func (s *S) TestCreateTokenRemoveOldTokens(c *check.C) {
config.Set("auth:max-simultaneous-sessions", 2)
u := auth.User{Email: "*****@*****.**", Password: "******"}
_, err := nativeScheme.Create(&u)
c.Assert(err, check.IsNil)
defer u.Delete()
defer s.conn.Tokens().RemoveAll(bson.M{"useremail": u.Email})
t1, err := newUserToken(&u)
c.Assert(err, check.IsNil)
t2 := t1
t2.Token += "aa"
err = s.conn.Tokens().Insert(t1, t2)
_, err = createToken(&u, "123456")
c.Assert(err, check.IsNil)
ok := make(chan bool, 1)
go func() {
for {
ct, err := s.conn.Tokens().Find(bson.M{"useremail": u.Email}).Count()
c.Assert(err, check.IsNil)
if ct == 2 {
ok <- true
return
}
runtime.Gosched()
}
}()
select {
case <-ok:
case <-time.After(2e9):
c.Fatal("Did not remove old tokens after 2 seconds")
}
}
func (s *OAuthScheme) Remove(u *auth.User) error {
err := deleteAllTokens(u.Email)
if err != nil {
return err
}
return u.Delete()
}
func (s *S) TestCreateTokenShouldValidateThePassword(c *check.C) {
u := auth.User{Email: "*****@*****.**", Password: "******"}
_, err := nativeScheme.Create(&u)
c.Assert(err, check.IsNil)
defer u.Delete()
_, err = createToken(&u, "123")
c.Assert(err, check.NotNil)
}
func (s *S) TestPasswordTokenUser(c *check.C) {
u := auth.User{Email: "*****@*****.**", Password: "******"}
err := u.Create()
c.Assert(err, check.IsNil)
defer u.Delete()
t, err := createPasswordToken(&u)
c.Assert(err, check.IsNil)
u2, err := t.user()
c.Assert(err, check.IsNil)
c.Assert(*u2, check.DeepEquals, u)
}
func (s *S) TestCreateTokenShouldSaveTheTokenInTheDatabase(c *check.C) {
u := auth.User{Email: "*****@*****.**", Password: "******"}
_, err := nativeScheme.Create(&u)
c.Assert(err, check.IsNil)
defer u.Delete()
_, err = createToken(&u, "123456")
c.Assert(err, check.IsNil)
var result Token
err = s.conn.Tokens().Find(bson.M{"useremail": u.Email}).One(&result)
c.Assert(err, check.IsNil)
c.Assert(result.Token, check.NotNil)
}
func (s *S) TestResetPasswordThirdToken(c *check.C) {
scheme := NativeScheme{}
u := auth.User{Email: "*****@*****.**"}
err := u.Create()
c.Assert(err, check.IsNil)
defer u.Delete()
t, err := createPasswordToken(&u)
c.Assert(err, check.IsNil)
defer s.conn.PasswordTokens().Remove(bson.M{"_id": t.Token})
u2 := auth.User{Email: "*****@*****.**"}
err = scheme.ResetPassword(&u2, t.Token)
c.Assert(err, check.Equals, auth.ErrInvalidToken)
}
func (s *S) TestCreateTokenUsesDefaultCostWhenHasCostIsUndefined(c *check.C) {
err := config.Unset("auth:hash-cost")
c.Assert(err, check.IsNil)
defer config.Set("auth:hash-cost", bcrypt.MinCost)
u := auth.User{Email: "*****@*****.**", Password: "******"}
_, err = nativeScheme.Create(&u)
c.Assert(err, check.IsNil)
defer u.Delete()
cost = 0
tokenExpire = 0
_, err = createToken(&u, "123456")
c.Assert(err, check.IsNil)
}
func (s *S) TestResetPassword(c *check.C) {
scheme := NativeScheme{}
defer s.server.Reset()
u := auth.User{Email: "*****@*****.**"}
err := u.Create()
c.Assert(err, check.IsNil)
defer u.Delete()
p := u.Password
err = scheme.StartPasswordReset(&u)
c.Assert(err, check.IsNil)
err = tsurutest.WaitCondition(time.Second, func() bool {
s.server.RLock()
defer s.server.RUnlock()
return len(s.server.MailBox) == 1
})
c.Assert(err, check.IsNil)
var token passwordToken
err = s.conn.PasswordTokens().Find(bson.M{"useremail": u.Email}).One(&token)
c.Assert(err, check.IsNil)
err = scheme.ResetPassword(&u, token.Token)
c.Assert(err, check.IsNil)
u2, _ := auth.GetUserByEmail(u.Email)
c.Assert(u2.Password, check.Not(check.Equals), p)
var m authtest.Mail
err = tsurutest.WaitCondition(time.Second, func() bool {
s.server.RLock()
defer s.server.RUnlock()
if len(s.server.MailBox) != 2 {
return false
}
m = s.server.MailBox[1]
return true
})
c.Assert(err, check.IsNil)
c.Assert(m.From, check.Equals, "root")
c.Assert(m.To, check.DeepEquals, []string{u.Email})
var buf bytes.Buffer
template, err := getEmailResetPasswordSucessfullyTemplate()
c.Assert(err, check.IsNil)
err = template.Execute(&buf, map[string]string{"email": u.Email, "password": ""})
c.Assert(err, check.IsNil)
expected := strings.Replace(buf.String(), "\n", "\r\n", -1) + "\r\n"
lines := strings.Split(string(m.Data), "\r\n")
lines[len(lines)-4] = ""
c.Assert(strings.Join(lines, "\r\n"), check.Equals, expected)
err = s.conn.PasswordTokens().Find(bson.M{"useremail": u.Email}).One(&token)
c.Assert(err, check.IsNil)
c.Assert(token.Used, check.Equals, true)
}
func (s *S) TestResetPassword(c *check.C) {
scheme := NativeScheme{}
defer s.server.Reset()
u := auth.User{Email: "*****@*****.**"}
err := u.Create()
c.Assert(err, check.IsNil)
defer u.Delete()
p := u.Password
err = scheme.StartPasswordReset(&u)
c.Assert(err, check.IsNil)
time.Sleep(1e6) // Let the email flow
var token passwordToken
err = s.conn.PasswordTokens().Find(bson.M{"useremail": u.Email}).One(&token)
c.Assert(err, check.IsNil)
err = scheme.ResetPassword(&u, token.Token)
c.Assert(err, check.IsNil)
u2, _ := auth.GetUserByEmail(u.Email)
c.Assert(u2.Password, check.Not(check.Equals), p)
time.Sleep(1e9) // Let the email flow
s.server.Lock()
defer s.server.Unlock()
c.Assert(s.server.MailBox, check.HasLen, 2)
m := s.server.MailBox[1]
c.Assert(m.From, check.Equals, "root")
c.Assert(m.To, check.DeepEquals, []string{u.Email})
var buf bytes.Buffer
err = passwordResetConfirm.Execute(&buf, map[string]string{"email": u.Email, "password": ""})
c.Assert(err, check.IsNil)
expected := strings.Replace(buf.String(), "\n", "\r\n", -1) + "\r\n"
lines := strings.Split(string(m.Data), "\r\n")
lines[len(lines)-4] = ""
c.Assert(strings.Join(lines, "\r\n"), check.Equals, expected)
err = s.conn.PasswordTokens().Find(bson.M{"useremail": u.Email}).One(&token)
c.Assert(err, check.IsNil)
c.Assert(token.Used, check.Equals, true)
}