fionera
/
transfer.sh
forked from kiska/transfer.sh
1
0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
318 Commits
9 Branches
34 MiB
 
 
 
Tree: f5c3674906
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'f5c3674906'
${ noResults }
transfer.sh/vendor/github.com/PuerkitoBio/ghost/handlers/session_test.go

259 lines
7.1 KiB
Raw Blame History 

  1. package handlers

  2. 

  3. import (

  4. 	"fmt"

  5. 	"io/ioutil"

  6. 	"net/http"

  7. 	"net/http/cookiejar"

  8. 	"net/http/httptest"

  9. 	"testing"

  10. 	"time"

  11. )

  12. 

  13. var (

  14. 	store  SessionStore

  15. 	secret = "butchered at birth"

  16. )

  17. 

  18. func TestSession(t *testing.T) {

  19. 	stores := map[string]SessionStore{

  20. 		"memory": NewMemoryStore(1),

  21. 		"redis": NewRedisStore(&RedisStoreOptions{

  22. 			Network:   "tcp",

  23. 			Address:   ":6379",

  24. 			Database:  1,

  25. 			KeyPrefix: "sess",

  26. 		}),

  27. 	}

  28. 	for k, v := range stores {

  29. 		t.Logf("testing session with %s store\n", k)

  30. 		store = v

  31. 		t.Log("SessionExists")

  32. 		testSessionExists(t)

  33. 		t.Log("SessionPersists")

  34. 		testSessionPersists(t)

  35. 		t.Log("SessionExpires")

  36. 		testSessionExpires(t)

  37. 		t.Log("SessionBeforeExpires")

  38. 		testSessionBeforeExpires(t)

  39. 		t.Log("PanicIfNoSecret")

  40. 		testPanicIfNoSecret(t)

  41. 		t.Log("InvalidPath")

  42. 		testInvalidPath(t)

  43. 		t.Log("ValidSubPath")

  44. 		testValidSubPath(t)

  45. 		t.Log("SecureOverHttp")

  46. 		testSecureOverHttp(t)

  47. 	}

  48. }

  49. 

  50. func setupTest(f func(w http.ResponseWriter, r *http.Request), ckPath string, secure bool, maxAge int) *httptest.Server {

  51. 	opts := NewSessionOptions(store, secret)

  52. 	if ckPath != "" {

  53. 		opts.CookieTemplate.Path = ckPath

  54. 	}

  55. 	opts.CookieTemplate.Secure = secure

  56. 	opts.CookieTemplate.MaxAge = maxAge

  57. 	h := SessionHandler(http.HandlerFunc(f), opts)

  58. 	return httptest.NewServer(h)

  59. }

  60. 

  61. func doRequest(u string, newJar bool) *http.Response {

  62. 	var err error

  63. 	if newJar {

  64. 		http.DefaultClient.Jar, err = cookiejar.New(new(cookiejar.Options))

  65. 		if err != nil {

  66. 			panic(err)

  67. 		}

  68. 	}

  69. 	res, err := http.Get(u)

  70. 	if err != nil {

  71. 		panic(err)

  72. 	}

  73. 	return res

  74. }

  75. 

  76. func testSessionExists(t *testing.T) {

  77. 	s := setupTest(func(w http.ResponseWriter, r *http.Request) {

  78. 		ssn, ok := GetSession(w)

  79. 		if assertTrue(ok, "expected session to be non-nil, got nil", t) {

  80. 			ssn.Data["foo"] = "bar"

  81. 			assertTrue(ssn.Data["foo"] == "bar", fmt.Sprintf("expected ssn[foo] to be 'bar', got %v", ssn.Data["foo"]), t)

  82. 		}

  83. 		w.Write([]byte("ok"))

  84. 	}, "", false, 0)

  85. 	defer s.Close()

  86. 

  87. 	res := doRequest(s.URL, true)

  88. 	assertStatus(http.StatusOK, res.StatusCode, t)

  89. 	assertBody([]byte("ok"), res, t)

  90. 	assertTrue(len(res.Cookies()) == 1, fmt.Sprintf("expected response to have 1 cookie, got %d", len(res.Cookies())), t)

  91. }

  92. 

