mirror of
https://github.com/steveiliop56/tinyauth.git
synced 2025-10-27 20:25:41 +00:00
525 lines
11 KiB
Go
525 lines
11 KiB
Go
package server_test
|
|
|
|
import (
|
|
"encoding/json"
|
|
"io"
|
|
"net/http"
|
|
"net/http/httptest"
|
|
"reflect"
|
|
"strings"
|
|
"testing"
|
|
"time"
|
|
"tinyauth/internal/auth"
|
|
"tinyauth/internal/docker"
|
|
"tinyauth/internal/handlers"
|
|
"tinyauth/internal/hooks"
|
|
"tinyauth/internal/providers"
|
|
"tinyauth/internal/server"
|
|
"tinyauth/internal/types"
|
|
|
|
"github.com/magiconair/properties/assert"
|
|
"github.com/pquerna/otp/totp"
|
|
)
|
|
|
|
// Simple server config for tests
|
|
var serverConfig = types.ServerConfig{
|
|
Port: 8080,
|
|
Address: "0.0.0.0",
|
|
}
|
|
|
|
// Simple handlers config for tests
|
|
var handlersConfig = types.HandlersConfig{
|
|
AppURL: "http://localhost:8080",
|
|
Domain: "localhost",
|
|
DisableContinue: false,
|
|
CookieSecure: false,
|
|
Title: "Tinyauth",
|
|
GenericName: "Generic",
|
|
ForgotPasswordMessage: "Message",
|
|
CsrfCookieName: "tinyauth-csrf",
|
|
RedirectCookieName: "tinyauth-redirect",
|
|
BackgroundImage: "https://example.com/image.png",
|
|
OAuthAutoRedirect: "none",
|
|
}
|
|
|
|
// Simple auth config for tests
|
|
var authConfig = types.AuthConfig{
|
|
Users: types.Users{},
|
|
OauthWhitelist: "",
|
|
HMACSecret: "4bZ9K.*:;zH=,9zG!meUxu.B5-S[7.V.", // Complex on purpose
|
|
EncryptionSecret: "\\:!R(u[Sbv6ZLm.7es)H|OqH4y}0u\\rj",
|
|
CookieSecure: false,
|
|
SessionExpiry: 3600,
|
|
LoginTimeout: 0,
|
|
LoginMaxRetries: 0,
|
|
SessionCookieName: "tinyauth-session",
|
|
Domain: "localhost",
|
|
}
|
|
|
|
// Simple hooks config for tests
|
|
var hooksConfig = types.HooksConfig{
|
|
Domain: "localhost",
|
|
}
|
|
|
|
// Cookie
|
|
var cookie = "MTc1MTkyMzM5MnxiME9aTzlGQjZMNEJMdDZMc0lHMk9zcXQyME9SR1ZnUmlaYWZNcWplek5vcVNpdkdHRTZqb09YWkVUYUN6NEt4MkEyOGEyX2hFQWZEUEYtbllDX0h5eDBCb3VyT2phQlRpZWFfRFdTMGw2WUg2VWw4RGdNbEhQclotOUJjblJGaWFQcmhyaWFna0dXRWNud2c1akg5eEpLZ3JzS0pfWktscVZyckZFR1VDX0R5QjFOT0hzMTNKb18ySEMxZlluSWNxa1ByM0VhSzNyMkRtdDNORWJXVGFYSnMzWjFGa0lrZlhSTWduRmttMHhQUXN4UFhNbHFXY0lBWjBnUWpKU0xXMHRubjlKbjV0LXBGdjk0MmpJX0xMX1ZYblVJVW9LWUJoWmpNanVXNkNjamhYWlR2V29rY0RNYWkxY2lMQnpqLUI2cHMyYTZkWWgtWnlFdGN0amh2WURUeUNGT3ZLS1FJVUFIb0NWR1RPMlRtY2c9PXwerwFtb9urOXnwA02qXbLeorMloaK_paQd0in4BAesmg=="
|
|
|
|
// User
|
|
var user = types.User{
|
|
Username: "user",
|
|
Password: "$2a$10$AvGHLTYv3xiRJ0xV9xs3XeVIlkGTygI9nqIamFYB5Xu.5.0UWF7B6", // pass
|
|
}
|
|
|
|
// Initialize the server for tests
|
|
func getServer(t *testing.T) *server.Server {
|
|
// Create docker service
|
|
docker, err := docker.NewDocker()
|
|
|
|
if err != nil {
|
|
t.Fatalf("Failed to initialize docker: %v", err)
|
|
}
|
|
|
|
// Create auth service
|
|
authConfig.Users = types.Users{
|
|
{
|
|
Username: user.Username,
|
|
Password: user.Password,
|
|
TotpSecret: user.TotpSecret,
|
|
},
|
|
}
|
|
auth := auth.NewAuth(authConfig, docker, nil)
|
|
|
|
// Create providers service
|
|
providers := providers.NewProviders(types.OAuthConfig{})
|
|
|
|
// Create hooks service
|
|
hooks := hooks.NewHooks(hooksConfig, auth, providers)
|
|
|
|
// Create handlers service
|
|
handlers := handlers.NewHandlers(handlersConfig, auth, hooks, providers, docker)
