2023-11-03 16:07:15 +03:00
|
|
|
package home
|
|
|
|
|
|
|
|
import (
|
|
|
|
"bytes"
|
|
|
|
"crypto/rand"
|
|
|
|
"encoding/hex"
|
|
|
|
"path/filepath"
|
|
|
|
"testing"
|
|
|
|
"time"
|
|
|
|
|
|
|
|
"github.com/stretchr/testify/assert"
|
|
|
|
"github.com/stretchr/testify/require"
|
|
|
|
)
|
|
|
|
|
|
|
|
func TestNewSessionToken(t *testing.T) {
|
|
|
|
// Successful case.
|
|
|
|
token, err := newSessionToken()
|
|
|
|
require.NoError(t, err)
|
|
|
|
assert.Len(t, token, sessionTokenSize)
|
|
|
|
|
|
|
|
// Break the rand.Reader.
|
|
|
|
prevReader := rand.Reader
|
|
|
|
t.Cleanup(func() { rand.Reader = prevReader })
|
|
|
|
rand.Reader = &bytes.Buffer{}
|
|
|
|
|
|
|
|
// Unsuccessful case.
|
|
|
|
token, err = newSessionToken()
|
|
|
|
require.Error(t, err)
|
|
|
|
assert.Empty(t, token)
|
|
|
|
}
|
|
|
|
|
|
|
|
func TestAuth(t *testing.T) {
|
|
|
|
dir := t.TempDir()
|
|
|
|
fn := filepath.Join(dir, "sessions.db")
|
|
|
|
|
|
|
|
users := []webUser{{
|
|
|
|
Name: "name",
|
|
|
|
PasswordHash: "$2y$05$..vyzAECIhJPfaQiOK17IukcQnqEgKJHy0iETyYqxn3YXJl8yZuo2",
|
|
|
|
}}
|
2024-03-20 19:25:59 +03:00
|
|
|
a := InitAuth(fn, nil, 60, nil, nil)
|
2023-11-03 16:07:15 +03:00
|
|
|
s := session{}
|
|
|
|
|
|
|
|
user := webUser{Name: "name"}
|
|
|
|
err := a.addUser(&user, "password")
|
|
|
|
require.NoError(t, err)
|
|
|
|
|
|
|
|
assert.Equal(t, checkSessionNotFound, a.checkSession("notfound"))
|
|
|
|
a.removeSession("notfound")
|
|
|
|
|
|
|
|
sess, err := newSessionToken()
|
|
|
|
require.NoError(t, err)
|
|
|
|
sessStr := hex.EncodeToString(sess)
|
|
|
|
|
|
|
|
now := time.Now().UTC().Unix()
|
|
|
|
// check expiration
|
|
|
|
s.expire = uint32(now)
|
|
|
|
a.addSession(sess, &s)
|
|
|
|
assert.Equal(t, checkSessionExpired, a.checkSession(sessStr))
|
|
|
|
|
|
|
|
// add session with TTL = 2 sec
|
|
|
|
s = session{}
|
|
|
|
s.expire = uint32(time.Now().UTC().Unix() + 2)
|
|
|
|
a.addSession(sess, &s)
|
|
|
|
assert.Equal(t, checkSessionOK, a.checkSession(sessStr))
|
|
|
|
|
|
|
|
a.Close()
|
|
|
|
|
|
|
|
// load saved session
|
2024-03-20 19:25:59 +03:00
|
|
|
a = InitAuth(fn, users, 60, nil, nil)
|
2023-11-03 16:07:15 +03:00
|
|
|
|
|
|
|
// the session is still alive
|
|
|
|
assert.Equal(t, checkSessionOK, a.checkSession(sessStr))
|
|
|
|
// reset our expiration time because checkSession() has just updated it
|
|
|
|
s.expire = uint32(time.Now().UTC().Unix() + 2)
|
|
|
|
a.storeSession(sess, &s)
|
|
|
|
a.Close()
|
|
|
|
|
|
|
|
u, ok := a.findUser("name", "password")
|
|
|
|
assert.True(t, ok)
|
|
|
|
assert.NotEmpty(t, u.Name)
|
|
|
|
|
|
|
|
time.Sleep(3 * time.Second)
|
|
|
|
|
|
|
|
// load and remove expired sessions
|
2024-03-20 19:25:59 +03:00
|
|
|
a = InitAuth(fn, users, 60, nil, nil)
|
2023-11-03 16:07:15 +03:00
|
|
|
assert.Equal(t, checkSessionNotFound, a.checkSession(sessStr))
|
|
|
|
|
|
|
|
a.Close()
|
|
|
|
}
|