Skip to content

Commit

Permalink
add additional tests
Browse files Browse the repository at this point in the history
  • Loading branch information
@tcely
tcely committed Mar 3, 2019
1 parent 55e3f3a commit c32b032
Show file tree
Hide file tree
Showing 3 changed files with 238 additions and 2 deletions.
185 changes: 185 additions & 0 deletions api_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -383,6 +383,130 @@ func TestApiManyUpdateWithCredentials(t *testing.T) {
}
}

func TestApiManyUpdateWithCredentialsInBody(t *testing.T) {
validTxtData := "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"

updateJSON := map[string]interface{}{
"username": "",
"password": "",
"subdomain": "",
"txt": ""}

router := setupRouter(true, false)
server := httptest.NewServer(router)
defer server.Close()
e := getExpect(t, server)
// User without defined CIDR masks
newUser, err := DB.Register(cidrslice{})
if err != nil {
t.Errorf("Could not create new user, got error [%v]", err)
}

// User with defined allow from - CIDR masks, all invalid
// (httpexpect doesn't provide a way to mock remote ip)
newUserWithCIDR, err := DB.Register(cidrslice{"192.168.1.1/32", "invalid"})
if err != nil {
t.Errorf("Could not create new user with CIDR, got error [%v]", err)
}

// Another user with valid CIDR mask to match the httpexpect default
newUserWithValidCIDR, err := DB.Register(cidrslice{"10.1.2.3/32", "invalid"})
if err != nil {
t.Errorf("Could not create new user with a valid CIDR, got error [%v]", err)
}

for _, test := range []struct {
user string
pass string
subdomain string
txt interface{}
status int
}{
{"non-uuid-user", "tooshortpass", "non-uuid-subdomain", validTxtData, 401},
{"a097455b-52cc-4569-90c8-7a4b97c6eba8", "tooshortpass", "bb97455b-52cc-4569-90c8-7a4b97c6eba8", validTxtData, 401},
{"a097455b-52cc-4569-90c8-7a4b97c6eba8", "LongEnoughPassButNoUserExists___________", "bb97455b-52cc-4569-90c8-7a4b97c6eba8", validTxtData, 401},
{newUser.Username.String(), newUser.Password, "a097455b-52cc-4569-90c8-7a4b97c6eba8", validTxtData, 401},
{newUser.Username.String(), newUser.Password, newUser.Subdomain, "tooshortfortxt", 400},
{newUser.Username.String(), newUser.Password, newUser.Subdomain, 1234567890, 401},
{newUser.Username.String(), newUser.Password, newUser.Subdomain, validTxtData, 200},
{newUserWithCIDR.Username.String(), newUserWithCIDR.Password, newUserWithCIDR.Subdomain, validTxtData, 401},
{newUserWithValidCIDR.Username.String(), newUserWithValidCIDR.Password, newUserWithValidCIDR.Subdomain, validTxtData, 200},
{newUser.Username.String(), "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx", newUser.Subdomain, validTxtData, 401},
} {
updateJSON = map[string]interface{}{
"username": test.user,
"password": test.pass,
"subdomain": test.subdomain,
"txt": test.txt}
e.POST("/update").
WithJSON(updateJSON).
WithHeader("X-Forwarded-For", "10.1.2.3").
Expect().
Status(test.status)
}
}

func TestApiManyUpdateWithPasswordInBody(t *testing.T) {
validTxtData := "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"

updateJSON := map[string]interface{}{
"password": "",
"subdomain": "",
"txt": ""}

router := setupRouter(true, false)
server := httptest.NewServer(router)
defer server.Close()
e := getExpect(t, server)
// User without defined CIDR masks
newUser, err := DB.Register(cidrslice{})
if err != nil {
t.Errorf("Could not create new user, got error [%v]", err)
}

// User with defined allow from - CIDR masks, all invalid
// (httpexpect doesn't provide a way to mock remote ip)
newUserWithCIDR, err := DB.Register(cidrslice{"192.168.1.1/32", "invalid"})
if err != nil {
t.Errorf("Could not create new user with CIDR, got error [%v]", err)
}

