func TestVerifyPassword(t *testing.T) { // Test valid passwords assert.Nil(t, password.VerifyPassword( "$2a$10$CUoGytf1pR7CC6Y043gt/.vFJUV4IRqvH5R6F0VfITP8s2TqrQ.4e", "test_secret", )) assert.Nil(t, password.VerifyPassword( "$2a$10$4J4t9xuWhOKhfjN0bOKNReS9sL3BVSN9zxIr2.VaWWQfRBWh1dQIS", "test_password", )) // Test invalid password assert.NotNil(t, password.VerifyPassword("bogus", "password")) }
func (suite *OauthTestSuite) TestSetPassword() { var ( user *oauth.User err error ) // Insert a test user without a password user = &oauth.User{ RoleID: util.StringOrNull(roles.User), Username: "******", Password: util.StringOrNull(""), } err = suite.db.Create(user).Error assert.NoError(suite.T(), err, "Inserting test data failed") // Try to set an empty password err = suite.service.SetPassword(user, "") // Correct error should be returned if assert.NotNil(suite.T(), err) { assert.Equal(suite.T(), oauth.ErrPasswordTooShort, err) } // Try changing the password err = suite.service.SetPassword(user, "test_password") // Error should be nil assert.Nil(suite.T(), err) // User object should have been updated assert.Equal(suite.T(), "test@user_nopass", user.Username) assert.Nil(suite.T(), pass.VerifyPassword(user.Password.String, "test_password")) }
// AuthClient authenticates client func (s *Service) AuthClient(clientID, secret string) (*Client, error) { // Fetch the client client, err := s.FindClientByClientID(clientID) if err != nil { return nil, ErrClientNotFound } // Verify the secret if password.VerifyPassword(client.Secret, secret) != nil { return nil, ErrInvalidClientSecret } return client, nil }
// AuthUser authenticates user func (s *Service) AuthUser(username, password string) (*User, error) { // Fetch the user user, err := s.FindUserByUsername(username) if err != nil { return nil, err } // Check that the password is set if !user.Password.Valid { return nil, ErrUserPasswordNotSet } // Verify the password if pass.VerifyPassword(user.Password.String, password) != nil { return nil, ErrInvalidUserPassword } return user, nil }
func (suite *AccountsTestSuite) TestUpdateUser() { testUser, testAccessToken, err := suite.insertTestUser( "harold@finch", "test_password", "Harold", "Finch") assert.NoError(suite.T(), err, "Failed to insert a test user") payload, err := json.Marshal(&accounts.UserRequest{ FirstName: "John", LastName: "Reese", }) assert.NoError(suite.T(), err, "JSON marshalling failed") r, err := http.NewRequest( "PUT", fmt.Sprintf("http://1.2.3.4/v1/users/%d", testUser.ID), bytes.NewBuffer(payload), ) assert.NoError(suite.T(), err, "Request setup should not get an error") r.Header.Set("Authorization", fmt.Sprintf("Bearer %s", testAccessToken.Token)) // Check the routing match := new(mux.RouteMatch) suite.router.Match(r, match) if assert.NotNil(suite.T(), match.Route) { assert.Equal(suite.T(), "update_user", match.Route.GetName()) } // Count before var countBefore int suite.db.Model(new(accounts.User)).Count(&countBefore) // And serve the request w := httptest.NewRecorder() suite.router.ServeHTTP(w, r) // Check that the mock object expectations were met suite.assertMockExpectations() // Count after var countAfter int suite.db.Model(new(accounts.User)).Count(&countAfter) assert.Equal(suite.T(), countBefore, countAfter) // Fetch the updated user user := new(accounts.User) notFound := accounts.UserPreload(suite.db).First(user, testUser.ID).RecordNotFound() assert.False(suite.T(), notFound) // Check that the password has NOT changed assert.NoError(suite.T(), password.VerifyPassword( user.OauthUser.Password.String, "test_password", )) // And correct data was saved assert.Equal(suite.T(), "harold@finch", user.OauthUser.Username) assert.Equal(suite.T(), "John", user.FirstName.String) assert.Equal(suite.T(), "Reese", user.LastName.String) assert.Equal(suite.T(), roles.User, user.OauthUser.RoleID.String) assert.False(suite.T(), user.Confirmed) // Check the response expected := &accounts.UserResponse{ Hal: jsonhal.Hal{ Links: map[string]*jsonhal.Link{ "self": &jsonhal.Link{ Href: fmt.Sprintf("/v1/users/%d", user.ID), }, }, }, ID: user.ID, Email: "harold@finch", FirstName: "John", LastName: "Reese", Role: roles.User, Confirmed: false, CreatedAt: util.FormatTime(&user.CreatedAt), UpdatedAt: util.FormatTime(&user.UpdatedAt), } testutil.TestResponseObject(suite.T(), w, expected, 200) }
func (suite *AccountsTestSuite) TestConfirmInvitation() { var ( testOauthUser *oauth.User testUser *accounts.User testInvitation *accounts.Invitation err error ) // Insert a test user testOauthUser, err = suite.service.GetOauthService().CreateUser( roles.User, "harold@finch", "", // blank password ) assert.NoError(suite.T(), err, "Failed to insert a test oauth user") testUser, err = accounts.NewUser( suite.accounts[0], testOauthUser, "", //facebook ID false, // confirmed &accounts.UserRequest{ FirstName: "Harold", LastName: "Finch", }, ) assert.NoError(suite.T(), err, "Failed to create a new user object") err = suite.db.Create(testUser).Error assert.NoError(suite.T(), err, "Failed to insert a test user") testUser.Account = suite.accounts[0] testUser.OauthUser = testOauthUser // Insert a test invitation testInvitation, err = accounts.NewInvitation( testUser, suite.users[0], suite.cnf.AppSpecific.InvitationLifetime, ) assert.NoError(suite.T(), err, "Failed to create a new invitation object") err = suite.db.Create(testInvitation).Error assert.NoError(suite.T(), err, "Failed to insert a test invitation") testInvitation.InvitedUser = testUser testInvitation.InvitedByUser = suite.users[0] // Prepare a request payload, err := json.Marshal(&accounts.ConfirmInvitationRequest{ PasswordRequest: accounts.PasswordRequest{Password: "******"}, }) assert.NoError(suite.T(), err, "JSON marshalling failed") r, err := http.NewRequest( "POST", fmt.Sprintf("http://1.2.3.4/v1/invitations/%s", testInvitation.Reference), bytes.NewBuffer(payload), ) assert.NoError(suite.T(), err, "Request setup should not get an error") r.Header.Set( "Authorization", fmt.Sprintf( "Basic %s", b64.StdEncoding.EncodeToString([]byte("test_client_1:test_secret")), ), ) // Check the routing match := new(mux.RouteMatch) suite.router.Match(r, match) if assert.NotNil(suite.T(), match.Route) { assert.Equal(suite.T(), "confirm_invitation", match.Route.GetName()) } // Count before var countBefore int suite.db.Model(new(accounts.Invitation)).Count(&countBefore) // And serve the request w := httptest.NewRecorder() suite.router.ServeHTTP(w, r) // Count after var countAfter int suite.db.Model(new(accounts.Invitation)).Count(&countAfter) assert.Equal(suite.T(), countBefore-1, countAfter) // Fetch the updated user user := new(accounts.User) notFound := accounts.UserPreload(suite.db).First(user, testUser.ID).RecordNotFound() assert.False(suite.T(), notFound) // Invitation should have been soft deleted assert.True(suite.T(), suite.db.First(new(accounts.Invitation), testInvitation.ID).RecordNotFound()) // And correct data was saved assert.Nil(suite.T(), pass.VerifyPassword(user.OauthUser.Password.String, "test_password")) // Check the response expected, err := accounts.NewInvitationResponse(testInvitation) assert.NoError(suite.T(), err, "Failed to create expected response object") testutil.TestResponseObject(suite.T(), w, expected, 200) }
func (suite *AccountsTestSuite) TestUpdateUserPassword() { var ( testOauthUser *oauth.User testUser *accounts.User testAccessToken *oauth.AccessToken err error ) // Insert a test user testOauthUser, err = suite.service.GetOauthService().CreateUser( roles.User, "harold@finch", "test_password", ) assert.NoError(suite.T(), err, "Failed to insert a test oauth user") testUser, err = accounts.NewUser( suite.accounts[0], testOauthUser, "", //facebook ID false, // confirmed &accounts.UserRequest{ FirstName: "Harold", LastName: "Finch", }, ) assert.NoError(suite.T(), err, "Failed to create a new user object") err = suite.db.Create(testUser).Error assert.NoError(suite.T(), err, "Failed to insert a test user") testUser.Account = suite.accounts[0] testUser.OauthUser = testOauthUser // Login the test user testAccessToken, _, err = suite.service.GetOauthService().Login( suite.accounts[0].OauthClient, testUser.OauthUser, "read_write", // scope ) assert.NoError(suite.T(), err, "Failed to login the test user") payload, err := json.Marshal(&accounts.UserRequest{ Password: "******", NewPassword: "******", }) assert.NoError(suite.T(), err, "JSON marshalling failed") r, err := http.NewRequest( "PUT", fmt.Sprintf("http://1.2.3.4/v1/users/%d", testUser.ID), bytes.NewBuffer(payload), ) assert.NoError(suite.T(), err, "Request setup should not get an error") r.Header.Set("Authorization", fmt.Sprintf("Bearer %s", testAccessToken.Token)) // Check the routing match := new(mux.RouteMatch) suite.router.Match(r, match) if assert.NotNil(suite.T(), match.Route) { assert.Equal(suite.T(), "update_user", match.Route.GetName()) } // Count before var countBefore int suite.db.Model(new(accounts.User)).Count(&countBefore) // And serve the request w := httptest.NewRecorder() suite.router.ServeHTTP(w, r) // Check that the mock object expectations were met suite.assertMockExpectations() // Count after var countAfter int suite.db.Model(new(accounts.User)).Count(&countAfter) assert.Equal(suite.T(), countBefore, countAfter) // Fetch the updated user user := new(accounts.User) notFound := accounts.UserPreload(suite.db).First(user, testUser.ID).RecordNotFound() assert.False(suite.T(), notFound) // Check that the password has changed assert.Error(suite.T(), password.VerifyPassword( user.OauthUser.Password.String, "test_password", )) assert.NoError(suite.T(), password.VerifyPassword( user.OauthUser.Password.String, "some_new_password", )) // And the user meta data is unchanged assert.Equal(suite.T(), "harold@finch", user.OauthUser.Username) assert.Equal(suite.T(), "Harold", user.FirstName.String) assert.Equal(suite.T(), "Finch", user.LastName.String) assert.Equal(suite.T(), roles.User, user.OauthUser.RoleID.String) assert.False(suite.T(), user.Confirmed) // Check the response expected := &accounts.UserResponse{ Hal: jsonhal.Hal{ Links: map[string]*jsonhal.Link{ "self": &jsonhal.Link{ Href: fmt.Sprintf("/v1/users/%d", user.ID), }, }, }, ID: user.ID, Email: "harold@finch", FirstName: "Harold", LastName: "Finch", Role: roles.User, Confirmed: false, CreatedAt: util.FormatTime(&user.CreatedAt), UpdatedAt: util.FormatTime(&user.UpdatedAt), } testutil.TestResponseObject(suite.T(), w, expected, 200) }