func TestGetAuthenticatedUser(t *testing.T) {
var (
user *accounts.User
err error
)
// A test request
r, err := http.NewRequest("GET", "http://1.2.3.4/something", nil)
assert.NoError(t, err, "Request setup should not get an error")
user, err = accounts.GetAuthenticatedUser(r)
// User object should be nil
assert.Nil(t, user)
// Correct error should be returned
if assert.NotNil(t, err) {
assert.Equal(t, accounts.ErrUserAuthenticationRequired, err)
}
// Set a context value of an invalid type
context.Set(r, accounts.AuthenticatedUserKey, "bogus")
user, err = accounts.GetAuthenticatedUser(r)
// User object should be nil
assert.Nil(t, user)
// Correct error should be returned
if assert.NotNil(t, err) {
assert.Equal(t, accounts.ErrUserAuthenticationRequired, err)
}
// Set a valid context value
context.Set(r, accounts.AuthenticatedUserKey, &accounts.User{FirstName: util.StringOrNull("John Reese")})
user, err = accounts.GetAuthenticatedUser(r)
// Error should be nil
assert.Nil(t, err)
// Correct user object should be returned
if assert.NotNil(t, user) {
assert.Equal(t, "John Reese", user.FirstName.String)
}
}
func (suite *AccountsTestSuite) TestUserAuthMiddleware() {
var (
r *http.Request
w *httptest.ResponseRecorder
next http.HandlerFunc
authenticatedUser *accounts.User
err error
)
middleware := accounts.NewUserAuthMiddleware(suite.service)
// Send a request without a bearer token through the middleware
r, err = http.NewRequest("POST", "http://1.2.3.4/something", nil)
assert.NoError(suite.T(), err, "Request setup should not get an error")
w = httptest.NewRecorder()
next = func(w http.ResponseWriter, r *http.Request) {}
middleware.ServeHTTP(w, r, next)
// Check the response
testutil.TestResponseForError(suite.T(), w, accounts.ErrUserAuthenticationRequired.Error(), 401)
// Check the context variable has not been set
authenticatedUser, err = accounts.GetAuthenticatedUser(r)
assert.Nil(suite.T(), authenticatedUser)
assert.Error(suite.T(), err)
assert.Equal(suite.T(), accounts.ErrUserAuthenticationRequired, err)
// Send a request with empty bearer token through the middleware
r, err = http.NewRequest("POST", "http://1.2.3.4/something", nil)
assert.NoError(suite.T(), err, "Request setup should not get an error")
r.Header.Set("Authorization", "Bearer ")
w = httptest.NewRecorder()
next = func(w http.ResponseWriter, r *http.Request) {}
middleware.ServeHTTP(w, r, next)
// Check the response
testutil.TestResponseForError(suite.T(), w, accounts.ErrUserAuthenticationRequired.Error(), 401)
// Check the context variable has not been set
authenticatedUser, err = accounts.GetAuthenticatedUser(r)
assert.Nil(suite.T(), authenticatedUser)
assert.Error(suite.T(), err)
assert.Equal(suite.T(), accounts.ErrUserAuthenticationRequired, err)
// Send a request with incorrect bearer token through the middleware
r, err = http.NewRequest("POST", "http://1.2.3.4/something", nil)
assert.NoError(suite.T(), err, "Request setup should not get an error")
r.Header.Set("Authorization", "Bearer bogus")
w = httptest.NewRecorder()
next = func(w http.ResponseWriter, r *http.Request) {}
middleware.ServeHTTP(w, r, next)
// Check the response
testutil.TestResponseForError(suite.T(), w, accounts.ErrUserAuthenticationRequired.Error(), 401)
// Check the context variable has not been set
authenticatedUser, err = accounts.GetAuthenticatedUser(r)
assert.Nil(suite.T(), authenticatedUser)
assert.Error(suite.T(), err)
assert.Equal(suite.T(), accounts.ErrUserAuthenticationRequired, err)
// Send a request with client bearer token through the middleware
r, err = http.NewRequest("POST", "http://1.2.3.4/something", nil)
assert.NoError(suite.T(), err, "Request setup should not get an error")
r.Header.Set("Authorization", "Bearer test_client_token")
w = httptest.NewRecorder()
next = func(w http.ResponseWriter, r *http.Request) {}
middleware.ServeHTTP(w, r, next)
// Check the response
testutil.TestResponseForError(suite.T(), w, accounts.ErrUserAuthenticationRequired.Error(), 401)
// Check the context variable has not been set
authenticatedUser, err = accounts.GetAuthenticatedUser(r)
assert.Nil(suite.T(), authenticatedUser)
assert.Error(suite.T(), err)
assert.Equal(suite.T(), accounts.ErrUserAuthenticationRequired, err)
// Send a request with correct bearer token through the middleware
r, err = http.NewRequest("POST", "http://1.2.3.4/something", nil)
assert.NoError(suite.T(), err, "Request setup should not get an error")
r.Header.Set("Authorization", "Bearer test_user_token")
w = httptest.NewRecorder()
next = func(w http.ResponseWriter, r *http.Request) {}
middleware.ServeHTTP(w, r, next)
// Check the status code
assert.Equal(suite.T(), 200, w.Code)
// Check the context variable has been set
authenticatedUser, err = accounts.GetAuthenticatedUser(r)
assert.NoError(suite.T(), err)
assert.NotNil(suite.T(), authenticatedUser)
assert.Equal(suite.T(), "test@user", authenticatedUser.OauthUser.Username)
}