Esempio n. 1
0
func TestUnauthorize(t *testing.T) {
	InitAuthenticatorTest()
	user, password := user()
	cookie, err := authorize(user.Email, password)
	if err != nil {
		t.Fatal(err)
	}

	ctx, _ := CreateReqContext("GET", "/protected", nil)
	ctx.Request.AddCookie(cookie)

	if !authenticator.IsAuthorized(ctx.Request) {
		t.Fatal("Should be authenticated")
	}

	if authenticator.AuthorizedUserID(ctx.Request) != user.ID {
		t.Fatal("ID doesn't match")
	}

	authenticator.Unauthorize(ctx.Writer, ctx.Request)

	if authenticator.IsAuthorized(ctx.Request) {
		t.Fatal("Should not be authenticated")
	}

	if authenticator.AuthorizedUserID(ctx.Request) == user.ID {
		t.Fatal("ID matches!")
	}
}
Esempio n. 2
0
func TestIsAuthorizedWhenZeroUsers(t *testing.T) {
	InitAuthenticatorTest()
	ctx, _ := CreateReqContext("GET", "/", nil)
	if !authenticator.IsAuthorized(ctx.Request) {
		t.Fatal("Should not have failed here, Zero users in system should yield unlimited access")
	}
}
Esempio n. 3
0
func TestAuthorize(t *testing.T) {
	InitAuthenticatorTest()
	user, password := user()
	if _, err := authorize(user.Email, password); err != nil {
		t.Fatal(err)
	}
}
Esempio n. 4
0
func TestIsAuthorizedWhenNoAuthProcessIsCompleted(t *testing.T) {
	InitAuthenticatorTest()
	user()
	ctx, _ := CreateReqContext("GET", "/", nil)
	if authenticator.IsAuthorized(ctx.Request) {
		t.Fatal("Should have failed here")
	}
}
Esempio n. 5
0
func TestGetCreatePage(t *testing.T) {
	initUserHandlerTest()
	ctx, _ := CreateReqContext("GET", "/user/create", nil)
	result := userHandler.Create(ctx)
	if result != nil {
		t.Fatal("Expected nil")
	}
}
Esempio n. 6
0
func TestCreateUserWithNoParameters(t *testing.T) {
	initUserHandlerTest()
	ctx, _ := CreateReqContext("POST", "/user/create", nil)

	userHandler.Create(ctx)

	if !ctx.HasValidationErrors() {
		t.Fatal("Expected validation errors")
	}
}
Esempio n. 7
0
func TestGetInitWhenOneOrMoreUsers(t *testing.T) {
	initInitHandlerTest()
	userController.Create("*****@*****.**", "password")
	ctx, _ := CreateReqContext("GET", "/init", nil)
	result := initHandler.Init(ctx)
	if err, ok := result.(*AppError); !ok {
		t.Fatalf("response returned %v", result)
	} else if err.Status() != http.StatusNotFound {
		t.Fatal("Expected 404")
	}
}
Esempio n. 8
0
func TestUpdateUserWithNoParameters(t *testing.T) {
	initUserHandlerTest()
	userController.Create("*****@*****.**", "password")
	user, _ := userRepo.FindByEmail("*****@*****.**")
	id := strconv.Itoa(user.ID)
	ctx, _ := CreateReqContext("POST", "/user/update?id="+id, nil)

	userHandler.Update(ctx)

	if !ctx.HasValidationErrors() {
		t.Fatal("Expected validation errors")
	}
}
Esempio n. 9
0
func TestGetLoginPage(t *testing.T) {
	initAuthHandlerTest()
	ctx, _ := CreateReqContext("GET", "/auth/login", nil)
	result := authHandler.Login(ctx)

	if result != nil {
		t.Fatal("Expected nil")
	}

	if ctx.IsRedirected() {
		t.Fatal("Should not redirect")
	}
}
Esempio n. 10
0
func TestRetrieveExistingUser(t *testing.T) {
	initUserHandlerTest()

	userController.Create("*****@*****.**", "password")
	user, _ := userRepo.FindByEmail("*****@*****.**")
	id := strconv.Itoa(user.ID)

	ctx, _ := CreateReqContext("GET", "/user/retrieve?id="+id, nil)

	result := userHandler.Retrieve(ctx)

	if !user.Equals(result) {
		t.Fatal("Expected equality")
	}
}
Esempio n. 11
0
func TestFailedLogin(t *testing.T) {
	initAuthHandlerTest()
	ctx, _ := CreateReqContext("POST", "/auth/login", map[string][]string{
		"username": []string{"*****@*****.**"},
		"password": []string{"testpass"},
	})
	result := authHandler.Login(ctx)

	if result != nil {
		t.Fatal("Expected nil")
	}

	if ctx.IsRedirected() {
		t.Fatal("Should not redirect")
	}
}
Esempio n. 12
0
func TestRetrieveNonExistingUser(t *testing.T) {
	initUserHandlerTest()

