func TestVerifyPassword(t *testing.T) {
// Test valid passwords
assert.Nil(t, password.VerifyPassword(
"$2a$10$CUoGytf1pR7CC6Y043gt/.vFJUV4IRqvH5R6F0VfITP8s2TqrQ.4e",
"test_secret",
))
assert.Nil(t, password.VerifyPassword(
"$2a$10$4J4t9xuWhOKhfjN0bOKNReS9sL3BVSN9zxIr2.VaWWQfRBWh1dQIS",
"test_password",
))
// Test invalid password
assert.NotNil(t, password.VerifyPassword("bogus", "password"))
}
func (suite *OauthTestSuite) TestSetPassword() {
var (
user *oauth.User
err error
)
// Insert a test user without a password
user = &oauth.User{
RoleID: util.StringOrNull(roles.User),
Username: "******",
Password: util.StringOrNull(""),
}
err = suite.db.Create(user).Error
assert.NoError(suite.T(), err, "Inserting test data failed")
// Try to set an empty password
err = suite.service.SetPassword(user, "")
// Correct error should be returned
if assert.NotNil(suite.T(), err) {
assert.Equal(suite.T(), oauth.ErrPasswordTooShort, err)
}
// Try changing the password
err = suite.service.SetPassword(user, "test_password")
// Error should be nil
assert.Nil(suite.T(), err)
// User object should have been updated
assert.Equal(suite.T(), "test@user_nopass", user.Username)
assert.Nil(suite.T(), pass.VerifyPassword(user.Password.String, "test_password"))
}
// AuthClient authenticates client
func (s *Service) AuthClient(clientID, secret string) (*Client, error) {
// Fetch the client
client, err := s.FindClientByClientID(clientID)
if err != nil {
return nil, ErrClientNotFound
}
// Verify the secret
if password.VerifyPassword(client.Secret, secret) != nil {
return nil, ErrInvalidClientSecret
}
return client, nil
}
// AuthUser authenticates user
func (s *Service) AuthUser(username, password string) (*User, error) {
// Fetch the user
user, err := s.FindUserByUsername(username)
if err != nil {
return nil, err
}
// Check that the password is set
if !user.Password.Valid {
return nil, ErrUserPasswordNotSet
}
// Verify the password
if pass.VerifyPassword(user.Password.String, password) != nil {
return nil, ErrInvalidUserPassword
}
return user, nil
}
func (suite *AccountsTestSuite) TestUpdateUser() {
testUser, testAccessToken, err := suite.insertTestUser(
"harold@finch", "test_password", "Harold", "Finch")
assert.NoError(suite.T(), err, "Failed to insert a test user")
payload, err := json.Marshal(&accounts.UserRequest{
FirstName: "John",
LastName: "Reese",
})
assert.NoError(suite.T(), err, "JSON marshalling failed")
r, err := http.NewRequest(
"PUT",
fmt.Sprintf("http://1.2.3.4/v1/users/%d", testUser.ID),
bytes.NewBuffer(payload),
)
assert.NoError(suite.T(), err, "Request setup should not get an error")
r.Header.Set("Authorization", fmt.Sprintf("Bearer %s", testAccessToken.Token))
// Check the routing
match := new(mux.RouteMatch)
suite.router.Match(r, match)
if assert.NotNil(suite.T(), match.Route) {
assert.Equal(suite.T(), "update_user", match.Route.GetName())
}
// Count before
var countBefore int
suite.db.Model(new(accounts.User)).Count(&countBefore)
// And serve the request
w := httptest.NewRecorder()
suite.router.ServeHTTP(w, r)
// Check that the mock object expectations were met
suite.assertMockExpectations()
// Count after
var countAfter int
suite.db.Model(new(accounts.User)).Count(&countAfter)
assert.Equal(suite.T(), countBefore, countAfter)
// Fetch the updated user
user := new(accounts.User)
notFound := accounts.UserPreload(suite.db).First(user, testUser.ID).RecordNotFound()
assert.False(suite.T(), notFound)
// Check that the password has NOT changed
