influxdb/oauth2/oauth2_test.go

package oauth2

import (
	"context"
	"net/http"
	"net/http/httptest"
	"net/url"
	"time"

	goauth "golang.org/x/oauth2"

	"github.com/influxdata/chronograf"
)

var _ Provider = &MockProvider{}

type MockProvider struct {
	Email string

	ProviderURL string
}

func (mp *MockProvider) Config() *goauth.Config {
	return &goauth.Config{
		RedirectURL:  "http://www.example.com",
		ClientID:     "4815162342",
		ClientSecret: "8675309",
		Endpoint: goauth.Endpoint{
			AuthURL:  mp.ProviderURL + "/oauth/auth",
			TokenURL: mp.ProviderURL + "/oauth/token",
		},
	}
}

func (mp *MockProvider) ID() string {
	return "8675309"
}

func (mp *MockProvider) Name() string {
	return "mockly"
}

func (mp *MockProvider) PrincipalID(provider *http.Client) (string, error) {
	return mp.Email, nil
}

func (mp *MockProvider) Scopes() []string {
	return []string{}
}

func (mp *MockProvider) Secret() string {
	return "4815162342"
}

var _ Tokenizer = &YesManTokenizer{}

type YesManTokenizer struct{}

func (y *YesManTokenizer) ValidPrincipal(ctx context.Context, token Token, duration time.Duration) (Principal, error) {
	return Principal{
		Subject: "biff@example.com",
		Issuer:  "Biff Tannen's Pleasure Paradise",
	}, nil
}

func (y *YesManTokenizer) Create(ctx context.Context, p Principal) (Token, error) {
	return Token("HELLO?!MCFLY?!ANYONEINTHERE?!"), nil
}

func (y *YesManTokenizer) ExtendedPrincipal(ctx context.Context, p Principal, ext time.Duration) (Principal, error) {
	return p, nil
}

func NewTestTripper(log chronograf.Logger, ts *httptest.Server, rt http.RoundTripper) (*TestTripper, error) {
	url, err := url.Parse(ts.URL)
	if err != nil {
		return nil, err
	}
	return &TestTripper{log, rt, url}, nil
}

type TestTripper struct {
	Log chronograf.Logger

	rt    http.RoundTripper
	tsURL *url.URL
}

// RoundTrip modifies the Hostname of the incoming request to be directed to the
// test server.
func (tt *TestTripper) RoundTrip(r *http.Request) (*http.Response, error) {
	tt.Log.
		WithField("component", "test").
		WithField("remote_addr", r.RemoteAddr).
		WithField("method", r.Method).
		WithField("url", r.URL).
		Info("Request")

	r.URL.Host = tt.tsURL.Host
	r.URL.Scheme = tt.tsURL.Scheme

	return tt.rt.RoundTrip(r)
}
Add new auth duration CLI option; add client heartbeat; fix logout (#1119) * User can now set oauth cookie session duration via the CLI to any duration or to expire on browser close * Refactor GET 'me' into heartbeat at constant interval * Add ping route to all routes * Add /chronograf/v1/ping endpoint for server status * Refactor cookie generation to use an interface * WIP adding refreshable tokens * Add reminder to review index.js Login error handling * Refactor Authenticator interface to accommodate cookie duration and logout delay * Update make run-dev to be more TICKStack compliant * Remove heartbeat/logout duration from authentication * WIP Refactor tests to accommodate cookie and auth refactor * Update oauth2 tests to newly refactored design * Update oauth provider tests * Remove unused oauth2/consts.go * Move authentication middleware to server package * Fix authentication comment * Update authenication documentation to mention AUTH_DURATION * Update /chronograf/v1/ping to simply return 204 * Fix Makefile run-dev target * Remove spurious ping route * Update auth docs to clarify authentication duration * Revert "Refactor GET 'me' into heartbeat at constant interval" This reverts commit 298a8c47e1431720d9bd97a9cb853744f04501a3. Conflicts: ui/src/index.js * Add auth test for JWT signing method * Add comments for why coverage isn't written for some areas of jwt code * Update auth docs to explicitly mention how to require re-auth for all users on server restart * Add Duration to Validation interface for Tokens * Make auth duration of zero yield a everlasting token * Revert "Revert "Refactor GET 'me' into heartbeat at constant interval"" This reverts commit b4773c15afe4fcd227ad88aa9d5686beb6b0a6cd. * Rename http status constants and add FORBIDDEN * Heartbeat only when logged in, notify user if heartbeat fails * Update changelog * Fix minor word semantics * Update oauth2 tests to be in the oauth2_test package * Add check at compile time that JWT implements Tokenizer * Rename CookieMux to AuthMux for consistency with earlier refactor * Fix logout middleware * Fix logout button not showing due to obsolete data shape expectations * Update changelog * Fix proptypes for logout button data shape in SideNav 2017-04-06 18:40:57 +00:00			`package oauth2`
Reorganize OAuth2 Test Helpers Moved all test helper structs and funcs under oauth2/oauth2_test.go 2017-02-16 21:59:46 +00:00
			`import (`
			`"context"`
			`"net/http"`
			`"net/http/httptest"`
			`"net/url"`
			`"time"`

