Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

refactor: refactor mfa tests #1322

Merged
merged 5 commits into from
Nov 28, 2023
Merged

refactor: refactor mfa tests #1322

Changes from 1 commit
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
0a4a92a
refactor: split out enroll tests
Nov 28, 2023
75affce
refactor: move setup up
Nov 28, 2023
56fd743
refactor: pull out verify
Nov 28, 2023
eecc993
refactor: update naming
Nov 28, 2023
aa4cdaa
refactor: remove unneeded setup, add performChallengeFlow
Nov 28, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Next Next commit
refactor: split out enroll tests
  • Loading branch information
joel@joellee.org committed Nov 28, 2023
commit 0a4a92aee9d3195cea5ecef0a88a4a64c83cfaa5
39 changes: 20 additions & 19 deletions internal/api/mfa_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -80,6 +80,12 @@ func (ts *MFATestSuite) SetupTest() {
func (ts *MFATestSuite) TestEnrollFactor() {
testFriendlyName := "bob"
alternativeFriendlyName := "john"
user, err := models.FindUserByEmailAndAudience(ts.API.db, "test@example.com", ts.Config.JWT.Aud)
ts.Require().NoError(err)

token, _, err := generateAccessToken(ts.API.db, user, nil, &ts.Config.JWT)

require.NoError(ts.T(), err)
var cases = []struct {
desc string
friendlyName string
Expand Down Expand Up @@ -119,20 +125,8 @@ func (ts *MFATestSuite) TestEnrollFactor() {
}
for _, c := range cases {
ts.Run(c.desc, func() {
var buffer bytes.Buffer
require.NoError(ts.T(), json.NewEncoder(&buffer).Encode(map[string]string{"friendly_name": c.friendlyName, "factor_type": c.factorType, "issuer": c.issuer}))
J0 marked this conversation as resolved.
Show resolved Hide resolved
user, err := models.FindUserByEmailAndAudience(ts.API.db, "test@example.com", ts.Config.JWT.Aud)
ts.Require().NoError(err)

token, _, err := generateAccessToken(ts.API.db, user, nil, &ts.Config.JWT)
require.NoError(ts.T(), err)

w := httptest.NewRecorder()
req := httptest.NewRequest(http.MethodPost, "/factors", &buffer)
req.Header.Set("Authorization", fmt.Sprintf("Bearer %s", token))
req.Header.Set("Content-Type", "application/json")
ts.API.handler.ServeHTTP(w, req)
require.Equal(ts.T(), c.expectedCode, w.Code)
w := enroll(ts, token, c.friendlyName, c.factorType, c.issuer, c.expectedCode)

factors, err := models.FindFactorsByUser(ts.API.db, user)
ts.Require().NoError(err)
Expand Down Expand Up @@ -176,6 +170,8 @@ func (ts *MFATestSuite) TestChallengeFactor() {
}

func (ts *MFATestSuite) TestMFAVerifyFactor() {
user, err := models.FindUserByEmailAndAudience(ts.API.db, ts.TestEmail, ts.Config.JWT.Aud)
J0 marked this conversation as resolved.
Show resolved Hide resolved
ts.Require().NoError(err)
cases := []struct {
desc string
validChallenge bool
Expand Down Expand Up @@ -204,8 +200,7 @@ func (ts *MFATestSuite) TestMFAVerifyFactor() {
for _, v := range cases {
ts.Run(v.desc, func() {
// Authenticate users and set secret
user, err := models.FindUserByEmailAndAudience(ts.API.db, ts.TestEmail, ts.Config.JWT.Aud)
ts.Require().NoError(err)

var buffer bytes.Buffer
r, err := models.GrantAuthenticatedUser(ts.API.db, user, models.GrantParams{})
require.NoError(ts.T(), err)
Expand Down Expand Up @@ -464,25 +459,31 @@ func signUpAndVerify(ts *MFATestSuite, email, password string) (verifyResp *Acce

}

func enrollAndVerify(ts *MFATestSuite, user *models.User, token string) (verifyResp *AccessTokenResponse) {
func enroll(ts *MFATestSuite, token, friendlyName, factorType, issuer string, expectedCode int) *httptest.ResponseRecorder {
J0 marked this conversation as resolved.
Show resolved Hide resolved
var buffer bytes.Buffer
w := httptest.NewRecorder()
require.NoError(ts.T(), json.NewEncoder(&buffer).Encode(map[string]string{"friendly_name": "john", "factor_type": models.TOTP, "issuer": ts.TestDomain}))
require.NoError(ts.T(), json.NewEncoder(&buffer).Encode(map[string]string{"friendly_name": friendlyName, "factor_type": factorType, "issuer": issuer}))

req := httptest.NewRequest(http.MethodPost, "http://localhost/factors/", &buffer)
req.Header.Set("Authorization", fmt.Sprintf("Bearer %s", token))
req.Header.Set("Content-Type", "application/json")

ts.API.handler.ServeHTTP(w, req)
require.Equal(ts.T(), http.StatusOK, w.Code)
require.Equal(ts.T(), expectedCode, w.Code)
return w

}

func enrollAndVerify(ts *MFATestSuite, user *models.User, token string) (verifyResp *AccessTokenResponse) {
w := enroll(ts, token, "", models.TOTP, ts.TestDomain, http.StatusOK)
enrollResp := EnrollFactorResponse{}
require.NoError(ts.T(), json.NewDecoder(w.Body).Decode(&enrollResp))
factorID := enrollResp.ID

// Challenge
var challengeBuffer bytes.Buffer
x := httptest.NewRecorder()
req = httptest.NewRequest(http.MethodPost, fmt.Sprintf("http://localhost/factors/%s/challenge", factorID), &challengeBuffer)
req := httptest.NewRequest(http.MethodPost, fmt.Sprintf("http://localhost/factors/%s/challenge", factorID), &challengeBuffer)
req.Header.Set("Authorization", fmt.Sprintf("Bearer %s", token))
req.Header.Set("Content-Type", "application/json")
ts.API.handler.ServeHTTP(x, req)
Expand Down