github.com/crowdsecurity/crowdsec@v1.6.1/pkg/apiserver/jwt_test.go (about) 1 package apiserver 2 3 import ( 4 "net/http" 5 "net/http/httptest" 6 "strings" 7 "testing" 8 9 "github.com/stretchr/testify/assert" 10 ) 11 12 func TestLogin(t *testing.T) { 13 router, config := NewAPITest(t) 14 15 body := CreateTestMachine(t, router) 16 17 // Login with machine not validated yet 18 w := httptest.NewRecorder() 19 req, _ := http.NewRequest(http.MethodPost, "/v1/watchers/login", strings.NewReader(body)) 20 req.Header.Add("User-Agent", UserAgent) 21 router.ServeHTTP(w, req) 22 23 assert.Equal(t, 401, w.Code) 24 assert.Equal(t, `{"code":401,"message":"machine test not validated"}`, w.Body.String()) 25 26 // Login with machine not exist 27 w = httptest.NewRecorder() 28 req, _ = http.NewRequest(http.MethodPost, "/v1/watchers/login", strings.NewReader(`{"machine_id": "test1", "password": "test1"}`)) 29 req.Header.Add("User-Agent", UserAgent) 30 router.ServeHTTP(w, req) 31 32 assert.Equal(t, 401, w.Code) 33 assert.Equal(t, `{"code":401,"message":"ent: machine not found"}`, w.Body.String()) 34 35 // Login with invalid body 36 w = httptest.NewRecorder() 37 req, _ = http.NewRequest(http.MethodPost, "/v1/watchers/login", strings.NewReader("test")) 38 req.Header.Add("User-Agent", UserAgent) 39 router.ServeHTTP(w, req) 40 41 assert.Equal(t, 401, w.Code) 42 assert.Equal(t, `{"code":401,"message":"missing: invalid character 'e' in literal true (expecting 'r')"}`, w.Body.String()) 43 44 // Login with invalid format 45 w = httptest.NewRecorder() 46 req, _ = http.NewRequest(http.MethodPost, "/v1/watchers/login", strings.NewReader(`{"machine_id": "test1"}`)) 47 req.Header.Add("User-Agent", UserAgent) 48 router.ServeHTTP(w, req) 49 50 assert.Equal(t, 401, w.Code) 51 assert.Equal(t, `{"code":401,"message":"validation failure list:\npassword in body is required"}`, w.Body.String()) 52 53 //Validate machine 54 ValidateMachine(t, "test", config.API.Server.DbConfig) 55 56 // Login with invalid password 57 w = httptest.NewRecorder() 58 req, _ = http.NewRequest(http.MethodPost, "/v1/watchers/login", strings.NewReader(`{"machine_id": "test", "password": "test1"}`)) 59 req.Header.Add("User-Agent", UserAgent) 60 router.ServeHTTP(w, req) 61 62 assert.Equal(t, 401, w.Code) 63 assert.Equal(t, `{"code":401,"message":"incorrect Username or Password"}`, w.Body.String()) 64 65 // Login with valid machine 66 w = httptest.NewRecorder() 67 req, _ = http.NewRequest(http.MethodPost, "/v1/watchers/login", strings.NewReader(body)) 68 req.Header.Add("User-Agent", UserAgent) 69 router.ServeHTTP(w, req) 70 71 assert.Equal(t, 200, w.Code) 72 assert.Contains(t, w.Body.String(), `"token"`) 73 assert.Contains(t, w.Body.String(), `"expire"`) 74 75 // Login with valid machine + scenarios 76 w = httptest.NewRecorder() 77 req, _ = http.NewRequest(http.MethodPost, "/v1/watchers/login", strings.NewReader(`{"machine_id": "test", "password": "test", "scenarios": ["crowdsecurity/test", "crowdsecurity/test2"]}`)) 78 req.Header.Add("User-Agent", UserAgent) 79 router.ServeHTTP(w, req) 80 81 assert.Equal(t, 200, w.Code) 82 assert.Contains(t, w.Body.String(), `"token"`) 83 assert.Contains(t, w.Body.String(), `"expire"`) 84 }