diff --git a/lib/session/main.go b/lib/session/main.go index 87b772d..075ba9c 100644 --- a/lib/session/main.go +++ b/lib/session/main.go @@ -31,6 +31,6 @@ func SessionStart(w http.ResponseWriter, r *http.Request) assession.Session { } // SessionDestroy destroy a session on a request -func SessionDestroy(w http.ResponseWriter, r *http.Request) assession.Session { - return SessionDestroy(w, r) +func SessionDestroy(w http.ResponseWriter, r *http.Request) { + data.SessionDestroy(w, r) } diff --git a/system/api.go b/system/api.go index d8f3958..2387415 100644 --- a/system/api.go +++ b/system/api.go @@ -63,7 +63,7 @@ func logout(ctx context.Context, w http.ResponseWriter, r *http.Request) (return libsession.SessionDestroy(w, r) logger := log.GetLog(r, "logout") if login := sess.Get("login"); login != nil { - logger = logger.WithField("user", login.(Login).Username) + logger = logger.WithField("user", login.(*Login).Username) } sess.Delete("login") sess.Delete("profil") @@ -98,7 +98,7 @@ func login(ctx context.Context, w http.ResponseWriter, r *http.Request) (returnd if output { returndata = true dbconnection.Model(&login).Update("LastLoginAt", time.Now()) - sess.Set("login", login) + sess.Set("login", &login) logger.Info("done") } else { logger.Warn("wrong password") @@ -122,8 +122,7 @@ func password(ctx context.Context, w http.ResponseWriter, r *http.Request) (retu err := json.NewDecoder(r.Body).Decode(&changePasswordRequest) if err != nil { logger.Error("fetch request") - http.Error(w, err.Error(), http.StatusInternalServerError) - returnerr = &libapi.ErrorResult{Message: "Internal Request Error"} + http.Error(w, err.Error(), http.StatusBadRequest) return } output, _ := libpassword.Validate(login.Password, changePasswordRequest.CurrentPassword) @@ -144,7 +143,7 @@ func password(ctx context.Context, w http.ResponseWriter, r *http.Request) (retu returnerr = &libapi.ErrorResult{Message: "Error save new password"} return } - sess.Set("login", *login) + sess.Set("login", login) logger.Info("done") returndata = true return @@ -191,8 +190,7 @@ func inviteAdd(ctx context.Context, w http.ResponseWriter, r *http.Request) (ret err := json.NewDecoder(r.Body).Decode(&newLogin) if err != nil { logger.Error("fetch request") - http.Error(w, err.Error(), http.StatusInternalServerError) - returnerr = &libapi.ErrorResult{Message: "Internal Request Error"} + http.Error(w, err.Error(), http.StatusBadRequest) return } invite := &Invite{ @@ -224,8 +222,8 @@ func loginList(ctx context.Context, w http.ResponseWriter, r *http.Request) (ret selectfield = "ID, mail, superadmin, active" } if err := dbconnection.Select(selectfield).Find(&logins).Error; err != nil { - logger.Warn("sql edit login") - returnerr = &libapi.ErrorResult{Message: "Error during edit login"} + logger.Warn("sql list login") + returnerr = &libapi.ErrorResult{Message: "Error during list login"} return } logger.Info("done") @@ -247,8 +245,7 @@ func loginAdd(ctx context.Context, w http.ResponseWriter, r *http.Request) (retu err := json.NewDecoder(r.Body).Decode(&newLogin) if err != nil { logger.Error("fetch request") - http.Error(w, err.Error(), http.StatusInternalServerError) - returnerr = &libapi.ErrorResult{Message: "Internal Request Error"} + http.Error(w, err.Error(), http.StatusBadRequest) return } loginObj := Login{ @@ -283,8 +280,7 @@ func loginEdit(ctx