Example #1
func TestAddHub(t *testing.T) {
	// setup DB
	db := testhelpers.SetupDB(t)
	defer db.Close()

	// setup server
	ts, err := setupServerHub(db, []byte("secret"))
	if err != nil {
	defer ts.Close()

	// create a user
	u := &data.User{
		Username: "******",
		Email:    "*****@*****.**",
	if err := u.EncryptPassword("password"); err != nil {
	if err = u.Insert(db); err != nil {

	// create a token for the user
	tok := data.Token{
		UserID:    u.ID,
		ExpiresIn: (30 * 24 * time.Hour).Nanoseconds(), // 30 days
	if err := tok.Insert(db); err != nil {

	// get the encoded JSON Web Token
	jwt, err := tok.EncodeJWT([]byte("secret"))
	if err != nil {

	hub := data.Hub{
		Slug:   "1234",
		UserID: u.ID,
	if err := hub.Insert(db); err != nil {

	type testCase struct {
		path       string
		statusCode int
		body       string

	// test when valid params are provided
	spath := "?slug=abcd&access_token=" + jwt
	res, err := http.Get(ts.URL + "/api/v0/hub" + spath)
	if err != nil {
	if res.StatusCode != http.StatusOK {
		t.Errorf("%s - Expected status code %v, Got %v", spath, http.StatusOK, res.StatusCode)
	b, err := ioutil.ReadAll(res.Body)
	if err != nil {
	h := data.Hub{}
	if err := json.Unmarshal(b, &h); err != nil {
		t.Errorf("%s - Expected response body to be %+v, Got %s", spath, h, b)

	tCases := []testCase{
		// when slug param is missing
		{"?access_token=" + jwt, http.StatusBadRequest, `{"error":"invalid_request","error_description":"slug required"}`},

		// when access_token param is missing
		{"?slug=abcd", http.StatusUnauthorized, `{"error":"invalid_token","error_description":"no token present in request"}`},

		// when trying to add existing hub
		{"?slug=1234&access_token=" + jwt, http.StatusBadRequest, `{"error":"unique_violation","error_description":"hub exists"}`},
	for _, tc := range tCases {
		res, err := http.Get(ts.URL + "/api/v0/hub" + tc.path)
		if err != nil {
		if res.StatusCode != tc.statusCode {
			t.Errorf("%s - Expected status code %v, Got %v", tc.path, tc.statusCode, res.StatusCode)
		b, err := ioutil.ReadAll(res.Body)
		if err != nil {

		if body := string(b); body != tc.body {
			t.Errorf("%s - Expected response body to be %v, Got %v", tc.path, tc.body, body)
Example #2
func TestShowHub(t *testing.T) {
	// setup DB
	db := testhelpers.SetupDB(t)
	defer db.Close()

	// setup server
	ts, err := setupServerHub(db, []byte("secret"))
	if err != nil {
	defer ts.Close()

	// create a user
	u := &data.User{
		Username: "******",
		Email:    "*****@*****.**",
	if err := u.EncryptPassword("password"); err != nil {
	if err = u.Insert(db); err != nil {

	// create a token for the user
	tok := data.Token{
		UserID:    u.ID,
		ExpiresIn: (30 * 24 * time.Hour).Nanoseconds(), // 30 days
	if err := tok.Insert(db); err != nil {

	// get the encoded JSON Web Token
	jwt, err := tok.EncodeJWT([]byte("secret"))
	if err != nil {

	hub := data.Hub{
		Slug:   "abcd",
		UserID: u.ID,
	if err := hub.Insert(db); err != nil {

	type testCase struct {
		path       string
		statusCode int
		body       string

	tCases := []testCase{
		// when valid params are provided
		{"?access_token=" + jwt, http.StatusOK, `{"hub":["abcd"]}`},

		// when access_token param is missing
		{"?" + jwt, http.StatusUnauthorized, `{"error":"invalid_token","error_description":"no token present in request"}`},
	for _, tc := range tCases {
		res, err := http.Post(ts.URL+"/api/v0/hub"+tc.path, "", nil)
		if err != nil {
		if res.StatusCode != tc.statusCode {
			t.Errorf("%s - Expected status code %v, Got %v", tc.path, tc.statusCode, res.StatusCode)
		b, err := ioutil.ReadAll(res.Body)
		if err != nil {

		if body := string(b); body != tc.body {
			t.Errorf("%s - Expected response body to be %v, Got %v", tc.path, tc.body, body)
Example #3
func TestUserToken(t *testing.T) {
	// setup DB
	db := testhelpers.SetupDB(t)
	defer db.Close()

	// setup server
	ts, err := setupServerUser(db, []byte("secret"))
	if err != nil {
	defer ts.Close()

	// create a user
	u := &data.User{
		Username: "******",
		Email:    "*****@*****.**",
	if err := u.EncryptPassword("password"); err != nil {
	if err = u.Insert(db); err != nil {

	tok := data.Token{
		UserID:    u.ID,
		ExpiresIn: (30 * 24 * time.Hour).Nanoseconds(), // 30 days
	if err := tok.Insert(db); err != nil {

	//	// get the encoded JSON Web Token
	//	jwt, err := tok.EncodeJWT([]byte("secret"))
	//	if err != nil {
	//		t.Fatal(err)
	//	}

	type testCase struct {
		path       string
		statusCode int
		body       string

	tCases := []testCase{
		// when valid params are provided
		// FIXME: find out why signature in jwt is different from response
		//		{"?grant_type=password&login=foo&password=password", http.StatusOK, `{"access_token":` + jwt + `","token_type":"bearer","expires_in":"720h0m0s"}`},