  93. func testSessionPersists(t *testing.T) {

  94. 	cnt := 0

  95. 	s := setupTest(func(w http.ResponseWriter, r *http.Request) {

  96. 		ssn, ok := GetSession(w)

  97. 		if !ok {

  98. 			panic("session not found!")

  99. 		}

  100. 		if cnt == 0 {

  101. 			ssn.Data["foo"] = "bar"

  102. 			w.Write([]byte("ok"))

  103. 			cnt++

  104. 		} else {

  105. 			w.Write([]byte(ssn.Data["foo"].(string)))

  106. 		}

  107. 	}, "", false, 0)

  108. 	defer s.Close()

  109. 

  110. 	// 1st call, set the session value

  111. 	res := doRequest(s.URL, true)

  112. 	assertStatus(http.StatusOK, res.StatusCode, t)

  113. 	assertBody([]byte("ok"), res, t)

  114. 

  115. 	// 2nd call, get the session value

  116. 	res = doRequest(s.URL, false)

  117. 	assertStatus(http.StatusOK, res.StatusCode, t)

  118. 	assertBody([]byte("bar"), res, t)

  119. 	assertTrue(len(res.Cookies()) == 0, fmt.Sprintf("expected 2nd response to have 0 cookie, got %d", len(res.Cookies())), t)

  120. }

  121. 

  122. func testSessionExpires(t *testing.T) {

  123. 	cnt := 0

  124. 	s := setupTest(func(w http.ResponseWriter, r *http.Request) {

  125. 		ssn, ok := GetSession(w)

  126. 		if !ok {

  127. 			panic("session not found!")

  128. 		}

  129. 		if cnt == 0 {

  130. 			w.Write([]byte(ssn.ID()))

  131. 			cnt++

  132. 		} else {

  133. 			w.Write([]byte(ssn.ID()))

  134. 		}

  135. 	}, "", false, 1) // Expire in 1 second

  136. 	defer s.Close()

  137. 

  138. 	// 1st call, set the session value

  139. 	res := doRequest(s.URL, true)

  140. 	assertStatus(http.StatusOK, res.StatusCode, t)

  141. 	id1, err := ioutil.ReadAll(res.Body)

  142. 	if err != nil {

  143. 		panic(err)

  144. 	}

  145. 	res.Body.Close()

  146. 	time.Sleep(1001 * time.Millisecond)

  147. 

  148. 	// 2nd call, get the session value

  149. 	res = doRequest(s.URL, false)

  150. 	assertStatus(http.StatusOK, res.StatusCode, t)

  151. 	id2, err := ioutil.ReadAll(res.Body)

  152. 	if err != nil {

  153. 		panic(err)

  154. 	}

  155. 	res.Body.Close()

  156. 	sid1, sid2 := string(id1), string(id2)

  157. 	assertTrue(len(res.Cookies()) == 1, fmt.Sprintf("expected 2nd response to have 1 cookie, got %d", len(res.Cookies())), t)

  158. 	assertTrue(sid1 != sid2, "expected session IDs to be different, got same", t)

  159. }

  160. 

  161. func testSessionBeforeExpires(t *testing.T) {

  162. 	s := setupTest(func(w http.ResponseWriter, r *http.Request) {

  163. 		ssn, ok := GetSession(w)

  164. 		if !ok {

  165. 			panic("session not found!")

  166. 		}

  167. 		w.Write([]byte(ssn.ID()))

  168. 	}, "", false, 1) // Expire in 1 second

  169. 	defer s.Close()

  170. 

  171. 	// 1st call, set the session value

  172. 	res := doRequest(s.URL, true)

  173. 	assertStatus(http.StatusOK, res.StatusCode, t)

  174. 	id1, err := ioutil.ReadAll(res.Body)

  175. 	if err != nil {

  176. 		panic(err)

  177. 	}

  178. 	res.Body.Close()

  179. 	time.Sleep(500 * time.Millisecond)

  180. 

