Merge pull request #208 from findy-network/tests-for-old-endpoints

tests for old endpoints & needed refactorings

.golangci.yml

@@ -1,6 +1,6 @@
 linters-settings:
   dupl:
-    threshold: 100
+    threshold: 120
   depguard:
     rules:
       main:

main.go

@@ -140,16 +140,16 @@ func newMuxWithRoutes() *mux.Router {
 	r := mux.NewRouter()
 
 	// Our legacy endpoints
-	r.HandleFunc("/register/begin/{username}", oldBeginRegistration).Methods("GET")
-	r.HandleFunc("/register/finish/{username}", oldFinishRegistration).Methods("POST")
-	r.HandleFunc("/login/begin/{username}", oldBeginLogin).Methods("GET")
-	r.HandleFunc("/login/finish/{username}", oldFinishLogin).Methods("POST")
+	r.HandleFunc(urlOldBeginRegister, oldBeginRegistration).Methods("GET")
+	r.HandleFunc(urlOldFinishRegister, oldFinishRegistration).Methods("POST")
+	r.HandleFunc(urlOldBeginLogin, oldBeginLogin).Methods("GET")
+	r.HandleFunc(urlOldFinishLogin, oldFinishLogin).Methods("POST")
 
 	// New Fido reference standard endpoints
-	r.HandleFunc("/assertion/options", BeginLogin).Methods("POST")
-	r.HandleFunc("/assertion/result", FinishLogin).Methods("POST")
-	r.HandleFunc("/attestation/options", BeginRegistration).Methods("POST")
-	r.HandleFunc("/attestation/result", FinishRegistration).Methods("POST")
+	r.HandleFunc(urlBeginLogin, BeginLogin).Methods("POST")
+	r.HandleFunc(urlFinishLogin, FinishLogin).Methods("POST")
+	r.HandleFunc(urlBeginRegister, BeginRegistration).Methods("POST")
+	r.HandleFunc(urlFinishRegister, FinishRegistration).Methods("POST")
 
 	if testUI {
 		glog.V(2).Info("testUI call")
@@ -374,9 +374,7 @@ func oldBeginRegistration(w http.ResponseWriter, r *http.Request) {
 		glog.Warningln("begin registration error:", err)
 	}))
 
-	vars := mux.Vars(r)
-	username, ok := vars["username"]
-	glog.V(1).Infoln("begin registration", username)
+	username, ok := oldGetUserName(r)
 	if !ok {
 		jsonResponse(w, fmt.Errorf("must supply a valid username i.e. [email protected]"),
 			http.StatusBadRequest)
@@ -438,15 +436,27 @@ func oldBeginRegistration(w http.ResponseWriter, r *http.Request) {
 	glog.V(1).Infoln("begin registration end", username)
 }
 
+func oldGetUserName(r *http.Request) (string, bool) {
+	vars := mux.Vars(r)
+	username, ok := vars["username"]
+	glog.V(1).Infoln("begin registration", username)
+	if !ok { // second try because gorilla mux isn't compatible with httptest
+		s := strings.Split(r.URL.Path, "/")
+		username = s[len(s)-1]
+		ok = username != ""
+	}
+	return username, ok
+}
+
 func oldFinishRegistration(w http.ResponseWriter, r *http.Request) {
 	defer err2.Catch(err2.Err(func(err error) {
 		glog.Warningln("BEGIN finish registration:", err)
 	}))
 
 	var err error
 
-	vars := mux.Vars(r)
-	username := vars["username"]
+	username, ok := oldGetUserName(r)
+	assert.That(ok)
 	glog.V(1).Infoln("finish registration", username)
 
 	defer err2.Handle(&err, func(err error) error {
@@ -482,8 +492,8 @@ func oldBeginLogin(w http.ResponseWriter, r *http.Request) {
 
 	var err error
 
-	vars := mux.Vars(r)
-	username := vars["username"]
+	username, ok := oldGetUserName(r)
+	assert.That(ok)
 	glog.V(1).Infoln("BEGIN begin login", username)
 
 	defer err2.Handle(&err, func(err error) error {
@@ -506,8 +516,8 @@ func oldFinishLogin(w http.ResponseWriter, r *http.Request) {
 
 	var err error
 
-	vars := mux.Vars(r)
-	username := vars["username"]
+	username, ok := oldGetUserName(r)
+	assert.That(ok)
 	glog.V(1).Infoln("BEGIN finish login:", username)
 
 	defer err2.Handle(&err, func(err error) error {
@@ -582,4 +592,9 @@ const (
 	urlFinishLogin    = "/assertion/result"
 	urlBeginRegister  = "/attestation/options"
 	urlFinishRegister = "/attestation/result"
+
+	urlOldBeginRegister  = "/register/begin/{username}"
+	urlOldFinishRegister = "/register/finish/{username}"
+	urlOldBeginLogin     = "/login/begin/{username}"
+	urlOldFinishLogin    = "/login/finish/{username}"
 )

main_test.go

@@ -13,6 +13,7 @@ import (
 	"net/http/httptest"
 	"net/url"
 	"os"
+	"strings"
 	"testing"
 
