Fix unit tests.
parent
1617d98b11
commit
be802cfc7b
|
@ -42,14 +42,6 @@ func FirstFactorPost(ctx *middlewares.AutheliaCtx) {
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
ctx.Logger.Debugf("Mark authentication attempt made by user %s", bodyJSON.Username)
|
|
||||||
err = ctx.Providers.Regulator.Mark(bodyJSON.Username, false)
|
|
||||||
|
|
||||||
if err != nil {
|
|
||||||
ctx.Error(fmt.Errorf("Unable to mark authentication: %s", err), authenticationFailedMessage)
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
if !userPasswordOk {
|
if !userPasswordOk {
|
||||||
ctx.ReplyError(fmt.Errorf("Credentials are wrong for user %s", bodyJSON.Username), authenticationFailedMessage)
|
ctx.ReplyError(fmt.Errorf("Credentials are wrong for user %s", bodyJSON.Username), authenticationFailedMessage)
|
||||||
return
|
return
|
||||||
|
@ -57,6 +49,14 @@ func FirstFactorPost(ctx *middlewares.AutheliaCtx) {
|
||||||
|
|
||||||
ctx.Logger.Debugf("Credentials validation of user %s is ok", bodyJSON.Username)
|
ctx.Logger.Debugf("Credentials validation of user %s is ok", bodyJSON.Username)
|
||||||
|
|
||||||
|
ctx.Logger.Debugf("Mark authentication attempt made by user %s", bodyJSON.Username)
|
||||||
|
err = ctx.Providers.Regulator.Mark(bodyJSON.Username, true)
|
||||||
|
|
||||||
|
if err != nil {
|
||||||
|
ctx.Error(fmt.Errorf("Unable to mark authentication: %s", err), authenticationFailedMessage)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
// Reset all values from previous session before regenerating the cookie.
|
// Reset all values from previous session before regenerating the cookie.
|
||||||
err = ctx.SaveSession(session.NewDefaultUserSession())
|
err = ctx.SaveSession(session.NewDefaultUserSession())
|
||||||
|
|
||||||
|
|
|
@ -3,7 +3,6 @@ package handlers
|
||||||
import (
|
import (
|
||||||
"fmt"
|
"fmt"
|
||||||
"testing"
|
"testing"
|
||||||
"time"
|
|
||||||
|
|
||||||
"github.com/clems4ever/authelia/internal/mocks"
|
"github.com/clems4ever/authelia/internal/mocks"
|
||||||
"github.com/clems4ever/authelia/internal/models"
|
"github.com/clems4ever/authelia/internal/models"
|
||||||
|
@ -61,6 +60,14 @@ func (s *FirstFactorSuite) TestShouldFailIfUserProviderCheckPasswordFail() {
|
||||||
CheckUserPassword(gomock.Eq("test"), gomock.Eq("hello")).
|
CheckUserPassword(gomock.Eq("test"), gomock.Eq("hello")).
|
||||||
Return(false, fmt.Errorf("Failed"))
|
Return(false, fmt.Errorf("Failed"))
|
||||||
|
|
||||||
|
s.mock.StorageProviderMock.
|
||||||
|
EXPECT().
|
||||||
|
AppendAuthenticationLog(gomock.Eq(models.AuthenticationAttempt{
|
||||||
|
Username: "test",
|
||||||
|
Successful: false,
|
||||||
|
Time: s.mock.Clock.Now(),
|
||||||
|
}))
|
||||||
|
|
||||||
s.mock.Ctx.Request.SetBodyString(`{
|
s.mock.Ctx.Request.SetBodyString(`{
|
||||||
"username": "test",
|
"username": "test",
|
||||||
"password": "hello",
|
"password": "hello",
|
||||||
|
@ -73,9 +80,6 @@ func (s *FirstFactorSuite) TestShouldFailIfUserProviderCheckPasswordFail() {
|
||||||
}
|
}
|
||||||
|
|
||||||
func (s *FirstFactorSuite) TestShouldCheckAuthenticationIsMarkedWhenInvalidCredentials() {
|
func (s *FirstFactorSuite) TestShouldCheckAuthenticationIsMarkedWhenInvalidCredentials() {
|
||||||
t, _ := time.Parse("2006-Jan-02", "2013-Feb-03")
|
|
||||||
s.mock.Clock.Set(t)
|
|
||||||
|
|
||||||
s.mock.UserProviderMock.
|
s.mock.UserProviderMock.
|
||||||
EXPECT().
|
EXPECT().
|
||||||
CheckUserPassword(gomock.Eq("test"), gomock.Eq("hello")).
|
CheckUserPassword(gomock.Eq("test"), gomock.Eq("hello")).
