.Close()

	// Create a cluster.  We at least one
	// other node in the same cluster to execute a probe
	err := setupSampleDbWithTopology(app,
		1,     // clusters
		4,     // nodes_per_cluster
		4,     // devices_per_node,
		50*GB, // disksize)
	)
	tests.Assert(t, err == nil)

	// Setup the mock peer probe to fail
	peerprobe_called := false
	peerprobe_calls := 0
	app.xo.MockPeerProbe = func(exec_host, newnode string) error {
		peerprobe_calls++
		peerprobe_called = true
		return errors.New("Mock")
	}

	// Get cluter id
	var clusterlist []string
	err = app.db.View(func(tx *bolt.Tx) error {
		var err error
		clusterlist, err = ClusterList(tx)
		return err
	})
	tests.Assert(t, err == nil)
	tests.Assert(t, len(clusterlist) == 1)
	clusterid := clusterlist[0]

	// Create a node
	request := []byte(`{
		"cluster" : "` + clusterid + `",
		"hostnames" : {
			"storage" : [ "storage.hostname.com" ],
			"manage" : [ "manage.hostname.com"  ]
		},
		"zone" : 1
    }`)

	// Create node
	r, err := http.Post(ts.URL+"/nodes", "application/json", bytes.NewBuffer(request))
	tests.Assert(t, err == nil)
	tests.Assert(t, r.StatusCode == http.StatusAccepted)
	location, err := r.Location()
	tests.Assert(t, err == nil)

	// Since we forced the MockPeerProbe above to fail, the request should fail
	for {
		r, err = http.Get(location.String())
		tests.Assert(t, err == nil)
		if r.Header.Get("X-Pending") == "true" {
			tests.Assert(t, r.StatusCode == http.StatusOK)
			time.Sleep(time.Millisecond * 10)
		} else {
			tests.Assert(t, r.StatusCode == http.StatusInternalServerError)
			s, err := utils.GetStringFromResponse(r)
			tests.Assert(t, err == nil)
			tests.Assert(t, strings.TrimSpace(s) == "Mock")
			tests.Assert(t, peerprobe_called == true)
			tests.Assert(t, peerprobe_calls == 1)
			break
		}
	}

	// Check that the node has not been added to the db
	var nodelist []string
	var cluster *ClusterEntry
	err = app.db.View(func(tx *bolt.Tx) error {
		var err error
		cluster, err = NewClusterEntryFromId(tx, clusterid)
		if err != nil {
			return err
		}

		nodelist = EntryKeys(tx, BOLTDB_BUCKET_NODE)
		return nil
	})
	tests.Assert(t, err == nil)
	tests.Assert(t, len(nodelist) == 4)
	tests.Assert(t, len(cluster.Info.Nodes) == 4)
}
Ejemplo n.º 4
0
func TestNodeAddBadRequests(t *testing.T) {
	tmpfile := tests.Tempfile()
	defer os.Remove(tmpfile)

	// Create the app
	app := NewTestApp(tmpfile)
	defer app.Close()
	router := mux.NewRouter()
	app.SetRoutes(router)

	// Setup the server
	ts := httptest.NewServer(router)
	defer ts.Close()

	// ClusterCreate JSON Request
	request := []byte(`{
		bad json
    }`)

	// Post bad JSON
	r, err := http.Post(ts.URL+"/nodes", "application/json", bytes.NewBuffer(request))
	tests.Assert(t, err == nil)
	tests.Assert(t, r.StatusCode == 422)

	// Make a request without hostnames
	request = []byte(`{
		"cluster" : "123",
		"hostname" : {}
    }`)

	// Post bad JSON
	r, err = http.Post(ts.URL+"/nodes", "application/json", bytes.NewBuffer(request))
	tests.Assert(t, err == nil)
	tests.Assert(t, r.StatusCode == http.StatusBadRequest)

	// Make a request with only manage hostname
	request = []byte(`{
		"cluster" : "123",
		"hostnames" : {
			"manage" : [ "manage.hostname.com" ]
		}
    }`)

	// Post bad JSON
	r, err = http.Post(ts.URL+"/nodes", "application/json", bytes.NewBuffer(request))
	tests.Assert(t, err == nil)
	tests.Assert(t, r.StatusCode == http.StatusBadRequest)

