2016-09-26 18:48:55 +00:00
|
|
|
package service
|
2016-08-28 03:59:17 +00:00
|
|
|
|
|
|
|
|
import (
|
2016-09-01 04:51:38 +00:00
|
|
|
"bytes"
|
2016-08-28 03:59:17 +00:00
|
|
|
"encoding/json"
|
|
|
|
|
"fmt"
|
2016-09-01 04:51:38 +00:00
|
|
|
"io"
|
2016-08-28 03:59:17 +00:00
|
|
|
"io/ioutil"
|
|
|
|
|
"net/http"
|
|
|
|
|
"net/http/httptest"
|
2016-09-26 17:14:39 +00:00
|
|
|
"strconv"
|
2016-08-28 03:59:17 +00:00
|
|
|
"testing"
|
|
|
|
|
|
2021-06-26 04:46:51 +00:00
|
|
|
"github.com/fleetdm/fleet/v4/server/fleet"
|
2021-08-04 13:40:04 +00:00
|
|
|
"github.com/fleetdm/fleet/v4/server/mock"
|
2021-06-06 22:07:29 +00:00
|
|
|
|
2016-09-01 04:51:38 +00:00
|
|
|
"github.com/stretchr/testify/assert"
|
2016-09-26 17:14:39 +00:00
|
|
|
"github.com/stretchr/testify/require"
|
2016-08-28 03:59:17 +00:00
|
|
|
)
|
|
|
|
|
|
|
|
|
|
func TestLogin(t *testing.T) {
|
2021-07-05 13:17:31 +00:00
|
|
|
ds, users, server := setupAuthTest(t)
|
2021-08-26 13:28:53 +00:00
|
|
|
defer server.Close()
|
2016-08-28 03:59:17 +00:00
|
|
|
var loginTests = []struct {
|
2021-06-24 20:42:29 +00:00
|
|
|
email string
|
2016-08-28 03:59:17 +00:00
|
|
|
status int
|
|
|
|
|
password string
|
|
|
|
|
}{
|
|
|
|
|
{
|
2021-06-24 20:42:29 +00:00
|
|
|
email: "admin1@example.com",
|
2016-09-29 02:44:05 +00:00
|
|
|
password: testUsers["admin1"].PlaintextPassword,
|
2016-08-28 03:59:17 +00:00
|
|
|
status: http.StatusOK,
|
|
|
|
|
},
|
2016-10-11 16:22:11 +00:00
|
|
|
{
|
2021-06-24 20:42:29 +00:00
|
|
|
email: "user1@example.com",
|
2016-10-11 16:22:11 +00:00
|
|
|
password: testUsers["user1"].PlaintextPassword,
|
|
|
|
|
status: http.StatusOK,
|
|
|
|
|
},
|
2016-08-28 03:59:17 +00:00
|
|
|
{
|
2021-06-24 20:42:29 +00:00
|
|
|
email: "nosuchuser@example.com",
|
2016-08-28 03:59:17 +00:00
|
|
|
password: "nosuchuser",
|
|
|
|
|
status: http.StatusUnauthorized,
|
|
|
|
|
},
|
|
|
|
|
{
|
2021-06-24 20:42:29 +00:00
|
|
|
email: "admin1@example.com",
|
2016-08-28 03:59:17 +00:00
|
|
|
password: "badpassword",
|
|
|
|
|
status: http.StatusUnauthorized,
|
|
|
|
|
},
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
for _, tt := range loginTests {
|
2016-09-01 04:51:38 +00:00
|
|
|
// test sessions
|
2021-06-24 20:42:29 +00:00
|
|
|
testUser := users[tt.email]
|
2016-09-01 04:51:38 +00:00
|
|
|
|
2016-09-08 01:24:11 +00:00
|
|
|
params := loginRequest{
|
2021-06-24 20:42:29 +00:00
|
|
|
Email: tt.email,
|
2016-09-01 04:51:38 +00:00
|
|
|
Password: tt.password,
|
2016-08-28 03:59:17 +00:00
|
|
|
}
|
2016-09-08 01:24:11 +00:00
|
|
|
j, err := json.Marshal(¶ms)
