mirror of
https://github.com/yusing/godoxy.git
synced 2025-05-20 20:52:33 +02:00
116 lines
2.6 KiB
Go
116 lines
2.6 KiB
Go
package auth
|
|
|
|
import (
|
|
"bytes"
|
|
"io"
|
|
"net/http"
|
|
"net/http/httptest"
|
|
"testing"
|
|
"time"
|
|
|
|
"github.com/yusing/go-proxy/pkg/json"
|
|
|
|
expect "github.com/yusing/go-proxy/internal/utils/testing"
|
|
"golang.org/x/crypto/bcrypt"
|
|
)
|
|
|
|
func newMockUserPassAuth() *UserPassAuth {
|
|
return &UserPassAuth{
|
|
username: "username",
|
|
pwdHash: expect.Must(bcrypt.GenerateFromPassword([]byte("password"), bcrypt.DefaultCost)),
|
|
secret: []byte("abcdefghijklmnopqrstuvwxyz"),
|
|
tokenTTL: time.Hour,
|
|
}
|
|
}
|
|
|
|
func TestUserPassValidateCredentials(t *testing.T) {
|
|
auth := newMockUserPassAuth()
|
|
err := auth.validatePassword("username", "password")
|
|
expect.NoError(t, err)
|
|
err = auth.validatePassword("username", "wrong-password")
|
|
expect.ErrorIs(t, ErrInvalidPassword, err)
|
|
err = auth.validatePassword("wrong-username", "password")
|
|
expect.ErrorIs(t, ErrInvalidUsername, err)
|
|
}
|
|
|
|
func TestUserPassCheckToken(t *testing.T) {
|
|
auth := newMockUserPassAuth()
|
|
token, err := auth.NewToken()
|
|
expect.NoError(t, err)
|
|
tests := []struct {
|
|
token string
|
|
wantErr bool
|
|
}{
|
|
{
|
|
token: token,
|
|
wantErr: false,
|
|
},
|
|
{
|
|
token: "invalid-token",
|
|
wantErr: true,
|
|
},
|
|
{
|
|
token: "",
|
|
wantErr: true,
|
|
},
|
|
}
|
|
for _, tt := range tests {
|
|
req := &http.Request{Header: http.Header{}}
|
|
if tt.token != "" {
|
|
req.Header.Set("Cookie", auth.TokenCookieName()+"="+tt.token)
|
|
}
|
|
err = auth.CheckToken(req)
|
|
if tt.wantErr {
|
|
expect.True(t, err != nil)
|
|
} else {
|
|
expect.NoError(t, err)
|
|
}
|
|
}
|
|
}
|
|
|
|
func TestUserPassLoginCallbackHandler(t *testing.T) {
|
|
type cred struct {
|
|
User string `json:"username"`
|
|
Pass string `json:"password"`
|
|
}
|
|
auth := newMockUserPassAuth()
|
|
tests := []struct {
|
|
creds cred
|
|
wantErr bool
|
|
}{
|
|
{
|
|
creds: cred{
|
|
User: "username",
|
|
Pass: "password",
|
|
},
|
|
wantErr: false,
|
|
},
|
|
{
|
|
creds: cred{
|
|
User: "username",
|
|
Pass: "wrong-password",
|
|
},
|
|
wantErr: true,
|
|
},
|
|
}
|
|
for _, tt := range tests {
|
|
w := httptest.NewRecorder()
|
|
req := &http.Request{
|
|
Host: "app.example.com",
|
|
Body: io.NopCloser(bytes.NewReader(expect.Must(json.Marshal(tt.creds)))),
|
|
}
|
|
auth.LoginCallbackHandler(w, req)
|
|
if tt.wantErr {
|
|
expect.Equal(t, w.Code, http.StatusUnauthorized)
|
|
} else {
|
|
setCookie := expect.Must(http.ParseSetCookie(w.Header().Get("Set-Cookie")))
|
|
expect.True(t, setCookie.Name == auth.TokenCookieName())
|
|
expect.True(t, setCookie.Value != "")
|
|
expect.Equal(t, setCookie.Domain, "example.com")
|
|
expect.Equal(t, setCookie.Path, "/")
|
|
expect.Equal(t, setCookie.SameSite, http.SameSiteLaxMode)
|
|
expect.Equal(t, setCookie.HttpOnly, true)
|
|
expect.Equal(t, w.Code, http.StatusOK)
|
|
}
|
|
}
|
|
}
|