-
Notifications
You must be signed in to change notification settings - Fork 0
/
api_test.go
504 lines (462 loc) · 22 KB
/
api_test.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
package main
import (
"bytes"
"encoding/json"
"fmt"
"net/http"
"testing"
"time"
b64 "encoding/base64"
"github.com/eensymachines-in/auth/v2"
"github.com/stretchr/testify/assert"
)
const (
testServer string = "http://localhost"
)
func readResponseBody(resp *http.Response, t *testing.T) map[string]interface{} {
defer resp.Body.Close()
target := map[string]interface{}{}
if json.NewDecoder(resp.Body).Decode(&target) != nil {
// t.Error("Failed to decode the authentication response containing tokenss")
return nil
}
return target
}
// ++++++++++++++++++++++++++++
// Helper functions for testing
// ++++++++++++++++++++++++++++
func authenticateUser(email, passwd string, t *testing.T, expected int) map[string]string {
// +++++++++++++++++++
// authenticating the user now with correct password
creds := map[string]interface{}{
"email": email,
"passwd": passwd,
}
req, _ := http.NewRequest("POST", fmt.Sprintf("%s/authenticate/%s", testServer, creds["email"]), nil)
encoded := b64.StdEncoding.EncodeToString([]byte(fmt.Sprintf("%s:%s", creds["email"], creds["passwd"])))
req.Header.Add("Authorization", fmt.Sprintf("Basic %s", encoded))
resp, err := (&http.Client{}).Do(req)
// ++++++++++ assertions
assert.Nil(t, err, "Unexepcted error when posting a new user account")
assert.NotNil(t, resp, "Unexpected nil response from server for posting a new account")
assert.Equal(t, expected, resp.StatusCode, "Was expecting a 200 ok on posting new user account")
// ++++++++++ when the authentication is complete
if expected == 200 {
// Only when authentication is a success
data := readResponseBody(resp, t)
t.Logf("Authentication token %s", data["auth"])
t.Logf("Refresh token %s", data["refr"])
return map[string]string{"auth": fmt.Sprintf("%s", data["auth"]), "refr": fmt.Sprintf("%s", data["refr"])}
}
return nil
}
func insertUser(email, passwd, name, loc, phone string, role int, t *testing.T, expected int) {
url := fmt.Sprintf("%s/users", testServer)
ua := map[string]interface{}{
"email": email,
"role": role,
"passwd": passwd,
"name": name,
"phone": phone,
"loc": loc,
}
body, _ := json.Marshal(ua)
resp, err := http.Post(url, "application/json", bytes.NewBuffer(body))
assert.Nil(t, err, "Unexepcted error when posting a new user account")
assert.NotNil(t, resp, "Unexpected nil response from server for posting a new account")
assert.Equal(t, expected, resp.StatusCode, "Was expecting a 200 ok on posting new user account")
}
func putUser(email, name, loc, phone, auth string, t *testing.T, expected int) {
url := fmt.Sprintf("%s/users", testServer)
ua := map[string]interface{}{
"email": email,
"name": name,
"phone": phone,
"loc": loc,
}
body, _ := json.Marshal(ua)
req, _ := http.NewRequest("PUT", fmt.Sprintf("%s/%s", url, ua["email"]), bytes.NewBuffer(body))
req.Header.Add("Authorization", fmt.Sprintf("Bearer %s", auth))
resp, err := (&http.Client{}).Do(req)
assert.Nil(t, err, "Unexpected error making a put request")
assert.NotNil(t, resp, "Unexpected nil response from server")
assert.Equal(t, expected, resp.StatusCode, "Incorrect response status code")
if expected != 200 {
t.Log(readResponseBody(resp, t))
}
}
func delUser(email, authTok string, t *testing.T, expected int) {
url := fmt.Sprintf("%s/users", testServer)
client := &http.Client{}
