func TestGetAuthenticatedUser(t *testing.T) { var ( user *accounts.User err error ) // A test request r, err := http.NewRequest("GET", "http://1.2.3.4/something", nil) assert.NoError(t, err, "Request setup should not get an error") user, err = accounts.GetAuthenticatedUser(r) // User object should be nil assert.Nil(t, user) // Correct error should be returned if assert.NotNil(t, err) { assert.Equal(t, accounts.ErrUserAuthenticationRequired, err) } // Set a context value of an invalid type context.Set(r, accounts.AuthenticatedUserKey, "bogus") user, err = accounts.GetAuthenticatedUser(r) // User object should be nil assert.Nil(t, user) // Correct error should be returned if assert.NotNil(t, err) { assert.Equal(t, accounts.ErrUserAuthenticationRequired, err) } // Set a valid context value context.Set(r, accounts.AuthenticatedUserKey, &accounts.User{FirstName: util.StringOrNull("John Reese")}) user, err = accounts.GetAuthenticatedUser(r) // Error should be nil assert.Nil(t, err) // Correct user object should be returned if assert.NotNil(t, user) { assert.Equal(t, "John Reese", user.FirstName.String) } }
func (suite *AccountsTestSuite) TestUserAuthMiddleware() { var ( r *http.Request w *httptest.ResponseRecorder next http.HandlerFunc authenticatedUser *accounts.User err error ) middleware := accounts.NewUserAuthMiddleware(suite.service) // Send a request without a bearer token through the middleware r, err = http.NewRequest("POST", "http://1.2.3.4/something", nil) assert.NoError(suite.T(), err, "Request setup should not get an error") w = httptest.NewRecorder() next = func(w http.ResponseWriter, r *http.Request) {} middleware.ServeHTTP(w, r, next) // Check the response testutil.TestResponseForError(suite.T(), w, accounts.ErrUserAuthenticationRequired.Error(), 401) // Check the context variable has not been set authenticatedUser, err = accounts.GetAuthenticatedUser(r) assert.Nil(suite.T(), authenticatedUser) assert.Error(suite.T(), err) assert.Equal(suite.T(), accounts.ErrUserAuthenticationRequired, err) // Send a request with empty bearer token through the middleware r, err = http.NewRequest("POST", "http://1.2.3.4/something", nil) assert.NoError(suite.T(), err, "Request setup should not get an error") r.Header.Set("Authorization", "Bearer ") w = httptest.NewRecorder() next = func(w http.ResponseWriter, r *http.Request) {} middleware.ServeHTTP(w, r, next) // Check the response testutil.TestResponseForError(suite.T(), w, accounts.ErrUserAuthenticationRequired.Error(), 401) // Check the context variable has not been set authenticatedUser, err = accounts.GetAuthenticatedUser(r) assert.Nil(suite.T(), authenticatedUser) assert.Error(suite.T(), err) assert.Equal(suite.T(), accounts.ErrUserAuthenticationRequired, err) // Send a request with incorrect bearer token through the middleware r, err = http.NewRequest("POST", "http://1.2.3.4/something", nil) assert.NoError(suite.T(), err, "Request setup should not get an error") r.Header.Set("Authorization", "Bearer bogus") w = httptest.NewRecorder() next = func(w http.ResponseWriter, r *http.Request) {} middleware.ServeHTTP(w, r, next) // Check the response testutil.TestResponseForError(suite.T(), w, accounts.ErrUserAuthenticationRequired.Error(), 401) // Check the context variable has not been set authenticatedUser, err = accounts.GetAuthenticatedUser(r) assert.Nil(suite.T(), authenticatedUser) assert.Error(suite.T(), err) assert.Equal(suite.T(), accounts.ErrUserAuthenticationRequired, err) // Send a request with client bearer token through the middleware r, err = http.NewRequest("POST", "http://1.2.3.4/something", nil) assert.NoError(suite.T(), err, "Request setup should not get an error") r.Header.Set("Authorization", "Bearer test_client_token") w = httptest.NewRecorder() next = func(w http.ResponseWriter, r *http.Request) {} middleware.ServeHTTP(w, r, next) // Check the response testutil.TestResponseForError(suite.T(), w, accounts.ErrUserAuthenticationRequired.Error(), 401) // Check the context variable has not been set authenticatedUser, err = accounts.GetAuthenticatedUser(r) assert.Nil(suite.T(), authenticatedUser) assert.Error(suite.T(), err) assert.Equal(suite.T(), accounts.ErrUserAuthenticationRequired, err) // Send a request with correct bearer token through the middleware r, err = http.NewRequest("POST", "http://1.2.3.4/something", nil) assert.NoError(suite.T(), err, "Request setup should not get an error") r.Header.Set("Authorization", "Bearer test_user_token") w = httptest.NewRecorder() next = func(w http.ResponseWriter, r *http.Request) {} middleware.ServeHTTP(w, r, next) // Check the status code assert.Equal(suite.T(), 200, w.Code) // Check the context variable has been set authenticatedUser, err = accounts.GetAuthenticatedUser(r) assert.NoError(suite.T(), err) assert.NotNil(suite.T(), authenticatedUser) assert.Equal(suite.T(), "test@user", authenticatedUser.OauthUser.Username) }