func TestJwtUnknownUser(t *testing.T) { // Setup jwt c := &JwtAuthConfig{} c.Admin.PrivateKey = "Key" c.User.PrivateKey = "UserKey" j := NewJwtAuth(c) tests.Assert(t, j != nil) // Setup middleware framework n := negroni.New(j) tests.Assert(t, n != nil) // Create a simple middleware to check if it was called called := false mw := func(rw http.ResponseWriter, r *http.Request) { called = true } n.UseHandlerFunc(mw) // Create test server ts := httptest.NewServer(n) // Create token with invalid user token := jwt.New(jwt.SigningMethodHS256) token.Claims["iat"] = time.Now().Unix() token.Claims["exp"] = time.Now().Add(time.Second * 5).Unix() token.Claims["iss"] = "someotheruser" tokenString, err := token.SignedString([]byte("Key")) tests.Assert(t, err == nil) // Setup header req, err := http.NewRequest("GET", ts.URL, nil) tests.Assert(t, err == nil) // Miss 'bearer' string req.Header.Set("Authorization", "bearer "+tokenString) r, err := http.DefaultClient.Do(req) tests.Assert(t, err == nil) tests.Assert(t, r.StatusCode == http.StatusUnauthorized) tests.Assert(t, called == false) s, err := utils.GetStringFromResponse(r) tests.Assert(t, err == nil) tests.Assert(t, strings.Contains(s, "Unknown user")) }
func TestNodePeerDetachFailure(t *testing.T) { tmpfile := tests.Tempfile() defer os.Remove(tmpfile) // Create the app app := NewTestApp(tmpfile) defer app.Close() router := mux.NewRouter() app.SetRoutes(router) // Setup the server ts := httptest.NewServer(router) defer ts.Close() // Create a cluster. We do not want // any drives in the node so we can delete easily err := setupSampleDbWithTopology(app, 1, // clusters 4, // nodes_per_cluster 0, // devices_per_node, 50*GB, // disksize) ) tests.Assert(t, err == nil) // Setup the mock peer probe to fail peer_called := false peer_calls := 0 app.xo.MockPeerDetach = func(exec_host, newnode string) error { peer_calls++ peer_called = true return errors.New("Mock") } // Get a node id var nodeid string err = app.db.View(func(tx *bolt.Tx) error { clusterlist, err := ClusterList(tx) if err != nil { return err } cluster, err := NewClusterEntryFromId(tx, clusterlist[0]) if err != nil { return err } nodeid = cluster.Info.Nodes[0] return nil }) tests.Assert(t, err == nil) tests.Assert(t, nodeid != "") // Delete node req, err := http.NewRequest("DELETE", ts.URL+"/nodes/"+nodeid, nil) tests.Assert(t, err == nil) r, err := http.DefaultClient.Do(req) tests.Assert(t, err == nil) tests.Assert(t, r.StatusCode == http.StatusAccepted) location, err := r.Location() tests.Assert(t, err == nil) // Since we forced the MockPeerDetach above to fail, the request should fail for { r, err = http.Get(location.String()) tests.Assert(t, err == nil) if r.Header.Get("X-Pending") == "true" { tests.Assert(t, r.StatusCode == http.StatusOK) time.Sleep(time.Millisecond * 10) } else { tests.Assert(t, r.StatusCode == http.StatusInternalServerError) s, err := utils.GetStringFromResponse(r) tests.Assert(t, err == nil) tests.Assert(t, strings.TrimSpace(s) == "Mock") tests.Assert(t, peer_called == true) tests.Assert(t, peer_calls == 1) break } } // Check that the node is still in the db err = app.db.View(func(tx *bolt.Tx) error { clusters, err := ClusterList(tx) if err != nil { return err } cluster, err := NewClusterEntryFromId(tx, clusters[0]) if err != nil { return err } tests.Assert(t, utils.SortedStringHas(cluster.Info.Nodes, nodeid)) _, err = NewNodeEntryFromId(tx, nodeid) return err }) tests.Assert(t, err == nil) }
