auth: call loadConfig in proper places

Calling it in init won't always work. This tsuru.conf file may load after the init is called, and it would panic. Related to #280.
tsuru · Jan 22, 2013 · 69138e7 · 69138e7
1 parent 7f377cb
commit 69138e7
Show file tree

Hide file tree

Showing 3 changed files with 60 additions and 15 deletions.
diff --git a/auth/suite_test.go b/auth/suite_test.go
@@ -59,13 +59,11 @@ type S struct {
 var _ = Suite(&S{})
 
 func (s *S) SetUpSuite(c *C) {
-	s.hashed = hashPassword("123")
 	err := config.ReadConfigFile("../etc/tsuru.conf")
 	c.Assert(err, IsNil)
+	s.hashed = hashPassword("123")
 	config.Set("database:url", "127.0.0.1:27017")
 	config.Set("database:name", "tsuru_auth_test")
-	err = loadConfig()
-	c.Assert(err, IsNil)
 	s.conn, _ = db.Conn()
 	s.user = &User{Email: "timeredbull@globo.com", Password: "123"}
 	s.user.Create()
@@ -92,6 +90,8 @@ func (s *S) TearDownTest(c *C) {
 	config.Set("git:host", s.gitHost)
 	config.Set("git:port", s.gitPort)
 	config.Set("git:protocol", s.gitProt)
+	salt = ""
+	tokenKey = ""
 }
 
 func (s *S) getTestData(path ...string) io.ReadCloser {

diff --git a/auth/user.go b/auth/user.go
@@ -21,23 +21,29 @@ var salt, tokenKey string
 var tokenExpire time.Duration
 
 func loadConfig() error {
-	var err error
+	if salt == "" && tokenKey == "" {
-	if salt, err = config.GetString("auth:salt"); err != nil {
+		var err error
-		return errors.New(`Setting "auth:salt" is undefined.`)
+		if salt, err = config.GetString("auth:salt"); err != nil {
-	}
+			return errors.New(`Setting "auth:salt" is undefined.`)
-	if iface, err := config.Get("auth:token-expire-days"); err == nil {
+		}
-		day := int64(iface.(int))
+		if iface, err := config.Get("auth:token-expire-days"); err == nil {
-		tokenExpire = time.Duration(day * 24 * int64(time.Hour))
+			day := int64(iface.(int))
-	} else {
+			tokenExpire = time.Duration(day * 24 * int64(time.Hour))
-		tokenExpire = defaultExpiration
+		} else {
-	}
+			tokenExpire = defaultExpiration
-	if tokenKey, err = config.GetString("auth:token-key"); err != nil {
+		}
-		return errors.New(`Setting "auth:token-key" is undefined.`)
+		if tokenKey, err = config.GetString("auth:token-key"); err != nil {
+			return errors.New(`Setting "auth:token-key" is undefined.`)
+		}
 	}
 	return nil
 }
 
 func hashPassword(password string) string {
+	err := loadConfig()
+	if err != nil {
+		panic(err)
+	}
 	salt := []byte(salt)
 	return fmt.Sprintf("%x", pbkdf2.Key([]byte(password), salt, 4096, len(salt)*8, sha512.New))
 }
@@ -191,6 +197,9 @@ func newToken(u *User) (*Token, error) {
 	if u.Email == "" {
 		return nil, errors.New("Impossible to generate tokens for users without email")
 	}
+	if err := loadConfig(); err != nil {
+		return nil, err
+	}
 	h := sha512.New()
 	h.Write([]byte(u.Email))
 	h.Write([]byte(tokenKey))

diff --git a/auth/user_test.go b/auth/user_test.go
@@ -27,6 +27,7 @@ func (s *S) TestCreateUser(c *C) {
 }
 
 func (s *S) TestCreateUserHashesThePasswordUsingPBKDF2SHA512AndSalt(c *C) {
+	loadConfig()
 	salt := []byte(salt)
 	expectedPassword := fmt.Sprintf("%x", pbkdf2.Key([]byte("123456"), salt, 4096, len(salt)*8, sha512.New))
 	u := User{Email: "wolverine@xmen.com", Password: "123456"}
@@ -49,6 +50,20 @@ func (s *S) TestCreateUserReturnsErrorWhenTryingToCreateAUserWithDuplicatedEmail
 	c.Assert(err, NotNil)
 }
 
+func (s *S) TestCreateUserUndefinedSaltPanics(c *C) {
+	old, err := config.Get("auth:salt")
+	c.Assert(err, IsNil)
+	defer config.Set("auth:salt", old)
+	err = config.Unset("auth:salt")
+	c.Assert(err, IsNil)
+	u := User{Email: "wolverine@xmen.com", Password: "123"}
+	defer func() {
+		r := recover()
+		c.Assert(r, NotNil)
+	}()
+	u.Create()
+}
+
 func (s *S) TestGetUserByEmail(c *C) {
 	u := User{Email: "wolverine@xmen.com", Password: "123456"}
 	err := u.Create()
@@ -115,6 +130,18 @@ func (s *S) TestNewTokenReturnsErrorWhenUserIsNil(c *C) {
 	c.Assert(err, ErrorMatches, "^User is nil$")
 }
 
+func (s *S) TestNewTokenWithoutTokenKey(c *C) {
+	old, err := config.Get("auth:token-key")
+	c.Assert(err, IsNil)
+	defer config.Set("auth:token-key", old)
+	err = config.Unset("auth:token-key")
+	c.Assert(err, IsNil)
+	t, err := newToken(&User{Email: "gopher@golang.org"})
+	c.Assert(t, IsNil)
+	c.Assert(err, NotNil)
+	c.Assert(err.Error(), Equals, `Setting "auth:token-key" is undefined.`)
+}
+
 func (s *S) TestCreateTokenShouldSaveTheTokenInUserInTheDatabase(c *C) {
 	u := User{Email: "wolverine@xmen.com", Password: "123"}
 	err := u.Create()
@@ -305,6 +332,15 @@ func (s *S) TestLoadConfigUndefineTokenKey(c *C) {
 	c.Assert(tokenKey, Equals, "")
 }
 
+func (s *S) TestLoadConfigDontOverride(c *C) {
+	tokenKey = "something"
+	salt = "salt"
+	err := loadConfig()
+	c.Assert(err, IsNil)
+	c.Assert(tokenKey, Equals, "something")
+	c.Assert(salt, Equals, "salt")
+}
+
 func (s *S) TestTeams(c *C) {
 	u := User{Email: "me@tsuru.com", Password: "123"}
 	err := u.Create()