Create E2E test suite and consolidate tests

http/api/api.go

@@ -141,6 +141,12 @@ func PushHandler(pusher push.Pusher, logger log.Logger) http.HandlerFunc {
 // using. Also note we expose Go errors to the output as this is meant
 // for "API" users.
 func RawCommandEnqueueHandler(enqueuer storage.CommandEnqueuer, pusher push.Pusher, logger log.Logger) http.HandlerFunc {
+	if enqueuer == nil {
+		panic("nil enqueuer")
+	}
+	if logger == nil {
+		panic("nil logger")
+	}
 	return func(w http.ResponseWriter, r *http.Request) {
 		ids := strings.Split(r.URL.Path, ",")
 		ctx, logger := setupCtxLog(r.Context(), ids, logger)
@@ -201,14 +207,14 @@ func RawCommandEnqueueHandler(enqueuer storage.CommandEnqueuer, pusher push.Push
 		// optionally send pushes
 		pushResp := make(map[string]*push.Response)
 		var pushErr error
-		if !nopush {
+		if !nopush && pusher != nil {
 			pushResp, pushErr = pusher.Push(ctx, ids)
 			if err != nil {
 				logger.Info("msg", "push", "err", err)
 				output.PushError = err.Error()
 			}
-		} else {
-			pushErr = nil
+		} else if !nopush && pusher == nil {
+			pushErr = errors.New("nil pusher")
 		}
 		// loop through our push errors, if any, and add to output
 		var pushCt, pushErrCt int

http/mdm/mdm.go

@@ -29,6 +29,12 @@ func mdmReqFromHTTPReq(r *http.Request) *mdm.Request {
 
 // CheckinHandler decodes an MDM check-in request and adapts it to service.
 func CheckinHandler(svc service.Checkin, logger log.Logger) http.HandlerFunc {
+	if svc == nil {
+		panic("nil service")
+	}
+	if logger == nil {
+		panic("nil logger")
+	}
 	return func(w http.ResponseWriter, r *http.Request) {
 		logger := ctxlog.Logger(r.Context(), logger)
 		bodyBytes, err := mdmhttp.ReadAllAndReplaceBody(r)

mdm/checkin.go

@@ -25,7 +25,7 @@ type Authenticate struct {
 
 	// Fields that may be present but are not strictly required for the
 	// operation of the MDM protocol. Nice-to-haves.
-	SerialNumber string
+	SerialNumber string `plist:",omitempty"`
 }
 
 type b64Data []byte

mdm/command.go

@@ -23,11 +23,10 @@ type ErrorChain struct {
 // See https://developer.apple.com/documentation/devicemanagement/implementing_device_management/sending_mdm_commands_to_a_device
 type CommandResults struct {
 	Enrollment
-	CommandUUID string
+	CommandUUID string `plist:",omitempty"`
 	Status      string
-	ErrorChain  []ErrorChain
-	RequestType string
-	Raw         []byte `plist:"-"` // Original command result XML plist
+	ErrorChain  []ErrorChain `plist:",omitempty"`
+	Raw         []byte       `plist:"-"` // Original command result XML plist
 }
 
 // DecodeCheckin unmarshals rawMessage into results

mdm/command_test.go

@@ -10,14 +10,12 @@ func TestCommandAndReportResults(t *testing.T) {
 	for _, test := range []struct {
 		filename    string
 		UDID        string
-		RequestType string
 		Status      string
 		CommandUUID string
 	}{
 		{
 			"testdata/DeviceInformation.1.plist",
 			"66ADE930-5FDF-5EC4-8429-15640684C489",
-			"DeviceInformation",
 			"Acknowledged",
 			"76eda240-5488-4989-8339-f2ae160113c4",
 		},
@@ -36,9 +34,6 @@ func TestCommandAndReportResults(t *testing.T) {
 			if msg, have, want := "incorrect UDID", a.UDID, test.UDID; have != want {
 				t.Errorf("%s: %q, want: %q", msg, have, want)
 			}
-			if msg, have, want := "incorrect RequestType", a.RequestType, test.RequestType; have != want {
-				t.Errorf("%s: %q, want: %q", msg, have, want)
-			}
 			if msg, have, want := "incorrect Status", a.Status, test.Status; have != want {
 				t.Errorf("%s: %q, want: %q", msg, have, want)
 			}

service/certauth/certauth_test.go

@@ -8,6 +8,7 @@ import (
 
 	"github.com/micromdm/nanomdm/mdm"
 	"github.com/micromdm/nanomdm/storage/file"
+	"github.com/micromdm/nanomdm/test"
 )
 
 func loadAuthMsg() (*mdm.Authenticate, error) {
@@ -61,15 +62,15 @@ func TestNilCertAuth(t *testing.T) {
 }
 
