2019-12-07 18:18:22 +07:00
|
|
|
package handlers
|
|
|
|
|
|
|
|
import (
|
2021-11-23 16:45:38 +07:00
|
|
|
"database/sql"
|
|
|
|
"errors"
|
2019-12-07 18:18:22 +07:00
|
|
|
"fmt"
|
|
|
|
"testing"
|
|
|
|
|
|
|
|
"github.com/golang/mock/gomock"
|
|
|
|
"github.com/sirupsen/logrus"
|
|
|
|
"github.com/stretchr/testify/assert"
|
2020-12-16 08:47:31 +07:00
|
|
|
"github.com/stretchr/testify/require"
|
2019-12-07 18:18:22 +07:00
|
|
|
"github.com/stretchr/testify/suite"
|
2020-05-01 13:56:42 +07:00
|
|
|
|
2021-08-11 08:04:35 +07:00
|
|
|
"github.com/authelia/authelia/v4/internal/mocks"
|
2022-03-06 12:47:40 +07:00
|
|
|
"github.com/authelia/authelia/v4/internal/model"
|
2019-12-07 18:18:22 +07:00
|
|
|
)
|
|
|
|
|
|
|
|
type FetchSuite struct {
|
|
|
|
suite.Suite
|
|
|
|
mock *mocks.MockAutheliaCtx
|
|
|
|
}
|
|
|
|
|
|
|
|
func (s *FetchSuite) SetupTest() {
|
|
|
|
s.mock = mocks.NewMockAutheliaCtx(s.T())
|
2020-01-06 06:03:16 +07:00
|
|
|
// Set the initial user session.
|
2019-12-07 18:18:22 +07:00
|
|
|
userSession := s.mock.Ctx.GetSession()
|
2020-05-02 23:20:40 +07:00
|
|
|
userSession.Username = testUsername
|
2019-12-07 18:18:22 +07:00
|
|
|
userSession.AuthenticationLevel = 1
|
2020-12-16 08:47:31 +07:00
|
|
|
err := s.mock.Ctx.SaveSession(userSession)
|
|
|
|
require.NoError(s.T(), err)
|
2019-12-07 18:18:22 +07:00
|
|
|
}
|
|
|
|
|
|
|
|
func (s *FetchSuite) TearDownTest() {
|
|
|
|
s.mock.Close()
|
|
|
|
}
|
|
|
|
|
2021-11-23 16:45:38 +07:00
|
|
|
type expectedResponse struct {
|
2022-03-06 12:47:40 +07:00
|
|
|
db model.UserInfo
|
|
|
|
api *model.UserInfo
|
2021-11-23 16:45:38 +07:00
|
|
|
err error
|
2019-12-07 18:18:22 +07:00
|
|
|
}
|
|
|
|
|
2019-12-08 00:51:47 +07:00
|
|
|
func TestMethodSetToU2F(t *testing.T) {
|
2021-11-23 16:45:38 +07:00
|
|
|
expectedResponses := []expectedResponse{
|
|
|
|
{
|
2022-03-06 12:47:40 +07:00
|
|
|
db: model.UserInfo{
|
2021-11-23 16:45:38 +07:00
|
|
|
Method: "totp",
|
|
|
|
},
|
|
|
|
err: nil,
|
|
|
|
},
|
|
|
|
{
|
2022-03-06 12:47:40 +07:00
|
|
|
db: model.UserInfo{
|
2022-03-03 18:20:43 +07:00
|
|
|
Method: "webauthn",
|
|
|
|
HasWebauthn: true,
|
|
|
|
HasTOTP: true,
|
2021-11-23 16:45:38 +07:00
|
|
|
},
|
|
|
|
err: nil,
|
|
|
|
},
|
2020-04-09 08:05:17 +07:00
|
|
|
{
|
2022-03-06 12:47:40 +07:00
|
|
|
db: model.UserInfo{
|
2022-03-03 18:20:43 +07:00
|
|
|
Method: "webauthn",
|
|
|
|
HasWebauthn: true,
|
|
|
|
HasTOTP: false,
|
2021-11-23 16:45:38 +07:00
|
|
|
},
|
|
|
|
err: nil,
|
2019-12-07 18:18:22 +07:00
|
|
|
},
|
2020-04-09 08:05:17 +07:00
|
|
|
{
|
2022-03-06 12:47:40 +07:00
|
|
|
db: model.UserInfo{
|
2022-03-03 18:20:43 +07:00
|
|
|
Method: "mobile_push",
|
|
|
|
HasWebauthn: false,
|
|
|
|
HasTOTP: false,
|
2021-11-23 16:45:38 +07:00
|
|
|
},
|
|
|
|
err: nil,
|
2019-12-07 18:18:22 +07:00
|
|
|
},
|
2020-04-09 08:05:17 +07:00
|
|
|
{
|
2022-03-06 12:47:40 +07:00
|
|
|
db: model.UserInfo{},
|
2021-11-23 16:45:38 +07:00
|
