diff options
Diffstat (limited to 'server/handlers_test.go')
| -rw-r--r-- | server/handlers_test.go | 54 |
1 files changed, 33 insertions, 21 deletions
diff --git a/server/handlers_test.go b/server/handlers_test.go index 6dc2236..44024ac 100644 --- a/server/handlers_test.go +++ b/server/handlers_test.go @@ -15,6 +15,7 @@ import ( "golang.org/x/crypto/ssh" "golang.org/x/oauth2" + "github.com/gorilla/mux" "github.com/gorilla/sessions" "github.com/nsheridan/cashier/lib" "github.com/nsheridan/cashier/server/auth/testprovider" @@ -25,28 +26,33 @@ import ( "github.com/stripe/krl" ) -var ctx *appContext +var a *app func init() { f, _ := ioutil.TempFile(os.TempDir(), "signing_key_") defer os.Remove(f.Name()) f.Write(testdata.Priv) f.Close() - keysigner, _ = signer.New(&config.SSH{ + keysigner, _ := signer.New(&config.SSH{ SigningKey: f.Name(), - MaxAge: "1h", + MaxAge: "4h", }) - authprovider = testprovider.New() - certstore, _ = store.New(map[string]string{"type": "mem"}) - ctx = &appContext{ - cookiestore: sessions.NewCookieStore([]byte("secret")), + certstore, _ := store.New(map[string]string{"type": "mem"}) + a = &app{ + cookiestore: sessions.NewCookieStore([]byte("secret")), + authprovider: testprovider.New(), + keysigner: keysigner, + certstore: certstore, + router: mux.NewRouter(), + config: &config.Server{CSRFSecret: "0123456789abcdef"}, } + a.routes() } func TestLoginHandler(t *testing.T) { req, _ := http.NewRequest("GET", "/auth/login", nil) resp := httptest.NewRecorder() - loginHandler(ctx, resp, req) + a.router.ServeHTTP(resp, req) if resp.Code != http.StatusFound && resp.Header().Get("Location") != "https://www.example.com/auth" { t.Error("Unexpected response") } @@ -56,10 +62,11 @@ func TestCallbackHandler(t *testing.T) { req, _ := http.NewRequest("GET", "/auth/callback", nil) req.Form = url.Values{"state": []string{"state"}, "code": []string{"abcdef"}} resp := httptest.NewRecorder() - ctx.setAuthStateCookie(resp, req, "state") - callbackHandler(ctx, resp, req) + a.setSessionVariable(resp, req, "state", "state") + req.Header.Add("Cookie", resp.HeaderMap["Set-Cookie"][0]) + a.router.ServeHTTP(resp, req) if resp.Code != http.StatusFound && resp.Header().Get("Location") != "/" { - t.Error("Unexpected response") + t.Errorf("Response: %d\nHeaders: %v", resp.Code, resp.Header()) } } @@ -70,8 +77,9 @@ func TestRootHandler(t *testing.T) { AccessToken: "XXX_TEST_TOKEN_STRING_XXX", Expiry: time.Now().Add(1 * time.Hour), } - ctx.setAuthTokenCookie(resp, req, tok) - rootHandler(ctx, resp, req) + a.setAuthToken(resp, req, tok) + req.Header.Add("Cookie", resp.HeaderMap["Set-Cookie"][0]) + a.router.ServeHTTP(resp, req) if resp.Code != http.StatusOK && !strings.Contains(resp.Body.String(), "XXX_TEST_TOKEN_STRING_XXX") { t.Error("Unable to find token in response") } @@ -80,7 +88,7 @@ func TestRootHandler(t *testing.T) { func TestRootHandlerNoSession(t *testing.T) { req, _ := http.NewRequest("GET", "/", nil) resp := httptest.NewRecorder() - rootHandler(ctx, resp, req) + a.router.ServeHTTP(resp, req) if resp.Code != http.StatusSeeOther { t.Errorf("Unexpected status: %s, wanted %s", http.StatusText(resp.Code), http.StatusText(http.StatusSeeOther)) } @@ -89,12 +97,12 @@ func TestRootHandlerNoSession(t *testing.T) { func TestSignRevoke(t *testing.T) { s, _ := json.Marshal(&lib.SignRequest{ Key: string(testdata.Pub), - ValidUntil: time.Now().UTC().Add(1 * time.Hour), + ValidUntil: time.Now().UTC().Add(4 * time.Hour), }) req, _ := http.NewRequest("POST", "/sign", bytes.NewReader(s)) resp := httptest.NewRecorder() req.Header.Set("Authorization", "Bearer abcdef") - signHandler(ctx, resp, req) + a.router.ServeHTTP(resp, req) if resp.Code != http.StatusOK { t.Error("Unexpected response") } @@ -114,18 +122,22 @@ func TestSignRevoke(t *testing.T) { t.Error("Did not receive a certificate") } // Revoke the cert and verify - req, _ = http.NewRequest("POST", "/revoke", nil) + req, _ = http.NewRequest("POST", "/admin/revoke", nil) req.Form = url.Values{"cert_id": []string{cert.KeyId}} tok := &oauth2.Token{ AccessToken: "authenticated", Expiry: time.Now().Add(1 * time.Hour), } - ctx.setAuthTokenCookie(resp, req, tok) - revokeCertHandler(ctx, resp, req) + a.certstore.Revoke([]string{cert.KeyId}) + a.setAuthToken(resp, req, tok) + a.router.ServeHTTP(resp, req) req, _ = http.NewRequest("GET", "/revoked", nil) - listRevokedCertsHandler(ctx, resp, req) + a.router.ServeHTTP(resp, req) revoked, _ := ioutil.ReadAll(resp.Body) - rl, _ := krl.ParseKRL(revoked) + rl, err := krl.ParseKRL(revoked) + if err != nil { + t.Fail() + } if !rl.IsRevoked(cert) { t.Errorf("cert %s was not revoked", cert.KeyId) } |