Home Explore Help
Sign In
mirrors
/
ntfy
mirror of https://github.com/binwiederhier/ntfy
1
0
Fork 0
Files Issues 0 Wiki
Tree: 3d921f4570
Branches Tags
ntfy
/
user
/
manager_test.go

manager_test.go 16 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445 
  1. package user
    2. 

  2. 

  3. import (
    4. 

  4. 	"database/sql"
    5. 

  5. 	"github.com/stretchr/testify/require"
    6. 

  6. 	"path/filepath"
    7. 

  7. 	"strings"
    8. 

  8. 	"testing"
    9. 

  9. 	"time"
    10. 

  10. )
    11. 

  11. 

  12. const minBcryptTimingMillis = int64(50) // Ideally should be >100ms, but this should also run on a Raspberry Pi without massive resources
    13. 

  13. 

  14. func TestManager_FullScenario_Default_DenyAll(t *testing.T) {
    15. 

  15. 	a := newTestManager(t, false, false)
    16. 

  16. 	require.Nil(t, a.AddUser("phil", "phil", RoleAdmin))
    17. 

  17. 	require.Nil(t, a.AddUser("ben", "ben", RoleUser))
    18. 

  18. 	require.Nil(t, a.AllowAccess("ben", "mytopic", true, true))
    19. 

  19. 	require.Nil(t, a.AllowAccess("ben", "readme", true, false))
    20. 

  20. 	require.Nil(t, a.AllowAccess("ben", "writeme", false, true))
    21. 

  21. 	require.Nil(t, a.AllowAccess("ben", "everyonewrite", false, false)) // How unfair!
    22. 

  22. 	require.Nil(t, a.AllowAccess(Everyone, "announcements", true, false))
    23. 

  23. 	require.Nil(t, a.AllowAccess(Everyone, "everyonewrite", true, true))
    24. 

  24. 	require.Nil(t, a.AllowAccess(Everyone, "up*", false, true)) // Everyone can write to /up*
    25. 

  25. 

  26. 	phil, err := a.Authenticate("phil", "phil")
    27. 

  27. 	require.Nil(t, err)
    28. 

  28. 	require.Equal(t, "phil", phil.Name)
    29. 

  29. 	require.True(t, strings.HasPrefix(phil.Hash, "$2a$10$"))
    30. 

  30. 	require.Equal(t, RoleAdmin, phil.Role)
    31. 

  31. 	require.Equal(t, []Grant{}, phil.Grants)
    32. 

  32. 

  33. 	ben, err := a.Authenticate("ben", "ben")
    34. 

  34. 	require.Nil(t, err)
    35. 

  35. 	require.Equal(t, "ben", ben.Name)
    36. 

  36. 	require.True(t, strings.HasPrefix(ben.Hash, "$2a$10$"))
    37. 

  37. 	require.Equal(t, RoleUser, ben.Role)
    38. 

  38. 	require.Equal(t, []Grant{
    39. 

  39. 		{"mytopic", true, true},
    40. 

  40. 		{"writeme", false, true},
    41. 

  41. 		{"readme", true, false},
    42. 

  42. 		{"everyonewrite", false, false},
    43. 

  43. 	}, ben.Grants)
    44. 

  44. 

  45. 	notben, err := a.Authenticate("ben", "this is wrong")
    46. 

  46. 	require.Nil(t, notben)
    47. 

  47. 	require.Equal(t, ErrUnauthenticated, err)
    48. 

  48. 

  49. 	// Admin can do everything
    50. 

  50. 	require.Nil(t, a.Authorize(phil, "sometopic", PermissionWrite))
    51. 

  51. 	require.Nil(t, a.Authorize(phil, "mytopic", PermissionRead))
    52. 

  52. 	require.Nil(t, a.Authorize(phil, "readme", PermissionWrite))
    53. 

  53. 	require.Nil(t, a.Authorize(phil, "writeme", PermissionWrite))
    54. 

  54. 	require.Nil(t, a.Authorize(phil, "announcements", PermissionWrite))
    55. 

  55. 	require.Nil(t, a.Authorize(phil, "everyonewrite", PermissionWrite))
    56. 

  56. 

  57. 	// User cannot do everything
    58. 

  58. 	require.Nil(t, a.Authorize(ben, "mytopic", PermissionWrite))
    59. 

