func TestOneWayChallengeResponse(t *testing.T) {
userName := usersName[0]
initAListOfUsers(t, usersName)
url := listener + ServicePath + fmt.Sprintf(cr.ConvertCommandToRequest(urlCommands[verifyUserIdentityCommand]), usersPath, userName, verifyUserIdentityChallengeToken)
res := exeCommandCheckRes(t, cr.GET_STR, url, http.StatusOK, "", cr.StringMessage{Str: getMessageStr})
var OcraData OcraData
err := json.Unmarshal([]byte(res), &OcraData)
if err != nil {
t.Errorf("Test fail: execute GET to '%v' expected to get ocra data but received: %v, error: %v",
url, res, err)
}
//Calculate the cleint OTP
otp, err := ocra.GenerateOCRAAdvance(OcraUserDataInfo.OcraSuite, secretCode,
OcraData.Counter, OcraData.ServerQuestion, OcraData.Password, OcraData.SessionId, OcraData.TimeStamp)
logger.Info.Println("The calculated OTP for ocra data:", res, "is:", otp)
if err != nil {
t.Errorf("Test fail: Try to generate OCRA with the following parameters: %v, error: %v", res, err)
}
OcraData.Otp = otp
data, _ := json.Marshal(OcraData)
url = listener + ServicePath + fmt.Sprintf(cr.ConvertCommandToRequest(urlCommands[verifyUserIdentityCommand]), usersPath, userName, verifyUserIdentityOtpToken)
exeCommandCheckRes(t, cr.PUT_STR, url, http.StatusOK, string(data), cr.Match{Match: true, Message: ""})
}
// 1. Check with match OTP code using HOTP/TOTP, verify the results
// 2. Check with not matched code using HOTP/TOTP, verify the results
func TestVerifyHotpCode(t *testing.T) {
var exp string
userName := usersName[0]
initAListOfUsers(t, usersName)
secret, _ := json.Marshal(cr.Secret{Secret: secretCode})
url := resourcePath + "/" + userName
okUrlJ := cr.Url{Url: fmt.Sprintf("%v/%v", ServicePath, userName)}
exeCommandCheckRes(t, cr.PUT_STR, url, http.StatusCreated, string(secret), okUrlJ) // TODO fix it
user, _ := otp.NewSimpleOtpUser([]byte(secretCode))
for i := 0; i < 2; i++ {
if i == 0 { // HOTP
exp, _ = user.BaseHotp.AtCount(user.BaseHotp.Count)
url = listener + ServicePath + fmt.Sprintf(cr.ConvertCommandToRequest(urlCommands[verifyUserCodeCommand]), UsersPath, userName, verifyHotpTypeParam)
} else {
exp, _ = user.BaseTotp.Now()
url = listener + ServicePath + fmt.Sprintf(cr.ConvertCommandToRequest(urlCommands[verifyUserCodeCommand]), UsersPath, userName, verifyTotpTypeParam)
}
secret, _ = json.Marshal(cr.Secret{Secret: exp})
exeCommandCheckRes(t, cr.POST_STR, url, http.StatusOK, string(secret), cr.Match{Match: true, Message: cr.NoMessageStr})
// The same code can't be used twice
exeCommandCheckRes(t, cr.POST_STR, url, http.StatusOK, string(secret), cr.Match{Match: false, Message: cr.NoMessageStr})
}
}
// Verify that a root login with appropriate password successfully
// Verify that a root login with wrong password fails
// Verify that an unknown user can't login
// Verify that logout works ok
func TestLogin(t *testing.T) {
loginRoot(t)
url := listener + ServicePath + fmt.Sprintf(cr.ConvertCommandToRequest(urlCommands[handleAuthenticateCommand]), UserPath)
userLogin, _ := json.Marshal(userData{stc.RootUserName, []byte(string(rootPwd + "a"))})
exeCommandCheckRes(t, cr.PUT_STR, url, http.StatusMethodNotAllowed, string(userLogin), cr.Match{Match: false})
url = listener + ServicePath + fmt.Sprintf(cr.ConvertCommandToRequest(urlCommands[handleAuthenticateCommand]), UserPath)
userLogin, _ = json.Marshal(userData{stc.RootUserName + "1", []byte(string(rootPwd))})
