Exemple #1
0
func TestCreateGetDeleteGet(t *testing.T) {
	for k, c := range []test{
		{subject: "peter", token: jwt.Token{Valid: false}, policies: []policy.Policy{policies["fail"]}, createData: data["fail"], statusCreate: http.StatusUnauthorized},
		{subject: "peter", token: jwt.Token{Valid: true}, policies: []policy.Policy{policies["fail"]}, createData: data["fail"], statusCreate: http.StatusForbidden},
		{subject: "peter", token: jwt.Token{Valid: true}, policies: []policy.Policy{policies["pass-create"]}, createData: data["ok-max"], statusCreate: http.StatusOK, statusGet: http.StatusForbidden},
		{subject: "peter", token: jwt.Token{Valid: true}, policies: []policy.Policy{policies["pass-create"]}, createData: data["fail"], statusCreate: http.StatusBadRequest},
		{subject: "peter", token: jwt.Token{Valid: true}, policies: []policy.Policy{policies["pass-create"]}, createData: data["fail-validation"], statusCreate: http.StatusBadRequest},
		{subject: "peter", token: jwt.Token{Valid: true}, policies: []policy.Policy{policies["pass-create"], policies["pass-get"]}, createData: data["ok-zac"], statusCreate: http.StatusOK, statusGet: http.StatusOK, statusDelete: http.StatusForbidden},
		{subject: "peter", token: jwt.Token{Valid: true}, policies: []policy.Policy{policies["pass-all"]}, createData: data["ok-steve"], statusCreate: http.StatusOK, statusGet: http.StatusOK, statusDelete: http.StatusAccepted, statusGetAfterDelete: http.StatusNotFound},
	} {
		func() {
			handler := &Handler{s: store, m: mw}
			router := mux.NewRouter()
			handler.SetRoutes(router, mockAuthorization(c))
			ts := httptest.NewServer(router)
			defer ts.Close()

			request := gorequest.New()
			connectionsURL := fmt.Sprintf("%s/oauth2/connections?subject=%s", ts.URL, c.subject)

			resp, body, _ := request.Post(connectionsURL).Send(*c.createData).End()
			require.Equal(t, c.statusCreate, resp.StatusCode, "case %d: %s", k, body)
			if resp.StatusCode != http.StatusOK {
				return
			}

			var conn DefaultConnection
			assert.Nil(t, json.Unmarshal([]byte(body), &conn))

			resp, body, _ = request.Get(connectionsURL).End()
			require.Equal(t, c.statusGet, resp.StatusCode, "case %d: %s", k, body)
			if resp.StatusCode != http.StatusOK {
				return
			}

			resp, body, _ = request.Get(fmt.Sprintf("%s/oauth2/connections/%s", ts.URL, conn.ID)).End()
			require.Equal(t, c.statusGet, resp.StatusCode, "case %d: %s", k, body)
			if resp.StatusCode != http.StatusOK {
				return
			}

			resp, body, _ = request.Post(connectionsURL).Send(*c.createData).End()
			require.Equal(t, http.StatusInternalServerError, resp.StatusCode, "case %d: %s", k, body)

			resp, body, _ = request.Delete(fmt.Sprintf("%s/oauth2/connections/%s", ts.URL, conn.ID)).End()
			require.Equal(t, c.statusDelete, resp.StatusCode, "case %d: %s", k, body)
			if resp.StatusCode != http.StatusAccepted {
				return
			}

			resp, body, _ = request.Get(fmt.Sprintf("%s/oauth2/connections/%s", ts.URL, conn.ID)).End()
			require.Equal(t, c.statusGetAfterDelete, resp.StatusCode, "case %d: %s", k, body)

			resp, body, _ = request.Delete(fmt.Sprintf("%s/oauth2/connections/%s", ts.URL, conn.ID)).End()
			require.Equal(t, http.StatusNotFound, resp.StatusCode, "case %d: %s", k, body)
		}()
	}
}
Exemple #2
0
func TestCreateGetDeleteGet(t *testing.T) {
	for k, c := range []test{
		{subject: "peter", token: jwt.Token{Valid: false}, policies: []policy.Policy{policies["fail"]}, createData: payload{RedirectURIs: "redir"}, statusCreate: http.StatusUnauthorized},
		{subject: "peter", token: jwt.Token{Valid: true}, policies: []policy.Policy{policies["fail"]}, createData: payload{RedirectURIs: "redir"}, statusCreate: http.StatusForbidden},
		{subject: "peter", token: jwt.Token{Valid: true}, policies: []policy.Policy{policies["pass-create"]}, createData: payload{RedirectURIs: "redir"}, statusCreate: http.StatusOK, statusGet: http.StatusForbidden},
		{subject: "peter", token: jwt.Token{Valid: true}, policies: []policy.Policy{policies["pass-create"], policies["pass-get"]}, createData: payload{RedirectURIs: "redir"}, statusCreate: http.StatusOK, statusGet: http.StatusOK, statusDelete: http.StatusForbidden},
		{subject: "peter", token: jwt.Token{Valid: true}, policies: []policy.Policy{policies["pass-all"]}, createData: payload{RedirectURIs: "redir"}, statusCreate: http.StatusOK, statusGet: http.StatusOK, statusDelete: http.StatusAccepted, statusGetAfterDelete: http.StatusNotFound},
	} {
		func() {
			handler := &Handler{s: store, m: mw}
			router := mux.NewRouter()
			handler.SetRoutes(router, mockAuthorization(c))
			ts := httptest.NewServer(router)
			defer ts.Close()

			request := gorequest.New()
			resp, body, _ := request.Post(ts.URL + "/clients").Send(c.createData).End()
			require.Equal(t, c.statusCreate, resp.StatusCode, "case %d: %s", k, body)
			if resp.StatusCode != http.StatusOK {
				return
			}