|
||||||
|
@ -86,7 +90,7 @@ func (s *FirstFactorSuite) TestShouldCheckAuthenticationIsMarkedWhenInvalidCrede
|
||||||
AppendAuthenticationLog(gomock.Eq(models.AuthenticationAttempt{
|
AppendAuthenticationLog(gomock.Eq(models.AuthenticationAttempt{
|
||||||
Username: "test",
|
Username: "test",
|
||||||
Successful: false,
|
Successful: false,
|
||||||
Time: t,
|
Time: s.mock.Clock.Now(),
|
||||||
}))
|
}))
|
||||||
|
|
||||||
s.mock.Ctx.Request.SetBodyString(`{
|
s.mock.Ctx.Request.SetBodyString(`{
|
||||||
|
@ -104,16 +108,16 @@ func (s *FirstFactorSuite) TestShouldFailIfUserProviderGetDetailsFail() {
|
||||||
CheckUserPassword(gomock.Eq("test"), gomock.Eq("hello")).
|
CheckUserPassword(gomock.Eq("test"), gomock.Eq("hello")).
|
||||||
Return(true, nil)
|
Return(true, nil)
|
||||||
|
|
||||||
s.mock.UserProviderMock.
|
|
||||||
EXPECT().
|
|
||||||
GetDetails(gomock.Eq("test")).
|
|
||||||
Return(nil, fmt.Errorf("Failed"))
|
|
||||||
|
|
||||||
s.mock.StorageProviderMock.
|
s.mock.StorageProviderMock.
|
||||||
EXPECT().
|
EXPECT().
|
||||||
AppendAuthenticationLog(gomock.Any()).
|
AppendAuthenticationLog(gomock.Any()).
|
||||||
Return(nil)
|
Return(nil)
|
||||||
|
|
||||||
|
s.mock.UserProviderMock.
|
||||||
|
EXPECT().
|
||||||
|
GetDetails(gomock.Eq("test")).
|
||||||
|
Return(nil, fmt.Errorf("Failed"))
|
||||||
|
|
||||||
s.mock.Ctx.Request.SetBodyString(`{
|
s.mock.Ctx.Request.SetBodyString(`{
|
||||||
"username": "test",
|
"username": "test",
|
||||||
"password": "hello",
|
"password": "hello",
|
||||||
|
@ -125,17 +129,12 @@ func (s *FirstFactorSuite) TestShouldFailIfUserProviderGetDetailsFail() {
|
||||||
s.mock.Assert200KO(s.T(), "Authentication failed. Check your credentials.")
|
s.mock.Assert200KO(s.T(), "Authentication failed. Check your credentials.")
|
||||||
}
|
}
|
||||||
|
|
||||||
func (s *FirstFactorSuite) TestShouldFailIfAuthenticationLoggingFail() {
|
func (s *FirstFactorSuite) TestShouldFailIfAuthenticationMarkFail() {
|
||||||
s.mock.UserProviderMock.
|
s.mock.UserProviderMock.
|
||||||
EXPECT().
|
EXPECT().
|
||||||
CheckUserPassword(gomock.Eq("test"), gomock.Eq("hello")).
|
CheckUserPassword(gomock.Eq("test"), gomock.Eq("hello")).
|
||||||
Return(true, nil)
|
Return(true, nil)
|
||||||
|
|
||||||
s.mock.UserProviderMock.
|
|
||||||
EXPECT().
|
|
||||||
GetDetails(gomock.Eq("test")).
|
|
||||||
Return(nil, nil)
|
|
||||||
|
|
||||||
s.mock.StorageProviderMock.
|
s.mock.StorageProviderMock.
|
||||||
EXPECT().
|
EXPECT().
|
||||||
AppendAuthenticationLog(gomock.Any()).
|
AppendAuthenticationLog(gomock.Any()).
