authelia/internal/session/provider_test.go

package session

import (
	"testing"

	"github.com/authelia/authelia/internal/authentication"

	"github.com/stretchr/testify/assert"
	"github.com/stretchr/testify/require"

	"github.com/valyala/fasthttp"

	"github.com/authelia/authelia/internal/configuration/schema"
)

func TestShouldInitializerSession(t *testing.T) {
	ctx := &fasthttp.RequestCtx{}
	configuration := schema.SessionConfiguration{}
	configuration.Domain = "example.com"
	configuration.Name = "my_session"
	// TODO(james-d-elliott): Convert to duration notation
	configuration.Expiration = 40

	provider := NewProvider(configuration)
	session, err := provider.GetSession(ctx)
	require.NoError(t, err)

	assert.Equal(t, NewDefaultUserSession(), session)
}

func TestShouldUpdateSession(t *testing.T) {
	ctx := &fasthttp.RequestCtx{}
	configuration := schema.SessionConfiguration{}
	configuration.Domain = "example.com"
	configuration.Name = "my_session"
	// TODO(james-d-elliott): Convert to duration notation
	configuration.Expiration = 40

	provider := NewProvider(configuration)
	session, _ := provider.GetSession(ctx)

	session.Username = "john"
	session.AuthenticationLevel = authentication.TwoFactor

	err := provider.SaveSession(ctx, session)
	require.NoError(t, err)

	session, err = provider.GetSession(ctx)
	require.NoError(t, err)

	assert.Equal(t, UserSession{
		Username:            "john",
		AuthenticationLevel: authentication.TwoFactor,
	}, session)
}

func TestShouldDestroySessionAndWipeSessionData(t *testing.T) {
	ctx := &fasthttp.RequestCtx{}
	configuration := schema.SessionConfiguration{}
	configuration.Domain = "example.com"
	configuration.Name = "my_session"
	// TODO(james-d-elliott): Convert to duration notation
	configuration.Expiration = 40

	provider := NewProvider(configuration)
	session, err := provider.GetSession(ctx)
	require.NoError(t, err)

	session.Username = "john"
	session.AuthenticationLevel = authentication.TwoFactor

	err = provider.SaveSession(ctx, session)
	require.NoError(t, err)

	newUserSession, err := provider.GetSession(ctx)
	require.NoError(t, err)
	assert.Equal(t, "john", newUserSession.Username)
	assert.Equal(t, authentication.TwoFactor, newUserSession.AuthenticationLevel)

	err = provider.DestroySession(ctx)
	require.NoError(t, err)

	newUserSession, err = provider.GetSession(ctx)
	require.NoError(t, err)
	assert.Equal(t, "", newUserSession.Username)
	assert.Equal(t, authentication.NotAuthenticated, newUserSession.AuthenticationLevel)
}
Bootstrap Go implementation of Authelia. This is going to be the v4. Expected improvements: - More reliable due to static typing. - Bump of performance. - Improvement of logging. - Authelia can be shipped as a single binary. - Will likely work on ARM architecture. 2019-04-24 21:52:08 +00:00			`package session`

			`import (`
			`"testing"`

Rename org from clems4ever to authelia Also fix references from config.yml to configuration.yml 2019-12-24 02:14:52 +00:00			`"github.com/authelia/authelia/internal/authentication"`
Bootstrap Go implementation of Authelia. This is going to be the v4. Expected improvements: - More reliable due to static typing. - Bump of performance. - Improvement of logging. - Authelia can be shipped as a single binary. - Will likely work on ARM architecture. 2019-04-24 21:52:08 +00:00
			`"github.com/stretchr/testify/assert"`
Disable inactivity timeout when user checked remember me. Instead of checking the value of the cookie expiration we rely on the boolean stored in the user session to check whether inactivity timeout should be disabled. 2020-01-17 22:48:48 +00:00			`"github.com/stretchr/testify/require"`
Bootstrap Go implementation of Authelia. This is going to be the v4. Expected improvements: - More reliable due to static typing. - Bump of performance. - Improvement of logging. - Authelia can be shipped as a single binary. - Will likely work on ARM architecture. 2019-04-24 21:52:08 +00:00
			`"github.com/valyala/fasthttp"`

Rename org from clems4ever to authelia Also fix references from config.yml to configuration.yml 2019-12-24 02:14:52 +00:00			`"github.com/authelia/authelia/internal/configuration/schema"`
Bootstrap Go implementation of Authelia. This is going to be the v4. Expected improvements: - More reliable due to static typing. - Bump of performance. - Improvement of logging. - Authelia can be shipped as a single binary. - Will likely work on ARM architecture. 2019-04-24 21:52:08 +00:00			`)`

