Пример #1
0
func BenchmarkNewAuthtoken(b *testing.B) {
	c := New(5*time.Second, []byte("key1"), []byte("key2"), []byte("key3"))
	a := model.Authtoken{}
	a.Email = "*****@*****.**"
	a.Username = "******"
	b.ResetTimer()

	for i := 0; i < b.N; i++ {
		c.NewAuthtoken(a)
	}
}
Пример #2
0
func BenchmarkAuthenticate(b *testing.B) {
	c := New(5*time.Second, []byte("key1"), []byte("key2"), []byte("key3"))
	a := model.Authtoken{}
	a.Email = "*****@*****.**"
	a.Username = "******"
	src, _ := c.NewAuthtoken(a)
	b.ResetTimer()

	for i := 0; i < b.N; i++ {
		c.Authenticate(src)
	}
}
Пример #3
0
func TestAuth(t *testing.T) {
	Convey("Given a authority", t, func() {
		c := New(50*time.Millisecond, []byte("key1"), []byte("key2"), []byte("key3"))

		Convey("When create new authtoken with info", func() {
			a := model.Authtoken{}
			a.Email = "*****@*****.**"
			a.Username = "******"
			token, _ := c.NewAuthtoken(a)

			Convey("The info should resemble a", func() {
				info, _ := c.Authenticate(token)
				So(info, ShouldResemble, a)
			})

			Convey("After 50ms, token is expired", func() {
				time.Sleep(500 * time.Millisecond)
				_, err := c.Authenticate(token)
				So(err.(errors.Error).Is(errors.ErrUnauthorized), ShouldBeTrue)
			})
		})

		Convey("When given invalid hex, maybe hacked by someone", func() {
			_, err := c.Authenticate(`invalidhex`)

			Convey("The detailed error should be hex decode error", func() {
				So(err.(errors.Error).Is(errors.ErrServerInternal), ShouldBeTrue)
			})
		})

		Convey("When given invalid token, maybe hacked by someone", func() {
			bytes := []byte("invalid json")
			privateKeys := [][]byte{[]byte("key1"), []byte("key2"), []byte("key3")}
			for i := range privateKeys {
				bytes = xxtea.Encrypt(bytes, privateKeys[len(privateKeys)-1-i])
			}
			token := hex.EncodeToString(bytes)
			_, err := c.Authenticate(token)

			Convey("The error should be token has been expired", func() {
				So(err.(errors.Error).Is(errors.ErrUnauthorized), ShouldBeTrue)
			})
		})
	})
}