exeCommandCheckRes(t, cr.PUT_STR, url, http.StatusNotFound, string(userLogin), cr.Match{Match: false})
}
// 2. Reset the user password
// 3. Check that the new password match only once
// 4. Update user password and verify that the new password matched
func TestVerifyResetPassword(t *testing.T) {
userName := usersName[0]
initAListOfUsers(t, usersName)
url := listener + ServicePath + fmt.Sprintf(cr.ConvertCommandToRequest(urlCommands[resetUserPasswordCommand]), UsersPath, userName, ResetUserPwdPath)
secretStr := exeCommandCheckRes(t, cr.GET_STR, url, http.StatusCreated, getMessageStr, cr.StringMessage{Str: getMessageStr})
url = listener + ServicePath + fmt.Sprintf(cr.ConvertCommandToRequest(urlCommands[verifyUserPasswordCommand]), UsersPath, userName)
exeCommandCheckRes(t, cr.POST_STR, url, http.StatusOK, secretStr, cr.Match{Match: true, Message: cr.NoMessageStr})
secret1, _ := json.Marshal(secretData{secretCode})
exeCommandCheckRes(t, cr.POST_STR, url, http.StatusOK, string(secret1), cr.Match{Match: false, Message: cr.NoMessageStr})
}
// Set User blocked to true, false, true and verify the status
func TestSetUserBlockedState(t *testing.T) {
userName := usersName[0]
states := []bool{true, false, true}
initAListOfUsers(t, usersName)
for _, val := range states {
data, _ := json.Marshal(userState{val})
url := listener + ServicePath + fmt.Sprintf(cr.ConvertCommandToRequest(urlCommands[handleUserBlockCommand]), UsersPath, userName, blockedStateToken)
okUrlJ := cr.Url{Url: fmt.Sprintf("%v/%v", ServicePath, userName)}
exeCommandCheckRes(t, cr.PUT_STR, url, http.StatusOK, string(data), okUrlJ) // fix the statusOK
url = listener + ServicePath + fmt.Sprintf(cr.ConvertCommandToRequest(urlCommands[handleUserBlockCommand]), UsersPath, userName, blockedStateToken)
exeCommandCheckRes(t, cr.GET_STR, url, http.StatusOK, "", userState{val})
}
}
// Test the following functions: add/get/delete item to/from storage and get storage
// 1. Create a storage, and 2 key-value to the storage
// 2. Get the items and verify their values
// 3. Get the storage information and compare to the expected data
// 4. Delete the items and verify that it is not in the storage
// 5. Remove storage and verify that the list is empty
func TestAddGetDeleteItem(t *testing.T) {
keys := []string{"data1", "data2"}
values := []string{"value1", "value2"}
headerInfo := make(headerMapT)
headerInfo[secretIdParam] = secretCode
initState(t)
okUrlJ := cr.Url{Url: fmt.Sprintf("%v", ServicePath)}
for i, key := range keys {
url := itemPath
item, _ := json.Marshal(itemData{key, values[i]})
exeCommandCheckRes(t, cr.PATCH_STR, url, http.StatusCreated, string(item), baseHeaderInfo, okUrlJ)
headerInfo[keyIdParam] = key
exeCommandCheckRes(t, cr.GET_STR, url, http.StatusOK, "", headerInfo, itemValue{values[i]})
}
for i, key := range keys {
url := itemPath
headerInfo[keyIdParam] = key
exeCommandCheckRes(t, cr.GET_STR, url, http.StatusOK, "", headerInfo, itemValue{values[i]})
exeCommandCheckRes(t, cr.DELETE_STR, url, http.StatusNoContent, "", headerInfo, cr.EmptyStr)
exeCommandCheckRes(t, cr.GET_STR, url, http.StatusNotFound, "", headerInfo, cr.Error{Code: http.StatusNotFound})
}
url := fmt.Sprintf(cr.ConvertCommandToRequest(urlCommands[handleStorageCommand]), resourcePath)
exeCommandCheckRes(t, cr.DELETE_STR, url, http.StatusNoContent, "", baseHeaderInfo, cr.EmptyStr)
}
// Initialize the UsersList to include resource
