صفحهٔ اصلی گشت‌و‌گذار راهنما
ثبت نام ورود
oscarleiva
/
energylink
1
0
انشعاب 0
پرونده‌ها مشکلات 0 درخواست واکشی 0 ویکی
درخت: 565408194a
شاخه‌ها تگ‌ها
energylink
/
pkg
/
services
/
auth
/
auth_token_test.go

auth_token_test.go 6.0 KB
تاريخچه خام

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219 
  1. package auth
    2. 

  2. 

  3. import (
    4. 

  4. 	"testing"
    5. 

  5. 	"time"
    6. 

  6. 

  7. 	"github.com/grafana/grafana/pkg/setting"
    8. 

  8. 

  9. 	"github.com/grafana/grafana/pkg/log"
    10. 

  10. 	"github.com/grafana/grafana/pkg/models"
    11. 

  11. 	"github.com/grafana/grafana/pkg/services/sqlstore"
    12. 

  12. 	. "github.com/smartystreets/goconvey/convey"
    13. 

  13. )
    14. 

  14. 

  15. func TestUserAuthToken(t *testing.T) {
    16. 

  16. 	Convey("Test user auth token", t, func() {
    17. 

  17. 		ctx := createTestContext(t)
    18. 

  18. 		userAuthTokenService := ctx.tokenService
    19. 

  19. 		userID := int64(10)
    20. 

  20. 

  21. 		t := time.Date(2018, 12, 13, 13, 45, 0, 0, time.UTC)
    22. 

  22. 		now = func() time.Time {
    23. 

  23. 			return t
    24. 

  24. 		}
    25. 

  25. 

  26. 		Convey("When creating token", func() {
    27. 

  27. 			token, err := userAuthTokenService.CreateToken(userID, "192.168.10.11:1234", "some user agent")
    28. 

  28. 			So(err, ShouldBeNil)
    29. 

  29. 			So(token, ShouldNotBeNil)
    30. 

  30. 			So(token.AuthTokenSeen, ShouldBeFalse)
    31. 

  31. 

  32. 			Convey("When lookup unhashed token should return user auth token", func() {
    33. 

  33. 				LookupToken, err := userAuthTokenService.LookupToken(token.UnhashedToken)
    34. 

  34. 				So(err, ShouldBeNil)
    35. 

  35. 				So(LookupToken, ShouldNotBeNil)
    36. 

  36. 				So(LookupToken.UserId, ShouldEqual, userID)
    37. 

  37. 				So(LookupToken.AuthTokenSeen, ShouldBeTrue)
    38. 

  38. 

  39. 				storedAuthToken, err := ctx.getAuthTokenByID(LookupToken.Id)
    40. 

  40. 				So(err, ShouldBeNil)
    41. 

  41. 				So(storedAuthToken, ShouldNotBeNil)
    42. 

  42. 				So(storedAuthToken.AuthTokenSeen, ShouldBeTrue)
    43. 

  43. 			})
    44. 

  44. 

  45. 			Convey("When lookup hashed token should return user auth token not found error", func() {
    46. 

  46. 				LookupToken, err := userAuthTokenService.LookupToken(token.AuthToken)
    47. 

  47. 				So(err, ShouldEqual, ErrAuthTokenNotFound)
    48. 

  48. 				So(LookupToken, ShouldBeNil)
    49. 

  49. 			})
    50. 

  50. 		})
    51. 

  51. 

  52. 		Convey("expires correctly", func() {
    53. 

  53. 			token, err := userAuthTokenService.CreateToken(userID, "192.168.10.11:1234", "some user agent")
    54. 

  54. 			So(err, ShouldBeNil)
    55. 

  55. 			So(token, ShouldNotBeNil)
    56. 

  56. 

  57. 			_, err = userAuthTokenService.LookupToken(token.UnhashedToken)
    58. 

  58. 			So(err, ShouldBeNil)
    59. 

  59. 

  60. 			token, err = ctx.getAuthTokenByID(token.Id)
    61. 

  61. 			So(err, ShouldBeNil)
    62. 

  62. 

  63. 			now = func() time.Time {
    64. 

  64. 				return t.Add(time.Hour)
    65. 

  65. 			}
    66. 

  66. 

