local lu = require("luaunit") local ngx = require("ngx") local b64 = require("ssso_base64") local conf = require("ssso_config") local crypt = require("ssso_crypto") local login = require("ssso_login") local sess = require("ssso_sessions") local sites = require("ssso_sites") local here = debug.getinfo(1).source:sub(2, -20) conf.load_conf(here) sites.load_sites(here) function test_no_session_and_hint_401_if_no_cookie() -- given ngx.req.reset() ngx.reset_var() -- when local s, h = sess.get_session() -- then lu.assertNil(s) lu.assertEquals(h, 401) end function test_no_session_and_hint_401_if_empty_cookie() -- given ngx.req.reset() ngx.reset_var() ngx.var.cookie_SSSO_TOKEN = "" -- when local s, h = sess.get_session() -- then lu.assertNil(s) lu.assertEquals(h, 401) end function test_no_session_and_hint_403_if_bad_cookie() -- given ngx.req.reset() ngx.reset_var() ngx.var.cookie_SSSO_TOKEN = "zzz" -- when local s, h = sess.get_session() -- then lu.assertNil(s) lu.assertEquals(h, 403) end function test_session_and_cookie_renewal_if_good_cookie() -- given ngx.req.reset() ngx.reset_header() ngx.reset_var() local profile = sites.class__profile:build_from_lists("bob", nil, nil, nil, {}, {}) local c, _ = crypt.get_jws_and_tslimit(profile) ngx.var.cookie_SSSO_TOKEN = c -- when local s, h = sess.get_session() -- then lu.assertEquals(s, profile) lu.assertEquals(h, 200) lu.assertNil(ngx.header["Set-Cookie"].link) lu.assertStrMatches(ngx.header["Set-Cookie"].v, "SSSO_TOKEN=[^%.]+%.[^%.]+%.[^%.]+; Path=/; Expires=1626550390; Secure") end function test_good_basic_auth_credentials_generate_a_session_and_a_cookie() -- given ngx.req.reset() ngx.reset_header() ngx.reset_var() ngx.var.Authentication = "Basic " .. b64.encode_base64("bob:goodpassword") local expected = login.check_credentials_and_get_profile("bob", "goodpassword") -- when local s, h = sess.get_session() -- then lu.assertEquals(h, 200) lu.assertEquals(s, expected) lu.assertNil(ngx.header["Set-Cookie"].link) lu.assertStrMatches(ngx.header["Set-Cookie"].v, "SSSO_TOKEN=[^%.]+%.[^%.]+%.[^%.]+; Path=/; Expires=1626550390; Secure") end function test_basic_auth_takes_precedence_over_cookie() -- given ngx.req.reset() ngx.reset_header() ngx.reset_var() local profile = sites.class__profile:build_from_lists("forget me", nil, nil, nil, {}, {}) local c, _ = crypt.get_jws_and_tslimit(profile) ngx.var.cookie_SSSO_TOKEN = c ngx.var.Authentication = "Basic " .. b64.encode_base64("bob:goodpassword") -- when local s, h = sess.get_session() -- then lu.assertEquals(h, 200) lu.assertEquals(s:user(), "bob") lu.assertNil(ngx.header["Set-Cookie"].link) lu.assertStrMatches(ngx.header["Set-Cookie"].v, "SSSO_TOKEN=[^%.]+%.[^%.]+%.[^%.]+; Path=/; Expires=1626550390; Secure") end function test_basic_auth_ignored_if_invalid() -- given ngx.req.reset() ngx.reset_header() ngx.reset_var() local profile = sites.class__profile:build_from_lists("do not forget me", nil, nil, nil, {}, {}) local c, _ = crypt.get_jws_and_tslimit(profile) ngx.var.cookie_SSSO_TOKEN = c ngx.var.Authentication = "Basic !!!!" -- when local s, h = sess.get_session() -- then lu.assertEquals(h, 200) lu.assertEquals(s:user(), "do not forget me") lu.assertNil(ngx.header["Set-Cookie"].link) lu.assertStrMatches(ngx.header["Set-Cookie"].v, "SSSO_TOKEN=[^%.]+%.[^%.]+%.[^%.]+; Path=/; Expires=1626550390; Secure") end os.exit(lu.LuaUnit.run())