74 lines
2.0 KiB
Go
74 lines
2.0 KiB
Go
package websocket
|
|
|
|
import (
|
|
"testing"
|
|
"time"
|
|
|
|
"github.com/cortezaproject/corteza-server/pkg/auth"
|
|
"github.com/cortezaproject/corteza-server/pkg/logger"
|
|
"github.com/cortezaproject/corteza-server/pkg/options"
|
|
"github.com/lestrrat-go/jwx/jwa"
|
|
"github.com/stretchr/testify/require"
|
|
"go.uber.org/zap"
|
|
)
|
|
|
|
func TestSession_procRawMessage(t *testing.T) {
|
|
var (
|
|
req = require.New(t)
|
|
s = session{server: Server(nil, options.WebsocketOpt{})}
|
|
|
|
userID uint64 = 123
|
|
token []byte
|
|
|
|
mockResponse = func(token []byte) (out []byte) {
|
|
out = []byte(`{"@type": "credentials", "@value": {"accessToken": "`)
|
|
out = append(out, token...)
|
|
out = append(out, []byte(`"}}`)...)
|
|
return
|
|
}
|
|
)
|
|
|
|
jwtManager, err := auth.NewJWTManager(nil, jwa.HS512, "secret", time.Minute)
|
|
req.NoError(err)
|
|
|
|
if testing.Verbose() {
|
|
s.logger = logger.MakeDebugLogger()
|
|
} else {
|
|
s.logger = zap.NewNop()
|
|
}
|
|
|
|
req.NoError(err)
|
|
|
|
token, err = jwtManager.Sign("access-token", auth.Authenticated(userID, 456, 789), 0, "api")
|
|
req.NoError(err)
|
|
|
|
req.EqualError(s.procRawMessage([]byte("{}")), "unauthenticated session")
|
|
req.Nil(s.identity)
|
|
|
|
req.EqualError(s.procRawMessage(mockResponse(nil)), "unauthorized: failed to parse token: EOF")
|
|
req.Nil(s.identity)
|
|
|
|
req.NoError(s.procRawMessage(mockResponse(token)))
|
|
req.NotNil(s.identity)
|
|
req.Equal(userID, s.identity.Identity())
|
|
|
|
req.EqualError(s.procRawMessage([]byte("{}")), "unknown message type ''")
|
|
req.Equal(userID, s.identity.Identity())
|
|
|
|
// Repeat with the same user
|
|
token, err = jwtManager.Sign("access-token", auth.Authenticated(userID, 456, 789), 0, "api")
|
|
req.NoError(err)
|
|
|
|
req.NoError(s.procRawMessage(mockResponse(token)))
|
|
req.NotNil(s.identity)
|
|
req.Equal(userID, s.identity.Identity())
|
|
|
|
// Try to authenticate on an existing authenticated session as a different user
|
|
token, err = jwtManager.Sign("access-token", auth.Authenticated(userID+1, 456, 789), 0, "api")
|
|
req.NoError(err)
|
|
|
|
req.EqualError(s.procRawMessage(mockResponse(token)), "unauthorized: identity does not match")
|
|
|
|
t.Error("are we actually checking if access token exists?")
|
|
}
|