authelia/internal/suites/scenario_inactivity_test.go

139 lines
3.2 KiB
Go

package suites
import (
"context"
"fmt"
"log"
"testing"
"time"
"github.com/stretchr/testify/suite"
)
type InactivityScenario struct {
*RodSuite
secret string
}
func NewInactivityScenario() *InactivityScenario {
return &InactivityScenario{
RodSuite: new(RodSuite),
}
}
func (s *InactivityScenario) SetupSuite() {
browser, err := StartRod()
if err != nil {
log.Fatal(err)
}
s.RodSession = browser
ctx, cancel := context.WithTimeout(context.Background(), 20*time.Second)
defer func() {
cancel()
s.collectScreenshot(ctx.Err(), s.Page)
s.collectCoverage(s.Page)
s.MustClose()
}()
s.Page = s.doCreateTab(s.T(), HomeBaseURL)
targetURL := fmt.Sprintf("%s/secret.html", AdminBaseURL)
s.secret = s.doRegisterAndLogin2FA(s.T(), s.Context(ctx), "john", "password", false, targetURL)
s.verifySecretAuthorized(s.T(), s.Context(ctx))
}
func (s *InactivityScenario) TearDownSuite() {
err := s.RodSession.Stop()
if err != nil {
log.Fatal(err)
}
}
func (s *InactivityScenario) SetupTest() {
s.Page = s.doCreateTab(s.T(), HomeBaseURL)
s.verifyIsHome(s.T(), s.Page)
}
func (s *InactivityScenario) TearDownTest() {
s.collectCoverage(s.Page)
s.MustClose()
}
func (s *InactivityScenario) TestShouldRequireReauthenticationAfterInactivityPeriod() {
ctx, cancel := context.WithTimeout(context.Background(), 20*time.Second)
defer func() {
cancel()
s.collectScreenshot(ctx.Err(), s.Page)
}()
targetURL := fmt.Sprintf("%s/secret.html", AdminBaseURL)
s.doLoginTwoFactor(s.T(), s.Context(ctx), "john", "password", false, s.secret, "")
s.doVisit(s.T(), s.Context(ctx), HomeBaseURL)
s.verifyIsHome(s.T(), s.Context(ctx))
time.Sleep(6 * time.Second)
s.doVisit(s.T(), s.Context(ctx), targetURL)
s.verifyIsFirstFactorPage(s.T(), s.Context(ctx))
}
func (s *InactivityScenario) TestShouldRequireReauthenticationAfterCookieExpiration() {
ctx, cancel := context.WithTimeout(context.Background(), 20*time.Second)
defer func() {
cancel()
s.collectScreenshot(ctx.Err(), s.Page)
}()
targetURL := fmt.Sprintf("%s/secret.html", AdminBaseURL)
s.doLoginTwoFactor(s.T(), s.Context(ctx), "john", "password", false, s.secret, "")
for i := 0; i < 3; i++ {
s.doVisit(s.T(), s.Context(ctx), HomeBaseURL)
s.verifyIsHome(s.T(), s.Context(ctx))
time.Sleep(2 * time.Second)
s.doVisit(s.T(), s.Context(ctx), targetURL)
s.verifySecretAuthorized(s.T(), s.Context(ctx))
}
time.Sleep(2 * time.Second)
s.doVisit(s.T(), s.Context(ctx), targetURL)
s.verifyIsFirstFactorPage(s.T(), s.Context(ctx))
}
func (s *InactivityScenario) TestShouldDisableCookieExpirationAndInactivity() {
ctx, cancel := context.WithTimeout(context.Background(), 30*time.Second)
defer func() {
cancel()
s.collectScreenshot(ctx.Err(), s.Page)
}()
targetURL := fmt.Sprintf("%s/secret.html", AdminBaseURL)
s.doLoginTwoFactor(s.T(), s.Context(ctx), "john", "password", true, s.secret, "")
s.doVisit(s.T(), s.Context(ctx), HomeBaseURL)
s.verifyIsHome(s.T(), s.Context(ctx))
time.Sleep(10 * time.Second)
s.doVisit(s.T(), s.Context(ctx), targetURL)
s.verifySecretAuthorized(s.T(), s.Context(ctx))
}
func TestInactivityScenario(t *testing.T) {
if testing.Short() {
t.Skip("skipping suite test in short mode")
}
suite.Run(t, NewInactivityScenario())
}