func TestSessionUserId(t *testing.T) { s := session_util.UserIdSession{&sessions.Session{Values: make(map[interface{}]interface{})}} s.SetUserId(kUserId) s.SetLastLogin(kNow) id, ok := s.UserId() if !ok { t.Error("Expected a UserId") } if id != kUserId { t.Errorf("Expected %d, got %d", kUserId, id) } s.ClearUserId() id, ok = s.UserId() if ok { t.Error("Did not expect a user Id.") } lastLogin, ok := s.LastLogin() if !ok { t.Error("Expected a last login") } if lastLogin != kNow { t.Errorf("Expected %v, got %v", kNow, lastLogin) } s.ClearLastLogin() _, ok = s.LastLogin() if ok { t.Error("Did not expect a last login.") } }
func newSessionStoreWithUserId(sessionId string, userId int64) sessions.Store { result := ramstore.NewRAMStore(900) sessionData := make(map[interface{}]interface{}) s := session_util.UserIdSession{&sessions.Session{Values: sessionData}} s.SetUserId(userId) result.Data.Save(sessionId, sessionData) return result }
func TestXsrfToken(t *testing.T) { s := session_util.UserIdSession{&sessions.Session{Values: make(map[interface{}]interface{})}} s.SetUserId(kUserId) xsrfToken := s.NewXsrfToken("MyPage", kNow.Add(15*time.Minute)) if !s.VerifyXsrfToken(xsrfToken, "MyPage", kNow.Add(14*time.Minute)) { t.Error("Expected token to verify") } if s.VerifyXsrfToken( xsrfToken, "AnotherPage", kNow.Add(14*time.Minute)) { t.Error("Expected token not to verify. Wrong page") } if s.VerifyXsrfToken(xsrfToken, "MyPage", kNow.Add(15*time.Minute)) { t.Error("Expected token not to verify. Time expired") } }
func TestXsrfTokenClearAll(t *testing.T) { s := session_util.UserIdSession{&sessions.Session{Values: make(map[interface{}]interface{})}} s.SetUserId(kUserId) xsrfToken := s.NewXsrfToken("MyPage", kNow.Add(15*time.Minute)) if !s.VerifyXsrfToken(xsrfToken, "MyPage", kNow) { t.Error("Expected token to verify") } s.ClearAll() if s.VerifyXsrfToken(xsrfToken, "MyPage", kNow) { t.Error("Expected token not to verify. Session cleared") } s.SetUserId(kUserId) if s.VerifyXsrfToken(xsrfToken, "MyPage", kNow) { t.Error("Expected token not to verify. Secret should have changed.") } }
func TestXsrfTokenHack(t *testing.T) { s := session_util.UserIdSession{&sessions.Session{Values: make(map[interface{}]interface{})}} s.SetUserId(kUserId) xsrfToken := s.NewXsrfToken("MyPage", kNow.Add(15*time.Minute)) if !s.VerifyXsrfToken(xsrfToken, "MyPage", kNow) { t.Error("Expected token to verify") } if xsrfToken[10] != ':' { t.Error("Expected field dlimiter in xsrf token") } xsrfExpire := xsrfToken[:10] xsrfChecksum := xsrfToken[11:] if s.VerifyXsrfToken("", "MyPage", kNow) { t.Error("Missing token should not verify.") } if s.VerifyXsrfToken("garbage", "MyPage", kNow) { t.Error("garbage token should not verify.") } if s.VerifyXsrfToken("garbage:with_field_delimiter", "MyPage", kNow) { t.Error("garbage with field delimiter token should not verify.") } if s.VerifyXsrfToken( xsrfExpire+":garbage_checksum", "MyPage", kNow) { t.Error("token with garbage checksum should not verify.") } // Add one to expire in token but leave checksum the same. expire, err := strconv.Atoi(xsrfExpire) if err != nil { t.Errorf("Error happened parsing timestamp %v", err) } regularToken := fmt.Sprintf("%d:%s", expire, xsrfChecksum) hackedToken := fmt.Sprintf("%d:%s", expire+1, xsrfChecksum) if !s.VerifyXsrfToken(regularToken, "MyPage", kNow) { t.Error("Expected regular token to verify") } if s.VerifyXsrfToken(hackedToken, "MyPage", kNow) { t.Error("Expected hacked token not to verify") } }