|
||||||
|
|
|
@ -12,6 +12,7 @@ import (
|
||||||
"github.com/clems4ever/authelia/internal/mocks"
|
"github.com/clems4ever/authelia/internal/mocks"
|
||||||
"github.com/golang/mock/gomock"
|
"github.com/golang/mock/gomock"
|
||||||
"github.com/stretchr/testify/assert"
|
"github.com/stretchr/testify/assert"
|
||||||
|
"github.com/stretchr/testify/suite"
|
||||||
)
|
)
|
||||||
|
|
||||||
// Test getOriginalURL
|
// Test getOriginalURL
|
||||||
|
@ -172,54 +173,143 @@ func (tc TestCase) String() string {
|
||||||
return fmt.Sprintf("url=%s, auth=%s, exp_status=%d", tc.URL, tc.Authorization, tc.ExpectedStatusCode)
|
return fmt.Sprintf("url=%s, auth=%s, exp_status=%d", tc.URL, tc.Authorization, tc.ExpectedStatusCode)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
type BasicAuthorizationSuite struct {
|
||||||
|
suite.Suite
|
||||||
|
}
|
||||||
|
|
||||||
|
func NewBasicAuthorizationSuite() *BasicAuthorizationSuite {
|
||||||
|
return &BasicAuthorizationSuite{}
|
||||||
|
}
|
||||||
|
|
||||||
|
func (s *BasicAuthorizationSuite) TestShouldNotBeAbleToParseBasicAuth() {
|
||||||
|
mock := mocks.NewMockAutheliaCtx(s.T())
|
||||||
|
defer mock.Close()
|
||||||
|
|
||||||
|
mock.Ctx.Request.Header.Set("Proxy-Authorization", "Basic am9objpaaaaaaaaaaaaaaaa")
|
||||||
|
mock.Ctx.Request.Header.Set("X-Original-URL", "https://test.example.com")
|
||||||
|
|
||||||
|
VerifyGet(mock.Ctx)
|
||||||
|
|
||||||
|
assert.Equal(s.T(), 401, mock.Ctx.Response.StatusCode())
|
||||||
|
}
|
||||||
|
|
||||||
|
func (s *BasicAuthorizationSuite) TestShouldApplyDefaultPolicy() {
|
||||||
|
mock := mocks.NewMockAutheliaCtx(s.T())
|
||||||
|
defer mock.Close()
|
||||||
|
|
||||||
|
mock.Ctx.Request.Header.Set("Proxy-Authorization", "Basic am9objpwYXNzd29yZA==")
|
||||||
|
mock.Ctx.Request.Header.Set("X-Original-URL", "https://test.example.com")
|
||||||
|
|
||||||
|
mock.UserProviderMock.EXPECT().
|
||||||
|
CheckUserPassword(gomock.Eq("john"), gomock.Eq("password")).
|
||||||
|
Return(true, nil)
|
||||||
|
|
||||||
|
mock.UserProviderMock.EXPECT().
|
||||||
|
GetDetails(gomock.Eq("john")).
|
||||||
|
Return(&authentication.UserDetails{
|
||||||
|
Emails: []string{"john@example.com"},
|
||||||
|
Groups: []string{"dev", "admin"},
|
||||||
|
}, nil)
|
||||||
|
|
||||||
|
VerifyGet(mock.Ctx)
|
||||||
|
|
||||||
|
assert.Equal(s.T(), 403, mock.Ctx.Response.StatusCode())
|
||||||
|
}
|
||||||
|
|
||||||
|
func (s *BasicAuthorizationSuite) TestShouldApplyPolicyOfBypassDomain() {
|
||||||
|
mock := mocks.NewMockAutheliaCtx(s.T())
|
||||||
|
defer mock.Close()
|
||||||
|
|
||||||
|
mock.Ctx.Request.Header.Set("Proxy-Authorization", "Basic am9objpwYXNzd29yZA==")
|
||||||
|
mock.Ctx.Request.Header.Set("X-Original-URL", "https://bypass.example.com")
|
||||||
|
|
||||||
|
mock.UserProviderMock.EXPECT().
|
||||||
|
CheckUserPassword(gomock.Eq("john"), gomock.Eq("password")).
|
||||||
|
Return(true, nil)
|
||||||
|
|
||||||
|
mock.UserProviderMock.EXPECT().
|
||||||
|
GetDetails(gomock.Eq("john")).
|
||||||
|
Return(&authentication.UserDetails{
|
||||||
|
Emails: []string{"john@example.com"},
|
||||||
|
Groups: []string{"dev", "admin"},
|
||||||
|
}, nil)
|
||||||
|
|
||||||
|
VerifyGet(mock.Ctx)
|
||||||
|
|
||||||
|
assert.Equal(s.T(), 200, mock.Ctx.Response.StatusCode())
|
||||||
|
}
|
||||||
|
|
||||||
|
func (s *BasicAuthorizationSuite) TestShouldApplyPolicyOfOneFactorDomain() {
|
||||||
|
mock := mocks.NewMockAutheliaCtx(s.T())
|
||||||
|
defer mock.Close()
|
||||||
|
|
||||||
|
mock.Ctx.Request.Header.Set("Proxy-Authorization", "Basic am9objpwYXNzd29yZA==")
|
||||||
|
mock.Ctx.Request.Header.Set("X-Original-URL", "https://one-factor.example.com")
|
||||||
|
|
||||||
|
mock.UserProviderMock.EXPECT().
|
||||||
|
CheckUserPassword(gomock.Eq("john"), gomock.Eq("password")).
|
||||||
|
Return(true, nil)
|
||||||
|
|
||||||
|
mock.UserProviderMock.EXPECT().
|
||||||
|
GetDetails(gomock.Eq("john")).