context.Context, w http.ResponseWriter, r *http.Request) (ret err = json.NewDecoder(r.Body).Decode(&changeLogin) if err != nil { logger.Error("fetch request") - http.Error(w, err.Error(), http.StatusInternalServerError) - returnerr = &libapi.ErrorResult{Message: "Internal Request Error"} + http.Error(w, err.Error(), http.StatusBadRequest) return } diff --git a/system/api_test.go b/system/api_test.go index ceca6a1..01b3e4a 100644 --- a/system/api_test.go +++ b/system/api_test.go @@ -19,20 +19,26 @@ func TestAPI(t *testing.T) { BindAPI(db, router, "") session := test.NewSession(router) - // Test status + /* + * TEST status + */ result, w := session.JSONRequest("GET", "/status", nil) assert.Equal(w.StatusCode, http.StatusOK) assert.Nil(result.Error) assert.Equal(result.Data, true) - // Test login + /* + * TEST login + */ result, w = session.JSONRequest("POST", "/login", RequestLogin{Username: "root", Password: "root2"}) assert.Equal(w.StatusCode, http.StatusOK) assert.Equal(result.Data, false) + assert.Equal(result.Error.Fields[0], "password") result, w = session.JSONRequest("POST", "/login", RequestLogin{Username: "root2", Password: "root"}) assert.Equal(w.StatusCode, http.StatusOK) assert.Equal(result.Data, false) + assert.Equal(result.Error.Fields[0], "username") result, w = session.JSONRequest("POST", "/login", []byte{2, 3}) assert.Equal(w.StatusCode, http.StatusBadRequest) @@ -41,7 +47,9 @@ func TestAPI(t *testing.T) { assert.Equal(w.StatusCode, http.StatusOK) assert.Equal(result.Data, true) - // Test logout + /* + * TEST logout + */ result, w = session.JSONRequest("GET", "/logout", nil) assert.Equal(w.StatusCode, http.StatusOK) assert.Equal(result.Data, true) @@ -50,4 +58,70 @@ func TestAPI(t *testing.T) { result, w = session.JSONRequest("GET", "/logout", nil) assert.Equal(w.StatusCode, http.StatusOK) assert.Equal(result.Data, false) + + /* + * TEST password + */ + + result, w = session.JSONRequest("POST", "/password", ChangePasswordRequest{CurrentPassword: "root", NewPassword: "root-bug"}) + assert.Equal(w.StatusCode, http.StatusOK) + assert.Equal(result.Data, false) + + //login before + result, w = session.JSONRequest("POST", "/login", RequestLogin{Username: "root", Password: "root"}) + assert.Equal(w.StatusCode, http.StatusOK) + assert.Equal(result.Data, true) + + result, w = session.JSONRequest("POST", "/password", []byte{2, 3}) + assert.Equal(w.StatusCode, http.StatusBadRequest) + + result, w = session.JSONRequest("POST", "/password", ChangePasswordRequest{CurrentPassword: "root-wrong", NewPassword: "root-bug"}) + assert.Equal(w.StatusCode, http.StatusOK) + assert.Equal(result.Data, false) + assert.Equal(result.Error.Fields[0], "currentpassword") + + result, w = session.JSONRequest("POST", "/password", ChangePasswordRequest{CurrentPassword: "root", NewPassword: ""}) + assert.Equal(w.StatusCode, http.StatusOK) + assert.Equal(result.Data, false) + assert.Equal(result.Error.Fields[0], "newpassword") + + result, w = session.JSONRequest("POST", "/password", ChangePasswordRequest{CurrentPassword: "root", NewPassword: "root-tmp"}) + assert.Equal(w.StatusCode, http.StatusOK) + assert.Equal(result.Data, true) + + result, w = session.JSONRequest("POST", "/password", ChangePasswordRequest{CurrentPassword: "root-tmp", NewPassword: "root"}) + assert.Equal(w.StatusCode, http.StatusOK) + assert.Equal(result.Data, true) + + /* + * TEST