  59. 	require.Nil(t, a.Authorize(ben, "mytopic", PermissionRead))
    60. 

  60. 	require.Nil(t, a.Authorize(ben, "readme", PermissionRead))
    61. 

  61. 	require.Equal(t, ErrUnauthorized, a.Authorize(ben, "readme", PermissionWrite))
    62. 

  62. 	require.Equal(t, ErrUnauthorized, a.Authorize(ben, "writeme", PermissionRead))
    63. 

  63. 	require.Nil(t, a.Authorize(ben, "writeme", PermissionWrite))
    64. 

  64. 	require.Nil(t, a.Authorize(ben, "writeme", PermissionWrite))
    65. 

  65. 	require.Equal(t, ErrUnauthorized, a.Authorize(ben, "everyonewrite", PermissionRead))
    66. 

  66. 	require.Equal(t, ErrUnauthorized, a.Authorize(ben, "everyonewrite", PermissionWrite))
    67. 

  67. 	require.Nil(t, a.Authorize(ben, "announcements", PermissionRead))
    68. 

  68. 	require.Equal(t, ErrUnauthorized, a.Authorize(ben, "announcements", PermissionWrite))
    69. 

  69. 

  70. 	// Everyone else can do barely anything
    71. 

  71. 	require.Equal(t, ErrUnauthorized, a.Authorize(nil, "sometopicnotinthelist", PermissionRead))
    72. 

  72. 	require.Equal(t, ErrUnauthorized, a.Authorize(nil, "sometopicnotinthelist", PermissionWrite))
    73. 

  73. 	require.Equal(t, ErrUnauthorized, a.Authorize(nil, "mytopic", PermissionRead))
    74. 

  74. 	require.Equal(t, ErrUnauthorized, a.Authorize(nil, "mytopic", PermissionWrite))
    75. 

  75. 	require.Equal(t, ErrUnauthorized, a.Authorize(nil, "readme", PermissionRead))
    76. 

  76. 	require.Equal(t, ErrUnauthorized, a.Authorize(nil, "readme", PermissionWrite))
    77. 

  77. 	require.Equal(t, ErrUnauthorized, a.Authorize(nil, "writeme", PermissionRead))
    78. 

  78. 	require.Equal(t, ErrUnauthorized, a.Authorize(nil, "writeme", PermissionWrite))
    79. 

  79. 	require.Equal(t, ErrUnauthorized, a.Authorize(nil, "announcements", PermissionWrite))
    80. 

  80. 	require.Nil(t, a.Authorize(nil, "announcements", PermissionRead))
    81. 

  81. 	require.Nil(t, a.Authorize(nil, "everyonewrite", PermissionRead))
    82. 

  82. 	require.Nil(t, a.Authorize(nil, "everyonewrite", PermissionWrite))
    83. 

  83. 	require.Nil(t, a.Authorize(nil, "up1234", PermissionWrite)) // Wildcard permission
    84. 

  84. 	require.Nil(t, a.Authorize(nil, "up5678", PermissionWrite))
    85. 

  85. }
    86. 

  86. 

  87. func TestManager_AddUser_Invalid(t *testing.T) {
    88. 

  88. 	a := newTestManager(t, false, false)
    89. 

  89. 	require.Equal(t, ErrInvalidArgument, a.AddUser("  invalid  ", "pass", RoleAdmin))
    90. 

  90. 	require.Equal(t, ErrInvalidArgument, a.AddUser("validuser", "pass", "invalid-role"))
    91. 

  91. }
    92. 

  92. 

  93. func TestManager_AddUser_Timing(t *testing.T) {
    94. 

  94. 	a := newTestManager(t, false, false)
    95. 

  95. 	start := time.Now().UnixMilli()
    96. 

  96. 	require.Nil(t, a.AddUser("user", "pass", RoleAdmin))
    97. 

  97. 	require.GreaterOrEqual(t, time.Now().UnixMilli()-start, minBcryptTimingMillis)
    98. 

  98. }
    99. 

  99. 

  100. func TestManager_Authenticate_Timing(t *testing.T) {
    101. 

  101. 	a := newTestManager(t, false, false)
    102. 

  102. 	require.Nil(t, a.AddUser("user", "pass", RoleAdmin))
    103. 

  103. 

