authelia/internal/session/provider_config_test.go

114 lines
4.0 KiB
Go
Raw Normal View History

package session
import (
"crypto/sha256"
"testing"
"time"
"github.com/authelia/authelia/internal/configuration/schema"
"github.com/authelia/authelia/internal/utils"
"github.com/fasthttp/session"
"github.com/fasthttp/session/memory"
"github.com/fasthttp/session/redis"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
)
func TestShouldCreateInMemorySessionProvider(t *testing.T) {
// The redis configuration is not provided so we create a in-memory provider.
configuration := schema.SessionConfiguration{}
configuration.Domain = "example.com"
configuration.Name = "my_session"
[FEATURE] Remember Me Configuration (#813) * [FEATURE] Remember Me Configuration * allow users to specify the duration of remember me using remember_me_duration in session config * setting the duration to 0 disables remember me * only render the remember me element if remember me is enabled * prevent malicious users from faking remember me functionality in the backend * add string to duration helper called ParseDurationString to parse a string into a duration * added tests to the helper function * use the SessionProvider to store the time.Duration instead of parsing it over and over again * add sec doc, adjust month/min, consistency * renamed internal/utils/constants.go to internal/utils/const.go to be consistent * added security measure docs * adjusted default remember me duration to be 1 month instead of 1 year * utilize default remember me duration in the autheliaCtx mock * adjust order of keys in session configuration examples * add notes on session security measures secret only being redis * add TODO items for duration notation for both Expiration and Inactivity (will be removed soon) * fix error text for Inactivity in the validator * add session validator tests * deref check bodyJSON.KeepMeLoggedIn and derive the value based on conf and user input and store it (DRY) * remove unnecessary regex for the simplified ParseDurationString utility * ParseDurationString only accepts decimals without leading zeros now * comprehensively test all unit types * remove unnecessary type unions in web * add test to check sanity of time duration consts, this is just so they can't be accidentally changed * simplify deref check and assignment * fix reset password padding/margins * adjust some doc wording * adjust the handler configuration suite test * actually run the handler configuration suite test (whoops) * reduce the number of regex's used by ParseDurationString to 1, thanks to Clement * adjust some error wording
2020-04-04 06:11:33 +07:00
// TODO(james-d-elliott): Convert to duration notation
configuration.Expiration = 40
providerConfig := NewProviderConfig(configuration)
assert.Equal(t, "my_session", providerConfig.config.CookieName)
assert.Equal(t, "example.com", providerConfig.config.Domain)
assert.Equal(t, true, providerConfig.config.Secure)
assert.Equal(t, time.Duration(40)*time.Second, providerConfig.config.Expires)
assert.True(t, providerConfig.config.IsSecureFunc(nil))
assert.Equal(t, "memory", providerConfig.providerName)
assert.IsType(t, &memory.Config{}, providerConfig.providerConfig)
}
func TestShouldCreateRedisSessionProvider(t *testing.T) {
// The redis configuration is not provided so we create a in-memory provider.
configuration := schema.SessionConfiguration{}
configuration.Domain = "example.com"
configuration.Name = "my_session"
[FEATURE] Remember Me Configuration (#813) * [FEATURE] Remember Me Configuration * allow users to specify the duration of remember me using remember_me_duration in session config * setting the duration to 0 disables remember me * only render the remember me element if remember me is enabled * prevent malicious users from faking remember me functionality in the backend * add string to duration helper called ParseDurationString to parse a string into a duration * added tests to the helper function * use the SessionProvider to store the time.Duration instead of parsing it over and over again * add sec doc, adjust month/min, consistency * renamed internal/utils/constants.go to internal/utils/const.go to be consistent * added security measure docs * adjusted default remember me duration to be 1 month instead of 1 year * utilize default remember me duration in the autheliaCtx mock * adjust order of keys in session configuration examples * add notes on session security measures secret only being redis * add TODO items for duration notation for both Expiration and Inactivity (will be removed soon) * fix error text for Inactivity in the validator * add session validator tests * deref check bodyJSON.KeepMeLoggedIn and derive the value based on conf and user input and store it (DRY) * remove unnecessary regex for the simplified ParseDurationString utility * ParseDurationString only accepts decimals without leading zeros now * comprehensively test all unit types * remove unnecessary type unions in web * add test to check sanity of time duration consts, this is just so they can't be accidentally changed * simplify deref check and assignment * fix reset password padding/margins * adjust some doc wording * adjust the handler configuration suite test * actually run the handler configuration suite test (whoops) * reduce the number of regex's used by ParseDurationString to 1, thanks to Clement * adjust some error wording