|
2016-09-14 18:40:51 +00:00
|
|
|
assert.Nil(t, err)
|
|
|
|
|
|
2016-09-01 04:51:38 +00:00
|
|
|
requestBody := &nopCloser{bytes.NewBuffer(j)}
|
2021-02-10 20:13:11 +00:00
|
|
|
resp, err := http.Post(server.URL+"/api/v1/fleet/login", "application/json", requestBody)
|
2016-12-30 00:40:12 +00:00
|
|
|
require.Nil(t, err)
|
2016-09-14 18:40:51 +00:00
|
|
|
assert.Equal(t, tt.status, resp.StatusCode)
|
2016-08-28 03:59:17 +00:00
|
|
|
|
|
|
|
|
var jsn = struct {
|
2021-06-06 22:07:29 +00:00
|
|
|
User *fleet.User `json:"user"`
|
2016-12-30 00:40:12 +00:00
|
|
|
Token string `json:"token"`
|
|
|
|
|
Err []map[string]string `json:"errors,omitempty"`
|
2016-08-28 03:59:17 +00:00
|
|
|
}{}
|
2016-09-14 18:40:51 +00:00
|
|
|
err = json.NewDecoder(resp.Body).Decode(&jsn)
|
2016-12-30 00:40:12 +00:00
|
|
|
require.Nil(t, err)
|
2016-08-28 03:59:17 +00:00
|
|
|
|
|
|
|
|
if tt.status != http.StatusOK {
|
2016-09-14 18:40:51 +00:00
|
|
|
assert.NotEqual(t, "", jsn.Err)
|
2016-08-28 03:59:17 +00:00
|
|
|
continue // skip remaining tests
|
|
|
|
|
}
|
|
|
|
|
|
2016-10-11 16:22:11 +00:00
|
|
|
require.NotNil(t, jsn.User)
|
2021-06-24 20:42:29 +00:00
|
|
|
assert.Equal(t, tt.email, jsn.User.Email)
|
2016-08-28 03:59:17 +00:00
|
|
|
|
2016-09-01 04:51:38 +00:00
|
|
|
// ensure that a session was created for our test user and stored
|
2016-10-14 15:59:27 +00:00
|
|
|
sessions, err := ds.ListSessionsForUser(testUser.ID)
|
2016-09-01 04:51:38 +00:00
|
|
|
assert.Nil(t, err)
|
|
|
|
|
assert.Len(t, sessions, 1)
|
|
|
|
|
|
|
|
|
|
// ensure the session key is not blank
|
|
|
|
|
assert.NotEqual(t, "", sessions[0].Key)
|
|
|
|
|
|
|
|
|
|
// test logout
|
2021-02-10 20:13:11 +00:00
|
|
|
req, _ := http.NewRequest("POST", server.URL+"/api/v1/fleet/logout", nil)
|
2016-09-08 01:24:11 +00:00
|
|
|
req.Header.Add("Authorization", fmt.Sprintf("Bearer %s", jsn.Token))
|
2016-09-01 04:51:38 +00:00
|
|
|
client := &http.Client{}
|
|
|
|
|
resp, err = client.Do(req)
|
2016-09-26 17:14:39 +00:00
|
|
|
require.Nil(t, err)
|
|
|
|
|
assert.Equal(t, http.StatusOK, resp.StatusCode, strconv.Itoa(tt.status))
|
2016-09-14 18:40:51 +00:00
|
|
|
|
2016-09-08 01:24:11 +00:00
|
|
|
_, err = ioutil.ReadAll(resp.Body)
|
2016-09-14 18:40:51 +00:00
|
|
|
assert.Nil(t, err)
|
|
|
|
|
|
2016-09-01 04:51:38 +00:00
|
|
|
// ensure that our user's session was deleted from the store
|
2016-10-14 15:59:27 +00:00
|
|
|
sessions, err = ds.ListSessionsForUser(testUser.ID)
|
2020-02-19 02:11:16 +00:00
|
|
|
assert.Nil(t, err)
|
2016-09-01 04:51:38 +00:00
|
|
|
assert.Len(t, sessions, 0)
