// TestNoSession tests when a nil session is used.
func TestNoSession(t *testing.T) {
tests.ResetLog()
defer tests.DisplayLog()
t.Log("Given the need to test calls with a bad session.")
{
t.Log("\tWhen using a nil session")
{
if _, err := session.Create(tests.Context, nil, publicID, 10*time.Second); err == nil {
t.Errorf("\t%s\tShould Not be able to create a session.", tests.Failed)
} else {
t.Logf("\t%s\tShould Not be able to create a session.", tests.Success)
}
if _, err := session.GetBySessionID(tests.Context, nil, "NOT EXISTS"); err == nil {
t.Errorf("\t%s\tShould Not be able to retrieve the session.", tests.Failed)
} else {
t.Logf("\t%s\tShould Not be able to retrieve the session.", tests.Success)
}
if _, err := session.GetByLatest(tests.Context, nil, publicID); err == nil {
t.Errorf("\t%s\tShould Not be able to retrieve the session.", tests.Failed)
} else {
t.Logf("\t%s\tShould Not be able to retrieve the session.", tests.Success)
}
}
}
}
// TestCreate tests the creation of sessions.
func TestCreate(t *testing.T) {
tests.ResetLog()
defer tests.DisplayLog()
db, err := db.NewMGO(tests.Context, tests.TestSession)
if err != nil {
t.Fatalf("\t%s\tShould be able to get a Mongo session : %v", tests.Failed, err)
}
defer db.CloseMGO(tests.Context)
defer func() {
if err := removeSessions(db); err != nil {
t.Errorf("\t%s\tShould be able to remove all sessions : %v", tests.Failed, err)
}
t.Logf("\t%s\tShould be able to remove all sessions.", tests.Success)
}()
t.Log("Given the need to create sessions in the DB.")
{
t.Logf("\tWhen using PublicID %s", publicID)
{
if err := removeSessions(db); err != nil {
t.Fatalf("\t%s\tShould be able to remove all sessions : %v", tests.Failed, err)
}
t.Logf("\t%s\tShould be able to remove all sessions.", tests.Success)
s1, err := session.Create(tests.Context, db, publicID, 10*time.Second)
if err != nil {
t.Fatalf("\t%s\tShould be able to create a session : %v", tests.Failed, err)
}
t.Logf("\t%s\tShould be able to create a session.", tests.Success)
s2, err := session.GetBySessionID(tests.Context, db, s1.SessionID)
if err != nil {
t.Fatalf("\t%s\tShould be able to retrieve the session : %v", tests.Failed, err)
}
t.Logf("\t%s\tShould be able to retrieve the session.", tests.Success)
if s1.SessionID != s2.SessionID {
t.Fatalf("\t%s\tShould be able to get back the same session.", tests.Failed)
} else {
t.Logf("\t%s\tShould be able to get back the same session.", tests.Success)
}
if s1.PublicID != s2.PublicID {
t.Fatalf("\t%s\tShould be able to get back the same user.", tests.Failed)
} else {
t.Logf("\t%s\tShould be able to get back the same user.", tests.Success)
}
}
}
}
// TestGetNotFound tests when a session is not found.
func TestGetNotFound(t *testing.T) {
tests.ResetLog()
defer tests.DisplayLog()
db := db.NewMGO()
defer db.CloseMGO()
t.Log("Given the need to test finding a session and it is not found.")
{
t.Logf("\tWhen using SessionID %s", "NOT EXISTS")
{
if _, err := session.GetBySessionID(tests.Context, db, "NOT EXISTS"); err == nil {
t.Fatalf("\t%s\tShould Not be able to retrieve the session.", tests.Failed)
}
t.Logf("\t%s\tShould Not be able to retrieve the session.", tests.Success)
}
}
}
// ValidateWebToken accepts a web token and validates its credibility. Returns
// a User value is the token is valid.
func ValidateWebToken(context interface{}, db *db.DB, webToken string) (*User, error) {
log.Dev(context, "ValidateWebToken", "Started : WebToken[%s]", webToken)
// Extract the sessionID and token from the web token.
sessionID, token, err := DecodeWebToken(context, webToken)
if err != nil {
log.Error(context, "ValidateWebToken", err, "Completed")
return nil, err
}
// Find the session in the database.
s, err := session.GetBySessionID(context, db, sessionID)
if err != nil {
log.Error(context, "ValidateWebToken", err, "Completed")
return nil, err
}
// Validate the session has not expired.
if s.IsExpired(context) {
err := errors.New("Expired token")
log.Error(context, "ValidateWebToken", err, "Completed")
return nil, err
}
// Pull the user for this session.
u, err := GetUserByPublicID(context, db, s.PublicID, true)
if err != nil {
log.Error(context, "ValidateWebToken", err, "Completed")
return nil, err
}
// Validate the token against this user.
