Inicio Explorar Axuda
Rexistro Iniciar sesión
oscarleiva
/
energylink
1
0
Fork 0
Ficheiros Incidencias 0 Pull Requests 0 Wiki
Árbore: 8764fb5aa6
Ramas Etiquetas
energylink
/
pkg
/
services
/
auth
/
auth_token_test.go

auth_token_test.go 5.7 KB
Histórico Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206 
  1. package auth
    2. 

  2. 

  3. import (
    4. 

  4. 	"testing"
    5. 

  5. 	"time"
    6. 

  6. 

  7. 	"github.com/grafana/grafana/pkg/log"
    8. 

  8. 	"github.com/grafana/grafana/pkg/services/sqlstore"
    9. 

  9. 	. "github.com/smartystreets/goconvey/convey"
    10. 

  10. )
    11. 

  11. 

  12. func TestUserAuthToken(t *testing.T) {
    13. 

  13. 	Convey("Test user auth token", t, func() {
    14. 

  14. 		ctx := createTestContext(t)
    15. 

  15. 		userAuthTokenService := ctx.tokenService
    16. 

  16. 		userID := int64(10)
    17. 

  17. 

  18. 		t := time.Date(2018, 12, 13, 13, 45, 0, 0, time.UTC)
    19. 

  19. 		now = func() time.Time {
    20. 

  20. 			return t
    21. 

  21. 		}
    22. 

  22. 

  23. 		Convey("When creating token", func() {
    24. 

  24. 			token, err := userAuthTokenService.CreateToken(userID, "192.168.10.11:1234", "some user agent")
    25. 

  25. 			So(err, ShouldBeNil)
    26. 

  26. 			So(token, ShouldNotBeNil)
    27. 

  27. 			So(token.AuthTokenSeen, ShouldBeFalse)
    28. 

  28. 

  29. 			Convey("When lookup unhashed token should return user auth token", func() {
    30. 

  30. 				lookupToken, err := userAuthTokenService.lookupToken(token.unhashedToken)
    31. 

  31. 				So(err, ShouldBeNil)
    32. 

  32. 				So(lookupToken, ShouldNotBeNil)
    33. 

  33. 				So(lookupToken.UserId, ShouldEqual, userID)
    34. 

  34. 				So(lookupToken.AuthTokenSeen, ShouldBeTrue)
    35. 

  35. 

  36. 				storedAuthToken, err := ctx.getAuthTokenByID(lookupToken.Id)
    37. 

  37. 				So(err, ShouldBeNil)
    38. 

  38. 				So(storedAuthToken, ShouldNotBeNil)
    39. 

  39. 				So(storedAuthToken.AuthTokenSeen, ShouldBeTrue)
    40. 

  40. 			})
    41. 

  41. 

  42. 			Convey("When lookup hashed token should return user auth token not found error", func() {
    43. 

  43. 				lookupToken, err := userAuthTokenService.lookupToken(token.AuthToken)
    44. 

  44. 				So(err, ShouldEqual, ErrAuthTokenNotFound)
    45. 

  45. 				So(lookupToken, ShouldBeNil)
    46. 

  46. 			})
    47. 

  47. 		})
    48. 

  48. 

  49. 		Convey("expires correctly", func() {
    50. 

  50. 			token, err := userAuthTokenService.CreateToken(userID, "192.168.10.11:1234", "some user agent")
    51. 

  51. 			So(err, ShouldBeNil)
    52. 

  52. 			So(token, ShouldNotBeNil)
    53. 

  53. 

  54. 			_, err = userAuthTokenService.lookupToken(token.unhashedToken)
    55. 

  55. 			So(err, ShouldBeNil)
    56. 

  56. 

  57. 			token, err = ctx.getAuthTokenByID(token.Id)
    58. 

  58. 			So(err, ShouldBeNil)
    59. 

  59. 

  60. 			// set now (now - 23 hours)
    61. 

  61. 			_, err = userAuthTokenService.refreshToken(token, "192.168.10.11:1234", "some user agent")
    62. 