|
2016-08-28 03:59:17 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2021-08-04 13:40:04 +00:00
|
|
|
func setupAuthTest(t *testing.T) (fleet.Datastore, map[string]fleet.User, *httptest.Server) {
|
|
|
|
|
ds := new(mock.Store)
|
|
|
|
|
var users []*fleet.User
|
|
|
|
|
var admin *fleet.User
|
|
|
|
|
sessions := make(map[string]*fleet.Session)
|
|
|
|
|
ds.NewUserFunc = func(user *fleet.User) (*fleet.User, error) {
|
|
|
|
|
if user.GlobalRole != nil && *user.GlobalRole == fleet.RoleAdmin {
|
|
|
|
|
admin = user
|
|
|
|
|
}
|
|
|
|
|
users = append(users, user)
|
|
|
|
|
return user, nil
|
|
|
|
|
}
|
|
|
|
|
ds.SessionByKeyFunc = func(key string) (*fleet.Session, error) {
|
|
|
|
|
return sessions[key], nil
|
|
|
|
|
}
|
|
|
|
|
ds.MarkSessionAccessedFunc = func(session *fleet.Session) error {
|
|
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
ds.UserByIDFunc = func(id uint) (*fleet.User, error) {
|
|
|
|
|
return admin, nil
|
|
|
|
|
}
|
|
|
|
|
ds.ListUsersFunc = func(opt fleet.UserListOptions) ([]*fleet.User, error) {
|
|
|
|
|
return users, nil
|
|
|
|
|
}
|
|
|
|
|
ds.ListSessionsForUserFunc = func(id uint) ([]*fleet.Session, error) {
|
|
|
|
|
for _, session := range sessions {
|
|
|
|
|
if session.UserID == id {
|
|
|
|
|
return []*fleet.Session{session}, nil
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
return nil, nil
|
|
|
|
|
}
|
|
|
|
|
ds.SessionByIDFunc = func(id uint) (*fleet.Session, error) {
|
|
|
|
|
for _, session := range sessions {
|
|
|
|
|
if session.ID == id {
|
|
|
|
|
return session, nil
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
return nil, nil
|
|
|
|
|
}
|
|
|
|
|
ds.DestroySessionFunc = func(session *fleet.Session) error {
|
|
|
|
|
delete(sessions, session.Key)
|
|
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
usersMap, server := RunServerForTestsWithDS(t, ds)
|
|
|
|
|
ds.UserByEmailFunc = func(email string) (*fleet.User, error) {
|
|
|
|
|
user := usersMap[email]
|
|
|
|
|
return &user, nil
|
|
|
|
|
}
|
|
|
|
|
ds.NewSessionFunc = func(session *fleet.Session) (*fleet.Session, error) {
|
|
|
|
|
sessions[session.Key] = session
|
|
|
|
|
return session, nil
|
|
|
|
|
}
|
|
|
|
|
return ds, usersMap, server
|
2021-07-08 15:50:43 +00:00
|
|
|
}
|
|
|
|
|
|
2021-07-16 18:28:13 +00:00
|
|
|
func getTestAdminToken(t *testing.T, server *httptest.Server) string {
|
|
|
|
|
testUser := testUsers["admin1"]
|
|
|
|
|
|
|
|
|
|
params := loginRequest{
|
|
|
|
|
Email: testUser.Email,
|
|
|
|
|
Password: testUser.PlaintextPassword,
|
2021-07-05 13:17:31 +00:00
|