|
||||||
|
Return(&authentication.UserDetails{
|
||||||
|
Emails: []string{"john@example.com"},
|
||||||
|
Groups: []string{"dev", "admin"},
|
||||||
|
}, nil)
|
||||||
|
|
||||||
|
VerifyGet(mock.Ctx)
|
||||||
|
|
||||||
|
assert.Equal(s.T(), 200, mock.Ctx.Response.StatusCode())
|
||||||
|
}
|
||||||
|
|
||||||
|
func (s *BasicAuthorizationSuite) TestShouldApplyPolicyOfTwoFactorDomain() {
|
||||||
|
mock := mocks.NewMockAutheliaCtx(s.T())
|
||||||
|
defer mock.Close()
|
||||||
|
|
||||||
|
mock.Ctx.Request.Header.Set("Proxy-Authorization", "Basic am9objpwYXNzd29yZA==")
|
||||||
|
mock.Ctx.Request.Header.Set("X-Original-URL", "https://two-factor.example.com")
|
||||||
|
|
||||||
|
mock.UserProviderMock.EXPECT().
|
||||||
|
CheckUserPassword(gomock.Eq("john"), gomock.Eq("password")).
|
||||||
|
Return(true, nil)
|
||||||
|
|
||||||
|
mock.UserProviderMock.EXPECT().
|
||||||
|
GetDetails(gomock.Eq("john")).
|
||||||
|
Return(&authentication.UserDetails{
|
||||||
|
Emails: []string{"john@example.com"},
|
||||||
|
Groups: []string{"dev", "admin"},
|
||||||
|
}, nil)
|
||||||
|
|
||||||
|
VerifyGet(mock.Ctx)
|
||||||
|
|
||||||
|
assert.Equal(s.T(), 401, mock.Ctx.Response.StatusCode())
|
||||||
|
}
|
||||||
|
|
||||||
|
func (s *BasicAuthorizationSuite) TestShouldApplyPolicyOfDenyDomain() {
|
||||||
|
mock := mocks.NewMockAutheliaCtx(s.T())
|
||||||
|
defer mock.Close()
|
||||||
|
|
||||||
|
mock.Ctx.Request.Header.Set("Proxy-Authorization", "Basic am9objpwYXNzd29yZA==")
|
||||||
|
mock.Ctx.Request.Header.Set("X-Original-URL", "https://deny.example.com")
|
||||||
|
|
||||||
|
mock.UserProviderMock.EXPECT().
|
||||||
|
CheckUserPassword(gomock.Eq("john"), gomock.Eq("password")).
|
||||||
|
Return(true, nil)
|
||||||
|
|
||||||
|
mock.UserProviderMock.EXPECT().
|
||||||
|
GetDetails(gomock.Eq("john")).
|
||||||
|
Return(&authentication.UserDetails{
|
||||||
|
Emails: []string{"john@example.com"},
|
||||||
|
Groups: []string{"dev", "admin"},
|
||||||
|
}, nil)
|
||||||
|
|
||||||
|
VerifyGet(mock.Ctx)
|
||||||
|
|
||||||
|
assert.Equal(s.T(), 403, mock.Ctx.Response.StatusCode())
|
||||||
|
}
|
||||||
|
|
||||||
func TestShouldVerifyAuthorizationsUsingBasicAuth(t *testing.T) {
|
func TestShouldVerifyAuthorizationsUsingBasicAuth(t *testing.T) {
|
||||||
testCases := []TestCase{
|
suite.Run(t, NewBasicAuthorizationSuite())
|
||||||
// Authorization has bad format.
|
|
||||||
TestCase{"https://bypass.example.com", "Basic am9objpaaaaaaaaaaaaaaaa", 401},
|
|
||||||
|
|
||||||
// Correct Authorization
|
|
||||||
TestCase{"https://test.example.com", "Basic am9objpwYXNzd29yZA==", 403},
|
|
||||||
TestCase{"https://bypass.example.com", "Basic am9objpwYXNzd29yZA==", 200},
|
|
||||||
TestCase{"https://one-factor.example.com", "Basic am9objpwYXNzd29yZA==", 200},
|
|
||||||
TestCase{"https://two-factor.example.com", "Basic am9objpwYXNzd29yZA==", 401},
|
|
||||||
TestCase{"https://deny.example.com", "Basic am9objpwYXNzd29yZA==", 403},
|
|
||||||
}
|
|
||||||
|
|
||||||
for _, testCase := range testCases {
|
|
||||||
testCase := testCase
|
|
||||||
t.Run(testCase.String(), func(t *testing.T) {
|
|
||||||
mock := mocks.NewMockAutheliaCtx(t)
|
|
||||||
defer mock.Close()
|
|
||||||
|
|
||||||
mock.UserProviderMock.EXPECT().
|
|
||||||
CheckUserPassword(gomock.Eq("john"), gomock.Eq("password")).
|
|
||||||
Return(true, nil)
|
|
||||||
|
|
||||||
details := authentication.UserDetails{
|
|
||||||
Emails: []string{"john@example.com"},
|
|
||||||
Groups: []string{"dev", "admin"},
|
|
||||||
}
|
|
||||||
mock.UserProviderMock.EXPECT().