func setResource(t *testing.T, url string) {
for i, name := range resourcesName {
iUrl := url + EnServicePath
okUrlJ := cr.Url{Url: fmt.Sprintf("%v/%v", ResourceServicePath, name)}
specificUrl := iUrl + fmt.Sprintf(cr.ConvertCommandToRequest(urlCommands[handleUmResourceCommand]), name)
addDataVerifyResults(t, name, specificUrl, okUrlJ)
verifyLen(t, enPath, ResourcesPath, i+1)
}
}
// 1. As a root: Update the user privilege, verify the results
// 2. As a root: Update the root privilege, verify that it is not allowed
// 3. As the user: Update the user privilege, verify that it is not allowed
func TestUpdatePrivilege(t *testing.T) {
userName := usersName[0]
initAListOfUsers(t, usersName)
url := listener + ServicePath + fmt.Sprintf(cr.ConvertCommandToRequest(urlCommands[handleUserPwdCommand]), UsersPath, userName, PrivilegePath)
okUrlJ := cr.Url{Url: fmt.Sprintf("%v/%v", ServicePath, userName)}
privilege, _ := json.Marshal(privilegePwd{Privilege: am.SuperUserPermission})
exeCommandCheckRes(t, cr.PATCH_STR, url, http.StatusCreated, string(privilege), okUrlJ)
url = listener + ServicePath + fmt.Sprintf(cr.ConvertCommandToRequest(urlCommands[handleUserPwdCommand]), UsersPath, stc.RootUserName, PrivilegePath)
okUrlJ = cr.Url{Url: fmt.Sprintf("%v/%v", ServicePath, stc.RootUserName)}
privilege, _ = json.Marshal(privilegePwd{Privilege: am.SuperUserPermission})
exeCommandCheckRes(t, cr.PATCH_STR, url, http.StatusBadRequest, string(privilege), cr.Error{Code: http.StatusBadRequest})
cookieStr, _ := app.GenerateToken(userName, am.UserPermission, clientIP, stRestful.SignKey)
cr.SetCookie(cookieStr)
exeCommandCheckRes(t, cr.PATCH_STR, url, http.StatusMethodNotAllowed, string(privilege), cr.Error{Code: http.StatusMethodNotAllowed})
}
// Initialize the UsersList to include all users from a given file
func setUm(t *testing.T, url string) {
for i, name := range usersName {
iUrl := url + EnServicePath
okUrlJ := cr.Url{Url: fmt.Sprintf("%v/%v", UsersServicePath, name)}
specificUrl := iUrl + fmt.Sprintf(cr.ConvertCommandToRequest(urlCommands[handleUmUserCommand]), name)
addDataVerifyResults(t, name, specificUrl, okUrlJ)
verifyLen(t, enPath, UsersPath, i+1+protectedEntityManagerLen)
}
}
// Test the following:
// 1. The users list is empty
// 2. Add a new user, verify the response code and that there is only one user with the same content
// 4. Add a new user, verify the response code and that there are 2 users each with the extpected content
// 5. Remove the first user, verify the response code and that there is only one user, the second one
// 6. Remove the second user, verify the response code and that the user list is empty
func TestAddRemoveUser(t *testing.T) {
initState(t)
setUm(t, listener)
// remove users and verify that the number of users decrease
for i, name := range usersName {
url := listener + UsersServicePath + fmt.Sprintf(cr.ConvertCommandToRequest(urlCommands[handleUmCommand]), name)
exeCommandCheckRes(t, cr.DELETE_STR, url, http.StatusNoContent, "", cr.StringMessage{Str: ""})
verifyLen(t, enPath, UsersPath, len(usersName)-i+1)
}
}
// Test the following:
// 1. The users list is empty
// 2. Add a new resource, verify the response code and that there is only one resource with the same content
// 4. Add a new resource, verify the response code and that there are 2 resource each with the extpected content