// Another user with valid CIDR mask to match the httpexpect default
newUserWithValidCIDR, err := DB.Register(cidrslice{"10.1.2.3/32", "invalid"})
if err != nil {
t.Errorf("Could not create new user with a valid CIDR, got error [%v]", err)
}

for _, test := range []struct {
user string
pass string
subdomain string
txt interface{}
status int
}{
{"non-uuid-user", "tooshortpass", "non-uuid-subdomain", validTxtData, 401},
{"a097455b-52cc-4569-90c8-7a4b97c6eba8", "tooshortpass", "bb97455b-52cc-4569-90c8-7a4b97c6eba8", validTxtData, 401},
{"a097455b-52cc-4569-90c8-7a4b97c6eba8", "LongEnoughPassButNoUserExists___________", "bb97455b-52cc-4569-90c8-7a4b97c6eba8", validTxtData, 401},
{newUser.Username.String(), newUser.Password, "a097455b-52cc-4569-90c8-7a4b97c6eba8", validTxtData, 401},
{newUser.Username.String(), newUser.Password, newUser.Subdomain, "tooshortfortxt", 400},
{newUser.Username.String(), newUser.Password, newUser.Subdomain, 1234567890, 401},
{newUser.Username.String(), newUser.Password, newUser.Subdomain, validTxtData, 200},
{newUserWithCIDR.Username.String(), newUserWithCIDR.Password, newUserWithCIDR.Subdomain, validTxtData, 401},
{newUserWithValidCIDR.Username.String(), newUserWithValidCIDR.Password, newUserWithValidCIDR.Subdomain, validTxtData, 200},
{newUser.Username.String(), "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx", newUser.Subdomain, validTxtData, 401},
} {
updateJSON = map[string]interface{}{
"password": test.pass,
"subdomain": test.subdomain,
"txt": test.txt}
e.POST("/update").
WithJSON(updateJSON).
WithHeader("X-Forwarded-For", "10.1.2.3").
Expect().
Status(test.status)
}
}

func TestApiManyUpdateWithIpCheckHeaders(t *testing.T) {

updateJSON := map[string]interface{}{
Expand Down Expand Up @@ -439,6 +563,67 @@ func TestApiManyUpdateWithIpCheckHeaders(t *testing.T) {
Config.API.UseHeader = false
}

func TestApiManyUpdateWithoutAuth(t *testing.T) {
validTxtData := "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"

updateJSON := map[string]interface{}{
"subdomain": "",
"txt": ""}

router := setupRouter(true, true)
server := httptest.NewServer(router)
defer server.Close()
e := getExpect(t, server)
// User without defined CIDR masks
newUser, err := DB.Register(cidrslice{})
if err != nil {
t.Errorf("Could not create new user, got error [%v]", err)
}

// User with defined allow from - CIDR masks, all invalid
// (httpexpect doesn't provide a way to mock remote ip)
newUserWithCIDR, err := DB.Register(cidrslice{"192.168.1.1/32", "invalid"})
if err != nil {
t.Errorf("Could not create new user with CIDR, got error [%v]", err)
}

// Another user with valid CIDR mask to match the httpexpect default
newUserWithValidCIDR, err := DB.Register(cidrslice{"10.1.2.3/32", "invalid"})
if err != nil {
t.Errorf("Could not create new user with a valid CIDR, got error [%v]", err)
}

for _, test := range []struct {
user string
pass string
subdomain string
txt interface{}
status int
}{
{"non-uuid-user", "tooshortpass", "non-uuid-subdomain", validTxtData, 400},
{"a097455b-52cc-4569-90c8-7a4b97c6eba8", "tooshortpass", "bb97455b-52cc-4569-90c8-7a4b97c6eba8", validTxtData, 200},
{"a097455b-52cc-4569-90c8-7a4b97c6eba8", "LongEnoughPassButNoUserExists___________", "bb97455b-52cc-4569-90c8-7a4b97c6eba8", validTxtData, 200},
{newUser.Username.String(), newUser.Password, "a097455b-52cc-4569-90c8-7a4b97c6eba8", validTxtData, 200},
{newUser.Username.String(), newUser.Password, newUser.Subdomain, "tooshortfortxt", 400},
{newUser.Username.String(), newUser.Password, newUser.Subdomain, 1234567890, 400},
{newUser.Username.String(), newUser.Password, newUser.Subdomain, validTxtData, 200},
{newUserWithCIDR.Username.String(), newUserWithCIDR.Password, newUserWithCIDR.Subdomain, validTxtData, 200},
{newUserWithValidCIDR.Username.String(), newUserWithValidCIDR.Password, newUserWithValidCIDR.Subdomain, validTxtData, 200},
{newUser.Username.String(), "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx", newUser.Subdomain, validTxtData, 200},
} {
updateJSON = map[string]interface{}{
"subdomain": test.subdomain,
"txt": test.txt}
e.POST("/update").
WithJSON(updateJSON).
WithHeader("X-Api-User", test.user).
WithHeader("X-Api-Key", test.pass).
WithHeader("X-Forwarded-For", "10.1.2.3").
Expect().
Status(test.status)
}
}

