예제 #1
0
func TestManagerKeySet(t *testing.T) {
	ks, _ := testGenerator.Generate("")
	ks.Key("private")

	for name, m := range managers {
		_, err := m.GetKeySet("foo")
		pkg.AssertError(t, true, err, name)

		err = m.AddKeySet("bar", ks)
		pkg.AssertError(t, false, err, name)

		time.Sleep(time.Millisecond * 100)

		got, err := m.GetKeySet("bar")
		pkg.RequireError(t, false, err, name)
		assert.Equal(t, ks.Key("public"), got.Key("public"), name)
		assert.Equal(t, ks.Key("private"), got.Key("private"), name)

		err = m.DeleteKeySet("bar")
		pkg.AssertError(t, false, err, name)

		time.Sleep(time.Millisecond * 100)

		_, err = m.GetKeySet("bar")
		pkg.AssertError(t, true, err, name)
	}

	err := managers["http"].AddKeySet("nonono", ks)
	pkg.AssertError(t, true, err, "%s")
}
예제 #2
0
func TestCreateGetDeleteOpenIDConnectSession(t *testing.T) {
	ctx := context.Background()
	for k, m := range clientManagers {
		_, err := m.GetOpenIDConnectSession(ctx, "4321", &fosite.Request{})
		pkg.AssertError(t, true, err, "%s", k)

		err = m.CreateOpenIDConnectSession(ctx, "4321", &defaultRequest)
		pkg.AssertError(t, false, err, "%s", k)

		time.Sleep(100 * time.Millisecond)

		res, err := m.GetOpenIDConnectSession(ctx, "4321", &fosite.Request{
			Session: &testSession{},
		})
		pkg.RequireError(t, false, err, "%s", k)
		c.AssertObjectKeysEqual(t, &defaultRequest, res, "Scopes", "GrantedScopes", "Form", "Session")

		err = m.DeleteOpenIDConnectSession(ctx, "4321")
		pkg.AssertError(t, false, err, "%s", k)

		time.Sleep(100 * time.Millisecond)

		_, err = m.GetOpenIDConnectSession(ctx, "4321", &fosite.Request{})
		pkg.AssertError(t, true, err, "%s", k)
	}
}
예제 #3
0
func TestColdStartRethinkManager(t *testing.T) {
	ctx := context.Background()
	m := rethinkManager
	id := uuid.New()

	err := m.CreateAuthorizeCodeSession(ctx, id, &defaultRequest)
	pkg.AssertError(t, false, err)
	err = m.CreateAccessTokenSession(ctx, id, &defaultRequest)
	pkg.AssertError(t, false, err)

	time.Sleep(100 * time.Millisecond)

	_, err = m.GetAuthorizeCodeSession(ctx, id, &testSession{})
	pkg.AssertError(t, false, err)
	_, err = m.GetAccessTokenSession(ctx, id, &testSession{})
	pkg.AssertError(t, false, err)

	delete(rethinkManager.AuthorizeCodes, id)
	delete(rethinkManager.AccessTokens, id)

	_, err = m.GetAuthorizeCodeSession(ctx, id, &testSession{})
	pkg.AssertError(t, true, err)
	_, err = m.GetAccessTokenSession(ctx, id, &testSession{})
	pkg.AssertError(t, true, err)

	err = rethinkManager.ColdStart()
	pkg.AssertError(t, false, err)

	_, err = m.GetAuthorizeCodeSession(ctx, id, &testSession{})
	pkg.AssertError(t, false, err)
	_, err = m.GetAccessTokenSession(ctx, id, &testSession{})
	pkg.AssertError(t, false, err)
}
예제 #4
0
func TestAuthorized(t *testing.T) {
	for n, w := range wardens {
		for k, c := range []struct {
			token     string
			scopes    []string
			expectErr bool
			assert    func(*firewall.Context)
		}{
			{
				token:     "invalid",
				expectErr: true,
			},
			{
				token:     "invalid",
				expectErr: true,
			},
			{
				token:     tokens[0][1],
				scopes:    []string{"foo"},
				expectErr: true,
			},
			{
				token:     tokens[0][1],
				scopes:    []string{"core"},
				expectErr: false,
				assert: func(c *firewall.Context) {
					assert.Equal(t, "alice", c.Subject)
					assert.Equal(t, "tests", c.Issuer)

				},
			},
		} {
			ctx, err := w.Authorized(context.Background(), c.token, c.scopes...)
			pkg.AssertError(t, c.expectErr, err, n, "ActionAllowed", k)
			if err == nil && c.assert != nil {
				c.assert(ctx)
			}

			httpreq := &http.Request{Header: http.Header{}}
			httpreq.Header.Set("Authorization", "bearer "+c.token)
			ctx, err = w.HTTPAuthorized(context.Background(), httpreq, c.scopes...)
			pkg.AssertError(t, c.expectErr, err, n, "HTTPActionAllowed", k)
			if err == nil && c.assert != nil {
				c.assert(ctx)
			}
		}
	}
}
예제 #5
0
func TestAEAD(t *testing.T) {
	key, err := rand.RandomBytes(32)
	pkg.AssertError(t, false, err)

	a := &AEAD{
		Key: key,
	}

	for i := 0; i < 100; i++ {
		plain := []byte(uuid.New())
		ct, err := a.Encrypt(plain)
		pkg.AssertError(t, false, err)

		res, err := a.Decrypt(ct)
		pkg.AssertError(t, false, err)
		assert.Equal(t, plain, res)
	}
}
예제 #6
0
func TestAuthenticateClient(t *testing.T) {
	var mem = &MemoryManager{
		Clients: map[string]*fosite.DefaultClient{},
		Hasher:  &hash.BCrypt{},
	}
	mem.CreateClient(&fosite.DefaultClient{
		ID:           "1234",
		Secret:       []byte("secret"),
		RedirectURIs: []string{"http://redirect"},
	})

