mirror of
https://github.com/mainflux/mainflux.git
synced 2025-05-04 22:17:59 +08:00
e5278c463f
* MF-1348 - Add go-kit transport level logging Signed-off-by: Manuel Imperiale <manuel.imperiale@gmail.com> * Fix reviews Signed-off-by: Manuel Imperiale <manuel.imperiale@gmail.com> * Fix reviews Signed-off-by: Manuel Imperiale <manuel.imperiale@gmail.com> * Fix merge Signed-off-by: Manuel Imperiale <manuel.imperiale@gmail.com> * Fix remark Signed-off-by: Manuel Imperiale <manuel.imperiale@gmail.com> * Fix go test flags Signed-off-by: Manuel Imperiale <manuel.imperiale@gmail.com> * Use httputil errors in things and http service Signed-off-by: Manuel Imperiale <manuel.imperiale@gmail.com> * Fix SDK tests Signed-off-by: Manuel Imperiale <manuel.imperiale@gmail.com> * Use httputil errors in certs and provision service Signed-off-by: Manuel Imperiale <manuel.imperiale@gmail.com> * Use httputil errors in consumers service Signed-off-by: Manuel Imperiale <manuel.imperiale@gmail.com> * General renaming and add ErrMissingToken Signed-off-by: Manuel Imperiale <manuel.imperiale@gmail.com> * Rename httputil -> apiutil and use errors in users servive Signed-off-by: Manuel Imperiale <manuel.imperiale@gmail.com> * Use apiutil errors in auth, bootstrap, readers, things and twins Signed-off-by: Manuel Imperiale <manuel.imperiale@gmail.com> * Replace errors.Contain by comparison Signed-off-by: Manuel Imperiale <manuel.imperiale@gmail.com> * Fix remarks Signed-off-by: Manuel Imperiale <manuel.imperiale@gmail.com> * Simplify validateID Signed-off-by: Manuel Imperiale <manuel.imperiale@gmail.com> * Simplify validateID Signed-off-by: Manuel Imperiale <manuel.imperiale@gmail.com> * Simplify and rename ExtractAuthToken -> ExtractBearerToken Signed-off-by: Manuel Imperiale <manuel.imperiale@gmail.com> * Fix readers Signed-off-by: Manuel Imperiale <manuel.imperiale@gmail.com> * Fix auth key test and remarks Signed-off-by: Manuel Imperiale <manuel.imperiale@gmail.com> * Improve comment Signed-off-by: Manuel Imperiale <manuel.imperiale@gmail.com> * Simplify validateUUID check Signed-off-by: Manuel Imperiale <manuel.imperiale@gmail.com> * Fix typo Signed-off-by: Manuel Imperiale <manuel.imperiale@gmail.com> Co-authored-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com>
327 lines
8.6 KiB
Go
327 lines
8.6 KiB
Go
// Copyright (c) Mainflux
|
|
// SPDX-License-Identifier: Apache-2.0
|
|
|
|
package http_test
|
|
|
|
import (
|
|
"context"
|
|
"encoding/json"
|
|
"fmt"
|
|
"io"
|
|
"net/http"
|
|
"net/http/httptest"
|
|
"strings"
|
|
"testing"
|
|
|
|
"github.com/opentracing/opentracing-go/mocktracer"
|
|
|
|
"github.com/mainflux/mainflux/logger"
|
|
"github.com/mainflux/mainflux/pkg/uuid"
|
|
"github.com/mainflux/mainflux/things"
|
|
httpapi "github.com/mainflux/mainflux/things/api/auth/http"
|
|
"github.com/mainflux/mainflux/things/mocks"
|
|
"github.com/stretchr/testify/assert"
|
|
"github.com/stretchr/testify/require"
|
|
)
|
|
|
|
const (
|
|
contentType = "application/json"
|
|
email = "user@example.com"
|
|
token = "token"
|
|
wrong = "wrong_value"
|
|
)
|
|
|
|
var (
|
|
thing = things.Thing{
|
|
Name: "test_app",
|
|
Metadata: map[string]interface{}{"test": "data"},
|
|
}
|
|
channel = things.Channel{
|
|
Name: "test_chan",
|
|
Metadata: map[string]interface{}{"test": "data"},
|
|
}
|
|
)
|
|
|
|
type testRequest struct {
|
|
client *http.Client
|
|
method string
|
|
url string
|
|
contentType string
|
|
body io.Reader
|
|
}
|
|
|
|
func (tr testRequest) make() (*http.Response, error) {
|
|
req, err := http.NewRequest(tr.method, tr.url, tr.body)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
if tr.contentType != "" {
|
|
req.Header.Set("Content-Type", tr.contentType)
|
|
}
|
|
return tr.client.Do(req)
|
|
}
|
|
|
|
func toJSON(data interface{}) string {
|