			`goauth "golang.org/x/oauth2"`

			`"github.com/influxdata/chronograf"`
			`)`

Add new auth duration CLI option; add client heartbeat; fix logout (#1119) * User can now set oauth cookie session duration via the CLI to any duration or to expire on browser close * Refactor GET 'me' into heartbeat at constant interval * Add ping route to all routes * Add /chronograf/v1/ping endpoint for server status * Refactor cookie generation to use an interface * WIP adding refreshable tokens * Add reminder to review index.js Login error handling * Refactor Authenticator interface to accommodate cookie duration and logout delay * Update make run-dev to be more TICKStack compliant * Remove heartbeat/logout duration from authentication * WIP Refactor tests to accommodate cookie and auth refactor * Update oauth2 tests to newly refactored design * Update oauth provider tests * Remove unused oauth2/consts.go * Move authentication middleware to server package * Fix authentication comment * Update authenication documentation to mention AUTH_DURATION * Update /chronograf/v1/ping to simply return 204 * Fix Makefile run-dev target * Remove spurious ping route * Update auth docs to clarify authentication duration * Revert "Refactor GET 'me' into heartbeat at constant interval" This reverts commit 298a8c47e1431720d9bd97a9cb853744f04501a3. Conflicts: ui/src/index.js * Add auth test for JWT signing method * Add comments for why coverage isn't written for some areas of jwt code * Update auth docs to explicitly mention how to require re-auth for all users on server restart * Add Duration to Validation interface for Tokens * Make auth duration of zero yield a everlasting token * Revert "Revert "Refactor GET 'me' into heartbeat at constant interval"" This reverts commit b4773c15afe4fcd227ad88aa9d5686beb6b0a6cd. * Rename http status constants and add FORBIDDEN * Heartbeat only when logged in, notify user if heartbeat fails * Update changelog * Fix minor word semantics * Update oauth2 tests to be in the oauth2_test package * Add check at compile time that JWT implements Tokenizer * Rename CookieMux to AuthMux for consistency with earlier refactor * Fix logout middleware * Fix logout button not showing due to obsolete data shape expectations * Update changelog * Fix proptypes for logout button data shape in SideNav 2017-04-06 18:40:57 +00:00			`var _ Provider = &MockProvider{}`
Reorganize OAuth2 Test Helpers Moved all test helper structs and funcs under oauth2/oauth2_test.go 2017-02-16 21:59:46 +00:00
			`type MockProvider struct {`
			`Email string`
Add test for oauth2.Callback() handler This test ensures that the Callback handler sets a cookie in its response to the browser when the provider returns a 200 2017-02-17 17:41:14 +00:00
			`ProviderURL string`
Reorganize OAuth2 Test Helpers Moved all test helper structs and funcs under oauth2/oauth2_test.go 2017-02-16 21:59:46 +00:00			`}`