2020-04-04 06:11:33 +07:00
// TODO(james-d-elliott): Convert to duration notation
configuration.Expiration = 40
configuration.Redis = &schema.RedisSessionConfiguration{
Host: "redis.example.com",
Port: 6379,
Password: "pass",
}
providerConfig := NewProviderConfig(configuration)
assert.Equal(t, "my_session", providerConfig.config.CookieName)
assert.Equal(t, "example.com", providerConfig.config.Domain)
assert.Equal(t, true, providerConfig.config.Secure)
assert.Equal(t, time.Duration(40)*time.Second, providerConfig.config.Expires)
assert.True(t, providerConfig.config.IsSecureFunc(nil))
assert.Equal(t, "redis", providerConfig.providerName)
assert.IsType(t, &redis.Config{}, providerConfig.providerConfig)
pConfig := providerConfig.providerConfig.(*redis.Config)
assert.Equal(t, "redis.example.com", pConfig.Host)
assert.Equal(t, int64(6379), pConfig.Port)
assert.Equal(t, "pass", pConfig.Password)
// DbNumber is the fasthttp/session property for the Redis DB Index
assert.Equal(t, 0, pConfig.DbNumber)
}
func TestShouldSetDbNumber(t *testing.T) {
configuration := schema.SessionConfiguration{}
configuration.Domain = "example.com"
configuration.Name = "my_session"
[FEATURE] Remember Me Configuration (#813) * [FEATURE] Remember Me Configuration * allow users to specify the duration of remember me using remember_me_duration in session config * setting the duration to 0 disables remember me * only render the remember me element if remember me is enabled * prevent malicious users from faking remember me functionality in the backend * add string to duration helper called ParseDurationString to parse a string into a duration * added tests to the helper function * use the SessionProvider to store the time.Duration instead of parsing it over and over again * add sec doc, adjust month/min, consistency * renamed internal/utils/constants.go to internal/utils/const.go to be consistent * added security measure docs * adjusted default remember me duration to be 1 month instead of 1 year * utilize default remember me duration in the autheliaCtx mock * adjust order of keys in session configuration examples * add notes on session security measures secret only being redis * add TODO items for duration notation for both Expiration and Inactivity (will be removed soon) * fix error text for Inactivity in the validator * add session validator tests * deref check bodyJSON.KeepMeLoggedIn and derive the value based on conf and user input and store it (DRY) * remove unnecessary regex for the simplified ParseDurationString utility * ParseDurationString only accepts decimals without leading zeros now * comprehensively test all unit types * remove unnecessary type unions in web * add test to check sanity of time duration consts, this is just so they can't be accidentally changed * simplify deref check and assignment * fix reset password padding/margins * adjust some doc wording * adjust the handler configuration suite test * actually run the handler configuration suite test (whoops) * reduce the number of regex's used by ParseDurationString to 1, thanks to Clement * adjust some error wording
2020-04-04 06:11:33 +07:00
// TODO(james-d-elliott): Convert to duration notation
configuration.Expiration = 40
configuration.Redis = &schema.RedisSessionConfiguration{
Host: "redis.example.com",
Port: 6379,
Password: "pass",
DatabaseIndex: 5,
}
providerConfig := NewProviderConfig(configuration)
assert.Equal(t, "redis", providerConfig.providerName)
assert.IsType(t, &redis.Config{}, providerConfig.providerConfig)
pConfig := providerConfig.providerConfig.(*redis.Config)
// DbNumber is the fasthttp/session property for the Redis DB Index
assert.Equal(t, 5, pConfig.DbNumber)
}
func TestShouldUseEncryptingSerializerWithRedis(t *testing.T) {
configuration := schema.SessionConfiguration{}
configuration.Secret = "abc"
configuration.Redis = &schema.RedisSessionConfiguration{
Host: "redis.example.com",
Port: 6379,
Password: "pass",
DatabaseIndex: 5,
}
providerConfig := NewProviderConfig(configuration)
pConfig := providerConfig.providerConfig.(*redis.Config)
payload := session.Dict{}
payload.Set("key", "value")
encoded, err := pConfig.SerializeFunc(payload)
require.NoError(t, err)
// Now we try to decrypt what has been serialized
key := sha256.Sum256([]byte("abc"))
decrypted, err := utils.Decrypt(encoded, &key)
require.NoError(t, err)
decoded := session.Dict{}
_, err = decoded.UnmarshalMsg(decrypted)
assert.Equal(t, "value", decoded.Get("key"))
}