assert.NoError(suite.T(), password.VerifyPassword(
user.OauthUser.Password.String,
"test_password",
))
// And correct data was saved
assert.Equal(suite.T(), "harold@finch", user.OauthUser.Username)
assert.Equal(suite.T(), "John", user.FirstName.String)
assert.Equal(suite.T(), "Reese", user.LastName.String)
assert.Equal(suite.T(), roles.User, user.OauthUser.RoleID.String)
assert.False(suite.T(), user.Confirmed)
// Check the response
expected := &accounts.UserResponse{
Hal: jsonhal.Hal{
Links: map[string]*jsonhal.Link{
"self": &jsonhal.Link{
Href: fmt.Sprintf("/v1/users/%d", user.ID),
},
},
},
ID: user.ID,
Email: "harold@finch",
FirstName: "John",
LastName: "Reese",
Role: roles.User,
Confirmed: false,
CreatedAt: util.FormatTime(&user.CreatedAt),
UpdatedAt: util.FormatTime(&user.UpdatedAt),
}
testutil.TestResponseObject(suite.T(), w, expected, 200)
}
func (suite *AccountsTestSuite) TestConfirmInvitation() {
var (
testOauthUser *oauth.User
testUser *accounts.User
testInvitation *accounts.Invitation
err error
)
// Insert a test user
testOauthUser, err = suite.service.GetOauthService().CreateUser(
roles.User,
"harold@finch",
"", // blank password
)
assert.NoError(suite.T(), err, "Failed to insert a test oauth user")
testUser, err = accounts.NewUser(
suite.accounts[0],
testOauthUser,
"", //facebook ID
false, // confirmed
&accounts.UserRequest{
FirstName: "Harold",
LastName: "Finch",
},
)
assert.NoError(suite.T(), err, "Failed to create a new user object")
err = suite.db.Create(testUser).Error
assert.NoError(suite.T(), err, "Failed to insert a test user")
testUser.Account = suite.accounts[0]
testUser.OauthUser = testOauthUser
// Insert a test invitation
testInvitation, err = accounts.NewInvitation(
testUser,
suite.users[0],
suite.cnf.AppSpecific.InvitationLifetime,
)
assert.NoError(suite.T(), err, "Failed to create a new invitation object")
err = suite.db.Create(testInvitation).Error
assert.NoError(suite.T(), err, "Failed to insert a test invitation")
testInvitation.InvitedUser = testUser
testInvitation.InvitedByUser = suite.users[0]
// Prepare a request
payload, err := json.Marshal(&accounts.ConfirmInvitationRequest{
PasswordRequest: accounts.PasswordRequest{Password: "******"},
})
assert.NoError(suite.T(), err, "JSON marshalling failed")
r, err := http.NewRequest(
"POST",
fmt.Sprintf("http://1.2.3.4/v1/invitations/%s", testInvitation.Reference),
bytes.NewBuffer(payload),
)
assert.NoError(suite.T(), err, "Request setup should not get an error")
r.Header.Set(
"Authorization",
fmt.Sprintf(
"Basic %s",
b64.StdEncoding.EncodeToString([]byte("test_client_1:test_secret")),
),
)
// Check the routing
match := new(mux.RouteMatch)
suite.router.Match(r, match)
if assert.NotNil(suite.T(), match.Route) {
assert.Equal(suite.T(), "confirm_invitation", match.Route.GetName())
}
// Count before
var countBefore int
suite.db.Model(new(accounts.Invitation)).Count(&countBefore)
// And serve the request
w := httptest.NewRecorder()
suite.router.ServeHTTP(w, r)
// Count after
var countAfter int
suite.db.Model(new(accounts.Invitation)).Count(&countAfter)
assert.Equal(suite.T(), countBefore-1, countAfter)
// Fetch the updated user
user := new(accounts.User)
notFound := accounts.UserPreload(suite.db).First(user, testUser.ID).RecordNotFound()
assert.False(suite.T(), notFound)
// Invitation should have been soft deleted
assert.True(suite.T(), suite.db.First(new(accounts.Invitation), testInvitation.ID).RecordNotFound())
// And correct data was saved
