1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
|
package eduvpn
import (
"crypto/tls"
"errors"
"fmt"
"net/http"
"os"
"os/exec"
"strconv"
"strings"
"testing"
"time"
)
func runCommand(t *testing.T, errBuffer *strings.Builder, name string, args ...string) error {
cmd := exec.Command(name, args...)
cmd.Stderr = errBuffer
err := cmd.Start()
if err != nil {
return err
}
return cmd.Wait()
}
func LoginOAuthSelenium(t *testing.T, url string) {
// We could use the go selenium library
// But it does not support the latest selenium v4 just yet
var errBuffer strings.Builder
err := runCommand(t, &errBuffer, "python3", "../selenium_eduvpn.py", url)
if err != nil {
t.Errorf("Login OAuth with selenium script failed with error %v and stderr %s", err, errBuffer.String())
}
}
func StateCallback(t *testing.T, oldState string, newState string, data string) {
if newState == "OAuth_Started" {
go LoginOAuthSelenium(t, data)
}
}
func Test_server(t *testing.T) {
state := GetVPNState()
// Do not verify because during testing, the cert is self-signed
http.DefaultTransport.(*http.Transport).TLSClientConfig = &tls.Config{InsecureSkipVerify: true}
state.Register("org.eduvpn.app.linux", "configstest", func(old string, new string, data string) {
StateCallback(t, old, new, data)
}, false)
_, configErr := state.Connect("https://eduvpnserver")
if configErr != nil {
t.Errorf("Connect error: %v", configErr)
}
}
func test_connect_oauth_parameter(t *testing.T, parameters URLParameters, expectedErr interface{}) {
state := GetVPNState()
state.Deregister()
// Do not verify because during testing, the cert is self-signed
http.DefaultTransport.(*http.Transport).TLSClientConfig = &tls.Config{InsecureSkipVerify: true}
state.Register("org.eduvpn.app.linux", "configsnologin", func(oldState string, newState string, data string) {
if newState == "OAuth_Started" {
baseURL := "http://127.0.0.1:8000/callback"
url, err := HTTPConstructURL(baseURL, parameters)
if err != nil {
t.Errorf("Error: Constructing url %s with parameters %s", baseURL, fmt.Sprint(parameters))
}
go http.Get(url)
}
}, false)
_, configErr := state.Connect("https://eduvpnserver")
if !errors.As(configErr, expectedErr) {
t.Errorf("error %T = %v, wantErr %T", configErr, configErr, expectedErr)
}
}
func Test_connect_oauth_parameters(t *testing.T) {
var (
failedCallbackParameterError *OAuthFailedCallbackParameterError
failedCallbackStateMatchError *OAuthFailedCallbackStateMatchError
)
tests := []struct {
expectedErr interface{}
parameters URLParameters
}{
{&failedCallbackParameterError, URLParameters{}},
{&failedCallbackParameterError, URLParameters{"code": "42"}},
{&failedCallbackStateMatchError, URLParameters{"code": "42", "state": "21"}},
}
for _, test := range tests {
test_connect_oauth_parameter(t, test.parameters, test.expectedErr)
}
}
func Test_token_expired(t *testing.T) {
expiredTTL := os.Getenv("OAUTH_EXPIRED_TTL")
if expiredTTL == "" {
t.Log("No expired TTL present, skipping this test. Set EXPIRED_TTL env variable to run it")
return
}
// Convert the env variable to an int and signal error if it is not possible
expiredInt, expiredErr := strconv.Atoi(expiredTTL)
if expiredErr != nil {
t.Errorf("Cannot convert EXPIRED_TTL env variable to an int with error %v", expiredErr)
}
// Get a vpn state
state := GetVPNState()
state.Deregister()
// Do not verify because during testing, the cert is self-signed
http.DefaultTransport.(*http.Transport).TLSClientConfig = &tls.Config{InsecureSkipVerify: true}
state.Register("org.eduvpn.app.linux", "configsexpired", func(old string, new string, data string) {
StateCallback(t, old, new, data)
}, false)
_, configErr := state.Connect("https://eduvpnserver")
if configErr != nil {
t.Errorf("Connect error before expired: %v", configErr)
}
accessToken := state.Server.OAuth.Token.Access
refreshToken := state.Server.OAuth.Token.Refresh
// Wait for TTL so that the tokens expire
time.Sleep(time.Duration(expiredInt) * time.Second)
infoErr := state.Server.APIInfo()
if infoErr != nil {
t.Errorf("Info error after expired: %v", infoErr)
}
// Check if tokens have changed
accessTokenAfter := state.Server.OAuth.Token.Access
refreshTokenAfter := state.Server.OAuth.Token.Refresh
if accessToken == accessTokenAfter {
t.Errorf("Access token is the same after refresh")
}
if refreshToken == refreshTokenAfter {
t.Errorf("Refresh token is the same after refresh")
}
}
// FIXME:This needs to be uncommented when we can go to an oauth state in the fsm even if we're already authenticated
//func Test_token_invalid(t *testing.T) {
// state := GetVPNState()
//
// // Do not verify because during testing, the cert is self-signed
// http.DefaultTransport.(*http.Transport).TLSClientConfig = &tls.Config{InsecureSkipVerify: true}
//
// state.Deregister()
//
// state.Register("org.eduvpn.app.linux", "configsinvalid", func(old string, new string, data string) {
// StateCallback(t, old, new, data)
// }, false)
//
// _, configErr := state.Connect("https://eduvpnserver")
//
// if configErr != nil {
// t.Errorf("Connect error before invalid: %v", configErr)
// }
//
// dummy_value := "37"
//
// // Override tokens with invalid values
// state.Server.OAuth.Token.Access = dummy_value
// state.Server.OAuth.Token.Refresh = dummy_value
//
// infoErr := state.Server.APIInfo()
//
// if infoErr != nil {
// t.Errorf("Info error after invalid: %v", infoErr)
// }
//
// if state.Server.OAuth.Token.Access == dummy_value {
// t.Errorf("Access token is equal to dummy value: %s", dummy_value)
// }
//
// if state.Server.OAuth.Token.Refresh == dummy_value {
// t.Errorf("Refresh token is equal to dummy value: %s", dummy_value)
// }
//}
|
