Exemplo n.º 1
0
func Test_getLocLang(t *testing.T) {
	config := util.NewMzConfig()
	h, _ := testHandler(config, t)

	req, _ := http.NewRequest("GET", "http://localhost/1/l10n/client.json", nil)
	req.Header.Add("Accept-Language", "es,fo,en-us;q=0.7,en;q=0.3")

	result := h.getLocLang(req)
	t.Logf("results: %+v\n", result)
	if len(result) == 0 {
		t.Errorf("getLocLang failed to return any results")
	}
	if len(result) != 6 {
		t.Errorf("getLocLang returned too few results")
	}
	if result[0].Lang != "es" {
		t.Errorf("getLocLang failed to sort languages correctly: %s", result[0].Lang)
	}
	if result[2].Lang != "en_US" {
		t.Errorf("getLocLang failed normalization to lower_UPPER")
	}
	if result[5].Lang != "en" {
		t.Errorf("getLocLang failed to include 'en'")
	}

	req, _ = http.NewRequest("GET", "http://localhost/1/l10n/client.json", nil)
	req.Header.Add("Accept-Language", "{:;}() echo invalid!")
	result = h.getLocLang(req)
	t.Logf("results: %+v\n", result)
	if result[0].Lang != "en" {
		t.Errorf("getLocLang failed to gracefully handle invalid Accept-Language")
	}
}
Exemplo n.º 2
0
func Test_Signin(t *testing.T) {
	config := util.NewMzConfig()
	h, _ := testHandler(config, t)
	result := map[string]string{
		"http://localhost/signin/":               "signin",
		"http://localhost/signin/?action=signup": "signup",
		"http://localhost/signin/?action=banana": "signin",
	}

	for sign_url, action := range result {

		req, _ := http.NewRequest("GET", sign_url, nil)
		fresp := httptest.NewRecorder()
		h.Signin(fresp, req)
		if fresp.Code != 302 {
			t.Error("Signin response not a 302")
		}
		redir, err := url.Parse(fresp.Header().Get("Location"))
		if err != nil {
			t.Errorf("Returned Location URL is unparsable: %s", err)
		}
		if redir.Query().Get("action") != action {
			t.Error("Returned URL for %s did not specify action as '%s'",
				sign_url, action)
		}
	}
}
Exemplo n.º 3
0
func Test_Handler_checkToken(t *testing.T) {
	var name = "Test_Handler_Test_Handler_checkToken"
	var devId = "0000"
	var uid = "1111"
	var csrftoken = "abcdef123456"
	var token = ""
	var email = ""

	makeSession()
	config := util.NewMzConfig()
	freq, _ := http.NewRequest("POST", "http://box/"+devId, nil)
	h, _ := testHandler(config, t)
	session, _ := sessionStore.Get(freq, SESSION_NAME)
	if h.checkToken(session, freq) {
		t.Errorf("%s: Failed to reject tokenless request", name)
	}
	freq.Header.Add("X-CSRFTOKEN", csrftoken)
	fakeCookies(freq, email, uid, token, csrftoken)
	session, _ = sessionStore.Get(freq, SESSION_NAME)
	if !h.checkToken(session, freq) {
		t.Errorf("%s: Failed to accept tokened request", name)
	}

	freq, _ = http.NewRequest("POST", "http://box/"+devId, nil)
	freq.Header.Add("X-CSRFTOKEN", "invalid")
	fakeCookies(freq, email, uid, token, csrftoken)
	session, _ = sessionStore.Get(freq, SESSION_NAME)
	if h.checkToken(session, freq) {
		t.Errorf("%s: Failed to reject invalid token", name)
	}
}
Exemplo n.º 4
0
func Test_Handler_Queue(t *testing.T) {
	var name = "Test_Handler_Queue"
	var uid = "abcdef123456"
	var devid = "123456abcdef"

	makeSession()
	config := util.NewMzConfig()
	// don't try to send out the push command
	config.Override("push.disabled", "true")
	h, store := testHandler(config, t)
	dev := &storage.Device{Name: "test", ID: devid, User: uid, Accepts: "trle"}
	rargs := &replyType{"d": 60}
	rep := make(replyType)

