-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathsession_test.go
87 lines (77 loc) · 2.42 KB
/
session_test.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
package sessions
import "testing"
import "net/http/httptest"
import "strings"
import "net/http"
func TestSessionCycle(t *testing.T) {
state := struct {
Message string
}{
Message: "testing",
}
key := "key"
store := NewMemStore(-1)
respRec := httptest.NewRecorder()
sid, err := BeginSession(key, store, &state, respRec)
if err != nil {
t.Errorf("error beginning session: %s\n", err.Error())
}
state2 := struct {
Message string
}{
Message: "",
}
store.Get(sid, &state2)
if state.Message != state2.Message {
t.Errorf("state was not saved to store: expected message to be %s, but got %s\n", state.Message, state2.Message)
}
auth := respRec.Header().Get(headerAuthorization)
if !strings.HasPrefix(auth, schemeBearer) {
t.Errorf("Authorization header value does not start with %s: got %s\n", schemeBearer, auth)
}
state2.Message = ""
req, _ := http.NewRequest("GET", "/", nil)
req.Header.Add(headerAuthorization, schemeBearer+sid.String())
sid2, err := GetState(req, key, store, &state2)
if err != nil {
t.Errorf("error getting state: %s\n", err.Error())
}
if state2.Message != state.Message {
t.Errorf("GetState did not retrieve expected state: expected message to be %s, but got %s\n", state.Message, state2.Message)
}
if sid.String() != sid2.String() {
t.Errorf("GetState returned incorrect SessionID: expected %s but got %s\n", sid.String(), sid2.String())
}
_, err = EndSession(req, key, store)
if err != nil {
t.Errorf("error ending session: %s\n", err.Error())
}
if err := store.Get(sid, &state2); err == nil {
t.Error("was able to get state from store after EndSession\n")
}
}
func TestGetSessionID(t *testing.T) {
key := "key"
sid, err := NewSessionID(key)
if err != nil {
t.Errorf("error generating new SessionID: %s\n", err.Error())
}
req, _ := http.NewRequest("GET", "/", nil)
_, err = GetSessionID(req, key)
if nil == err {
t.Errorf("no error when Authorization header is missing\n")
}
req.Header.Add(headerAuthorization, "Basic "+sid.String())
_, err = GetSessionID(req, key)
if nil == err {
t.Errorf("no error when Authorization scheme is invalid\n")
}
req.Header.Set(headerAuthorization, schemeBearer+sid.String())
sid2, err := GetSessionID(req, key)
if err != nil {
t.Errorf("error getting session id from request: %s\n", err.Error())
}
if sid2.String() != sid.String() {
t.Errorf("session IDs were different: expected %s but got %s\n", sid.String(), sid2.String())
}
}