func TestNodePeerProbeFailure(t *testing.T) { tmpfile := tests.Tempfile() defer os.Remove(tmpfile) // Create the app app := NewTestApp(tmpfile) defer app.Close() router := mux.NewRouter() app.SetRoutes(router) // Setup the server ts := httptest.NewServer(router) defer ts.Close() // Create a cluster. We at least one // other node in the same cluster to execute a probe err := setupSampleDbWithTopology(app, 1, // clusters 4, // nodes_per_cluster 4, // devices_per_node, 50*GB, // disksize) ) tests.Assert(t, err == nil) // Setup the mock peer probe to fail peerprobe_called := false peerprobe_calls := 0 app.xo.MockPeerProbe = func(exec_host, newnode string) error { peerprobe_calls++ peerprobe_called = true return errors.New("Mock") } // Get cluter id var clusterlist []string err = app.db.View(func(tx *bolt.Tx) error { var err error clusterlist, err = ClusterList(tx) return err }) tests.Assert(t, err == nil) tests.Assert(t, len(clusterlist) == 1) clusterid := clusterlist[0] // Create a node request := []byte(`{ "cluster" : "` + clusterid + `", "hostnames" : { "storage" : [ "storage.hostname.com" ], "manage" : [ "manage.hostname.com" ] }, "zone" : 1 }`) // Create node r, err := http.Post(ts.URL+"/nodes", "application/json", bytes.NewBuffer(request)) tests.Assert(t, err == nil) tests.Assert(t, r.StatusCode == http.StatusAccepted) location, err := r.Location() tests.Assert(t, err == nil) // Since we forced the MockPeerProbe above to fail, the request should fail for { r, err = http.Get(location.String()) tests.Assert(t, err == nil) if r.Header.Get("X-Pending") == "true" { tests.Assert(t, r.StatusCode == http.StatusOK) time.Sleep(time.Millisecond * 10) } else { tests.Assert(t, r.StatusCode == http.StatusInternalServerError) s, err := utils.GetStringFromResponse(r) tests.Assert(t, err == nil) tests.Assert(t, strings.TrimSpace(s) == "Mock") tests.Assert(t, peerprobe_called == true) tests.Assert(t, peerprobe_calls == 1) break } } // Check that the node has not been added to the db var nodelist []string var cluster *ClusterEntry err = app.db.View(func(tx *bolt.Tx) error { var err error cluster, err = NewClusterEntryFromId(tx, clusterid) if err != nil { return err } nodelist = EntryKeys(tx, BOLTDB_BUCKET_NODE) return nil }) tests.Assert(t, err == nil) tests.Assert(t, len(nodelist) == 4) tests.Assert(t, len(cluster.Info.Nodes) == 4) }
func TestNodeAddBadRequests(t *testing.T) { tmpfile := tests.Tempfile() defer os.Remove(tmpfile) // Create the app app := NewTestApp(tmpfile) defer app.Close() router := mux.NewRouter() app.SetRoutes(router) // Setup the server ts := httptest.NewServer(router) defer ts.Close() // ClusterCreate JSON Request request := []byte(`{ bad json }`) // Post bad JSON r, err := http.Post(ts.URL+"/nodes", "application/json", bytes.NewBuffer(request)) tests.Assert(t, err == nil) tests.Assert(t, r.StatusCode == 422) // Make a request without hostnames request = []byte(`{ "cluster" : "123", "hostname" : {} }`) // Post bad JSON r, err = http.Post(ts.URL+"/nodes", "application/json", bytes.NewBuffer(request)) tests.Assert(t, err == nil) tests.Assert(t, r.StatusCode == http.StatusBadRequest) // Make a request with only manage hostname request = []byte(`{ "cluster" : "123", "hostnames" : { "manage" : [ "manage.hostname.com" ] } }`) // Post bad JSON r, err = http.Post(ts.URL+"/nodes", "application/json", bytes.NewBuffer(request)) tests.Assert(t, err == nil) tests.Assert(t, r.StatusCode == http.StatusBadRequest) // Make a request with only storage hostname request = []byte(`{ "cluster" : "123", "hostnames" : { "storage" : [ "storage.hostname.com" ] } }`) // Post bad JSON r, err = http.Post(ts.URL+"/nodes", "application/json", bytes.NewBuffer(request)) tests.Assert(t, err == nil) tests.Assert(t, r.StatusCode == http.StatusBadRequest) // Make a request where the hostnames are empty strings request = []byte(`{ "cluster" : "123", "hostnames" : { "storage" : [ "" ], "manage" : [ "" ] }, "zone" : 10 }`) // Check that it returns that the cluster id is not found r, err = http.Post(ts.URL+"/nodes", "application/json", bytes.NewBuffer(request)) tests.Assert(t, err == nil) tests.Assert(t, r.StatusCode == http.StatusBadRequest) s, err := utils.GetStringFromResponse(r) tests.Assert(t, err == nil) tests.Assert(t, strings.Contains(s, "empty string")) // Make a request where the cluster id does not exist request = []byte(`{ "cluster" : "123", "hostnames" : { "storage" : [ "storage.hostname.com" ], "manage" : [ "manage.hostname.com" ] }, "zone" : 10 }`) // Check that it returns that the cluster id is not found r, err = http.Post(ts.URL+"/nodes", "application/json", bytes.NewBuffer(request)) tests.Assert(t, err == nil) tests.Assert(t, r.StatusCode == http.StatusNotFound, r.StatusCode) }
func TestJwtGarbageToken(t *testing.T) { // Setup jwt c := &JwtAuthConfig{} c.Admin.PrivateKey = "Key" c.User.PrivateKey = "UserKey" j := NewJwtAuth(c) tests.Assert(t, j != nil) // Setup middleware framework n := negroni.New(j) tests.Assert(t, n != nil) // Create a simple middleware to check if it was called called := false mw := func(rw http.ResponseWriter, r *http.Request) { called = true } n.UseHandlerFunc(mw) // Create test server ts := httptest.NewServer(n) // Setup header req, err := http.NewRequest("GET", ts.URL, nil) tests.Assert(t, err == nil) // Miss 'bearer' string req.Header.Set("Authorization", "123456770309238402938402398409234") // Call r, err := http.DefaultClient.Do(req) tests.Assert(t, err == nil) tests.Assert(t, r.StatusCode == http.StatusBadRequest) tests.Assert(t, called == false) s, err := utils.GetStringFromResponse(r) tests.Assert(t, err == nil) tests.Assert(t, strings.Contains(s, "Authorization header format must be Bearer")) // Setup header req, err = http.NewRequest("GET", ts.URL, nil) tests.Assert(t, err == nil) req.Header.Set("Authorization", "bearer") // Call r, err = http.DefaultClient.Do(req) tests.Assert(t, err == nil) tests.Assert(t, r.StatusCode == http.StatusBadRequest) tests.Assert(t, called == false) s, err = utils.GetStringFromResponse(r) tests.Assert(t, err == nil) tests.Assert(t, strings.Contains(s, "Authorization header format must be Bearer")) // Setup header req, err = http.NewRequest("GET", ts.URL, nil) tests.Assert(t, err == nil) req.Header.Set("Authorization", "bearer 123456770309238402938402398409234") // Call r, err = http.DefaultClient.Do(req) tests.Assert(t, err == nil) tests.Assert(t, r.StatusCode == http.StatusUnauthorized) tests.Assert(t, called == false) s, err = utils.GetStringFromResponse(r) tests.Assert(t, err == nil) tests.Assert(t, strings.Contains(s, "token contains an invalid number of segments")) }
