Adds middleware testing methods

Adds test for token encode/decode
Adds error store test for missing store
2021-01-25 13:33:52 -06:00 · 2021-01-25 12:51:19 -06:00 · 2021-01-25 12:30:38 -06:00
4 changed files with 230 additions and 6 deletions
--- a/store/errorStore_test.go
+++ b/store/errorStore_test.go
@@ -1,6 +1,7 @@
 package store_test

 import (
+	"fmt"
 	"gitea.deepak.science/deepak/gogmagog/models"
 	"gitea.deepak.science/deepak/gogmagog/store"
 	"github.com/stretchr/testify/assert"
@@ -11,11 +12,14 @@ func TestErrorActionMethods(t *testing.T) {
 	assert := assert.New(t)
 	str := store.GetErrorStore("error message sample", true)
 	str2 := store.GetErrorStore("error message sample", false)
+	str3 := store.GetErrorStoreForError(fmt.Errorf("test error"), false)

 	_, err := str.InsertAction(&models.Action{})
 	assert.NotNil(err)
 	_, err = str2.InsertAction(&models.Action{})
 	assert.Nil(err)
+	_, err = str3.InsertAction(&models.Action{})
+	assert.Nil(err)

 	_, err = str.SelectActionByID(8)
 	assert.NotNil(err)
--- a/tokens/middleware_http_test.go
+++ b/tokens/middleware_http_test.go
@@ -0,0 +1,78 @@
+package tokens_test
+
+import (
+	"gitea.deepak.science/deepak/gogmagog/models"
+	"gitea.deepak.science/deepak/gogmagog/tokens"
+	"github.com/stretchr/testify/assert"
+	"net/http"
+	"net/http/httptest"
+	"testing"
+)
+
+var middlewareURL string = "/"
+
+func mwRequestAuth(header string) *http.Request {
+	req, _ := http.NewRequest("GET", middlewareURL, nil)
+	req.Header.Add(authKey, header)
+
+	return req
+}
+
+func verifyingHandler(t *testing.T, username string, userID int) http.Handler {
+	assert := assert.New(t)
+	toker := tokens.New("secret")
+	dummyHandler := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		ctx := r.Context()
+		receivedID, _ := tokens.GetUserID(ctx)
+		receivedUsername, _ := tokens.GetUsername(ctx)
+		assert.EqualValues(userID, receivedID)
+		assert.Equal(username, receivedUsername)
+	})
+	return toker.Authenticator(dummyHandler)
+}
+
+func TestMiddlewareNoToken(t *testing.T) {
+	assert := assert.New(t)
+
+	req := httptest.NewRequest(http.MethodGet, middlewareURL, nil)
+	rr := httptest.NewRecorder()
+
+	middlewareHandler := verifyingHandler(t, "", 0)
+	middlewareHandler.ServeHTTP(rr, req)
+
+	status := rr.Code
+	assert.Equal(http.StatusUnauthorized, status)
+}
+
+func TestMiddlewareBadToken(t *testing.T) {
+	assert := assert.New(t)
+
+	req := mwRequestAuth("Bearer bad")
+	rr := httptest.NewRecorder()
+
+	middlewareHandler := verifyingHandler(t, "", 0)
+	middlewareHandler.ServeHTTP(rr, req)
+
+	status := rr.Code
+	assert.Equal(http.StatusUnauthorized, status)
+}
+
+func TestMiddlewareGoodToken(t *testing.T) {
+	assert := assert.New(t)
+
+	idToUse := 3
+	username := "username"
+	displayName := "display name"
+	user := &models.UserNoPassword{UserID: int64(idToUse), Username: username, DisplayName: displayName}
+
+	toker := tokens.New("secret")
+	validToken := toker.EncodeUser(user)
+	req := mwRequestAuth("Bearer " + validToken)
+	rr := httptest.NewRecorder()
+
+	middlewareHandler := verifyingHandler(t, username, idToUse)
+	middlewareHandler.ServeHTTP(rr, req)
+
+	status := rr.Code
+	assert.Equal(http.StatusOK, status)
+}
--- a/tokens/tokens.go
+++ b/tokens/tokens.go
@@ -51,9 +51,10 @@ func (tok *jwtToker) DecodeTokenString(tokenString string) (*UserToken, error) {
 		return nil, fmt.Errorf("Error decoding token")
 	}

-	if token == nil {
-		return nil, fmt.Errorf("Token was nil")
-	}
+	// Should never happen, remove soon.
+	// if token == nil {
+	// 	return nil, fmt.Errorf("Token was nil")
+	// }

 	err = jwt.Validate(
 		token,
--- a/tokens/tokens_test.go
+++ b/tokens/tokens_test.go
@@ -3,22 +3,163 @@ package tokens_test
 import (
 	"gitea.deepak.science/deepak/gogmagog/models"
 	"gitea.deepak.science/deepak/gogmagog/tokens"
+	"github.com/go-chi/jwtauth"
 	"github.com/stretchr/testify/assert"
 	"testing"
+	"time"
 )

 func TestBasic(t *testing.T) {
 	assert := assert.New(t)
 	toker := tokens.New("secret")
+	idToUse := int64(3)
+	usernameToUse := "test"
 	usr := &models.UserNoPassword{
-		UserID:      3,
-		Username:    "test",
+		UserID:      idToUse,
+		Username:    usernameToUse,
 		DisplayName: "Ted Est III",
 	}
 	token := toker.EncodeUser(usr)

