func Test_LoginRedirectAfterLoginRequired(t *testing.T) { recorder := httptest.NewRecorder() n := negroni.New() n.Use(sessions.Sessions("my_session", sessions.NewCookieStore([]byte("secret123")))) n.Use(Google( goauth2.Client("client_id", "client_secret"), goauth2.RedirectURL("refresh_url"), goauth2.Scope("x", "y"), )) n.Use(LoginRequired()) mux := http.NewServeMux() mux.HandleFunc("/login-required", func(w http.ResponseWriter, req *http.Request) { t.Log("hi there") fmt.Fprintf(w, "OK") }) n.UseHandler(mux) r, _ := http.NewRequest("GET", "/login-required?key=value", nil) n.ServeHTTP(recorder, r) location := recorder.HeaderMap["Location"][0] if recorder.Code != 302 { t.Errorf("Not being redirected to the auth page.") } if location != "/login?next=%2Flogin-required%3Fkey%3Dvalue" { t.Errorf("Not being redirected to the right page, %v found", location) } }
func Test_LogoutOnAccessTokenExpiration(t *testing.T) { recorder := httptest.NewRecorder() s := sessions.NewCookieStore([]byte("secret123")) n := negroni.Classic() n.Use(sessions.Sessions("my_session", s)) n.Use(Google( goauth2.Client("foo", "foo"), goauth2.RedirectURL("foo"), )) mux := http.NewServeMux() mux.HandleFunc("/addtoken", func(w http.ResponseWriter, req *http.Request) { SetToken(req, "dummy token") fmt.Fprintf(w, "OK") }) mux.HandleFunc("/", func(w http.ResponseWriter, req *http.Request) { tok := GetToken(req) if tok != nil { t.Errorf("User not logged out although access token is expired. %v\n", tok) } }) n.UseHandler(mux) addtoken, _ := http.NewRequest("GET", "/addtoken", nil) index, _ := http.NewRequest("GET", "/", nil) n.ServeHTTP(recorder, addtoken) n.ServeHTTP(recorder, index) }
func main() { secureMux := http.NewServeMux() // Routes that require a logged in user // can be protected by using a separate route handler // If the user is not authenticated, they will be // redirected to the login path. secureMux.HandleFunc("/restrict", func(w http.ResponseWriter, req *http.Request) { token := oauth2.GetToken(req) fmt.Fprintf(w, "OK: %s", token.Access()) }) secure := negroni.New() secure.Use(oauth2.LoginRequired()) secure.UseHandler(secureMux) n := negroni.New() n.Use(sessions.Sessions("my_session", sessions.NewCookieStore([]byte("secret123")))) n.Use(oauth2.Google( goauth2.Client("client_id", "client_secret"), goauth2.RedirectURL("redirect_url"), goauth2.Scope("https://www.googleapis.com/auth/drive"), )) router := http.NewServeMux() //routes added to mux do not require authentication router.HandleFunc("/", func(w http.ResponseWriter, req *http.Request) { token := oauth2.GetToken(req) if token == nil || token.Expired() { fmt.Fprintf(w, "not logged in, or the access token is expired") return } fmt.Fprintf(w, "logged in") return }) //There is probably a nicer way to handle this than repeat the restricted routes again //of course, you could use something like gorilla/mux and define prefix / regex etc. router.Handle("/restrict", secure) n.UseHandler(router) n.Run(":3000") }
func Test_LoginRedirect(t *testing.T) { recorder := httptest.NewRecorder() n := negroni.New() n.Use(sessions.Sessions("my_session", sessions.NewCookieStore([]byte("secret123")))) n.Use(Google( goauth2.Client("client_id", "client_secret"), goauth2.RedirectURL("refresh_url"), goauth2.Scope("x", "y"), )) r, _ := http.NewRequest("GET", "/login", nil) n.ServeHTTP(recorder, r) location := recorder.HeaderMap["Location"][0] if recorder.Code != 302 { t.Errorf("Not being redirected to the auth page.") } t.Logf(location) if strings.HasPrefix("https://accounts.google.com/o/oauth2/auth?access_type=online&approval_prompt=auto&client_id=client_id&redirect_uri=refresh_url&response_type=code&scope=x+y&state=", location) { t.Errorf("Not being redirected to the right page, %v found", location) } }
func Test_Logout(t *testing.T) { recorder := httptest.NewRecorder() s := sessions.NewCookieStore([]byte("secret123")) n := negroni.Classic() n.Use(sessions.Sessions("my_session", s)) n.Use(Google( goauth2.Client("foo", "foo"), goauth2.RedirectURL("foo"), )) mux := http.NewServeMux() mux.HandleFunc("/", func(w http.ResponseWriter, req *http.Request) { SetToken(req, "dummy token") fmt.Fprintf(w, "OK") }) mux.HandleFunc("/get", func(w http.ResponseWriter, req *http.Request) { tok := GetToken(req) if tok != nil { t.Errorf("User credentials are still kept in the session.") } fmt.Fprintf(w, "OK") }) n.UseHandler(mux) logout, _ := http.NewRequest("GET", "/logout", nil) index, _ := http.NewRequest("GET", "/", nil) n.ServeHTTP(httptest.NewRecorder(), index) n.ServeHTTP(recorder, logout) if recorder.Code != 302 { t.Errorf("Not being redirected to the next page.") } }
func Test_LoginRequired(t *testing.T) { recorder := httptest.NewRecorder() n := negroni.Classic() n.Use(sessions.Sessions("my_session", sessions.NewCookieStore([]byte("secret123")))) n.Use(Google( goauth2.Client("foo", "foo"), goauth2.RedirectURL("foo"), )) n.Use(LoginRequired()) mux := http.NewServeMux() mux.HandleFunc("/", func(w http.ResponseWriter, req *http.Request) { fmt.Fprintf(w, "OK") }) n.UseHandler(mux) r, _ := http.NewRequest("GET", "/", nil) n.ServeHTTP(recorder, r) if recorder.Code != 302 { t.Errorf("Not being redirected to the auth page although user is not logged in. %d\n", recorder.Code) } }