Update tests for refreshing jwts

pull/1286/head
Chris Goller 2017-04-14 02:35:30 -05:00
parent 7c048e8135
commit 017b01d384
5 changed files with 44 additions and 28 deletions

View File

@ -22,10 +22,14 @@ func (m *MockTokenizer) ValidPrincipal(ctx context.Context, token Token, duratio
return m.Principal, m.ValidErr
}
func (m *MockTokenizer) Create(ctx context.Context, p Principal, t time.Duration) (Token, error) {
func (m *MockTokenizer) Create(ctx context.Context, p Principal) (Token, error) {
return m.Token, m.CreateErr
}
func (m *MockTokenizer) ExtendPrincipal(ctx context.Context, principal Principal, extension time.Duration) (Principal, error) {
return principal, nil
}
func TestCookieAuthorize(t *testing.T) {
var test = []struct {
Desc string
@ -48,7 +52,7 @@ func TestCookieAuthorize(t *testing.T) {
}
for _, test := range test {
cook := cookie{
Duration: 1 * time.Second,
Lifespan: 1 * time.Second,
Now: func() time.Time {
return time.Unix(0, 0)
},
@ -121,8 +125,9 @@ func TestCookieValidate(t *testing.T) {
})
cook := cookie{
Name: test.Lookup,
Duration: 1 * time.Second,
Name: test.Lookup,
Lifespan: 1 * time.Second,
Inactivity: DefaultInactivityDuration,
Now: func() time.Time {
return time.Unix(0, 0)
},
@ -133,7 +138,8 @@ func TestCookieValidate(t *testing.T) {
ValidErr: test.ValidErr,
},
}
principal, err := cook.Validate(context.Background(), req)
w := httptest.NewRecorder()
principal, err := cook.Validate(context.Background(), w, req)
if err != test.Err {
t.Errorf("Cookie extract error; expected %v actual %v", test.Err, err)
}

View File

@ -10,6 +10,7 @@ import (
)
func TestAuthenticate(t *testing.T) {
history := time.Unix(-446774400, 0)
var tests = []struct {
Desc string
Secret string
@ -33,7 +34,9 @@ func TestAuthenticate(t *testing.T) {
Token: "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIvY2hyb25vZ3JhZi92MS91c2Vycy8xIiwibmFtZSI6IkRvYyBCcm93biIsImlhdCI6LTQ0Njc3NDQwMCwiZXhwIjotNDQ2Nzc0Mzk5LCJuYmYiOi00NDY3NzQ0MDB9.Ga0zGXWTT2CBVnnIhIO5tUAuBEVk4bKPaT4t4MU1ngo",
Duration: time.Second,
Principal: oauth2.Principal{
Subject: "/chronograf/v1/users/1",
Subject: "/chronograf/v1/users/1",
ExpiresAt: history.Add(time.Second),
IssuedAt: history,
},
},
{
@ -42,7 +45,9 @@ func TestAuthenticate(t *testing.T) {
Token: "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIvY2hyb25vZ3JhZi92MS91c2Vycy8xIiwibmFtZSI6IkRvYyBCcm93biIsImlhdCI6LTQ0Njc3NDQwMCwiZXhwIjotNDQ2Nzc0NDAxLCJuYmYiOi00NDY3NzQ0MDB9.vWXdm0-XQ_pW62yBpSISFFJN_yz0vqT9_INcUKTp5Q8",
Duration: time.Second,
Principal: oauth2.Principal{
Subject: "",
Subject: "",
ExpiresAt: history.Add(time.Second),
IssuedAt: history,
},
Err: errors.New("token is expired by 1s"),
},
@ -52,7 +57,9 @@ func TestAuthenticate(t *testing.T) {
Token: "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIvY2hyb25vZ3JhZi92MS91c2Vycy8xIiwibmFtZSI6IkRvYyBCcm93biIsImlhdCI6LTQ0Njc3NDQwMCwiZXhwIjotNDQ2Nzc0NDAwLCJuYmYiOi00NDY3NzQzOTl9.TMGAhv57u1aosjc4ywKC7cElP1tKyQH7GmRF2ToAxlE",
Duration: time.Second,
Principal: oauth2.Principal{
Subject: "",
Subject: "",
ExpiresAt: history.Add(time.Second),
IssuedAt: history,
},
Err: errors.New("token is not valid yet"),
},
@ -62,7 +69,9 @@ func TestAuthenticate(t *testing.T) {
Token: "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpYXQiOi00NDY3NzQ0MDAsImV4cCI6LTQ0Njc3NDQwMCwibmJmIjotNDQ2Nzc0NDAwfQ.gxsA6_Ei3s0f2I1TAtrrb8FmGiO25OqVlktlF_ylhX4",
Duration: time.Second,
Principal: oauth2.Principal{
Subject: "",
Subject: "",
ExpiresAt: history.Add(time.Second),
IssuedAt: history,
},
Err: errors.New("claim has no subject"),
},
@ -72,18 +81,12 @@ func TestAuthenticate(t *testing.T) {
Token: "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIvY2hyb25vZ3JhZi92MS91c2Vycy8xIiwibmFtZSI6IkRvYyBCcm93biIsImlhdCI6LTQ0Njc3NDQwMCwiZXhwIjotNDQ2Nzc0NDAwLCJuYmYiOi00NDY3NzQ0MDB9._rZ4gOIei9PizHOABH6kLcJTA3jm8ls0YnDxtz1qeUI",
Duration: 500 * time.Hour,
Principal: oauth2.Principal{
Subject: "/chronograf/v1/users/1",
Subject: "/chronograf/v1/users/1",
ExpiresAt: history,
IssuedAt: history,
},
Err: errors.New("claims duration is different from auth duration"),
},
{
Desc: "Test valid EverlastingClaim",
Secret: "secret",
Token: "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIvY2hyb25vZ3JhZi92MS91c2Vycy8xIiwibmFtZSI6IkRvYyBCcm93biIsImlhdCI6LTQ0Njc3NDQwMCwiZXhwIjotNDQ2Nzc0Mzk5LCJuYmYiOi00NDY3NzQ0MDB9.Ga0zGXWTT2CBVnnIhIO5tUAuBEVk4bKPaT4t4MU1ngo",
Principal: oauth2.Principal{
Subject: "/chronograf/v1/users/1",
},
},
}
for _, test := range tests {
j := oauth2.JWT{
@ -107,18 +110,20 @@ func TestAuthenticate(t *testing.T) {
}
func TestToken(t *testing.T) {
duration := time.Second
expected := oauth2.Token("eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOi00NDY3NzQzOTksImlhdCI6LTQ0Njc3NDQwMCwibmJmIjotNDQ2Nzc0NDAwLCJzdWIiOiIvY2hyb25vZ3JhZi92MS91c2Vycy8xIn0.ofQM6yTmrmve5JeEE0RcK4_euLXuZ_rdh6bLAbtbC9M")
history := time.Unix(-446774400, 0)
j := oauth2.JWT{
Secret: "secret",
Now: func() time.Time {
return time.Unix(-446774400, 0)
return history
},
}
p := oauth2.Principal{
Subject: "/chronograf/v1/users/1",
Subject: "/chronograf/v1/users/1",
ExpiresAt: history.Add(time.Second),
IssuedAt: history,
}
if token, err := j.Create(context.Background(), p, duration); err != nil {
if token, err := j.Create(context.Background(), p); err != nil {
t.Errorf("Error creating token for principal: %v", err)
} else if token != expected {
t.Errorf("Error creating token; expected: %s actual: %s", expected, token)