|
|
||||||
GetDetails(gomock.Eq("john")).
|
|
||||||
Return(&details, nil)
|
|
||||||
|
|
||||||
mock.Ctx.Request.Header.Set("Proxy-Authorization", testCase.Authorization)
|
|
||||||
mock.Ctx.Request.Header.Set("X-Original-URL", testCase.URL)
|
|
||||||
|
|
||||||
VerifyGet(mock.Ctx)
|
|
||||||
expStatus, actualStatus := testCase.ExpectedStatusCode, mock.Ctx.Response.StatusCode()
|
|
||||||
assert.Equal(t, expStatus, actualStatus, "URL=%s -> StatusCode=%d != ExpectedStatusCode=%d",
|
|
||||||
testCase.URL, actualStatus, expStatus)
|
|
||||||
|
|
||||||
if testCase.ExpectedStatusCode == 200 {
|
|
||||||
assert.Equal(t, []byte("john"), mock.Ctx.Response.Header.Peek("Remote-User"))
|
|
||||||
assert.Equal(t, []byte("dev,admin"), mock.Ctx.Response.Header.Peek("Remote-Groups"))
|
|
||||||
} else {
|
|
||||||
assert.Equal(t, []byte(nil), mock.Ctx.Response.Header.Peek("Remote-User"))
|
|
||||||
assert.Equal(t, []byte(nil), mock.Ctx.Response.Header.Peek("Remote-Groups"))
|
|
||||||
}
|
|
||||||
})
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestShouldVerifyWrongCredentialsInBasicAuth(t *testing.T) {
|
func TestShouldVerifyWrongCredentialsInBasicAuth(t *testing.T) {
|
||||||
|
|
|
@ -62,6 +62,9 @@ func NewMockAutheliaCtx(t *testing.T) *MockAutheliaCtx {
|
||||||
mockAuthelia := new(MockAutheliaCtx)
|
mockAuthelia := new(MockAutheliaCtx)
|
||||||
mockAuthelia.Clock = TestingClock{}
|
mockAuthelia.Clock = TestingClock{}
|
||||||
|
|
||||||
|
datetime, _ := time.Parse("2006-Jan-02", "2013-Feb-03")
|
||||||
|
mockAuthelia.Clock.Set(datetime)
|
||||||
|
|
||||||
configuration := schema.Configuration{
|
configuration := schema.Configuration{
|
||||||
AccessControl: new(schema.AccessControlConfiguration),
|
AccessControl: new(schema.AccessControlConfiguration),
|
||||||
}
|
}
|
||||||
|
|
|
@ -5,6 +5,7 @@ import (
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
"github.com/clems4ever/authelia/internal/configuration/schema"
|
"github.com/clems4ever/authelia/internal/configuration/schema"
|
||||||
|
"github.com/clems4ever/authelia/internal/mocks"
|
||||||
"github.com/clems4ever/authelia/internal/models"
|
"github.com/clems4ever/authelia/internal/models"
|
||||||
"github.com/clems4ever/authelia/internal/regulation"
|
"github.com/clems4ever/authelia/internal/regulation"
|
||||||
"github.com/clems4ever/authelia/internal/storage"
|
"github.com/clems4ever/authelia/internal/storage"
|
||||||
|
@ -19,7 +20,7 @@ type RegulatorSuite struct {
|
||||||
ctrl *gomock.Controller
|
ctrl *gomock.Controller
|
||||||
storageMock *storage.MockProvider
|
storageMock *storage.MockProvider
|
||||||
configuration schema.RegulationConfiguration
|
configuration schema.RegulationConfiguration
|
||||||
now time.Time
|
clock mocks.TestingClock
|
||||||
}
|
}
|
||||||
|
|
||||||
func (s *RegulatorSuite) SetupTest() {
|
func (s *RegulatorSuite) SetupTest() {
|
||||||
|
@ -31,7 +32,7 @@ func (s *RegulatorSuite) SetupTest() {
|
||||||
BanTime: 180,
|
BanTime: 180,
|
||||||
FindTime: 30,
|
FindTime: 30,
|
||||||
}
|
}
|
||||||
s.now = time.Now()
|
s.clock.Set(time.Now())
|
||||||
}
|
}
|
||||||
|
|
||||||
func (s *RegulatorSuite) TearDownTest() {
|
func (s *RegulatorSuite) TearDownTest() {
|
||||||
|
@ -43,7 +44,7 @@ func (s *RegulatorSuite) TestShouldNotThrowWhenUserIsLegitimate() {
|
||||||
models.AuthenticationAttempt{
|
models.AuthenticationAttempt{
|
||||||
Username: "john",
|
Username: "john",
|
||||||
Successful: true,
|
Successful: true,
|
||||||
Time: s.now.Add(-4 * time.Minute),
|
Time: s.clock.Now().Add(-4 * time.Minute),
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -51,7 +52,7 @@ func (s *RegulatorSuite) TestShouldNotThrowWhenUserIsLegitimate() {
|
||||||
LoadLatestAuthenticationLogs(gomock.Eq("john"), gomock.Any()).