|
jsonData, _ := json.Marshal(data)
|
|
return string(jsonData)
|
|
}
|
|
|
|
func newService(tokens map[string]string) things.Service {
|
|
policies := []mocks.MockSubjectSet{{Object: "users", Relation: "member"}}
|
|
auth := mocks.NewAuthService(tokens, map[string][]mocks.MockSubjectSet{email: policies})
|
|
conns := make(chan mocks.Connection)
|
|
thingsRepo := mocks.NewThingRepository(conns)
|
|
channelsRepo := mocks.NewChannelRepository(thingsRepo, conns)
|
|
chanCache := mocks.NewChannelCache()
|
|
thingCache := mocks.NewThingCache()
|
|
idProvider := uuid.NewMock()
|
|
|
|
return things.New(auth, thingsRepo, channelsRepo, chanCache, thingCache, idProvider)
|
|
}
|
|
|
|
func newServer(svc things.Service) *httptest.Server {
|
|
logger := logger.NewMock()
|
|
mux := httpapi.MakeHandler(mocktracer.New(), svc, logger)
|
|
return httptest.NewServer(mux)
|
|
}
|
|
|
|
func TestIdentify(t *testing.T) {
|
|
svc := newService(map[string]string{token: email})
|
|
ts := newServer(svc)
|
|
defer ts.Close()
|
|
|
|
ths, err := svc.CreateThings(context.Background(), token, thing)
|
|
require.Nil(t, err, fmt.Sprintf("failed to create thing: %s", err))
|
|
th := ths[0]
|
|
|
|
ir := identifyReq{Token: th.Key}
|
|
data := toJSON(ir)
|
|
|
|
nonexistentData := toJSON(identifyReq{Token: wrong})
|
|
|
|
cases := map[string]struct {
|
|
contentType string
|
|
req string
|
|
status int
|
|
}{
|
|
"identify existing thing": {
|
|
contentType: contentType,
|
|
req: data,
|
|
status: http.StatusOK,
|
|
},
|
|
"identify non-existent thing": {
|
|
contentType: contentType,
|
|
req: nonexistentData,
|
|
status: http.StatusNotFound,
|
|
},
|
|
"identify with missing content type": {
|
|
contentType: wrong,
|
|
req: data,
|
|
status: http.StatusUnsupportedMediaType,
|
|
},
|
|
"identify with empty JSON request": {
|
|
contentType: contentType,
|
|
req: "{}",
|
|
status: http.StatusUnauthorized,
|
|
},
|
|
"identify with invalid JSON request": {
|
|
contentType: contentType,
|
|
req: "",
|
|
status: http.StatusBadRequest,
|
|
},
|
|
}
|
|
|
|
for desc, tc := range cases {
|
|
req := testRequest{
|
|
client: ts.Client(),
|
|
method: http.MethodPost,
|
|
url: fmt.Sprintf("%s/identify", ts.URL),
|
|
contentType: tc.contentType,
|
|
body: strings.NewReader(tc.req),
|
|
}
|
|
res, err := req.make()
|
|
assert.Nil(t, err, fmt.Sprintf("%s: unexpected error %s", desc, err))
|
|
assert.Equal(t, tc.status, res.StatusCode, fmt.Sprintf("%s: expected status code %d got %d", desc, tc.status, res.StatusCode))
|
|
}
|
|
}
|
|
|
|
func TestCanAccessByKey(t *testing.T) {
|
|
svc := newService(map[string]string{token: email})
|
|
ts := newServer(svc)
|
|
defer ts.Close()
|
|
|
|
ths, err := svc.CreateThings(context.Background(), token, thing)
|
|
require.Nil(t, err, fmt.Sprintf("failed to create thing: %s", err))
|
|
th := ths[0]
|
|
|
|
chs, err := svc.CreateChannels(context.Background(), token, channel)
|
|
require.Nil(t, err, fmt.Sprintf("failed to create channel: %s", err))
|
|
ch := chs[0]
|
|
|
|
err = svc.Connect(context.Background(), token, []string{ch.ID}, []string{th.ID})
|
|
require.Nil(t, err, fmt.Sprintf("failed to connect thing and channel: %s", err))
|
|
|
|
data := toJSON(canAccessByKeyReq{
|
|
Token: th.Key,
|
|
})
|
|
|
|
cases := map[string]struct {
|
|
contentType string
|
|
chanID string
|
|
req string
|
|
status int
|
|
}{
|
|
"check access for connected thing and channel": {
|
|
contentType: contentType,
|
|
chanID: ch.ID,
|
|
req: data,
|
|
status: http.StatusOK,
|
|
},
|
|
"check access for not connected thing and channel": {
|
|
contentType: contentType,
|
|
chanID: wrong,
|
|
req: data,
|
|
status: http.StatusForbidden,
|
|
},
|
|
"check access with invalid content type": {
|
|
contentType: wrong,
|
|
chanID: ch.ID,
|
|
req: data,
|
|
status: http.StatusUnsupportedMediaType,
