// Authenticate process the request and returns a populated UserProfile. // If the Authenticate method can not authenticate the User based on the // request, an error or a redirect URL wll be return. func (p *Provider) Authenticate(w http.ResponseWriter, r *http.Request) ( up *profile.Profile, redirectURL string, err error) { c := context.NewContext(r) url := r.FormValue("provider") // Set provider info. up = profile.New(p.Name, url) // Check for current User. u := aeuser.Current(c) if u == nil { redirectURL := r.URL.Path + "/callback" loginUrl, err := aeuser.LoginURLFederated(c, redirectURL, url) return up, loginUrl, err } if u.FederatedIdentity != "" { up.ID = u.FederatedIdentity } else { up.ID = u.ID } per := new(person.Person) per.Email = u.Email per.Emails = []*person.PersonEmails{ &person.PersonEmails{true, "home", u.Email}, } per.URL = u.FederatedIdentity up.Person = per return up, "", nil }
// Authenticate process the request and returns a populated Profile. // If the Authenticate method can not authenticate the User based on the // request, an error or a redirect URL wll be return. func (p *Provider) Authenticate(w http.ResponseWriter, r *http.Request) ( pf *profile.Profile, url string, err error) { p.URL = r.URL.Host pf = profile.New(p.Name, p.URL) pass := &Password{ New: r.FormValue("Password.New"), Current: r.FormValue("Password.Current"), Email: r.FormValue("Email"), } c := context.NewContext(r) userID, _ := user.CurrentUserIDByEmail(r, pass.Email) pers := decodePerson(r) pf, err = authenticate(c, pass, pers, userID) return pf, "", err }
// Authenticate process the request and returns a populated Profile. // If the Authenticate method can not authenticate the User based on the // request, an error or a redirect URL wll be return. func (p *Provider) Authenticate(w http.ResponseWriter, r *http.Request) ( up *profile.Profile, url string, err error) { up = profile.New(p.Name, p.URL) // Add the User's Unique ID. If an ID is not provided make this // value "default" up.ID = r.FormValue("ID") if up.ID == "" { up.ID = "default" } // Decode the form data and add the resulting Person type to the Profile. per := &person.Person{} decoder := schema.NewDecoder() decoder.Decode(per, r.Form) up.Person = per return up, "", nil }
func create(c appengine.Context, pass string, pers *person.Person, userID string) ( pf *profile.Profile, err error) { var id string if userID == "" { u := user.New() u.SetKey(c) if err = u.Put(c); err != nil { return } id = u.Key.StringID() } else { id = userID } pf = profile.New("Password", "") pf.ID = id pf.UserID = id pf.Auth, _ = GenerateFromPassword([]byte(pass)) pf.Person = pers return }
// Scenario #2: // - No User session // - Yes Email Saved // - Yes Profile Saved func TestAuthenticate_Scenario2(t *testing.T) { pro := setup() defer tearDown() var pf *profile.Profile var uRL string var err error var v url.Values var r *http.Request c := context.NewContext(nil) w := httptest.NewRecorder() // Profile Not found v = url.Values{} v.Set("Email", "*****@*****.**") v.Set("Password.Current", "secret1") r = createRequest(v) // Check. if pf, uRL, err = pro.Authenticate(w, r); uRL != "" || err != ErrProfileNotFound { t.Errorf(`url: %v, want: ""`, uRL) t.Errorf(`err: %v, want: %v`, err, ErrProfileNotFound) } // Setup. pf = profile.New("Password", "") pf.UserID = "1" pf.ID = "1" passHash, _ := GenerateFromPassword([]byte("secret1")) pf.Auth = passHash pf.SetKey(c) pf.Person = &person.Person{ Name: &person.PersonName{ GivenName: "Barack", FamilyName: "Obama", }, } _ = pf.Put(c) e := email.New() e.UserID = "1" e.SetKey(c, "*****@*****.**") _ = e.Put(c) // 1. Login // a. Correct password. v = url.Values{} v.Set("Email", "*****@*****.