95 lines
3.1 KiB
Go
95 lines
3.1 KiB
Go
package apiserver
|
|
|
|
import (
|
|
"net/http"
|
|
"net/http/httptest"
|
|
"strings"
|
|
"testing"
|
|
|
|
log "github.com/sirupsen/logrus"
|
|
"github.com/stretchr/testify/assert"
|
|
)
|
|
|
|
func TestLogin(t *testing.T) {
|
|
router, config, err := NewAPITest()
|
|
if err != nil {
|
|
log.Fatalf("unable to run local API: %s", err)
|
|
}
|
|
|
|
body, err := CreateTestMachine(router)
|
|
if err != nil {
|
|
log.Fatalln(err.Error())
|
|
}
|
|
|
|
// Login with machine not validated yet
|
|
w := httptest.NewRecorder()
|
|
req, _ := http.NewRequest(http.MethodPost, "/v1/watchers/login", strings.NewReader(body))
|
|
req.Header.Add("User-Agent", UserAgent)
|
|
router.ServeHTTP(w, req)
|
|
|
|
assert.Equal(t, 401, w.Code)
|
|
assert.Equal(t, "{\"code\":401,\"message\":\"machine test not validated\"}", w.Body.String())
|
|
|
|
// Login with machine not exist
|
|
w = httptest.NewRecorder()
|
|
req, _ = http.NewRequest(http.MethodPost, "/v1/watchers/login", strings.NewReader("{\"machine_id\": \"test1\", \"password\": \"test1\"}"))
|
|
req.Header.Add("User-Agent", UserAgent)
|
|
router.ServeHTTP(w, req)
|
|
|
|
assert.Equal(t, 401, w.Code)
|
|
assert.Equal(t, "{\"code\":401,\"message\":\"ent: machine not found\"}", w.Body.String())
|
|
|
|
// Login with invalid body
|
|
w = httptest.NewRecorder()
|
|
req, _ = http.NewRequest(http.MethodPost, "/v1/watchers/login", strings.NewReader("test"))
|
|
req.Header.Add("User-Agent", UserAgent)
|
|
router.ServeHTTP(w, req)
|
|
|
|
assert.Equal(t, 401, w.Code)
|
|
assert.Equal(t, "{\"code\":401,\"message\":\"missing: invalid character 'e' in literal true (expecting 'r')\"}", w.Body.String())
|
|
|
|
// Login with invalid format
|
|
w = httptest.NewRecorder()
|
|
req, _ = http.NewRequest(http.MethodPost, "/v1/watchers/login", strings.NewReader("{\"machine_id\": \"test1\"}"))
|
|
req.Header.Add("User-Agent", UserAgent)
|
|
router.ServeHTTP(w, req)
|
|
|
|
assert.Equal(t, 401, w.Code)
|
|
assert.Equal(t, "{\"code\":401,\"message\":\"input format error\"}", w.Body.String())
|
|
|
|
//Validate machine
|
|
err = ValidateMachine("test", config.API.Server.DbConfig)
|
|
if err != nil {
|
|
log.Fatalln(err.Error())
|
|
}
|
|
|
|
// Login with invalid password
|
|
w = httptest.NewRecorder()
|
|
req, _ = http.NewRequest(http.MethodPost, "/v1/watchers/login", strings.NewReader("{\"machine_id\": \"test\", \"password\": \"test1\"}"))
|
|
req.Header.Add("User-Agent", UserAgent)
|
|
router.ServeHTTP(w, req)
|
|
|
|
assert.Equal(t, 401, w.Code)
|
|
assert.Equal(t, "{\"code\":401,\"message\":\"incorrect Username or Password\"}", w.Body.String())
|
|
|
|
// Login with valid machine
|
|
w = httptest.NewRecorder()
|
|
req, _ = http.NewRequest(http.MethodPost, "/v1/watchers/login", strings.NewReader(body))
|
|
req.Header.Add("User-Agent", UserAgent)
|
|
router.ServeHTTP(w, req)
|
|
|
|
assert.Equal(t, 200, w.Code)
|
|
assert.Contains(t, w.Body.String(), "\"token\"")
|
|
assert.Contains(t, w.Body.String(), "\"expire\"")
|
|
|
|
// Login with valid machine + scenarios
|
|
w = httptest.NewRecorder()
|
|
req, _ = http.NewRequest(http.MethodPost, "/v1/watchers/login", strings.NewReader("{\"machine_id\": \"test\", \"password\": \"test\", \"scenarios\": [\"crowdsecurity/test\", \"crowdsecurity/test2\"]}"))
|
|
req.Header.Add("User-Agent", UserAgent)
|
|
router.ServeHTTP(w, req)
|
|
|
|
assert.Equal(t, 200, w.Code)
|
|
assert.Contains(t, w.Body.String(), "\"token\"")
|
|
assert.Contains(t, w.Body.String(), "\"expire\"")
|
|
|
|
}
|