  62. 			So(err, ShouldBeNil)
    63. 

  63. 

  64. 			_, err = userAuthTokenService.lookupToken(token.unhashedToken)
    65. 

  65. 			So(err, ShouldBeNil)
    66. 

  66. 

  67. 			stillGood, err := userAuthTokenService.lookupToken(token.unhashedToken)
    68. 

  68. 			So(err, ShouldBeNil)
    69. 

  69. 			So(stillGood, ShouldNotBeNil)
    70. 

  70. 

  71. 			// set now (new - 2 hours)
    72. 

  72. 			notGood, err := userAuthTokenService.lookupToken(token.unhashedToken)
    73. 

  73. 			So(err, ShouldEqual, ErrAuthTokenNotFound)
    74. 

  74. 			So(notGood, ShouldBeNil)
    75. 

  75. 		})
    76. 

  76. 

  77. 		Convey("can properly rotate tokens", func() {
    78. 

  78. 			token, err := userAuthTokenService.CreateToken(userID, "192.168.10.11:1234", "some user agent")
    79. 

  79. 			So(err, ShouldBeNil)
    80. 

  80. 			So(token, ShouldNotBeNil)
    81. 

  81. 

  82. 			prevToken := token.AuthToken
    83. 

  83. 			unhashedPrev := token.unhashedToken
    84. 

  84. 

  85. 			refreshed, err := userAuthTokenService.refreshToken(token, "192.168.10.12:1234", "a new user agent")
    86. 

  86. 			So(err, ShouldBeNil)
    87. 

  87. 			So(refreshed, ShouldBeFalse)
    88. 

  88. 

  89. 			ctx.markAuthTokenAsSeen(token.Id)
    90. 

  90. 			token, err = ctx.getAuthTokenByID(token.Id)
    91. 

  91. 			So(err, ShouldBeNil)
    92. 

  92. 

  93. 			// ability to auth using an old token
    94. 

  94. 			now = func() time.Time {
    95. 

  95. 				return t
    96. 

  96. 			}
    97. 

  97. 

  98. 			refreshed, err = userAuthTokenService.refreshToken(token, "192.168.10.12:1234", "a new user agent")
    99. 

  99. 			So(err, ShouldBeNil)
    100. 

  100. 			So(refreshed, ShouldBeTrue)
    101. 

  101. 

  102. 			unhashedToken := token.unhashedToken
    103. 

  103. 

  104. 			token, err = ctx.getAuthTokenByID(token.Id)
    105. 

  105. 			So(err, ShouldBeNil)
    106. 

  106. 			token.unhashedToken = unhashedToken
    107. 

  107. 

  108. 			So(token.RotatedAt, ShouldEqual, t.Unix())
    109. 

  109. 			So(token.ClientIp, ShouldEqual, "192.168.10.12")
    110. 

  110. 			So(token.UserAgent, ShouldEqual, "a new user agent")
    111. 

  111. 			So(token.AuthTokenSeen, ShouldBeFalse)
    112. 

  112. 			So(token.SeenAt, ShouldEqual, 0)
    113. 

  113. 			So(token.PrevAuthToken, ShouldEqual, prevToken)
    114. 

  114. 

  115. 			lookedUp, err := userAuthTokenService.lookupToken(token.unhashedToken)
    116. 

  116. 			So(err, ShouldBeNil)
    117. 

  117. 			So(lookedUp, ShouldNotBeNil)
    118. 

  118. 			So(lookedUp.AuthTokenSeen, ShouldBeTrue)
    119. 

  119. 			So(lookedUp.SeenAt, ShouldEqual, t.Unix())
    120. 

  120. 

  121. 			lookedUp, err = userAuthTokenService.lookupToken(unhashedPrev)
    122. 

  122. 			So(err, ShouldBeNil)
    123. 

  123. 			So(lookedUp, ShouldNotBeNil)
    124. 

  124. 			So(lookedUp.Id, ShouldEqual, token.Id)
    125. 

  125. 

