Pull request 2053: 6357-auth-log-remote-ip

Updates #6357. Squashed commit of the following: commit 0d375446204d126d3fc20db0a0718e849112450b Merge: 61858bdec 52713a260 Author: Stanislav Chzhen <s.chzhen@adguard.com> Date: Fri Nov 3 14:47:10 2023 +0300 Merge branch 'master' into 6357-auth-log-remote-ip commit 61858bdec27f9efb35c6fa5306ace1c0053300ca Author: Stanislav Chzhen <s.chzhen@adguard.com> Date: Fri Nov 3 14:44:58 2023 +0300 all: upd chlog commit 1eef67261ff1e4eb667e11a58a5fe1f9b1dbdd7c Author: Stanislav Chzhen <s.chzhen@adguard.com> Date: Thu Nov 2 19:20:41 2023 +0300 home: imp code commit 2956aed9054309ab15dc9e61bcae59b76ccd5930 Author: Stanislav Chzhen <s.chzhen@adguard.com> Date: Thu Nov 2 16:10:07 2023 +0300 home: imp docs commit ca0f53d7c28d17287d80c0c5d1d76b21506acb64 Author: Stanislav Chzhen <s.chzhen@adguard.com> Date: Tue Oct 31 15:08:37 2023 +0300 home: imp code commit 6b11b461180f1ee7528ffbaf37d5e76a1a7f208a Author: Stanislav Chzhen <s.chzhen@adguard.com> Date: Fri Oct 27 19:45:55 2023 +0300 home: auth log remote ip
2023-11-03 16:07:15 +03:00
parent 52713a2600
commit f3817e4411
7 changed files with 487 additions and 450 deletions
--- a/internal/home/auth_internal_test.go
+++ b/internal/home/auth_internal_test.go
@@ -0,0 +1,89 @@
+package home
+
+import (
+	"bytes"
+	"crypto/rand"
+	"encoding/hex"
+	"path/filepath"
+	"testing"
+	"time"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+)
+
+func TestNewSessionToken(t *testing.T) {
+	// Successful case.
+	token, err := newSessionToken()
+	require.NoError(t, err)
+	assert.Len(t, token, sessionTokenSize)
+
+	// Break the rand.Reader.
+	prevReader := rand.Reader
+	t.Cleanup(func() { rand.Reader = prevReader })
+	rand.Reader = &bytes.Buffer{}
+
+	// Unsuccessful case.
+	token, err = newSessionToken()
+	require.Error(t, err)
+	assert.Empty(t, token)
+}
+
+func TestAuth(t *testing.T) {
+	dir := t.TempDir()
+	fn := filepath.Join(dir, "sessions.db")
+
+	users := []webUser{{
+		Name:         "name",
+		PasswordHash: "$2y$05$..vyzAECIhJPfaQiOK17IukcQnqEgKJHy0iETyYqxn3YXJl8yZuo2",
+	}}
+	a := InitAuth(fn, nil, 60, nil)
+	s := session{}
+
+	user := webUser{Name: "name"}
+	err := a.addUser(&user, "password")
+	require.NoError(t, err)
+
+	assert.Equal(t, checkSessionNotFound, a.checkSession("notfound"))
+	a.removeSession("notfound")
+
+	sess, err := newSessionToken()
+	require.NoError(t, err)
+	sessStr := hex.EncodeToString(sess)
+
+	now := time.Now().UTC().Unix()
+	// check expiration
+	s.expire = uint32(now)
+	a.addSession(sess, &s)
+	assert.Equal(t, checkSessionExpired, a.checkSession(sessStr))
+
+	// add session with TTL = 2 sec
+	s = session{}
+	s.expire = uint32(time.Now().UTC().Unix() + 2)
+	a.addSession(sess, &s)
+	assert.Equal(t, checkSessionOK, a.checkSession(sessStr))
+
+	a.Close()
+
+	// load saved session
+	a = InitAuth(fn, users, 60, nil)
+
+	// the session is still alive
+	assert.Equal(t, checkSessionOK, a.checkSession(sessStr))
+	// reset our expiration time because checkSession() has just updated it
+	s.expire = uint32(time.Now().UTC().Unix() + 2)
+	a.storeSession(sess, &s)
+	a.Close()
+
+	u, ok := a.findUser("name", "password")
+	assert.True(t, ok)
+	assert.NotEmpty(t, u.Name)
+
+	time.Sleep(3 * time.Second)
+
+	// load and remove expired sessions
+	a = InitAuth(fn, users, 60, nil)
+	assert.Equal(t, checkSessionNotFound, a.checkSession(sessStr))
+
+	a.Close()
+}