/
cookieauth_test.go
52 lines (49 loc) · 1.7 KB
/
cookieauth_test.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
package cookieauth
import (
"net/http"
"net/http/httptest"
"testing"
"github.com/gavv/httpexpect"
)
func TestAll(t *testing.T) {
//secret handler
handler := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
w.Write([]byte(`hello world`))
})
token := "session"
//protect with cookieauth
ca := New()
ca.SetID(token)
ca.SetUserPass("foo", "bar")
//ca.SetLogger(log.New(os.Stdout, "", log.LstdFlags))
protected := ca.Wrap(handler)
//start server
server := httptest.NewServer(protected)
defer server.Close()
//example cookie without an expiry
legacyCookie := "MTYzODQkOCQxJDdmODJiZDc0YjBjNmYxZGVkMGFiMWYyMDQ4ZjRjN2ZhJDg4OTFkZTBkZmJkNTY0ZTU5ZGI0ZmIwZDYwNWE2NWIwNWE3MmM3YTJhNTk3OWM5Mzc2YTc5ZWJlZWZhNjE2NTk="
//begin
e := httpexpect.New(t, server.URL)
e.GET("/").
Expect().Status(http.StatusUnauthorized)
e.GET("/").WithBasicAuth("bazz", "bar").
Expect().Status(http.StatusUnauthorized)
c := e.GET("/").WithBasicAuth("foo", "bar").
Expect().Status(http.StatusOK).Cookie(token)
e.GET("/").WithCookie(token, "incorrect").
Expect().Status(http.StatusUnauthorized).
Header("Set-Cookie").Equal("session=; Max-Age=0")
e.GET("/").WithCookie(token, c.Value().Raw()).
Expect().Status(http.StatusOK).
Header("Set-Cookie").Empty()
e.GET("/").WithCookie(token, legacyCookie).
Expect().Status(http.StatusOK).
Header("Set-Cookie").NotEmpty() //legacy tokens have no expiry and so a new cookie must be set
ca.SetUserPass("zip", "zop")
e.GET("/").WithCookie(token, c.Value().Raw()).
Expect().Status(http.StatusUnauthorized)
c = e.GET("/").WithBasicAuth("zip", "zop").
Expect().Status(http.StatusOK).Cookie(token)
e.GET("/").WithCookie(token, c.Value().Raw()).
Expect().Status(http.StatusOK)
}