  181. 	// 2nd call, get the session value

  182. 	res = doRequest(s.URL, false)

  183. 	assertStatus(http.StatusOK, res.StatusCode, t)

  184. 	id2, err := ioutil.ReadAll(res.Body)

  185. 	if err != nil {

  186. 		panic(err)

  187. 	}

  188. 	res.Body.Close()

  189. 	sid1, sid2 := string(id1), string(id2)

  190. 	assertTrue(len(res.Cookies()) == 0, fmt.Sprintf("expected 2nd response to have no cookie, got %d", len(res.Cookies())), t)

  191. 	assertTrue(sid1 == sid2, "expected session IDs to be the same, got different", t)

  192. }

  193. 

  194. func testPanicIfNoSecret(t *testing.T) {

  195. 	defer assertPanic(t)

  196. 	SessionHandler(http.NotFoundHandler(), NewSessionOptions(nil, ""))

  197. }

  198. 

  199. func testInvalidPath(t *testing.T) {

  200. 	s := setupTest(func(w http.ResponseWriter, r *http.Request) {

  201. 		_, ok := GetSession(w)

  202. 		assertTrue(!ok, "expected session to be nil, got non-nil", t)

  203. 		w.Write([]byte("ok"))

  204. 	}, "/foo", false, 0)

  205. 	defer s.Close()

  206. 

  207. 	res := doRequest(s.URL, true)

  208. 	assertStatus(http.StatusOK, res.StatusCode, t)

  209. 	assertBody([]byte("ok"), res, t)

  210. 	assertTrue(len(res.Cookies()) == 0, fmt.Sprintf("expected response to have no cookie, got %d", len(res.Cookies())), t)

  211. }

  212. 

  213. func testValidSubPath(t *testing.T) {

  214. 	s := setupTest(func(w http.ResponseWriter, r *http.Request) {

  215. 		_, ok := GetSession(w)

  216. 		assertTrue(ok, "expected session to be non-nil, got nil", t)

  217. 		w.Write([]byte("ok"))

  218. 	}, "/foo", false, 0)

  219. 	defer s.Close()

  220. 

  221. 	res := doRequest(s.URL+"/foo/bar", true)

  222. 	assertStatus(http.StatusOK, res.StatusCode, t)

  223. 	assertBody([]byte("ok"), res, t)

  224. 	assertTrue(len(res.Cookies()) == 1, fmt.Sprintf("expected response to have 1 cookie, got %d", len(res.Cookies())), t)

  225. }

  226. 

  227. func testSecureOverHttp(t *testing.T) {

  228. 	s := setupTest(func(w http.ResponseWriter, r *http.Request) {

  229. 		_, ok := GetSession(w)

  230. 		assertTrue(ok, "expected session to be non-nil, got nil", t)

  231. 		w.Write([]byte("ok"))

  232. 	}, "", true, 0)

  233. 	defer s.Close()

  234. 

  235. 	res := doRequest(s.URL, true)

  236. 	assertStatus(http.StatusOK, res.StatusCode, t)

  237. 	assertBody([]byte("ok"), res, t)

  238. 	assertTrue(len(res.Cookies()) == 0, fmt.Sprintf("expected response to have no cookie, got %d", len(res.Cookies())), t)

  239. }

  240. 

  241. // TODO : commented, certificate problem

  242. func xtestSecureOverHttps(t *testing.T) {

  243. 	opts := NewSessionOptions(store, secret)

  244. 	opts.CookieTemplate.Secure = true

  245. 	h := SessionHandler(http.HandlerFunc(

  246. 		func(w http.ResponseWriter, r *http.Request) {

  247. 			_, ok := GetSession(w)

  248. 			assertTrue(ok, "expected session to be non-nil, got nil", t)

  249. 			w.Write([]byte("ok"))

  250. 		}), opts)

  251. 	s := httptest.NewTLSServer(h)

  252. 	defer s.Close()

  253. 

  254. 	res := doRequest(s.URL, true)

  255. 	assertStatus(http.StatusOK, res.StatusCode, t)

  256. 	assertBody([]byte("ok"), res, t)

  257. 	assertTrue(len(res.Cookies()) == 1, fmt.Sprintf("expected response to have 1 cookie, got %d", len(res.Cookies())), t)

  258. }