req, _ := http.NewRequest("DELETE", fmt.Sprintf("%s/%s", url, email), nil)
req.Header.Add("Authorization", fmt.Sprintf("Bearer %s", authTok))
resp, err := client.Do(req)
assert.Nil(t, err, "Unexpected error making a delete request")
assert.NotNil(t, resp, "Unexpected nil response from server")
assert.Equal(t, expected, resp.StatusCode, "Was expecting 200 response status code")
if expected != 200 {
t.Log(readResponseBody(resp, t))
}
}
func patchUser(email, passwd string, t *testing.T, expected int) {
url := fmt.Sprintf("%s/users", testServer)
// +++++++++++ making a new request, imind you since this is about changing the password it'd be base 64 encoded
req, _ := http.NewRequest("PATCH", fmt.Sprintf("%s/%s", url, email), nil)
encoded := b64.StdEncoding.EncodeToString([]byte(fmt.Sprintf("%s:%s", email, passwd)))
req.Header.Add("Authorization", fmt.Sprintf("Basic %s", encoded))
resp, err := (&http.Client{}).Do(req)
assert.Nil(t, err, "Unexpected error making a patch request")
assert.NotNil(t, resp, "Unexpected nil response from server")
assert.Equal(t, expected, resp.StatusCode, "Was expecting 200 response status code")
if expected != 200 {
t.Log(readResponseBody(resp, t))
}
}
func authorizeUser(auth string, t *testing.T, role, expected int) {
var req *http.Request
if role == 0 {
req, _ = http.NewRequest("GET", fmt.Sprintf("%s/authorize", testServer), nil)
} else {
req, _ = http.NewRequest("GET", fmt.Sprintf("%s/authorize?lvl=%d", testServer, role), nil)
}
req.Header.Add("Authorization", fmt.Sprintf("Bearer %s", auth))
resp, err := (&http.Client{}).Do(req)
assert.Nil(t, err, "Unexepcted error when authorizing the user account")
assert.NotNil(t, resp, "Unexpected nil response from server authorizing an account")
assert.Equal(t, expected, resp.StatusCode, "Unexpected response when authorizing the user")
if expected != 200 {
t.Log(readResponseBody(resp, t))
}
}
func refreshUser(refr string, t *testing.T, expected int) map[string]string {
req, _ := http.NewRequest("GET", fmt.Sprintf("%s/authorize?refresh=true", testServer), nil)
req.Header.Add("Authorization", fmt.Sprintf("Bearer %s", refr))
resp, err := (&http.Client{}).Do(req)
assert.Nil(t, err, "Unexepcted error when authorizing the user account")
assert.NotNil(t, resp, "Unexpected nil response from server authorizing an account")
assert.Equal(t, expected, resp.StatusCode, "Was expecting a 401 ok authorizing an account")
if expected == 200 {
// Only if it is expected to be a 200 ok authentication
defer resp.Body.Close()
target := map[string]string{}
if json.NewDecoder(resp.Body).Decode(&target) != nil {
t.Error("Failed to decode the authentication response containing tokenss")
}
t.Logf("Authentication token %s", target["auth"])
t.Logf("Refresh token %s", target["refr"])
return target
}
return nil
}
func logoutUser(auth, refr string, t *testing.T) {
req, _ := http.NewRequest("DELETE", fmt.Sprintf("%s/authorize", testServer), nil)
req.Header.Add("Authorization", fmt.Sprintf("Bearer %s", auth))
(&http.Client{}).Do(req)
req, _ = http.NewRequest("DELETE", fmt.Sprintf("%s/authorize?refresh=true", testServer), nil)
req.Header.Add("Authorization", fmt.Sprintf("Bearer %s", refr))
(&http.Client{}).Do(req)
}
func insertDeviceReg(reg *auth.DeviceReg, t *testing.T, expected int) {
url := fmt.Sprintf("%s/devices", testServer)
body, _ := json.Marshal(reg)
resp, err := http.Post(url, "application/json", bytes.NewBuffer(body))
assert.Nil(t, err, "Unexepcted error when posting a new user account")
