login_test.go 4.1 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155
  1. /*
  2. * EliasDB
  3. *
  4. * Copyright 2016 Matthias Ladkau. All rights reserved.
  5. *
  6. * This Source Code Form is subject to the terms of the Mozilla Public
  7. * License, v. 2.0. If a copy of the MPL was not distributed with this
  8. * file, You can obtain one at http://mozilla.org/MPL/2.0/.
  9. */
  10. package ac
  11. import (
  12. "net/http"
  13. "net/http/httptest"
  14. "strings"
  15. "testing"
  16. )
  17. func TestAuthorization(t *testing.T) {
  18. queryURL := "http://localhost" + TESTPORT
  19. authCookie := doAuth("johndoe", "doe")
  20. res, resp := sendTestRequestResponse("application/json", queryURL+EndpointUser, "POST", nil,
  21. func(req *http.Request) {
  22. req.AddCookie(authCookie)
  23. })
  24. if res != "Requested create access to /db/user/ was denied" {
  25. t.Error("Unexpected result:", res, resp)
  26. return
  27. }
  28. w := httptest.NewRecorder()
  29. ACL.CheckHTTPRequest(w, resp.Request, "hans")
  30. if strings.TrimSpace(w.Body.String()) != "Requested create access to /db/user/ was denied" {
  31. t.Error("Unexpected result: ", w.Body.String())
  32. return
  33. }
  34. }
  35. func TestLoginEndpoint(t *testing.T) {
  36. queryURL := "http://localhost" + TESTPORT
  37. // Send request with wrong method
  38. res := sendTestRequest("application/x-www-form-urlencoded", queryURL+EndpointLogin, "GET", nil, nil)
  39. if res != "Method Not Allowed" {
  40. t.Error("Unexpected response:", res)
  41. return
  42. }
  43. // Send request without body
  44. res = sendTestRequest("application/json", queryURL+EndpointLogin, "POST", nil, nil)
  45. if res != "Could not decode request body: EOF" {
  46. t.Error("Unexpected response:", res)
  47. return
  48. }
  49. // Send correct authentication with ok redirect missing
  50. res, resp := sendTestRequestResponse("application/x-www-form-urlencoded", queryURL+EndpointLogin, "POST",
  51. []byte(`user=elias&pass=elias&redirect_notok=/bar`), nil)
  52. if res != "404 page not found" || resp.Request.URL.Path != "/" {
  53. t.Error("Unexpected response:", res)
  54. return
  55. }
  56. // Send malformed authentication request
  57. res = sendTestRequest("application/x-www-form-urlencoded", queryURL+EndpointLogin, "POST", []byte(`us=elias`), nil)
  58. if res != "Invalid authentication request" {
  59. t.Error("Unexpected response:", res)
  60. return
  61. }
  62. // Send authentication request with wrong credentials
  63. res, resp = sendTestRequestResponse("application/x-www-form-urlencoded", queryURL+EndpointLogin, "POST",
  64. []byte(`user=elias&pass=elias1&redirect_ok=/foo&redirect_notok=/bar`), nil)
  65. if resp.Request.URL.Path != "/bar" {
  66. t.Error("Unexpected request:", res, resp.Request.URL.Path)
  67. return
  68. }
  69. // Send authentication request with wrong credentials and no not ok url
  70. res, resp = sendTestRequestResponse("application/x-www-form-urlencoded", queryURL+EndpointLogin, "POST",
  71. []byte(`user=elias&pass=elias1&redirect_ok=/foo`), nil)
  72. if resp.Request.URL.Path != "/db/login/" {
  73. t.Error("Unexpected request:", res, resp.Request.URL.Path)
  74. return
  75. }
  76. // Send authentication request with correct credentials
  77. res, resp = sendTestRequestResponse("application/x-www-form-urlencoded", queryURL+EndpointLogin, "POST",
  78. []byte(`user=elias&pass=elias&redirect_ok=/foobar&redirect_notok=/bar`), nil)
  79. if resp.Request.URL.Path != "/foobar" {
  80. t.Error("Unexpected request:", res, resp.Request.URL.Path)
  81. return
  82. }
  83. // Send authentication request with correct credentials but with bad redirect
  84. res, resp = sendTestRequestResponse("application/x-www-form-urlencoded", queryURL+EndpointLogin, "POST",
  85. []byte(`user=elias&pass=elias&redirect_ok=http://foobar/foo&redirect_notok=/bar`), nil)
  86. if res != "Redirection URL must not be an absolute URL" {
  87. t.Error("Unexpected request:", resp, res)
  88. return
  89. }
  90. // Send authentication request with incorrect credentials as json
  91. res, resp = sendTestRequestResponse("application/json",
  92. queryURL+EndpointLogin, "POST", []byte(`
  93. {
  94. "user" : "elias",
  95. "pass" : "elias123"
  96. }
  97. `), nil)
  98. if resp.StatusCode != 401 {
  99. t.Error("Unexpected response:", resp, res)
  100. return
  101. }
  102. // Send authentication request with correct credentials as json
  103. res, resp = sendTestRequestResponse("application/json",
  104. queryURL+EndpointLogin, "POST", []byte(`
  105. {
  106. "user" : "elias",
  107. "pass" : "elias"
  108. }
  109. `), nil)
  110. if resp.StatusCode != 200 {
  111. t.Error("Unexpected response:", resp, res)
  112. return
  113. }
  114. }