Newer
Older
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
package rootmux
import (
"encoding/json"
"net/http"
"net/http/cookiejar"
"net/http/httptest"
"net/url"
"os"
"testing"
"forge.grandlyon.com/web-et-numerique/llle_project/backoffice-server/internal/auth"
"forge.grandlyon.com/web-et-numerique/llle_project/backoffice-server/internal/mocks"
"forge.grandlyon.com/web-et-numerique/llle_project/backoffice-server/internal/tester"
"forge.grandlyon.com/web-et-numerique/llle_project/backoffice-server/internal/tokens"
)
var (
newMonthlyNews = `{"month": 1,"year": 2000,"header":"newsHeader","quote":"newsQuote"}`
noH map[string]string
)
func init() {
tokens.Init("testdata/tokenskey.json", true)
}
func TestAll(t *testing.T) {
// Create the mock OAuth2 server
oAuth2Server := httptest.NewServer(mocks.CreateMockOAuth2())
defer oAuth2Server.Close()
// Create the mock API server
go http.ListenAndServe(":8091", mocks.CreateMockAPI())
// Set the constants with environment variables
os.Setenv("HOSTNAME", "localhost")
os.Setenv("ADMIN_ROLE", "ADMINS")
os.Setenv("CLIENT_ID", "foo")
os.Setenv("CLIENT_SECRET", "bar")
os.Setenv("TOKEN_URL", oAuth2Server.URL+"/token")
os.Setenv("USERINFO_URL", oAuth2Server.URL+"/userinfo")
os.Setenv("LOGOUT_URL", oAuth2Server.URL+"/logout")
// Set up testers
os.Setenv("AUTH_URL", oAuth2Server.URL+"/auth-wrong-state") // Set the server to access failing OAuth2 endpoints
oauth2Tests(t)
os.Setenv("AUTH_URL", oAuth2Server.URL+"/auth") // Set the server to access the correct OAuth2Endpoint
unloggedTests(t)
os.Setenv("USERINFO_URL", oAuth2Server.URL+"/admininfo")
adminTests(t)
}
/**
SECURITY TESTS (this tests are to check that the security protections works)
**/
func oauth2Tests(t *testing.T) {
// Create the tester
ts, do, _ := createTester(t)
defer ts.Close() // Close the tester
// Try to login (must fail)
do("GET", "/OAuth2Login", noH, "", http.StatusInternalServerError, "invalid oauth state")
}
/**
UNLOGGED USER TESTS (this tests are to check that the security protections works)
**/
func unloggedTests(t *testing.T) {
// Create the tester
ts, do, _ := createTester(t)
defer ts.Close() // Close the tester
// Try to create a monthlyNews (must fail)
do("POST", "/api/admin/monthlyNews", noH, newMonthlyNews, http.StatusUnauthorized, "error extracting token")
}
/**
ADMIN TESTS (this tests are to check that an administrator can alter the apps)
**/
func adminTests(t *testing.T) {
// Create the tester
ts, do, _ := createTester(t)
defer ts.Close() // Close the tester
tests := func() {
// Get the XSRF Token
response := do("GET", "/api/common/WhoAmI", noH, "", http.StatusOK, "")
token := auth.TokenData{}
json.Unmarshal([]byte(response), &token)
xsrfHeader := map[string]string{"XSRF-TOKEN": token.XSRFToken}
// Try to create a monthly news without the XSRF-TOKEN (must fail)
do("POST", "/api/admin/monthlyNews", noH, newMonthlyNews, http.StatusUnauthorized, "XSRF protection triggered")
// Try to create a monthly news without body (must fail)
do("POST", "/api/admin/monthlyNews", xsrfHeader, "", http.StatusBadRequest, "request body is empty")
do("POST", "/api/admin/monthlyNews", xsrfHeader, newMonthlyNews, http.StatusCreated, "")
}
// Try to login (must pass)
do("GET", "/OAuth2Login", noH, "", http.StatusOK, "<!DOCTYPE html>")
// Run the tests
tests()
// Try to logout (must pass)
do("GET", "/Logout", noH, "", http.StatusOK, "Logout OK")
// Try to create a monthly news again (must fail)
do("GET", "/api/admin/monthlyNews", noH, "", http.StatusUnauthorized, "error extracting token")
}
func createTester(t *testing.T) (*httptest.Server, tester.DoFn, tester.DoFn) {
// Create the server
mux := CreateRootMux("../../web")
url, _ := url.Parse(ts.URL)
port := url.Port()
mux.Manager.Config.RedirectURL = "http://" + os.Getenv("HOSTNAME") + ":" + port + "/OAuth2Callback"
mux.Manager.Hostname = "http://" + os.Getenv("HOSTNAME") + ":" + port
// Create the cookie jar
jar, _ := cookiejar.New(nil)
// wrap the testing function
return ts, tester.CreateServerTester(t, port, os.Getenv("HOSTNAME"), jar), tester.CreateServerTester(t, port, os.Getenv("HOSTNAME"), nil)
}