From 017b01d3848ebbf6459242bcdcaa764362b883f9 Mon Sep 17 00:00:00 2001
From: Chris Goller <goller@gmail.com>
Date: Fri, 14 Apr 2017 02:35:30 -0500
Subject: [PATCH] Update tests for refreshing jwts

---
 oauth2/cookies_test.go | 16 +++++++++++-----
 oauth2/jwt_test.go     | 39 ++++++++++++++++++++++-----------------
 oauth2/mux_test.go     |  9 +++++----
 oauth2/oauth2_test.go  |  6 +++++-
 server/auth_test.go    |  2 +-
 5 files changed, 44 insertions(+), 28 deletions(-)

diff --git a/oauth2/cookies_test.go b/oauth2/cookies_test.go
index e2303aafa..3803b3366 100644
--- a/oauth2/cookies_test.go
+++ b/oauth2/cookies_test.go
@@ -22,10 +22,14 @@ func (m *MockTokenizer) ValidPrincipal(ctx context.Context, token Token, duratio
 	return m.Principal, m.ValidErr
 }
 
-func (m *MockTokenizer) Create(ctx context.Context, p Principal, t time.Duration) (Token, error) {
+func (m *MockTokenizer) Create(ctx context.Context, p Principal) (Token, error) {
 	return m.Token, m.CreateErr
 }
 
+func (m *MockTokenizer) ExtendPrincipal(ctx context.Context, principal Principal, extension time.Duration) (Principal, error) {
+	return principal, nil
+}
+
 func TestCookieAuthorize(t *testing.T) {
 	var test = []struct {
 		Desc      string
@@ -48,7 +52,7 @@ func TestCookieAuthorize(t *testing.T) {
 	}
 	for _, test := range test {
 		cook := cookie{
-			Duration: 1 * time.Second,
+			Lifespan: 1 * time.Second,
 			Now: func() time.Time {
 				return time.Unix(0, 0)
 			},
@@ -121,8 +125,9 @@ func TestCookieValidate(t *testing.T) {
 		})
 
 		cook := cookie{
-			Name:     test.Lookup,
-			Duration: 1 * time.Second,
+			Name:       test.Lookup,
+			Lifespan:   1 * time.Second,
+			Inactivity: DefaultInactivityDuration,
 			Now: func() time.Time {
 				return time.Unix(0, 0)
 			},
@@ -133,7 +138,8 @@ func TestCookieValidate(t *testing.T) {
 				ValidErr: test.ValidErr,
 			},
 		}
-		principal, err := cook.Validate(context.Background(), req)
+		w := httptest.NewRecorder()
+		principal, err := cook.Validate(context.Background(), w, req)
 		if err != test.Err {
 			t.Errorf("Cookie extract error; expected %v  actual %v", test.Err, err)
 		}
diff --git a/oauth2/jwt_test.go b/oauth2/jwt_test.go
index 987b06532..b85dfb614 100644
--- a/oauth2/jwt_test.go
+++ b/oauth2/jwt_test.go
@@ -10,6 +10,7 @@ import (
 )
 