			var client payload
			json.Unmarshal([]byte(body), &client)

			resp, body, _ = request.Get(ts.URL + "/clients/" + client.ID).End()
			require.Equal(t, c.statusGet, resp.StatusCode, "case %d: %s", k, body)
			if resp.StatusCode != http.StatusOK {
				return
			}

			resp, body, _ = request.Delete(ts.URL + "/clients/" + client.ID).End()
			require.Equal(t, c.statusDelete, resp.StatusCode, "case %d: %s", k, body)
			if resp.StatusCode != http.StatusAccepted {
				return
			}

			resp, body, _ = request.Get(ts.URL + "/clients/" + client.ID).End()
			require.Equal(t, c.statusGetAfterDelete, resp.StatusCode, "case %d: %s", k, body)
		}()
	}
}
Exemple #3
0
func TestCreateGetDelete(t *testing.T) {
	for k, c := range []test{
		test{
			subject: "peter", token: &jwt.Token{Valid: false},
			expected: result{create: http.StatusUnauthorized, get: 0, delete: 0},
		},
		test{
			subject: "peter", token: &jwt.Token{Valid: true}, policies: policies["empty"],
			expected: result{create: http.StatusForbidden, get: 0, delete: 0},
		},
		test{
			subject: "peter", token: &jwt.Token{Valid: true}, policies: policies["empty"],
			expected: result{create: http.StatusForbidden, get: 0, delete: 0},
		},
		test{
			subject: "max", token: &jwt.Token{Valid: true}, policies: policies["empty"],
			expected: result{create: http.StatusForbidden, get: 0, delete: 0},
		},
		test{
			subject: "max", token: &jwt.Token{Valid: true}, payload: payload{},
			policies: policies["allow-create"],
			expected: result{
				create: http.StatusForbidden, get: 0, delete: 0,
			},
		},
		test{
			subject: "peter", token: &jwt.Token{Valid: true},
			payload:  payload{Email: uuid.New() + "@foobar.com", Data: "{}"},
			policies: policies["allow-create"],
			expected: result{
				create: http.StatusBadRequest, get: 0, delete: 0,
			},
		},
		test{
			subject: "peter", token: &jwt.Token{Valid: true},
			payload:  payload{Email: uuid.New() + "@foobar.com", Password: "******", Data: "{}"},
			policies: policies["allow-create"],
			expected: result{
				create: http.StatusBadRequest, get: 0, delete: 0,
			},
		},
		test{
			subject: "peter", token: &jwt.Token{Valid: true},
			payload:  payload{Email: "notemail", Password: "******", Data: "{}"},
			policies: policies["allow-create"],
			expected: result{
				create: http.StatusBadRequest, get: 0, delete: 0,
			},
		},
		test{
			subject: "peter", token: &jwt.Token{Valid: true},
			payload:  payload{Email: uuid.New() + "@bar.com", Password: "", Data: "{}"},
			policies: policies["allow-create"],
			expected: result{
				create: http.StatusBadRequest, get: 0, delete: 0,
			},
		},
		test{
			subject: "peter", token: &jwt.Token{Valid: true},
			payload:  payload{Email: uuid.New() + "@bar.com", Password: "******", Data: "not json"},
			policies: policies["allow-create"],
			expected: result{
				create: http.StatusBadRequest, get: 0, delete: 0,
			},
		},
		test{
			subject: "peter", token: &jwt.Token{Valid: true},
			payload:  payload{Email: uuid.New() + "@bar.com", Password: "******", Data: "{}"},
			policies: policies["allow-create"],
			expected: result{
				create: http.StatusOK, get: http.StatusForbidden, delete: http.StatusForbidden,
			},
		},
		test{
			subject: "peter", token: &jwt.Token{Valid: true},
			payload:  payload{Email: uuid.New() + "@bar.com", Password: "******", Data: "{}"},
			policies: policies["allow-create-get"],
			expected: result{
				create: http.StatusOK, get: http.StatusOK, delete: http.StatusForbidden,
			},
		},
		test{
			subject: "peter", token: &jwt.Token{Valid: true},
			payload:  payload{Email: uuid.New() + "@bar.com", Password: "******", Data: "{}"},
			policies: policies["allow-all"],
			expected: result{
				create: http.StatusOK, get: http.StatusOK, delete: http.StatusAccepted,
			},
		},
	} {
		router := mux.NewRouter()
		hd.SetRoutes(router, mock(c))
		ts := httptest.NewServer(router)
		defer ts.Close()

		t.Logf(ts.URL + "/accounts")

		request := gorequest.New()
		resp, body, _ := request.Post(ts.URL + "/accounts").Send(c.payload).End()
		require.Equal(t, c.expected.create, resp.StatusCode, "case %d: %s", k, body)
		if resp.StatusCode != http.StatusOK {
			return
		}
		user := assertAccount(t, c, body)

		resp, body, _ = request.Get(ts.URL + "/accounts/" + user.GetID()).End()
		require.Equal(t, c.expected.get, resp.StatusCode, "case %d: %s", k, body)
		if resp.StatusCode != http.StatusOK {
			return
		}
		user = assertAccount(t, c, body)

		resp, body, _ = request.Delete(ts.URL + "/accounts/" + user.GetID()).End()
		require.Equal(t, c.expected.delete, resp.StatusCode, "case %d: %s", k, body)
		if resp.StatusCode != http.StatusAccepted {
			return
		}

		resp, body, _ = request.Get(ts.URL + "/accounts/" + user.GetID()).End()
		require.Equal(t, http.StatusNotFound, resp.StatusCode, "case %d: %s", k, body)
	}
}