  104. 	// Timing a correct attempt
    105. 

  105. 	start := time.Now().UnixMilli()
    106. 

  106. 	_, err := a.Authenticate("user", "pass")
    107. 

  107. 	require.Nil(t, err)
    108. 

  108. 	require.GreaterOrEqual(t, time.Now().UnixMilli()-start, minBcryptTimingMillis)
    109. 

  109. 

  110. 	// Timing an incorrect attempt
    111. 

  111. 	start = time.Now().UnixMilli()
    112. 

  112. 	_, err = a.Authenticate("user", "INCORRECT")
    113. 

  113. 	require.Equal(t, ErrUnauthenticated, err)
    114. 

  114. 	require.GreaterOrEqual(t, time.Now().UnixMilli()-start, minBcryptTimingMillis)
    115. 

  115. 

  116. 	// Timing a non-existing user attempt
    117. 

  117. 	start = time.Now().UnixMilli()
    118. 

  118. 	_, err = a.Authenticate("DOES-NOT-EXIST", "hithere")
    119. 

  119. 	require.Equal(t, ErrUnauthenticated, err)
    120. 

  120. 	require.GreaterOrEqual(t, time.Now().UnixMilli()-start, minBcryptTimingMillis)
    121. 

  121. }
    122. 

  122. 

  123. func TestManager_UserManagement(t *testing.T) {
    124. 

  124. 	a := newTestManager(t, false, false)
    125. 

  125. 	require.Nil(t, a.AddUser("phil", "phil", RoleAdmin))
    126. 

  126. 	require.Nil(t, a.AddUser("ben", "ben", RoleUser))
    127. 

  127. 	require.Nil(t, a.AllowAccess("ben", "mytopic", true, true))
    128. 

  128. 	require.Nil(t, a.AllowAccess("ben", "readme", true, false))
    129. 

  129. 	require.Nil(t, a.AllowAccess("ben", "writeme", false, true))
    130. 

  130. 	require.Nil(t, a.AllowAccess("ben", "everyonewrite", false, false)) // How unfair!
    131. 

  131. 	require.Nil(t, a.AllowAccess(Everyone, "announcements", true, false))
    132. 

  132. 	require.Nil(t, a.AllowAccess(Everyone, "everyonewrite", true, true))
    133. 

  133. 

  134. 	// Query user details
    135. 

  135. 	phil, err := a.User("phil")
    136. 

  136. 	require.Nil(t, err)
    137. 

  137. 	require.Equal(t, "phil", phil.Name)
    138. 

  138. 	require.True(t, strings.HasPrefix(phil.Hash, "$2a$10$"))
    139. 

  139. 	require.Equal(t, RoleAdmin, phil.Role)
    140. 

  140. 	require.Equal(t, []Grant{}, phil.Grants)
    141. 

  141. 

  142. 	ben, err := a.User("ben")
    143. 

  143. 	require.Nil(t, err)
    144. 

  144. 	require.Equal(t, "ben", ben.Name)
    145. 

  145. 	require.True(t, strings.HasPrefix(ben.Hash, "$2a$10$"))
    146. 

  146. 	require.Equal(t, RoleUser, ben.Role)
    147. 

  147. 	require.Equal(t, []Grant{
    148. 

  148. 		{"mytopic", true, true},
    149. 

  149. 		{"writeme", false, true},
    150. 

  150. 		{"readme", true, false},
    151. 

  151. 		{"everyonewrite", false, false},
    152. 

  152. 	}, ben.Grants)
    153. 

  153. 

  154. 	everyone, err := a.User(Everyone)
    155. 

  155. 	require.Nil(t, err)
    156. 

  156. 	require.Equal(t, "*", everyone.Name)
    157. 

  157. 	require.Equal(t, "", everyone.Hash)
    158. 

  158. 	require.Equal(t, RoleAnonymous, everyone.Role)
    159. 

  159. 	require.Equal(t, []Grant{
    160. 

  160. 		{"everyonewrite", true, true},
    161. 

  161. 		{"announcements", true, false},
    162. 

  162. 	}, everyone.Grants)
    163. 

  163. 

  164. 	// Ben: Before revoking
    165. 

  165. 	require.Nil(t, a.AllowAccess("ben", "mytopic", true, true)) // Overwrite!
    166. 