|
|
|
|
// Create server
|
|
srv, err := server.NewServer(serverConfig, handlers)
|
|
|
|
if err != nil {
|
|
t.Fatalf("Failed to create server: %v", err)
|
|
}
|
|
|
|
// Return the server
|
|
return srv
|
|
}
|
|
|
|
// Test login
|
|
func TestLogin(t *testing.T) {
|
|
t.Log("Testing login")
|
|
|
|
// Get server
|
|
srv := getServer(t)
|
|
|
|
// Create recorder
|
|
recorder := httptest.NewRecorder()
|
|
|
|
// Create request
|
|
user := types.LoginRequest{
|
|
Username: "user",
|
|
Password: "pass",
|
|
}
|
|
|
|
json, err := json.Marshal(user)
|
|
|
|
// Check if there was an error
|
|
if err != nil {
|
|
t.Fatalf("Error marshalling json: %v", err)
|
|
}
|
|
|
|
// Create request
|
|
req, err := http.NewRequest("POST", "/api/login", strings.NewReader(string(json)))
|
|
|
|
// Check if there was an error
|
|
if err != nil {
|
|
t.Fatalf("Error creating request: %v", err)
|
|
}
|
|
|
|
// Serve the request
|
|
srv.Router.ServeHTTP(recorder, req)
|
|
|
|
// Assert
|
|
assert.Equal(t, recorder.Code, http.StatusOK)
|
|
|
|
// Get the result cookie
|
|
cookies := recorder.Result().Cookies()
|
|
|
|
// Check if the cookie is set
|
|
if len(cookies) == 0 {
|
|
t.Fatalf("Cookie not set")
|
|
}
|
|
|
|
// Set the cookie for further tests
|
|
cookie = cookies[0].Value
|
|
}
|
|
|
|
// Test app context
|
|
func TestAppContext(t *testing.T) {
|
|
t.Log("Testing app context")
|
|
|
|
// Get server
|
|
srv := getServer(t)
|
|
|
|
// Create recorder
|
|
recorder := httptest.NewRecorder()
|
|
|
|
// Create request
|
|
req, err := http.NewRequest("GET", "/api/app", nil)
|
|
|
|
// Check if there was an error
|
|
if err != nil {
|
|
t.Fatalf("Error creating request: %v", err)
|
|
}
|
|
|
|
// Set the cookie
|
|
req.AddCookie(&http.Cookie{
|
|
Name: "tinyauth",
|
|
Value: cookie,
|
|
})
|
|
|
|
// Serve the request
|
|
srv.Router.ServeHTTP(recorder, req)
|
|
|
|
// Assert
|
|
assert.Equal(t, recorder.Code, http.StatusOK)
|
|
|
|
// Read the body of the response
|
|
body, err := io.ReadAll(recorder.Body)
|
|
|
|
// Check if there was an error
|
|
if err != nil {
|
|
t.Fatalf("Error getting body: %v", err)
|
|
}
|
|
|
|
// Unmarshal the body into the user struct
|
|
var app types.AppContext
|
|
|
|
err = json.Unmarshal(body, &app)
|
|
|
|
// Check if there was an error
|
|
if err != nil {
|
|
t.Fatalf("Error unmarshalling body: %v", err)
|
|
}
|
|
|
|
// Create tests values
|
|
expected := types.AppContext{
|
|
Status: 200,
|
|
Message: "OK",
|
|
ConfiguredProviders: []string{"username"},
|
|
DisableContinue: false,
|
|
Title: "Tinyauth",
|
|
GenericName: "Generic",
|
|
ForgotPasswordMessage: "Message",
|
|
BackgroundImage: "https://example.com/image.png",
|
|
OAuthAutoRedirect: "none",
|
|
Domain: "localhost",
|
|
Version: "development",
|
|
BuildTimestamp: "n/a",
|
|
CommitHash: "n/a",
|
|
}
|
|
|
|
// We should get the username back
|
|
if !reflect.DeepEqual(app, expected) {
|
|
t.Fatalf("Expected %v, got %v", expected, app)
|
|
}
|
|
}
|
|
|
|
// Test user context
|
|
func TestUserContext(t *testing.T) {
|
|
// Refresh the cookie
|
|
TestLogin(t)
|
|
|
|
t.Log("Testing user context")
|
|
|
|
// Get server
|
|
srv := getServer(t)
|
|
|
|
// Create recorder
|
|
