func TestGetDeleted(t *testing.T) {
db := setupTestDB(t)
defer tearDownTestDB(t, db)
body := Body{"key1": 1234}
rev1id, err := db.Put("doc1", body)
assertNoError(t, err, "Put")
rev2id, err := db.DeleteDoc("doc1", rev1id)
assertNoError(t, err, "DeleteDoc")
// Get the deleted doc with its history; equivalent to GET with ?revs=true
body, err = db.GetRev("doc1", rev2id, true, nil)
assertNoError(t, err, "GetRev")
expectedResult := Body{
"_id": "doc1",
"_rev": rev2id,
"_deleted": true,
"_revisions": Body{"start": 2, "ids": []string{"bc6d97f6e97c0d034a34f8aac2bf8b44", "dfd5e19813767eeddd08270fc5f385cd"}},
}
assert.DeepEquals(t, body, expectedResult)
// Try again but with a user who doesn't have access to this revision (see #179)
authenticator := auth.NewAuthenticator(db.Bucket, db)
db.user, err = authenticator.GetUser("")
assertNoError(t, err, "GetUser")
db.user.SetExplicitChannels(nil)
body, err = db.GetRev("doc1", rev2id, true, nil)
assertNoError(t, err, "GetRev")
assert.DeepEquals(t, body, expectedResult)
}
func TestUpdateDesignDoc(t *testing.T) {
db := setupTestDB(t)
defer tearDownTestDB(t, db)
err := db.PutDesignDoc("official", DesignDoc{})
assertNoError(t, err, "add design doc as admin")
authenticator := auth.NewAuthenticator(db.Bucket, db)
db.user, _ = authenticator.NewUser("naomi", "letmein", channels.SetOf("Netflix"))
err = db.PutDesignDoc("_design/pwn3d", DesignDoc{})
assertHTTPError(t, err, 403)
}
func CouchbaseTestAccessFunctionWithVbuckets(t *testing.T) {
//base.LogKeys["CRUD"] = true
//base.LogKeys["Access"] = true
db := setupTestDB(t)
defer tearDownTestDB(t, db)
db.SequenceType = ClockSequenceType
authenticator := auth.NewAuthenticator(db.Bucket, db)
var err error
db.ChannelMapper = channels.NewChannelMapper(`function(doc){access(doc.users,doc.userChannels);}`)
user, _ := authenticator.NewUser("bernard", "letmein", channels.SetOf("Netflix"))
assertNoError(t, authenticator.Save(user), "Save")
body := Body{"users": []string{"bernard"}, "userChannels": []string{"ABC"}}
_, err = db.Put("doc1", body)
assertNoError(t, err, "")
time.Sleep(100 * time.Millisecond)
user, err = authenticator.GetUser("bernard")
assertNoError(t, err, "GetUser")
expected := channels.TimedSetFromString("ABC:5.1,Netflix:1,!:1")
assert.DeepEquals(t, user.Channels(), expected)
body = Body{"users": []string{"bernard"}, "userChannels": []string{"NBC"}}
_, err = db.Put("doc2", body)
assertNoError(t, err, "")
time.Sleep(100 * time.Millisecond)
user, err = authenticator.GetUser("bernard")
assertNoError(t, err, "GetUser")
expected = channels.TimedSetFromString("ABC:5.1,NBC:12.1,Netflix:1,!:1")
assert.DeepEquals(t, user.Channels(), expected)
// Have another doc assign a new channel, and one of the previously present channels
body = Body{"users": []string{"bernard"}, "userChannels": []string{"ABC", "PBS"}}
_, err = db.Put("doc3", body)
assertNoError(t, err, "")
time.Sleep(100 * time.Millisecond)
user, err = authenticator.GetUser("bernard")
assertNoError(t, err, "GetUser")
expected = channels.TimedSetFromString("ABC:5.1,NBC:12.1,PBS:11.1,Netflix:1,!:1")
assert.DeepEquals(t, user.Channels(), expected)
}
func TestSessionExtension(t *testing.T) {
var rt restTester
a := auth.NewAuthenticator(rt.bucket(), nil)
user, err := a.GetUser("")
assert.Equals(t, err, nil)
user.SetDisabled(true)
err = a.Save(user)
assert.Equals(t, err, nil)
user, err = a.GetUser("")
assert.Equals(t, err, nil)
assert.True(t, user.Disabled())
log.Printf("hello")
response := rt.sendRequest("PUT", "/db/doc", `{"hi": "there"}`)
assertStatus(t, response, 401)
user, err = a.NewUser("pupshaw", "letmein", channels.SetOf("*"))
a.Save(user)
assertStatus(t, rt.sendAdminRequest("GET", "/db/_session", ""), 200)
response = rt.sendAdminRequest("POST", "/db/_session", `{"name":"pupshaw", "ttl":10}`)
assertStatus(t, response, 200)
var body db.Body
json.Unmarshal(response.Body.Bytes(), &body)
sessionId := body["session_id"].(string)
sessionExpiration := body["expires"].(string)
assert.True(t, sessionId != "")
assert.True(t, sessionExpiration != "")
assert.True(t, body["cookie_name"].(string) == "SyncGatewaySession")
reqHeaders := map[string]string{
"Cookie": "SyncGatewaySession=" + body["session_id"].(string),
}
response = rt.sendRequestWithHeaders("PUT", "/db/doc1", `{"hi": "there"}`, reqHeaders)
assertStatus(t, response, 201)
assert.True(t, response.Header().Get("Set-Cookie") == "")
//Sleep for 2 seconds, this will ensure 10% of the 100 seconds session ttl has elapsed and
//should cause a new Cookie to be sent by the server with the same session ID and an extended expiration date
time.Sleep(2 * time.Second)
response = rt.sendRequestWithHeaders("PUT", "/db/doc2", `{"hi": "there"}`, reqHeaders)
assertStatus(t, response, 201)
assert.True(t, response.Header().Get("Set-Cookie") != "")
}
//Test that TTL values greater than the default max offset TTL 2592000 seconds are processed correctly
// fixes #974
func TestSessionTtlGreaterThan30Days(t *testing.T) {
var rt restTester
a := auth.NewAuthenticator(rt.bucket(), nil)
user, err := a.GetUser("")
assert.Equals(t, err, nil)
user.SetDisabled(true)
err = a.Save(user)
assert.Equals(t, err, nil)
user, err = a.GetUser("")
assert.Equals(t, err, nil)
assert.True(t, user.Disabled())
response := rt.sendRequest("PUT", "/db/doc", `{"hi": "there"}`)
assertStatus(t, response, 401)
user, err = a.NewUser("pupshaw", "letmein", channels.SetOf("*"))
a.Save(user)
//create a session with the maximum offset ttl value (30days) 2592000 seconds
response = rt.sendAdminRequest("POST", "/db/_session", `{"name":"pupshaw", "ttl":2592000}`)
assertStatus(t, response, 200)
layout := "2006-01-02T15:04:05"
var body db.Body
json.Unmarshal(response.Body.Bytes(), &body)
log.Printf("expires %s", body["expires"].(string))
expires, err := time.Parse(layout, body["expires"].(string)[:19])
assert.Equals(t, err, nil)
//create a session with a ttl value one second greater thatn the max offset ttl 2592001 seconds
response = rt.sendAdminRequest("POST", "/db/_session", `{"name":"pupshaw", "ttl":2592001}`)
assertStatus(t, response, 200)
body = nil
json.Unmarshal(response.Body.Bytes(), &body)
log.Printf("expires2 %s", body["expires"].(string))
expires2, err := time.Parse(layout, body["expires"].(string)[:19])
assert.Equals(t, err, nil)
//Allow a ten second drift between the expires dates, to pass test on slow servers
acceptableTimeDelta := time.Duration(10) * time.Second
//The difference between the two expires dates should be less than the acceptable time delta
assert.True(t, expires2.Sub(expires) < acceptableTimeDelta)
}
func TestAccessFunction(t *testing.T) {
/*
var logKeys = map[string]bool {
"CRUD": true,
"Access": true,
}
base.UpdateLogKeys(logKeys, true)
*/
db := setupTestDB(t)
defer tearDownTestDB(t, db)
authenticator := auth.NewAuthenticator(db.Bucket, db)
var err error
db.ChannelMapper = channels.NewChannelMapper(`function(doc){access(doc.users,doc.userChannels);}`)
user, _ := authenticator.NewUser("naomi", "letmein", channels.SetOf("Netflix"))
user.SetExplicitRoles(channels.TimedSet{"animefan": channels.NewVbSimpleSequence(1), "tumblr": channels.NewVbSimpleSequence(1)})
assertNoError(t, authenticator.Save(user), "Save")
body := Body{"users": []string{"naomi"}, "userChannels": []string{"Hulu"}}
_, err = db.Put("doc1", body)
assertNoError(t, err, "")
body = Body{"users": []string{"role:animefan"}, "userChannels": []string{"CrunchyRoll"}}
_, err = db.Put("doc2", body)
assertNoError(t, err, "")
// Create the role _after_ creating the documents, to make sure the previously-indexed access
// privileges are applied.
role, _ := authenticator.NewRole("animefan", nil)
authenticator.Save(role)
user, err = authenticator.GetUser("naomi")
assertNoError(t, err, "GetUser")
expected := channels.AtSequence(channels.SetOf("Hulu", "Netflix", "!"), 1)
assert.DeepEquals(t, user.Channels(), expected)
expected.AddChannel("CrunchyRoll", 2)
assert.DeepEquals(t, user.InheritedChannels(), expected)
}
func (context *DatabaseContext) Authenticator() *auth.Authenticator {
// Authenticators are lightweight & stateless, so it's OK to return a new one every time
return auth.NewAuthenticator(context.Bucket, context)
}