assert.NotNil(t, resp, "Unexpected nil response from server for posting a new account")
assert.Equal(t, expected, resp.StatusCode, "Was expecting a 200 ok on posting new user account")
if expected != 200 {
t.Log(readResponseBody(resp, t))
}
}
func delDeviceReg(serial, auth string, t *testing.T, expected int) {
url := fmt.Sprintf("%s/devices/%s", testServer, serial)
req, _ := http.NewRequest("DELETE", url, nil)
req.Header.Add("Authorization", fmt.Sprintf("Bearer %s", auth))
resp, err := (&http.Client{}).Do(req)
assert.Nil(t, err, "Unexpected error in Do-ing the request, failed http request")
assert.Equal(t, expected, resp.StatusCode, "Unexpected response code when delDeviceReg")
if expected != 200 {
t.Log(readResponseBody(resp, t))
} else {
t.Log(readResponseBody(resp, t))
}
}
func getDeviceReg(serial string, t *testing.T, expected int) {
url := fmt.Sprintf("%s/devices/%s", testServer, serial)
req, _ := http.NewRequest("GET", url, nil)
resp, err := (&http.Client{}).Do(req)
assert.Nil(t, err, "Unexpected error in Do-ing the request, failed http request")
assert.Equal(t, expected, resp.StatusCode, "Unexpected response code when delDeviceReg")
if expected == 200 {
// Only if it is expected to be a 200 ok authentication
defer resp.Body.Close()
target := &auth.DeviceReg{}
if json.NewDecoder(resp.Body).Decode(&target) != nil {
t.Error("Failed to decode the authentication response containing tokenss")
}
t.Log(target)
return
} else {
t.Log(readResponseBody(resp, t))
}
}
func lockDeviceReg(serial, auth string, t *testing.T, expected int) {
url := fmt.Sprintf("%s/devices/%s?lock=true", testServer, serial)
req, _ := http.NewRequest("PATCH", url, nil)
req.Header.Add("Authorization", fmt.Sprintf("Bearer %s", auth))
resp, err := (&http.Client{}).Do(req)
assert.Nil(t, err, "Unexpected error in Do-ing the request, failed http request")
assert.Equal(t, expected, resp.StatusCode, "Unexpected response code when delDeviceReg")
if expected != 200 {
t.Log(readResponseBody(resp, t))
}
}
func unlockDeviceReg(serial, auth string, t *testing.T, expected int) {
url := fmt.Sprintf("%s/devices/%s?lock=false", testServer, serial)
req, _ := http.NewRequest("PATCH", url, nil)
req.Header.Add("Authorization", fmt.Sprintf("Bearer %s", auth))
resp, err := (&http.Client{}).Do(req)
assert.Nil(t, err, "Unexpected error in Do-ing the request, failed http request")
assert.Equal(t, expected, resp.StatusCode, "Unexpected response code when delDeviceReg")
if expected != 200 {
t.Log(readResponseBody(resp, t))
}
}
func blackUnblack(serial, auth string, black bool, t *testing.T, expected int) {
url := fmt.Sprintf("%s/devices/%s?black=%t", testServer, serial, black)
req, _ := http.NewRequest("PATCH", url, nil)
req.Header.Add("Authorization", fmt.Sprintf("Bearer %s", auth))
resp, err := (&http.Client{}).Do(req)
assert.Nil(t, err, "Unexpected error in Do-ing the request, failed http request")
assert.Equal(t, expected, resp.StatusCode, "Unexpected response code when delDeviceReg")
if expected != 200 {
t.Log(readResponseBody(resp, t))
}
}
// Lets test all the bad passwords for the user accounts
func TBadUserInsert(t *testing.T) {
// +++++++++++++++ bad password combinations
insertUser("testuser@someshitdomain.com", "", "Niranjan Awati", "Pune, 411057", "+916734434353", 2, t, 400)
insertUser("testuser@someshitdomain.com", "dsfsdf", "Niranjan Awati", "Pune, 411057", "+916734434353", 2, t, 400)
insertUser("testuser@someshitdomain.com", "dsfsdfdsfsdfdsfsdfdsfsdf", "Niranjan Awati", "Pune, 411057", "+916734434353", 2, t, 400)