|
|
err: sql.ErrNoRows,
|
2019-12-07 18:18:22 +07:00
|
|
|
},
|
2020-04-09 08:05:17 +07:00
|
|
|
{
|
2022-03-06 12:47:40 +07:00
|
|
|
db: model.UserInfo{},
|
2021-11-23 16:45:38 +07:00
|
|
|
err: errors.New("invalid thing"),
|
2019-12-08 00:51:47 +07:00
|
|
|
},
|
2019-12-07 18:18:22 +07:00
|
|
|
}
|
|
|
|
|
2021-11-23 16:45:38 +07:00
|
|
|
for _, resp := range expectedResponses {
|
|
|
|
if resp.api == nil {
|
|
|
|
resp.api = &resp.db
|
|
|
|
}
|
|
|
|
|
2019-12-08 00:51:47 +07:00
|
|
|
mock := mocks.NewMockAutheliaCtx(t)
|
2020-01-06 06:03:16 +07:00
|
|
|
// Set the initial user session.
|
2019-12-08 00:51:47 +07:00
|
|
|
userSession := mock.Ctx.GetSession()
|
2020-05-02 23:20:40 +07:00
|
|
|
userSession.Username = testUsername
|
2019-12-08 00:51:47 +07:00
|
|
|
userSession.AuthenticationLevel = 1
|
2020-12-16 08:47:31 +07:00
|
|
|
err := mock.Ctx.SaveSession(userSession)
|
|
|
|
require.NoError(t, err)
|
2019-12-08 00:51:47 +07:00
|
|
|
|
2021-12-01 19:11:29 +07:00
|
|
|
mock.StorageMock.
|
2021-11-23 16:45:38 +07:00
|
|
|
EXPECT().
|
|
|
|
LoadUserInfo(mock.Ctx, gomock.Eq("john")).
|
|
|
|
Return(resp.db, resp.err)
|
|
|
|
|
2019-12-08 00:51:47 +07:00
|
|
|
UserInfoGet(mock.Ctx)
|
2019-12-07 18:18:22 +07:00
|
|
|
|
2021-11-23 16:45:38 +07:00
|
|
|
if resp.err == nil {
|
|
|
|
t.Run("expected status code", func(t *testing.T) {
|
|
|
|
assert.Equal(t, 200, mock.Ctx.Response.StatusCode())
|
|
|
|
})
|
2019-12-07 18:18:22 +07:00
|
|
|
|
2022-03-06 12:47:40 +07:00
|
|
|
actualPreferences := model.UserInfo{}
|
2019-12-07 18:18:22 +07:00
|
|
|
|
2021-11-23 16:45:38 +07:00
|
|
|
mock.GetResponseData(t, &actualPreferences)
|
2019-12-07 18:18:22 +07:00
|
|
|
|
2021-11-23 16:45:38 +07:00
|
|
|
t.Run("expected method", func(t *testing.T) {
|
|
|
|
assert.Equal(t, resp.api.Method, actualPreferences.Method)
|
|
|
|
})
|
2019-12-07 18:18:22 +07:00
|
|
|
|
2022-03-03 18:20:43 +07:00
|
|
|
t.Run("registered webauthn", func(t *testing.T) {
|
|
|
|
assert.Equal(t, resp.api.HasWebauthn, actualPreferences.HasWebauthn)
|
2021-11-23 16:45:38 +07:00
|
|
|
})
|
2019-12-07 18:18:22 +07:00
|
|
|
|
2021-11-23 16:45:38 +07:00
|
|
|
t.Run("registered totp", func(t *testing.T) {
|
|
|
|
assert.Equal(t, resp.api.HasTOTP, actualPreferences.HasTOTP)
|
|
|
|
})
|
|
|
|
} else {
|
|
|
|
t.Run("expected status code", func(t *testing.T) {
|
|
|
|
assert.Equal(t, 200, mock.Ctx.Response.StatusCode())
|
|
|
|
})
|
2019-12-07 18:18:22 +07:00
|
|
|
|
2021-11-23 16:45:38 +07:00
|
|
|
errResponse := mock.GetResponseError(t)
|
2019-12-07 18:18:22 +07:00
|
|
|
|
2021-11-23 16:45:38 +07:00
|
|
|
assert.Equal(t, "KO", errResponse.Status)
|
|
|
|
assert.Equal(t, "Operation failed.", errResponse.Message)
|
|
|
|
}
|
|
|
|
|
|
|
|
mock.Close()
|
|
|
|
}
|
2019-12-07 18:18:22 +07:00
|
|
|
}
|
|
|
|
|
|
|
|
func (s *FetchSuite) TestShouldReturnError500WhenStorageFailsToLoad() {
|
2021-12-01 19:11:29 +07:00
|
|
|
s.mock.StorageMock.EXPECT().