			`func TestShouldInitializerSession(t *testing.T) {`
			`ctx := &fasthttp.RequestCtx{}`
			`configuration := schema.SessionConfiguration{}`
			`configuration.Domain = "example.com"`
			`configuration.Name = "my_session"`
[FEATURE] Remember Me Configuration (#813) * [FEATURE] Remember Me Configuration * allow users to specify the duration of remember me using remember_me_duration in session config * setting the duration to 0 disables remember me * only render the remember me element if remember me is enabled * prevent malicious users from faking remember me functionality in the backend * add string to duration helper called ParseDurationString to parse a string into a duration * added tests to the helper function * use the SessionProvider to store the time.Duration instead of parsing it over and over again * add sec doc, adjust month/min, consistency * renamed internal/utils/constants.go to internal/utils/const.go to be consistent * added security measure docs * adjusted default remember me duration to be 1 month instead of 1 year * utilize default remember me duration in the autheliaCtx mock * adjust order of keys in session configuration examples * add notes on session security measures secret only being redis * add TODO items for duration notation for both Expiration and Inactivity (will be removed soon) * fix error text for Inactivity in the validator * add session validator tests * deref check bodyJSON.KeepMeLoggedIn and derive the value based on conf and user input and store it (DRY) * remove unnecessary regex for the simplified ParseDurationString utility * ParseDurationString only accepts decimals without leading zeros now * comprehensively test all unit types * remove unnecessary type unions in web * add test to check sanity of time duration consts, this is just so they can't be accidentally changed * simplify deref check and assignment * fix reset password padding/margins * adjust some doc wording * adjust the handler configuration suite test * actually run the handler configuration suite test (whoops) * reduce the number of regex's used by ParseDurationString to 1, thanks to Clement * adjust some error wording 2020-04-03 23:11:33 +00:00			`// TODO(james-d-elliott): Convert to duration notation`
Bootstrap Go implementation of Authelia. This is going to be the v4. Expected improvements: - More reliable due to static typing. - Bump of performance. - Improvement of logging. - Authelia can be shipped as a single binary. - Will likely work on ARM architecture. 2019-04-24 21:52:08 +00:00			`configuration.Expiration = 40`

			`provider := NewProvider(configuration)`
Disable inactivity timeout when user checked remember me. Instead of checking the value of the cookie expiration we rely on the boolean stored in the user session to check whether inactivity timeout should be disabled. 2020-01-17 22:48:48 +00:00			`session, err := provider.GetSession(ctx)`
			`require.NoError(t, err)`
Bootstrap Go implementation of Authelia. This is going to be the v4. Expected improvements: - More reliable due to static typing. - Bump of performance. - Improvement of logging. - Authelia can be shipped as a single binary. - Will likely work on ARM architecture. 2019-04-24 21:52:08 +00:00
			`assert.Equal(t, NewDefaultUserSession(), session)`
			`}`

			`func TestShouldUpdateSession(t *testing.T) {`
			`ctx := &fasthttp.RequestCtx{}`
			`configuration := schema.SessionConfiguration{}`
			`configuration.Domain = "example.com"`
			`configuration.Name = "my_session"`
[FEATURE] Remember Me Configuration (#813) * [FEATURE] Remember Me Configuration * allow users to specify the duration of remember me using remember_me_duration in session config * setting the duration to 0 disables remember me * only render the remember me element if remember me is enabled * prevent malicious users from faking remember me functionality in the backend * add string to duration helper called ParseDurationString to parse a string into a duration * added tests to the helper function * use the SessionProvider to store the time.Duration instead of parsing it over and over again * add sec doc, adjust month/min, consistency * renamed internal/utils/constants.go to internal/utils/const.go to be consistent * added security measure docs * adjusted default remember me duration to be 1 month instead of 1 year * utilize default remember me duration in the autheliaCtx mock * adjust order of keys in session configuration examples * add notes on session security measures secret only being redis * add TODO items for duration notation for both Expiration and Inactivity (will be removed soon) * fix error text for Inactivity in the validator * add session validator tests * deref check bodyJSON.KeepMeLoggedIn and derive the value based on conf and user input and store it (DRY) * remove unnecessary regex for the simplified ParseDurationString utility * ParseDurationString only accepts decimals without leading zeros now * comprehensively test all unit types * remove unnecessary type unions in web * add test to check sanity of time duration consts, this is just so they can't be accidentally changed * simplify deref check and assignment * fix reset password padding/margins * adjust some doc wording * adjust the handler configuration suite test * actually run the handler configuration suite test (whoops) * reduce the number of regex's used by ParseDurationString to 1, thanks to Clement * adjust some error wording 2020-04-03 23:11:33 +00:00			`// TODO(james-d-elliott): Convert to duration notation`
Bootstrap Go implementation of Authelia. This is going to be the v4. Expected improvements: - More reliable due to static typing. - Bump of performance. - Improvement of logging. - Authelia can be shipped as a single binary. - Will likely work on ARM architecture. 2019-04-24 21:52:08 +00:00			`configuration.Expiration = 40`

