Exemplo n.º 1
0
// GetRoutes returns []routes.Route slice for the facebook service
func (s *Service) GetRoutes() []routes.Route {
	return []routes.Route{
		routes.Route{
			Name:        "facebook_login",
			Method:      "POST",
			Pattern:     loginPath,
			HandlerFunc: s.loginHandler,
			Middlewares: []negroni.Handler{
				accounts.NewAccountAuthMiddleware(s.GetAccountsService()),
			},
		},
	}
}
func (suite *AccountsTestSuite) TestAccountAuthMiddleware() {
	var (
		r                    *http.Request
		w                    *httptest.ResponseRecorder
		next                 http.HandlerFunc
		authenticatedAccount *accounts.Account
		err                  error
	)

	middleware := accounts.NewAccountAuthMiddleware(suite.service)

	// Send a request without basic auth through the middleware
	r, err = http.NewRequest("POST", "http://1.2.3.4/something", nil)
	assert.NoError(suite.T(), err, "Request setup should not get an error")
	w = httptest.NewRecorder()
	next = func(w http.ResponseWriter, r *http.Request) {}
	middleware.ServeHTTP(w, r, next)

	// Check the response
	testutil.TestResponseForError(
		suite.T(),
		w,
		accounts.ErrAccountAuthenticationRequired.Error(),
		401,
	)

	// Check the context variable has not been set
	authenticatedAccount, err = accounts.GetAuthenticatedAccount(r)
	assert.Nil(suite.T(), authenticatedAccount)
	assert.Error(suite.T(), err)
	assert.Equal(suite.T(), accounts.ErrAccountAuthenticationRequired, err)

	// Send a request with incorrect basic auth through the middleware
	r, err = http.NewRequest("POST", "http://1.2.3.4/something", nil)
	assert.NoError(suite.T(), err, "Request setup should not get an error")
	r.SetBasicAuth("bogus", "bogus")
	w = httptest.NewRecorder()
	next = func(w http.ResponseWriter, r *http.Request) {}
	middleware.ServeHTTP(w, r, next)

	// Check the response
	testutil.TestResponseForError(
		suite.T(),
		w,
		accounts.ErrAccountAuthenticationRequired.Error(),
		401,
	)

	// Check the context variable has not been set
	authenticatedAccount, err = accounts.GetAuthenticatedAccount(r)
	assert.Nil(suite.T(), authenticatedAccount)
	assert.Error(suite.T(), err)
	assert.Equal(suite.T(), accounts.ErrAccountAuthenticationRequired, err)

	// Send a request with correct basic auth through the middleware
	r, err = http.NewRequest("POST", "http://1.2.3.4/something", nil)
	assert.NoError(suite.T(), err, "Request setup should not get an error")
	r.SetBasicAuth("test_client_1", "test_secret")
	w = httptest.NewRecorder()
	next = func(w http.ResponseWriter, r *http.Request) {}
	middleware.ServeHTTP(w, r, next)

	// Check the status code
	assert.Equal(suite.T(), 200, w.Code)

	// Check the context variable has been set
	authenticatedAccount, err = accounts.GetAuthenticatedAccount(r)
	assert.NoError(suite.T(), err)
	assert.NotNil(suite.T(), authenticatedAccount)
	assert.Equal(suite.T(), "Test Account 1", authenticatedAccount.Name)
	assert.Equal(suite.T(), "test_client_1", authenticatedAccount.OauthClient.Key)

	// Send a request with correct client access token as bearer
	r, err = http.NewRequest("POST", "http://1.2.3.4/something", nil)
	assert.NoError(suite.T(), err, "Request setup should not get an error")
	r.Header.Set("Authorization", "Bearer test_client_token")
	w = httptest.NewRecorder()
	next = func(w http.ResponseWriter, r *http.Request) {}
	middleware.ServeHTTP(w, r, next)

	// Check the status code
	assert.Equal(suite.T(), 200, w.Code)

	// Check the context variable has been set
	authenticatedAccount, err = accounts.GetAuthenticatedAccount(r)
	assert.NoError(suite.T(), err)
	assert.NotNil(suite.T(), authenticatedAccount)
	assert.Equal(suite.T(), "Test Account 1", authenticatedAccount.Name)
	assert.Equal(suite.T(), "test_client_1", authenticatedAccount.OauthClient.Key)
}