IliaDenisov
187 lines
5.0 KiB
Go
187 lines
5.0 KiB
Go
package internalhttp
|
|
|
|
import (
|
|
"bytes"
|
|
"context"
|
|
"io"
|
|
"net"
|
|
"net/http"
|
|
"testing"
|
|
"time"
|
|
|
|
"galaxy/authsession/internal/service/blockuser"
|
|
"galaxy/authsession/internal/service/getsession"
|
|
"galaxy/authsession/internal/service/listusersessions"
|
|
"galaxy/authsession/internal/service/revokeallusersessions"
|
|
"galaxy/authsession/internal/service/revokedevicesession"
|
|
"galaxy/authsession/internal/service/shared"
|
|
|
|
"github.com/stretchr/testify/assert"
|
|
"github.com/stretchr/testify/require"
|
|
)
|
|
|
|
func TestNewServerRejectsInvalidConfiguration(t *testing.T) {
|
|
t.Parallel()
|
|
|
|
cfg := DefaultConfig()
|
|
cfg.Addr = ""
|
|
|
|
_, err := NewServer(cfg, validDependencies())
|
|
|
|
require.Error(t, err)
|
|
assert.Contains(t, err.Error(), "addr")
|
|
}
|
|
|
|
func TestServerRunAndShutdown(t *testing.T) {
|
|
t.Parallel()
|
|
|
|
cfg := DefaultConfig()
|
|
cfg.Addr = mustFreeAddr(t)
|
|
|
|
server, err := NewServer(cfg, validDependencies())
|
|
require.NoError(t, err)
|
|
|
|
runErr := make(chan error, 1)
|
|
go func() {
|
|
runErr <- server.Run(context.Background())
|
|
}()
|
|
|
|
client := newTestHTTPClient(t)
|
|
waitForInternalRevokeReady(t, client, cfg.Addr)
|
|
|
|
shutdownCtx, cancel := context.WithTimeout(context.Background(), time.Second)
|
|
defer cancel()
|
|
require.NoError(t, server.Shutdown(shutdownCtx))
|
|
waitForServerRunResult(t, runErr)
|
|
}
|
|
|
|
func TestServerDoesNotExposeProbeOrMetricsRoutes(t *testing.T) {
|
|
t.Parallel()
|
|
|
|
cfg := DefaultConfig()
|
|
cfg.Addr = mustFreeAddr(t)
|
|
|
|
server, err := NewServer(cfg, validDependencies())
|
|
require.NoError(t, err)
|
|
|
|
runErr := make(chan error, 1)
|
|
go func() {
|
|
runErr <- server.Run(context.Background())
|
|
}()
|
|
|
|
client := newTestHTTPClient(t)
|
|
waitForInternalRevokeReady(t, client, cfg.Addr)
|
|
|
|
for _, path := range []string{"/healthz", "/readyz", "/metrics"} {
|
|
request, reqErr := http.NewRequest(http.MethodGet, "http://"+cfg.Addr+path, nil)
|
|
require.NoError(t, reqErr)
|
|
|
|
response, err := client.Do(request)
|
|
require.NoError(t, err)
|
|
_, _ = io.ReadAll(response.Body)
|
|
response.Body.Close()
|
|
|
|
assert.Equalf(t, http.StatusNotFound, response.StatusCode, "path %s", path)
|
|
}
|
|
|
|
shutdownCtx, cancel := context.WithTimeout(context.Background(), time.Second)
|
|
defer cancel()
|
|
require.NoError(t, server.Shutdown(shutdownCtx))
|
|
waitForServerRunResult(t, runErr)
|
|
}
|
|
|
|
func validDependencies() Dependencies {
|
|
return Dependencies{
|
|
GetSession: getSessionFunc(func(context.Context, getsession.Input) (getsession.Result, error) {
|
|
return getsession.Result{Session: validSessionDTO()}, nil
|
|
}),
|
|
ListUserSessions: listUserSessionsFunc(func(context.Context, listusersessions.Input) (listusersessions.Result, error) {
|
|
return listusersessions.Result{Sessions: []shared.Session{validSessionDTO()}}, nil
|
|
}),
|
|
RevokeDeviceSession: revokeDeviceSessionFunc(func(context.Context, revokedevicesession.Input) (revokedevicesession.Result, error) {
|
|
return revokedevicesession.Result{
|
|
Outcome: "revoked",
|
|
DeviceSessionID: "device-session-123",
|
|
AffectedSessionCount: 1,
|
|
}, nil
|
|
}),
|
|
RevokeAllUserSessions: revokeAllUserSessionsFunc(func(context.Context, revokeallusersessions.Input) (revokeallusersessions.Result, error) {
|
|
return revokeallusersessions.Result{
|
|
Outcome: "revoked",
|
|
UserID: "user-123",
|
|
AffectedSessionCount: 1,
|
|
AffectedDeviceSessionIDs: []string{"device-session-123"},
|
|
}, nil
|
|
}),
|
|
BlockUser: blockUserFunc(func(context.Context, blockuser.Input) (blockuser.Result, error) {
|
|
return blockuser.Result{
|
|
Outcome: "blocked",
|
|
SubjectKind: blockuser.SubjectKindEmail,
|
|
SubjectValue: "pilot@example.com",
|
|
AffectedSessionCount: 0,
|
|
AffectedDeviceSessionIDs: []string{},
|
|
}, nil
|
|
}),
|
|
}
|
|
}
|
|
|
|
func newTestHTTPClient(t *testing.T) *http.Client {
|
|
t.Helper()
|
|
|
|
transport := &http.Transport{
|
|
DisableKeepAlives: true,
|
|
}
|
|
t.Cleanup(transport.CloseIdleConnections)
|
|
|
|
return &http.Client{
|
|
Timeout: 250 * time.Millisecond,
|
|
Transport: transport,
|
|
}
|
|
}
|
|
|
|
func waitForInternalRevokeReady(t *testing.T, client *http.Client, addr string) {
|
|
t.Helper()
|
|
|
|
require.Eventually(t, func() bool {
|
|
response, err := client.Post(
|
|
"http://"+addr+"/api/v1/internal/sessions/device-session-123/revoke",
|
|
"application/json",
|
|
bytes.NewBufferString(`{"reason_code":"admin_revoke","actor":{"type":"system"}}`),
|
|
)
|
|
if err != nil {
|
|
return false
|
|
}
|
|
defer response.Body.Close()
|
|
_, _ = io.ReadAll(response.Body)
|
|
|
|
return response.StatusCode == http.StatusOK
|
|
}, 5*time.Second, 25*time.Millisecond, "internal HTTP server did not become reachable")
|
|
}
|
|
|
|
func waitForServerRunResult(t *testing.T, runErr <-chan error) {
|
|
t.Helper()
|
|
|
|
var err error
|
|
require.Eventually(t, func() bool {
|
|
select {
|
|
case err = <-runErr:
|
|
return true
|
|
default:
|
|
return false
|
|
}
|
|
}, 5*time.Second, 10*time.Millisecond, "internal HTTP server did not stop")
|
|
require.NoError(t, err)
|
|
}
|
|
|
|
func mustFreeAddr(t *testing.T) string {
|
|
t.Helper()
|
|
|
|
listener, err := net.Listen("tcp", "127.0.0.1:0")
|
|
require.NoError(t, err)
|
|
defer func() {
|
|
assert.NoError(t, listener.Close())
|
|
}()
|
|
|
|
return listener.Addr().String()
|
|
}
|