Add more v2 tests + fixes + improve legacy config parsing

2019-04-18 15:07:39 +01:00
parent 5597b7268b
commit 6968f6181b
13 changed files with 538 additions and 407 deletions
--- a/internal/config_test.go
+++ b/internal/config_test.go
@ -1,6 +1,8 @@
 package tfa

 import (
+	"bytes"
+	"os"
 	"testing"
 	"time"
 )
@ -26,14 +28,11 @@ func TestConfigDefaults(t *testing.T) {
 	if c.AuthHost != "" {
 		t.Error("AuthHost default should be empty, got", c.AuthHost)
 	}
-	if c.ConfigFile != "" {
-		t.Error("ConfigFile default should be empty, got", c.ConfigFile)
-	}
 	if len(c.CookieDomains) != 0 {
 		t.Error("CookieDomains default should be empty, got", c.CookieDomains)
 	}
-	if c.CookieInsecure != false {
-		t.Error("CookieInsecure default should be false, got", c.CookieInsecure)
+	if c.InsecureCookie != false {
+		t.Error("InsecureCookie default should be false, got", c.InsecureCookie)
 	}
 	if c.CookieName != "_forward_auth" {
 		t.Error("CookieName default should be _forward_auth, got", c.CookieName)
@ -41,13 +40,13 @@ func TestConfigDefaults(t *testing.T) {
 	if c.CSRFCookieName != "_forward_auth_csrf" {
 		t.Error("CSRFCookieName default should be _forward_auth_csrf, got", c.CSRFCookieName)
 	}
-	if c.DefaultAction != "allow" {
-		t.Error("DefaultAction default should be allow, got", c.DefaultAction)
+	if c.DefaultAction != "auth" {
+		t.Error("DefaultAction default should be auth, got", c.DefaultAction)
 	}
 	if len(c.Domains) != 0 {
 		t.Error("Domain default should be empty, got", c.Domains)
 	}
-	if c.Lifetime != time.Second * time.Duration(43200) {
+	if c.Lifetime != time.Second*time.Duration(43200) {
 		t.Error("Lifetime default should be 43200, got", c.Lifetime)
 	}
 	if c.Path != "/_oauth" {
@ -60,17 +59,12 @@ func TestConfigDefaults(t *testing.T) {
 	if c.Providers.Google.Prompt != "" {
 		t.Error("Providers.Google.Prompt default should be empty, got", c.Providers.Google.Prompt)
 	}
-
-	// Deprecated options
-	if c.CookieSecure != "true" {
-		t.Error("CookieSecure default should be true, got", c.CookieSecure)
-	}
 }

-func TestConfigParseFlags(t *testing.T) {
+func TestConfigParseArgs(t *testing.T) {
 	c, err := NewConfig([]string{
-		"--path=_oauthpath",
-		"--cookie-name", "\"cookiename\"",
+		"--cookie-name=cookiename",
+		"--csrf-cookie-name", "\"csrfcookiename\"",
 		"--rule.1.action=allow",
 		"--rule.1.rule=PathPrefix(`/one`)",
 		"--rule.two.action=auth",
@ -81,12 +75,12 @@ func TestConfigParseFlags(t *testing.T) {
 	}

 	// Check normal flags
-	if c.Path != "/_oauthpath" {
-		t.Error("Path default should be /_oauthpath, got", c.Path)
-	}
 	if c.CookieName != "cookiename" {
 		t.Error("CookieName default should be cookiename, got", c.CookieName)
 	}
+	if c.CSRFCookieName != "csrfcookiename" {
+		t.Error("CSRFCookieName default should be csrfcookiename, got", c.CSRFCookieName)
+	}

 	// Check rules
 	if len(c.Rules) != 2 {
@ -124,23 +118,152 @@ func TestConfigParseFlags(t *testing.T) {
 	}
 }

-// func TestConfigParseUnknownFlags(t *testing.T) {
-// 	c := NewConfig([]string{
-// 		"--unknown=_oauthpath",
-// 	})
+func TestConfigParseUnknownFlags(t *testing.T) {
+	_, err := NewConfig([]string{
+		"--unknown=_oauthpath2",
+	})
+	if err.Error() != "unknown flag: unknown" {
+		t.Error("Error should be \"unknown flag: unknown\", got:", err)
+	}
+}

-// }
+func TestConfigFlagBackwardsCompatability(t *testing.T) {
+	c, err := NewConfig([]string{
+		"--client-id=clientid",
+		"--client-secret=verysecret",
+		"--prompt=prompt",
+		"--lifetime=200",
+		"--cookie-secure=false",
+	})
+	if err != nil {
+		t.Error(err)
+	}