  67. 			refreshed, err := userAuthTokenService.RefreshToken(token, "192.168.10.11:1234", "some user agent")
    68. 

  68. 			So(err, ShouldBeNil)
    69. 

  69. 			So(refreshed, ShouldBeTrue)
    70. 

  70. 

  71. 			_, err = userAuthTokenService.LookupToken(token.UnhashedToken)
    72. 

  72. 			So(err, ShouldBeNil)
    73. 

  73. 

  74. 			stillGood, err := userAuthTokenService.LookupToken(token.UnhashedToken)
    75. 

  75. 			So(err, ShouldBeNil)
    76. 

  76. 			So(stillGood, ShouldNotBeNil)
    77. 

  77. 

  78. 			now = func() time.Time {
    79. 

  79. 				return t.Add(24 * 7 * time.Hour)
    80. 

  80. 			}
    81. 

  81. 			notGood, err := userAuthTokenService.LookupToken(token.UnhashedToken)
    82. 

  82. 			So(err, ShouldEqual, ErrAuthTokenNotFound)
    83. 

  83. 			So(notGood, ShouldBeNil)
    84. 

  84. 		})
    85. 

  85. 

  86. 		Convey("can properly rotate tokens", func() {
    87. 

  87. 			token, err := userAuthTokenService.CreateToken(userID, "192.168.10.11:1234", "some user agent")
    88. 

  88. 			So(err, ShouldBeNil)
    89. 

  89. 			So(token, ShouldNotBeNil)
    90. 

  90. 

  91. 			prevToken := token.AuthToken
    92. 

  92. 			unhashedPrev := token.UnhashedToken
    93. 

  93. 

  94. 			refreshed, err := userAuthTokenService.RefreshToken(token, "192.168.10.12:1234", "a new user agent")
    95. 

  95. 			So(err, ShouldBeNil)
    96. 

  96. 			So(refreshed, ShouldBeFalse)
    97. 

  97. 

  98. 			ctx.markAuthTokenAsSeen(token.Id)
    99. 

  99. 			token, err = ctx.getAuthTokenByID(token.Id)
    100. 

  100. 			So(err, ShouldBeNil)
    101. 

  101. 

  102. 			// ability to auth using an old token
    103. 

  103. 			now = func() time.Time {
    104. 

  104. 				return t.Add(time.Hour)
    105. 

  105. 			}
    106. 

  106. 

  107. 			refreshed, err = userAuthTokenService.RefreshToken(token, "192.168.10.12:1234", "a new user agent")
    108. 

  108. 			So(err, ShouldBeNil)
    109. 

  109. 			So(refreshed, ShouldBeTrue)
    110. 

  110. 

  111. 			unhashedToken := token.UnhashedToken
    112. 

  112. 

  113. 			token, err = ctx.getAuthTokenByID(token.Id)
    114. 

  114. 			So(err, ShouldBeNil)
    115. 

  115. 			token.UnhashedToken = unhashedToken
    116. 

  116. 

  117. 			So(token.RotatedAt, ShouldEqual, t.Unix())
    118. 

  118. 			So(token.ClientIp, ShouldEqual, "192.168.10.12")
    119. 

  119. 			So(token.UserAgent, ShouldEqual, "a new user agent")
    120. 

  120. 			So(token.AuthTokenSeen, ShouldBeFalse)
    121. 

  121. 			So(token.SeenAt, ShouldEqual, 0)
    122. 

  122. 			So(token.PrevAuthToken, ShouldEqual, prevToken)
    123. 

  123. 

  124. 			lookedUp, err := userAuthTokenService.LookupToken(token.UnhashedToken)
    125. 

  125. 			So(err, ShouldBeNil)
    126. 

  126. 			So(lookedUp, ShouldNotBeNil)
    127. 

  127. 			So(lookedUp.AuthTokenSeen, ShouldBeTrue)
    128. 

  128. 			So(lookedUp.SeenAt, ShouldEqual, t.Unix())
    129. 

  129. 

  130. 			lookedUp, err = userAuthTokenService.LookupToken(unhashedPrev)
    131. 

  131. 			So(err, ShouldBeNil)
    132. 

  132. 			So(lookedUp, ShouldNotBeNil)
    133. 

  133. 			So(lookedUp.Id, ShouldEqual, token.Id)
    134. 

  134. 

