// TestNoSession tests when a nil session is used. func TestNoSession(t *testing.T) { tests.ResetLog() defer tests.DisplayLog() t.Log("Given the need to test calls with a bad session.") { t.Log("\tWhen using a nil session") { if _, err := session.Create(tests.Context, nil, publicID, 10*time.Second); err == nil { t.Errorf("\t%s\tShould Not be able to create a session.", tests.Failed) } else { t.Logf("\t%s\tShould Not be able to create a session.", tests.Success) } if _, err := session.GetBySessionID(tests.Context, nil, "NOT EXISTS"); err == nil { t.Errorf("\t%s\tShould Not be able to retrieve the session.", tests.Failed) } else { t.Logf("\t%s\tShould Not be able to retrieve the session.", tests.Success) } if _, err := session.GetByLatest(tests.Context, nil, publicID); err == nil { t.Errorf("\t%s\tShould Not be able to retrieve the session.", tests.Failed) } else { t.Logf("\t%s\tShould Not be able to retrieve the session.", tests.Success) } } } }
// TestCreate tests the creation of sessions. func TestCreate(t *testing.T) { tests.ResetLog() defer tests.DisplayLog() db, err := db.NewMGO(tests.Context, tests.TestSession) if err != nil { t.Fatalf("\t%s\tShould be able to get a Mongo session : %v", tests.Failed, err) } defer db.CloseMGO(tests.Context) defer func() { if err := removeSessions(db); err != nil { t.Errorf("\t%s\tShould be able to remove all sessions : %v", tests.Failed, err) } t.Logf("\t%s\tShould be able to remove all sessions.", tests.Success) }() t.Log("Given the need to create sessions in the DB.") { t.Logf("\tWhen using PublicID %s", publicID) { if err := removeSessions(db); err != nil { t.Fatalf("\t%s\tShould be able to remove all sessions : %v", tests.Failed, err) } t.Logf("\t%s\tShould be able to remove all sessions.", tests.Success) s1, err := session.Create(tests.Context, db, publicID, 10*time.Second) if err != nil { t.Fatalf("\t%s\tShould be able to create a session : %v", tests.Failed, err) } t.Logf("\t%s\tShould be able to create a session.", tests.Success) s2, err := session.GetBySessionID(tests.Context, db, s1.SessionID) if err != nil { t.Fatalf("\t%s\tShould be able to retrieve the session : %v", tests.Failed, err) } t.Logf("\t%s\tShould be able to retrieve the session.", tests.Success) if s1.SessionID != s2.SessionID { t.Fatalf("\t%s\tShould be able to get back the same session.", tests.Failed) } else { t.Logf("\t%s\tShould be able to get back the same session.", tests.Success) } if s1.PublicID != s2.PublicID { t.Fatalf("\t%s\tShould be able to get back the same user.", tests.Failed) } else { t.Logf("\t%s\tShould be able to get back the same user.", tests.Success) } } } }
// TestGetNotFound tests when a session is not found. func TestGetNotFound(t *testing.T) { tests.ResetLog() defer tests.DisplayLog() db := db.NewMGO() defer db.CloseMGO() t.Log("Given the need to test finding a session and it is not found.") { t.Logf("\tWhen using SessionID %s", "NOT EXISTS") { if _, err := session.GetBySessionID(tests.Context, db, "NOT EXISTS"); err == nil { t.Fatalf("\t%s\tShould Not be able to retrieve the session.", tests.Failed) } t.Logf("\t%s\tShould Not be able to retrieve the session.", tests.Success) } } }
// ValidateWebToken accepts a web token and validates its credibility. Returns // a User value is the token is valid. func ValidateWebToken(context interface{}, db *db.DB, webToken string) (*User, error) { log.Dev(context, "ValidateWebToken", "Started : WebToken[%s]", webToken) // Extract the sessionID and token from the web token. sessionID, token, err := DecodeWebToken(context, webToken) if err != nil { log.Error(context, "ValidateWebToken", err, "Completed") return nil, err } // Find the session in the database. s, err := session.GetBySessionID(context, db, sessionID) if err != nil { log.Error(context, "ValidateWebToken", err, "Completed") return nil, err } // Validate the session has not expired. if s.IsExpired(context) { err := errors.New("Expired token") log.Error(context, "ValidateWebToken", err, "Completed") return nil, err } // Pull the user for this session. u, err := GetUserByPublicID(context, db, s.PublicID, true) if err != nil { log.Error(context, "ValidateWebToken", err, "Completed") return nil, err } // Validate the token against this user. if err := crypto.IsTokenValid(u, token); err != nil { log.Error(context, "ValidateWebToken", err, "Completed") return nil, err } log.Dev(context, "ValidateWebToken", "Completed : PublicID[%s]", u.PublicID) return u, nil }