assert.Nil(suite.T(), pass.VerifyPassword(user.OauthUser.Password.String, "test_password"))
// Check the response
expected, err := accounts.NewInvitationResponse(testInvitation)
assert.NoError(suite.T(), err, "Failed to create expected response object")
testutil.TestResponseObject(suite.T(), w, expected, 200)
}
func (suite *AccountsTestSuite) TestUpdateUserPassword() {
var (
testOauthUser *oauth.User
testUser *accounts.User
testAccessToken *oauth.AccessToken
err error
)
// Insert a test user
testOauthUser, err = suite.service.GetOauthService().CreateUser(
roles.User,
"harold@finch",
"test_password",
)
assert.NoError(suite.T(), err, "Failed to insert a test oauth user")
testUser, err = accounts.NewUser(
suite.accounts[0],
testOauthUser,
"", //facebook ID
false, // confirmed
&accounts.UserRequest{
FirstName: "Harold",
LastName: "Finch",
},
)
assert.NoError(suite.T(), err, "Failed to create a new user object")
err = suite.db.Create(testUser).Error
assert.NoError(suite.T(), err, "Failed to insert a test user")
testUser.Account = suite.accounts[0]
testUser.OauthUser = testOauthUser
// Login the test user
testAccessToken, _, err = suite.service.GetOauthService().Login(
suite.accounts[0].OauthClient,
testUser.OauthUser,
"read_write", // scope
)
assert.NoError(suite.T(), err, "Failed to login the test user")
payload, err := json.Marshal(&accounts.UserRequest{
Password: "******",
NewPassword: "******",
})
assert.NoError(suite.T(), err, "JSON marshalling failed")
r, err := http.NewRequest(
"PUT",
fmt.Sprintf("http://1.2.3.4/v1/users/%d", testUser.ID),
bytes.NewBuffer(payload),
)
assert.NoError(suite.T(), err, "Request setup should not get an error")
r.Header.Set("Authorization", fmt.Sprintf("Bearer %s", testAccessToken.Token))
// Check the routing
match := new(mux.RouteMatch)
suite.router.Match(r, match)
if assert.NotNil(suite.T(), match.Route) {
assert.Equal(suite.T(), "update_user", match.Route.GetName())
}
// Count before
var countBefore int
suite.db.Model(new(accounts.User)).Count(&countBefore)
// And serve the request
w := httptest.NewRecorder()
suite.router.ServeHTTP(w, r)
// Check that the mock object expectations were met
suite.assertMockExpectations()
// Count after
var countAfter int
suite.db.Model(new(accounts.User)).Count(&countAfter)
assert.Equal(suite.T(), countBefore, countAfter)
// Fetch the updated user
user := new(accounts.User)
notFound := accounts.UserPreload(suite.db).First(user, testUser.ID).RecordNotFound()
assert.False(suite.T(), notFound)
// Check that the password has changed
assert.Error(suite.T(), password.VerifyPassword(
user.OauthUser.Password.String,
"test_password",
))
assert.NoError(suite.T(), password.VerifyPassword(
user.OauthUser.Password.String,
"some_new_password",
))
// And the user meta data is unchanged
assert.Equal(suite.T(), "harold@finch", user.OauthUser.Username)
assert.Equal(suite.T(), "Harold", user.FirstName.String)
assert.Equal(suite.T(), "Finch", user.LastName.String)
assert.Equal(suite.T(), roles.User, user.OauthUser.RoleID.String)
assert.False(suite.T(), user.Confirmed)
// Check the response
expected := &accounts.UserResponse{
Hal: jsonhal.Hal{
Links: map[string]*jsonhal.Link{
"self": &jsonhal.Link{
Href: fmt.Sprintf("/v1/users/%d", user.ID),
},
},
},
ID: user.ID,
Email: "harold@finch",
FirstName: "Harold",
LastName: "Finch",
Role: roles.User,
Confirmed: false,
CreatedAt: util.FormatTime(&user.CreatedAt),
UpdatedAt: util.FormatTime(&user.UpdatedAt),
}
testutil.TestResponseObject(suite.T(), w, expected, 200)
}