add more test coverage

2024-10-22 02:03:24 +00:00 · 2016-02-24 14:17:51 -08:00 · 2016-02-24 14:17:51 -08:00 · db1a70f5c1
parent af569afd7e
commit db1a70f5c1
3 changed files with 68 additions and 5 deletions
--- a/lib/web/cookie.go
+++ b/lib/web/cookie.go
@ -20,8 +20,6 @@ import (
 	"encoding/hex"
 	"encoding/json"
 	"net/http"
-
-	log "github.com/Sirupsen/logrus"
 )

 // SessionCookie stores information about active user and session
@ -31,7 +29,6 @@ type SessionCookie struct {
 }

 func EncodeCookie(user, sid string) (string, error) {
-	log.Infof("Encod: %v %v", user, sid)
 	bytes, err := json.Marshal(SessionCookie{User: user, SID: sid})
 	if err != nil {
 		return "", err
@ -48,7 +45,6 @@ func DecodeCookie(b string) (*SessionCookie, error) {
 	if err := json.Unmarshal(bytes, &c); err != nil {
 		return nil, err
 	}
-	log.Infof("DEncod: %v %v", c.User, c.SID)
 	return c, nil
 }

--- a/lib/web/multi.go
+++ b/lib/web/multi.go
@ -148,7 +148,8 @@ func (m *MultiSiteHandler) createSession(w http.ResponseWriter, r *http.Request,

 	sess, err := m.auth.Auth(req.User, req.Pass, req.SecondFactorToken)
 	if err != nil {
-		return nil, trace.Wrap(err)
+		log.Infof("bad access credentials: %v", err)
+		return nil, trace.Wrap(teleport.AccessDenied("bad auth credentials"))
 	}
 	if err := SetSession(w, req.User, sess.ID); err != nil {
 		return nil, trace.Wrap(err)
--- a/lib/web/web_test.go
+++ b/lib/web/web_test.go
@ -339,6 +339,68 @@ func (s *WebSuite) TestWebSessionsCRUD(c *C) {

 	var sites *getSitesResponse
 	c.Assert(json.Unmarshal(re.Bytes(), &sites), IsNil)
+
+	// now delete session
+	_, err = pack.clt.Delete(
+		pack.clt.Endpoint("webapi", "sessions", pack.session.Token))
+	c.Assert(err, IsNil)
+
+	// subsequent requests trying to use this session will fail
+	re, err = pack.clt.Get(pack.clt.Endpoint("webapi", "sites"), url.Values{})
+	c.Assert(err, NotNil)
+	c.Assert(teleport.IsAccessDenied(err), Equals, true)
+}
+
+func (s *WebSuite) TestWebSessionsBadInput(c *C) {
+	user := "bob"
+	pass := "abc123"
+
+	hotpURL, _, err := s.roleAuth.UpsertPassword(user, []byte(pass))
+	c.Assert(err, IsNil)
+	otp, _, err := hotp.FromURL(hotpURL)
+	c.Assert(err, IsNil)
+	otp.Increment()
+
+	clt := s.client()
+
+	token := otp.OTP()
+
+	reqs := []createSessionReq{
+		// emtpy request
+		{},
+		// missing user
+		{
+			Pass:              pass,
+			SecondFactorToken: token,
+		},
+		// missing pass
+		{
+			User:              user,
+			SecondFactorToken: token,
+		},
+		// bad pass
+		{
+			User:              user,
+			Pass:              "bla bla",
+			SecondFactorToken: token,
+		},
+		// bad hotp token
+		{
+			User:              user,
+			Pass:              pass,
+			SecondFactorToken: "bad token",
+		},
+		// missing hotp token
+		{
+			User: user,
+			Pass: pass,
+		},
+	}
+	for i, req := range reqs {
+		_, err = clt.PostJSON(clt.Endpoint("webapi", "sessions"), req)
+		c.Assert(err, NotNil, Commentf("tc %v", i))
+		c.Assert(teleport.IsAccessDenied(err), Equals, true, Commentf("tc %v %T is not access denied", i, err))
+	}
 }

 type testClient struct {
@ -354,3 +416,7 @@ func (t *testClient) Get(
 	endpoint string, val url.Values) (*roundtrip.Response, error) {
 	return httplib.ConvertResponse(t.Client.Get(endpoint, val))
 }
+
+func (t *testClient) Delete(endpoint string) (*roundtrip.Response, error) {
+	return httplib.ConvertResponse(t.Client.Delete(endpoint))
+}