|
2021-11-23 16:45:38 +07:00
|
|
|
LoadUserInfo(s.mock.Ctx, gomock.Eq("john")).
|
2022-03-06 12:47:40 +07:00
|
|
|
Return(model.UserInfo{}, fmt.Errorf("failure"))
|
2019-12-08 00:51:47 +07:00
|
|
|
|
2019-12-07 18:18:22 +07:00
|
|
|
UserInfoGet(s.mock.Ctx)
|
|
|
|
|
|
|
|
s.mock.Assert200KO(s.T(), "Operation failed.")
|
2021-11-23 16:45:38 +07:00
|
|
|
assert.Equal(s.T(), "unable to load user information: failure", s.mock.Hook.LastEntry().Message)
|
2019-12-07 18:18:22 +07:00
|
|
|
assert.Equal(s.T(), logrus.ErrorLevel, s.mock.Hook.LastEntry().Level)
|
|
|
|
}
|
|
|
|
|
|
|
|
func TestFetchSuite(t *testing.T) {
|
|
|
|
suite.Run(t, &FetchSuite{})
|
|
|
|
}
|
|
|
|
|
|
|
|
type SaveSuite struct {
|
|
|
|
suite.Suite
|
|
|
|
mock *mocks.MockAutheliaCtx
|
|
|
|
}
|
|
|
|
|
|
|
|
func (s *SaveSuite) SetupTest() {
|
|
|
|
s.mock = mocks.NewMockAutheliaCtx(s.T())
|
2020-01-06 06:03:16 +07:00
|
|
|
// Set the initial user session.
|
2019-12-07 18:18:22 +07:00
|
|
|
userSession := s.mock.Ctx.GetSession()
|
2020-05-02 23:20:40 +07:00
|
|
|
userSession.Username = testUsername
|
2019-12-07 18:18:22 +07:00
|
|
|
userSession.AuthenticationLevel = 1
|
2020-12-16 08:47:31 +07:00
|
|
|
err := s.mock.Ctx.SaveSession(userSession)
|
|
|
|
require.NoError(s.T(), err)
|
2019-12-07 18:18:22 +07:00
|
|
|
}
|
|
|
|
|
|
|
|
func (s *SaveSuite) TearDownTest() {
|
|
|
|
s.mock.Close()
|
|
|
|
}
|
|
|
|
|
|
|
|
func (s *SaveSuite) TestShouldReturnError500WhenNoBodyProvided() {
|
|
|
|
s.mock.Ctx.Request.SetBody(nil)
|
|
|
|
MethodPreferencePost(s.mock.Ctx)
|
|
|
|
|
|
|
|
s.mock.Assert200KO(s.T(), "Operation failed.")
|
2021-11-29 10:09:14 +07:00
|
|
|
assert.Equal(s.T(), "unable to parse body: unexpected end of JSON input", s.mock.Hook.LastEntry().Message)
|
2019-12-07 18:18:22 +07:00
|
|
|
assert.Equal(s.T(), logrus.ErrorLevel, s.mock.Hook.LastEntry().Level)
|
|
|
|
}
|
|
|
|
|
|
|
|
func (s *SaveSuite) TestShouldReturnError500WhenMalformedBodyProvided() {
|
|
|
|
s.mock.Ctx.Request.SetBody([]byte("{\"method\":\"abc\""))
|
|
|
|
MethodPreferencePost(s.mock.Ctx)
|
|
|
|
|
|
|
|
s.mock.Assert200KO(s.T(), "Operation failed.")