func TestJwtInvalidToken(t *testing.T) { // Setup jwt c := &JwtAuthConfig{} c.Admin.PrivateKey = "Key" c.User.PrivateKey = "UserKey" j := NewJwtAuth(c) tests.Assert(t, j != nil) // Setup middleware framework n := negroni.New(j) tests.Assert(t, n != nil) // Create a simple middleware to check if it was called called := false mw := func(rw http.ResponseWriter, r *http.Request) { called = true } n.UseHandlerFunc(mw) // Create test server ts := httptest.NewServer(n) // Create token with missing 'iss' claim token := jwt.New(jwt.SigningMethodHS256) token.Claims["iat"] = time.Now().Unix() token.Claims["exp"] = time.Now().Add(time.Second * 5).Unix() tokenString, err := token.SignedString([]byte("Key")) tests.Assert(t, err == nil) // Setup header req, err := http.NewRequest("GET", ts.URL, nil) tests.Assert(t, err == nil) // Miss 'bearer' string req.Header.Set("Authorization", "bearer "+tokenString) r, err := http.DefaultClient.Do(req) tests.Assert(t, err == nil) tests.Assert(t, r.StatusCode == http.StatusUnauthorized) tests.Assert(t, called == false) s, err := utils.GetStringFromResponse(r) tests.Assert(t, err == nil) tests.Assert(t, strings.Contains(s, "Token missing iss claim")) // Create an expired token token = jwt.New(jwt.SigningMethodHS256) token.Claims["iat"] = time.Now().Unix() token.Claims["exp"] = time.Now().Add(time.Millisecond).Unix() token.Claims["iss"] = "admin" tokenString, err = token.SignedString([]byte("Key")) tests.Assert(t, err == nil) // Wait a bit time.Sleep(time.Second) // Setup header req, err = http.NewRequest("GET", ts.URL, nil) tests.Assert(t, err == nil) // Send request req.Header.Set("Authorization", "bearer "+tokenString) r, err = http.DefaultClient.Do(req) tests.Assert(t, err == nil) tests.Assert(t, r.StatusCode == http.StatusUnauthorized) tests.Assert(t, called == false) s, err = utils.GetStringFromResponse(r) tests.Assert(t, err == nil) tests.Assert(t, strings.Contains(s, "token is expired")) // Create missing 'qsh' claim token = jwt.New(jwt.SigningMethodHS256) token.Claims["iat"] = time.Now().Unix() token.Claims["exp"] = time.Now().Add(time.Second * 10).Unix() token.Claims["iss"] = "admin" tokenString, err = token.SignedString([]byte("Key")) tests.Assert(t, err == nil) // Setup header req, err = http.NewRequest("GET", ts.URL, nil) tests.Assert(t, err == nil) // Send request req.Header.Set("Authorization", "bearer "+tokenString) r, err = http.DefaultClient.Do(req) tests.Assert(t, err == nil) tests.Assert(t, r.StatusCode == http.StatusUnauthorized) tests.Assert(t, called == false) s, err = utils.GetStringFromResponse(r) tests.Assert(t, err == nil) tests.Assert(t, strings.Contains(s, "Invalid qsh claim in token")) // Create an invalid 'qsh' claim token = jwt.New(jwt.SigningMethodHS256) token.Claims["iat"] = time.Now().Unix() token.Claims["exp"] = time.Now().Add(time.Second * 10).Unix() token.Claims["iss"] = "admin" token.Claims["qsh"] = "12343345678945678a" tokenString, err = token.SignedString([]byte("Key")) tests.Assert(t, err == nil) // Setup header req, err = http.NewRequest("GET", ts.URL, nil) tests.Assert(t, err == nil) // Send request req.Header.Set("Authorization", "bearer "+tokenString) r, err = http.DefaultClient.Do(req) tests.Assert(t, err == nil) tests.Assert(t, r.StatusCode == http.StatusUnauthorized) tests.Assert(t, called == false) s, err = utils.GetStringFromResponse(r) tests.Assert(t, err == nil) tests.Assert(t, strings.Contains(s, "Invalid qsh claim in token")) }