mirror of
https://github.com/mainflux/mainflux.git
synced 2025-05-02 22:17:10 +08:00
9f37927dec
* Add inital Auth implementation Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Extract IssuedAt on transport layer Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Add token type Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Fix Auth service URL in Things service Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Add User Keys revocation check Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Update tests Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Remove unused tracing methods Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Fix Key retrival and parsing Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Remove unused code Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Increase test coverage Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Fix compose files Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Fix typos Simplify tests. Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Fix typos and remove useless comments Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Rename Auth to Authn Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Rename database.go to tracin.go A new name (`tracing.go`) describes better the purpose of the file. Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Increase test coverage Fix typo. Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Increase test coverage Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Remove token from Users service Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Fix identify login keys Rename token parsing method. Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Extract tokenizer to interface Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Remove pointer time Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Use pointer for expiration time in response Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Use uppercase N Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Remove unnecessary email check Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Cleanup unused code and env vars Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Rename tokenizer field Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Use slices and named fields in test cases Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Update AuthN keys naming Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Remove package-lock.json changes Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Remove Secret from issuing request Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com>
314 lines
8.1 KiB
Go
314 lines
8.1 KiB
Go
// Copyright (c) Mainflux
|
|
// SPDX-License-Identifier: Apache-2.0
|
|
|
|
package http_test
|
|
|
|
import (
|
|
"context"
|
|
"encoding/json"
|
|
"fmt"
|
|
"io"
|
|
"net/http"
|
|
"net/http/httptest"
|
|
"strings"
|
|
"testing"
|
|
|
|
"github.com/opentracing/opentracing-go/mocktracer"
|
|
|
|
"github.com/mainflux/mainflux/things"
|
|
httpapi "github.com/mainflux/mainflux/things/api/auth/http"
|
|
"github.com/mainflux/mainflux/things/mocks"
|
|
"github.com/stretchr/testify/assert"
|
|
"github.com/stretchr/testify/require"
|
|
)
|
|
|
|
const (
|
|
contentType = "application/json"
|
|
email = "user@example.com"
|
|
token = "token"
|
|
wrong = "wrong_value"
|
|
wrongID = "0"
|
|
)
|
|
|
|
var (
|
|
thing = things.Thing{
|
|
Name: "test_app",
|
|
Metadata: map[string]interface{}{"test": "data"},
|
|
}
|
|
channel = things.Channel{
|
|
Name: "test_chan",
|
|
Metadata: map[string]interface{}{"test": "data"},
|
|
}
|
|
)
|
|
|
|
type testRequest struct {
|
|
client *http.Client
|
|
method string
|
|
url string
|
|
contentType string
|
|
body io.Reader
|
|
}
|
|
|
|
