Ilia Denisov
112 lines
3.2 KiB
Go
112 lines
3.2 KiB
Go
package testenv
|
|
|
|
import (
|
|
"context"
|
|
"crypto/ed25519"
|
|
"encoding/json"
|
|
"fmt"
|
|
"net/http"
|
|
"regexp"
|
|
"testing"
|
|
"time"
|
|
)
|
|
|
|
// Session is a registered device session ready to drive the
|
|
// authenticated gRPC surface.
|
|
type Session struct {
|
|
Email string
|
|
DeviceSessionID string
|
|
Public ed25519.PublicKey
|
|
Private ed25519.PrivateKey
|
|
}
|
|
|
|
var sessionLoginCodeRE = regexp.MustCompile(`(?m)\b(\d{6})\b`)
|
|
|
|
// RegisterSession runs send-email-code → confirm-email-code through
|
|
// the gateway public REST surface and returns a fresh Session. It
|
|
// uses mailpit to capture the verification code and includes the
|
|
// platform's mailpit reset to avoid stale messages between calls.
|
|
func RegisterSession(t *testing.T, plat *Platform, email string) *Session {
|
|
t.Helper()
|
|
ctx, cancel := context.WithTimeout(context.Background(), 60*time.Second)
|
|
defer cancel()
|
|
|
|
if err := plat.Mailpit.DeleteAll(ctx); err != nil {
|
|
t.Fatalf("clear mailpit: %v", err)
|
|
}
|
|
|
|
pub, priv, err := GenerateSessionKeyPair()
|
|
if err != nil {
|
|
t.Fatalf("generate session keypair: %v", err)
|
|
}
|
|
public := NewPublicRESTClient(plat.Gateway.HTTPURL)
|
|
|
|
send, _, err := public.SendEmailCode(ctx, email, "en-US")
|
|
if err != nil {
|
|
t.Fatalf("send-email-code: %v", err)
|
|
}
|
|
if send.ChallengeID == "" {
|
|
t.Fatalf("send-email-code returned empty challenge_id")
|
|
}
|
|
|
|
msg, err := plat.Mailpit.WaitForMessage(ctx, "to:"+email, 30*time.Second)
|
|
if err != nil {
|
|
t.Fatalf("wait for mail: %v", err)
|
|
}
|
|
body, err := plat.Mailpit.MessageBody(ctx, msg.ID)
|
|
if err != nil {
|
|
t.Fatalf("fetch mail body: %v", err)
|
|
}
|
|
m := sessionLoginCodeRE.FindStringSubmatch(body)
|
|
if m == nil {
|
|
t.Fatalf("no 6-digit code in mail body:\n%s", body)
|
|
}
|
|
code := m[1]
|
|
|
|
confirm, _, err := public.ConfirmEmailCode(ctx, send.ChallengeID, code, EncodePublicKey(pub), "UTC")
|
|
if err != nil {
|
|
t.Fatalf("confirm-email-code: %v", err)
|
|
}
|
|
if confirm.DeviceSessionID == "" {
|
|
t.Fatalf("confirm-email-code returned empty device_session_id")
|
|
}
|
|
|
|
return &Session{
|
|
Email: email,
|
|
DeviceSessionID: confirm.DeviceSessionID,
|
|
Public: pub,
|
|
Private: priv,
|
|
}
|
|
}
|
|
|
|
// DialAuthenticated returns a SignedGatewayClient bound to s.
|
|
func (s *Session) DialAuthenticated(ctx context.Context, plat *Platform) (*SignedGatewayClient, error) {
|
|
if s == nil {
|
|
return nil, fmt.Errorf("nil session")
|
|
}
|
|
return DialGateway(ctx, plat.Gateway.GRPCAddr, s.DeviceSessionID, s.Private, plat.Gateway.ResponseSignerPublic)
|
|
}
|
|
|
|
// LookupUserID resolves the user_id for s via backend's internal
|
|
// session lookup. Returns an empty string if the session is unknown.
|
|
func (s *Session) LookupUserID(ctx context.Context, plat *Platform) (string, error) {
|
|
if s == nil || s.DeviceSessionID == "" {
|
|
return "", fmt.Errorf("nil or empty session")
|
|
}
|
|
internal := NewBackendInternalClient(plat.Backend.HTTPURL)
|
|
raw, resp, err := internal.Do(ctx, http.MethodGet, "/api/v1/internal/sessions/"+s.DeviceSessionID, nil)
|
|
if err != nil {
|
|
return "", err
|
|
}
|
|
if resp.StatusCode != http.StatusOK {
|
|
return "", fmt.Errorf("session lookup: status %d body=%s", resp.StatusCode, string(raw))
|
|
}
|
|
var body struct {
|
|
UserID string `json:"user_id"`
|
|
}
|
|
if err := json.Unmarshal(raw, &body); err != nil {
|
|
return "", fmt.Errorf("decode session: %w", err)
|
|
}
|
|
return body.UserID, nil
|
|
}
|