  126. 			now = func() time.Time {
    127. 

  127. 				return t.Add(2 * time.Minute)
    128. 

  128. 			}
    129. 

  129. 

  130. 			lookedUp, err = userAuthTokenService.lookupToken(unhashedPrev)
    131. 

  131. 			So(err, ShouldBeNil)
    132. 

  132. 			So(lookedUp, ShouldNotBeNil)
    133. 

  133. 

  134. 			lookedUp, err = ctx.getAuthTokenByID(lookedUp.Id)
    135. 

  135. 			So(err, ShouldBeNil)
    136. 

  136. 			So(lookedUp, ShouldNotBeNil)
    137. 

  137. 			So(lookedUp.AuthTokenSeen, ShouldBeFalse)
    138. 

  138. 

  139. 			refreshed, err = userAuthTokenService.refreshToken(token, "192.168.10.12:1234", "a new user agent")
    140. 

  140. 			So(err, ShouldBeNil)
    141. 

  141. 			So(refreshed, ShouldBeTrue)
    142. 

  142. 

  143. 			token, err = ctx.getAuthTokenByID(token.Id)
    144. 

  144. 			So(err, ShouldBeNil)
    145. 

  145. 			So(token, ShouldNotBeNil)
    146. 

  146. 			So(token.SeenAt, ShouldEqual, 0)
    147. 

  147. 		})
    148. 

  148. 

  149. 		Convey("keeps prev token valid for 1 minute after it is confirmed", func() {
    150. 

  150. 

  151. 		})
    152. 

  152. 

  153. 		Convey("will not mark token unseen when prev and current are the same", func() {
    154. 

  154. 

  155. 		})
    156. 

  156. 

  157. 		Reset(func() {
    158. 

  158. 			now = time.Now
    159. 

  159. 		})
    160. 

  160. 	})
    161. 

  161. }
    162. 

  162. 

  163. func createTestContext(t *testing.T) *testContext {
    164. 

  164. 	t.Helper()
    165. 

  165. 

  166. 	sqlstore := sqlstore.InitTestDB(t)
    167. 

  167. 	tokenService := &UserAuthTokenService{
    168. 

  168. 		SQLStore: sqlstore,
    169. 

  169. 		log:      log.New("test-logger"),
    170. 

  170. 	}
    171. 

  171. 

  172. 	return &testContext{
    173. 

  173. 		sqlstore:     sqlstore,
    174. 

  174. 		tokenService: tokenService,
    175. 

  175. 	}
    176. 

  176. }
    177. 

  177. 

  178. type testContext struct {
    179. 

  179. 	sqlstore     *sqlstore.SqlStore
    180. 

  180. 	tokenService *UserAuthTokenService
    181. 

  181. }
    182. 

  182. 

  183. func (c *testContext) getAuthTokenByID(id int64) (*userAuthToken, error) {
    184. 

  184. 	sess := c.sqlstore.NewSession()
    185. 

  185. 	var t userAuthToken
    186. 

  186. 	found, err := sess.ID(id).Get(&t)
    187. 

  187. 	if err != nil || !found {
    188. 

  188. 		return nil, err
    189. 

  189. 	}
    190. 

  190. 

  191. 	return &t, nil
    192. 

  192. }
    193. 

  193. 

  194. func (c *testContext) markAuthTokenAsSeen(id int64) (bool, error) {
    195. 

  195. 	sess := c.sqlstore.NewSession()
    196. 

  196. 	res, err := sess.Exec("UPDATE user_auth_token SET auth_token_seen = ? WHERE id = ?", c.sqlstore.Dialect.BooleanStr(true), id)
    197. 

  197. 	if err != nil {
    198. 

  198. 		return false, err
    199. 

  199. 	}
    200. 

  200. 

  201. 	rowsAffected, err := res.RowsAffected()
    202. 

  202. 	if err != nil {
    203. 

  203. 		return false, err
    204. 

  204. 	}
    205. 

  205. 	return rowsAffected == 1, nil
    206. 

  206. }
    207.