func TestParseEncryptedAuth(t *testing.T) {
if len(keys) == 0 {
t.Fatalf("Must set $SECRETS\n")
}
var b bytes.Buffer
r, err := http.NewRequest("GET", "http://does-not-matter.com", &b)
if err != nil {
t.Error(err)
}
libratoUser := "******"
libratoPass := "******"
tok, err := fernet.EncryptAndSign([]byte(libratoUser+":"+libratoPass), keys[0])
if err != nil {
t.Error(err)
}
r.Header.Set("Authorization", "Basic "+base64.StdEncoding.EncodeToString(tok))
expectedUser, expectedPass, err := Parse(r)
if err != nil {
t.Error(err)
}
if expectedUser != "*****@*****.**" {
t.Errorf("expected=%q actual=%q\n", "l2met", expectedUser)
}
if expectedPass != "abc123" {
t.Errorf("expected=%q actual=%q\n", "token", expectedPass)
}
}
func testEncryptDecrypt(t *testing.T, ts authTest) {
if len(keys) == 0 {
t.Fatalf("Must set $SECRETS\n")
}
var b bytes.Buffer
r, err := http.NewRequest("GET", "http://does-not-matter.com", &b)
if err != nil {
t.Fatalf("error=%s\n", err)
}
tok, err := fernet.EncryptAndSign([]byte(ts.input), keys[0])
if err != nil {
t.Fatalf("error=%s\n", err)
}
r.Header.Set("Authorization",
"Basic "+base64.StdEncoding.EncodeToString(tok))
parseRes, err := Parse(r.Header["Authorization"][0])
if err != nil {
t.Fatalf("error=%s\n", err)
}
actualOutput, err := Decrypt(parseRes)
if err != nil {
t.Fatalf("error=%s\n", err)
}
if actualOutput != ts.output {
t.Fatalf("actual=%q expected=%q\n", actualOutput, ts.output)
}
}
func TestCreateDeveloperEmailExists(t *testing.T) {
testServer(func(s *Server) {
headers := make(map[string]string)
k := fernet.MustDecodeKeys("YI1ZYdopn6usnQ/5gMAHg8+pNh6D0DdaJkytdoLWUj0=")
tok, err := fernet.EncryptAndSign([]byte("mysharedtoken"), k[0])
if err != nil {
t.Fatalf("fernet encryption failed %v\n", err)
}
stok := base64.URLEncoding.EncodeToString(tok)
headers["X-Access-Token"] = stok
res, err := testHttpRequestWithHeaders("POST", "/api/v1/developers/", `{"name":"adnaan"}`, headers)
if err != nil {
t.Fatalf("email exists failed %v", err)
} else {
body, _ := ioutil.ReadAll(res.Body)
if res.StatusCode != 500 {
t.Fatalf("able to create developer: %v", string(body))
}
}
})
}
// Use the first valid key to sign b.
// Returns error if no key is able to sign b.
func EncryptAndSign(b []byte) ([]byte, error) {
for i := range keys {
if res, err := fernet.EncryptAndSign(b, keys[i]); err == nil {
return res, err
}
}
return []byte(""), errors.New("Unable to sign payload.")
}
func Example() {
k := fernet.MustDecodeKeys("cw_0x689RpI-jtRR7oE8h_eQsKImvJapLeSbXpwF4e4=")
tok, err := fernet.EncryptAndSign([]byte("hello"), k[0])
if err != nil {
panic(err)
}
msg := fernet.VerifyAndDecrypt(tok, 60*time.Second, k)
fmt.Println(string(msg))
// Output:
// hello
}
//Generate time based access token using shared secret. See fernet project
//for more details
func (s *Server) genAccessToken(email string) (string, error) {
//encrypt token
k := fernet.MustDecodeKeys(s.config.Clients["browser"].Secret)
tok, err := fernet.EncryptAndSign([]byte(email), k[0])
if err != nil {
}
token := base64.URLEncoding.EncodeToString(tok)
//cache it
c := s.redisConn()
defer c.Close()
c.Do("SET", email, "loggedin")
return token, nil
}
func TestFernet(t *testing.T) {
k := fernet.MustDecodeKeys("YI1ZYdopn6usnQ/5gMAHg8+pNh6D0DdaJkytdoLWUj0=")
tok, err := fernet.EncryptAndSign([]byte("mysharedtoken"), k[0])
if err != nil {
t.Fatalf("fernet encryption failed %v\n", err)
}
stok := base64.URLEncoding.EncodeToString(tok)
btok, err := base64.URLEncoding.DecodeString(stok)
//fmt.Println(btok)
if err != nil {
t.Fatalf("fernet key decryption failed %v\n", err)
}
msg := fernet.VerifyAndDecrypt(btok, 60*time.Second, k)
if string(msg) != "mysharedtoken" {
t.Fatalf("verification failed!\n")
}
}
func TestCreateDeveloperHeaderWithTimeOK(t *testing.T) {
testServer(func(s *Server) {
headers := make(map[string]string)
k := fernet.MustDecodeKeys("YI1ZYdopn6usnQ/5gMAHg8+pNh6D0DdaJkytdoLWUj0=")
tok, err := fernet.EncryptAndSign([]byte("mysharedtoken"), k[0])
if err != nil {
t.Fatalf("fernet encryption failed %v\n", err)
}
stok := base64.URLEncoding.EncodeToString(tok)
headers["X-Access-Token"] = stok
res, err := testHttpRequestWithHeaders("POST", "/api/v1/developers/", `{"name":"adnaan","email":"*****@*****.**","password":"******"}`, headers)
if err != nil {
t.Fatalf("Unable to create developer: %v", err)
} else {
body, _ := ioutil.ReadAll(res.Body)
if res.StatusCode != 200 {
t.Fatalf("unable to create developer: %v", string(body))
}
response := NewDeveloperResponse{}
err := json.Unmarshal(body, &response)
if err != nil {
t.Fatalf("fail to parse body: %v", string(body))
}
access_token = response.AccessToken
dev_id = response.ObjectId
}
})
}