func TestApiHealthCheck(t *testing.T) {
router := setupRouter(false, false)
server := httptest.NewServer(router)
Expand Down
28 changes: 27 additions & 1 deletion db_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -76,6 +76,32 @@ func TestRegisterMany(t *testing.T) {
}
}

func TestGetBySubdomain(t *testing.T) {
// Create reg to refer to
reg, err := DB.Register(cidrslice{})
if err != nil {
t.Errorf("Registration failed, got error [%v]", err)
}

regUser, err := DB.GetBySubdomain(reg.Subdomain)
if err != nil {
t.Errorf("Could not get test user, got error [%v]", err)
}

if reg.Username != regUser.Username {
t.Errorf("GetBySubdomain username [%q] did not match the original [%q]", regUser.Username, reg.Username)
}

if reg.Subdomain != regUser.Subdomain {
t.Errorf("GetBySubdomain subdomain [%q] did not match the original [%q]", regUser.Subdomain, reg.Subdomain)
}

// regUser password already is a bcrypt hash
if !correctPassword(reg.Password, regUser.Password) {
t.Errorf("GetBySubdomain password [%s] does not match the hash [%s]", reg.Password, regUser.Password)
}
}

func TestGetByUsername(t *testing.T) {
// Create reg to refer to
reg, err := DB.Register(cidrslice{})
Expand All @@ -98,7 +124,7 @@ func TestGetByUsername(t *testing.T) {

// regUser password already is a bcrypt hash
if !correctPassword(reg.Password, regUser.Password) {
t.Errorf("The password [%s] does not match the hash [%s]", reg.Password, regUser.Password)
t.Errorf("GetByUsername password [%s] does not match the hash [%s]", reg.Password, regUser.Password)
}
}

Expand Down
27 changes: 26 additions & 1 deletion validation_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,31 @@ import (
"github.com/google/uuid"
)

func TestGetValidSubdomain(t *testing.T) {
v1, _ := uuid.Parse("a097455b-52cc-4569-90c8-7a4b97c6eba8")
for i, test := range []struct {
subdomain string
output uuid.UUID
shouldErr bool
}{
{"a097455b-52cc-4569-90c8-7a4b97c6eba8", v1, false},
{"a-97455b-52cc-4569-90c8-7a4b97c6eba8", uuid.UUID{}, true},
{"", uuid.UUID{}, true},
{"&!#!25123!%!'%", uuid.UUID{}, true},
} {
ret, err := getValidSubdomain(test.subdomain)
if test.shouldErr && err == nil {
t.Errorf("Test %d: Expected error, but there was none", i)
}
if !test.shouldErr && err != nil {
t.Errorf("Test %d: Expected no error, but got [%v]", i, err)
}
if ret != test.output {
t.Errorf("Test %d: Expected return value %v, but got %v", i, test.output, ret)
}
}
}

func TestGetValidUsername(t *testing.T) {
v1, _ := uuid.Parse("a097455b-52cc-4569-90c8-7a4b97c6eba8")
for i, test := range []struct {
Expand Down Expand Up @@ -49,7 +74,7 @@ func TestValidKey(t *testing.T) {
}
}

func TestGetValidSubdomain(t *testing.T) {
func TestValidSubdomain(t *testing.T) {
for i, test := range []struct {
subdomain string
output bool
Expand Down

0 comments on commit c32b032

Please sign in to comment.