-// func TestConfigToml(t *testing.T) {
-//   logrus.SetLevel(logrus.DebugLevel)
-//   flag.CommandLine = flag.NewFlagSet("tfa-test", flag.ContinueOnError)
+	if c.ClientIdLegacy != "clientid" {
+		t.Error("ClientIdLegacy should be clientid, got", c.ClientIdLegacy)
+	}
+	if c.Providers.Google.ClientId != "clientid" {
+		t.Error("Providers.Google.ClientId should be clientid, got", c.Providers.Google.ClientId)
+	}
+	if c.ClientSecretLegacy != "verysecret" {
+		t.Error("ClientSecretLegacy should be verysecret, got", c.ClientSecretLegacy)
+	}
+	if c.Providers.Google.ClientSecret != "verysecret" {
+		t.Error("Providers.Google.ClientSecret should be verysecret, got", c.Providers.Google.ClientSecret)
+	}
+	if c.PromptLegacy != "prompt" {
+		t.Error("PromptLegacy should be prompt, got", c.PromptLegacy)
+	}
+	if c.Providers.Google.Prompt != "prompt" {
+		t.Error("Providers.Google.Prompt should be prompt, got", c.Providers.Google.Prompt)
+	}

-//   flags := []string{
-//     "-config=../test/config.toml",
-//   }
-//   c := NewDefaultConfigWithFlags(flags)
+	// "cookie-secure" used to be a standard go bool flag that could take
+	// true, TRUE, 1, false, FALSE, 0 etc. values.
+	// Here we're checking that format is still suppoted
+	if c.CookieSecureLegacy != "false" || c.InsecureCookie != true {
+		t.Error("Setting cookie-secure=false should set InsecureCookie true, got", c.InsecureCookie)
+	}
+	c, err = NewConfig([]string{"--cookie-secure=TRUE"})
+	if err != nil {
+		t.Error(err)
+	}
+	if c.CookieSecureLegacy != "TRUE" || c.InsecureCookie != false {
+		t.Error("Setting cookie-secure=TRUE should set InsecureCookie false, got", c.InsecureCookie)
+	}
+}

-//   if c == nil {
-//     t.Error(c)
-//   }
-// }
+func TestConfigParseIni(t *testing.T) {
+	c, err := NewConfig([]string{
+		"--config=../test/config0",
+		"--config=../test/config1",
+		"--csrf-cookie-name=csrfcookiename",
+	})
+	if err != nil {
+		t.Error(err)
+	}
+
+	if c.CookieName != "inicookiename" {
+		t.Error("CookieName should be read as inicookiename from ini file, got", c.CookieName)
+	}
+	if c.CSRFCookieName != "csrfcookiename" {
+		t.Error("CSRFCookieName argument should override ini file, got", c.CSRFCookieName)
+	}
+	if c.Path != "/two" {
+		t.Error("Path in second ini file should override first ini file, got", c.Path)
+	}
+}
+
+func TestConfigFileBackwardsCompatability(t *testing.T) {
+	c, err := NewConfig([]string{
+		"--config=../test/config-legacy",
+	})
+	if err != nil {
+		t.Error(err)
+	}
+
+	if c.Path != "/two" {
+		t.Error("Path in legacy config file should be read, got", c.Path)
+	}
+}
+
+func TestConfigParseEnvironment(t *testing.T) {
+	os.Setenv("COOKIE_NAME", "env_cookie_name")
+	c, err := NewConfig([]string{})
+	if err != nil {
+		t.Error(err)
+	}
+
+	if c.CookieName != "env_cookie_name" {
+		t.Error("CookieName should be read as env_cookie_name from environment, got", c.CookieName)
+	}
+}
+
+func TestConfigTransformation(t *testing.T) {
+	c, err := NewConfig([]string{
+		"--url-path=_oauthpath",
+		"--secret=verysecret",
+		"--lifetime=200",
+	})
+	if err != nil {
+		t.Error(err)
+	}
+
+	if c.Path != "/_oauthpath" {
+		t.Error("Path should add slash to front to get /_oauthpath, got:", c.Path)
+	}
+
+	if c.SecretString != "verysecret" {
+		t.Error("SecretString should be verysecret, got:", c.SecretString)
+	}
+	if bytes.Compare(c.Secret, []byte("verysecret")) != 0 {
+		t.Error("Secret should be []byte(verysecret), got:", string(c.Secret))
+	}
+
+	if c.LifetimeString != 200 {
+		t.Error("LifetimeString should be 200, got:", c.LifetimeString)
+	}
+	if c.Lifetime != time.Second*time.Duration(200) {
+		t.Error("Lifetime default should be 200, got", c.Lifetime)
+	}
+}
+
+func TestConfigCommaSeparatedList(t *testing.T) {
+	list := CommaSeparatedList{}
+
+	err := list.UnmarshalFlag("one,two")
+	if err != nil {
+		t.Error(err)
+	}
+	if len(list) != 2 || list[0] != "one" || list[1] != "two" {
+		t.Error("Expected UnmarshalFlag to provide CommaSeparatedList{one,two}, got", list)
+	}
+
+	marshal, err := list.MarshalFlag()
+	if err != nil {
+		t.Error(err)
+	}
+	if marshal != "one,two" {
+		t.Error("Expected MarshalFlag to provide \"one,two\", got", list)
+	}
+}