// TestCreateWebToken tests create a web token and a pairing session. func TestCreateWebToken(t *testing.T) { tests.ResetLog() defer tests.DisplayLog() db, err := db.NewMGO(tests.Context, tests.TestSession) if err != nil { t.Fatalf("\t%s\tShould be able to get a Mongo session : %v", tests.Failed, err) } defer db.CloseMGO(tests.Context) var publicID string defer func() { if err := removeUser(db, publicID); err != nil { t.Fatalf("\t%s\tShould be able to remove the test user : %v", tests.Failed, err) } t.Logf("\t%s\tShould be able to remove the test user.", tests.Success) }() t.Log("Given the need to create a web token.") { t.Log("\tWhen using a new user.") { u1, err := auth.NewUser(auth.NUser{ Status: auth.StatusActive, FullName: "Test Kennedy", Email: "*****@*****.**", Password: "******", }) if err != nil { t.Fatalf("\t%s\tShould be able to build a new user : %v", tests.Failed, err) } t.Logf("\t%s\tShould be able to build a new user.", tests.Success) if err := auth.CreateUser(tests.Context, db, u1); err != nil { t.Fatalf("\t%s\tShould be able to create a user : %v", tests.Failed, err) } t.Logf("\t%s\tShould be able to create a user.", tests.Success) // We need to do this so we can clean up after. publicID = u1.PublicID webTok, err := auth.CreateWebToken(tests.Context, db, u1, time.Second) if err != nil { t.Fatalf("\t%s\tShould be able to create a web token : %v", tests.Failed, err) } t.Logf("\t%s\tShould be able to create a web token.", tests.Success) sId, _, err := auth.DecodeWebToken(tests.Context, webTok) if err != nil { t.Fatalf("\t%s\tShould be able to decode the web token : %v", tests.Failed, err) } t.Logf("\t%s\tShould be able to decode the web token.", tests.Success) s2, err := session.GetBySessionID(tests.Context, db, sId) if err != nil { t.Fatalf("\t%s\tShould be able to retrieve the session : %v", tests.Failed, err) } t.Logf("\t%s\tShould be able to retrieve the session.", tests.Success) u2, err := auth.GetUserByPublicID(tests.Context, db, u1.PublicID, true) if err != nil { t.Fatalf("\t%s\tShould be able to retrieve the user by PublicID : %v", tests.Failed, err) } t.Logf("\t%s\tShould be able to retrieve the user by PublicID.", tests.Success) if u2.PublicID != s2.PublicID { t.Fatalf("\t%s\tShould have the right session for user.", tests.Failed) t.Log(u2.PublicID) t.Log(s2.PublicID) } t.Logf("\t%s\tShould have the right session for user.", tests.Success) webTok2, err := u2.WebToken(sId) if err != nil { t.Fatalf("\t%s\tShould be able to create a new web token : %v", tests.Failed, err) } t.Logf("\t%s\tShould be able to create a web new token.", tests.Success) if webTok != webTok2 { t.Log(webTok) t.Log(webTok2) t.Fatalf("\t%s\tShould be able to create the same web token.", tests.Failed) } t.Logf("\t%s\tShould be able to create the same web token.", tests.Success) u3, err := auth.ValidateWebToken(tests.Context, db, webTok2) if err != nil { t.Fatalf("\t%s\tShould be able to validate the new web token : %v", tests.Failed, err) } t.Logf("\t%s\tShould be able to validate the new web token.", tests.Success) if u1.PublicID != u3.PublicID { t.Log(u1.PublicID) t.Log(u3.PublicID) t.Fatalf("\t%s\tShould have the right user for the token.", tests.Failed) } t.Logf("\t%s\tShould have the right user for the token.", tests.Success) webTok3, err := auth.GetUserWebToken(tests.Context, db, u2.PublicID) if err != nil { t.Fatalf("\t%s\tShould be able to get the web token : %v", tests.Failed, err) } t.Logf("\t%s\tShould be able to get the web token.", tests.Success) if webTok3 != webTok2 { t.Log(webTok3) t.Log(webTok2) t.Fatalf("\t%s\tShould match existing tokens.", tests.Failed) } t.Logf("\t%s\tShould match existing tokens.", tests.Success) } } }