 func TestCertAuth(t *testing.T) {
-	_, crt, err := SimpleSelfSignedRSAKeypair("TESTDEVICE", 1)
+	_, crt, err := test.SimpleSelfSignedRSAKeypair("TESTDEVICE", 1)
 	if err != nil {
 		t.Fatal(err)
 	}
 	storage, err := file.New("test-db")
 	if err != nil {
 		t.Fatal(err)
 	}
-	certAuth := New(&NopService{}, storage)
+	certAuth := New(&test.NopService{}, storage)
 	if certAuth == nil {
 		t.Fatal("New returned nil")
 	}
@@ -109,7 +110,7 @@ func TestCertAuth(t *testing.T) {
 	if err != nil {
 		t.Fatal(err)
 	}
-	_, crt2, err := SimpleSelfSignedRSAKeypair("TESTDEVICE", 2)
+	_, crt2, err := test.SimpleSelfSignedRSAKeypair("TESTDEVICE", 2)
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -125,15 +126,15 @@ func TestCertAuth(t *testing.T) {
 }
 
 func TestCertAuthRetro(t *testing.T) {
-	_, crt, err := SimpleSelfSignedRSAKeypair("TESTDEVICE", 1)
+	_, crt, err := test.SimpleSelfSignedRSAKeypair("TESTDEVICE", 1)
 	if err != nil {
 		t.Fatal(err)
 	}
 	storage, err := file.New("test-db")
 	if err != nil {
 		t.Fatal(err)
 	}
-	certAuth := New(&NopService{}, storage, WithAllowRetroactive())
+	certAuth := New(&test.NopService{}, storage, WithAllowRetroactive())
 	if certAuth == nil {
 		t.Fatal("New returned nil")
 	}
@@ -153,7 +154,7 @@ func TestCertAuthRetro(t *testing.T) {
 	if err != nil {
 		t.Fatal(err)
 	}
-	_, crt2, err := SimpleSelfSignedRSAKeypair("TESTDEVICE", 2)
+	_, crt2, err := test.SimpleSelfSignedRSAKeypair("TESTDEVICE", 2)
 	if err != nil {
 		t.Fatal(err)
 	}

storage/file/bstoken.go

@@ -19,10 +19,15 @@ func (s *FileStorage) StoreBootstrapToken(r *mdm.Request, msg *mdm.SetBootstrapT
 	return nil
 }
 
+// RetrieveBootstrapToken reads the BootstrapToken from disk and returns it.
+// If no token yet exists a nil token and no error are returned.
 func (s *FileStorage) RetrieveBootstrapToken(r *mdm.Request, _ *mdm.GetBootstrapToken) (*mdm.BootstrapToken, error) {
 	e := s.newEnrollment(r.ID)
 	bsTokenRaw, err := e.readFile(BootstrapTokenFile)
-	if err != nil {
+	if errors.Is(err, os.ErrNotExist) {
+		// mute the error if we haven't escrowed a token yet.
+		return nil, nil
+	} else if err != nil {
 		return nil, err
 	}
 	bsToken := &mdm.BootstrapToken{

storage/file/file.go

@@ -166,6 +166,14 @@ func (s *FileStorage) StoreAuthenticate(r *mdm.Request, msg *mdm.Authenticate) e
 			return err
 		}
 	}
+	if err := e.resetNumericFile(TokenUpdateTallyFilename); err != nil {
+		return err
+	}
+	// remove the BootstrapToken when we receive an Authenticate message
+	// BS tokens are only valid when a new one is escrowed after enrollment.
+	if err := os.Remove(e.dirPrefix(BootstrapTokenFile)); err != nil && !errors.Is(err, os.ErrNotExist) {
+		return err
+	}
 	return e.writeFile(AuthenticateFilename, []byte(msg.Raw))
 }
 
@@ -229,9 +237,6 @@ func (s *FileStorage) Disable(r *mdm.Request) error {
 		if err := e.writeFile(DisabledFilename, nil); err != nil {
 			return err
 		}
-		if err := e.resetNumericFile(TokenUpdateTallyFilename); err != nil {
-			return err
-		}
 	}
 	return e.removeSubEnrollments()
 }

storage/file/file_test.go

@@ -4,7 +4,7 @@ import (
 	"context"
 	"testing"
 
-	"github.com/micromdm/nanomdm/storage/test"
+	"github.com/micromdm/nanomdm/test/e2e"
 )
 
 func TestFileStorage(t *testing.T) {
@@ -13,6 +13,5 @@ func TestFileStorage(t *testing.T) {
 		t.Fatal(err)
 	}
 
-	test.TestQueue(t, "EA4E19F1-7F8B-493D-BEAB-264B33BCF4E6", s)
-	test.TestRetrievePushInfo(t, context.Background(), s)
+	t.Run("e2e", func(t *testing.T) { e2e.TestE2E(t, context.Background(), s) })
 }

storage/mysql/mysql.go

@@ -109,6 +109,8 @@ ON DUPLICATE KEY
 UPDATE
     identity_cert = new.identity_cert,
     serial_number = new.serial_number,
+    bootstrap_token_b64 = NULL,
+    bootstrap_token_at = NULL,
     authenticate = new.authenticate,
     authenticate_at = CURRENT_TIMESTAMP;`,
 		r.ID, pemCert, nullEmptyString(msg.SerialNumber), msg.Raw,