// ++++++++++++ Now with invalid email addresses
insertUser("", "unjun@41993", "Niranjan Awati", "Pune, 411057", "+91 673443 4353", 2, t, 400)
insertUser("kneerun", "unjun@41993", "Niranjan Awati", "Pune, 411057", "+91 673443 4353", 2, t, 400)
insertUser("kneerun@", "unjun@41993", "Niranjan Awati", "Pune, 411057", "+91 673443 4353", 2, t, 400)
insertUser("kneerun@shitdomain", "unjun@41993", "Niranjan Awati", "Pune, 411057", "+91 673443 4353", 2, t, 400)
// +++++++++++++ now with the wrong phone number
insertUser("kissmyarse@someshitdomain.com", "unjun@41993", "Niranjan Awati", "Pune, 411057", "", 2, t, 400)
insertUser("kissmyarse@someshitdomain.com", "unjun@41993", "Niranjan Awati", "Pune, 411057", "sdfsfsdf", 2, t, 400)
insertUser("kissmyarse@someshitdomain.com", "unjun@41993", "Niranjan Awati", "Pune, 411057", "+915345sdfsfsdf", 2, t, 400)
}
func TWrongAuth(t *testing.T) {
// Wrong authentication
authenticateUser("kneerun@someshitdomain.com", "@41993", t, 401)
authenticateUser("bababocha@someshitdomain.com", "unjun@41993", t, 404)
authenticateUser("kneerun@someshitdomain.com", "", t, 401)
}
func TPutBadUser(t *testing.T, authtok string) {
putUser("kneerun@someshitdomain.com", "", "", "", authtok, t, 400)
putUser("kneerun@someshitdomain.com", "nigga fat arse", "", "", authtok, t, 400)
putUser("kneerun@someshitdomain.com", "nigga fat arse", "your momas big fat arse", "", authtok, t, 400)
putUser("kneerun@someshitdomain.com", "nigga fat arse", "your momas big fat arse", "", authtok, t, 400)
putUser("kneerun@someshitdomain.com", "nigga fat arse", "your momas big fat arse", "+91fdsffdjj", authtok, t, 400)
putUser("kneerun@someshitdomain.com", "nigga fat arse", "your momas big fat arse", "+91fdsffdjj5345", authtok, t, 400)
// Since the email and the token would not match - this is flagged as unauthorized
putUser("randomguy@someshitdomain.com", "nigga fat arse", "", "", authtok, t, 401)
}
func TPatchBadPasswd(t *testing.T) {
patchUser("kneerun@someshitdomain.com", "", t, 401)
}
func TestEnlistingAccs(t *testing.T) {
insertUser("kneerun@someshitdomain.com", "unjun@41993", "Niranjan Awati", "Pune, 411057", "+916734434353", 2, t, 200)
toks := authenticateUser("kneerun@someshitdomain.com", "unjun@41993", t, 200)
url := fmt.Sprintf("%s/users", testServer)
req, _ := http.NewRequest("GET", url, nil)
req.Header.Add("Authorization", fmt.Sprintf("Bearer %s", toks["auth"]))
resp, err := (&http.Client{}).Do(req)
// happy requst, this should sail thru - till ofcourse you clear the database
assert.Nil(t, err, "Unexpected error in Do-ing the request, failed http request")
assert.Equal(t, 200, resp.StatusCode, "Unexpected response code when TestEnlistingAccs")
if resp.StatusCode == 200 {
defer resp.Body.Close()
target := []map[string]interface{}{}
if json.NewDecoder(resp.Body).Decode(&target) != nil {
panic("Error reading the accounts enlisting")
}
t.Log(target)
}
// now we send in the request without any authorization
req, _ = http.NewRequest("GET", url, nil)
resp, err = (&http.Client{}).Do(req)
resp, err = (&http.Client{}).Do(req)
// expected response code is 401, since this req requires the user to have admin privileges
assert.Equal(t, 400, resp.StatusCode, "Unexpected response code when TestEnlistingAccs")
<-time.After(72 * time.Second)
// Now the authentication token should have expired
req, _ = http.NewRequest("GET", url, nil)
req.Header.Add("Authorization", fmt.Sprintf("Bearer %s", toks["auth"]))