// 5. Remove the first resource, verify the response code and that there is only one resource, the second one
// 6. Remove the second resource, verify the response code and that the resource list is empty
func TestAddRemoveResource(t *testing.T) {
initState(t)
setResource(t, listener)
// remove resource and verify that the number of resource decrease
for i, name := range resourcesName {
url := listener + ResourceServicePath + fmt.Sprintf(cr.ConvertCommandToRequest(urlCommands[handleUmCommand]), name)
exeCommandCheckRes(t, cr.DELETE_STR, url, http.StatusNoContent, "", cr.StringMessage{Str: ""})
verifyLen(t, enPath, ResourcesPath, len(resourcesName)-i-1)
}
}
// Test estGetAllPermissionsOfEntity
// Add a set of permissions to resource for a given users list and verify that the respobse is as expected
func Test_getAllPermissionsOfEntity(t *testing.T) {
initState()
generateAcl()
baseUrl := fmt.Sprintf(cr.ConvertCommandToRequest(urlCommands[getAllPermissionsOfEntityCommand]), entityToken, userName1, resourceToken, resourceName1)
url := fmt.Sprintf("%v/%v", resourcePath, baseUrl)
data, _ := acl.GetUserPermissions(stRestful.UsersList, userName1, resourceName1)
res := []string{}
for p, _ := range data {
res = append(res, string(p))
}
exeCommandCheckRes(t, cr.GET_STR, url, http.StatusOK, "", res)
}
// Test restGetAllPermissions
// Add a set of permissions to resource for a given users list and verify that the respobse is as expected
func Test_getAllPermissions(t *testing.T) {
initState()
_, a, _ := generateAcl()
baseUrl := fmt.Sprintf(cr.ConvertCommandToRequest(urlCommands[getAllPermissionCommand]), permissionsToken, resourceToken, resourceName1)
url := fmt.Sprintf("%v/%v", resourcePath, baseUrl)
data := a.GetAllPermissions()
res := []string{}
for p, _ := range data {
res = append(res, string(p))
}
exeCommandCheckRes(t, cr.GET_STR, url, http.StatusOK, "", res)
}
// Test restGetWhoUsesAResourcePermission
// Add a set of permissions to resource for a given users list and verify that the respobse is as expected
func Test_getWhoUsesAResourcePermission(t *testing.T) {
initState()
generateAcl()
permission := perAll
baseUrl := fmt.Sprintf(cr.ConvertCommandToRequest(urlCommands[getAllPermissionsOfEntityCommand]), resourceToken, resourceName1, permissionsToken, permission)
url := fmt.Sprintf("%v/%v", resourcePath, baseUrl)
data := acl.GetWhoUseAPermission(stRestful.UsersList, resourceName1, permission)
res := []string{}
for p, _ := range data {
res = append(res, p)
}
exeCommandCheckRes(t, cr.GET_STR, url, http.StatusOK, "", res)
}
// Add a permission to resource for a given user and verify that it have it
// Remove the permission for the resource from the user and verify it doesn't have it
func Test_addCheckDeletePermission(t *testing.T) {
initState()
strFmt := "%v/%v"
permission := perRead
baseUrl := fmt.Sprintf(cr.ConvertCommandToRequest(urlCommands[handlePermissionCommand]),
entityToken, userName1, resourceToken, resourceName1, permissionsToken, permission)
okUrlJ := cr.Url{Url: fmt.Sprintf(strFmt, ServicePath, baseUrl)}
url := fmt.Sprintf(strFmt, resourcePath, baseUrl)
exeCommandCheckRes(t, cr.PUT_STR, url, http.StatusCreated, "", okUrlJ)
exeCommandCheckRes(t, cr.GET_STR, url, http.StatusOK, "", cr.Match{Match: true, Message: ""})
exeCommandCheckRes(t, cr.DELETE_STR, url, http.StatusNoContent, "", cr.StringMessage{Str: ""})
str := fmt.Sprintf("Permission '%v' doesn't allowed", permission)