|
|
},
|
|
"check access with empty JSON request": {
|
|
contentType: contentType,
|
|
chanID: ch.ID,
|
|
req: "{}",
|
|
status: http.StatusUnauthorized,
|
|
},
|
|
"check access with invalid JSON request": {
|
|
contentType: contentType,
|
|
chanID: ch.ID,
|
|
req: "}",
|
|
status: http.StatusBadRequest,
|
|
},
|
|
"check access with empty request": {
|
|
contentType: contentType,
|
|
chanID: ch.ID,
|
|
req: "",
|
|
status: http.StatusBadRequest,
|
|
},
|
|
"check access with empty channel id": {
|
|
contentType: contentType,
|
|
chanID: "",
|
|
req: data,
|
|
status: http.StatusBadRequest,
|
|
},
|
|
}
|
|
|
|
for desc, tc := range cases {
|
|
req := testRequest{
|
|
client: ts.Client(),
|
|
method: http.MethodPost,
|
|
url: fmt.Sprintf("%s/identify/channels/%s/access-by-key", ts.URL, tc.chanID),
|
|
contentType: tc.contentType,
|
|
body: strings.NewReader(tc.req),
|
|
}
|
|
res, err := req.make()
|
|
assert.Nil(t, err, fmt.Sprintf("%s: unexpected error %s", desc, err))
|
|
assert.Equal(t, tc.status, res.StatusCode, fmt.Sprintf("%s: expected status code %d got %d", desc, tc.status, res.StatusCode))
|
|
}
|
|
}
|
|
|
|
func TestCanAccessByID(t *testing.T) {
|
|
svc := newService(map[string]string{token: email})
|
|
ts := newServer(svc)
|
|
defer ts.Close()
|
|
|
|
ths, err := svc.CreateThings(context.Background(), token, thing)
|
|
require.Nil(t, err, fmt.Sprintf("failed to create thing: %s", err))
|
|
th := ths[0]
|
|
|
|
chs, err := svc.CreateChannels(context.Background(), token, channel)
|
|
require.Nil(t, err, fmt.Sprintf("failed to create channel: %s", err))
|
|
ch := chs[0]
|
|
|
|
err = svc.Connect(context.Background(), token, []string{ch.ID}, []string{th.ID})
|
|
require.Nil(t, err, fmt.Sprintf("failed to connect thing and channel: %s", err))
|
|
|
|
data := toJSON(canAccessByIDReq{
|
|
ThingID: th.ID,
|
|
})
|
|
|
|
cases := map[string]struct {
|
|
contentType string
|
|
chanID string
|
|
req string
|
|
status int
|
|
}{
|
|
"check access for connected thing and channel": {
|
|
contentType: contentType,
|
|
chanID: ch.ID,
|
|
req: data,
|
|
status: http.StatusOK,
|
|
},
|
|
"check access for not connected thing and channel": {
|
|
contentType: contentType,
|
|
chanID: wrong,
|
|
req: data,
|
|
status: http.StatusForbidden,
|
|
},
|
|
"check access with invalid content type": {
|
|
contentType: wrong,
|
|
chanID: ch.ID,
|
|
req: data,
|
|
status: http.StatusUnsupportedMediaType,
|
|
},
|
|
"check access with empty JSON request": {
|
|
contentType: contentType,
|
|
chanID: ch.ID,
|
|
req: "{}",
|
|
status: http.StatusBadRequest,
|
|
},
|
|
"check access with invalid JSON request": {
|
|
contentType: contentType,
|
|
chanID: ch.ID,
|
|
req: "}",
|
|
status: http.StatusBadRequest,
|
|
},
|
|
"check access with empty request": {
|
|
contentType: contentType,
|
|
chanID: ch.ID,
|
|
req: "",
|
|
status: http.StatusBadRequest,
|
|
},
|
|
"check access with empty channel id": {
|
|
contentType: contentType,
|
|
chanID: "",
|
|
req: data,
|
|
status: http.StatusBadRequest,
|
|
},
|
|
}
|
|
|
|
for desc, tc := range cases {
|
|
req := testRequest{
|
|
client: ts.Client(),
|
|
method: http.MethodPost,
|
|
url: fmt.Sprintf("%s/identify/channels/%s/access-by-id", ts.URL, tc.chanID),
|
|
contentType: tc.contentType,
|
|
body: strings.NewReader(tc.req),
|
|
}
|
|
res, err := req.make()
|
|
assert.Nil(t, err, fmt.Sprintf("%s: unexpected error %s", desc, err))
|
|
assert.Equal(t, tc.status, res.StatusCode, fmt.Sprintf("%s: expected status code %d got %d", desc, tc.status, res.StatusCode))
|
|
}
|
|
}
|
|
|
|
type identifyReq struct {
|
|
Token string `json:"token"`
|
|
}
|
|
|
|
type canAccessByKeyReq struct {
|
|
Token string `json:"token"`
|
|
}
|
|
|
|
type canAccessByIDReq struct {
|
|
ThingID string `json:"thing_id"`
|
|
}
|