"Fossies" - the Fresh Open Source Software Archive

Member "AdGuardHome-0.104.3/internal/home/auth_test.go" (19 Nov 2020, 4321 Bytes) of package /linux/misc/dns/AdGuardHome-0.104.3.tar.gz:


As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) Go source code syntax highlighting (style: standard) with prefixed line numbers and code folding option. Alternatively you can here view or download the uninterpreted source code file. See also the latest Fossies "Diffs" side-by-side code changes report for "auth_test.go": 0.104.1_vs_0.104.3.

    1 package home
    2 
    3 import (
    4     "encoding/hex"
    5     "net/http"
    6     "net/url"
    7     "os"
    8     "path/filepath"
    9     "testing"
   10     "time"
   11 
   12     "github.com/AdguardTeam/AdGuardHome/internal/testutil"
   13     "github.com/stretchr/testify/assert"
   14 )
   15 
   16 func TestMain(m *testing.M) {
   17     testutil.DiscardLogOutput(m)
   18 }
   19 
   20 func prepareTestDir() string {
   21     const dir = "./agh-test"
   22     _ = os.RemoveAll(dir)
   23     _ = os.MkdirAll(dir, 0755)
   24     return dir
   25 }
   26 
   27 func TestAuth(t *testing.T) {
   28     dir := prepareTestDir()
   29     defer func() { _ = os.RemoveAll(dir) }()
   30     fn := filepath.Join(dir, "sessions.db")
   31 
   32     users := []User{
   33         User{Name: "name", PasswordHash: "$2y$05$..vyzAECIhJPfaQiOK17IukcQnqEgKJHy0iETyYqxn3YXJl8yZuo2"},
   34     }
   35     a := InitAuth(fn, nil, 60)
   36     s := session{}
   37 
   38     user := User{Name: "name"}
   39     a.UserAdd(&user, "password")
   40 
   41     assert.True(t, a.CheckSession("notfound") == -1)
   42     a.RemoveSession("notfound")
   43 
   44     sess := getSession(&users[0])
   45     sessStr := hex.EncodeToString(sess)
   46 
   47     now := time.Now().UTC().Unix()
   48     // check expiration
   49     s.expire = uint32(now)
   50     a.addSession(sess, &s)
   51     assert.True(t, a.CheckSession(sessStr) == 1)
   52 
   53     // add session with TTL = 2 sec
   54     s = session{}
   55     s.expire = uint32(time.Now().UTC().Unix() + 2)
   56     a.addSession(sess, &s)
   57     assert.True(t, a.CheckSession(sessStr) == 0)
   58 
   59     a.Close()
   60 
   61     // load saved session
   62     a = InitAuth(fn, users, 60)
   63 
   64     // the session is still alive
   65     assert.True(t, a.CheckSession(sessStr) == 0)
   66     // reset our expiration time because CheckSession() has just updated it
   67     s.expire = uint32(time.Now().UTC().Unix() + 2)
   68     a.storeSession(sess, &s)
   69     a.Close()
   70 
   71     u := a.UserFind("name", "password")
   72     assert.True(t, len(u.Name) != 0)
   73 
   74     time.Sleep(3 * time.Second)
   75 
   76     // load and remove expired sessions
   77     a = InitAuth(fn, users, 60)
   78     assert.True(t, a.CheckSession(sessStr) == -1)
   79 
   80     a.Close()
   81     os.Remove(fn)
   82 }
   83 
   84 // implements http.ResponseWriter
   85 type testResponseWriter struct {
   86     hdr        http.Header
   87     statusCode int
   88 }
   89 
   90 func (w *testResponseWriter) Header() http.Header {
   91     return w.hdr
   92 }
   93 
   94 func (w *testResponseWriter) Write([]byte) (int, error) {
   95     return 0, nil
   96 }
   97 
   98 func (w *testResponseWriter) WriteHeader(statusCode int) {
   99     w.statusCode = statusCode
  100 }
  101 
  102 func TestAuthHTTP(t *testing.T) {
  103     dir := prepareTestDir()
  104     defer func() { _ = os.RemoveAll(dir) }()
  105     fn := filepath.Join(dir, "sessions.db")
  106 
  107     users := []User{
  108         User{Name: "name", PasswordHash: "$2y$05$..vyzAECIhJPfaQiOK17IukcQnqEgKJHy0iETyYqxn3YXJl8yZuo2"},
  109     }
  110     Context.auth = InitAuth(fn, users, 60)
  111 
  112     handlerCalled := false
  113     handler := func(w http.ResponseWriter, r *http.Request) {
  114         handlerCalled = true
  115     }
  116     handler2 := optionalAuth(handler)
  117     w := testResponseWriter{}
  118     w.hdr = make(http.Header)
  119     r := http.Request{}
  120     r.Header = make(http.Header)
  121     r.Method = "GET"
  122 
  123     // get / - we're redirected to login page
  124     r.URL = &url.URL{Path: "/"}
  125     handlerCalled = false
  126     handler2(&w, &r)
  127     assert.True(t, w.statusCode == http.StatusFound)
  128     assert.True(t, w.hdr.Get("Location") != "")
  129     assert.True(t, !handlerCalled)
  130 
  131     // go to login page
  132     loginURL := w.hdr.Get("Location")
  133     r.URL = &url.URL{Path: loginURL}
  134     handlerCalled = false
  135     handler2(&w, &r)
  136     assert.True(t, handlerCalled)
  137 
  138     // perform login
  139     cookie := Context.auth.httpCookie(loginJSON{Name: "name", Password: "password"})
  140     assert.True(t, cookie != "")
  141 
  142     // get /
  143     handler2 = optionalAuth(handler)
  144     w.hdr = make(http.Header)
  145     r.Header.Set("Cookie", cookie)
  146     r.URL = &url.URL{Path: "/"}
  147     handlerCalled = false
  148     handler2(&w, &r)
  149     assert.True(t, handlerCalled)
  150     r.Header.Del("Cookie")
  151 
  152     // get / with basic auth
  153     handler2 = optionalAuth(handler)
  154     w.hdr = make(http.Header)
  155     r.URL = &url.URL{Path: "/"}
  156     r.SetBasicAuth("name", "password")
  157     handlerCalled = false
  158     handler2(&w, &r)
  159     assert.True(t, handlerCalled)
  160     r.Header.Del("Authorization")
  161 
  162     // get login page with a valid cookie - we're redirected to /
  163     handler2 = optionalAuth(handler)
  164     w.hdr = make(http.Header)
  165     r.Header.Set("Cookie", cookie)
  166     r.URL = &url.URL{Path: loginURL}
  167     handlerCalled = false
  168     handler2(&w, &r)
  169     assert.True(t, w.hdr.Get("Location") != "")
  170     assert.True(t, !handlerCalled)
  171     r.Header.Del("Cookie")
  172 
  173     // get login page with an invalid cookie
  174     handler2 = optionalAuth(handler)
  175     w.hdr = make(http.Header)
  176     r.Header.Set("Cookie", "bad")
  177     r.URL = &url.URL{Path: loginURL}
  178     handlerCalled = false
  179     handler2(&w, &r)
  180     assert.True(t, handlerCalled)
  181     r.Header.Del("Cookie")
  182 
  183     Context.auth.Close()
  184 }