|
|
}
|
2021-07-16 18:28:13 +00:00
|
|
|
j, err := json.Marshal(¶ms)
|
|
|
|
|
assert.Nil(t, err)
|
|
|
|
|
|
|
|
|
|
requestBody := &nopCloser{bytes.NewBuffer(j)}
|
|
|
|
|
resp, err := http.Post(server.URL+"/api/v1/fleet/login", "application/json", requestBody)
|
|
|
|
|
require.Nil(t, err)
|
|
|
|
|
assert.Equal(t, http.StatusOK, resp.StatusCode)
|
|
|
|
|
|
|
|
|
|
var jsn = struct {
|
|
|
|
|
User *fleet.User `json:"user"`
|
|
|
|
|
Token string `json:"token"`
|
|
|
|
|
Err []map[string]string `json:"errors,omitempty"`
|
|
|
|
|
}{}
|
|
|
|
|
err = json.NewDecoder(resp.Body).Decode(&jsn)
|
|
|
|
|
require.Nil(t, err)
|
|
|
|
|
|
|
|
|
|
return jsn.Token
|
2021-07-05 13:17:31 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func TestNoHeaderErrorsDifferently(t *testing.T) {
|
|
|
|
|
_, _, server := setupAuthTest(t)
|
2021-08-26 13:28:53 +00:00
|
|
|
defer server.Close()
|
2021-07-05 13:17:31 +00:00
|
|
|
|
|
|
|
|
req, _ := http.NewRequest("GET", server.URL+"/api/v1/fleet/users", nil)
|
|
|
|
|
client := &http.Client{}
|
|
|
|
|
resp, err := client.Do(req)
|
|
|
|
|
require.Nil(t, err)
|
2021-08-04 13:40:04 +00:00
|
|
|
defer resp.Body.Close()
|
2021-07-05 13:17:31 +00:00
|
|
|
assert.Equal(t, http.StatusUnauthorized, resp.StatusCode)
|
|
|
|
|
bodyBytes, err := ioutil.ReadAll(resp.Body)
|
|
|
|
|
require.Nil(t, err)
|
2021-08-02 22:06:27 +00:00
|
|
|
assert.Equal(t, `{
|
|
|
|
|
"message": "Authorization header required",
|
|
|
|
|
"errors": [
|
|
|
|
|
{
|
|
|
|
|
"name": "base",
|
|
|
|
|
"reason": "Authorization header required"
|
|
|
|
|
}
|
|
|
|
|
]
|
|
|
|
|
}
|
|
|
|
|
`, string(bodyBytes))
|
2021-07-05 13:17:31 +00:00
|
|
|
|
|
|
|
|
req, _ = http.NewRequest("GET", server.URL+"/api/v1/fleet/users", nil)
|
|
|
|
|
req.Header.Add("Authorization", "Bearer AAAA")
|
|
|
|
|
resp, err = client.Do(req)
|
|
|
|
|
require.Nil(t, err)
|
|
|
|
|
assert.Equal(t, http.StatusUnauthorized, resp.StatusCode)
|
|
|
|
|
bodyBytes, err = ioutil.ReadAll(resp.Body)
|
|
|
|
|
require.Nil(t, err)
|
2021-08-02 22:06:27 +00:00
|
|
|
assert.Equal(t, `{
|
|
|
|
|
"message": "Authentication required",
|
|
|
|
|
"errors": [
|
|
|
|
|
{
|
|
|
|
|
"name": "base",
|
|
|
|
|
"reason": "Authentication required"
|
|
|
|
|
}
|
|
|
|
|
]
|
|
|
|
|
}
|
|
|
|
|
`, string(bodyBytes))
|
2021-07-05 13:17:31 +00:00
|
|
|
}
|
|
|
|
|
|
2016-09-01 04:51:38 +00:00
|
|
|
// an io.ReadCloser for new request body
|
|
|
|
|
type nopCloser struct {
|
|
|
|
|
io.Reader
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (nopCloser) Close() error { return nil }
|