|
LoadLatestAuthenticationLogs(gomock.Eq("john"), gomock.Any()).
|
||||||
Return(attempts, nil)
|
Return(attempts, nil)
|
||||||
|
|
||||||
regulator := regulation.NewRegulator(&s.configuration, s.storageMock)
|
regulator := regulation.NewRegulator(&s.configuration, s.storageMock, &s.clock)
|
||||||
|
|
||||||
_, err := regulator.Regulate("john")
|
_, err := regulator.Regulate("john")
|
||||||
assert.NoError(s.T(), err)
|
assert.NoError(s.T(), err)
|
||||||
|
@ -64,17 +65,17 @@ func (s *RegulatorSuite) TestShouldNotThrowWhenFailedAuthenticationNotInFindTime
|
||||||
models.AuthenticationAttempt{
|
models.AuthenticationAttempt{
|
||||||
Username: "john",
|
Username: "john",
|
||||||
Successful: false,
|
Successful: false,
|
||||||
Time: s.now.Add(-1 * time.Second),
|
Time: s.clock.Now().Add(-1 * time.Second),
|
||||||
},
|
},
|
||||||
models.AuthenticationAttempt{
|
models.AuthenticationAttempt{
|
||||||
Username: "john",
|
Username: "john",
|
||||||
Successful: false,
|
Successful: false,
|
||||||
Time: s.now.Add(-90 * time.Second),
|
Time: s.clock.Now().Add(-90 * time.Second),
|
||||||
},
|
},
|
||||||
models.AuthenticationAttempt{
|
models.AuthenticationAttempt{
|
||||||
Username: "john",
|
Username: "john",
|
||||||
Successful: false,
|
Successful: false,
|
||||||
Time: s.now.Add(-180 * time.Second),
|
Time: s.clock.Now().Add(-180 * time.Second),
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -82,7 +83,7 @@ func (s *RegulatorSuite) TestShouldNotThrowWhenFailedAuthenticationNotInFindTime
|
||||||
LoadLatestAuthenticationLogs(gomock.Eq("john"), gomock.Any()).
|
LoadLatestAuthenticationLogs(gomock.Eq("john"), gomock.Any()).
|
||||||
Return(attemptsInDB, nil)
|
Return(attemptsInDB, nil)
|
||||||
|
|
||||||
regulator := regulation.NewRegulator(&s.configuration, s.storageMock)
|
regulator := regulation.NewRegulator(&s.configuration, s.storageMock, &s.clock)
|
||||||
|
|
||||||
_, err := regulator.Regulate("john")
|
_, err := regulator.Regulate("john")
|
||||||
assert.NoError(s.T(), err)
|
assert.NoError(s.T(), err)
|
||||||
|
@ -95,22 +96,22 @@ func (s *RegulatorSuite) TestShouldBanUserIfLatestAttemptsAreWithinFinTime() {
|
||||||
models.AuthenticationAttempt{
|
models.AuthenticationAttempt{
|
||||||
Username: "john",
|
Username: "john",
|
||||||
Successful: false,
|
Successful: false,
|
||||||
Time: s.now.Add(-1 * time.Second),
|
Time: s.clock.Now().Add(-1 * time.Second),
|
||||||
},
|
},
|
||||||
models.AuthenticationAttempt{
|
models.AuthenticationAttempt{
|
||||||
Username: "john",
|
Username: "john",
|
||||||
Successful: false,
|
Successful: false,
|
||||||
Time: s.now.Add(-4 * time.Second),
|
Time: s.clock.Now().Add(-4 * time.Second),
|
||||||
},
|
},
|
||||||
models.AuthenticationAttempt{
|
models.AuthenticationAttempt{
|
||||||
Username: "john",
|
Username: "john",
|
||||||
Successful: false,
|
Successful: false,
|
||||||
Time: s.now.Add(-6 * time.Second),
|
Time: s.clock.Now().Add(-6 * time.Second),
|
||||||
},
|
},
|
||||||
models.AuthenticationAttempt{
|
models.AuthenticationAttempt{
|
||||||
Username: "john",
|
Username: "john",
|
||||||
Successful: false,
|
Successful: false,
|
||||||
Time: s.now.Add(-180 * time.Second),
|
Time: s.clock.Now().Add(-180 * time.Second),
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -118,7 +119,7 @@ func (s *RegulatorSuite) TestShouldBanUserIfLatestAttemptsAreWithinFinTime() {
|
||||||
LoadLatestAuthenticationLogs(gomock.Eq("john"), gomock.Any()).
|
LoadLatestAuthenticationLogs(gomock.Eq("john"), gomock.Any()).