			`func (mp MockProvider) Config() goauth.Config {`
Add test for oauth2.Callback() handler This test ensures that the Callback handler sets a cookie in its response to the browser when the provider returns a 200 2017-02-17 17:41:14 +00:00			`return &goauth.Config{`
			`RedirectURL: "http://www.example.com",`
			`ClientID: "4815162342",`
			`ClientSecret: "8675309",`
			`Endpoint: goauth.Endpoint{`
Update to fix go linter issues 2017-03-06 16:11:52 +00:00			`AuthURL: mp.ProviderURL + "/oauth/auth",`
			`TokenURL: mp.ProviderURL + "/oauth/token",`
Add test for oauth2.Callback() handler This test ensures that the Callback handler sets a cookie in its response to the browser when the provider returns a 200 2017-02-17 17:41:14 +00:00			`},`
			`}`
Reorganize OAuth2 Test Helpers Moved all test helper structs and funcs under oauth2/oauth2_test.go 2017-02-16 21:59:46 +00:00			`}`

			`func (mp *MockProvider) ID() string {`
			`return "8675309"`
			`}`

			`func (mp *MockProvider) Name() string {`
			`return "mockly"`
			`}`

			`func (mp MockProvider) PrincipalID(provider http.Client) (string, error) {`
			`return mp.Email, nil`
			`}`

