func Test_getLocLang(t *testing.T) {
config := util.NewMzConfig()
h, _ := testHandler(config, t)
req, _ := http.NewRequest("GET", "http://localhost/1/l10n/client.json", nil)
req.Header.Add("Accept-Language", "es,fo,en-us;q=0.7,en;q=0.3")
result := h.getLocLang(req)
t.Logf("results: %+v\n", result)
if len(result) == 0 {
t.Errorf("getLocLang failed to return any results")
}
if len(result) != 6 {
t.Errorf("getLocLang returned too few results")
}
if result[0].Lang != "es" {
t.Errorf("getLocLang failed to sort languages correctly: %s", result[0].Lang)
}
if result[2].Lang != "en_US" {
t.Errorf("getLocLang failed normalization to lower_UPPER")
}
if result[5].Lang != "en" {
t.Errorf("getLocLang failed to include 'en'")
}
req, _ = http.NewRequest("GET", "http://localhost/1/l10n/client.json", nil)
req.Header.Add("Accept-Language", "{:;}() echo invalid!")
result = h.getLocLang(req)
t.Logf("results: %+v\n", result)
if result[0].Lang != "en" {
t.Errorf("getLocLang failed to gracefully handle invalid Accept-Language")
}
}
func Test_Signin(t *testing.T) {
config := util.NewMzConfig()
h, _ := testHandler(config, t)
result := map[string]string{
"http://localhost/signin/": "signin",
"http://localhost/signin/?action=signup": "signup",
"http://localhost/signin/?action=banana": "signin",
}
for sign_url, action := range result {
req, _ := http.NewRequest("GET", sign_url, nil)
fresp := httptest.NewRecorder()
h.Signin(fresp, req)
if fresp.Code != 302 {
t.Error("Signin response not a 302")
}
redir, err := url.Parse(fresp.Header().Get("Location"))
if err != nil {
t.Errorf("Returned Location URL is unparsable: %s", err)
}
if redir.Query().Get("action") != action {
t.Error("Returned URL for %s did not specify action as '%s'",
sign_url, action)
}
}
}
func Test_Handler_checkToken(t *testing.T) {
var name = "Test_Handler_Test_Handler_checkToken"
var devId = "0000"
var uid = "1111"
var csrftoken = "abcdef123456"
var token = ""
var email = ""
makeSession()
config := util.NewMzConfig()
freq, _ := http.NewRequest("POST", "http://box/"+devId, nil)
h, _ := testHandler(config, t)
session, _ := sessionStore.Get(freq, SESSION_NAME)
if h.checkToken(session, freq) {
t.Errorf("%s: Failed to reject tokenless request", name)
}
freq.Header.Add("X-CSRFTOKEN", csrftoken)
fakeCookies(freq, email, uid, token, csrftoken)
session, _ = sessionStore.Get(freq, SESSION_NAME)
if !h.checkToken(session, freq) {
t.Errorf("%s: Failed to accept tokened request", name)
}
freq, _ = http.NewRequest("POST", "http://box/"+devId, nil)
freq.Header.Add("X-CSRFTOKEN", "invalid")
fakeCookies(freq, email, uid, token, csrftoken)
session, _ = sessionStore.Get(freq, SESSION_NAME)
if h.checkToken(session, freq) {
t.Errorf("%s: Failed to reject invalid token", name)
}
}
func Test_Handler_Queue(t *testing.T) {
var name = "Test_Handler_Queue"
var uid = "abcdef123456"
var devid = "123456abcdef"
makeSession()
config := util.NewMzConfig()
// don't try to send out the push command
config.Override("push.disabled", "true")
h, store := testHandler(config, t)
dev := &storage.Device{Name: "test", ID: devid, User: uid, Accepts: "trle"}
rargs := &replyType{"d": 60}
rep := make(replyType)
status, err := h.Queue(dev, "t", rargs, &rep)
if status != 200 || err != nil {
t.Errorf("Command Queue failed with status %d: %s", status, err)
}
cmd, ctype, err := store.GetPending(devid)
if err != nil {
t.Errorf("%s: %s", name, err.Error())
}
if cmd != "{\"t\":{\"d\":60}}" || ctype != "t" {
t.Errorf("%s: Incorrect command returned %s , %s", name, cmd, ctype)
}
// Add additional Queue commands
}
func Test_Handler_getSessionInfo(t *testing.T) {
var err error
var name = "Test_Handler_getSessionInfo"
var email = "*****@*****.**"
var uid = "abcdef123456"
var devid = "123456abcdef"
var token = "123abc"
var csrftoken = "abcd1234"
makeSession()
h, _ := testHandler(util.NewMzConfig(), t)
freq, _ := http.NewRequest("GET", "http://box/"+devid, nil)
err = fakeCookies(freq, email, uid, token, csrftoken)
if err != nil {
t.Errorf("%s:%s", name, err.Error())
}
session, _ := sessionStore.Get(freq, SESSION_NAME)
info, err := h.getSessionInfo(nil, freq, session)
if info.UserId != uid ||
info.DeviceId != devid ||
info.Email != email ||
info.AccessToken != token ||
info.CSRFToken != csrftoken {
t.Errorf("%#v: returned session info contained invalid data", info)
