logout_test.go 3.1 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134
  1. /*
  2. * EliasDB
  3. *
  4. * Copyright 2016 Matthias Ladkau. All rights reserved.
  5. *
  6. * This Source Code Form is subject to the terms of the Mozilla Public
  7. * License, v. 2.0. If a copy of the MPL was not distributed with this
  8. * file, You can obtain one at http://mozilla.org/MPL/2.0/.
  9. */
  10. package ac
  11. import (
  12. "net/http"
  13. "testing"
  14. "devt.de/krotik/common/httputil/user"
  15. )
  16. func TestLogoutEndpoint(t *testing.T) {
  17. queryURL := "http://localhost" + TESTPORT
  18. authCookie := doAuth("johndoe", "doe")
  19. // Send request with auth cookie to the user endpoint
  20. res, resp := sendTestRequestResponse("application/json", queryURL+EndpointUser+"u/", "GET", nil,
  21. func(req *http.Request) {
  22. req.AddCookie(authCookie)
  23. })
  24. if res != `[
  25. {
  26. "data": null,
  27. "groups": [
  28. "admin",
  29. "public"
  30. ],
  31. "username": "elias"
  32. },
  33. {
  34. "data": null,
  35. "groups": [],
  36. "username": "guest"
  37. },
  38. {
  39. "data": null,
  40. "groups": [
  41. "public"
  42. ],
  43. "username": "johndoe"
  44. }
  45. ]` {
  46. t.Error("Unexpected response:", res, resp)
  47. }
  48. // Do the logout but use a page submisssion
  49. res, resp = sendTestRequestResponse("application/x-www-form-urlencodedt", queryURL+EndpointLogout, "POST", nil,
  50. func(req *http.Request) {
  51. req.AddCookie(authCookie)
  52. })
  53. if resp.Request.URL.Path != "/" {
  54. t.Error("Unexpected request:", res, resp.Request.URL.Path)
  55. return
  56. }
  57. // Next request with auth cookie should fail since we are logged out
  58. res, resp = sendTestRequestResponse("application/json", queryURL+EndpointUser, "GET", nil,
  59. func(req *http.Request) {
  60. req.AddCookie(authCookie)
  61. })
  62. if res != "Valid credentials required" {
  63. t.Error("Unexpected response:", res, resp)
  64. }
  65. res, resp = sendTestRequestResponse("application/json", queryURL+"/foo?abc=123", "GET", nil,
  66. func(req *http.Request) {
  67. req.AddCookie(authCookie)
  68. })
  69. if resp.Request.URL.Path != "/login.html" || resp.Request.URL.RawQuery != "ref=%2Ffoo%3Fabc%3D123" {
  70. t.Error("Unexpected response:", resp.Request.URL.Path, resp.Request.URL.RawQuery)
  71. return
  72. }
  73. }
  74. func TestSessionExpiry(t *testing.T) {
  75. queryURL := "http://localhost" + TESTPORT
  76. authCookie := doAuth("johndoe", "doe")
  77. // Send request with auth cookie to the user endpoint
  78. _, resp := sendTestRequestResponse("application/json", queryURL+EndpointUser+"u/?abc=123", "GET", nil,
  79. func(req *http.Request) {
  80. req.AddCookie(authCookie)
  81. })
  82. if resp.StatusCode != 200 {
  83. t.Error("Unexpected response:", resp)
  84. return
  85. }
  86. // Remove all underlying sessions
  87. sessions, _ := user.UserSessionManager.Provider.GetAll()
  88. for _, s := range sessions {
  89. user.UserSessionManager.Provider.Destroy(s.ID())
  90. }
  91. // Next request with auth cookie should fail
  92. _, resp = sendTestRequestResponse("application/json", queryURL+EndpointUser+"?abc=123", "GET", nil,
  93. func(req *http.Request) {
  94. for _, c := range resp.Cookies() {
  95. // Add auth and session cookie otherwise the session will be recreated
  96. req.AddCookie(c)
  97. }
  98. })
  99. // The session is expired which causes the invalidation of the authentication cookie
  100. // and a redirect to login
  101. if resp.Request.URL.Path != "/login.html" {
  102. t.Error("Unexpected response:", resp)
  103. return
  104. }
  105. }