**") v.Set("Password.Current", "secret1") v.Set("Name.GivenName", "Berry") r = createRequest(v) // Check. if pf, uRL, err = pro.Authenticate(w, r); uRL != "" || err != nil { t.Errorf(`url: %v, want: ""`, uRL) t.Fatalf(`err: %v, want: %v`, err, nil) } if x := pf.Person.Name.GivenName; x != "Barack" { t.Errorf(`.Person should not be updated on login`) } // b. In-Correct password. v = url.Values{} v.Set("Email", "*****@*****.**") v.Set("Password.Current", "fakepass") r = createRequest(v) // Check. if _, _, err = pro.Authenticate(w, r); err != ErrPasswordMismatch { t.Errorf(`err: %v, want: %v`, err, ErrPasswordMismatch) } // 2. Update // a. Correct password. v = url.Values{} v.Set("Email", "*****@*****.**") v.Set("Password.Current", "secret1") v.Set("Password.New", "secret2") v.Set("Name.GivenName", "Berry") r = createRequest(v) // Check. if pf, uRL, err = pro.Authenticate(w, r); uRL != "" || err != nil { t.Errorf(`url: %v, want: ""`, uRL) t.Errorf(`err: %v, want: %v`, err, nil) } if x := pf.Person.Name.GivenName; x != "Berry" { t.Errorf(`pf.Person should be updated on update`) } if x := pf.UserID; x != "1" { t.Errorf(`pf.UserID: %v, want %v`, x, "1") } if err := CompareHashAndPassword(pf.Auth, []byte("secret2")); err != nil { t.Errorf(`Password was not changed`) } // b. In-Correct password. v = url.Values{} v.Set("Email", "*****@*****.**") v.Set("Password.Current", "fakepass") v.Set("Password.New", "hacked") v.Set("Name.GivenName", "Bob") r = createRequest(v) // Check. if _, _, err = pro.Authenticate(w, r); err != ErrPasswordMismatch { t.Errorf(`err: %v, want: %v`, err, ErrPasswordMismatch) } // 2. Create - Should login user // a. Correct password. v = url.Values{} v.Set("Email", "*****@*****.**") v.Set("Password.New", "secret1") v.Set("Name.GivenName", "Bob1") r = createRequest(v) // Check. if pf, uRL, err = pro.Authenticate(w, r); uRL != "" || err != nil { t.Errorf(`url: %v, want: ""`, uRL) t.Errorf(`err: %v, want: %v`, err, nil) } if x := pf.Person.Name.GivenName; x != "Bob1" { t.Errorf(`.Person should be updated on update`) } if x := pf.UserID; x != "1" { t.Errorf(`pf.UserID: %v, want %v`, x, "1") } if err := CompareHashAndPassword(pf.Auth, []byte("secret1")); err != nil { t.Errorf(`Password was not changed`) } // b. In-Correct password. v = url.Values{} v.Set("Email", "*****@*****.**") v.Set("Password.New", "fakepass") v.Set("Name.GivenName", "Bob2") r = createRequest(v) // Check. if _, _, err = pro.Authenticate(w, r); err != ErrPasswordMismatch { t.Errorf(`err: %v, want: %v`, err, ErrPasswordMismatch) } }
func (p *TPComplete) Authenticate(w http.ResponseWriter, r *http.Request) ( up *profile.Profile, url string, err error) { up = profile.New("Example", "example.com") up.ID = "1" return up, "", nil }
func Test_CreateAndLogin(t *testing.T) { setup() defer teardown() c := context.NewContext(nil) up := profile.New("Example", "example.com") r, _ := http.NewRequest("GET", "http://localhost:8080/-/auth/example4", nil) w := httptest.NewRecorder() // Round 1: No User | No Profile // Confirm. q := datastore.NewQuery("User") if cnt, _ := q.Count(c); cnt != 0 { t.Errorf(`User cnt: %v, want 0`, cnt) } q = datastore.NewQuery("Profile") if cnt, _ := q.Count(c); cnt != 0 { t.Errorf(`Profile cnt: %v, want 0`, cnt) } u, err := user.Current(r) if err != user.ErrNoLoggedInUser { t.Errorf(`err: %v, want %v`, err, user.ErrNoLoggedInUser) } // Create. up.ID = "1" up.ProviderName = "Example" up.SetKey(c) u, err = CreateAndLogin(w, r, up) if err != nil { t.Errorf(`err: %v, want nil`, err) } if u.Key.StringID() != "1" { t.Errorf(`u.Key.StringID(): %v, want 1`, u.Key.StringID()) } if up.Key.StringID() != "example|1" { t.Errorf(`up.Key.StringID(): %v, want "example|1"`, up.Key.StringID()) } if up.UserID != u.Key.StringID() { t.Errorf(`up.UserID: %v, want %v`, up.UserID, u.Key.StringID()) } // Confirm Profile. rup, err := profile.Get(c, "example|1") if err != nil { t.Errorf(`err: %v, want nil`, err) } if rup.ID != "1" { t.Errorf(`rup.ID: %v, want "1"`, rup.ID) } if rup.Key.StringID() != "example|1" { t.Errorf(`rup.Key.StringID(): %v, want "example|1"`, rup.Key.StringID()) } if rup.UserID != u.Key.StringID() { t.Errorf(`rup.UserID: %v, want %v`, rup.UserID, u.Key.StringID()) } // Confirm User. ru, err := user.Get(c, "1") if err != nil { t.Fatalf(`err: %v, want nil`, err) } if ru.AuthIDs[0] != "example|1" { t.Errorf(`ru.AuthIDs[0]: %v, want "example|1"`, ru.AuthIDs[0]) } if ru.Key.StringID() != "1" { t.Errorf(`ru.Key.StringID(): %v, want 1`, ru.Key.StringID()) } q2 := datastore.NewQuery("User") if cnt, _ := q2.Count(c); cnt != 1 { t.Errorf(`User cnt: %v, want 1`, cnt) } q4 := datastore.NewQuery("AuthProfile") if cnt, _ := q4.Count(c); cnt != 1 { t.Errorf(`Profile cnt: %v, want 1`, cnt) } // Confirm Logged in User. u, err = user.Current(r) if err != nil { t.Errorf(`err: %v, want %v`, err, nil) } if u.Key.StringID() != "1" { t.Errorf(`u.Key.StringID(): %v, want 1`, u.Key.StringID()) } if len(u.AuthIDs) != 1 { t.Errorf(`len(u.AuthIDs): %v, want 1`, len(u.AuthIDs)) t.Errorf(`u.AuthIDs: %v`, u.AuthIDs) t.Errorf(`u: %v`, u) } // Round 2: Logged in User | Second Profile // Create. up = profile.New("AnotherExample", "anotherexample.com") up.ID = "2" up.SetKey(c) u, err = CreateAndLogin(w, r, up) if err != nil { t.Errorf(`err: %v, want nil`, err) } // Confirm Profile. rup, err = profile.Get(c, "anotherexample|2") if err != nil { t.Errorf(`err: %v, want nil`, err) } if rup.ID != "2" { t.Errorf(`rup.ID: %v, want "2"`, rup.ID) } if rup.Key.StringID() != "anotherexample|2" { t.Errorf(`rup.Key.StringID(): %v, want "anotherexample|2"`, rup.Key.StringID()) } if rup.UserID != u.Key.StringID() { t.Errorf(`rup.UserID: %v, want %v`, rup.UserID, u.Key.StringID()) } // Confirm Logged in User hasn't changed. u, err = user.Current(r) if err != nil { t.Errorf(`err: %v, want %v`, err, nil) } if u.Key.StringID() != "1" { t.Errorf(`u.Key.StringID(): %v, want 1`, u.Key.StringID()) } if len(u.AuthIDs) != 2 { t.Errorf(`len(u.AuthIDs): %v, want 2`, len(u.AuthIDs)) t.Errorf(`u.AuthIDs: %v`, u.AuthIDs) t.Errorf(`u: %v`, u) } if u.AuthIDs[0] != "example|1" { t.Errorf(`u.AuthIDs[0]: %v, want "example|1"`, u.AuthIDs[0]) } if u.AuthIDs[1] != "anotherexample|2" { t.Errorf(`u.AuthIDs[1]: %v, want "anotherexample|2"`, u.AuthIDs[1]) } // Confirm Counts q2 = datastore.NewQuery("User") if cnt, _ := q2.Count(c); cnt != 1 { t.Errorf(`User cnt: %v, want 1`, cnt) } q4 = datastore.NewQuery("AuthProfile") if cnt, _ := q4.Count(c); cnt != 2 { t.Errorf(`Profile cnt: %v, want 1`, cnt) } // Round 3: Logged out User | Existing Profile err = user.Logout(w, r) if err != nil { t.Errorf(`err: %v, want nil`, err) } // Confirm Logged out User. u, err = user.Current(r) if err != user.ErrNoLoggedInUser { t.Errorf(`err: %q, want %q`, err, user.ErrNoLoggedInUser) } // Login. up = profile.New("Example", "example.com") up.ID = "1" up.SetKey(c) u, err = CreateAndLogin(w, r, up) if err != nil { t.Errorf(`err: %v, want nil`, err) } // Confirm. q2 = datastore.NewQuery("User") if cnt, _ := q2.Count(c); cnt != 1 { t.Errorf(`User cnt: %v, want 1`, cnt) } q4 = datastore.NewQuery("AuthProfile") if cnt, _ := q4.Count(c); cnt != 2 { t.Errorf(`Profile cnt: %v, want 1`, cnt) } // Confirm Logged in User hasn't changed. u, err = user.Current(r) if err != nil { t.Errorf(`err: %v, want %v`, err, nil) } if u.Key.StringID() != "1" { t.Errorf(`u.Key.StringID(): %v, want "1"`, u.Key.StringID()) } if len(u.AuthIDs) != 2 { t.Errorf(`len(u.AuthIDs): %v, want 2`, len(u.AuthIDs)) t.Errorf(`u.AuthIDs: %s`, u.AuthIDs) t.Errorf(`u: %v`, u) } }