	status, err := h.Queue(dev, "t", rargs, &rep)
	if status != 200 || err != nil {
		t.Errorf("Command Queue failed with status %d: %s", status, err)
	}
	cmd, ctype, err := store.GetPending(devid)
	if err != nil {
		t.Errorf("%s: %s", name, err.Error())
	}
	if cmd != "{\"t\":{\"d\":60}}" || ctype != "t" {
		t.Errorf("%s: Incorrect command returned %s , %s", name, cmd, ctype)
	}
	// Add additional Queue commands
}
Exemplo n.º 5
0
func Test_Handler_getSessionInfo(t *testing.T) {

	var err error
	var name = "Test_Handler_getSessionInfo"
	var email = "*****@*****.**"
	var uid = "abcdef123456"
	var devid = "123456abcdef"
	var token = "123abc"
	var csrftoken = "abcd1234"

	makeSession()
	h, _ := testHandler(util.NewMzConfig(), t)
	freq, _ := http.NewRequest("GET", "http://box/"+devid, nil)
	err = fakeCookies(freq, email, uid, token, csrftoken)
	if err != nil {
		t.Errorf("%s:%s", name, err.Error())
	}
	session, _ := sessionStore.Get(freq, SESSION_NAME)
	info, err := h.getSessionInfo(nil, freq, session)
	if info.UserId != uid ||
		info.DeviceId != devid ||
		info.Email != email ||
		info.AccessToken != token ||
		info.CSRFToken != csrftoken {
		t.Errorf("%#v: returned session info contained invalid data", info)
	}
}
Exemplo n.º 6
0
func Test_Handler_clearSession(t *testing.T) {
	var ok bool

	config := util.NewMzConfig()
	h, _ := testHandler(config, t)
	sess := new(sessions.Session)
	sess.Values = make(map[interface{}]interface{})
	sess.Values[SESSION_USERID] = true
	sess.Values[SESSION_DEVICEID] = true
	sess.Values[SESSION_EMAIL] = true
	sess.Values[SESSION_TOKEN] = true
	sess.Values[SESSION_CSRFTOKEN] = true
	h.clearSession(sess)
	if _, ok = sess.Values[SESSION_USERID]; ok {
		t.Errorf("Userid not cleared")
	}
	if _, ok = sess.Values[SESSION_DEVICEID]; ok {
		t.Errorf("Deviceid not cleared")
	}
	if _, ok = sess.Values[SESSION_EMAIL]; ok {
		t.Errorf("Email not cleared")
	}
	if _, ok = sess.Values[SESSION_TOKEN]; ok {
		t.Errorf("Token not cleared")
	}
	if _, ok = sess.Values[SESSION_CSRFTOKEN]; ok {
		t.Errorf("CSRFToken not cleared")
	}
}
Exemplo n.º 7
0
func Test_Static(t *testing.T) {
	config := util.NewMzConfig()
	h, _ := testHandler(config, t)
	fresp := httptest.NewRecorder()
	req, _ := http.NewRequest("GET", "../../../../../etc/passwd", nil)
	h.Static(fresp, req)
	if fresp.Body.Len() > 0 {
		t.Error("Static failed to return blank password file")
	}
}
Exemplo n.º 8
0
func Test_Handler_initData(t *testing.T) {
	tuid := "abcdef123456"
	config := util.NewMzConfig()
	config.Override("ws.hostname", "validhost")
	h, store := testHandler(config, t)
	store.RegisterDevice("TestUserID", &storage.Device{
		ID:   tuid,
		User: "******",
	})

	freq, _ := http.NewRequest("GET", "http://localhost/", nil)
	fresp := httptest.NewRecorder()
	fsess := &sessionInfoStruct{
		AccessToken: "testtest",
		CSRFToken:   "test-test",
	}