}
}
func Test_Handler_clearSession(t *testing.T) {
var ok bool
config := util.NewMzConfig()
h, _ := testHandler(config, t)
sess := new(sessions.Session)
sess.Values = make(map[interface{}]interface{})
sess.Values[SESSION_USERID] = true
sess.Values[SESSION_DEVICEID] = true
sess.Values[SESSION_EMAIL] = true
sess.Values[SESSION_TOKEN] = true
sess.Values[SESSION_CSRFTOKEN] = true
h.clearSession(sess)
if _, ok = sess.Values[SESSION_USERID]; ok {
t.Errorf("Userid not cleared")
}
if _, ok = sess.Values[SESSION_DEVICEID]; ok {
t.Errorf("Deviceid not cleared")
}
if _, ok = sess.Values[SESSION_EMAIL]; ok {
t.Errorf("Email not cleared")
}
if _, ok = sess.Values[SESSION_TOKEN]; ok {
t.Errorf("Token not cleared")
}
if _, ok = sess.Values[SESSION_CSRFTOKEN]; ok {
t.Errorf("CSRFToken not cleared")
}
}
func Test_Static(t *testing.T) {
config := util.NewMzConfig()
h, _ := testHandler(config, t)
fresp := httptest.NewRecorder()
req, _ := http.NewRequest("GET", "../../../../../etc/passwd", nil)
h.Static(fresp, req)
if fresp.Body.Len() > 0 {
t.Error("Static failed to return blank password file")
}
}
func Test_Handler_initData(t *testing.T) {
tuid := "abcdef123456"
config := util.NewMzConfig()
config.Override("ws.hostname", "validhost")
h, store := testHandler(config, t)
store.RegisterDevice("TestUserID", &storage.Device{
ID: tuid,
User: "******",
})
freq, _ := http.NewRequest("GET", "http://localhost/", nil)
fresp := httptest.NewRecorder()
fsess := &sessionInfoStruct{
AccessToken: "testtest",
CSRFToken: "test-test",
}
// get no login data
fsess.UserId = "TestUserID"
fsess.Email = "*****@*****.**"
data, err := h.initData(fresp, freq, fsess)
if err != nil {
t.Errorf("initData: %s", err.Error())
}
if data == nil {
t.Error("initData: No data returned")
return
}
if data.Token == "" {
t.Error("initData: invalid Token")
}
if host, ok := data.Host["Hostname"]; !ok || host != "validhost" {
t.Error("initData: invalid hostname returned")
}
if len(data.DeviceList) == 0 {
t.Error("initData: No devices returned for user")
}
// get login data
freq, _ = http.NewRequest("GET", fmt.Sprintf("http://localhost/%s", tuid), nil)
data, err = h.initData(fresp, freq, fsess)
if err != nil {
t.Errorf("initData: %s", err.Error())
}
// check the device list
if data.Device.ID != tuid {
t.Error("initData: incorrect device id")
}
if data.Device == nil {
t.Error("initData:No specific device record returned")
return
}
if data.Device.User != "TestUserID" {
t.Error("initData: incorrect user id")
}
}
func Test_Handler_getUser(t *testing.T) {
var err error
var name = "Test_Handler_getUser"
var email = "*****@*****.**"
var uid = "123456abcdef"
makeSession()
fresp := httptest.NewRecorder()
h, _ := testHandler(util.NewMzConfig(), t)
freq, err := http.NewRequest("GET", "http://box/", nil)
if err != nil {
t.Errorf("%s: %s", name, err.Error())
}
err = fakeCookies(freq, email, uid, "", "")
if err != nil {
t.Errorf("%s: %s", name, err.Error())
}
tuid, temail, err := h.getUser(fresp, freq)
if err != nil {
t.Errorf("%s: %s", name, err.Error())
}
if tuid != uid {
t.Errorf("%s: uid mismatch", name)
}
if temail != email {
t.Errorf("%s: email mismatch", email)
}
// check the headers
headers := fresp.Header()
hv := map[string]string{
"X-Frame-Options": "deny",
"X-Xss-Protection": "1; mode=block",
"X-Content-Type-Options": "nosniff",
"X-Content-Security-Policy": "default-src 'self'",
"Content-Security-Policy": "default-src 'self'",
"X-Webkit-Csp": "default-src 'self'",
"Frame-Options": "deny",
}
for k, v := range hv {
if j := headers.Get(k); j != v {
t.Errorf("Invalid header %s != %s (%s)", k, v, j)
}
}
// TODO: Test w/ fake assertion (or use Test_Handler_Verify)
}
func Test_Handler_Cmd(t *testing.T) {
var name = "Test_Handler_Cmd"
var email = "*****@*****.**"
var uid = "abcdef123456"
var token = "123abc"
var csrftoken = "abcd1234"
var lat = 123.45678
var lon = 12.34567
var ti = time.Now().UTC().Unix()
makeSession()
config := util.NewMzConfig()
config.Override("auth.disabled", "true")
config.Override("hawk.disabled", "true")
config.Override("auth.force_user", fmt.Sprintf("%s %s", uid, email))
h, store := testHandler(config, t)
devId, err := store.RegisterDevice(uid, &storage.Device{Name: "test", User: uid})
if err != nil {
t.Errorf("%s: %s", name, err.Error())
}
// create a fake tracking record.
