From 49f40a952943f26494d6407dc608b50b2ec0df7f Mon Sep 17 00:00:00 2001
From: Niall Sheridan <nsheridan@gmail.com>
Date: Sun, 10 Jul 2016 22:35:13 +0100
Subject: Add some handlers tests

---
 cmd/cashierd/handlers_test.go | 139 ++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 139 insertions(+)
 create mode 100644 cmd/cashierd/handlers_test.go

(limited to 'cmd/cashierd/handlers_test.go')

diff --git a/cmd/cashierd/handlers_test.go b/cmd/cashierd/handlers_test.go
new file mode 100644
index 0000000..a214dfd
--- /dev/null
+++ b/cmd/cashierd/handlers_test.go
@@ -0,0 +1,139 @@
+package main
+
+import (
+	"bytes"
+	"encoding/json"
+	"io/ioutil"
+	"net/http"
+	"net/http/httptest"
+	"net/url"
+	"os"
+	"strings"
+	"testing"
+	"time"
+
+	"golang.org/x/crypto/ssh"
+	"golang.org/x/oauth2"
+
+	"github.com/gorilla/sessions"
+	"github.com/nsheridan/cashier/lib"
+	"github.com/nsheridan/cashier/server/auth"
+	"github.com/nsheridan/cashier/server/auth/testprovider"
+	"github.com/nsheridan/cashier/server/config"
+	"github.com/nsheridan/cashier/server/signer"
+	"github.com/nsheridan/cashier/server/store"
+	"github.com/nsheridan/cashier/testdata"
+)
+
+func newContext(t *testing.T) *appContext {
+	f, err := ioutil.TempFile(os.TempDir(), "signing_key_")
+	if err != nil {
+		t.Error(err)
+	}
+	defer os.Remove(f.Name())
+	f.Write(testdata.Priv)
+	f.Close()
+	signer, err := signer.New(&config.SSH{
+		SigningKey: f.Name(),
+		MaxAge:     "1h",
+	})
+	if err != nil {
+		t.Error(err)
+	}
+	return &appContext{
+		cookiestore:  sessions.NewCookieStore([]byte("secret")),
+		authprovider: testprovider.New(),
+		certstore:    store.NewMemoryStore(),
+		authsession:  &auth.Session{AuthURL: "https://www.example.com/auth"},
+		sshKeySigner: signer,
+	}
+}
+
+func TestLoginHandler(t *testing.T) {
+	req, _ := http.NewRequest("GET", "/auth/login", nil)
+	resp := httptest.NewRecorder()
+	loginHandler(newContext(t), resp, req)
+	if resp.Code != http.StatusFound && resp.Header().Get("Location") != "https://www.example.com/auth" {
+		t.Error("Unexpected response")
+	}
+}
+
+func TestCallbackHandler(t *testing.T) {
+	req, _ := http.NewRequest("GET", "/auth/callback", nil)
+	req.Form = url.Values{"state": []string{"state"}, "code": []string{"abcdef"}}
+	resp := httptest.NewRecorder()
+	ctx := newContext(t)
+	ctx.setAuthStateCookie(resp, req, "state")
+	callbackHandler(ctx, resp, req)
+	if resp.Code != http.StatusFound && resp.Header().Get("Location") != "/" {
+		t.Error("Unexpected response")
+	}
+}
+
+func TestRootHandler(t *testing.T) {
+	req, _ := http.NewRequest("GET", "/", nil)
+	resp := httptest.NewRecorder()
+	ctx := newContext(t)
+	tok := &oauth2.Token{
+		AccessToken: "XXX_TEST_TOKEN_STRING_XXX",
+		Expiry:      time.Now().Add(1 * time.Hour),
+	}
+	ctx.setAuthTokenCookie(resp, req, tok)
+	rootHandler(ctx, resp, req)
+	if resp.Code != http.StatusOK && !strings.Contains(resp.Body.String(), "XXX_TEST_TOKEN_STRING_XXX") {
+		t.Error("Unable to find token in response")
+	}
+}
+
+func TestRootHandlerNoSession(t *testing.T) {
+	req, _ := http.NewRequest("GET", "/", nil)
+	resp := httptest.NewRecorder()
+	ctx := newContext(t)
+	rootHandler(ctx, resp, req)
+	if resp.Code != http.StatusSeeOther {
+		t.Errorf("Unexpected status: %s, wanted %s", http.StatusText(resp.Code), http.StatusText(http.StatusSeeOther))
+	}
+}
+
+func TestSignRevoke(t *testing.T) {
+	s, _ := json.Marshal(&lib.SignRequest{
+		Key: string(testdata.Pub),
+	})
+	req, _ := http.NewRequest("POST", "/sign", bytes.NewReader(s))
+	resp := httptest.NewRecorder()
+	ctx := newContext(t)
+	req.Header.Set("Authorization", "Bearer abcdef")
+	signHandler(ctx, resp, req)
+	if resp.Code != http.StatusOK {
+		t.Error("Unexpected response")
+	}
+	b, err := ioutil.ReadAll(resp.Body)
+	if err != nil {
+		t.Error(err)
+	}
+	r := &lib.SignResponse{}
+	if err := json.Unmarshal(b, r); err != nil {
+		t.Error(err)
+	}
+	if r.Status != "ok" {
+		t.Error("Unexpected response")
+	}
+	k, _, _, _, err := ssh.ParseAuthorizedKey([]byte(r.Response))
+	if err != nil {
+		t.Error(err)
+	}
+	cert, ok := k.(*ssh.Certificate)
+	if !ok {
+		t.Error("Did not receive a certificate")
+	}
+	// Revoke the cert and verify
+	req, _ = http.NewRequest("POST", "/revoke", nil)
+	req.Form = url.Values{"cert_id": []string{cert.KeyId}}
+	revokeCertHandler(ctx, resp, req)
+	req, _ = http.NewRequest("GET", "/revoked", nil)
+	revokedCertsHandler(ctx, resp, req)
+	revoked, _ := ioutil.ReadAll(resp.Body)
+	if string(revoked[:len(revoked)-1]) != r.Response {
+		t.Error("omg")
+	}
+}
-- 
cgit v1.2.3