Update tests for refreshing jwts

oauth2/cookies_test.go

@@ -22,10 +22,14 @@ func (m *MockTokenizer) ValidPrincipal(ctx context.Context, token Token, duratio
 	return m.Principal, m.ValidErr
 }
 
-func (m *MockTokenizer) Create(ctx context.Context, p Principal, t time.Duration) (Token, error) {
+func (m *MockTokenizer) Create(ctx context.Context, p Principal) (Token, error) {
 	return m.Token, m.CreateErr
 }
 
+func (m *MockTokenizer) ExtendPrincipal(ctx context.Context, principal Principal, extension time.Duration) (Principal, error) {
+	return principal, nil
+}
+
 func TestCookieAuthorize(t *testing.T) {
 	var test = []struct {
 		Desc      string
@@ -48,7 +52,7 @@ func TestCookieAuthorize(t *testing.T) {
 	}
 	for _, test := range test {
 		cook := cookie{
-			Duration: 1 * time.Second,
+			Lifespan: 1 * time.Second,
 			Now: func() time.Time {
 				return time.Unix(0, 0)
 			},
@@ -122,7 +126,8 @@ func TestCookieValidate(t *testing.T) {
 
 		cook := cookie{
 			Name:       test.Lookup,
-			Duration: 1 * time.Second,
+			Lifespan:   1 * time.Second,
+			Inactivity: DefaultInactivityDuration,
 			Now: func() time.Time {
 				return time.Unix(0, 0)
 			},
@@ -133,7 +138,8 @@ func TestCookieValidate(t *testing.T) {
 				ValidErr: test.ValidErr,
 			},
 		}
-		principal, err := cook.Validate(context.Background(), req)
+		w := httptest.NewRecorder()
+		principal, err := cook.Validate(context.Background(), w, req)
 		if err != test.Err {
 			t.Errorf("Cookie extract error; expected %v  actual %v", test.Err, err)
 		}

oauth2/jwt_test.go

@@ -10,6 +10,7 @@ import (
 )
 
 func TestAuthenticate(t *testing.T) {
+	history := time.Unix(-446774400, 0)
 	var tests = []struct {
 		Desc      string
 		Secret    string
@@ -34,6 +35,8 @@ func TestAuthenticate(t *testing.T) {
 			Duration: time.Second,
 			Principal: oauth2.Principal{
 				Subject:   "/chronograf/v1/users/1",
+				ExpiresAt: history.Add(time.Second),
+				IssuedAt:  history,
 			},
 		},
 		{
@@ -43,6 +46,8 @@ func TestAuthenticate(t *testing.T) {
 			Duration: time.Second,
 			Principal: oauth2.Principal{
 				Subject:   "",
+				ExpiresAt: history.Add(time.Second),
+				IssuedAt:  history,
 			},
 			Err: errors.New("token is expired by 1s"),
 		},
@@ -53,6 +58,8 @@ func TestAuthenticate(t *testing.T) {
 			Duration: time.Second,
 			Principal: oauth2.Principal{
 				Subject:   "",
+				ExpiresAt: history.Add(time.Second),
+				IssuedAt:  history,
 			},
 			Err: errors.New("token is not valid yet"),
 		},
@@ -63,6 +70,8 @@ func TestAuthenticate(t *testing.T) {
 			Duration: time.Second,
 			Principal: oauth2.Principal{
 				Subject:   "",
+				ExpiresAt: history.Add(time.Second),
+				IssuedAt:  history,
 			},
 			Err: errors.New("claim has no subject"),
 		},
@@ -73,17 +82,11 @@ func TestAuthenticate(t *testing.T) {
 			Duration: 500 * time.Hour,
 			Principal: oauth2.Principal{
 				Subject:   "/chronograf/v1/users/1",
+				ExpiresAt: history,
+				IssuedAt:  history,
 			},
 			Err: errors.New("claims duration is different from auth duration"),
 		},
-		{
-			Desc:   "Test valid EverlastingClaim",
-			Secret: "secret",
-			Token:  "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIvY2hyb25vZ3JhZi92MS91c2Vycy8xIiwibmFtZSI6IkRvYyBCcm93biIsImlhdCI6LTQ0Njc3NDQwMCwiZXhwIjotNDQ2Nzc0Mzk5LCJuYmYiOi00NDY3NzQ0MDB9.Ga0zGXWTT2CBVnnIhIO5tUAuBEVk4bKPaT4t4MU1ngo",
-			Principal: oauth2.Principal{
-				Subject: "/chronograf/v1/users/1",
-			},
-		},
 	}
 	for _, test := range tests {
 		j := oauth2.JWT{
@@ -107,18 +110,20 @@ func TestAuthenticate(t *testing.T) {
 }
 