	c, err := mem.Authenticate("1234", []byte("secret1"))
	pkg.AssertError(t, true, err)

	c, err = mem.Authenticate("1234", []byte("secret"))
	pkg.AssertError(t, false, err)
	assert.Equal(t, "1234", c.ID)
}
예제 #7
0
func TestGenerator(t *testing.T) {
	for _, c := range []struct {
		g     KeyGenerator
		check func(*jose.JsonWebKeySet)
	}{
		{
			g: &RS256Generator{},
			check: func(ks *jose.JsonWebKeySet) {
				assert.Len(t, ks, 2)
			},
		},
		{
			g: &ECDSA521Generator{},
			check: func(ks *jose.JsonWebKeySet) {
				assert.Len(t, ks, 2)
			},
		},
		{
			g: &ECDSA256Generator{},
			check: func(ks *jose.JsonWebKeySet) {
				assert.Len(t, ks, 2)
			},
		},
		{
			g: &HS256Generator{
				Length: 32,
			},
			check: func(ks *jose.JsonWebKeySet) {
				assert.Len(t, ks, 1)
			},
		},
	} {
		keys, err := c.g.Generate("foo")
		pkg.AssertError(t, false, err)
		if err != nil {
			c.check(keys)
		}
	}
}
예제 #8
0
func TestManagerKey(t *testing.T) {
	ks, _ := testGenerator.Generate("")
	priv := ks.Key("private")
	pub := ks.Key("public")

	for name, m := range managers {
		t.Logf("Running test %s", name)

		_, err := m.GetKey("faz", "baz")
		pkg.AssertError(t, true, err, name)

		err = m.AddKey("faz", First(priv))
		pkg.AssertError(t, false, err, name)

		time.Sleep(time.Millisecond * 100)

		got, err := m.GetKey("faz", "private")
		pkg.RequireError(t, false, err, name)
		assert.Equal(t, priv, got.Keys, "%s", name)

		err = m.AddKey("faz", First(pub))
		pkg.AssertError(t, false, err, name)

		time.Sleep(time.Millisecond * 100)

		got, err = m.GetKey("faz", "private")
		pkg.RequireError(t, false, err, name)
		assert.Equal(t, priv, got.Keys, "%s", name)

		got, err = m.GetKey("faz", "public")
		pkg.RequireError(t, false, err, name)
		assert.Equal(t, pub, got.Keys, "%s", name)

		err = m.DeleteKey("faz", "public")
		pkg.AssertError(t, false, err, name)

		time.Sleep(time.Millisecond * 100)

		ks, err = m.GetKey("faz", "public")
		pkg.AssertError(t, true, err, name)
	}

	err := managers["http"].AddKey("nonono", First(priv))
	pkg.AssertError(t, true, err, "%s")
}
예제 #9
0
func TestManagers(t *testing.T) {
	p := &ladon.DefaultPolicy{
		ID:          uuid.New(),
		Description: "description",
		Subjects:    []string{"<peter>"},
		Effect:      ladon.AllowAccess,
		Resources:   []string{"<article|user>"},
		Actions:     []string{"view"},
		Conditions: ladon.Conditions{
			"ip": &ladon.CIDRCondition{
				CIDR: "1234",
			},
			"owner": &ladon.EqualsSubjectCondition{},
		},
	}

	for k, m := range managers {
		_, err := m.Get(p.ID)
		pkg.AssertError(t, true, err, k)
		pkg.AssertError(t, false, m.Create(p), k)

		time.Sleep(200 * time.Millisecond)

		res, err := m.Get(p.ID)
		pkg.AssertError(t, false, err, k)
		assert.Equal(t, p, res, "%s", k)

		ps, err := m.FindPoliciesForSubject("peter")
		pkg.RequireError(t, false, err, k)
		require.Len(t, ps, 1, "%s", k)
		assert.Equal(t, p, ps[0], "%s", k)

		ps, err = m.FindPoliciesForSubject("stan")
		pkg.AssertError(t, false, err, k)
		assert.Len(t, ps, 0, "%s", k)

		pkg.AssertError(t, false, m.Delete(p.ID), k)

		_, err = m.Get(p.ID)
		pkg.AssertError(t, true, err, k)
	}
}
예제 #10
0
func TestCreateGetDeleteClient(t *testing.T) {
	for k, m := range clientManagers {
		_, err := m.GetClient("4321")
		pkg.AssertError(t, true, err, "%s", k)

		c := &fosite.DefaultClient{
			ID:                "1234",
			Secret:            []byte("secret"),
			RedirectURIs:      []string{"http://redirect"},
			TermsOfServiceURI: "foo",
		}
		err = m.CreateClient(c)
		pkg.AssertError(t, false, err, "%s", k)
		if err == nil {
			compare(t, c, k)
		}

		// RethinkDB delay
		time.Sleep(500 * time.Millisecond)

		d, err := m.GetClient("1234")
		pkg.AssertError(t, false, err, "%s", k)
		if err == nil {
			compare(t, d, k)
		}

		ds, err := m.GetClients()
		pkg.AssertError(t, false, err, "%s", k)
		assert.Len(t, ds, 1)

		err = m.DeleteClient("1234")
		pkg.AssertError(t, false, err, "%s", k)

		// RethinkDB delay
		time.Sleep(100 * time.Millisecond)

		_, err = m.GetClient("1234")
		pkg.AssertError(t, true, err, "%s", k)
	}
}