 func TestAuthenticate(t *testing.T) {
+	history := time.Unix(-446774400, 0)
 	var tests = []struct {
 		Desc      string
 		Secret    string
@@ -33,7 +34,9 @@ func TestAuthenticate(t *testing.T) {
 			Token:    "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIvY2hyb25vZ3JhZi92MS91c2Vycy8xIiwibmFtZSI6IkRvYyBCcm93biIsImlhdCI6LTQ0Njc3NDQwMCwiZXhwIjotNDQ2Nzc0Mzk5LCJuYmYiOi00NDY3NzQ0MDB9.Ga0zGXWTT2CBVnnIhIO5tUAuBEVk4bKPaT4t4MU1ngo",
 			Duration: time.Second,
 			Principal: oauth2.Principal{
-				Subject: "/chronograf/v1/users/1",
+				Subject:   "/chronograf/v1/users/1",
+				ExpiresAt: history.Add(time.Second),
+				IssuedAt:  history,
 			},
 		},
 		{
@@ -42,7 +45,9 @@ func TestAuthenticate(t *testing.T) {
 			Token:    "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIvY2hyb25vZ3JhZi92MS91c2Vycy8xIiwibmFtZSI6IkRvYyBCcm93biIsImlhdCI6LTQ0Njc3NDQwMCwiZXhwIjotNDQ2Nzc0NDAxLCJuYmYiOi00NDY3NzQ0MDB9.vWXdm0-XQ_pW62yBpSISFFJN_yz0vqT9_INcUKTp5Q8",
 			Duration: time.Second,
 			Principal: oauth2.Principal{
-				Subject: "",
+				Subject:   "",
+				ExpiresAt: history.Add(time.Second),
+				IssuedAt:  history,
 			},
 			Err: errors.New("token is expired by 1s"),
 		},
@@ -52,7 +57,9 @@ func TestAuthenticate(t *testing.T) {
 			Token:    "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIvY2hyb25vZ3JhZi92MS91c2Vycy8xIiwibmFtZSI6IkRvYyBCcm93biIsImlhdCI6LTQ0Njc3NDQwMCwiZXhwIjotNDQ2Nzc0NDAwLCJuYmYiOi00NDY3NzQzOTl9.TMGAhv57u1aosjc4ywKC7cElP1tKyQH7GmRF2ToAxlE",
 			Duration: time.Second,
 			Principal: oauth2.Principal{
-				Subject: "",
+				Subject:   "",
+				ExpiresAt: history.Add(time.Second),
+				IssuedAt:  history,
 			},
 			Err: errors.New("token is not valid yet"),
 		},
@@ -62,7 +69,9 @@ func TestAuthenticate(t *testing.T) {
 			Token:    "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpYXQiOi00NDY3NzQ0MDAsImV4cCI6LTQ0Njc3NDQwMCwibmJmIjotNDQ2Nzc0NDAwfQ.gxsA6_Ei3s0f2I1TAtrrb8FmGiO25OqVlktlF_ylhX4",
 			Duration: time.Second,
 			Principal: oauth2.Principal{
-				Subject: "",
+				Subject:   "",
+				ExpiresAt: history.Add(time.Second),
+				IssuedAt:  history,
 			},
 			Err: errors.New("claim has no subject"),
 		},
@@ -72,18 +81,12 @@ func TestAuthenticate(t *testing.T) {
 			Token:    "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIvY2hyb25vZ3JhZi92MS91c2Vycy8xIiwibmFtZSI6IkRvYyBCcm93biIsImlhdCI6LTQ0Njc3NDQwMCwiZXhwIjotNDQ2Nzc0NDAwLCJuYmYiOi00NDY3NzQ0MDB9._rZ4gOIei9PizHOABH6kLcJTA3jm8ls0YnDxtz1qeUI",
 			Duration: 500 * time.Hour,
 			Principal: oauth2.Principal{
-				Subject: "/chronograf/v1/users/1",
+				Subject:   "/chronograf/v1/users/1",
+				ExpiresAt: history,
+				IssuedAt:  history,
 			},
 			Err: errors.New("claims duration is different from auth duration"),
 		},
-		{
-			Desc:   "Test valid EverlastingClaim",
-			Secret: "secret",
-			Token:  "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIvY2hyb25vZ3JhZi92MS91c2Vycy8xIiwibmFtZSI6IkRvYyBCcm93biIsImlhdCI6LTQ0Njc3NDQwMCwiZXhwIjotNDQ2Nzc0Mzk5LCJuYmYiOi00NDY3NzQ0MDB9.Ga0zGXWTT2CBVnnIhIO5tUAuBEVk4bKPaT4t4MU1ngo",
-			Principal: oauth2.Principal{
-				Subject: "/chronograf/v1/users/1",
-			},
-		},
 	}
 	for _, test := range tests {
 		j := oauth2.JWT{
@@ -107,18 +110,20 @@ func TestAuthenticate(t *testing.T) {
 }
 
