func init() {
logger.Init(ioutil.Discard, ioutil.Discard, ioutil.Discard, ioutil.Discard)
privateKeyFilePath := flag.String("rsa-private", "./dist/key.private", "RSA private key file path")
secureKeyFilePath := flag.String("secure-key", "./dist/secureKey", "password to encrypt the secure storage")
usersDataPath := flag.String("data-file", "./dist/data.txt", "Login information file")
flag.Parse()
ServicePath = cr.ServicePathPrefix + cr.Version + AmPrefix
resourcePath = listener + ServicePath + UsersPath
usersList := en.New()
signKey, verifyKey := app.TokenSetUp(*privateKeyFilePath)
loginKey := ss.GetSecureKey(*secureKeyFilePath)
en.LoadInfo(*usersDataPath, loginKey, usersList)
stRestful = libsecurity_restful.NewLibsecurityRestful()
stRestful.SetData(usersList, loginKey, verifyKey, signKey, nil)
rootCookieStr, _ := app.GenerateToken(stc.RootUserName, am.SuperUserPermission, clientIP, signKey)
cr.SetCookie(rootCookieStr)
for _, name := range usersName {
stRestful.UsersList.AddUser(name)
}
go runServer()
time.Sleep(100 * time.Millisecond)
}
// TODO should I force to do logout first
func (l amRestful) restAm(request *restful.Request, response *restful.Response) {
var tUserInfo pUserData
err := request.ReadEntity(&tUserInfo)
if err != nil {
l.setError(response, http.StatusNotFound, err)
return
}
userInfo := userData{tUserInfo.Name, []byte(tUserInfo.Password)}
data := l.getAM(request, response, userInfo.Name)
if data == nil {
return
}
err = data.IsPasswordMatch([]byte(userInfo.Password))
if err != nil {
l.setError(response, http.StatusMethodNotAllowed, fmt.Errorf("Error with the password for user '%v': %v", userInfo.Name, err))
return
}
tokenStr, err := app.GenerateToken(userInfo.Name, data.Privilege, getIPAddress(request), l.st.SignKey)
if err != nil {
l.setError(response, http.StatusInternalServerError, err)
return
}
logger.Info.Println("User:"******"is authenticated")
addLoginCookie(response, tokenStr)
response.WriteHeader(http.StatusOK)
response.WriteEntity(cr.Match{Match: true, Message: fmt.Sprintf("User '%v' is authenticated", userInfo.Name)})
}
func initAListOfUsers(t *testing.T, usersList []string) string {
cookieStr, _ := app.GenerateToken(stc.RootUserName, am.SuperUserPermission, clientIP, stRestful.SignKey)
cr.SetCookie(cookieStr)
for _, name := range usersList {
okUrlJ := cr.Url{Url: fmt.Sprintf("%v/%v", ServicePath, name)}
url := resourcePath + "/" + name
exeCommandCheckRes(t, cr.PUT_STR, url, http.StatusCreated, string(uData), okUrlJ)
data, _ := stRestful.UsersList.GetPropertyAttachedToEntity(name, propertyName)
exeCommandCheckRes(t, cr.GET_STR, url, http.StatusOK, "", data.(*am.AmUserInfo))
}
return string(uData)
}
// 1. As a user: Update the password, verify the results
// 2. As a root: Fail to update the password to the root
// 3. As a root: Update the password, verify that it is allowed
func TestUpdatePassword(t *testing.T) {
userName := usersName[0]
// initAListOfUsers(t, usersName)
cookieStr, _ := app.GenerateToken(userName, am.UserPermission, clientIP, stRestful.SignKey)
cr.SetCookie(cookieStr)
url := listener + ServicePath + fmt.Sprintf(cr.ConvertCommandToRequest(urlCommands[handleUserPwdCommand]), UsersPath, userName, PwdPath)
okUrlJ := cr.Url{Url: fmt.Sprintf("%v/%v", ServicePath, userName)}
pwd, _ := json.Marshal(cr.UpdateSecret{OldPassword: secretCode, NewPassword: secretCode + "1"})
exeCommandCheckRes(t, cr.PATCH_STR, url, http.StatusCreated, string(pwd), okUrlJ)
url = listener + ServicePath + fmt.Sprintf(cr.ConvertCommandToRequest(urlCommands[handleUserPwdCommand]), UsersPath, stc.RootUserName, PwdPath)
okUrlJ = cr.Url{Url: fmt.Sprintf("%v/%v", ServicePath, stc.RootUserName)}
pwd, _ = json.Marshal(cr.UpdateSecret{OldPassword: rootPwd, NewPassword: secretCode + "2"})
exeCommandCheckRes(t, cr.PATCH_STR, url, http.StatusMethodNotAllowed, string(pwd), cr.Error{Code: http.StatusMethodNotAllowed})
cookieStr, _ = app.GenerateToken(stc.RootUserName, am.SuperUserPermission, clientIP, stRestful.SignKey)
cr.SetCookie(cookieStr)
url = listener + ServicePath + fmt.Sprintf(cr.ConvertCommandToRequest(urlCommands[handleUserPwdCommand]), UsersPath, stc.RootUserName, PwdPath)
okUrlJ = cr.Url{Url: fmt.Sprintf("%v/%v", ServicePath, stc.RootUserName)}
pwd, _ = json.Marshal(cr.UpdateSecret{OldPassword: rootPwd, NewPassword: secretCode + "1"})
exeCommandCheckRes(t, cr.PATCH_STR, url, http.StatusCreated, string(pwd), okUrlJ)
}
// 1. As a root: Update the user privilege, verify the results
// 2. As a root: Update the root privilege, verify that it is not allowed
// 3. As the user: Update the user privilege, verify that it is not allowed
func TestUpdatePrivilege(t *testing.T) {
userName := usersName[0]
initAListOfUsers(t, usersName)
url := listener + ServicePath + fmt.Sprintf(cr.ConvertCommandToRequest(urlCommands[handleUserPwdCommand]), UsersPath, userName, PrivilegePath)
okUrlJ := cr.Url{Url: fmt.Sprintf("%v/%v", ServicePath, userName)}
privilege, _ := json.Marshal(privilegePwd{Privilege: am.SuperUserPermission})
exeCommandCheckRes(t, cr.PATCH_STR, url, http.StatusCreated, string(privilege), okUrlJ)
url = listener + ServicePath + fmt.Sprintf(cr.ConvertCommandToRequest(urlCommands[handleUserPwdCommand]), UsersPath, stc.RootUserName, PrivilegePath)
okUrlJ = cr.Url{Url: fmt.Sprintf("%v/%v", ServicePath, stc.RootUserName)}
privilege, _ = json.Marshal(privilegePwd{Privilege: am.SuperUserPermission})
exeCommandCheckRes(t, cr.PATCH_STR, url, http.StatusBadRequest, string(privilege), cr.Error{Code: http.StatusBadRequest})
cookieStr, _ := app.GenerateToken(userName, am.UserPermission, clientIP, stRestful.SignKey)
cr.SetCookie(cookieStr)
exeCommandCheckRes(t, cr.PATCH_STR, url, http.StatusMethodNotAllowed, string(privilege), cr.Error{Code: http.StatusMethodNotAllowed})
}