-	_, err := toker.DecodeTokenString(token)
+	userToken, err := toker.DecodeTokenString(token)
 	assert.Nil(err)
+	assert.Equal(usernameToUse, userToken.Username)
+	assert.Equal(idToUse, userToken.ID)
 	_, err = tokens.New("bad secret").DecodeTokenString(token)
 	assert.NotNil(err)
 }
+
+func getTokenString(claims map[string]interface{}) string {
+	auth := jwtauth.New("HS256", []byte("secret"), nil)
+
+	jwtauth.SetIssuedNow(claims)
+	jwtauth.SetExpiryIn(claims, 2*time.Hour)
+	_, tokenString, _ := auth.Encode(claims)
+
+	return tokenString
+}
+
+func TestDecodeBadIssuer(t *testing.T) {
+	assert := assert.New(t)
+	toker := tokens.New("secret")
+
+	idToUse := 3
+	username := "test"
+	gog := "gogmagog.deepak.science"
+
+	claims := map[string]interface{}{
+		"user_id":      int64(idToUse),
+		"username":     username,
+		"display_name": "display_name",
+		"iss":          gog,
+		"aud":          "bad",
+	}
+
+	token := getTokenString(claims)
+	_, err := toker.DecodeTokenString(token)
+	assert.NotNil(err)
+
+}
+
+func TestDecodeBadAudience(t *testing.T) {
+	assert := assert.New(t)
+	toker := tokens.New("secret")
+
+	idToUse := 3
+	username := "test"
+	gog := "gogmagog.deepak.science"
+
+	claims := map[string]interface{}{
+		"user_id":      int64(idToUse),
+		"username":     username,
+		"display_name": "display_name",
+		"iss":          "bad",
+		"aud":          gog,
+	}
+
+	token := getTokenString(claims)
+	_, err := toker.DecodeTokenString(token)
+	assert.NotNil(err)
+
+}
+
+func TestDecodeMissingUserID(t *testing.T) {
+	assert := assert.New(t)
+	toker := tokens.New("secret")
+
+	username := "test"
+	gog := "gogmagog.deepak.science"
+
+	claims := map[string]interface{}{
+		"username":     username,
+		"display_name": "display_name",
+		"iss":          gog,
+		"aud":          gog,
+	}
+
+	token := getTokenString(claims)
+	_, err := toker.DecodeTokenString(token)
+	assert.NotNil(err)
+
+}
+
+func TestDecodeBadUserID(t *testing.T) {
+	assert := assert.New(t)
+	toker := tokens.New("secret")
+
+	username := "test"
+	gog := "gogmagog.deepak.science"
+
+	claims := map[string]interface{}{
+		"username":     username,
+		"user_id":      "id",
+		"display_name": "display_name",
+		"iss":          gog,
+		"aud":          gog,
+	}
+
+	token := getTokenString(claims)
+	_, err := toker.DecodeTokenString(token)
+	assert.NotNil(err)
+
+}
+
+func TestDecodeMissingUsername(t *testing.T) {
+	assert := assert.New(t)
+	toker := tokens.New("secret")
+
+	idToUse := 3
+	gog := "gogmagog.deepak.science"
+
+	claims := map[string]interface{}{
+		"user_id":      int64(idToUse),
+		"display_name": "display_name",
+		"iss":          gog,
+		"aud":          gog,
+	}
+
+	token := getTokenString(claims)
+	_, err := toker.DecodeTokenString(token)
+	assert.NotNil(err)
+
+}
+
+func TestDecodeBadUsername(t *testing.T) {
+	assert := assert.New(t)
+	toker := tokens.New("secret")
+
+	gog := "gogmagog.deepak.science"
+
+	claims := map[string]interface{}{
+		"username":     5,
+		"user_id":      3,
+		"display_name": "display_name",
+		"iss":          gog,
+		"aud":          gog,
+	}
+
+	token := getTokenString(claims)
+	_, err := toker.DecodeTokenString(token)
+	assert.NotNil(err)
+
+}
Author	SHA1	Message	Date
Deepak	c28939d2b8	Adds middleware testing methods All checks were successful gitea-deepak/gogmagog/pipeline/head This commit looks good Details	2021-01-25 13:33:52 -06:00
Deepak	cfe5d89b22	Adds test for token encode/decode	2021-01-25 12:51:19 -06:00
Deepak	f84c9b6ea2	Adds error store test for missing store	2021-01-25 12:30:38 -06:00