 func TestToken(t *testing.T) {
-	duration := time.Second
 	expected := oauth2.Token("eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOi00NDY3NzQzOTksImlhdCI6LTQ0Njc3NDQwMCwibmJmIjotNDQ2Nzc0NDAwLCJzdWIiOiIvY2hyb25vZ3JhZi92MS91c2Vycy8xIn0.ofQM6yTmrmve5JeEE0RcK4_euLXuZ_rdh6bLAbtbC9M")
+	history := time.Unix(-446774400, 0)
 	j := oauth2.JWT{
 		Secret: "secret",
 		Now: func() time.Time {
-			return time.Unix(-446774400, 0)
+			return history
 		},
 	}
 	p := oauth2.Principal{
-		Subject: "/chronograf/v1/users/1",
+		Subject:   "/chronograf/v1/users/1",
+		ExpiresAt: history.Add(time.Second),
+		IssuedAt:  history,
 	}
-	if token, err := j.Create(context.Background(), p, duration); err != nil {
+	if token, err := j.Create(context.Background(), p); err != nil {
 		t.Errorf("Error creating token for principal: %v", err)
 	} else if token != expected {
 		t.Errorf("Error creating token; expected: %s  actual: %s", expected, token)
diff --git a/oauth2/mux_test.go b/oauth2/mux_test.go
index acdf81c01..7d4fc41d2 100644
--- a/oauth2/mux_test.go
+++ b/oauth2/mux_test.go
@@ -30,10 +30,11 @@ func setupMuxTest(selector func(*AuthMux) http.Handler) (*http.Client, *httptest
 	mp := &MockProvider{"biff@example.com", provider.URL}
 	mt := &YesManTokenizer{}
 	auth := &cookie{
-		Name:     DefaultCookieName,
-		Duration: 1 * time.Hour,
-		Now:      now,
-		Tokens:   mt,
+		Name:       DefaultCookieName,
+		Lifespan:   1 * time.Hour,
+		Inactivity: DefaultInactivityDuration,
+		Now:        now,
+		Tokens:     mt,
 	}
 
 	jm := NewAuthMux(mp, auth, mt, clog.New(clog.ParseLevel("debug")))
diff --git a/oauth2/oauth2_test.go b/oauth2/oauth2_test.go
index a5bc026cd..9692e5021 100644
--- a/oauth2/oauth2_test.go
+++ b/oauth2/oauth2_test.go
@@ -63,10 +63,14 @@ func (y *YesManTokenizer) ValidPrincipal(ctx context.Context, token Token, durat
 	}, nil
 }
 
-func (y *YesManTokenizer) Create(ctx context.Context, p Principal, t time.Duration) (Token, error) {
+func (y *YesManTokenizer) Create(ctx context.Context, p Principal) (Token, error) {
 	return Token("HELLO?!MCFLY?!ANYONEINTHERE?!"), nil
 }
 
+func (y *YesManTokenizer) ExtendPrincipal(ctx context.Context, p Principal, ext time.Duration) (Principal, error) {
+	return p, nil
+}
+
 func NewTestTripper(log chronograf.Logger, ts *httptest.Server, rt http.RoundTripper) (*TestTripper, error) {
 	url, err := url.Parse(ts.URL)
 	if err != nil {
diff --git a/server/auth_test.go b/server/auth_test.go
index 6dd7336e5..fc15d7f3f 100644
--- a/server/auth_test.go
+++ b/server/auth_test.go
@@ -18,7 +18,7 @@ type MockAuthenticator struct {
 	Serialized  string
 }
 
-func (m *MockAuthenticator) Validate(context.Context, *http.Request) (oauth2.Principal, error) {
+func (m *MockAuthenticator) Validate(context.Context, http.ResponseWriter, *http.Request) (oauth2.Principal, error) {
 	return m.Principal, m.ValidateErr
 }
 func (m *MockAuthenticator) Authorize(ctx context.Context, w http.ResponseWriter, p oauth2.Principal) error {