code.gitea.io/gitea@v1.22.3/services/auth/auth_token_test.go (about) 1 // Copyright 2023 The Gitea Authors. All rights reserved. 2 // SPDX-License-Identifier: MIT 3 4 package auth 5 6 import ( 7 "testing" 8 "time" 9 10 auth_model "code.gitea.io/gitea/models/auth" 11 "code.gitea.io/gitea/models/db" 12 "code.gitea.io/gitea/models/unittest" 13 "code.gitea.io/gitea/modules/timeutil" 14 15 "github.com/stretchr/testify/assert" 16 ) 17 18 func TestCheckAuthToken(t *testing.T) { 19 assert.NoError(t, unittest.PrepareTestDatabase()) 20 21 t.Run("Empty", func(t *testing.T) { 22 token, err := CheckAuthToken(db.DefaultContext, "") 23 assert.NoError(t, err) 24 assert.Nil(t, token) 25 }) 26 27 t.Run("InvalidFormat", func(t *testing.T) { 28 token, err := CheckAuthToken(db.DefaultContext, "dummy") 29 assert.ErrorIs(t, err, ErrAuthTokenInvalidFormat) 30 assert.Nil(t, token) 31 }) 32 33 t.Run("NotFound", func(t *testing.T) { 34 token, err := CheckAuthToken(db.DefaultContext, "notexists:dummy") 35 assert.ErrorIs(t, err, ErrAuthTokenExpired) 36 assert.Nil(t, token) 37 }) 38 39 t.Run("Expired", func(t *testing.T) { 40 timeutil.MockSet(time.Date(2023, 1, 1, 0, 0, 0, 0, time.UTC)) 41 42 at, token, err := CreateAuthTokenForUserID(db.DefaultContext, 2) 43 assert.NoError(t, err) 44 assert.NotNil(t, at) 45 assert.NotEmpty(t, token) 46 47 timeutil.MockUnset() 48 49 at2, err := CheckAuthToken(db.DefaultContext, at.ID+":"+token) 50 assert.ErrorIs(t, err, ErrAuthTokenExpired) 51 assert.Nil(t, at2) 52 53 assert.NoError(t, auth_model.DeleteAuthTokenByID(db.DefaultContext, at.ID)) 54 }) 55 56 t.Run("InvalidHash", func(t *testing.T) { 57 at, token, err := CreateAuthTokenForUserID(db.DefaultContext, 2) 58 assert.NoError(t, err) 59 assert.NotNil(t, at) 60 assert.NotEmpty(t, token) 61 62 at2, err := CheckAuthToken(db.DefaultContext, at.ID+":"+token+"dummy") 63 assert.ErrorIs(t, err, ErrAuthTokenInvalidHash) 64 assert.Nil(t, at2) 65 66 assert.NoError(t, auth_model.DeleteAuthTokenByID(db.DefaultContext, at.ID)) 67 }) 68 69 t.Run("Valid", func(t *testing.T) { 70 at, token, err := CreateAuthTokenForUserID(db.DefaultContext, 2) 71 assert.NoError(t, err) 72 assert.NotNil(t, at) 73 assert.NotEmpty(t, token) 74 75 at2, err := CheckAuthToken(db.DefaultContext, at.ID+":"+token) 76 assert.NoError(t, err) 77 assert.NotNil(t, at2) 78 79 assert.NoError(t, auth_model.DeleteAuthTokenByID(db.DefaultContext, at.ID)) 80 }) 81 } 82 83 func TestRegenerateAuthToken(t *testing.T) { 84 assert.NoError(t, unittest.PrepareTestDatabase()) 85 86 timeutil.MockSet(time.Date(2023, 1, 1, 0, 0, 0, 0, time.UTC)) 87 defer timeutil.MockUnset() 88 89 at, token, err := CreateAuthTokenForUserID(db.DefaultContext, 2) 90 assert.NoError(t, err) 91 assert.NotNil(t, at) 92 assert.NotEmpty(t, token) 93 94 timeutil.MockSet(time.Date(2023, 1, 1, 0, 0, 1, 0, time.UTC)) 95 96 at2, token2, err := RegenerateAuthToken(db.DefaultContext, at) 97 assert.NoError(t, err) 98 assert.NotNil(t, at2) 99 assert.NotEmpty(t, token2) 100 101 assert.Equal(t, at.ID, at2.ID) 102 assert.Equal(t, at.UserID, at2.UserID) 103 assert.NotEqual(t, token, token2) 104 assert.NotEqual(t, at.ExpiresUnix, at2.ExpiresUnix) 105 106 assert.NoError(t, auth_model.DeleteAuthTokenByID(db.DefaultContext, at.ID)) 107 }