func TestAuthenticateQueryParams(t *testing.T) {
ctx := context.Background()
db := mem.NewDB()
logger := services.NewTestLogger(t)
var userContext context.Context
var authed bool
s := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
userContext, authed = routes.Authenticate(ctx, w, r, logger, db)
if authed {
w.WriteHeader(http.StatusOK)
}
}))
defer s.Close()
u, _, err := user.Create(db, "username", "password")
if err != nil {
t.Fatalf("user.Create(db, \"username\", \"password\") error: %s", err)
}
client := new(http.Client)
req, err := http.NewRequest("GET", s.URL, new(bytes.Buffer))
if err != nil {
t.Fatalf("http.NewRequest error: %s", err)
}
client.Do(req)
if got, want := authed, false; got != want {
t.Fatalf("authed: got %t, want %t", got, want)
}
req, err = http.NewRequest("GET", s.URL+"?public=username&private=password", new(bytes.Buffer))
if err != nil {
t.Fatalf("http.NewRequest error: %s", err)
}
client.Do(req)
if got, want := authed, true; got != want {
t.Fatalf("authed: got %t, want %t")
}
authedU, ok := user.FromContext(userContext)
if got, want := ok, true; got != want {
t.Fatalf("_, ok := user.FromContext: got %t, want %t")
}
if got, want := data.Equivalent(authedU, u), true; got != want {
t.Errorf("data.Equivalent(authedU, u): got %t, want %t", got, want)
}
}
func TestAuthenticatePostForm(t *testing.T) {
ctx := context.Background()
db := mem.NewDB()
logger := services.NewTestLogger(t)
var userContext context.Context
var authed bool
s := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
userContext, authed = routes.Authenticate(ctx, w, r, logger, db)
if authed {
w.WriteHeader(http.StatusOK)
}
}))
defer s.Close()
u, _, err := user.Create(db, "username", "password")
if err != nil {
t.Fatalf("user.Create(db, \"username\", \"password\") error: %s", err)
}
client := new(http.Client)
client.PostForm(s.URL, url.Values{
"public": []string{"username"},
"private": []string{"password"},
})
if got, want := authed, true; got != want {
t.Fatalf("authed: got %t, want %t", got, want)
}
authedU, ok := user.FromContext(userContext)
if got, want := ok, true; got != want {
t.Fatalf("_, ok := user.FromContext: got %t, want %t", got, want)
}
if got, want := data.Equivalent(authedU, u), true; got != want {
t.Fatal("data.Equivalent(authedU, u): got %t ,want %t", got, want)
}
}
// --- TestAuthenticateSession {{{
func TestAuthenticateSession(t *testing.T) {
ctx := context.Background()
db := mem.NewDB()
logger := services.NewTestLogger(t)
var userContext context.Context
var authed bool
s := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
userContext, authed = routes.Authenticate(ctx, w, r, logger, db)
if authed {
w.WriteHeader(http.StatusOK)
}
}))
defer s.Close()
u, _, err := user.Create(db, "username", "password")
if err != nil {
t.Fatalf("user.Create(db, \"username\", \"password\") error: %s", err)
}
client := new(http.Client)
req, err := http.NewRequest("GET", s.URL, new(bytes.Buffer))
if err != nil {
t.Fatalf("http.NewRequest error: %s", err)
}
req.AddCookie(&http.Cookie{
Name: "elos-session-token",
Value: "garbage",
})
client.Do(req)
if got, want := authed, false; got != want {
t.Errorf("authed: got %t, want %t", got, want)
}
sesh := models.NewSessionForUser(u)
sesh.SetID(db.NewID())
if err := db.Save(sesh); err != nil {
t.Fatalf("db.Save(sesh) error: %s", err)
}
req, err = http.NewRequest("GET", s.URL, new(bytes.Buffer))
if err != nil {
t.Fatalf("http.NewRequest error: %s", err)
}
req.AddCookie(&http.Cookie{
Name: "elos-session-token",
Value: sesh.Token,
})
client.Do(req)
if got, want := authed, true; got != want {
t.Fatalf("authed: got %t, want %t", got, want)
}
authedU, ok := user.FromContext(userContext)
if got, want := ok, true; got != want {
t.Fatalf("_, ok := user.FromContext: got %t, want %t", got, want)
}
if got, want := data.Equivalent(authedU, u), true; got != want {
t.Errorf("data.Equivalent(authedU, u): got %t, want %t", got, want)
}
}