Esempio n. 1
0
func TestGetAuthenticatedUser(t *testing.T) {
	var (
		user *accounts.User
		err  error
	)

	// A test request
	r, err := http.NewRequest("GET", "http://1.2.3.4/something", nil)
	assert.NoError(t, err, "Request setup should not get an error")

	user, err = accounts.GetAuthenticatedUser(r)

	// User object should be nil
	assert.Nil(t, user)

	// Correct error should be returned
	if assert.NotNil(t, err) {
		assert.Equal(t, accounts.ErrUserAuthenticationRequired, err)
	}

	// Set a context value of an invalid type
	context.Set(r, accounts.AuthenticatedUserKey, "bogus")

	user, err = accounts.GetAuthenticatedUser(r)

	// User object should be nil
	assert.Nil(t, user)

	// Correct error should be returned
	if assert.NotNil(t, err) {
		assert.Equal(t, accounts.ErrUserAuthenticationRequired, err)
	}

	// Set a valid context value
	context.Set(r, accounts.AuthenticatedUserKey, &accounts.User{FirstName: util.StringOrNull("John Reese")})

	user, err = accounts.GetAuthenticatedUser(r)

	// Error should be nil
	assert.Nil(t, err)

	// Correct user object should be returned
	if assert.NotNil(t, user) {
		assert.Equal(t, "John Reese", user.FirstName.String)
	}
}
func (suite *AccountsTestSuite) TestUserAuthMiddleware() {
	var (
		r                 *http.Request
		w                 *httptest.ResponseRecorder
		next              http.HandlerFunc
		authenticatedUser *accounts.User
		err               error
	)

	middleware := accounts.NewUserAuthMiddleware(suite.service)

	// Send a request without a bearer token through the middleware
	r, err = http.NewRequest("POST", "http://1.2.3.4/something", nil)
	assert.NoError(suite.T(), err, "Request setup should not get an error")
	w = httptest.NewRecorder()
	next = func(w http.ResponseWriter, r *http.Request) {}
	middleware.ServeHTTP(w, r, next)

	// Check the response
	testutil.TestResponseForError(suite.T(), w, accounts.ErrUserAuthenticationRequired.Error(), 401)

	// Check the context variable has not been set
	authenticatedUser, err = accounts.GetAuthenticatedUser(r)
	assert.Nil(suite.T(), authenticatedUser)
	assert.Error(suite.T(), err)
	assert.Equal(suite.T(), accounts.ErrUserAuthenticationRequired, err)

	// Send a request with empty bearer token through the middleware
	r, err = http.NewRequest("POST", "http://1.2.3.4/something", nil)
	assert.NoError(suite.T(), err, "Request setup should not get an error")
	r.Header.Set("Authorization", "Bearer ")
	w = httptest.NewRecorder()
	next = func(w http.ResponseWriter, r *http.Request) {}
	middleware.ServeHTTP(w, r, next)

	// Check the response
	testutil.TestResponseForError(suite.T(), w, accounts.ErrUserAuthenticationRequired.Error(), 401)

	// Check the context variable has not been set
	authenticatedUser, err = accounts.GetAuthenticatedUser(r)
	assert.Nil(suite.T(), authenticatedUser)
	assert.Error(suite.T(), err)
	assert.Equal(suite.T(), accounts.ErrUserAuthenticationRequired, err)

	// Send a request with incorrect bearer token through the middleware
	r, err = http.NewRequest("POST", "http://1.2.3.4/something", nil)
	assert.NoError(suite.T(), err, "Request setup should not get an error")
	r.Header.Set("Authorization", "Bearer bogus")
	w = httptest.NewRecorder()
	next = func(w http.ResponseWriter, r *http.Request) {}
	middleware.ServeHTTP(w, r, next)

	// Check the response
	testutil.TestResponseForError(suite.T(), w, accounts.ErrUserAuthenticationRequired.Error(), 401)

	// Check the context variable has not been set
	authenticatedUser, err = accounts.GetAuthenticatedUser(r)
	assert.Nil(suite.T(), authenticatedUser)
	assert.Error(suite.T(), err)
	assert.Equal(suite.T(), accounts.ErrUserAuthenticationRequired, err)

	// Send a request with client bearer token through the middleware
	r, err = http.NewRequest("POST", "http://1.2.3.4/something", nil)
	assert.NoError(suite.T(), err, "Request setup should not get an error")
	r.Header.Set("Authorization", "Bearer test_client_token")
	w = httptest.NewRecorder()
	next = func(w http.ResponseWriter, r *http.Request) {}
	middleware.ServeHTTP(w, r, next)

	// Check the response
	testutil.TestResponseForError(suite.T(), w, accounts.ErrUserAuthenticationRequired.Error(), 401)

	// Check the context variable has not been set
	authenticatedUser, err = accounts.GetAuthenticatedUser(r)
	assert.Nil(suite.T(), authenticatedUser)
	assert.Error(suite.T(), err)
	assert.Equal(suite.T(), accounts.ErrUserAuthenticationRequired, err)

	// Send a request with correct bearer token through the middleware
	r, err = http.NewRequest("POST", "http://1.2.3.4/something", nil)
	assert.NoError(suite.T(), err, "Request setup should not get an error")
	r.Header.Set("Authorization", "Bearer test_user_token")
	w = httptest.NewRecorder()
	next = func(w http.ResponseWriter, r *http.Request) {}
	middleware.ServeHTTP(w, r, next)

	// Check the status code
	assert.Equal(suite.T(), 200, w.Code)

	// Check the context variable has been set
	authenticatedUser, err = accounts.GetAuthenticatedUser(r)
	assert.NoError(suite.T(), err)
	assert.NotNil(suite.T(), authenticatedUser)
	assert.Equal(suite.T(), "test@user", authenticatedUser.OauthUser.Username)
}