	// get no login data
	fsess.UserId = "TestUserID"
	fsess.Email = "*****@*****.**"
	data, err := h.initData(fresp, freq, fsess)
	if err != nil {
		t.Errorf("initData: %s", err.Error())
	}
	if data == nil {
		t.Error("initData: No data returned")
		return
	}
	if data.Token == "" {
		t.Error("initData: invalid Token")
	}
	if host, ok := data.Host["Hostname"]; !ok || host != "validhost" {
		t.Error("initData: invalid hostname returned")
	}
	if len(data.DeviceList) == 0 {
		t.Error("initData: No devices returned for user")
	}
	// get login data
	freq, _ = http.NewRequest("GET", fmt.Sprintf("http://localhost/%s", tuid), nil)
	data, err = h.initData(fresp, freq, fsess)
	if err != nil {
		t.Errorf("initData: %s", err.Error())
	}
	// check the device list
	if data.Device.ID != tuid {
		t.Error("initData: incorrect device id")
	}
	if data.Device == nil {
		t.Error("initData:No specific device record returned")
		return
	}
	if data.Device.User != "TestUserID" {
		t.Error("initData: incorrect user id")
	}
}
Exemplo n.º 9
0
func Test_Handler_getUser(t *testing.T) {
	var err error

	var name = "Test_Handler_getUser"
	var email = "*****@*****.**"
	var uid = "123456abcdef"

	makeSession()

	fresp := httptest.NewRecorder()

	h, _ := testHandler(util.NewMzConfig(), t)

	freq, err := http.NewRequest("GET", "http://box/", nil)
	if err != nil {
		t.Errorf("%s: %s", name, err.Error())
	}
	err = fakeCookies(freq, email, uid, "", "")
	if err != nil {
		t.Errorf("%s: %s", name, err.Error())
	}

	tuid, temail, err := h.getUser(fresp, freq)

	if err != nil {
		t.Errorf("%s: %s", name, err.Error())
	}
	if tuid != uid {
		t.Errorf("%s: uid mismatch", name)
	}
	if temail != email {
		t.Errorf("%s: email mismatch", email)
	}
	// check the headers
	headers := fresp.Header()
	hv := map[string]string{
		"X-Frame-Options":           "deny",
		"X-Xss-Protection":          "1; mode=block",
		"X-Content-Type-Options":    "nosniff",
		"X-Content-Security-Policy": "default-src 'self'",
		"Content-Security-Policy":   "default-src 'self'",
		"X-Webkit-Csp":              "default-src 'self'",
		"Frame-Options":             "deny",
	}
	for k, v := range hv {
		if j := headers.Get(k); j != v {
			t.Errorf("Invalid header %s != %s (%s)", k, v, j)
		}
	}
	// TODO: Test w/ fake assertion (or use Test_Handler_Verify)
}
Exemplo n.º 10
0
func Test_Handler_Cmd(t *testing.T) {
	var name = "Test_Handler_Cmd"
	var email = "*****@*****.**"
	var uid = "abcdef123456"
	var token = "123abc"
	var csrftoken = "abcd1234"
	var lat = 123.45678
	var lon = 12.34567
	var ti = time.Now().UTC().Unix()

	makeSession()
	config := util.NewMzConfig()
	config.Override("auth.disabled", "true")
	config.Override("hawk.disabled", "true")
	config.Override("auth.force_user", fmt.Sprintf("%s %s", uid, email))
	h, store := testHandler(config, t)
	devId, err := store.RegisterDevice(uid, &storage.Device{Name: "test", User: uid})
	if err != nil {
		t.Errorf("%s: %s", name, err.Error())
	}
	// create a fake tracking record.
	track, _ := json.Marshal(struct {
		T interface{} `json:"t"`
	}{struct {
		Ok bool    `json:"ok"`
		La float64 `json:"la"`
		Lo float64 `json:"lo"`
		Ti int64   `json:"ti"`
		Ac float64 `json:"acc"`
		Ha bool    `json:"has_passcode"`
	}{true, lat, lon, ti, 100, true}})
	freq, _ := http.NewRequest("POST", "http://box/"+devId, bytes.NewBuffer(track))
	fakeCookies(freq, email, uid, token, csrftoken)
	fresp := httptest.NewRecorder()
	// create the fake client
	mConn := &MockWSConn{}
	Clients.Add(devId, "0000", &WWSs{socket: mConn})
	store.StoreCommand(devId, "{}", "")

	// and finally make the test call...
	h.Cmd(fresp, freq)
	// This is the last command we pushed.
	if fresp.Body.String() != "{}" {
		t.Errorf("%s: returned command did not match expectations. %s", name, fresp.Body.String())
	}