inviteList + */ + session.Clean() + result, w = session.JSONRequest("GET", "/invite", nil) + assert.Equal(w.StatusCode, http.StatusOK) + assert.Equal(result.Data, false) + + //login before + result, w = session.JSONRequest("POST", "/login", RequestLogin{Username: "root", Password: "root"}) + assert.Equal(w.StatusCode, http.StatusOK) + assert.Equal(result.Data, true) + + result, w = session.JSONRequest("GET", "/invite", nil) + assert.Equal(w.StatusCode, http.StatusOK) + + /* + * TEST loginList + */ + session.Clean() + result, w = session.JSONRequest("GET", "/user", nil) + assert.Equal(w.StatusCode, http.StatusOK) + assert.Equal(result.Data, false) + + //login before + result, w = session.JSONRequest("POST", "/login", RequestLogin{Username: "root", Password: "root"}) + assert.Equal(w.StatusCode, http.StatusOK) + assert.Equal(result.Data, true) + + result, w = session.JSONRequest("GET", "/user", nil) + assert.Equal(w.StatusCode, http.StatusOK) } diff --git a/system/lib.go b/system/lib.go index 57d684d..aacad45 100644 --- a/system/lib.go +++ b/system/lib.go @@ -17,8 +17,8 @@ func LoginHandler(h libapi.Handle) libapi.Handle { returndata = false if login := sess.Get("login"); login != nil { - if loginObj := login.(Login); loginObj.Active { - ctx = context.WithValue(ctx, "login", &loginObj) + if loginObj := login.(*Login); loginObj.Active { + ctx = context.WithValue(ctx, "login", loginObj) returndata, returnerr = h(ctx, w, r) return } diff --git a/test/main.go b/test/main.go index 36d49f4..a6b8c79 100644 --- a/test/main.go +++ b/test/main.go @@ -5,11 +5,9 @@ import ( "encoding/json" "net/http" "net/http/httptest" - "testing" "os" + "testing" - "github.com/astaxie/session" - _ "github.com/astaxie/session/providers/memory" "github.com/jinzhu/gorm" _ "github.com/jinzhu/gorm/dialects/postgres" "github.com/stretchr/testify/assert" @@ -18,21 +16,21 @@ import ( libconfig "dev.sum7.eu/sum7/warehost/config" libapi "dev.sum7.eu/sum7/warehost/lib/api" log "dev.sum7.eu/sum7/warehost/lib/log" + libsession "dev.sum7.eu/sum7/warehost/lib/session" ) //Init to initialisieren a API func Init(t *testing.T) (assertion *assert.Assertions, dbconnection *gorm.DB, router *goji.Mux) { assertion = assert.New(t) - libconfig.ReadConfigFile(os.Getenv("GOPATH") +"/src/dev.sum7.eu/sum7/warehost/cmd/warehost/config.yml.example") + libconfig.ReadConfigFile(os.Getenv("GOPATH") + "/src/dev.sum7.eu/sum7/warehost/cmd/warehost/config.yml.example") log.NewLogger(libconfig.Data.Log.Path) // Session mgmt - sessions, err := session.NewManager("memory", "session", 3600) - go sessions.GC() - assertion.NoError(err) + libsession.Init() + go libsession.Stop() // Database - dbconnection, err = gorm.Open("postgres", libconfig.Data.Database) + dbconnection, err := gorm.Open("postgres", libconfig.Data.Database) assertion.NoError(err) dbconnection.Callback().Create().Remove("gorm:update_time_stamp") @@ -67,12 +65,15 @@ func (r *Request) JSONRequest(method string, url string, body interface{}) (json w := httptest.NewRecorder() r.router.ServeHTTP(w, req) res = w.Result() - r.cookies = res.Cookies() + cookies := res.Cookies() + if len(cookies) > 0 { + r.cookies = cookies + } json.NewDecoder(w.Body).Decode(&jsonResult) return } // CleanSession to clean the current session -func (r *Request) CleanSession() { +func (r *Request) Clean() { r.cookies = nil }