recorder := httptest.NewRecorder()
|
|
|
|
// Create request
|
|
req, err := http.NewRequest("GET", "/api/user", nil)
|
|
|
|
// Check if there was an error
|
|
if err != nil {
|
|
t.Fatalf("Error creating request: %v", err)
|
|
}
|
|
|
|
// Set the cookie
|
|
req.AddCookie(&http.Cookie{
|
|
Name: "tinyauth-session",
|
|
Value: cookie,
|
|
})
|
|
|
|
// Serve the request
|
|
srv.Router.ServeHTTP(recorder, req)
|
|
|
|
// Assert
|
|
assert.Equal(t, recorder.Code, http.StatusOK)
|
|
|
|
// Read the body of the response
|
|
body, err := io.ReadAll(recorder.Body)
|
|
|
|
// Check if there was an error
|
|
if err != nil {
|
|
t.Fatalf("Error getting body: %v", err)
|
|
}
|
|
|
|
// Unmarshal the body into the user struct
|
|
type User struct {
|
|
Username string `json:"username"`
|
|
}
|
|
|
|
var user User
|
|
|
|
err = json.Unmarshal(body, &user)
|
|
|
|
// Check if there was an error
|
|
if err != nil {
|
|
t.Fatalf("Error unmarshalling body: %v", err)
|
|
}
|
|
|
|
// We should get the username back
|
|
if user.Username != "user" {
|
|
t.Fatalf("Expected user, got %s", user.Username)
|
|
}
|
|
}
|
|
|
|
// Test logout
|
|
func TestLogout(t *testing.T) {
|
|
// Refresh the cookie
|
|
TestLogin(t)
|
|
|
|
t.Log("Testing logout")
|
|
|
|
// Get server
|
|
srv := getServer(t)
|
|
|
|
// Create recorder
|
|
recorder := httptest.NewRecorder()
|
|
|
|
// Create request
|
|
req, err := http.NewRequest("POST", "/api/logout", nil)
|
|
|
|
// Check if there was an error
|
|
if err != nil {
|
|
t.Fatalf("Error creating request: %v", err)
|
|
}
|
|
|
|
// Set the cookie
|
|
req.AddCookie(&http.Cookie{
|
|
Name: "tinyauth-session",
|
|
Value: cookie,
|
|
})
|
|
|
|
// Serve the request
|
|
srv.Router.ServeHTTP(recorder, req)
|
|
|
|
// Assert
|
|
assert.Equal(t, recorder.Code, http.StatusOK)
|
|
|
|
// Check if the cookie is different (means the cookie is gone)
|
|
if recorder.Result().Cookies()[0].Value == cookie {
|
|
t.Fatalf("Cookie not flushed")
|
|
}
|
|
}
|
|
|
|
// Test auth endpoint
|
|
func TestAuth(t *testing.T) {
|
|
// Refresh the cookie
|
|
TestLogin(t)
|
|
|
|
t.Log("Testing auth endpoint")
|
|
|
|
// Get server
|
|
srv := getServer(t)
|
|
|
|
// Create recorder
|
|
recorder := httptest.NewRecorder()
|
|
|
|
// Create request
|
|
req, err := http.NewRequest("GET", "/api/auth/traefik", nil)
|
|
|
|
// Set the accept header
|
|
req.Header.Set("Accept", "text/html")
|
|
|
|
// Check if there was an error
|
|
if err != nil {
|
|
t.Fatalf("Error creating request: %v", err)
|
|
}
|
|
|
|
// Serve the request
|
|
srv.Router.ServeHTTP(recorder, req)
|
|
|
|
// Assert
|
|
assert.Equal(t, recorder.Code, http.StatusTemporaryRedirect)
|
|
|
|
// Recreate recorder
|
|
recorder = httptest.NewRecorder()
|
|
|
|
// Recreate the request
|
|
req, err = http.NewRequest("GET", "/api/auth/traefik", nil)
|
|
|
|
// Check if there was an error
|
|
if err != nil {
|
|
t.Fatalf("Error creating request: %v", err)
|
|
}
|
|
|
|
// Test with the cookie
|
|
req.AddCookie(&http.Cookie{
|
|
Name: "tinyauth-session",
|
|
Value: cookie,
|
|
})
|
|
|
|
// Serve the request again
|
|
srv.Router.ServeHTTP(recorder, req)
|
|
|
|
// Assert
|
|
assert.Equal(t, recorder.Code, http.StatusOK)
|
|
|
|
// Recreate recorder
|
