From f79348817f4e0608930ba52dc361d981557b3fa3 Mon Sep 17 00:00:00 2001 From: binwiederhier Date: Wed, 28 Dec 2022 13:46:18 -0500 Subject: [PATCH] More tests --- server/server.go | 6 ++-- server/server_account.go | 4 +-- user/manager.go | 18 +++-------- user/manager_test.go | 67 +++++++++++++++++++++++++++++++--------- user/types.go | 3 +- 5 files changed, 65 insertions(+), 33 deletions(-) diff --git a/server/server.go b/server/server.go index 63479191..2747f0bf 100644 --- a/server/server.go +++ b/server/server.go @@ -36,13 +36,15 @@ import ( /* TODO + limits: + message cache duration + Keep 10000 messages or keep X days? + Attachment expiration based on plan database migration reserve topics purge accounts that were not logged into in X reset daily limits for users Account usage not updated "in real time" - Attachment expiration based on plan - Plan: Keep 10000 messages or keep X days? Sync: - "mute" setting - figure out what settings are "web" or "phone" diff --git a/server/server_account.go b/server/server_account.go index 1568ccf4..f832cd99 100644 --- a/server/server_account.go +++ b/server/server_account.go @@ -159,7 +159,7 @@ func (s *Server) handleAccountTokenIssue(w http.ResponseWriter, r *http.Request, w.Header().Set("Access-Control-Allow-Origin", "*") // FIXME remove this response := &apiAccountTokenResponse{ Token: token.Value, - Expires: token.Expires, + Expires: token.Expires.Unix(), } if err := json.NewEncoder(w).Encode(response); err != nil { return err @@ -182,7 +182,7 @@ func (s *Server) handleAccountTokenExtend(w http.ResponseWriter, r *http.Request w.Header().Set("Access-Control-Allow-Origin", "*") // FIXME remove this response := &apiAccountTokenResponse{ Token: token.Value, - Expires: token.Expires, + Expires: token.Expires.Unix(), } if err := json.NewEncoder(w).Encode(response); err != nil { return err diff --git a/user/manager.go b/user/manager.go index d014440f..7a5e46a7 100644 --- a/user/manager.go +++ b/user/manager.go @@ -188,6 +188,9 @@ func (a *Manager) Authenticate(username, password string) (*User, error) { // AuthenticateToken checks if the token exists and returns the associated User if it does. // The method sets the User.Token value to the token that was used for authentication. func (a *Manager) AuthenticateToken(token string) (*User, error) { + if len(token) != tokenLength { + return nil, ErrUnauthenticated + } user, err := a.userByToken(token) if err != nil { return nil, ErrUnauthenticated @@ -205,7 +208,7 @@ func (a *Manager) CreateToken(user *User) (*Token, error) { } return &Token{ Value: token, - Expires: expires.Unix(), + Expires: expires, }, nil } @@ -217,7 +220,7 @@ func (a *Manager) ExtendToken(user *User) (*Token, error) { } return &Token{ Value: user.Token, - Expires: newExpires.Unix(), + Expires: newExpires, }, nil } @@ -390,17 +393,6 @@ func (a *Manager) Users() ([]*User, error) { } users = append(users, user) } - /*sort.Slice(users, func(i, j int) bool { - if users[i].Role != users[j].Role { - return true - } - if users[i].Name == Everyone || users[j].Name == Everyone { - return users[i].Name != Everyone - } else if string(users[i].Role) < string(users[j].Role) { - return true - } - return users[i].Name < users[j].Name - })*/ return users, nil } diff --git a/user/manager_test.go b/user/manager_test.go index 484cf2b7..1e55bcfe 100644 --- a/user/manager_test.go +++ b/user/manager_test.go @@ -11,8 +11,8 @@ import ( const minBcryptTimingMillis = int64(50) // Ideally should be >100ms, but this should also run on a Raspberry Pi without massive resources -func TestSQLiteAuth_FullScenario_Default_DenyAll(t *testing.T) { - a := newTestAuth(t, false, false) +func TestManager_FullScenario_Default_DenyAll(t *testing.T) { + a := newTestManager(t, false, false) require.Nil(t, a.AddUser("phil", "phil", user.RoleAdmin)) require.Nil(t, a.AddUser("ben", "ben", user.RoleUser)) require.Nil(t, a.AllowAccess("ben", "mytopic", true, true)) @@ -84,21 +84,21 @@ func TestSQLiteAuth_FullScenario_Default_DenyAll(t *testing.T) { require.Nil(t, a.Authorize(nil, "up5678", user.PermissionWrite)) } -func TestSQLiteAuth_AddUser_Invalid(t *testing.T) { - a := newTestAuth(t, false, false) +func TestManager_AddUser_Invalid(t *testing.T) { + a := newTestManager(t, false, false) require.Equal(t, user.ErrInvalidArgument, a.AddUser(" invalid ", "pass", user.RoleAdmin)) require.Equal(t, user.ErrInvalidArgument, a.AddUser("validuser", "pass", "invalid-role")) } -func TestSQLiteAuth_AddUser_Timing(t *testing.T) { - a := newTestAuth(t, false, false) +func TestManager_AddUser_Timing(t *testing.T) { + a := newTestManager(t, false, false) start := time.Now().UnixMilli() require.Nil(t, a.AddUser("user", "pass", user.RoleAdmin)) require.GreaterOrEqual(t, time.Now().UnixMilli()-start, minBcryptTimingMillis) } -func TestSQLiteAuth_Authenticate_Timing(t *testing.T) { - a := newTestAuth(t, false, false) +func TestManager_Authenticate_Timing(t *testing.T) { + a := newTestManager(t, false, false) require.Nil(t, a.AddUser("user", "pass", user.RoleAdmin)) // Timing a correct attempt @@ -120,8 +120,8 @@ func TestSQLiteAuth_Authenticate_Timing(t *testing.T) { require.GreaterOrEqual(t, time.Now().UnixMilli()-start, minBcryptTimingMillis) } -func TestSQLiteAuth_UserManagement(t *testing.T) { - a := newTestAuth(t, false, false) +func TestManager_UserManagement(t *testing.T) { + a := newTestManager(t, false, false) require.Nil(t, a.AddUser("phil", "phil", user.RoleAdmin)) require.Nil(t, a.AddUser("ben", "ben", user.RoleUser)) require.Nil(t, a.AllowAccess("ben", "mytopic", true, true)) @@ -202,8 +202,8 @@ func TestSQLiteAuth_UserManagement(t *testing.T) { require.Equal(t, "*", users[1].Name) } -func TestSQLiteAuth_ChangePassword(t *testing.T) { - a := newTestAuth(t, false, false) +func TestManager_ChangePassword(t *testing.T) { + a := newTestManager(t, false, false) require.Nil(t, a.AddUser("phil", "phil", user.RoleAdmin)) _, err := a.Authenticate("phil", "phil") @@ -216,8 +216,8 @@ func TestSQLiteAuth_ChangePassword(t *testing.T) { require.Nil(t, err) } -func TestSQLiteAuth_ChangeRole(t *testing.T) { - a := newTestAuth(t, false, false) +func TestManager_ChangeRole(t *testing.T) { + a := newTestManager(t, false, false) require.Nil(t, a.AddUser("ben", "ben", user.RoleUser)) require.Nil(t, a.AllowAccess("ben", "mytopic", true, true)) require.Nil(t, a.AllowAccess("ben", "readme", true, false)) @@ -235,7 +235,44 @@ func TestSQLiteAuth_ChangeRole(t *testing.T) { require.Equal(t, 0, len(ben.Grants)) } -func newTestAuth(t *testing.T, defaultRead, defaultWrite bool) *user.Manager { +func TestManager_Token_Valid(t *testing.T) { + a := newTestManager(t, false, false) + require.Nil(t, a.AddUser("ben", "ben", user.RoleUser)) + + u, err := a.User("ben") + require.Nil(t, err) + + // Create token for user + token, err := a.CreateToken(u) + require.NotEmpty(t, token.Value) + require.True(t, time.Now().Add(71*time.Hour).Unix() < token.Expires.Unix()) + + u2, err := a.AuthenticateToken(token.Value) + require.Nil(t, err) + require.Equal(t, u.Name, u2.Name) + require.Equal(t, token.Value, u2.Token) + + // Remove token and auth again + require.Nil(t, a.RemoveToken(u2)) + u3, err := a.AuthenticateToken(token.Value) + require.Equal(t, user.ErrUnauthenticated, err) + require.Nil(t, u3) +} + +func TestManager_Token_Invalid(t *testing.T) { + a := newTestManager(t, false, false) + require.Nil(t, a.AddUser("ben", "ben", user.RoleUser)) + + u, err := a.AuthenticateToken(strings.Repeat("x", 32)) // 32 == token length + require.Nil(t, u) + require.Equal(t, user.ErrUnauthenticated, err) + + u, err = a.AuthenticateToken("not long enough anyway") + require.Nil(t, u) + require.Equal(t, user.ErrUnauthenticated, err) +} + +func newTestManager(t *testing.T, defaultRead, defaultWrite bool) *user.Manager { filename := filepath.Join(t.TempDir(), "user.db") a, err := user.NewManager(filename, defaultRead, defaultWrite) require.Nil(t, err) diff --git a/user/types.go b/user/types.go index b257822b..7cea41e7 100644 --- a/user/types.go +++ b/user/types.go @@ -4,6 +4,7 @@ package user import ( "errors" "regexp" + "time" ) type Auther interface { @@ -31,7 +32,7 @@ type User struct { type Token struct { Value string - Expires int64 + Expires time.Time } type Prefs struct {