func (h *Handler) authenticationLoginService(w http.ResponseWriter, r *http.Request) {
counter := metrics.GetOrRegisterCounter(statAuthFail, h.statMap)
req, err := unmarshalRequest(r)
if err != nil {
httpError(w, "Login failed", false, http.StatusInternalServerError)
return
}
if req.GrantType != "urn:ietf:params:oauth:grant-type:jwt-bearer" {
counter.Inc(1)
httpError(w, "grant type must be urn:ietf:params:oauth:grant-type:jwt-bearer to request a password", false, http.StatusInternalServerError)
return
}
if req.Username == "" || req.Password == "" {
counter.Inc(1)
httpError(w, "username or password missing", false, http.StatusForbidden)
return
}
jwtResponse, err := models.UserSignIn(h.Cassandra, req.Username, req.Password, req.GrantType)
if err != nil {
counter.Inc(1)
httpError(w, err.Error(), false, http.StatusForbidden)
return
}
w.Header().Add("content-type", "application/json")
w.Write(MarshalJSON(jwtResponse, false))
}
func TestUser_Authentication_WithInCorrectPassword(t *testing.T) {
initUser(nil)
_, err := models.UserSignIn(dbConn(), "*****@*****.**", "test1235", "password")
if err == nil {
t.Fatalf("Incorrect password was accepted!")
}
}
func TestUser_Authentication_WithCorrectPassword(t *testing.T) {
initUser(nil)
_, err := models.UserSignIn(dbConn(), "*****@*****.**", "test1234", "password")
if err != nil {
t.Fatalf("Correct password was not accepted! %v", err.Error())
}
}
func TestUser_Authentication_WithoutData(t *testing.T) {
initUser(nil)
_, err := models.UserSignIn(dbConn(), "", "", "")
if err == nil {
t.Fatalf("User was signed in without an email oO")
}
}
func TestUser_Change_Passwd_ValidCurrent(t *testing.T) {
//UserChangePassword
initUser(nil)
c := dbConn()
req, err := models.UserSignIn(c, "*****@*****.**", "test1234", "password")
if err != nil {
t.Fatalf("login failed unexpectedly")
return
}
u, err := models.VerifyUserRequest(c, req.AccessToken)
if _, err := models.UserChangePassword(c, u, "test1234", "test12345"); err != nil {
t.Fatalf("password change failed unexpectedly")
return
}
if _, err := models.UserSignIn(c, "*****@*****.**", "test12345", "password"); err != nil {
t.Fatalf("second login failed unexpectedly")
return
}
}
func TestUser_IsBanned(t *testing.T) {
user := mockUser()
user.IsBanned = true
initUser(user)
_, err := models.UserSignIn(dbConn(), "*****@*****.**", "test1234", "password")
if err == nil {
t.Fatalf("Banned User was allowed into the system")
}
if err.Error() != "We were not able to log you in!" {
t.Fatalf("Wrong message was printed")
}
}
func TestUser_AccessTokenValid(t *testing.T) {
//VerifyUserRequest
initUser(nil)
c := dbConn()
user, err := models.UserSignIn(c, "*****@*****.**", "test1234", "password")
if err != nil {
t.Fatalf("Sign in failed unexpectedly")
}
initJwtUser(nil, user.AccessToken)
if _, err := models.VerifyUserRequest(c, user.AccessToken); err != nil {
t.Fatalf("Access token verification failed")
}
}
func TestUser_AccessTokenInValid(t *testing.T) {
//VerifyUserRequest
initUser(nil)
fuser := mockJwtUser("1234")
c := dbConn()
user, err := models.UserSignIn(c, "*****@*****.**", "test1234", "password")
if err != nil {
t.Fatalf("Sign in failed unexpectedly")
}
initJwtUser(fuser, user.AccessToken)
if _, err := models.VerifyUserRequest(c, "1234"); err == nil {
t.Fatalf("Access token accidientially Verified. Should be false")
}
}