	// Make a request with only storage hostname
	request = []byte(`{
		"cluster" : "123",
		"hostnames" : {
			"storage" : [ "storage.hostname.com" ]
		}
    }`)

	// Post bad JSON
	r, err = http.Post(ts.URL+"/nodes", "application/json", bytes.NewBuffer(request))
	tests.Assert(t, err == nil)
	tests.Assert(t, r.StatusCode == http.StatusBadRequest)

	// Make a request where the hostnames are empty strings
	request = []byte(`{
		"cluster" : "123",
		"hostnames" : {
			"storage" : [ "" ],
			"manage" : [ "" ]
		},
		"zone" : 10
    }`)

	// Check that it returns that the cluster id is not found
	r, err = http.Post(ts.URL+"/nodes", "application/json", bytes.NewBuffer(request))
	tests.Assert(t, err == nil)
	tests.Assert(t, r.StatusCode == http.StatusBadRequest)
	s, err := utils.GetStringFromResponse(r)
	tests.Assert(t, err == nil)
	tests.Assert(t, strings.Contains(s, "empty string"))

	// Make a request where the cluster id does not exist
	request = []byte(`{
		"cluster" : "123",
		"hostnames" : {
			"storage" : [ "storage.hostname.com" ],
			"manage" : [ "manage.hostname.com"  ]
		},
		"zone" : 10
    }`)

	// Check that it returns that the cluster id is not found
	r, err = http.Post(ts.URL+"/nodes", "application/json", bytes.NewBuffer(request))
	tests.Assert(t, err == nil)
	tests.Assert(t, r.StatusCode == http.StatusNotFound, r.StatusCode)
}
Ejemplo n.º 5
0
func TestJwtGarbageToken(t *testing.T) {

	// Setup jwt
	c := &JwtAuthConfig{}
	c.Admin.PrivateKey = "Key"
	c.User.PrivateKey = "UserKey"
	j := NewJwtAuth(c)
	tests.Assert(t, j != nil)

	// Setup middleware framework
	n := negroni.New(j)
	tests.Assert(t, n != nil)

	// Create a simple middleware to check if it was called
	called := false
	mw := func(rw http.ResponseWriter, r *http.Request) {
		called = true
	}
	n.UseHandlerFunc(mw)

	// Create test server
	ts := httptest.NewServer(n)

	// Setup header
	req, err := http.NewRequest("GET", ts.URL, nil)
	tests.Assert(t, err == nil)

	// Miss 'bearer' string
	req.Header.Set("Authorization", "123456770309238402938402398409234")

	// Call
	r, err := http.DefaultClient.Do(req)
	tests.Assert(t, err == nil)
	tests.Assert(t, r.StatusCode == http.StatusBadRequest)
	tests.Assert(t, called == false)

	s, err := utils.GetStringFromResponse(r)
	tests.Assert(t, err == nil)
	tests.Assert(t, strings.Contains(s, "Authorization header format must be Bearer"))

	// Setup header
	req, err = http.NewRequest("GET", ts.URL, nil)
	tests.Assert(t, err == nil)
	req.Header.Set("Authorization", "bearer")

	// Call
	r, err = http.DefaultClient.Do(req)
	tests.Assert(t, err == nil)
	tests.Assert(t, r.StatusCode == http.StatusBadRequest)
	tests.Assert(t, called == false)

	s, err = utils.GetStringFromResponse(r)
	tests.Assert(t, err == nil)
	tests.Assert(t, strings.Contains(s, "Authorization header format must be Bearer"))

	// Setup header
	req, err = http.NewRequest("GET", ts.URL, nil)
	tests.Assert(t, err == nil)
	req.Header.Set("Authorization", "bearer 123456770309238402938402398409234")

	// Call
	r, err = http.DefaultClient.Do(req)
	tests.Assert(t, err == nil)
	tests.Assert(t, r.StatusCode == http.StatusUnauthorized)
	tests.Assert(t, called == false)

	s, err = utils.GetStringFromResponse(r)
	tests.Assert(t, err == nil)
	tests.Assert(t, strings.Contains(s, "token contains an invalid number of segments"))

}
Ejemplo n.º 6
0
func TestJwtInvalidToken(t *testing.T) {

	// Setup jwt
	c := &JwtAuthConfig{}
	c.Admin.PrivateKey = "Key"
	c.User.PrivateKey = "UserKey"
	j := NewJwtAuth(c)
	tests.Assert(t, j != nil)