|
||||||
Return(attemptsInDB, nil)
|
Return(attemptsInDB, nil)
|
||||||
|
|
||||||
regulator := regulation.NewRegulator(&s.configuration, s.storageMock)
|
regulator := regulation.NewRegulator(&s.configuration, s.storageMock, &s.clock)
|
||||||
|
|
||||||
_, err := regulator.Regulate("john")
|
_, err := regulator.Regulate("john")
|
||||||
assert.Equal(s.T(), regulation.ErrUserIsBanned, err)
|
assert.Equal(s.T(), regulation.ErrUserIsBanned, err)
|
||||||
|
@ -133,17 +134,17 @@ func (s *RegulatorSuite) TestShouldCheckUserIsStillBanned() {
|
||||||
models.AuthenticationAttempt{
|
models.AuthenticationAttempt{
|
||||||
Username: "john",
|
Username: "john",
|
||||||
Successful: false,
|
Successful: false,
|
||||||
Time: s.now.Add(-31 * time.Second),
|
Time: s.clock.Now().Add(-31 * time.Second),
|
||||||
},
|
},
|
||||||
models.AuthenticationAttempt{
|
models.AuthenticationAttempt{
|
||||||
Username: "john",
|
Username: "john",
|
||||||
Successful: false,
|
Successful: false,
|
||||||
Time: s.now.Add(-34 * time.Second),
|
Time: s.clock.Now().Add(-34 * time.Second),
|
||||||
},
|
},
|
||||||
models.AuthenticationAttempt{
|
models.AuthenticationAttempt{
|
||||||
Username: "john",
|
Username: "john",
|
||||||
Successful: false,
|
Successful: false,
|
||||||
Time: s.now.Add(-36 * time.Second),
|
Time: s.clock.Now().Add(-36 * time.Second),
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -151,7 +152,7 @@ func (s *RegulatorSuite) TestShouldCheckUserIsStillBanned() {
|
||||||
LoadLatestAuthenticationLogs(gomock.Eq("john"), gomock.Any()).
|
LoadLatestAuthenticationLogs(gomock.Eq("john"), gomock.Any()).
|
||||||
Return(attemptsInDB, nil)
|
Return(attemptsInDB, nil)
|
||||||
|
|
||||||
regulator := regulation.NewRegulator(&s.configuration, s.storageMock)
|
regulator := regulation.NewRegulator(&s.configuration, s.storageMock, &s.clock)
|
||||||
|
|
||||||
_, err := regulator.Regulate("john")
|
_, err := regulator.Regulate("john")
|
||||||
assert.Equal(s.T(), regulation.ErrUserIsBanned, err)
|
assert.Equal(s.T(), regulation.ErrUserIsBanned, err)
|
||||||
|
@ -162,12 +163,12 @@ func (s *RegulatorSuite) TestShouldCheckUserIsNotYetBanned() {
|
||||||
models.AuthenticationAttempt{
|
models.AuthenticationAttempt{
|
||||||
Username: "john",
|
Username: "john",
|
||||||
Successful: false,
|
Successful: false,
|
||||||
Time: s.now.Add(-34 * time.Second),
|
Time: s.clock.Now().Add(-34 * time.Second),
|
||||||
},
|
},
|
||||||
models.AuthenticationAttempt{
|
models.AuthenticationAttempt{
|
||||||
Username: "john",
|
Username: "john",
|
||||||
Successful: false,
|
Successful: false,
|
||||||
Time: s.now.Add(-36 * time.Second),
|
Time: s.clock.Now().Add(-36 * time.Second),
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -175,7 +176,7 @@ func (s *RegulatorSuite) TestShouldCheckUserIsNotYetBanned() {
|
||||||
LoadLatestAuthenticationLogs(gomock.Eq("john"), gomock.Any()).
|
LoadLatestAuthenticationLogs(gomock.Eq("john"), gomock.Any()).
|
||||||
Return(attemptsInDB, nil)
|
Return(attemptsInDB, nil)
|
||||||
|
|
||||||
regulator := regulation.NewRegulator(&s.configuration, s.storageMock)
|
regulator := regulation.NewRegulator(&s.configuration, s.storageMock, &s.clock)
|
||||||
|
|
||||||
_, err := regulator.Regulate("john")
|
_, err := regulator.Regulate("john")
|
||||||
assert.NoError(s.T(), err)
|
assert.NoError(s.T(), err)
|
||||||
|
@ -186,7 +187,7 @@ func (s *RegulatorSuite) TestShouldCheckUserWasAboutToBeBanned() {
|
||||||
models.AuthenticationAttempt{
|
models.AuthenticationAttempt{
|
||||||
Username: "john",
|
Username: "john",
|
||||||
Successful: false,
|
Successful: false,
|
||||||
Time: s.now.Add(-14 * time.Second),
|
Time: s.clock.Now().Add(-14 * time.Second),
|
||||||
},
|
},
|
||||||
// more than 30 seconds elapsed between this auth and the preceding one.