exeCommandCheckRes(t, cr.GET_STR, url, http.StatusNotFound, "", cr.Error{Code: 0, Message: str})
}
// Check that an update key is working as expected
func TestVerifyUpdateKey(t *testing.T) {
userName := usersName[0]
newSecret := secretCode + "aa"
initAListOfUsers(t, usersName)
url := listener + ServicePath + fmt.Sprintf(cr.ConvertCommandToRequest(urlCommands[handleUserUpdateCommand]), usersPath, userName, keyToken)
okUrlJ := cr.Url{Url: fmt.Sprintf("%v/%v", ServicePath, userName)}
secret, _ := json.Marshal(cr.Secret{Secret: newSecret})
exeCommandCheckRes(t, cr.PATCH_STR, url, http.StatusCreated, string(secret), okUrlJ)
OcraData, _ := ocra.NewOcraUser([]byte(newSecret), internalOcraSuite)
url = resourcePath + "/" + userName
exeCommandCheckRes(t, cr.GET_STR, url, http.StatusOK, "", OcraData)
}
// 2. Check that an update ocraSuite is working as expected
func TestVerifyUpdateOcraSuite(t *testing.T) {
userName := usersName[0]
newOcra := "OCRA-1:HOTP-SHA512-8:C-QH08-T1M-S064-PSHA256"
initAListOfUsers(t, usersName)
url := listener + ServicePath + fmt.Sprintf(cr.ConvertCommandToRequest(urlCommands[handleUserUpdateCommand]), usersPath, userName, ocraSuiteToken)
okUrlJ := cr.Url{Url: fmt.Sprintf("%v/%v", ServicePath, userName)}
str, _ := json.Marshal(cr.StringMessage{Str: newOcra})
exeCommandCheckRes(t, cr.PATCH_STR, url, http.StatusCreated, string(str), okUrlJ)
OcraData, _ := ocra.NewOcraUser([]byte(secretCode), newOcra)
url = resourcePath + "/" + userName
exeCommandCheckRes(t, cr.GET_STR, url, http.StatusOK, "", OcraData)
}
// 1. As a user: Update the password, verify the results
// 2. As a root: Fail to update the password to the root
// 3. As a root: Update the password, verify that it is allowed
func TestUpdatePassword(t *testing.T) {
userName := usersName[0]
// initAListOfUsers(t, usersName)
cookieStr, _ := app.GenerateToken(userName, am.UserPermission, clientIP, stRestful.SignKey)
cr.SetCookie(cookieStr)
url := listener + ServicePath + fmt.Sprintf(cr.ConvertCommandToRequest(urlCommands[handleUserPwdCommand]), UsersPath, userName, PwdPath)
okUrlJ := cr.Url{Url: fmt.Sprintf("%v/%v", ServicePath, userName)}
pwd, _ := json.Marshal(cr.UpdateSecret{OldPassword: secretCode, NewPassword: secretCode + "1"})
exeCommandCheckRes(t, cr.PATCH_STR, url, http.StatusCreated, string(pwd), okUrlJ)
url = listener + ServicePath + fmt.Sprintf(cr.ConvertCommandToRequest(urlCommands[handleUserPwdCommand]), UsersPath, stc.RootUserName, PwdPath)
okUrlJ = cr.Url{Url: fmt.Sprintf("%v/%v", ServicePath, stc.RootUserName)}
pwd, _ = json.Marshal(cr.UpdateSecret{OldPassword: rootPwd, NewPassword: secretCode + "2"})
exeCommandCheckRes(t, cr.PATCH_STR, url, http.StatusMethodNotAllowed, string(pwd), cr.Error{Code: http.StatusMethodNotAllowed})
cookieStr, _ = app.GenerateToken(stc.RootUserName, am.SuperUserPermission, clientIP, stRestful.SignKey)
cr.SetCookie(cookieStr)
url = listener + ServicePath + fmt.Sprintf(cr.ConvertCommandToRequest(urlCommands[handleUserPwdCommand]), UsersPath, stc.RootUserName, PwdPath)
okUrlJ = cr.Url{Url: fmt.Sprintf("%v/%v", ServicePath, stc.RootUserName)}
pwd, _ = json.Marshal(cr.UpdateSecret{OldPassword: rootPwd, NewPassword: secretCode + "1"})
exeCommandCheckRes(t, cr.PATCH_STR, url, http.StatusCreated, string(pwd), okUrlJ)
}
func TestMutualChallengeResponse(t *testing.T) {
var OcraData OcraData
userName := usersName[0]