 func TestToken(t *testing.T) {
-	duration := time.Second
 	expected := oauth2.Token("eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOi00NDY3NzQzOTksImlhdCI6LTQ0Njc3NDQwMCwibmJmIjotNDQ2Nzc0NDAwLCJzdWIiOiIvY2hyb25vZ3JhZi92MS91c2Vycy8xIn0.ofQM6yTmrmve5JeEE0RcK4_euLXuZ_rdh6bLAbtbC9M")
+	history := time.Unix(-446774400, 0)
 	j := oauth2.JWT{
 		Secret: "secret",
 		Now: func() time.Time {
-			return time.Unix(-446774400, 0)
+			return history
 		},
 	}
 	p := oauth2.Principal{
 		Subject:   "/chronograf/v1/users/1",
+		ExpiresAt: history.Add(time.Second),
+		IssuedAt:  history,
 	}
-	if token, err := j.Create(context.Background(), p, duration); err != nil {
+	if token, err := j.Create(context.Background(), p); err != nil {
 		t.Errorf("Error creating token for principal: %v", err)
 	} else if token != expected {
 		t.Errorf("Error creating token; expected: %s  actual: %s", expected, token)

oauth2/mux_test.go

@@ -31,7 +31,8 @@ func setupMuxTest(selector func(*AuthMux) http.Handler) (*http.Client, *httptest
 	mt := &YesManTokenizer{}
 	auth := &cookie{
 		Name:       DefaultCookieName,
-		Duration: 1 * time.Hour,
+		Lifespan:   1 * time.Hour,
+		Inactivity: DefaultInactivityDuration,
 		Now:        now,
 		Tokens:     mt,
 	}

oauth2/oauth2_test.go

@@ -63,10 +63,14 @@ func (y *YesManTokenizer) ValidPrincipal(ctx context.Context, token Token, durat
 	}, nil
 }
 
-func (y *YesManTokenizer) Create(ctx context.Context, p Principal, t time.Duration) (Token, error) {
+func (y *YesManTokenizer) Create(ctx context.Context, p Principal) (Token, error) {
 	return Token("HELLO?!MCFLY?!ANYONEINTHERE?!"), nil
 }
 
+func (y *YesManTokenizer) ExtendPrincipal(ctx context.Context, p Principal, ext time.Duration) (Principal, error) {
+	return p, nil
+}
+
 func NewTestTripper(log chronograf.Logger, ts *httptest.Server, rt http.RoundTripper) (*TestTripper, error) {
 	url, err := url.Parse(ts.URL)
 	if err != nil {

server/auth_test.go

@@ -18,7 +18,7 @@ type MockAuthenticator struct {
 	Serialized  string
 }
 
-func (m *MockAuthenticator) Validate(context.Context, *http.Request) (oauth2.Principal, error) {
+func (m *MockAuthenticator) Validate(context.Context, http.ResponseWriter, *http.Request) (oauth2.Principal, error) {
 	return m.Principal, m.ValidateErr
 }
 func (m *MockAuthenticator) Authorize(ctx context.Context, w http.ResponseWriter, p oauth2.Principal) error {