 	"github.com/findy-network/findy-agent-auth/acator"
@@ -39,13 +40,30 @@ var (
 	userLoginCfg = loginUserInfo{Username: "test-user"}
 )
 
-func TestRegisterBegin(t *testing.T) {
+func buildEndpoint(s, n string) string {
+	//return strings.Replace(s, "/{username}", "?username="+n, -1)
+	return strings.Replace(s, "{username}", n, -1)
+}
+
+func TestReplace(t *testing.T) {
+	defer assert.PushTester(t)()
+
+	s := buildEndpoint(urlOldBeginRegister, "new-user")
+	assert.That(len(s) < len(urlOldBeginRegister))
+	assert.Equal(s, "/register/begin/new-user")
+	s = buildEndpoint(urlOldFinishRegister, "new-user")
+	assert.That(len(s) < len(urlOldFinishRegister))
+	assert.Equal(s, "/register/finish/new-user")
+}
+
+func TestEndpoints(t *testing.T) {
 	t.Run("register", func(t *testing.T) {
 		defer assert.PushTester(t)()
-
 		ti := &testInfo{
 			sendPL:    try.To1(json.Marshal(userCfg)),
+			methods:   []string{"POST", "POST"},
 			endpoints: []string{urlBeginRegister, urlFinishRegister},
+			envelope:  []string{`{"publicKey": %s}`, `{"publicKey": %s}`},
 			calls: []func(w http.ResponseWriter, r *http.Request){
 				BeginRegistration, FinishRegistration,
 			},
@@ -57,10 +75,11 @@ func TestRegisterBegin(t *testing.T) {
 	})
 	t.Run("login", func(t *testing.T) {
 		defer assert.PushTester(t)()
-
 		ti := &testInfo{
 			sendPL:    try.To1(json.Marshal(userLoginCfg)),
+			methods:   []string{"POST", "POST"},
 			endpoints: []string{urlBeginLogin, urlFinishLogin},
+			envelope:  []string{`{"publicKey": %s}`, `{"publicKey": %s}`},
 			calls: []func(w http.ResponseWriter, r *http.Request){
 				BeginLogin, FinishLogin,
 			},
@@ -70,20 +89,60 @@ func TestRegisterBegin(t *testing.T) {
 		}
 		doTest(t, ti)
 	})
+
+	t.Run("old-register", func(t *testing.T) {
+		defer assert.PushTester(t)()
+		ti := &testInfo{
+			methods: []string{"GET", "POST"},
+			endpoints: []string{
+				buildEndpoint(urlOldBeginRegister, "oldtestuser"),
+				buildEndpoint(urlOldFinishRegister, "oldtestuser"),
+			},
+			calls: []func(w http.ResponseWriter, r *http.Request){
+				oldBeginRegistration, oldFinishRegistration,
+			},
+			buildCalls: []func(jsonStream io.Reader) (io.Reader, error){
+				acator.Register,
+			},
+		}
+		doTest(t, ti)
+	})
+	t.Run("old-login", func(t *testing.T) {
+		defer assert.PushTester(t)()
+		ti := &testInfo{
+			methods: []string{"GET", "POST"},
+			endpoints: []string{
+				buildEndpoint(urlOldBeginLogin, "oldtestuser"),
+				buildEndpoint(urlOldFinishLogin, "oldtestuser"),
+			},
+			calls: []func(w http.ResponseWriter, r *http.Request){
+				oldBeginLogin, oldFinishLogin,
+			},
+			buildCalls: []func(jsonStream io.Reader) (io.Reader, error){
+				acator.Login,
+			},
+		}
+		doTest(t, ti)
+	})
 }
 
 type testInfo struct {
 	sendPL     []byte
+	methods    []string
 	endpoints  []string
+	envelope   []string
 	calls      []func(w http.ResponseWriter, r *http.Request)
 	buildCalls []func(jsonStream io.Reader) (outStream io.Reader, err error)
 }
 
 func doTest(t *testing.T, ti *testInfo) {
 	t.Helper()
 
-	req1 := httptest.NewRequest(http.MethodPost, ti.endpoints[0],
-		bytes.NewReader(ti.sendPL))
+	var body io.Reader
+	if ti.sendPL != nil {
+		body = bytes.NewReader(ti.sendPL)
+	}
+	req1 := httptest.NewRequest(ti.methods[0], ti.endpoints[0], body)
 	w := httptest.NewRecorder()
 
 	ti.calls[0](w, req1)
@@ -94,11 +153,13 @@ func doTest(t *testing.T, ti *testInfo) {
 	assert.Equal(res.StatusCode, http.StatusOK)
 	assert.That(len(data) > 0)
 	s := string(data)
-	s = fmt.Sprintf(`{"publicKey": %s}`, s)
+	if ti.envelope != nil && ti.envelope[1] != "" {
+		s = fmt.Sprintf(ti.envelope[1], s)
+	}
 
 	repl := try.To1(ti.buildCalls[0](bytes.NewBufferString(s)))
 
-	req2 := httptest.NewRequest(http.MethodPost, ti.endpoints[1], repl)
+	req2 := httptest.NewRequest(ti.methods[1], ti.endpoints[1], repl)
 	req2.Header = http.Header{"Cookie": res.Header["Set-Cookie"]}
 	w = httptest.NewRecorder()