	ctx, _ := CreateReqContext("GET", "/user/retrieve", map[string][]string{
		"id": []string{"123"},
	})

	result := userHandler.Retrieve(ctx)

	if err, ok := result.(*AppError); ok {
		if err.Status() != http.StatusNotFound {
			t.Fatal("Expected 404")
		}
	} else {
		t.Fatal("Expected app error")
	}
}
Esempio n. 13
0
func TestAdminProtectedResourceWhereUserDontHaveAdminRights(t *testing.T) {
	InitAuthenticatorTest()
	authenticator.SetRequiredPrivileges("/admin", "Admin")

	user, password := user()
	cookie, err := authorize(user.Email, password)
	if err != nil {
		t.Fatal(err)
	}

	ctx, _ := CreateReqContext("GET", "/admin", nil)
	ctx.Request.AddCookie(cookie)

	if authenticator.Handle(ctx.Writer, ctx.Request) {
		t.Fatal("User doesnt have admin rights!")
	}

}
Esempio n. 14
0
func TestCreateUserWithSmallPasswordLength(t *testing.T) {
	initUserHandlerTest()
	ctx, _ := CreateReqContext("POST", "/user/create", map[string][]string{
		"email":          []string{"*****@*****.**"},
		"password":       []string{"pass"},
		"password-again": []string{"pass"},
	})

	userHandler.Create(ctx)

	if !ctx.HasValidationErrors() {
		t.Fatal("Expected validation errors")
	}

	if ctx.ValidationErrors["password"] == nil {
		t.Fatal("Expected failure on password field")
	}
}
Esempio n. 15
0
func TestCreateUserWithMismatchingPasswordEntries(t *testing.T) {
	initUserHandlerTest()
	ctx, _ := CreateReqContext("POST", "/user/create", map[string][]string{
		"email":          []string{"*****@*****.**"},
		"password":       []string{"myvalidpass"},
		"password-again": []string{"mymismatchingpass"},
	})

	userHandler.Create(ctx)

	if !ctx.HasValidationErrors() {
		t.Fatal("Expected validation errors")
	}

	if ctx.ValidationErrors[""] == nil {
		t.Fatal("Expected a general error")
	}
}
Esempio n. 16
0
func TestCreateUserWhereEmailAlreadyExist(t *testing.T) {
	initUserHandlerTest()
	userController.Create("*****@*****.**", "mypassword")

	ctx, _ := CreateReqContext("POST", "/user/create", map[string][]string{
		"email":          []string{"*****@*****.**"},
		"password":       []string{"myvalidpass"},
		"password-again": []string{"myvalidpass"},
	})

	result := userHandler.Create(ctx)

	switch result.(type) {
	case error:
		//Expects a application error
	default:
		t.Fatal("Unexpected return type")
	}
}
Esempio n. 17
0
func TestUpdateUserWithMismatchingPasswordEntries(t *testing.T) {
	initUserHandlerTest()
	userController.Create("*****@*****.**", "password")
	user, _ := userRepo.FindByEmail("*****@*****.**")
	id := strconv.Itoa(user.ID)
	ctx, _ := CreateReqContext("POST", "/user/update?id="+id, map[string][]string{
		"email":          []string{"*****@*****.**"},
		"password":       []string{"myvalidpass"},
		"password-again": []string{"mymismatchingpass"},
	})

	userHandler.Update(ctx)

	if !ctx.HasValidationErrors() {
		t.Fatal("Expected validation errors")
	}

	if ctx.ValidationErrors[""] == nil {
		t.Fatal("Expected a general error")
	}
}
Esempio n. 18
0
func TestUpdateUserWithLargePasswordLength(t *testing.T) {
	initUserHandlerTest()
	userController.Create("*****@*****.**", "password")
	user, _ := userRepo.FindByEmail("*****@*****.**")
	id := strconv.Itoa(user.ID)
	ctx, _ := CreateReqContext("POST", "/user/update?id="+id, map[string][]string{
		"email":          []string{"*****@*****.**"},
		"password":       []string{"my-very-very-very-long-password"},
		"password-again": []string{"my-very-very-very-long-password"},
	})

	userHandler.Update(ctx)

	if !ctx.HasValidationErrors() {
		t.Fatal("Expected validation errors")
	}

	if ctx.ValidationErrors["password"] == nil {
		t.Fatal("Expected failure on password field")
	}
}
Esempio n. 19
0
func TestInitCreateUser(t *testing.T) {
	initInitHandlerTest()
	ctx, _ := CreateReqContext("POST", "/init", map[string][]string{
		"email":          []string{"*****@*****.**"},
		"password":       []string{"testpasswd"},
		"password-again": []string{"testpasswd"},
	})
	result := initHandler.Init(ctx)
	if result != nil {
		t.Fatalf("response returned %v", result)
	}