			`provider := NewProvider(configuration)`
			`session, _ := provider.GetSession(ctx)`

			`session.Username = "john"`
			`session.AuthenticationLevel = authentication.TwoFactor`

Disable inactivity timeout when user checked remember me. Instead of checking the value of the cookie expiration we rely on the boolean stored in the user session to check whether inactivity timeout should be disabled. 2020-01-17 22:48:48 +00:00			`err := provider.SaveSession(ctx, session)`
			`require.NoError(t, err)`
Bootstrap Go implementation of Authelia. This is going to be the v4. Expected improvements: - More reliable due to static typing. - Bump of performance. - Improvement of logging. - Authelia can be shipped as a single binary. - Will likely work on ARM architecture. 2019-04-24 21:52:08 +00:00
Disable inactivity timeout when user checked remember me. Instead of checking the value of the cookie expiration we rely on the boolean stored in the user session to check whether inactivity timeout should be disabled. 2020-01-17 22:48:48 +00:00			`session, err = provider.GetSession(ctx)`
			`require.NoError(t, err)`
Bootstrap Go implementation of Authelia. This is going to be the v4. Expected improvements: - More reliable due to static typing. - Bump of performance. - Improvement of logging. - Authelia can be shipped as a single binary. - Will likely work on ARM architecture. 2019-04-24 21:52:08 +00:00
			`assert.Equal(t, UserSession{`
			`Username: "john",`
			`AuthenticationLevel: authentication.TwoFactor,`
			`}, session)`
			`}`
Disable inactivity timeout when user checked remember me. Instead of checking the value of the cookie expiration we rely on the boolean stored in the user session to check whether inactivity timeout should be disabled. 2020-01-17 22:48:48 +00:00
			`func TestShouldDestroySessionAndWipeSessionData(t *testing.T) {`
			`ctx := &fasthttp.RequestCtx{}`
			`configuration := schema.SessionConfiguration{}`
			`configuration.Domain = "example.com"`
			`configuration.Name = "my_session"`
[FEATURE] Remember Me Configuration (#813) * [FEATURE] Remember Me Configuration * allow users to specify the duration of remember me using remember_me_duration in session config * setting the duration to 0 disables remember me * only render the remember me element if remember me is enabled * prevent malicious users from faking remember me functionality in the backend * add string to duration helper called ParseDurationString to parse a string into a duration * added tests to the helper function * use the SessionProvider to store the time.Duration instead of parsing it over and over again * add sec doc, adjust month/min, consistency * renamed internal/utils/constants.go to internal/utils/const.go to be consistent * added security measure docs * adjusted default remember me duration to be 1 month instead of 1 year * utilize default remember me duration in the autheliaCtx mock * adjust order of keys in session configuration examples * add notes on session security measures secret only being redis * add TODO items for duration notation for both Expiration and Inactivity (will be removed soon) * fix error text for Inactivity in the validator * add session validator tests * deref check bodyJSON.KeepMeLoggedIn and derive the value based on conf and user input and store it (DRY) * remove unnecessary regex for the simplified ParseDurationString utility * ParseDurationString only accepts decimals without leading zeros now * comprehensively test all unit types * remove unnecessary type unions in web * add test to check sanity of time duration consts, this is just so they can't be accidentally changed * simplify deref check and assignment * fix reset password padding/margins * adjust some doc wording * adjust the handler configuration suite test * actually run the handler configuration suite test (whoops) * reduce the number of regex's used by ParseDurationString to 1, thanks to Clement * adjust some error wording 2020-04-03 23:11:33 +00:00			`// TODO(james-d-elliott): Convert to duration notation`
Disable inactivity timeout when user checked remember me. Instead of checking the value of the cookie expiration we rely on the boolean stored in the user session to check whether inactivity timeout should be disabled. 2020-01-17 22:48:48 +00:00			`configuration.Expiration = 40`

			`provider := NewProvider(configuration)`
			`session, err := provider.GetSession(ctx)`
			`require.NoError(t, err)`

			`session.Username = "john"`
			`session.AuthenticationLevel = authentication.TwoFactor`

			`err = provider.SaveSession(ctx, session)`
			`require.NoError(t, err)`

			`newUserSession, err := provider.GetSession(ctx)`
			`require.NoError(t, err)`
			`assert.Equal(t, "john", newUserSession.Username)`
			`assert.Equal(t, authentication.TwoFactor, newUserSession.AuthenticationLevel)`

			`err = provider.DestroySession(ctx)`
			`require.NoError(t, err)`

			`newUserSession, err = provider.GetSession(ctx)`
			`require.NoError(t, err)`
			`assert.Equal(t, "", newUserSession.Username)`
			`assert.Equal(t, authentication.NotAuthenticated, newUserSession.AuthenticationLevel)`
			`}`