resp, err = (&http.Client{}).Do(req)
assert.Equal(t, 401, resp.StatusCode, "Unexpected response code when TestEnlistingAccs")
// Here we try to add an user with lower privileges
insertUser("kneerun@modafucka.com", "unjun@41993", "Niranjan Awati", "Pune, 411057", "+916734434353", 1, t, 200)
toks = authenticateUser("kneerun@modafucka.com", "unjun@41993", t, 200)
req, _ = http.NewRequest("GET", url, nil)
req.Header.Add("Authorization", fmt.Sprintf("Bearer %s", toks["auth"]))
resp, err = (&http.Client{}).Do(req)
assert.Equal(t, 403, resp.StatusCode, "Unexpected response code when TestEnlistingAccs")
/*CLEAR THE DATABASE*/
}
func TestDeleteAccs(t *testing.T) {
insertUser("kneerun@someshitdomain.com", "unjun@41993", "Niranjan Awati", "Pune, 411057", "+916734434353", 2, t, 200)
toks := authenticateUser("kneerun@someshitdomain.com", "unjun@41993", t, 200)
insertUser("kneerun@modafucka.com", "unjun@41993", "Niranjan Awati", "Pune, 411057", "+916734434353", 1, t, 200)
url := fmt.Sprintf("%s/users/%s", testServer, "kneerun@modafucka.com")
req, _ := http.NewRequest("DELETE", url, nil)
req.Header.Add("Authorization", fmt.Sprintf("Bearer %s", toks["auth"]))
resp, _ := (&http.Client{}).Do(req)
assert.Equal(t, 200, resp.StatusCode, "Unexpected response code when TestDeleteAccs")
url = fmt.Sprintf("%s/users/%s", testServer, "kneerun@someshitdomain.com")
req, _ = http.NewRequest("DELETE", url, nil)
req.Header.Add("Authorization", fmt.Sprintf("Bearer %s", toks["auth"]))
resp, _ = (&http.Client{}).Do(req)
assert.Equal(t, 403, resp.StatusCode, "Unexpected response code when TestDeleteAccs")
}
func adminToks(t *testing.T) map[string]string {
return authenticateUser("kneerunjun@gmail.com", "106456!41993", t, 200)
}
func TestUserAccountsOnly(t *testing.T) {
// Insert a legit user
insertUser("kneerun@someshitdomain.com", "unjun@41993", "Niranjan Awati", "Pune, 411057", "+916734434353", 1, t, 200)
thissUserToks := authenticateUser("kneerun@someshitdomain.com", "unjun@41993", t, 200)
TWrongAuth(t)
TBadUserInsert(t)
// ++++++++++++
// putting new user details
putUser("kneerun@someshitdomain.com", "NewShitName", "Pune, 411038", "+91534589885435", thissUserToks["auth"], t, 200)
TPutBadUser(t, thissUserToks["auth"])
// // ++++++++++++++
// // patching the use for the password
patchUser("kneerun@someshitdomain.com", "unjun@41993!@", t, 200)
TPatchBadPasswd(t)
thissUserToks = authenticateUser("kneerun@someshitdomain.com", "unjun@41993!@", t, 200)
authorizeUser(thissUserToks["auth"], t, 1, 200) // the user is already at level 2
authorizeUser(thissUserToks["auth"], t, 2, 403)
authorizeUser(thissUserToks["auth"], t, 3, 403) // when the user is not elevated enough
// Here we try to remove the user with requisite authentication
// We need admin authrization to delete any user
adminAuth := adminToks(t)
delUser("kneerun@someshitdomain.com", adminAuth["auth"], t, 200)
// // // since below we are using the token from kneerun@someshitdomain.com and trying to delete modafucka@someshitdomain.com this will forbid the request
// // // and rightly so
delUser("modafucka@someshitdomain.com", adminAuth["auth"], t, 404) //trying to delete an user that's not registered
<-time.After(72 * time.Second)
authorizeUser(thissUserToks["auth"], t, 1, 401)
// +++++++++++ time to see if we can refresh the tokens
thissUserToks = refreshUser(thissUserToks["refr"], t, 200) // here the original refresh token shall be orphaned
t.Log("Tokens refreshed ..............")