|
recorder = httptest.NewRecorder()
|
|
|
|
// Recreate the request
|
|
req, err = http.NewRequest("GET", "/api/auth/nginx", nil)
|
|
|
|
// Check if there was an error
|
|
if err != nil {
|
|
t.Fatalf("Error creating request: %v", err)
|
|
}
|
|
|
|
// Serve the request again
|
|
srv.Router.ServeHTTP(recorder, req)
|
|
|
|
// Assert
|
|
assert.Equal(t, recorder.Code, http.StatusUnauthorized)
|
|
|
|
// Recreate recorder
|
|
recorder = httptest.NewRecorder()
|
|
|
|
// Recreate the request
|
|
req, err = http.NewRequest("GET", "/api/auth/nginx", nil)
|
|
|
|
// Check if there was an error
|
|
if err != nil {
|
|
t.Fatalf("Error creating request: %v", err)
|
|
}
|
|
|
|
// Test with the cookie
|
|
req.AddCookie(&http.Cookie{
|
|
Name: "tinyauth-session",
|
|
Value: cookie,
|
|
})
|
|
|
|
// Serve the request again
|
|
srv.Router.ServeHTTP(recorder, req)
|
|
|
|
// Assert
|
|
assert.Equal(t, recorder.Code, http.StatusOK)
|
|
}
|
|
|
|
func TestTOTP(t *testing.T) {
|
|
t.Log("Testing TOTP")
|
|
|
|
// Generate totp secret
|
|
key, err := totp.Generate(totp.GenerateOpts{
|
|
Issuer: "Tinyauth",
|
|
AccountName: user.Username,
|
|
})
|
|
|
|
if err != nil {
|
|
t.Fatalf("Failed to generate TOTP secret: %v", err)
|
|
}
|
|
|
|
// Create secret
|
|
secret := key.Secret()
|
|
|
|
// Set the user's TOTP secret
|
|
user.TotpSecret = secret
|
|
|
|
// Get server
|
|
srv := getServer(t)
|
|
|
|
// Create request
|
|
user := types.LoginRequest{
|
|
Username: "user",
|
|
Password: "pass",
|
|
}
|
|
|
|
loginJson, err := json.Marshal(user)
|
|
|
|
// Check if there was an error
|
|
if err != nil {
|
|
t.Fatalf("Error marshalling json: %v", err)
|
|
}
|
|
|
|
// Create recorder
|
|
recorder := httptest.NewRecorder()
|
|
|
|
// Create request
|
|
req, err := http.NewRequest("POST", "/api/login", strings.NewReader(string(loginJson)))
|
|
|
|
// Check if there was an error
|
|
if err != nil {
|
|
t.Fatalf("Error creating request: %v", err)
|
|
}
|
|
|
|
// Serve the request
|
|
srv.Router.ServeHTTP(recorder, req)
|
|
|
|
// Assert
|
|
assert.Equal(t, recorder.Code, http.StatusOK)
|
|
|
|
// Set the cookie for next test
|
|
cookie = recorder.Result().Cookies()[0].Value
|
|
|
|
// Create TOTP code
|
|
code, err := totp.GenerateCode(secret, time.Now())
|
|
|
|
// Check if there was an error
|
|
if err != nil {
|
|
t.Fatalf("Failed to generate TOTP code: %v", err)
|
|
}
|
|
|
|
// Create TOTP request
|
|
totpRequest := types.TotpRequest{
|
|
Code: code,
|
|
}
|
|
|
|
// Marshal the TOTP request
|
|
totpJson, err := json.Marshal(totpRequest)
|
|
|
|
// Check if there was an error
|
|
if err != nil {
|
|
t.Fatalf("Error marshalling TOTP request: %v", err)
|
|
}
|
|
|
|
// Create recorder
|
|
recorder = httptest.NewRecorder()
|
|
|
|
// Create request
|
|
req, err = http.NewRequest("POST", "/api/totp", strings.NewReader(string(totpJson)))
|
|
|
|
// Check if there was an error
|
|
if err != nil {
|
|
t.Fatalf("Error creating request: %v", err)
|
|
}
|
|
|
|
// Set the cookie
|
|
req.AddCookie(&http.Cookie{
|
|
Name: "tinyauth-session",
|
|
Value: cookie,
|
|
})
|
|
|
|
// Serve the request
|
|
srv.Router.ServeHTTP(recorder, req)
|
|
|
|
// Assert
|
|
assert.Equal(t, recorder.Code, http.StatusOK)
|
|
}
|