View File

@ -30,10 +30,11 @@ func setupMuxTest(selector func(*AuthMux) http.Handler) (*http.Client, *httptest
mp := &MockProvider{"biff@example.com", provider.URL}
mt := &YesManTokenizer{}
auth := &cookie{
Name: DefaultCookieName,
Duration: 1 * time.Hour,
Now: now,
Tokens: mt,
Name: DefaultCookieName,
Lifespan: 1 * time.Hour,
Inactivity: DefaultInactivityDuration,
Now: now,
Tokens: mt,
}
jm := NewAuthMux(mp, auth, mt, clog.New(clog.ParseLevel("debug")))

View File

@ -63,10 +63,14 @@ func (y *YesManTokenizer) ValidPrincipal(ctx context.Context, token Token, durat
}, nil
}
func (y *YesManTokenizer) Create(ctx context.Context, p Principal, t time.Duration) (Token, error) {
func (y *YesManTokenizer) Create(ctx context.Context, p Principal) (Token, error) {
return Token("HELLO?!MCFLY?!ANYONEINTHERE?!"), nil
}
func (y *YesManTokenizer) ExtendPrincipal(ctx context.Context, p Principal, ext time.Duration) (Principal, error) {
return p, nil
}
func NewTestTripper(log chronograf.Logger, ts *httptest.Server, rt http.RoundTripper) (*TestTripper, error) {
url, err := url.Parse(ts.URL)
if err != nil {

View File

@ -18,7 +18,7 @@ type MockAuthenticator struct {
Serialized string
}
func (m *MockAuthenticator) Validate(context.Context, *http.Request) (oauth2.Principal, error) {
func (m *MockAuthenticator) Validate(context.Context, http.ResponseWriter, *http.Request) (oauth2.Principal, error) {
return m.Principal, m.ValidateErr
}
func (m *MockAuthenticator) Authorize(ctx context.Context, w http.ResponseWriter, p oauth2.Principal) error {