track, _ := json.Marshal(struct {
T interface{} `json:"t"`
}{struct {
Ok bool `json:"ok"`
La float64 `json:"la"`
Lo float64 `json:"lo"`
Ti int64 `json:"ti"`
Ac float64 `json:"acc"`
Ha bool `json:"has_passcode"`
}{true, lat, lon, ti, 100, true}})
freq, _ := http.NewRequest("POST", "http://box/"+devId, bytes.NewBuffer(track))
fakeCookies(freq, email, uid, token, csrftoken)
fresp := httptest.NewRecorder()
// create the fake client
mConn := &MockWSConn{}
Clients.Add(devId, "0000", &WWSs{socket: mConn})
store.StoreCommand(devId, "{}", "")
// and finally make the test call...
h.Cmd(fresp, freq)
// This is the last command we pushed.
if fresp.Body.String() != "{}" {
t.Errorf("%s: returned command did not match expectations. %s", name, fresp.Body.String())
}
//TODO test other commands as well.
}
func Test_Handler_UserDevices(t *testing.T) {
var name = "Test_Handler_Test_Handler_UserDevices"
var devid = "1234"
var uid = "1111"
var email = "test@test"
var token = "0000"
var csrftoken = "0000"
makeSession()
config := util.NewMzConfig()
h, store := testHandler(config, t)
_ = store
freq, _ := http.NewRequest("GET", "http://box/devices", nil)
fresp := httptest.NewRecorder()
h.UserDevices(fresp, freq)
if fresp.Code != 401 {
t.Errorf("%s: Did not block access for unauthorized user", name)
}
fresp = httptest.NewRecorder()
fakeCookies(freq, email, uid, token, csrftoken)
h.UserDevices(fresp, freq)
if fresp.Code != 204 {
t.Errorf("%s: Did not return 204 for no devices registered", name)
}
store.RegisterDevice(uid, &storage.Device{
ID: devid,
User: uid,
Name: "Test",
})
fresp = httptest.NewRecorder()
h.UserDevices(fresp, freq)
t.Logf("%s: %+v %+v", name, freq, fresp)
if fresp.Code != 200 {
t.Errorf("%d: Incorrect status returned", fresp.Code)
}
ret := make(map[string]interface{})
err := json.Unmarshal(fresp.Body.Bytes(), &ret)
if err != nil {
t.Errorf("%s: Invalid JSON returned %s", name, err.Error())
}
item := ret["devices"].([]interface{})[0].(map[string]interface{})
if _, ok := item["URL"]; !ok || item["ID"].(string) != devid {
t.Errorf("%s: Incorrect return", name)
}
}
func Test_Handler_RestQueue(t *testing.T) {
var name = "Test_Handler_RestQueue"
var email = "*****@*****.**"
var uid = "abcdef123456"
var token = "123abc"
var csrftoken = "abcd1234"
makeSession()
config := util.NewMzConfig()
config.Override("auth.disabled", "true")
config.Override("hawk.disabled", "true")
config.Override("push.disabled", "true")
config.Override("auth.force_user", fmt.Sprintf("%s %s", uid, email))
h, store := testHandler(config, t)
devId, err := store.RegisterDevice(uid, &storage.Device{Name: "test", User: uid, Accepts: "trle"})
if err != nil {
t.Errorf("%s: %s", name, err.Error())
}
// create a fake tracking record.
track, _ := json.Marshal(struct {
T interface{} `json:"t"`
}{struct {
D int64 `json:"d"`
}{60}})
freq, _ := http.NewRequest("POST", "http://box/"+devId, bytes.NewBuffer(track))
freq.Header.Add("X-CSRFTOKEN", csrftoken)
fakeCookies(freq, email, uid, token, csrftoken)
fresp := httptest.NewRecorder()
// create the fake client
mConn := &MockWSConn{}
Clients.Add(devId, "0000", &WWSs{socket: mConn})
h.RestQueue(fresp, freq)
if fresp.Code != 200 {
t.Errorf("%s: failed to return success", name)
}
cmd, ctype, err := store.GetPending(devId)
if cmd != "{\"t\":{\"d\":60}}" || ctype != "t" {
t.Errorf("%s: Incorrect command returned %s , %s", name, cmd, ctype)
}
// TODO: add additional cmds
}
func Test_Handler_verifyFxAAssertion(t *testing.T) {
temail := "*****@*****.**"
tid := "0123456789abcdef"
ts := fakeValidator(temail, tid)
defer ts.Close()
config := util.NewMzConfig()
config.Override("fxa.verifier", ts.URL)
h, _ := testHandler(config, t)
userid, email, err := h.verifyFxAAssertion("FakeAssertion")
if userid != tid ||
email != temail ||
err != nil {
t.Logf("Returned userid: %s, email: %s", userid, email)
t.Errorf("Failed to validate mock assertion %s", err)
}
}