			`func (mp *MockProvider) Scopes() []string {`
			`return []string{}`
			`}`

			`func (mp *MockProvider) Secret() string {`
			`return "4815162342"`
			`}`

Add new auth duration CLI option; add client heartbeat; fix logout (#1119) * User can now set oauth cookie session duration via the CLI to any duration or to expire on browser close * Refactor GET 'me' into heartbeat at constant interval * Add ping route to all routes * Add /chronograf/v1/ping endpoint for server status * Refactor cookie generation to use an interface * WIP adding refreshable tokens * Add reminder to review index.js Login error handling * Refactor Authenticator interface to accommodate cookie duration and logout delay * Update make run-dev to be more TICKStack compliant * Remove heartbeat/logout duration from authentication * WIP Refactor tests to accommodate cookie and auth refactor * Update oauth2 tests to newly refactored design * Update oauth provider tests * Remove unused oauth2/consts.go * Move authentication middleware to server package * Fix authentication comment * Update authenication documentation to mention AUTH_DURATION * Update /chronograf/v1/ping to simply return 204 * Fix Makefile run-dev target * Remove spurious ping route * Update auth docs to clarify authentication duration * Revert "Refactor GET 'me' into heartbeat at constant interval" This reverts commit 298a8c47e1431720d9bd97a9cb853744f04501a3. Conflicts: ui/src/index.js * Add auth test for JWT signing method * Add comments for why coverage isn't written for some areas of jwt code * Update auth docs to explicitly mention how to require re-auth for all users on server restart * Add Duration to Validation interface for Tokens * Make auth duration of zero yield a everlasting token * Revert "Revert "Refactor GET 'me' into heartbeat at constant interval"" This reverts commit b4773c15afe4fcd227ad88aa9d5686beb6b0a6cd. * Rename http status constants and add FORBIDDEN * Heartbeat only when logged in, notify user if heartbeat fails * Update changelog * Fix minor word semantics * Update oauth2 tests to be in the oauth2_test package * Add check at compile time that JWT implements Tokenizer * Rename CookieMux to AuthMux for consistency with earlier refactor * Fix logout middleware * Fix logout button not showing due to obsolete data shape expectations * Update changelog * Fix proptypes for logout button data shape in SideNav 2017-04-06 18:40:57 +00:00			`var _ Tokenizer = &YesManTokenizer{}`
Reorganize OAuth2 Test Helpers Moved all test helper structs and funcs under oauth2/oauth2_test.go 2017-02-16 21:59:46 +00:00
Add new auth duration CLI option; add client heartbeat; fix logout (#1119) * User can now set oauth cookie session duration via the CLI to any duration or to expire on browser close * Refactor GET 'me' into heartbeat at constant interval * Add ping route to all routes * Add /chronograf/v1/ping endpoint for server status * Refactor cookie generation to use an interface * WIP adding refreshable tokens * Add reminder to review index.js Login error handling * Refactor Authenticator interface to accommodate cookie duration and logout delay * Update make run-dev to be more TICKStack compliant * Remove heartbeat/logout duration from authentication * WIP Refactor tests to accommodate cookie and auth refactor * Update oauth2 tests to newly refactored design * Update oauth provider tests * Remove unused oauth2/consts.go * Move authentication middleware to server package * Fix authentication comment * Update authenication documentation to mention AUTH_DURATION * Update /chronograf/v1/ping to simply return 204 * Fix Makefile run-dev target * Remove spurious ping route * Update auth docs to clarify authentication duration * Revert "Refactor GET 'me' into heartbeat at constant interval" This reverts commit 298a8c47e1431720d9bd97a9cb853744f04501a3. Conflicts: ui/src/index.js * Add auth test for JWT signing method * Add comments for why coverage isn't written for some areas of jwt code * Update auth docs to explicitly mention how to require re-auth for all users on server restart * Add Duration to Validation interface for Tokens * Make auth duration of zero yield a everlasting token * Revert "Revert "Refactor GET 'me' into heartbeat at constant interval"" This reverts commit b4773c15afe4fcd227ad88aa9d5686beb6b0a6cd. * Rename http status constants and add FORBIDDEN * Heartbeat only when logged in, notify user if heartbeat fails * Update changelog * Fix minor word semantics * Update oauth2 tests to be in the oauth2_test package * Add check at compile time that JWT implements Tokenizer * Rename CookieMux to AuthMux for consistency with earlier refactor * Fix logout middleware * Fix logout button not showing due to obsolete data shape expectations * Update changelog * Fix proptypes for logout button data shape in SideNav 2017-04-06 18:40:57 +00:00			`type YesManTokenizer struct{}`
Reorganize OAuth2 Test Helpers Moved all test helper structs and funcs under oauth2/oauth2_test.go 2017-02-16 21:59:46 +00:00
Add new auth duration CLI option; add client heartbeat; fix logout (#1119) * User can now set oauth cookie session duration via the CLI to any duration or to expire on browser close * Refactor GET 'me' into heartbeat at constant interval * Add ping route to all routes * Add /chronograf/v1/ping endpoint for server status * Refactor cookie generation to use an interface * WIP adding refreshable tokens * Add reminder to review index.js Login error handling * Refactor Authenticator interface to accommodate cookie duration and logout delay * Update make run-dev to be more TICKStack compliant * Remove heartbeat/logout duration from authentication * WIP Refactor tests to accommodate cookie and auth refactor * Update oauth2 tests to newly refactored design * Update oauth provider tests * Remove unused oauth2/consts.go * Move authentication middleware to server package * Fix authentication comment * Update authenication documentation to mention AUTH_DURATION * Update /chronograf/v1/ping to simply return 204 * Fix Makefile run-dev target * Remove spurious ping route * Update auth docs to clarify authentication duration * Revert "Refactor GET 'me' into heartbeat at constant interval" This reverts commit 298a8c47e1431720d9bd97a9cb853744f04501a3. Conflicts: ui/src/index.js * Add auth test for JWT signing method * Add comments for why coverage isn't written for some areas of jwt code * Update auth docs to explicitly mention how to require re-auth for all users on server restart * Add Duration to Validation interface for Tokens * Make auth duration of zero yield a everlasting token * Revert "Revert "Refactor GET 'me' into heartbeat at constant interval"" This reverts commit b4773c15afe4fcd227ad88aa9d5686beb6b0a6cd. * Rename http status constants and add FORBIDDEN * Heartbeat only when logged in, notify user if heartbeat fails * Update changelog * Fix minor word semantics * Update oauth2 tests to be in the oauth2_test package * Add check at compile time that JWT implements Tokenizer * Rename CookieMux to AuthMux for consistency with earlier refactor * Fix logout middleware * Fix logout button not showing due to obsolete data shape expectations * Update changelog * Fix proptypes for logout button data shape in SideNav 2017-04-06 18:40:57 +00:00			`func (y *YesManTokenizer) ValidPrincipal(ctx context.Context, token Token, duration time.Duration) (Principal, error) {`
			`return Principal{`
Reorganize OAuth2 Test Helpers Moved all test helper structs and funcs under oauth2/oauth2_test.go 2017-02-16 21:59:46 +00:00			`Subject: "biff@example.com",`
			`Issuer: "Biff Tannen's Pleasure Paradise",`
			`}, nil`
			`}`

