mirror of
https://github.com/gravitational/teleport
synced 2024-10-22 02:03:24 +00:00
add more test coverage
This commit is contained in:
parent
af569afd7e
commit
db1a70f5c1
|
@ -20,8 +20,6 @@ import (
|
|||
"encoding/hex"
|
||||
"encoding/json"
|
||||
"net/http"
|
||||
|
||||
log "github.com/Sirupsen/logrus"
|
||||
)
|
||||
|
||||
// SessionCookie stores information about active user and session
|
||||
|
@ -31,7 +29,6 @@ type SessionCookie struct {
|
|||
}
|
||||
|
||||
func EncodeCookie(user, sid string) (string, error) {
|
||||
log.Infof("Encod: %v %v", user, sid)
|
||||
bytes, err := json.Marshal(SessionCookie{User: user, SID: sid})
|
||||
if err != nil {
|
||||
return "", err
|
||||
|
@ -48,7 +45,6 @@ func DecodeCookie(b string) (*SessionCookie, error) {
|
|||
if err := json.Unmarshal(bytes, &c); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
log.Infof("DEncod: %v %v", c.User, c.SID)
|
||||
return c, nil
|
||||
}
|
||||
|
||||
|
|
|
@ -148,7 +148,8 @@ func (m *MultiSiteHandler) createSession(w http.ResponseWriter, r *http.Request,
|
|||
|
||||
sess, err := m.auth.Auth(req.User, req.Pass, req.SecondFactorToken)
|
||||
if err != nil {
|
||||
return nil, trace.Wrap(err)
|
||||
log.Infof("bad access credentials: %v", err)
|
||||
return nil, trace.Wrap(teleport.AccessDenied("bad auth credentials"))
|
||||
}
|
||||
if err := SetSession(w, req.User, sess.ID); err != nil {
|
||||
return nil, trace.Wrap(err)
|
||||
|
|
|
@ -339,6 +339,68 @@ func (s *WebSuite) TestWebSessionsCRUD(c *C) {
|
|||
|
||||
var sites *getSitesResponse
|
||||
c.Assert(json.Unmarshal(re.Bytes(), &sites), IsNil)
|
||||
|
||||
// now delete session
|
||||
_, err = pack.clt.Delete(
|
||||
pack.clt.Endpoint("webapi", "sessions", pack.session.Token))
|
||||
c.Assert(err, IsNil)
|
||||
|
||||
// subsequent requests trying to use this session will fail
|
||||
re, err = pack.clt.Get(pack.clt.Endpoint("webapi", "sites"), url.Values{})
|
||||
c.Assert(err, NotNil)
|
||||
c.Assert(teleport.IsAccessDenied(err), Equals, true)
|
||||
}
|
||||
|
||||
func (s *WebSuite) TestWebSessionsBadInput(c *C) {
|
||||
user := "bob"
|
||||
pass := "abc123"
|
||||
|
||||
hotpURL, _, err := s.roleAuth.UpsertPassword(user, []byte(pass))
|
||||
c.Assert(err, IsNil)
|
||||
otp, _, err := hotp.FromURL(hotpURL)
|
||||
c.Assert(err, IsNil)
|
||||
otp.Increment()
|
||||
|
||||
clt := s.client()
|
||||
|
||||
token := otp.OTP()
|
||||
|
||||
reqs := []createSessionReq{
|
||||
// emtpy request
|
||||
{},
|
||||
// missing user
|
||||
{
|
||||
Pass: pass,
|
||||
SecondFactorToken: token,
|
||||
},
|
||||
// missing pass
|
||||
{
|
||||
User: user,
|
||||
SecondFactorToken: token,
|
||||
},
|
||||
// bad pass
|
||||
{
|
||||
User: user,
|
||||
Pass: "bla bla",
|
||||
SecondFactorToken: token,
|
||||
},
|
||||
// bad hotp token
|
||||
{
|
||||
User: user,
|
||||
Pass: pass,
|
||||
SecondFactorToken: "bad token",
|
||||
},
|
||||
// missing hotp token
|
||||
{
|
||||
User: user,
|
||||
Pass: pass,
|
||||
},
|
||||
}
|
||||
for i, req := range reqs {
|
||||
_, err = clt.PostJSON(clt.Endpoint("webapi", "sessions"), req)
|
||||
c.Assert(err, NotNil, Commentf("tc %v", i))
|
||||
c.Assert(teleport.IsAccessDenied(err), Equals, true, Commentf("tc %v %T is not access denied", i, err))
|
||||
}
|
||||
}
|
||||
|
||||
type testClient struct {
|
||||
|
@ -354,3 +416,7 @@ func (t *testClient) Get(
|
|||
endpoint string, val url.Values) (*roundtrip.Response, error) {
|
||||
return httplib.ConvertResponse(t.Client.Get(endpoint, val))
|
||||
}
|
||||
|
||||
func (t *testClient) Delete(endpoint string) (*roundtrip.Response, error) {
|
||||
return httplib.ConvertResponse(t.Client.Delete(endpoint))
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue