We use cookies to ensure you get the best experience on our website
탐색 도움말
가입하기 로그인
0ct0pu5
/
crowdsec
1
0
포크 0
파일 이슈 0 풀 리퀘스트 0 위키
트리: 0449ec1868
브랜치 태그
crowdsec
/
pkg
/
apiserver
/
jwt_test.go

jwt_test.go 3.1 KB
히스토리 Raw

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192939495 
  1. package apiserver
    2. 

  2. 

  3. import (
    4. 

  4. 	"net/http"
    5. 

  5. 	"net/http/httptest"
    6. 

  6. 	"strings"
    7. 

  7. 	"testing"
    8. 

  8. 

  9. 	log "github.com/sirupsen/logrus"
    10. 

  10. 	"github.com/stretchr/testify/assert"
    11. 

  11. )
    12. 

  12. 

  13. func TestLogin(t *testing.T) {
    14. 

  14. 	router, config, err := NewAPITest()
    15. 

  15. 	if err != nil {
    16. 

  16. 		log.Fatalf("unable to run local API: %s", err)
    17. 

  17. 	}
    18. 

  18. 

  19. 	body, err := CreateTestMachine(router)
    20. 

  20. 	if err != nil {
    21. 

  21. 		log.Fatalln(err.Error())
    22. 

  22. 	}
    23. 

  23. 

  24. 	// Login with machine not validated yet
    25. 

  25. 	w := httptest.NewRecorder()
    26. 

  26. 	req, _ := http.NewRequest("POST", "/v1/watchers/login", strings.NewReader(body))
    27. 

  27. 	req.Header.Add("User-Agent", UserAgent)
    28. 

  28. 	router.ServeHTTP(w, req)
    29. 

  29. 

  30. 	assert.Equal(t, 401, w.Code)
    31. 

  31. 	assert.Equal(t, "{\"code\":401,\"message\":\"machine test not validated\"}", w.Body.String())
    32. 

  32. 

  33. 	// Login with machine not exist
    34. 

  34. 	w = httptest.NewRecorder()
    35. 

  35. 	req, _ = http.NewRequest("POST", "/v1/watchers/login", strings.NewReader("{\"machine_id\": \"test1\", \"password\": \"test1\"}"))
    36. 

  36. 	req.Header.Add("User-Agent", UserAgent)
    37. 

  37. 	router.ServeHTTP(w, req)
    38. 

  38. 

  39. 	assert.Equal(t, 401, w.Code)
    40. 

  40. 	assert.Equal(t, "{\"code\":401,\"message\":\"ent: machine not found\"}", w.Body.String())
    41. 

  41. 

  42. 	// Login with invalid body
    43. 

  43. 	w = httptest.NewRecorder()
    44. 

  44. 	req, _ = http.NewRequest("POST", "/v1/watchers/login", strings.NewReader("test"))
    45. 

  45. 	req.Header.Add("User-Agent", UserAgent)
    46. 

  46. 	router.ServeHTTP(w, req)
    47. 

  47. 

  48. 	assert.Equal(t, 401, w.Code)
    49. 

  49. 	assert.Equal(t, "{\"code\":401,\"message\":\"missing : invalid character 'e' in literal true (expecting 'r')\"}", w.Body.String())
    50. 

  50. 

  51. 	// Login with invalid format
    52. 

  52. 	w = httptest.NewRecorder()
    53. 

  53. 	req, _ = http.NewRequest("POST", "/v1/watchers/login", strings.NewReader("{\"machine_id\": \"test1\"}"))
    54. 

  54. 	req.Header.Add("User-Agent", UserAgent)
    55. 

  55. 	router.ServeHTTP(w, req)
    56. 

  56. 

  57. 	assert.Equal(t, 401, w.Code)
    58. 

  58. 	assert.Equal(t, "{\"code\":401,\"message\":\"input format error\"}", w.Body.String())
    59. 

  59. 

  60. 	//Validate machine
    61. 

  61. 	err = ValidateMachine("test", config.API.Server.DbConfig)
    62. 

  62. 	if err != nil {
    63. 

  63. 		log.Fatalln(err.Error())
    64. 

  64. 	}
    65. 

  65. 

  66. 	// Login with invalid password
    67. 

  67. 	w = httptest.NewRecorder()
    68. 

  68. 	req, _ = http.NewRequest("POST", "/v1/watchers/login", strings.NewReader("{\"machine_id\": \"test\", \"password\": \"test1\"}"))
    69. 

  69. 	req.Header.Add("User-Agent", UserAgent)
    70. 

  70. 	router.ServeHTTP(w, req)
    71. 

  71. 

  72. 	assert.Equal(t, 401, w.Code)
    73. 

  73. 	assert.Equal(t, "{\"code\":401,\"message\":\"incorrect Username or Password\"}", w.Body.String())
    74. 

  74. 

  75. 	// Login with valid machine
    76. 

  76. 	w = httptest.NewRecorder()
    77. 

  77. 	req, _ = http.NewRequest("POST", "/v1/watchers/login", strings.NewReader(body))
    78. 

  78. 	req.Header.Add("User-Agent", UserAgent)
    79. 

  79. 	router.ServeHTTP(w, req)
    80. 

  80. 

  81. 	assert.Equal(t, 200, w.Code)
    82. 

  82. 	assert.Contains(t, w.Body.String(), "\"token\"")
    83. 

  83. 	assert.Contains(t, w.Body.String(), "\"expire\"")
    84. 

  84. 

  85. 	// Login with valid machine + scenarios
    86. 

  86. 	w = httptest.NewRecorder()
    87. 

  87. 	req, _ = http.NewRequest("POST", "/v1/watchers/login", strings.NewReader("{\"machine_id\": \"test\", \"password\": \"test\", \"scenarios\": [\"crowdsecurity/test\", \"crowdsecurity/test2\"]}"))
    88. 

  88. 	req.Header.Add("User-Agent", UserAgent)
    89. 

  89. 	router.ServeHTTP(w, req)
    90. 

  90. 

  91. 	assert.Equal(t, 200, w.Code)
    92. 

  92. 	assert.Contains(t, w.Body.String(), "\"token\"")
    93. 

  93. 	assert.Contains(t, w.Body.String(), "\"expire\"")
    94. 

  94. 

  95. }
    96.

Contact | Legal | Takedown | Status
Self-hosted public services - About
NibbleSpot by 0ct0pu5