Update tests for refreshing jwts 2017-04-14 07:35:30 +00:00			`func (y *YesManTokenizer) Create(ctx context.Context, p Principal) (Token, error) {`
Add new auth duration CLI option; add client heartbeat; fix logout (#1119) * User can now set oauth cookie session duration via the CLI to any duration or to expire on browser close * Refactor GET 'me' into heartbeat at constant interval * Add ping route to all routes * Add /chronograf/v1/ping endpoint for server status * Refactor cookie generation to use an interface * WIP adding refreshable tokens * Add reminder to review index.js Login error handling * Refactor Authenticator interface to accommodate cookie duration and logout delay * Update make run-dev to be more TICKStack compliant * Remove heartbeat/logout duration from authentication * WIP Refactor tests to accommodate cookie and auth refactor * Update oauth2 tests to newly refactored design * Update oauth provider tests * Remove unused oauth2/consts.go * Move authentication middleware to server package * Fix authentication comment * Update authenication documentation to mention AUTH_DURATION * Update /chronograf/v1/ping to simply return 204 * Fix Makefile run-dev target * Remove spurious ping route * Update auth docs to clarify authentication duration * Revert "Refactor GET 'me' into heartbeat at constant interval" This reverts commit 298a8c47e1431720d9bd97a9cb853744f04501a3. Conflicts: ui/src/index.js * Add auth test for JWT signing method * Add comments for why coverage isn't written for some areas of jwt code * Update auth docs to explicitly mention how to require re-auth for all users on server restart * Add Duration to Validation interface for Tokens * Make auth duration of zero yield a everlasting token * Revert "Revert "Refactor GET 'me' into heartbeat at constant interval"" This reverts commit b4773c15afe4fcd227ad88aa9d5686beb6b0a6cd. * Rename http status constants and add FORBIDDEN * Heartbeat only when logged in, notify user if heartbeat fails * Update changelog * Fix minor word semantics * Update oauth2 tests to be in the oauth2_test package * Add check at compile time that JWT implements Tokenizer * Rename CookieMux to AuthMux for consistency with earlier refactor * Fix logout middleware * Fix logout button not showing due to obsolete data shape expectations * Update changelog * Fix proptypes for logout button data shape in SideNav 2017-04-06 18:40:57 +00:00			`return Token("HELLO?!MCFLY?!ANYONEINTHERE?!"), nil`
Reorganize OAuth2 Test Helpers Moved all test helper structs and funcs under oauth2/oauth2_test.go 2017-02-16 21:59:46 +00:00			`}`

Update oauth2 Authenticator signatures to use extend 2017-04-17 16:49:45 +00:00			`func (y *YesManTokenizer) ExtendedPrincipal(ctx context.Context, p Principal, ext time.Duration) (Principal, error) {`
Update tests for refreshing jwts 2017-04-14 07:35:30 +00:00			`return p, nil`
			`}`

Reorganize OAuth2 Test Helpers Moved all test helper structs and funcs under oauth2/oauth2_test.go 2017-02-16 21:59:46 +00:00			`func NewTestTripper(log chronograf.Logger, ts httptest.Server, rt http.RoundTripper) (TestTripper, error) {`
			`url, err := url.Parse(ts.URL)`
			`if err != nil {`
			`return nil, err`
			`}`
			`return &TestTripper{log, rt, url}, nil`
			`}`

			`type TestTripper struct {`
			`Log chronograf.Logger`

			`rt http.RoundTripper`
			`tsURL *url.URL`
			`}`

			`// RoundTrip modifies the Hostname of the incoming request to be directed to the`
			`// test server.`
			`func (tt TestTripper) RoundTrip(r http.Request) (*http.Response, error) {`
			`tt.Log.`
			`WithField("component", "test").`
			`WithField("remote_addr", r.RemoteAddr).`
			`WithField("method", r.Method).`
			`WithField("url", r.URL).`
			`Info("Request")`

			`r.URL.Host = tt.tsURL.Host`
			`r.URL.Scheme = tt.tsURL.Scheme`

			`return tt.rt.RoundTrip(r)`
			`}`