func (tr testRequest) make() (*http.Response, error) {
|
|
req, err := http.NewRequest(tr.method, tr.url, tr.body)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
if tr.contentType != "" {
|
|
req.Header.Set("Content-Type", tr.contentType)
|
|
}
|
|
return tr.client.Do(req)
|
|
}
|
|
|
|
func toJSON(data interface{}) string {
|
|
jsonData, _ := json.Marshal(data)
|
|
return string(jsonData)
|
|
}
|
|
|
|
func newService(tokens map[string]string) things.Service {
|
|
auth := mocks.NewAuthService(tokens)
|
|
conns := make(chan mocks.Connection)
|
|
thingsRepo := mocks.NewThingRepository(conns)
|
|
channelsRepo := mocks.NewChannelRepository(thingsRepo, conns)
|
|
chanCache := mocks.NewChannelCache()
|
|
thingCache := mocks.NewThingCache()
|
|
idp := mocks.NewIdentityProvider()
|
|
|
|
return things.New(auth, thingsRepo, channelsRepo, chanCache, thingCache, idp)
|
|
}
|
|
|
|
func newServer(svc things.Service) *httptest.Server {
|
|
mux := httpapi.MakeHandler(mocktracer.New(), svc)
|
|
return httptest.NewServer(mux)
|
|
}
|
|
|
|
func TestIdentify(t *testing.T) {
|
|
svc := newService(map[string]string{token: email})
|
|
ts := newServer(svc)
|
|
defer ts.Close()
|
|
|
|
sths, err := svc.CreateThings(context.Background(), token, thing)
|
|
require.Nil(t, err, fmt.Sprintf("failed to create thing: %s", err))
|
|
sth := sths[0]
|
|
|
|
ir := identifyReq{Token: sth.Key}
|
|
data := toJSON(ir)
|
|
|
|
nonexistentData := toJSON(identifyReq{Token: wrong})
|
|
|
|
cases := map[string]struct {
|
|
contentType string
|
|
req string
|
|
status int
|
|
}{
|
|
"identify existing thing": {
|
|
contentType: contentType,
|
|
req: data,
|
|
status: http.StatusOK,
|
|
},
|
|
"identify non-existent thing": {
|
|
contentType: contentType,
|
|
req: nonexistentData,
|
|
status: http.StatusForbidden,
|
|
},
|
|
"identify with missing content type": {
|
|
contentType: wrong,
|
|
req: data,
|
|
status: http.StatusUnsupportedMediaType,
|
|
},
|
|
"identify with empty JSON request": {
|
|
contentType: contentType,
|
|
req: "{}",
|
|
status: http.StatusForbidden,
|
|
},
|
|
"identify with invalid JSON request": {
|
|
contentType: contentType,
|
|
req: "",
|
|
status: http.StatusBadRequest,
|
|
},
|
|
}
|
|
|
|
for desc, tc := range cases {
|
|
req := testRequest{
|
|
client: ts.Client(),
|
|
method: http.MethodPost,
|
|
url: fmt.Sprintf("%s/identify", ts.URL),
|
|
contentType: tc.contentType,
|
|
body: strings.NewReader(tc.req),
|
|
}
|
|
res, err := req.make()
|
|
assert.Nil(t, err, fmt.Sprintf("%s: unexpected error %s", desc, err))
|
|
assert.Equal(t, tc.status, res.StatusCode, fmt.Sprintf("%s: expected status code %d got %d", desc, tc.status, res.StatusCode))
|
|
}
|
|
}
|
|
|
|
func TestCanAccessByKey(t *testing.T) {
|
|
svc := newService(map[string]string{token: email})
|
|
ts := newServer(svc)
|
|
defer ts.Close()
|
|
|
|
sths, err := svc.CreateThings(context.Background(), token, thing)
|
|
require.Nil(t, err, fmt.Sprintf("failed to create thing: %s", err))
|
|
sth := sths[0]
|
|
|
|
schs, err := svc.CreateChannels(context.Background(), token, channel)
|
|
require.Nil(t, err, fmt.Sprintf("failed to create channel: %s", err))
|
|
sch := schs[0]
|
|
|
|
err = svc.Connect(context.Background(), token, []string{sch.ID}, []string{sth.ID})
|
|
require.Nil(t, err, fmt.Sprintf("failed to connect thing and channel: %s", err))
|
|
|
|
car := canAccessByKeyReq{
|
|
Token: sth.Key,
|
|
}
|
|
data := toJSON(car)
|
|
|
|
cases := map[string]struct {
|
|
contentType string
|
|
chanID string
|
|
req string
|
|
status int
|
|
}{
|
|
"check access for connected thing and channel": {
|
|
contentType: contentType,
|
|
chanID: sch.ID,
|
|
req: data,
|
|
status: http.StatusOK,
|
|
},
|
|
"check access for not connected thing and channel": {
|
|
contentType: contentType,
|
|
chanID: wrong,
|
|
req: data,
|
|
status: http.StatusForbidden,
|
|
},
|
|
"check access with invalid content type": {
|
|
contentType: wrong,
|
|
chanID: sch.ID,
|
|
req: data,
|
|
status: http.StatusUnsupportedMediaType,
|
|
},
|
|
"check access with empty JSON request": {
|
|
contentType: contentType,
|
|
chanID: sch.ID,
|
|
req: "{}",
|
|
status: http.StatusForbidden,
|
|
},
|
|
"check access with invalid JSON request": {
|
|
contentType: contentType,
|
|
chanID: sch.ID,
|
|
req: "}",
|
|
status: http.StatusBadRequest,
|
|
},
|
|
"check access with empty request": {
|
|
contentType: contentType,
|
|
chanID: sch.ID,
|
|
req: "",
|
|
status: http.StatusBadRequest,
|
|
},
|
|
}
|
|
|
|
for desc, tc := range cases {
|
|
req := testRequest{
|
|
client: ts.Client(),
|
|
method: http.MethodPost,
|
|
url: fmt.Sprintf("%s/channels/%s/access-by-key", ts.URL, tc.chanID),
|
|
contentType: tc.contentType,
|
|
body: strings.NewReader(tc.req),
|
|
}
|
|
res, err := req.make()
|
|
assert.Nil(t, err, fmt.Sprintf("%s: unexpected error %s", desc, err))
|
|
assert.Equal(t, tc.status, res.StatusCode, fmt.Sprintf("%s: expected status code %d got %d", desc, tc.status, res.StatusCode))
|
|
}
|
|
}
|
|
|
|
func TestCanAccessByID(t *testing.T) {
|
|
svc := newService(map[string]string{token: email})
|
|
ts := newServer(svc)
|
|
defer ts.Close()
|
|
|
|
sths, err := svc.CreateThings(context.Background(), token, thing)
|
|
require.Nil(t, err, fmt.Sprintf("failed to create thing: %s", err))
|
|
sth := sths[0]
|
|
|
|
schs, err := svc.CreateChannels(context.Background(), token, channel)
|
|
require.Nil(t, err, fmt.Sprintf("failed to create channel: %s", err))
|
|
sch := schs[0]
|
|
|
|
err = svc.Connect(context.Background(), token, []string{sch.ID}, []string{sth.ID})
|
|
require.Nil(t, err, fmt.Sprintf("failed to connect thing and channel: %s", err))
|
|
|
|
car := canAccessByIDReq{
|
|
ThingID: sth.ID,
|
|
}
|
|
data := toJSON(car)
|
|
|
|
cases := map[string]struct {
|
|
contentType string
|
|
chanID string
|
|
req string
|
|
status int
|
|
}{
|
|
"check access for connected thing and channel": {
|
|
contentType: contentType,
|
|
chanID: sch.ID,
|
|
req: data,
|
|
status: http.StatusOK,
|
|
},
|
|
"check access for not connected thing and channel": {
|
|
contentType: contentType,
|
|
chanID: wrong,
|
|
req: data,
|
|
status: http.StatusForbidden,
|
|
},
|
|
"check access with invalid content type": {
|
|
contentType: wrong,
|
|
chanID: sch.ID,
|
|
req: data,
|
|
status: http.StatusUnsupportedMediaType,
|
|
},
|
|
"check access with empty JSON request": {
|
|
contentType: contentType,
|
|
chanID: sch.ID,
|
|
req: "{}",
|
|
status: http.StatusForbidden,
|
|
},
|
|
"check access with invalid JSON request": {
|
|
contentType: contentType,
|
|
chanID: sch.ID,
|
|
req: "}",
|
|
status: http.StatusBadRequest,
|
|
},
|
|
"check access with empty request": {
|
|
contentType: contentType,
|
|
chanID: sch.ID,
|
|
req: "",
|
|
status: http.StatusBadRequest,
|
|
},
|
|
}
|
|
|
|
for desc, tc := range cases {
|
|
req := testRequest{
|
|
client: ts.Client(),
|
|
method: http.MethodPost,
|
|
url: fmt.Sprintf("%s/channels/%s/access-by-id", ts.URL, tc.chanID),
|
|
contentType: tc.contentType,
|
|
body: strings.NewReader(tc.req),
|
|
}
|
|
res, err := req.make()
|
|
assert.Nil(t, err, fmt.Sprintf("%s: unexpected error %s", desc, err))
|
|
assert.Equal(t, tc.status, res.StatusCode, fmt.Sprintf("%s: expected status code %d got %d", desc, tc.status, res.StatusCode))
|
|
}
|
|
}
|
|
|
|
type identifyReq struct {
|
|
Token string `json:"token"`
|
|
}
|
|
|
|
type canAccessByKeyReq struct {
|
|
Token string `json:"token"`
|
|
}
|
|
|
|
type canAccessByIDReq struct {
|
|
ThingID string `json:"thing_id"`
|
|
}
|