1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
|
package eduvpn
import (
"crypto/tls"
"errors"
"fmt"
"net/http"
"os"
"os/exec"
"strconv"
"strings"
"testing"
"time"
)
func runCommand(t *testing.T, errBuffer *strings.Builder, name string, args ...string) error {
cmd := exec.Command(name, args...)
cmd.Stderr = errBuffer
err := cmd.Start()
if err != nil {
return err
}
return cmd.Wait()
}
func LoginOAuthSelenium(t *testing.T, url string) {
// We could use the go selenium library
// But it does not support the latest selenium v4 just yet
var errBuffer strings.Builder
err := runCommand(t, &errBuffer, "python3", "../selenium_eduvpn.py", url)
if err != nil {
t.Errorf("Login OAuth with selenium script failed with error %v and stderr %s", err, errBuffer.String())
}
}
func StateCallback(t *testing.T, oldState string, newState string, data string) {
if newState == "OAuthInitialized" {
LoginOAuthSelenium(t, data)
}
}
func Test_server(t *testing.T) {
state := GetVPNState()
// Do not verify because during testing, the cert is self-signed
http.DefaultTransport.(*http.Transport).TLSClientConfig = &tls.Config{InsecureSkipVerify: true}
state.Register("org.eduvpn.app.linux", "configstest", func(old string, new string, data string) {
StateCallback(t, old, new, data)
})
_, configErr := state.Connect("https://eduvpnserver")
if configErr != nil {
t.Errorf("Connect error: %v", configErr)
}
}
func test_connect_oauth_parameter(t *testing.T, parameters URLParameters, expectedErr interface{}) {
state := &VPNState{}
// Do not verify because during testing, the cert is self-signed
http.DefaultTransport.(*http.Transport).TLSClientConfig = &tls.Config{InsecureSkipVerify: true}
state.Register("org.eduvpn.app.linux", "configsnologin", func(old string, new string, data string) {
if new == "OAuthInitialized" {
baseURL := "http://127.0.0.1:8000/callback"
url, err := HTTPConstructURL(baseURL, parameters)
if err != nil {
t.Errorf("Error: Constructing url %s with parameters %s", baseURL, fmt.Sprint(parameters))
}
_, _ = http.Get(url)
}
})
_, configErr := state.Connect("https://eduvpnserver")
if !errors.As(configErr, expectedErr) {
t.Errorf("error %T = %v, wantErr %T", configErr, configErr, expectedErr)
}
}
func Test_connect_oauth_parameters(t *testing.T) {
var (
failedCallbackParameterError *OAuthFailedCallbackParameterError
failedCallbackStateMatchError *OAuthFailedCallbackStateMatchError
)
tests := []struct {
expectedErr interface{}
parameters URLParameters
}{
{&failedCallbackParameterError, URLParameters{}},
{&failedCallbackParameterError, URLParameters{"code": "42"}},
{&failedCallbackStateMatchError, URLParameters{"code": "42", "state": "21"}},
}
for _, test := range tests {
test_connect_oauth_parameter(t, test.parameters, test.expectedErr)
}
}
func Test_token_expired(t *testing.T) {
expiredTTL := os.Getenv("OAUTH_EXPIRED_TTL")
if expiredTTL == "" {
t.Log("No expired TTL present, skipping this test. Set EXPIRED_TTL env variable to run it")
return
}
// Convert the env variable to an int and signal error if it is not possible
expiredInt, expiredErr := strconv.Atoi(expiredTTL)
if expiredErr != nil {
t.Errorf("Cannot convert EXPIRED_TTL env variable to an int with error %v", expiredErr)
}
// Get a vpn state
state := GetVPNState()
// Do not verify because during testing, the cert is self-signed
http.DefaultTransport.(*http.Transport).TLSClientConfig = &tls.Config{InsecureSkipVerify: true}
state.Register("org.eduvpn.app.linux", "configstest", func(old string, new string, data string) {
StateCallback(t, old, new, data)
})
accessToken := state.Server.OAuth.Token.Access
refreshToken := state.Server.OAuth.Token.Refresh
// Wait for TTL so that the tokens expire
time.Sleep(time.Duration(expiredInt) * time.Second)
_, configErr := state.Connect("https://eduvpnserver")
if configErr != nil {
t.Errorf("Connect error: %v", configErr)
}
// Check if tokens have changed
accessTokenAfter := state.Server.OAuth.Token.Access
refreshTokenAfter := state.Server.OAuth.Token.Refresh
if accessToken == accessTokenAfter {
t.Errorf("Access token is the same after refresh")
}
if refreshToken == refreshTokenAfter {
t.Errorf("Refresh token is the same after refresh")
}
}
func Test_token_invalid(t *testing.T) {
state := GetVPNState()
// Do not verify because during testing, the cert is self-signed
http.DefaultTransport.(*http.Transport).TLSClientConfig = &tls.Config{InsecureSkipVerify: true}
state.Register("org.eduvpn.app.linux", "configsinvalid", func(old string, new string, data string) {
StateCallback(t, old, new, data)
})
dummy_value := "37"
// Override tokens with invalid values
state.Server.OAuth.Token.Access = dummy_value
state.Server.OAuth.Token.Refresh = dummy_value
_, configErr := state.Connect("https://eduvpnserver")
if configErr != nil {
t.Errorf("Connect error: %v", configErr)
}
if state.Server.OAuth.Token.Access == dummy_value {
t.Errorf("Access token is equal to dummy value: %s", dummy_value)
}
if state.Server.OAuth.Token.Refresh == dummy_value {
t.Errorf("Refresh token is equal to dummy value: %s", dummy_value)
}
}
|