initAListOfUsers(t, usersName)
OcraData.ClientQuestion = "The client 1"
url := listener + ServicePath + fmt.Sprintf(cr.ConvertCommandToRequest(urlCommands[verifyUserIdentityCommand]), usersPath, userName, verifyUserIdentityMutualChallengeStep1Token)
data, _ := json.Marshal(cr.StringMessage{Str: OcraData.ClientQuestion})
res := exeCommandCheckRes(t, cr.PUT_STR, url, http.StatusOK, string(data), cr.StringMessage{Str: getMessageStr})
err := json.Unmarshal([]byte(res), &OcraData)
if err != nil {
t.Errorf("Test fail: execute GET to '%v' expected to get ocra data but received: %v, error: %v",
url, res, err)
t.FailNow()
}
clientOtp, err := ocra.GenerateOCRAAdvance(OcraUserDataInfo.OcraSuite, secretCode,
OcraData.Counter, OcraData.ServerQuestion+OcraData.ClientQuestion, OcraData.Password, OcraData.SessionId, OcraData.TimeStamp)
serverOtp, _ := ocra.GenerateOCRAAdvance(OcraUserDataInfo.OcraSuite, secretCode,
OcraData.Counter, OcraData.ClientQuestion+OcraData.ServerQuestion, OcraData.Password, OcraData.SessionId, OcraData.TimeStamp)
logger.Info.Println("The calculated client OTP for ocra data:", res, "and client question:", OcraData.ClientQuestion, "is:", clientOtp, "the server otp:", serverOtp)
if err != nil {
t.Errorf("Test fail: Try to generate OCRA with the following parameters: %v, error: %v", res, err)
t.FailNow()
}
if OcraData.Otp != serverOtp {
t.Errorf("Test fail: The calculated server OTP: %v is not as the received OTP: %v", serverOtp, OcraData.Otp)
t.FailNow()
}
url = listener + ServicePath + fmt.Sprintf(cr.ConvertCommandToRequest(urlCommands[verifyUserIdentityCommand]), usersPath, userName, verifyUserIdentityMutualChallengeStep2Token)
OcraData.Otp = clientOtp
data, _ = json.Marshal(OcraData)
exeCommandCheckRes(t, cr.PUT_STR, url, http.StatusOK, string(data), cr.Match{Match: true, Message: ""})
}
// 1. Check with match password, verify the results
// 2. Check with not matched password, verify the results
// 3. Update user password and verify that the new password matched
// 4. Verify that the old password not matched
func TestVerifyPassword(t *testing.T) {
userName := usersName[0]
secret := initAListOfUsers(t, usersName)
url := listener + ServicePath + fmt.Sprintf(cr.ConvertCommandToRequest(urlCommands[verifyUserPasswordCommand]), UsersPath, userName)
okUrlJ := cr.Url{Url: fmt.Sprintf("%v/%v", ServicePath, userName)}
exeCommandCheckRes(t, cr.POST_STR, url, http.StatusOK, secret, cr.Match{Match: true, Message: cr.NoMessageStr})
secret1, _ := json.Marshal(secretData{secretCode + "a"})
exeCommandCheckRes(t, cr.POST_STR, url, http.StatusOK, string(secret1), cr.Match{Match: false, Message: cr.NoMessageStr})
secret2, _ := json.Marshal(cr.UpdateSecret{OldPassword: secretCode, NewPassword: secretCode + "a"})
exeCommandCheckRes(t, cr.PATCH_STR, url, http.StatusCreated, string(secret2), okUrlJ)
exeCommandCheckRes(t, cr.POST_STR, url, http.StatusOK, string(secret1), cr.Match{Match: true, Message: cr.NoMessageStr})
exeCommandCheckRes(t, cr.POST_STR, url, http.StatusOK, secret, cr.Match{Match: false, Message: cr.NoMessageStr})
}
func loginRoot(t *testing.T) {
url := listener + ServicePath + fmt.Sprintf(cr.ConvertCommandToRequest(urlCommands[handleAuthenticateCommand]), UserPath)
userLogin, _ := json.Marshal(pUserData{stc.RootUserName, rootPwd})
exeCommandCheckRes(t, cr.PUT_STR, url, http.StatusOK, string(userLogin), cr.Match{Match: true})
}