  135. 			now = func() time.Time {
    136. 

  136. 				return t.Add(2 * time.Minute)
    137. 

  137. 			}
    138. 

  138. 

  139. 			lookedUp, err = userAuthTokenService.LookupToken(unhashedPrev)
    140. 

  140. 			So(err, ShouldBeNil)
    141. 

  141. 			So(lookedUp, ShouldNotBeNil)
    142. 

  142. 

  143. 			lookedUp, err = ctx.getAuthTokenByID(lookedUp.Id)
    144. 

  144. 			So(err, ShouldBeNil)
    145. 

  145. 			So(lookedUp, ShouldNotBeNil)
    146. 

  146. 			So(lookedUp.AuthTokenSeen, ShouldBeFalse)
    147. 

  147. 

  148. 			refreshed, err = userAuthTokenService.RefreshToken(token, "192.168.10.12:1234", "a new user agent")
    149. 

  149. 			So(err, ShouldBeNil)
    150. 

  150. 			So(refreshed, ShouldBeTrue)
    151. 

  151. 

  152. 			token, err = ctx.getAuthTokenByID(token.Id)
    153. 

  153. 			So(err, ShouldBeNil)
    154. 

  154. 			So(token, ShouldNotBeNil)
    155. 

  155. 			So(token.SeenAt, ShouldEqual, 0)
    156. 

  156. 		})
    157. 

  157. 

  158. 		Convey("keeps prev token valid for 1 minute after it is confirmed", func() {
    159. 

  159. 

  160. 		})
    161. 

  161. 

  162. 		Convey("will not mark token unseen when prev and current are the same", func() {
    163. 

  163. 

  164. 		})
    165. 

  165. 

  166. 		Reset(func() {
    167. 

  167. 			now = time.Now
    168. 

  168. 		})
    169. 

  169. 	})
    170. 

  170. }
    171. 

  171. 

  172. func createTestContext(t *testing.T) *testContext {
    173. 

  173. 	t.Helper()
    174. 

  174. 

  175. 	sqlstore := sqlstore.InitTestDB(t)
    176. 

  176. 	tokenService := &UserAuthTokenService{
    177. 

  177. 		SQLStore: sqlstore,
    178. 

  178. 		log:      log.New("test-logger"),
    179. 

  179. 	}
    180. 

  180. 

  181. 	RotateTime = 10 * time.Minute
    182. 

  182. 	UrgentRotateTime = time.Minute
    183. 

  183. 	setting.LogInRememberDays = 7
    184. 

  184. 

  185. 	return &testContext{
    186. 

  186. 		sqlstore:     sqlstore,
    187. 

  187. 		tokenService: tokenService,
    188. 

  188. 	}
    189. 

  189. }
    190. 

  190. 

  191. type testContext struct {
    192. 

  192. 	sqlstore     *sqlstore.SqlStore
    193. 

  193. 	tokenService *UserAuthTokenService
    194. 

  194. }
    195. 

  195. 

  196. func (c *testContext) getAuthTokenByID(id int64) (*models.UserAuthToken, error) {
    197. 

  197. 	sess := c.sqlstore.NewSession()
    198. 

  198. 	var t models.UserAuthToken
    199. 

  199. 	found, err := sess.ID(id).Get(&t)
    200. 

  200. 	if err != nil || !found {
    201. 

  201. 		return nil, err
    202. 

  202. 	}
    203. 

  203. 

  204. 	return &t, nil
    205. 

  205. }
    206. 

  206. 

  207. func (c *testContext) markAuthTokenAsSeen(id int64) (bool, error) {
    208. 

  208. 	sess := c.sqlstore.NewSession()
    209. 

  209. 	res, err := sess.Exec("UPDATE user_auth_token SET auth_token_seen = ? WHERE id = ?", c.sqlstore.Dialect.BooleanStr(true), id)
    210. 

  210. 	if err != nil {
    211. 

  211. 		return false, err
    212. 

  212. 	}
    213. 

  213. 

  214. 	rowsAffected, err := res.RowsAffected()
    215. 

  215. 	if err != nil {
    216. 

  216. 		return false, err
    217. 

  217. 	}
    218. 

  218. 	return rowsAffected == 1, nil
    219. 

  219. }
    220.