|
// more than 30 seconds elapsed between this auth and the preceding one.
|
||||||
// In that case we don't need to regulate the user even though the number
|
// In that case we don't need to regulate the user even though the number
|
||||||
|
@ -194,12 +195,12 @@ func (s *RegulatorSuite) TestShouldCheckUserWasAboutToBeBanned() {
|
||||||
models.AuthenticationAttempt{
|
models.AuthenticationAttempt{
|
||||||
Username: "john",
|
Username: "john",
|
||||||
Successful: false,
|
Successful: false,
|
||||||
Time: s.now.Add(-94 * time.Second),
|
Time: s.clock.Now().Add(-94 * time.Second),
|
||||||
},
|
},
|
||||||
models.AuthenticationAttempt{
|
models.AuthenticationAttempt{
|
||||||
Username: "john",
|
Username: "john",
|
||||||
Successful: false,
|
Successful: false,
|
||||||
Time: s.now.Add(-96 * time.Second),
|
Time: s.clock.Now().Add(-96 * time.Second),
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -207,7 +208,7 @@ func (s *RegulatorSuite) TestShouldCheckUserWasAboutToBeBanned() {
|
||||||
LoadLatestAuthenticationLogs(gomock.Eq("john"), gomock.Any()).
|
LoadLatestAuthenticationLogs(gomock.Eq("john"), gomock.Any()).
|
||||||
Return(attemptsInDB, nil)
|
Return(attemptsInDB, nil)
|
||||||
|
|
||||||
regulator := regulation.NewRegulator(&s.configuration, s.storageMock)
|
regulator := regulation.NewRegulator(&s.configuration, s.storageMock, &s.clock)
|
||||||
|
|
||||||
_, err := regulator.Regulate("john")
|
_, err := regulator.Regulate("john")
|
||||||
assert.NoError(s.T(), err)
|
assert.NoError(s.T(), err)
|
||||||
|
@ -218,24 +219,24 @@ func (s *RegulatorSuite) TestShouldCheckRegulationHasBeenResetOnSuccessfulAttemp
|
||||||
models.AuthenticationAttempt{
|
models.AuthenticationAttempt{
|
||||||
Username: "john",
|
Username: "john",
|
||||||
Successful: false,
|
Successful: false,
|
||||||
Time: s.now.Add(-90 * time.Second),
|
Time: s.clock.Now().Add(-90 * time.Second),
|
||||||
},
|
},
|
||||||
models.AuthenticationAttempt{
|
models.AuthenticationAttempt{
|
||||||
Username: "john",
|
Username: "john",
|
||||||
Successful: true,
|
Successful: true,
|
||||||
Time: s.now.Add(-93 * time.Second),
|
Time: s.clock.Now().Add(-93 * time.Second),
|
||||||
},
|
},
|
||||||
// The user was almost banned but he did a successful attempt. Therefore, even if the next
|
// The user was almost banned but he did a successful attempt. Therefore, even if the next
|
||||||
// failure happens withing FindTime, he should not be banned.
|
// failure happens withing FindTime, he should not be banned.
|
||||||
models.AuthenticationAttempt{
|
models.AuthenticationAttempt{
|
||||||
Username: "john",
|
Username: "john",
|
||||||
Successful: false,
|
Successful: false,
|
||||||
Time: s.now.Add(-94 * time.Second),
|
Time: s.clock.Now().Add(-94 * time.Second),
|
||||||
},
|
},
|
||||||
models.AuthenticationAttempt{
|
models.AuthenticationAttempt{
|
||||||
Username: "john",
|
Username: "john",
|
||||||
Successful: false,
|
Successful: false,
|
||||||
Time: s.now.Add(-96 * time.Second),
|
Time: s.clock.Now().Add(-96 * time.Second),
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -243,7 +244,7 @@ func (s *RegulatorSuite) TestShouldCheckRegulationHasBeenResetOnSuccessfulAttemp
|
||||||
LoadLatestAuthenticationLogs(gomock.Eq("john"), gomock.Any()).
|
LoadLatestAuthenticationLogs(gomock.Eq("john"), gomock.Any()).
|
||||||
Return(attemptsInDB, nil)
|
Return(attemptsInDB, nil)
|
||||||
|
|
||||||
regulator := regulation.NewRegulator(&s.configuration, s.storageMock)
|
regulator := regulation.NewRegulator(&s.configuration, s.storageMock, &s.clock)
|
||||||
|
|
||||||
_, err := regulator.Regulate("john")
|
_, err := regulator.Regulate("john")
|
||||||
assert.NoError(s.T(), err)
|
assert.NoError(s.T(), err)
|
||||||
|
|
Loading…
Reference in New Issue