119 lines
3.3 KiB
Lua
119 lines
3.3 KiB
Lua
local lu = require("luaunit")
|
|
local ngx = require("ngx")
|
|
local b64 = require("ssso_base64")
|
|
local conf = require("ssso_config")
|
|
local crypt = require("ssso_crypto")
|
|
local login = require("ssso_login")
|
|
local sess = require("ssso_sessions")
|
|
local sites = require("ssso_sites")
|
|
|
|
local here = debug.getinfo(1).source:sub(2, -20)
|
|
conf.load_conf(here)
|
|
sites.load_sites(here)
|
|
|
|
function test_no_session_and_hint_401_if_no_cookie()
|
|
-- given
|
|
ngx.req.reset()
|
|
ngx.reset_var()
|
|
-- when
|
|
local s, h = sess.get_session()
|
|
-- then
|
|
lu.assertNil(s)
|
|
lu.assertEquals(h, 401)
|
|
end
|
|
|
|
function test_no_session_and_hint_401_if_empty_cookie()
|
|
-- given
|
|
ngx.req.reset()
|
|
ngx.reset_var()
|
|
ngx.var.cookie_SSSO_TOKEN = ""
|
|
-- when
|
|
local s, h = sess.get_session()
|
|
-- then
|
|
lu.assertNil(s)
|
|
lu.assertEquals(h, 401)
|
|
end
|
|
|
|
function test_no_session_and_hint_403_if_bad_cookie()
|
|
-- given
|
|
ngx.req.reset()
|
|
ngx.reset_var()
|
|
ngx.var.cookie_SSSO_TOKEN = "zzz"
|
|
-- when
|
|
local s, h = sess.get_session()
|
|
-- then
|
|
lu.assertNil(s)
|
|
lu.assertEquals(h, 403)
|
|
end
|
|
|
|
function test_session_and_cookie_renewal_if_good_cookie()
|
|
-- given
|
|
ngx.req.reset()
|
|
ngx.reset_header()
|
|
ngx.reset_var()
|
|
local data = {u = "bob"}
|
|
local c, _ = crypt.get_jws_and_tslimit(data)
|
|
ngx.var.cookie_SSSO_TOKEN = c
|
|
-- when
|
|
local s, h = sess.get_session()
|
|
-- then
|
|
lu.assertEquals(s, data)
|
|
lu.assertEquals(h, 200)
|
|
lu.assertNil(ngx.header["Set-Cookie"].link)
|
|
lu.assertStrMatches(ngx.header["Set-Cookie"].v, "SSSO_TOKEN=[^%.]+%.[^%.]+%.[^%.]+; Path=/; Expires=1626550390; Secure")
|
|
end
|
|
|
|
function test_good_basic_auth_credentials_generate_a_session_and_a_cookie()
|
|
-- given
|
|
ngx.req.reset()
|
|
ngx.reset_header()
|
|
ngx.reset_var()
|
|
ngx.var.Authentication = "Basic " .. b64.encode_base64("bob:goodpassword")
|
|
local expected = login.check_credentials_and_get_profile("bob", "goodpassword")
|
|
-- when
|
|
local s, h = sess.get_session()
|
|
-- then
|
|
lu.assertEquals(h, 200)
|
|
lu.assertEquals(s, expected)
|
|
lu.assertNil(ngx.header["Set-Cookie"].link)
|
|
lu.assertStrMatches(ngx.header["Set-Cookie"].v, "SSSO_TOKEN=[^%.]+%.[^%.]+%.[^%.]+; Path=/; Expires=1626550390; Secure")
|
|
end
|
|
|
|
function test_basic_auth_takes_precedence_over_cookie()
|
|
-- given
|
|
ngx.req.reset()
|
|
ngx.reset_header()
|
|
ngx.reset_var()
|
|
local data = {u = "forget me"}
|
|
local c, _ = crypt.get_jws_and_tslimit(data)
|
|
ngx.var.cookie_SSSO_TOKEN = c
|
|
ngx.var.Authentication = "Basic " .. b64.encode_base64("bob:goodpassword")
|
|
-- when
|
|
local s, h = sess.get_session()
|
|
-- then
|
|
lu.assertEquals(h, 200)
|
|
lu.assertEquals(s.u, "bob")
|
|
lu.assertNil(ngx.header["Set-Cookie"].link)
|
|
lu.assertStrMatches(ngx.header["Set-Cookie"].v, "SSSO_TOKEN=[^%.]+%.[^%.]+%.[^%.]+; Path=/; Expires=1626550390; Secure")
|
|
end
|
|
|
|
function test_basic_auth_ignored_if_invalid()
|
|
-- given
|
|
ngx.req.reset()
|
|
ngx.reset_header()
|
|
ngx.reset_var()
|
|
local data = {u = "do not forget me"}
|
|
local c, _ = crypt.get_jws_and_tslimit(data)
|
|
ngx.var.cookie_SSSO_TOKEN = c
|
|
ngx.var.Authentication = "Basic !!!!"
|
|
-- when
|
|
local s, h = sess.get_session()
|
|
-- then
|
|
lu.assertEquals(h, 200)
|
|
lu.assertEquals(s.u, "do not forget me")
|
|
lu.assertNil(ngx.header["Set-Cookie"].link)
|
|
lu.assertStrMatches(ngx.header["Set-Cookie"].v, "SSSO_TOKEN=[^%.]+%.[^%.]+%.[^%.]+; Path=/; Expires=1626550390; Secure")
|
|
end
|
|
|
|
os.exit(lu.LuaUnit.run())
|