t.Log(thissUserToks)
logoutUser(thissUserToks["auth"], thissUserToks["refr"], t)
// There's one more when the token is expired, logout will emit 401
}
var reg = &auth.DeviceReg{
User: "kneerun@someshit.com",
Hardware: "BCM2835, SoC Qualcomm",
Serial: "b83ad4e3-60b2-4fbe-b46d",
Model: "RaspberryPi 3B",
}
func TestBadDeviceRegInsert(t *testing.T) {
// ++++++++++++++ THIS WILL NOT WORK +++++++++++++
// since the user is not registered, the device cannot be registered
insertDeviceReg(reg, t, 400) // duplicate device insertion
newReg := &auth.DeviceReg{
User: "",
Hardware: "BCM2835, SoC Qualcomm",
Serial: "b83ad4e3-60b2-4fbe-b46d",
Model: "RaspberryPi 3B",
} // the one in which the user email id is missing
insertDeviceReg(newReg, t, 404)
newReg = &auth.DeviceReg{
User: "kneerun@someshit.com",
Hardware: "BCM2835, SoC Qualcomm",
Serial: "",
Model: "RaspberryPi 3B",
} //the one in which the serial number is missing
insertDeviceReg(newReg, t, 400)
newReg = &auth.DeviceReg{
User: "kneerun@", // unregistered account
Hardware: "BCM2835, SoC Qualcomm",
Serial: "b83ad4e3-60b2-4fbe-b46ff",
Model: "RaspberryPi 3B",
} //the one in which the serial number is missing
insertDeviceReg(newReg, t, 404)
}
func TestUserDevices(t *testing.T) {
insertUser(reg.User, "somepass@34355", "Cock block", "In da hood", "+915534554", 2, t, 200)
authenticateUser(reg.User, "somepass@34355", t, 200)
insertDeviceReg(reg, t, 200)
url := fmt.Sprintf("%s/users/%s/devices", testServer, reg.User)
req, _ := http.NewRequest("GET", url, nil)
resp, err := (&http.Client{}).Do(req)
assert.Nil(t, err, "Unexpected error in Do-ing the request, failed http request")
assert.Equal(t, 200, resp.StatusCode, "Unexpected response code when delDeviceReg")
defer resp.Body.Close()
target := []interface{}{}
if json.NewDecoder(resp.Body).Decode(&target) != nil {
// t.Error("Failed to decode the authentication response containing tokenss")
panic("TestUserDevices:Failed to unmarshall response body")
}
t.Log(target)
}
func TestDevices(t *testing.T) {
insertUser(reg.User, "somepass@34355", "Cock block", "In da hood", "+915534554", 2, t, 200)
toks := authenticateUser(reg.User, "somepass@34355", t, 200)
insertDeviceReg(reg, t, 200)
TestBadDeviceRegInsert(t)
getDeviceReg(reg.Serial, t, 200)
getDeviceReg("dd03f4a2-5962-434c", t, 404)
lockDeviceReg(reg.Serial, toks["auth"], t, 200)
lockDeviceReg("dd03f4a2-5962-434c", toks["auth"], t, 404)
unlockDeviceReg(reg.Serial, toks["auth"], t, 200)
unlockDeviceReg("dd03f4a2-5962-434c", toks["auth"], t, 404)
delDeviceReg(reg.Serial, toks["auth"], t, 200)
delDeviceReg("dd03f4a2-5962-434c", toks["auth"], t, 404)
delUser(reg.User, toks["auth"], t, 403)
}
// TestUsrAccToDevices: this shall test all the user account to devices relation
// When an account is deleted, the devices owned by the account are stripped off their registration and blacklisted
// if the same device has to be re-deployed it has to be explicitly white listed by an admin
func TestUsrAccToDevices(t *testing.T) {
insertUser(reg.User, "somepass@34355", "Cock block", "In da hood", "+915534554", 1, t, 200)
toks := authenticateUser("kneerunjun@gmail.com", "106456!41993", t, 200)
insertDeviceReg(reg, t, 200)
lockDeviceReg(reg.Serial, toks["auth"], t, 200)
unlockDeviceReg(reg.Serial, toks["auth"], t, 200)
delUser(reg.User, toks["auth"], t, 200)
// Now that the user account has been removed, the device would be blacklisted
// lets try to enlist the blacklisted devices
url := fmt.Sprintf("%s/devices?black=true", testServer)
req, _ := http.NewRequest("GET", url, nil)
resp, _ := (&http.Client{}).Do(req)
assert.Equal(t, 200, resp.StatusCode, "Unexpected response code when enlisting the blacked devices")
if resp.StatusCode == 200 {
// Only if it is expected to be a 200 ok authentication
defer resp.Body.Close()
target := []auth.Blacklist{}
if json.NewDecoder(resp.Body).Decode(&target) != nil {
t.Error("Failed to decode the authentication response containing tokenss")
}
t.Log("below are the black listed devices ...")
t.Log(target)
return
}
insertDeviceReg(reg, t, 404) // user account is not found, hence would be rejected
insertUser(reg.User, "somepass@34355", "Cock block", "In da hood", "+915534554", 1, t, 200) // so we try to register the account again
// toks = authenticateUser(reg.User, "somepass@34355", t, 200)
// // but then the device is still blacklisted
// // so we then unblack the device
insertDeviceReg(reg, t, 403) // before unblacking the device inserting the device again is not possible
blackUnblack(reg.Serial, toks["auth"], false, t, 200)
insertDeviceReg(reg, t, 200) // same device registration now can be pushed
// // and then again everything is deleted
delUser(reg.User, toks["auth"], t, 200)
}