diff options
| -rw-r--r-- | .github/workflows/test.yml | 9 | ||||
| -rw-r--r-- | ci/docker/docker-compose.yml | 1 | ||||
| -rw-r--r-- | ci/docker/eduvpn-server.docker | 4 | ||||
| -rw-r--r-- | ci/docker/replaceexpiry.sh | 7 | ||||
| -rw-r--r-- | ci/docker/starteduvpn.sh | 3 | ||||
| -rw-r--r-- | src/server_test.go | 25 |
6 files changed, 44 insertions, 5 deletions
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 5594dc1..3680dfe 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -12,6 +12,15 @@ jobs: - name: Test with docker-compose run: PORTAL_USER="ci" PORTAL_PASS="ci" ./ci/startcompose.sh + test-go-expiry: + name: Test Go [Custom Expiry] + runs-on: ubuntu-latest + + steps: + - uses: actions/checkout@v2 + - name: Test with docker-compose + run: OAUTH_EXPIRED_TTL="5" PORTAL_USER="ci" PORTAL_PASS="ci" ./ci/startcompose.sh + build-lib: name: Build shared Go library runs-on: ubuntu-latest diff --git a/ci/docker/docker-compose.yml b/ci/docker/docker-compose.yml index 9832871..60bd21d 100644 --- a/ci/docker/docker-compose.yml +++ b/ci/docker/docker-compose.yml @@ -5,6 +5,7 @@ version: '3' x-common-env: &common-env PORTAL_USER: ${PORTAL_USER} PORTAL_PASS: ${PORTAL_PASS} + OAUTH_EXPIRED_TTL: ${OAUTH_EXPIRED_TTL} # Define a network so that the containers can talk with eachother using their service name networks: diff --git a/ci/docker/eduvpn-server.docker b/ci/docker/eduvpn-server.docker index 52d49d1..ed33691 100644 --- a/ci/docker/eduvpn-server.docker +++ b/ci/docker/eduvpn-server.docker @@ -64,11 +64,13 @@ RUN openssl req \ -out "/etc/pki/tls/certs/${WEB_FQDN}.crt" \ -days 90 -# Add the start script +# Add the start script and expiry script WORKDIR /eduvpn/server ADD ci/docker/starteduvpn.sh /eduvpn/server +ADD ci/docker/replaceexpiry.sh /eduvpn/server RUN chmod +x ./starteduvpn.sh +RUN chmod +x ./replaceexpiry.sh # While we could mimic the systemd units ourselves, let's use a systemctl replacement script # This makes it easier to update diff --git a/ci/docker/replaceexpiry.sh b/ci/docker/replaceexpiry.sh new file mode 100644 index 0000000..b029863 --- /dev/null +++ b/ci/docker/replaceexpiry.sh @@ -0,0 +1,7 @@ +#!/usr/bin/env bash + +# If no custom expiry set, do nothing +[ -z "${OAUTH_EXPIRED_TTL}" ] && exit + +# Replace oauth expiry +sed -i "s/return \[/return \[\n'Api' => [\n'tokenExpiry' => 'PT${OAUTH_EXPIRED_TTL}S',\n],/g" "$1" diff --git a/ci/docker/starteduvpn.sh b/ci/docker/starteduvpn.sh index 580150b..36c881d 100644 --- a/ci/docker/starteduvpn.sh +++ b/ci/docker/starteduvpn.sh @@ -12,6 +12,9 @@ if [[ -z "${PORTAL_PASS}" ]]; then exit 1 fi +# Replace expiry +./replaceexpiry.sh /etc/vpn-user-portal/config.php + # Start the preliminary systemd units systemctl start php-fpm systemctl start httpd diff --git a/src/server_test.go b/src/server_test.go index 618c3b6..65a8747 100644 --- a/src/server_test.go +++ b/src/server_test.go @@ -5,9 +5,12 @@ import ( "errors" "fmt" "net/http" + "os" "os/exec" + "strconv" "strings" "testing" + "time" ) func runCommand(t *testing.T, errBuffer *strings.Builder, name string, args ...string) error { @@ -98,21 +101,35 @@ func Test_connect_oauth_parameters(t *testing.T) { } } -func Test_token_refresh(t *testing.T) { +func Test_token_expired(t *testing.T) { + expiredTTL := os.Getenv("OAUTH_EXPIRED_TTL") + if expiredTTL == "" { + t.Log("No expired TTL present, skipping this test. Set EXPIRED_TTL env variable to run it") + return + } + + // Convert the env variable to an int and signal error if it is not possible + expiredInt, expiredErr := strconv.Atoi(expiredTTL) + if expiredErr != nil { + t.Errorf("Cannot convert EXPIRED_TTL env variable to an int with error %v", expiredErr) + } + + // Get a vpn state state := GetVPNState() // Do not verify because during testing, the cert is self-signed http.DefaultTransport.(*http.Transport).TLSClientConfig = &tls.Config{InsecureSkipVerify: true} - state.Register("org.eduvpn.app.linux", "configsrefresh", func(old string, new string, data string) { + state.Register("org.eduvpn.app.linux", "configstest", func(old string, new string, data string) { StateCallback(t, old, new, data) }) - // Fake expiry - state.Server.OAuth.Token.ExpiredTimestamp = GenerateTimeSeconds() accessToken := state.Server.OAuth.Token.Access refreshToken := state.Server.OAuth.Token.Refresh + // Wait for TTL so that the tokens expire + time.Sleep(time.Duration(expiredInt) * time.Second) + _, configErr := state.Connect("https://eduvpnserver") if configErr != nil { |