	//TODO test other commands as well.
}
Exemplo n.º 11
0
func Test_Handler_UserDevices(t *testing.T) {
	var name = "Test_Handler_Test_Handler_UserDevices"
	var devid = "1234"
	var uid = "1111"
	var email = "test@test"
	var token = "0000"
	var csrftoken = "0000"

	makeSession()
	config := util.NewMzConfig()
	h, store := testHandler(config, t)
	_ = store

	freq, _ := http.NewRequest("GET", "http://box/devices", nil)
	fresp := httptest.NewRecorder()
	h.UserDevices(fresp, freq)
	if fresp.Code != 401 {
		t.Errorf("%s: Did not block access for unauthorized user", name)
	}
	fresp = httptest.NewRecorder()
	fakeCookies(freq, email, uid, token, csrftoken)
	h.UserDevices(fresp, freq)
	if fresp.Code != 204 {
		t.Errorf("%s: Did not return 204 for no devices registered", name)
	}
	store.RegisterDevice(uid, &storage.Device{
		ID:   devid,
		User: uid,
		Name: "Test",
	})
	fresp = httptest.NewRecorder()
	h.UserDevices(fresp, freq)
	t.Logf("%s: %+v  %+v", name, freq, fresp)
	if fresp.Code != 200 {
		t.Errorf("%d: Incorrect status returned", fresp.Code)
	}
	ret := make(map[string]interface{})
	err := json.Unmarshal(fresp.Body.Bytes(), &ret)
	if err != nil {
		t.Errorf("%s: Invalid JSON returned %s", name, err.Error())
	}
	item := ret["devices"].([]interface{})[0].(map[string]interface{})
	if _, ok := item["URL"]; !ok || item["ID"].(string) != devid {
		t.Errorf("%s: Incorrect return", name)
	}
}
Exemplo n.º 12
0
func Test_Handler_RestQueue(t *testing.T) {
	var name = "Test_Handler_RestQueue"
	var email = "*****@*****.**"
	var uid = "abcdef123456"
	var token = "123abc"
	var csrftoken = "abcd1234"

	makeSession()
	config := util.NewMzConfig()
	config.Override("auth.disabled", "true")
	config.Override("hawk.disabled", "true")
	config.Override("push.disabled", "true")
	config.Override("auth.force_user", fmt.Sprintf("%s %s", uid, email))
	h, store := testHandler(config, t)
	devId, err := store.RegisterDevice(uid, &storage.Device{Name: "test", User: uid, Accepts: "trle"})
	if err != nil {
		t.Errorf("%s: %s", name, err.Error())
	}
	// create a fake tracking record.
	track, _ := json.Marshal(struct {
		T interface{} `json:"t"`
	}{struct {
		D int64 `json:"d"`
	}{60}})
	freq, _ := http.NewRequest("POST", "http://box/"+devId, bytes.NewBuffer(track))
	freq.Header.Add("X-CSRFTOKEN", csrftoken)
	fakeCookies(freq, email, uid, token, csrftoken)
	fresp := httptest.NewRecorder()
	// create the fake client
	mConn := &MockWSConn{}
	Clients.Add(devId, "0000", &WWSs{socket: mConn})
	h.RestQueue(fresp, freq)
	if fresp.Code != 200 {
		t.Errorf("%s: failed to return success", name)
	}
	cmd, ctype, err := store.GetPending(devId)
	if cmd != "{\"t\":{\"d\":60}}" || ctype != "t" {
		t.Errorf("%s: Incorrect command returned %s , %s", name, cmd, ctype)
	}

	// TODO: add additional cmds
}
Exemplo n.º 13
0
func Test_Handler_verifyFxAAssertion(t *testing.T) {

	temail := "*****@*****.**"
	tid := "0123456789abcdef"

	ts := fakeValidator(temail, tid)
	defer ts.Close()

	config := util.NewMzConfig()
	config.Override("fxa.verifier", ts.URL)
	h, _ := testHandler(config, t)

	userid, email, err := h.verifyFxAAssertion("FakeAssertion")

	if userid != tid ||
		email != temail ||
		err != nil {
		t.Logf("Returned userid: %s, email: %s", userid, email)
		t.Errorf("Failed to validate mock assertion %s", err)
	}
}