-
Notifications
You must be signed in to change notification settings - Fork 0
/
handler_auth_test.go
166 lines (126 loc) · 4.45 KB
/
handler_auth_test.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
package main_test
//lint:file-ignore SA5011 possible nil pointer dereference
import (
"net/http"
"net/http/httptest"
main "piot-server"
"strings"
"testing"
"github.com/op/go-logging"
"go.mongodb.org/mongo-driver/bson/primitive"
"go.mongodb.org/mongo-driver/mongo"
)
type mockHandlerCall struct {
Request *http.Request
}
type mockHandler struct {
Log *logging.Logger
Calls []mockHandlerCall
}
func getMockHandler(logger *logging.Logger) *mockHandler {
h := &mockHandler{}
h.Log = logger
return h
}
func (h *mockHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
h.Log.Debugf("Mock handler called")
h.Calls = append(h.Calls, mockHandlerCall{r})
}
func getAuthHandler(t *testing.T, db *mongo.Database, h http.Handler) *main.AuthHandler {
log := GetLogger(t)
cfg := GetConfig()
users := GetUsers(t, log, db)
return main.NewAuthHandler(log, cfg, users, h)
}
// Missing and invalid authorization data
func TestAuthNoCredentials(t *testing.T) {
log := GetLogger(t)
db := GetDb(t)
// request without headers
req, err := http.NewRequest("POST", "/", strings.NewReader(""))
Ok(t, err)
rr := httptest.NewRecorder()
handler := getAuthHandler(t, db, getMockHandler(log))
handler.ServeHTTP(rr, req)
CheckStatusCode(t, rr, 401)
// request with invalid authorization header
req, err = http.NewRequest("POST", "/", strings.NewReader(""))
req.Header.Add("Auhthorization", "XXX")
Ok(t, err)
rr = httptest.NewRecorder()
handler = getAuthHandler(t, db, getMockHandler(log))
handler.ServeHTTP(rr, req)
CheckStatusCode(t, rr, 401)
}
// Authenticated valid user
func TestAuthValid(t *testing.T) {
log := GetLogger(t)
db := GetDb(t)
CleanDb(t, db)
userId := CreateUser(t, db, ADMIN_EMAIL, ADMIN_PASSWORD)
orgId := CreateOrg(t, db, "Org")
AddOrgUser(t, db, orgId, userId)
token := LoginUser(t, log, db, ADMIN_EMAIL, ADMIN_PASSWORD, http.StatusOK)
// send some request and let handler to initiate user profile section of
// context associated with request
req, err := http.NewRequest("POST", "/", strings.NewReader(""))
req.Header.Add("Authorization", "Bearer "+token)
Ok(t, err)
rr := httptest.NewRecorder()
mh := getMockHandler(log)
handler := getAuthHandler(t, db, mh)
handler.ServeHTTP(rr, req)
CheckStatusCode(t, rr, 200)
// check if child handler was called
Equals(t, 1, len(mh.Calls))
// get context associated with child request
ctx := mh.Calls[0].Request.Context()
// verify that context contains user profile
profile := ctx.Value("profile").(*main.UserProfile)
Assert(t, profile != nil, "User profile not initialized")
Equals(t, profile.Email, ADMIN_EMAIL)
Equals(t, profile.IsAdmin, false)
Equals(t, profile.OrgId, orgId)
Equals(t, 1, len(profile.OrgIds))
}
// Authentication of valid user without any org assigned (corner scenario)
// This test verifies correct behavior of server in corner conditions:
// - user entry exists
// - no orgs exist
// it was important to test this scenario since it can happen that
// fresh system (that is often created during tests) doesn't have
// any org created and system was getting into panic before bugfix related
// to "auto assignment roles inside auth handler" block
func TestAuthNoOrgs(t *testing.T) {
log := GetLogger(t)
db := GetDb(t)
CleanDb(t, db)
CreateUser(t, db, ADMIN_EMAIL, ADMIN_PASSWORD)
token := LoginUser(t, log, db, ADMIN_EMAIL, ADMIN_PASSWORD, http.StatusOK)
// send some request and let handler to initiate user profile section of
// context associated with request
req, err := http.NewRequest("POST", "/", strings.NewReader(""))
req.Header.Add("Authorization", "Bearer "+token)
Ok(t, err)
rr := httptest.NewRecorder()
mh := getMockHandler(log)
handler := getAuthHandler(t, db, mh)
handler.ServeHTTP(rr, req)
CheckStatusCode(t, rr, 200)
// check if child handler was called
Equals(t, 1, len(mh.Calls))
// get context associated with child request
ctx := mh.Calls[0].Request.Context()
// verify that context contains user profile
profile := ctx.Value("profile").(*main.UserProfile)
Assert(t, profile != nil, "User profile not initialized")
//lint:ignore SA5011 possible nil pointer dereference
Equals(t, profile.Email, ADMIN_EMAIL)
//lint:ignore SA5011 possible nil pointer dereference
//lint:ignore SA5011 possible nil pointer dereference
Equals(t, profile.IsAdmin, false)
//lint:ignore SA5011 possible nil pointer dereference
Equals(t, profile.OrgId, primitive.NilObjectID)
//lint:ignore SA5011 possible nil pointer dereference
Equals(t, 0, len(profile.OrgIds))
}