2021-12-24 00:57:39 +00:00
|
|
|
package test
|
|
|
|
|
|
|
|
|
|
import (
|
2022-01-09 12:05:37 +00:00
|
|
|
"fmt"
|
2022-01-22 19:54:41 +00:00
|
|
|
"net/url"
|
2021-12-24 00:57:39 +00:00
|
|
|
"testing"
|
|
|
|
|
|
2022-01-09 12:05:37 +00:00
|
|
|
"github.com/authorizerdev/authorizer/server/constants"
|
2021-12-24 00:57:39 +00:00
|
|
|
"github.com/authorizerdev/authorizer/server/db"
|
2022-01-17 06:02:13 +00:00
|
|
|
"github.com/authorizerdev/authorizer/server/envstore"
|
2021-12-24 00:57:39 +00:00
|
|
|
"github.com/authorizerdev/authorizer/server/graph/model"
|
|
|
|
|
"github.com/authorizerdev/authorizer/server/resolvers"
|
2022-01-22 19:54:41 +00:00
|
|
|
"github.com/authorizerdev/authorizer/server/sessionstore"
|
|
|
|
|
"github.com/authorizerdev/authorizer/server/utils"
|
2021-12-24 00:57:39 +00:00
|
|
|
"github.com/stretchr/testify/assert"
|
|
|
|
|
)
|
|
|
|
|
|
2022-01-17 06:02:13 +00:00
|
|
|
func sessionTests(t *testing.T, s TestSetup) {
|
|
|
|
|
t.Helper()
|
2021-12-24 00:57:39 +00:00
|
|
|
t.Run(`should allow access to profile with session only`, func(t *testing.T) {
|
|
|
|
|
req, ctx := createContext(s)
|
|
|
|
|
email := "session." + s.TestInfo.Email
|
|
|
|
|
|
2022-01-17 06:02:13 +00:00
|
|
|
resolvers.SignupResolver(ctx, model.SignUpInput{
|
2021-12-24 00:57:39 +00:00
|
|
|
Email: email,
|
|
|
|
|
Password: s.TestInfo.Password,
|
|
|
|
|
ConfirmPassword: s.TestInfo.Password,
|
|
|
|
|
})
|
|
|
|
|
|
2022-01-23 19:02:06 +00:00
|
|
|
_, err := resolvers.SessionResolver(ctx, &model.SessionQueryInput{})
|
2021-12-24 00:57:39 +00:00
|
|
|
assert.NotNil(t, err, "unauthorized")
|
|
|
|
|
|
2022-01-21 08:04:04 +00:00
|
|
|
verificationRequest, err := db.Provider.GetVerificationRequestByEmail(email, constants.VerificationTypeBasicAuthSignup)
|
2022-01-17 06:02:13 +00:00
|
|
|
verifyRes, err := resolvers.VerifyEmailResolver(ctx, model.VerifyEmailInput{
|
2021-12-24 00:57:39 +00:00
|
|
|
Token: verificationRequest.Token,
|
|
|
|
|
})
|
|
|
|
|
|
2022-01-22 19:54:41 +00:00
|
|
|
sessions := sessionstore.GetUserSessions(verifyRes.User.ID)
|
|
|
|
|
fingerPrint := ""
|
|
|
|
|
refreshToken := ""
|
|
|
|
|
for key, val := range sessions {
|
|
|
|
|
fingerPrint = key
|
|
|
|
|
refreshToken = val
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
fingerPrintHash, _ := utils.EncryptAES([]byte(fingerPrint))
|
|
|
|
|
|
2021-12-24 00:57:39 +00:00
|
|
|
token := *verifyRes.AccessToken
|
2022-02-28 02:25:01 +00:00
|
|
|
cookie := fmt.Sprintf("%s=%s;%s=%s;%s=%s", envstore.EnvStoreObj.GetStringStoreEnvVariable(constants.EnvKeyCookieName)+".fingerprint", url.QueryEscape(string(fingerPrintHash)), envstore.EnvStoreObj.GetStringStoreEnvVariable(constants.EnvKeyCookieName)+".refresh_token", refreshToken, envstore.EnvStoreObj.GetStringStoreEnvVariable(constants.EnvKeyCookieName)+".access_token", token)
|
2022-01-09 12:05:37 +00:00
|
|
|
|
2022-01-22 19:54:41 +00:00
|
|
|
req.Header.Set("Cookie", cookie)
|
|
|
|
|
|
2022-01-23 19:02:06 +00:00
|
|
|
_, err = resolvers.SessionResolver(ctx, &model.SessionQueryInput{})
|
2021-12-24 00:57:39 +00:00
|
|
|
assert.Nil(t, err)
|
|
|
|
|
|
|
|
|
|
cleanData(email)
|
|
|
|
|
})
|
|
|
|
|
}
|