		// when grant_type param is invalid/missing
		{"?login=foo&password=password", http.StatusBadRequest, `{"error":"unsupported_grant_type","error_description":"supports only password grant type"}`},

		// when login param is missing
		{"?grant_type=password&password=password", http.StatusBadRequest, `{"error":"invalid_request","error_description":"login required"}`},

		// when password param is missing
		{"?grant_type=password&login=foo", http.StatusBadRequest, `{"error":"invalid_request","error_description":"password required"}`},

		// when password value is incorrect
		{"?grant_type=password&login=foo&password=abcd", http.StatusBadRequest, `{"error":"invalid_grant","error_description":"failed to authenticate user"}`},

		// when login value is incorrect
		{"?grant_type=password&login=bar&password=password", http.StatusBadRequest, `{"error":"invalid_grant","error_description":"user not found"}`},

	for _, tc := range tCases {
		res, err := http.Post(ts.URL+"/oauth/token"+tc.path, "", nil)
		if err != nil {
		if res.StatusCode != tc.statusCode {
			t.Errorf("%s - Expected status code %v, Got %v", tc.path, tc.statusCode, res.StatusCode)
		b, err := ioutil.ReadAll(res.Body)
		if err != nil {

		if body := string(b); body != tc.body {
			t.Errorf("%s - Expected response body to be %v, Got %v", tc.path, tc.body, body)
Example #4
func TestAuthToken(t *testing.T) {
	// setup DB
	db := testhelpers.SetupDB(t)
	defer db.Close()

	// setup server
	ts, err := setupServer(db, []byte("secret"))
	if err != nil {
	defer ts.Close()

	// create a user
	u := &data.User{
		Username: "******",
		Email:    "*****@*****.**",
	if err := u.EncryptPassword("password"); err != nil {
	if err = u.Insert(db); err != nil {

	// create a token for the user
	tok := data.Token{
		UserID:    u.ID,
		ExpiresIn: (30 * 24 * time.Hour).Nanoseconds(), // 30 days
	if err := tok.Insert(db); err != nil {

	// get the encoded JSON Web Token
	jwt, err := tok.EncodeJWT([]byte("secret"))
	if err != nil {

	type testCase struct {
		path       string
		statusCode int
		body       string

	tCases := []testCase{
		// when access token not provided
		{"hub", http.StatusUnauthorized, `{"error":"invalid_token","error_description":"no token present in request"}`},

		// when access token is invalid
		{"hub?access_token=invalid", http.StatusUnauthorized, `{"error":"invalid_token","error_description":"token contains an invalid number of segments"}`},

		// // when access token is not properly scoped
		// // fixme currently valid scopes are ["user", "hub", "app"]
		// {"admin?access_token=" + jwt, http.statusforbidden, `{"error":"invalid_scope","error_description":"token is not valid for this scope"}`},

		// when a valid token is provided
		{"hub?access_token=" + jwt, http.StatusOK, `{"status":"ok"}`},

		// when access token is revoked
		// TODO
	for _, tc := range tCases {
		res, err := http.Get(ts.URL + path.Join("/api/v0", tc.path))
		if err != nil {
		if res.StatusCode != tc.statusCode {
			t.Errorf("%s - Expected status code %v, Got %v", tc.path, tc.statusCode, res.StatusCode)
		b, err := ioutil.ReadAll(res.Body)
		if err != nil {
		if body := string(b); body != tc.body {
			t.Errorf("%s - Expected response body to be %v, Got %v", tc.path, tc.body, body)
Example #5
File: user.go Project: jhbsz/cloud
// POST /oauth/token
// Params: grant_type, login, password
// Requires a tokenSecret to be set in context
func UserToken(w http.ResponseWriter, r *http.Request, c router.Context) error {
	db, ok := c.Meta["db"].(*sqlx.DB)
	if !ok {
		return errors.New("db not set in context")
	tokenSecret, ok := c.Meta["tokenSecret"].([]byte)
	if !ok {
		return errors.New("token secret not set in context")

	if r.FormValue("grant_type") != "password" {
		return res.BadRequest(w, res.ErrorMsg{"unsupported_grant_type", "supports only password grant type"})

	login := r.FormValue("login")
	if login == "" {
		return res.BadRequest(w, res.ErrorMsg{"invalid_request", "login required"})

	password := r.FormValue("password")
	if password == "" {
		return res.BadRequest(w, res.ErrorMsg{"invalid_request", "password required"})

	u := data.User{}
	if err := u.GetByLogin(db, login); err != nil {
		if e, ok := err.(*data.Error); ok {
			return res.BadRequest(w, res.ErrorMsg{"invalid_grant", e.Desc})
		return err

	if !u.VerifyPassword(password) {
		return res.BadRequest(w, res.ErrorMsg{"invalid_grant", "failed to authenticate user"})

	// Since all is well, generate token and add to database
	t := data.Token{
		UserID:    u.ID,
		ExpiresIn: (30 * 24 * time.Hour).Nanoseconds(), // 30 days
	if err := t.Insert(db); err != nil {
		return err

	// get the encoded JSON Web token
	jwt, err := t.EncodeJWT(tokenSecret)
	if err != nil {
		return err

	// prepare oAuth2 access token payload
	payload := struct {
		AccessToken string `json:"access_token"`
		TokenType   string `json:"token_type"`
		ExpiresIn   string `json:"expires_in"`

	return res.OK(w, payload)