-
-
Notifications
You must be signed in to change notification settings - Fork 930
/
manager_http_test.go
108 lines (84 loc) · 3.23 KB
/
manager_http_test.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
package session_test
import (
"context"
"errors"
"net/http"
"net/http/httptest"
"testing"
"time"
"github.com/julienschmidt/httprouter"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
"github.com/ory/viper"
"github.com/ory/kratos/driver/configuration"
"github.com/ory/kratos/identity"
"github.com/ory/kratos/internal"
"github.com/ory/kratos/internal/testhelpers"
"github.com/ory/kratos/session"
"github.com/ory/kratos/x"
)
type mockCSRFHandler struct {
c int
}
func (f *mockCSRFHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
}
func (f *mockCSRFHandler) RegenerateToken(w http.ResponseWriter, r *http.Request) string {
f.c++
return x.FakeCSRFToken
}
func TestManagerHTTP(t *testing.T) {
t.Run("case=regenerate csrf on principal change", func(t *testing.T) {
_, reg := internal.NewFastRegistryWithMocks(t)
mock := new(mockCSRFHandler)
reg.WithCSRFHandler(mock)
require.NoError(t, reg.SessionManager().SaveToRequest(context.Background(), httptest.NewRecorder(), new(http.Request), new(session.Session)))
assert.Equal(t, 1, mock.c)
})
t.Run("suite=lifecycle", func(t *testing.T) {
conf, reg := internal.NewFastRegistryWithMocks(t)
viper.Set(configuration.ViperKeySelfServiceLoginUI, "https://www.ory.sh")
viper.Set(configuration.ViperKeyDefaultIdentitySchemaURL, "file://./stub/fake-session.schema.json")
var s *session.Session
rp := x.NewRouterPublic()
rp.GET("/session/set", func(w http.ResponseWriter, r *http.Request, _ httprouter.Params) {
require.NoError(t, reg.SessionManager().CreateToRequest(r.Context(), w, r, s))
w.WriteHeader(http.StatusOK)
})
rp.GET("/session/get", func(w http.ResponseWriter, r *http.Request, p httprouter.Params) {
sess, err := reg.SessionManager().FetchFromRequest(r.Context(), r)
if err != nil {
t.Logf("Got error on lookup: %s %T", err, errors.Unwrap(err))
reg.Writer().WriteError(w, r, err)
return
}
reg.Writer().Write(w, r, sess)
})
pts := httptest.NewServer(x.NewTestCSRFHandler(rp, reg))
t.Cleanup(pts.Close)
viper.Set(configuration.ViperKeyPublicBaseURL, pts.URL)
reg.RegisterPublicRoutes(rp)
t.Run("case=valid", func(t *testing.T) {
viper.Set(configuration.ViperKeySessionLifespan, "1m")
i := identity.Identity{Traits: []byte("{}")}
require.NoError(t, reg.PrivilegedIdentityPool().CreateIdentity(context.Background(), &i))
s = session.NewSession(&i, conf, time.Now())
c := testhelpers.NewClientWithCookies(t)
testhelpers.MockHydrateCookieClient(t, c, pts.URL+"/session/set")
res, err := c.Get(pts.URL + "/session/get")
require.NoError(t, err)
assert.EqualValues(t, http.StatusOK, res.StatusCode)
})
t.Run("case=expired", func(t *testing.T) {
viper.Set(configuration.ViperKeySessionLifespan, "1ns")
i := identity.Identity{Traits: []byte("{}")}
require.NoError(t, reg.PrivilegedIdentityPool().CreateIdentity(context.Background(), &i))
s = session.NewSession(&i, conf, time.Now())
c := testhelpers.NewClientWithCookies(t)
testhelpers.MockHydrateCookieClient(t, c, pts.URL+"/session/set")
time.Sleep(time.Nanosecond * 2)
res, err := c.Get(pts.URL + "/session/get")
require.NoError(t, err)
assert.EqualValues(t, http.StatusUnauthorized, res.StatusCode)
})
})
}