	// Setup middleware framework
	n := negroni.New(j)
	tests.Assert(t, n != nil)

	// Create a simple middleware to check if it was called
	called := false
	mw := func(rw http.ResponseWriter, r *http.Request) {
		called = true
	}
	n.UseHandlerFunc(mw)

	// Create test server
	ts := httptest.NewServer(n)

	// Create token with missing 'iss' claim
	token := jwt.New(jwt.SigningMethodHS256)
	token.Claims["iat"] = time.Now().Unix()
	token.Claims["exp"] = time.Now().Add(time.Second * 5).Unix()
	tokenString, err := token.SignedString([]byte("Key"))
	tests.Assert(t, err == nil)

	// Setup header
	req, err := http.NewRequest("GET", ts.URL, nil)
	tests.Assert(t, err == nil)

	// Miss 'bearer' string
	req.Header.Set("Authorization", "bearer "+tokenString)
	r, err := http.DefaultClient.Do(req)
	tests.Assert(t, err == nil)
	tests.Assert(t, r.StatusCode == http.StatusUnauthorized)
	tests.Assert(t, called == false)

	s, err := utils.GetStringFromResponse(r)
	tests.Assert(t, err == nil)
	tests.Assert(t, strings.Contains(s, "Token missing iss claim"))

	// Create an expired token
	token = jwt.New(jwt.SigningMethodHS256)
	token.Claims["iat"] = time.Now().Unix()
	token.Claims["exp"] = time.Now().Add(time.Millisecond).Unix()
	token.Claims["iss"] = "admin"
	tokenString, err = token.SignedString([]byte("Key"))
	tests.Assert(t, err == nil)

	// Wait a bit
	time.Sleep(time.Second)

	// Setup header
	req, err = http.NewRequest("GET", ts.URL, nil)
	tests.Assert(t, err == nil)

	// Send request
	req.Header.Set("Authorization", "bearer "+tokenString)
	r, err = http.DefaultClient.Do(req)
	tests.Assert(t, err == nil)
	tests.Assert(t, r.StatusCode == http.StatusUnauthorized)
	tests.Assert(t, called == false)

	s, err = utils.GetStringFromResponse(r)
	tests.Assert(t, err == nil)
	tests.Assert(t, strings.Contains(s, "token is expired"))

	// Create missing 'qsh' claim
	token = jwt.New(jwt.SigningMethodHS256)
	token.Claims["iat"] = time.Now().Unix()
	token.Claims["exp"] = time.Now().Add(time.Second * 10).Unix()
	token.Claims["iss"] = "admin"
	tokenString, err = token.SignedString([]byte("Key"))
	tests.Assert(t, err == nil)

	// Setup header
	req, err = http.NewRequest("GET", ts.URL, nil)
	tests.Assert(t, err == nil)

	// Send request
	req.Header.Set("Authorization", "bearer "+tokenString)
	r, err = http.DefaultClient.Do(req)
	tests.Assert(t, err == nil)
	tests.Assert(t, r.StatusCode == http.StatusUnauthorized)
	tests.Assert(t, called == false)

	s, err = utils.GetStringFromResponse(r)
	tests.Assert(t, err == nil)
	tests.Assert(t, strings.Contains(s, "Invalid qsh claim in token"))

	// Create an invalid 'qsh' claim
	token = jwt.New(jwt.SigningMethodHS256)
	token.Claims["iat"] = time.Now().Unix()
	token.Claims["exp"] = time.Now().Add(time.Second * 10).Unix()
	token.Claims["iss"] = "admin"
	token.Claims["qsh"] = "12343345678945678a"
	tokenString, err = token.SignedString([]byte("Key"))
	tests.Assert(t, err == nil)

	// Setup header
	req, err = http.NewRequest("GET", ts.URL, nil)
	tests.Assert(t, err == nil)

	// Send request
	req.Header.Set("Authorization", "bearer "+tokenString)
	r, err = http.DefaultClient.Do(req)
	tests.Assert(t, err == nil)
	tests.Assert(t, r.StatusCode == http.StatusUnauthorized)
	tests.Assert(t, called == false)

	s, err = utils.GetStringFromResponse(r)
	tests.Assert(t, err == nil)
	tests.Assert(t, strings.Contains(s, "Invalid qsh claim in token"))

}