func TestTicketExtendValidity(t *testing.T) {
tic := ticket.Grant("jb", "10.2.3.4", 1234567890)
user, err := ticket.Verify(tic, "10.2.3.4", 1234567890)
if user != "jb" {
t.Errorf("unexpected user %q", user)
}
if err != nil {
t.Errorf("unexpected err %s", err)
}
ts, err := ticket.Load(tic)
if err != nil {
t.Error(err)
}
ts.Validity = 1234567900
tic = ts.String()
user, err = ticket.Verify(tic, "10.2.3.4", 1234567895)
if user != "jb" {
t.Errorf("unexpected user %q", user)
}
if err != nil {
t.Errorf("unexpected err %s", err)
}
}
func authenticate(rw http.ResponseWriter, req *http.Request) bool {
tic := req.Header.Get("X-Mole-Ticket")
if tic == "" {
return false
}
addr, err := net.ResolveTCPAddr("tcp", req.RemoteAddr)
if err != nil {
// Resolving the remote address should never fail
panic(err)
}
ip := addr.IP.String()
if ip == "" {
// The remote address should never be empty
panic("bug: empty remote address")
}
user, err := ticket.Verify(tic, ip, time.Now().Unix())
if err != nil {
return false
}
rw.Header().Set("X-Mole-Authenticated", user)
req.Header.Set("X-Mole-Authenticated", user)
return true
}
func TestGrantVerifyOK(t *testing.T) {
tic := ticket.Grant("jb", "10.2.3.4", 1234567890)
user, err := ticket.Verify(tic, "10.2.3.4", 1234567890)
if user != "jb" {
t.Errorf("unexpected user %q", user)
}
if err != nil {
t.Errorf("unexpected err %s", err)
}
}
func TestGrantVerifyExpired(t *testing.T) {
tic := ticket.Grant("jb", "10.2.3.4", 1234567890)
user, err := ticket.Verify(tic, "10.2.3.4", 1234567891)
if user != "" {
t.Errorf("unexpected user %q", user)
}
if err == nil {
t.Errorf("unexpected nil err")
}
}
func TestGrantVerifyModified(t *testing.T) {
tic := ticket.Grant("jb", "10.2.3.4", 1234567890)
fail := "A" + tic[:len(tic)-1]
user, err := ticket.Verify(fail, "10.2.3.4", 1234567890)
if user != "" {
t.Errorf("unexpected user %q", user)
}
if err == nil {
t.Errorf("unexpected nil err")
}
}