"Fossies" - the Fresh Open Source Software Archive 
Member "AdGuardHome-0.104.3/internal/home/auth_test.go" (19 Nov 2020, 4321 Bytes) of package /linux/misc/dns/AdGuardHome-0.104.3.tar.gz:
As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) Go source code syntax highlighting (style:
standard) with prefixed line numbers and
code folding option.
Alternatively you can here
view or
download the uninterpreted source code file.
See also the latest
Fossies "Diffs" side-by-side code changes report for "auth_test.go":
0.104.1_vs_0.104.3.
1 package home
2
3 import (
4 "encoding/hex"
5 "net/http"
6 "net/url"
7 "os"
8 "path/filepath"
9 "testing"
10 "time"
11
12 "github.com/AdguardTeam/AdGuardHome/internal/testutil"
13 "github.com/stretchr/testify/assert"
14 )
15
16 func TestMain(m *testing.M) {
17 testutil.DiscardLogOutput(m)
18 }
19
20 func prepareTestDir() string {
21 const dir = "./agh-test"
22 _ = os.RemoveAll(dir)
23 _ = os.MkdirAll(dir, 0755)
24 return dir
25 }
26
27 func TestAuth(t *testing.T) {
28 dir := prepareTestDir()
29 defer func() { _ = os.RemoveAll(dir) }()
30 fn := filepath.Join(dir, "sessions.db")
31
32 users := []User{
33 User{Name: "name", PasswordHash: "$2y$05$..vyzAECIhJPfaQiOK17IukcQnqEgKJHy0iETyYqxn3YXJl8yZuo2"},
34 }
35 a := InitAuth(fn, nil, 60)
36 s := session{}
37
38 user := User{Name: "name"}
39 a.UserAdd(&user, "password")
40
41 assert.True(t, a.CheckSession("notfound") == -1)
42 a.RemoveSession("notfound")
43
44 sess := getSession(&users[0])
45 sessStr := hex.EncodeToString(sess)
46
47 now := time.Now().UTC().Unix()
48 // check expiration
49 s.expire = uint32(now)
50 a.addSession(sess, &s)
51 assert.True(t, a.CheckSession(sessStr) == 1)
52
53 // add session with TTL = 2 sec
54 s = session{}
55 s.expire = uint32(time.Now().UTC().Unix() + 2)
56 a.addSession(sess, &s)
57 assert.True(t, a.CheckSession(sessStr) == 0)
58
59 a.Close()
60
61 // load saved session
62 a = InitAuth(fn, users, 60)
63
64 // the session is still alive
65 assert.True(t, a.CheckSession(sessStr) == 0)
66 // reset our expiration time because CheckSession() has just updated it
67 s.expire = uint32(time.Now().UTC().Unix() + 2)
68 a.storeSession(sess, &s)
69 a.Close()
70
71 u := a.UserFind("name", "password")
72 assert.True(t, len(u.Name) != 0)
73
74 time.Sleep(3 * time.Second)
75
76 // load and remove expired sessions
77 a = InitAuth(fn, users, 60)
78 assert.True(t, a.CheckSession(sessStr) == -1)
79
80 a.Close()
81 os.Remove(fn)
82 }
83
84 // implements http.ResponseWriter
85 type testResponseWriter struct {
86 hdr http.Header
87 statusCode int
88 }
89
90 func (w *testResponseWriter) Header() http.Header {
91 return w.hdr
92 }
93
94 func (w *testResponseWriter) Write([]byte) (int, error) {
95 return 0, nil
96 }
97
98 func (w *testResponseWriter) WriteHeader(statusCode int) {
99 w.statusCode = statusCode
100 }
101
102 func TestAuthHTTP(t *testing.T) {
103 dir := prepareTestDir()
104 defer func() { _ = os.RemoveAll(dir) }()
105 fn := filepath.Join(dir, "sessions.db")
106
107 users := []User{
108 User{Name: "name", PasswordHash: "$2y$05$..vyzAECIhJPfaQiOK17IukcQnqEgKJHy0iETyYqxn3YXJl8yZuo2"},
109 }
110 Context.auth = InitAuth(fn, users, 60)
111
112 handlerCalled := false
113 handler := func(w http.ResponseWriter, r *http.Request) {
114 handlerCalled = true
115 }
116 handler2 := optionalAuth(handler)
117 w := testResponseWriter{}
118 w.hdr = make(http.Header)
119 r := http.Request{}
120 r.Header = make(http.Header)
121 r.Method = "GET"
122
123 // get / - we're redirected to login page
124 r.URL = &url.URL{Path: "/"}
125 handlerCalled = false
126 handler2(&w, &r)
127 assert.True(t, w.statusCode == http.StatusFound)
128 assert.True(t, w.hdr.Get("Location") != "")
129 assert.True(t, !handlerCalled)
130
131 // go to login page
132 loginURL := w.hdr.Get("Location")
133 r.URL = &url.URL{Path: loginURL}
134 handlerCalled = false
135 handler2(&w, &r)
136 assert.True(t, handlerCalled)
137
138 // perform login
139 cookie := Context.auth.httpCookie(loginJSON{Name: "name", Password: "password"})
140 assert.True(t, cookie != "")
141
142 // get /
143 handler2 = optionalAuth(handler)
144 w.hdr = make(http.Header)
145 r.Header.Set("Cookie", cookie)
146 r.URL = &url.URL{Path: "/"}
147 handlerCalled = false
148 handler2(&w, &r)
149 assert.True(t, handlerCalled)
150 r.Header.Del("Cookie")
151
152 // get / with basic auth
153 handler2 = optionalAuth(handler)
154 w.hdr = make(http.Header)
155 r.URL = &url.URL{Path: "/"}
156 r.SetBasicAuth("name", "password")
157 handlerCalled = false
158 handler2(&w, &r)
159 assert.True(t, handlerCalled)
160 r.Header.Del("Authorization")
161
162 // get login page with a valid cookie - we're redirected to /
163 handler2 = optionalAuth(handler)
164 w.hdr = make(http.Header)
165 r.Header.Set("Cookie", cookie)
166 r.URL = &url.URL{Path: loginURL}
167 handlerCalled = false
168 handler2(&w, &r)
169 assert.True(t, w.hdr.Get("Location") != "")
170 assert.True(t, !handlerCalled)
171 r.Header.Del("Cookie")
172
173 // get login page with an invalid cookie
174 handler2 = optionalAuth(handler)
175 w.hdr = make(http.Header)
176 r.Header.Set("Cookie", "bad")
177 r.URL = &url.URL{Path: loginURL}
178 handlerCalled = false
179 handler2(&w, &r)
180 assert.True(t, handlerCalled)
181 r.Header.Del("Cookie")
182
183 Context.auth.Close()
184 }