|
2021-11-29 10:09:14 +07:00
|
|
|
assert.Equal(s.T(), "unable to parse body: unexpected end of JSON input", s.mock.Hook.LastEntry().Message)
|
2019-12-07 18:18:22 +07:00
|
|
|
assert.Equal(s.T(), logrus.ErrorLevel, s.mock.Hook.LastEntry().Level)
|
|
|
|
}
|
|
|
|
|
|
|
|
func (s *SaveSuite) TestShouldReturnError500WhenBadBodyProvided() {
|
|
|
|
s.mock.Ctx.Request.SetBody([]byte("{\"weird_key\":\"abc\"}"))
|
|
|
|
MethodPreferencePost(s.mock.Ctx)
|
|
|
|
|
|
|
|
s.mock.Assert200KO(s.T(), "Operation failed.")
|
2021-11-29 10:09:14 +07:00
|
|
|
assert.Equal(s.T(), "unable to validate body: method: non zero value required", s.mock.Hook.LastEntry().Message)
|
2019-12-07 18:18:22 +07:00
|
|
|
assert.Equal(s.T(), logrus.ErrorLevel, s.mock.Hook.LastEntry().Level)
|
|
|
|
}
|
|
|
|
|
|
|
|
func (s *SaveSuite) TestShouldReturnError500WhenBadMethodProvided() {
|
|
|
|
s.mock.Ctx.Request.SetBody([]byte("{\"method\":\"abc\"}"))
|
|
|
|
MethodPreferencePost(s.mock.Ctx)
|
|
|
|
|
|
|
|
s.mock.Assert200KO(s.T(), "Operation failed.")
|
2022-03-03 18:20:43 +07:00
|
|
|
assert.Equal(s.T(), "unknown method 'abc', it should be one of totp, webauthn, mobile_push", s.mock.Hook.LastEntry().Message)
|
2019-12-07 18:18:22 +07:00
|
|
|
assert.Equal(s.T(), logrus.ErrorLevel, s.mock.Hook.LastEntry().Level)
|
|
|
|
}
|
|
|
|
|
|
|
|
func (s *SaveSuite) TestShouldReturnError500WhenDatabaseFailsToSave() {
|
2022-03-03 18:20:43 +07:00
|
|
|
s.mock.Ctx.Request.SetBody([]byte("{\"method\":\"webauthn\"}"))
|
2021-12-01 19:11:29 +07:00
|
|
|
s.mock.StorageMock.EXPECT().
|
2022-03-03 18:20:43 +07:00
|
|
|
SavePreferred2FAMethod(s.mock.Ctx, gomock.Eq("john"), gomock.Eq("webauthn")).
|
2019-12-07 18:18:22 +07:00
|
|
|
Return(fmt.Errorf("Failure"))
|
|
|
|
|
|
|
|
MethodPreferencePost(s.mock.Ctx)
|
|
|
|
|
|
|
|
s.mock.Assert200KO(s.T(), "Operation failed.")
|
2021-09-17 12:53:40 +07:00
|
|
|
assert.Equal(s.T(), "unable to save new preferred 2FA method: Failure", s.mock.Hook.LastEntry().Message)
|
2019-12-07 18:18:22 +07:00
|
|
|
assert.Equal(s.T(), logrus.ErrorLevel, s.mock.Hook.LastEntry().Level)
|
|
|
|
}
|
|
|
|
|
|
|
|
func (s *SaveSuite) TestShouldReturn200WhenMethodIsSuccessfullySaved() {
|
2022-03-03 18:20:43 +07:00
|
|
|
s.mock.Ctx.Request.SetBody([]byte("{\"method\":\"webauthn\"}"))
|
2021-12-01 19:11:29 +07:00
|
|
|
s.mock.StorageMock.EXPECT().
|
2022-03-03 18:20:43 +07:00
|
|
|
SavePreferred2FAMethod(s.mock.Ctx, gomock.Eq("john"), gomock.Eq("webauthn")).
|
2019-12-07 18:18:22 +07:00
|
|
|
Return(nil)
|
|
|
|
|
|
|
|
MethodPreferencePost(s.mock.Ctx)
|
|
|
|
|
|
|
|
assert.Equal(s.T(), 200, s.mock.Ctx.Response.StatusCode())
|
|
|
|
}
|
|
|
|
|
|
|
|
func TestSaveSuite(t *testing.T) {
|
|
|
|
suite.Run(t, &SaveSuite{})
|
|
|
|
}
|