Tests: Change OAuth expiry tests by using a custom expiry time

author: jwijenbergh <jeroenwijenbergh@protonmail.com> 2022-03-29 14:47:45 +0200
committer: jwijenbergh <jeroenwijenbergh@protonmail.com> 2022-03-29 14:47:45 +0200
commit: 3e7bae91097d9a67262ab0d0b8450d9371201629 (patch)
tree: 96fb07b4091de115bf224ebfd009261b3729256f
parent: 6192f9ab54a805c1fabe6a2c5b8eca622b565082 (diff)
6 files changed, 44 insertions, 5 deletions
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index 5594dc1..3680dfe 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -12,6 +12,15 @@ jobs:
       - name: Test with docker-compose
         run: PORTAL_USER="ci" PORTAL_PASS="ci" ./ci/startcompose.sh
 
+  test-go-expiry:
+    name: Test Go [Custom Expiry]
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v2
+      - name: Test with docker-compose
+        run: OAUTH_EXPIRED_TTL="5" PORTAL_USER="ci" PORTAL_PASS="ci" ./ci/startcompose.sh
+
   build-lib:
     name: Build shared Go library
     runs-on: ubuntu-latest
diff --git a/ci/docker/docker-compose.yml b/ci/docker/docker-compose.yml
index 9832871..60bd21d 100644
--- a/ci/docker/docker-compose.yml
+++ b/ci/docker/docker-compose.yml
@@ -5,6 +5,7 @@ version: '3'
 x-common-env: &common-env
   PORTAL_USER: ${PORTAL_USER}
   PORTAL_PASS: ${PORTAL_PASS}
+  OAUTH_EXPIRED_TTL: ${OAUTH_EXPIRED_TTL}
 
 # Define a network so that the containers can talk with eachother using their service name
 networks:
diff --git a/ci/docker/eduvpn-server.docker b/ci/docker/eduvpn-server.docker
index 52d49d1..ed33691 100644
--- a/ci/docker/eduvpn-server.docker
+++ b/ci/docker/eduvpn-server.docker
@@ -64,11 +64,13 @@ RUN openssl req \
     -out "/etc/pki/tls/certs/${WEB_FQDN}.crt" \
     -days 90
 
-# Add the start script
+# Add the start script and expiry script
 WORKDIR /eduvpn/server
 ADD ci/docker/starteduvpn.sh /eduvpn/server
+ADD ci/docker/replaceexpiry.sh /eduvpn/server
 
 RUN chmod +x ./starteduvpn.sh
+RUN chmod +x ./replaceexpiry.sh
 
 # While we could mimic the systemd units ourselves, let's use a systemctl replacement script
 # This makes it easier to update
diff --git a/ci/docker/replaceexpiry.sh b/ci/docker/replaceexpiry.sh
new file mode 100644
index 0000000..b029863
--- /dev/null
+++ b/ci/docker/replaceexpiry.sh
@@ -0,0 +1,7 @@
+#!/usr/bin/env bash
+
+# If no custom expiry set, do nothing
+[ -z "${OAUTH_EXPIRED_TTL}" ] && exit
+
+# Replace oauth expiry
+sed -i "s/return \[/return \[\n'Api' => [\n'tokenExpiry' => 'PT${OAUTH_EXPIRED_TTL}S',\n],/g" "$1"
diff --git a/ci/docker/starteduvpn.sh b/ci/docker/starteduvpn.sh
index 580150b..36c881d 100644
--- a/ci/docker/starteduvpn.sh
+++ b/ci/docker/starteduvpn.sh
@@ -12,6 +12,9 @@ if [[ -z "${PORTAL_PASS}" ]]; then
     exit 1
 fi
 
+# Replace expiry
+./replaceexpiry.sh /etc/vpn-user-portal/config.php
+
 # Start the preliminary systemd units
 systemctl start php-fpm
 systemctl start httpd
diff --git a/src/server_test.go b/src/server_test.go
index 618c3b6..65a8747 100644
--- a/src/server_test.go
+++ b/src/server_test.go
@@ -5,9 +5,12 @@ import (
 	"errors"
 	"fmt"
 	"net/http"
+	"os"
 	"os/exec"
+	"strconv"
 	"strings"
 	"testing"
+	"time"
 )
 
 func runCommand(t *testing.T, errBuffer *strings.Builder, name string, args ...string) error {
@@ -98,21 +101,35 @@ func Test_connect_oauth_parameters(t *testing.T) {
 	}
 }
 
-func Test_token_refresh(t *testing.T) {
+func Test_token_expired(t *testing.T) {
+	expiredTTL := os.Getenv("OAUTH_EXPIRED_TTL")
+	if expiredTTL == "" {
+		t.Log("No expired TTL present, skipping this test. Set EXPIRED_TTL env variable to run it")
+		return
+	}
+
+	// Convert the env variable to an int and signal error if it is not possible
+	expiredInt, expiredErr := strconv.Atoi(expiredTTL)
+	if expiredErr != nil {
+		t.Errorf("Cannot convert EXPIRED_TTL env variable to an int with error %v", expiredErr)
+	}
+
+	// Get a vpn state
 	state := GetVPNState()
 
 	// Do not verify because during testing, the cert is self-signed
 	http.DefaultTransport.(*http.Transport).TLSClientConfig = &tls.Config{InsecureSkipVerify: true}
 
-	state.Register("org.eduvpn.app.linux", "configsrefresh", func(old string, new string, data string) {
+	state.Register("org.eduvpn.app.linux", "configstest", func(old string, new string, data string) {
 		StateCallback(t, old, new, data)
 	})
 
-	// Fake expiry
-	state.Server.OAuth.Token.ExpiredTimestamp = GenerateTimeSeconds()
 	accessToken := state.Server.OAuth.Token.Access
 	refreshToken := state.Server.OAuth.Token.Refresh
 
+	// Wait for TTL so that the tokens expire
+	time.Sleep(time.Duration(expiredInt) * time.Second)
+
 	_, configErr := state.Connect("https://eduvpnserver")
 
 	if configErr != nil {
author	jwijenbergh <jeroenwijenbergh@protonmail.com>	2022-03-29 14:47:45 +0200
committer	jwijenbergh <jeroenwijenbergh@protonmail.com>	2022-03-29 14:47:45 +0200
commit	3e7bae91097d9a67262ab0d0b8450d9371201629 (patch)
tree	96fb07b4091de115bf224ebfd009261b3729256f
parent	6192f9ab54a805c1fabe6a2c5b8eca622b565082 (diff)