use fatcat::auth::AuthConfectionary; use fatcat::identifiers::FatcatId; use fatcat::{auth, server}; use std::str::FromStr; #[test] fn test_old_token() { let server = server::create_test_server().unwrap(); let conn = server.db_pool.get().expect("db_pool error"); let admin_dev_token = "AgEPZGV2LmZhdGNhdC53aWtpAhYyMDE5MDEwMS1kZXYtZHVtbXkta2V5AAImZWRpdG9yX2lkID0gYWFhYWFhYWFhYWFhYmt2a2FhYWFhYWFhYWkAAht0aW1lID4gMjAxOS0wNC0wNFQyMzozMjo0NloAAAYgrN3jjy0mgEqIydTFfsOLYSS55dz6Fh2d1CGMNQFLwcQ="; let editor_id = FatcatId::from_str("aaaaaaaaaaaabkvkaaaaaaaaai").unwrap(); let c = AuthConfectionary::new( "dev.fatcat.wiki".to_string(), "20190101-dev-dummy-key".to_string(), "5555555555555555555555555555555555555555xms=", ) .unwrap(); let editor_row = c .parse_macaroon_token(&conn, &admin_dev_token, None) .unwrap(); assert_eq!(editor_row.id, editor_id.to_uuid()); } #[test] fn test_macaroons() { // Test everything we can without connecting to database let c = AuthConfectionary::new_dummy(); let editor_id = FatcatId::from_str("q3nouwy3nnbsvo3h5klxsx4a7y").unwrap(); // create token w/o expiration c.create_token(editor_id, None).unwrap(); // create token w/ expiration c.create_token(editor_id, Some(chrono::Duration::days(1))) .unwrap(); } #[test] fn test_auth_db() { // Test things that require database let server = server::create_test_server().unwrap(); let conn = server.db_pool.get().expect("db_pool error"); let c = AuthConfectionary::new_dummy(); let editor_id = FatcatId::from_str("aaaaaaaaaaaabkvkaaaaaaaaae").unwrap(); // create token let token = c.create_token(editor_id, None).unwrap(); // verify token let editor_row = c.parse_macaroon_token(&conn, &token, None).unwrap(); assert_eq!(editor_row.id, editor_id.to_uuid()); // create token w/ expiration let token = c .create_token(editor_id, Some(chrono::Duration::days(1))) .unwrap(); // verify token w/ expiration assert!(c.parse_macaroon_token(&conn, &token, None).is_ok()); let editor_row = c.parse_macaroon_token(&conn, &token, None).unwrap(); assert_eq!(editor_row.id, editor_id.to_uuid()); // revoke token auth::revoke_tokens(&conn, editor_id).unwrap(); // verification should fail // TODO: one-second slop breaks this; sleep for 1-2 seconds? //assert!(c.parse_macaroon_token(&conn, &token, None).is_err()); // bad macaroon (not base64) assert!(c .parse_macaroon_token(&conn, "some string with spaces", None) .is_err()); // bad macaroon (wrong key used to sign) let other_key = fatcat::auth::create_key(); let c_other_key = AuthConfectionary::new( "test.fatcat.wiki".to_string(), "other-dummy".to_string(), &other_key, ) .expect("creating dummy AuthConfectionary"); let token_other_key = c_other_key.create_token(editor_id, None).unwrap(); assert!(c_other_key .parse_macaroon_token(&conn, &token_other_key, None) .is_ok()); assert!(c .parse_macaroon_token(&conn, &token_other_key, None) .is_err()); assert!(c_other_key .parse_macaroon_token(&conn, &token, None) .is_err()); // bad macaroon (wrong signing identifier) let c_other_location = AuthConfectionary::new( "test.fatcat.wiki".to_string(), "other-dummy-wrong".to_string(), &other_key, ) .expect("creating dummy AuthConfectionary"); let token_other_location = c_other_location.create_token(editor_id, None).unwrap(); assert!(c_other_location .parse_macaroon_token(&conn, &token_other_location, None) .is_ok()); assert!(c_other_key .parse_macaroon_token(&conn, &token_other_location, None) .is_err()); assert!(c_other_location .parse_macaroon_token(&conn, &token_other_key, None) .is_err()); }