if err := crypto.IsTokenValid(u, token); err != nil {
log.Error(context, "ValidateWebToken", err, "Completed")
return nil, err
}
log.Dev(context, "ValidateWebToken", "Completed : PublicID[%s]", u.PublicID)
return u, nil
}
// TestCreateWebToken tests create a web token and a pairing session.
func TestCreateWebToken(t *testing.T) {
tests.ResetLog()
defer tests.DisplayLog()
db, err := db.NewMGO(tests.Context, tests.TestSession)
if err != nil {
t.Fatalf("\t%s\tShould be able to get a Mongo session : %v", tests.Failed, err)
}
defer db.CloseMGO(tests.Context)
var publicID string
defer func() {
if err := removeUser(db, publicID); err != nil {
t.Fatalf("\t%s\tShould be able to remove the test user : %v", tests.Failed, err)
}
t.Logf("\t%s\tShould be able to remove the test user.", tests.Success)
}()
t.Log("Given the need to create a web token.")
{
t.Log("\tWhen using a new user.")
{
u1, err := auth.NewUser(auth.NUser{
Status: auth.StatusActive,
FullName: "Test Kennedy",
Email: "*****@*****.**",
Password: "******",
})
if err != nil {
t.Fatalf("\t%s\tShould be able to build a new user : %v", tests.Failed, err)
}
t.Logf("\t%s\tShould be able to build a new user.", tests.Success)
if err := auth.CreateUser(tests.Context, db, u1); err != nil {
t.Fatalf("\t%s\tShould be able to create a user : %v", tests.Failed, err)
}
t.Logf("\t%s\tShould be able to create a user.", tests.Success)
// We need to do this so we can clean up after.
publicID = u1.PublicID
webTok, err := auth.CreateWebToken(tests.Context, db, u1, time.Second)
if err != nil {
t.Fatalf("\t%s\tShould be able to create a web token : %v", tests.Failed, err)
}
t.Logf("\t%s\tShould be able to create a web token.", tests.Success)
sId, _, err := auth.DecodeWebToken(tests.Context, webTok)
if err != nil {
t.Fatalf("\t%s\tShould be able to decode the web token : %v", tests.Failed, err)
}
t.Logf("\t%s\tShould be able to decode the web token.", tests.Success)
s2, err := session.GetBySessionID(tests.Context, db, sId)
if err != nil {
t.Fatalf("\t%s\tShould be able to retrieve the session : %v", tests.Failed, err)
}
t.Logf("\t%s\tShould be able to retrieve the session.", tests.Success)
u2, err := auth.GetUserByPublicID(tests.Context, db, u1.PublicID, true)
if err != nil {
t.Fatalf("\t%s\tShould be able to retrieve the user by PublicID : %v", tests.Failed, err)
}
t.Logf("\t%s\tShould be able to retrieve the user by PublicID.", tests.Success)
if u2.PublicID != s2.PublicID {
t.Fatalf("\t%s\tShould have the right session for user.", tests.Failed)
t.Log(u2.PublicID)
t.Log(s2.PublicID)
}
t.Logf("\t%s\tShould have the right session for user.", tests.Success)
webTok2, err := u2.WebToken(sId)
if err != nil {
t.Fatalf("\t%s\tShould be able to create a new web token : %v", tests.Failed, err)
}
t.Logf("\t%s\tShould be able to create a web new token.", tests.Success)
if webTok != webTok2 {
t.Log(webTok)
t.Log(webTok2)
t.Fatalf("\t%s\tShould be able to create the same web token.", tests.Failed)
}
t.Logf("\t%s\tShould be able to create the same web token.", tests.Success)
u3, err := auth.ValidateWebToken(tests.Context, db, webTok2)
if err != nil {
t.Fatalf("\t%s\tShould be able to validate the new web token : %v", tests.Failed, err)
}
t.Logf("\t%s\tShould be able to validate the new web token.", tests.Success)
if u1.PublicID != u3.PublicID {
t.Log(u1.PublicID)
t.Log(u3.PublicID)
t.Fatalf("\t%s\tShould have the right user for the token.", tests.Failed)
}
t.Logf("\t%s\tShould have the right user for the token.", tests.Success)
webTok3, err := auth.GetUserWebToken(tests.Context, db, u2.PublicID)
if err != nil {
t.Fatalf("\t%s\tShould be able to get the web token : %v", tests.Failed, err)
}
t.Logf("\t%s\tShould be able to get the web token.", tests.Success)
if webTok3 != webTok2 {
t.Log(webTok3)
t.Log(webTok2)
t.Fatalf("\t%s\tShould match existing tokens.", tests.Failed)
}
t.Logf("\t%s\tShould match existing tokens.", tests.Success)
}
}
}