authelia/internal/session/provider_config_test.go
Clément Michaud 4264e64f9b
[MISC] Encrypt session data in redis store. (#789)
This is a regression from v3. With this change session data is encrypted with AES-GCM using a 256-bit key derived from the provided secret.

Fixes #652.
2020-03-28 17:10:39 +11:00

111 lines
3.8 KiB
Go

package session
import (
"crypto/sha256"
"testing"
"time"
"github.com/authelia/authelia/internal/configuration/schema"
"github.com/authelia/authelia/internal/utils"
"github.com/fasthttp/session"
"github.com/fasthttp/session/memory"
"github.com/fasthttp/session/redis"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
)
func TestShouldCreateInMemorySessionProvider(t *testing.T) {
// The redis configuration is not provided so we create a in-memory provider.
configuration := schema.SessionConfiguration{}
configuration.Domain = "example.com"
configuration.Name = "my_session"
configuration.Expiration = 40
providerConfig := NewProviderConfig(configuration)
assert.Equal(t, "my_session", providerConfig.config.CookieName)
assert.Equal(t, "example.com", providerConfig.config.Domain)
assert.Equal(t, true, providerConfig.config.Secure)
assert.Equal(t, time.Duration(40)*time.Second, providerConfig.config.Expires)
assert.True(t, providerConfig.config.IsSecureFunc(nil))
assert.Equal(t, "memory", providerConfig.providerName)
assert.IsType(t, &memory.Config{}, providerConfig.providerConfig)
}
func TestShouldCreateRedisSessionProvider(t *testing.T) {
// The redis configuration is not provided so we create a in-memory provider.
configuration := schema.SessionConfiguration{}
configuration.Domain = "example.com"
configuration.Name = "my_session"
configuration.Expiration = 40
configuration.Redis = &schema.RedisSessionConfiguration{
Host: "redis.example.com",
Port: 6379,
Password: "pass",
}
providerConfig := NewProviderConfig(configuration)
assert.Equal(t, "my_session", providerConfig.config.CookieName)
assert.Equal(t, "example.com", providerConfig.config.Domain)
assert.Equal(t, true, providerConfig.config.Secure)
assert.Equal(t, time.Duration(40)*time.Second, providerConfig.config.Expires)
assert.True(t, providerConfig.config.IsSecureFunc(nil))
assert.Equal(t, "redis", providerConfig.providerName)
assert.IsType(t, &redis.Config{}, providerConfig.providerConfig)
pConfig := providerConfig.providerConfig.(*redis.Config)
assert.Equal(t, "redis.example.com", pConfig.Host)
assert.Equal(t, int64(6379), pConfig.Port)
assert.Equal(t, "pass", pConfig.Password)
// DbNumber is the fasthttp/session property for the Redis DB Index
assert.Equal(t, 0, pConfig.DbNumber)
}
func TestShouldSetDbNumber(t *testing.T) {
configuration := schema.SessionConfiguration{}
configuration.Domain = "example.com"
configuration.Name = "my_session"
configuration.Expiration = 40
configuration.Redis = &schema.RedisSessionConfiguration{
Host: "redis.example.com",
Port: 6379,
Password: "pass",
DatabaseIndex: 5,
}
providerConfig := NewProviderConfig(configuration)
assert.Equal(t, "redis", providerConfig.providerName)
assert.IsType(t, &redis.Config{}, providerConfig.providerConfig)
pConfig := providerConfig.providerConfig.(*redis.Config)
// DbNumber is the fasthttp/session property for the Redis DB Index
assert.Equal(t, 5, pConfig.DbNumber)
}
func TestShouldUseEncryptingSerializerWithRedis(t *testing.T) {
configuration := schema.SessionConfiguration{}
configuration.Secret = "abc"
configuration.Redis = &schema.RedisSessionConfiguration{
Host: "redis.example.com",
Port: 6379,
Password: "pass",
DatabaseIndex: 5,
}
providerConfig := NewProviderConfig(configuration)
pConfig := providerConfig.providerConfig.(*redis.Config)
payload := session.Dict{}
payload.Set("key", "value")
encoded, err := pConfig.SerializeFunc(payload)
require.NoError(t, err)
// Now we try to decrypt what has been serialized
key := sha256.Sum256([]byte("abc"))
decrypted, err := utils.Decrypt(encoded, &key)
require.NoError(t, err)
decoded := session.Dict{}
_, err = decoded.UnmarshalMsg(decrypted)
assert.Equal(t, "value", decoded.Get("key"))
}