krotik
/
eliasdb


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134
							/*
 * EliasDB
 *
 * Copyright 2016 Matthias Ladkau. All rights reserved.
 *
 * This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0. If a copy of the MPL was not distributed with this
 * file, You can obtain one at http://mozilla.org/MPL/2.0/.
 */

package ac

import (
	"net/http"
	"testing"

	"devt.de/krotik/common/httputil/user"
)

func TestLogoutEndpoint(t *testing.T) {
	queryURL := "http://localhost" + TESTPORT

	authCookie := doAuth("johndoe", "doe")

	// Send request with auth cookie to the user endpoint

	res, resp := sendTestRequestResponse("application/json", queryURL+EndpointUser+"u/", "GET", nil,
		func(req *http.Request) {
			req.AddCookie(authCookie)
		})

	if res != `[
  {
    "data": null,
    "groups": [
      "admin",
      "public"
    ],
    "username": "elias"
  },
  {
    "data": null,
    "groups": [],
    "username": "guest"
  },
  {
    "data": null,
    "groups": [
      "public"
    ],
    "username": "johndoe"
  }
]` {
		t.Error("Unexpected response:", res, resp)
	}

	// Do the logout but use a page submisssion

	res, resp = sendTestRequestResponse("application/x-www-form-urlencodedt", queryURL+EndpointLogout, "POST", nil,
		func(req *http.Request) {
			req.AddCookie(authCookie)
		})

	if resp.Request.URL.Path != "/" {
		t.Error("Unexpected request:", res, resp.Request.URL.Path)
		return
	}

	// Next request with auth cookie should fail since we are logged out

	res, resp = sendTestRequestResponse("application/json", queryURL+EndpointUser, "GET", nil,
		func(req *http.Request) {
			req.AddCookie(authCookie)
		})

	if res != "Valid credentials required" {
		t.Error("Unexpected response:", res, resp)
	}

	_, resp = sendTestRequestResponse("application/json", queryURL+"/foo?abc=123", "GET", nil,
		func(req *http.Request) {
			req.AddCookie(authCookie)
		})

	if resp.Request.URL.Path != "/login.html" || resp.Request.URL.RawQuery != "ref=%2Ffoo%3Fabc%3D123" {
		t.Error("Unexpected response:", resp.Request.URL.Path, resp.Request.URL.RawQuery)
		return
	}
}

func TestSessionExpiry(t *testing.T) {
	queryURL := "http://localhost" + TESTPORT

	authCookie := doAuth("johndoe", "doe")

	// Send request with auth cookie to the user endpoint

	_, resp := sendTestRequestResponse("application/json", queryURL+EndpointUser+"u/?abc=123", "GET", nil,
		func(req *http.Request) {
			req.AddCookie(authCookie)
		})

	if resp.StatusCode != 200 {
		t.Error("Unexpected response:", resp)
		return
	}

	// Remove all underlying sessions

	sessions, _ := user.UserSessionManager.Provider.GetAll()
	for _, s := range sessions {
		user.UserSessionManager.Provider.Destroy(s.ID())
	}

	// Next request with auth cookie should fail

	_, resp = sendTestRequestResponse("application/json", queryURL+EndpointUser+"?abc=123", "GET", nil,
		func(req *http.Request) {
			for _, c := range resp.Cookies() {

				// Add auth and session cookie otherwise the session will be recreated

				req.AddCookie(c)
			}
		})

	// The session is expired which causes the invalidation of the authentication cookie
	// and a redirect to login

	if resp.Request.URL.Path != "/login.html" {
		t.Error("Unexpected response:", resp)
		return
	}
}