	if !ctx.IsRedirected() {
		t.Fatal("Expected redirection")
	}

	if role, err := roleRepo.FindByName("Admin"); err != nil {
		t.Fatalf("Error occured %v", err)
	} else if role == nil {
		t.Fatal("Did not create Admin role")
	}

	if user, err := userRepo.FindByEmail("*****@*****.**"); err != nil {
		t.Fatalf("Error occured %v", err)
	} else if user == nil {
		t.Fatal("Did not create user")
	}
}
Esempio n. 20
0
func TestLogout(t *testing.T) {
	initAuthHandlerTest()
	user := &User{
		Email: "*****@*****.**",
	}
	password := "******"
	user.SetPassword(password)
	userRepo.Store(user)

	ctx, _ := CreateReqContext("POST", "/auth/login", map[string][]string{
		"username": []string{user.Email},
		"password": []string{password},
	})
	result := authHandler.Login(ctx)

	if result != nil {
		t.Fatal("Expected nil")
	}

	if !ctx.IsRedirected() {
		t.Fatal("Should redirect to landing page")
	}

	ctx, _ = CreateReqContext("GET", "/auth/logout", nil)
	result = authHandler.Logout(ctx)

	if !ctx.IsRedirected() {
		t.Fatal("Should redirect to landing page")
	}
}
Esempio n. 21
0
func TestUpdateUser(t *testing.T) {
	initUserHandlerTest()
	userController.Create("*****@*****.**", "password")
	user, _ := userRepo.FindByEmail("*****@*****.**")
	id := strconv.Itoa(user.ID)

	ctx, _ := CreateReqContext("POST", "/user/update", map[string][]string{
		"id":             []string{id},
		"email":          []string{"*****@*****.**"},
		"password":       []string{"testpassword"},
		"password-again": []string{"testpassword"},
	})
	userHandler.Update(ctx)

	if ctx.HasValidationErrors() {
		t.Log(ctx.ValidationErrors)
		t.Fatal("Did not expect any errors")
	}

	if !ctx.IsRedirected() {
		t.Fatal("Expected redirection")
	}

	user, _ = userRepo.FindByEmail("*****@*****.**")
	if !user.PasswordEquals("testpassword") {
		t.Fatal("Expected a updated password")
	}
}
Esempio n. 22
0
func TestUpdateUserWithInvalidEmail(t *testing.T) {
	initUserHandlerTest()
	userController.Create("*****@*****.**", "password")
	user, _ := userRepo.FindByEmail("*****@*****.**")
	id := strconv.Itoa(user.ID)
	ctx, _ := CreateReqContext("POST", "/user/update", map[string][]string{
		"id":             []string{id},
		"email":          []string{"test[at]test.test"},
		"password":       []string{"testpassword"},
		"password-again": []string{"testpassword"},
	})

	userHandler.Update(ctx)

	if !ctx.HasValidationErrors() {
		t.Fatal("Expected validation errors")
	}

	if ctx.ValidationErrors["email"] == nil {
		t.Fatal("Expected failure on email field")
	}
}
Esempio n. 23
0
func TestAdminProtectedResourceWhereUserHasAdminRights(t *testing.T) {
	InitAuthenticatorTest()
	authenticator.SetRequiredPrivileges("/admin", "Admin")

	user, password := user()

	role, _ := roleRepo.FindByName("Admin")
	role.Users = append(role.Users, *user)
	roleRepo.Store(role)

	cookie, err := authorize(user.Email, password)
	if err != nil {
		t.Fatal(err)
	}

	ctx, _ := CreateReqContext("GET", "/admin", nil)
	ctx.Request.AddCookie(cookie)

	if !authenticator.Handle(ctx.Writer, ctx.Request) {
		t.Fatal("User has admin rights!")
	}

}
Esempio n. 24
0
func TestCreateUser(t *testing.T) {
	initUserHandlerTest()
	ctx, _ := CreateReqContext("POST", "/user/create", map[string][]string{
		"email":          []string{"*****@*****.**"},
		"password":       []string{"testpassword"},
		"password-again": []string{"testpassword"},
	})
	userHandler.Create(ctx)

	if ctx.HasValidationErrors() {
		t.Log(ctx.ValidationErrors)
		t.Fatal("Did not expect any errors")
	}

	if !ctx.IsRedirected() {
		t.Fatal("Expected redirection")
	}

	result, _ := userRepo.All()
	if len(result) != 1 {
		t.Fatal("Expected user created")
	}
}
Esempio n. 25
0
func TestAuthorizeWithInvalidCredentials(t *testing.T) {
	InitAuthenticatorTest()
	if _, err := authorize("", ""); err == nil {
		t.Fatal("Should have failed")
	}
}