  166. 	require.Nil(t, a.AllowAccess("ben", "readme", true, false))
    167. 

  167. 	require.Nil(t, a.AllowAccess("ben", "writeme", false, true))
    168. 

  168. 	require.Nil(t, a.Authorize(ben, "mytopic", PermissionRead))
    169. 

  169. 	require.Nil(t, a.Authorize(ben, "mytopic", PermissionWrite))
    170. 

  170. 	require.Nil(t, a.Authorize(ben, "readme", PermissionRead))
    171. 

  171. 	require.Nil(t, a.Authorize(ben, "writeme", PermissionWrite))
    172. 

  172. 

  173. 	// Revoke access for "ben" to "mytopic", then check again
    174. 

  174. 	require.Nil(t, a.ResetAccess("ben", "mytopic"))
    175. 

  175. 	require.Equal(t, ErrUnauthorized, a.Authorize(ben, "mytopic", PermissionWrite)) // Revoked
    176. 

  176. 	require.Equal(t, ErrUnauthorized, a.Authorize(ben, "mytopic", PermissionRead))  // Revoked
    177. 

  177. 	require.Nil(t, a.Authorize(ben, "readme", PermissionRead))                      // Unchanged
    178. 

  178. 	require.Nil(t, a.Authorize(ben, "writeme", PermissionWrite))                    // Unchanged
    179. 

  179. 

  180. 	// Revoke rest of the access
    181. 

  181. 	require.Nil(t, a.ResetAccess("ben", ""))
    182. 

  182. 	require.Equal(t, ErrUnauthorized, a.Authorize(ben, "readme", PermissionRead))    // Revoked
    183. 

  183. 	require.Equal(t, ErrUnauthorized, a.Authorize(ben, "wrtiteme", PermissionWrite)) // Revoked
    184. 

  184. 

  185. 	// User list
    186. 

  186. 	users, err := a.Users()
    187. 

  187. 	require.Nil(t, err)
    188. 

  188. 	require.Equal(t, 3, len(users))
    189. 

  189. 	require.Equal(t, "phil", users[0].Name)
    190. 

  190. 	require.Equal(t, "ben", users[1].Name)
    191. 

  191. 	require.Equal(t, "*", users[2].Name)
    192. 

  192. 

  193. 	// Remove user
    194. 

  194. 	require.Nil(t, a.RemoveUser("ben"))
    195. 

  195. 	_, err = a.User("ben")
    196. 

  196. 	require.Equal(t, ErrNotFound, err)
    197. 

  197. 

  198. 	users, err = a.Users()
    199. 

  199. 	require.Nil(t, err)
    200. 

  200. 	require.Equal(t, 2, len(users))
    201. 

  201. 	require.Equal(t, "phil", users[0].Name)
    202. 

  202. 	require.Equal(t, "*", users[1].Name)
    203. 

  203. }
    204. 

  204. 

  205. func TestManager_ChangePassword(t *testing.T) {
    206. 

  206. 	a := newTestManager(t, false, false)
    207. 

  207. 	require.Nil(t, a.AddUser("phil", "phil", RoleAdmin))
    208. 

  208. 

  209. 	_, err := a.Authenticate("phil", "phil")
    210. 

  210. 	require.Nil(t, err)
    211. 

  211. 

  212. 	require.Nil(t, a.ChangePassword("phil", "newpass"))
    213. 

  213. 	_, err = a.Authenticate("phil", "phil")
    214. 

  214. 	require.Equal(t, ErrUnauthenticated, err)
    215. 

  215. 	_, err = a.Authenticate("phil", "newpass")
    216. 

  216. 	require.Nil(t, err)
    217. 

  217. }
    218. 

  218. 

  219. func TestManager_ChangeRole(t *testing.T) {
    220. 

  220. 	a := newTestManager(t, false, false)
    221. 

  221. 	require.Nil(t, a.AddUser("ben", "ben", RoleUser))
    222. 

  222. 	require.Nil(t, a.AllowAccess("ben", "mytopic", true, true))
    223. 

  223. 	require.Nil(t, a.AllowAccess("ben", "readme", true, false))
    224. 

  224. 

  225. 	ben, err := a.User("ben")
    226. 

  226. 	require.Nil(t, err)
    227. 

  227. 	require.Equal(t, RoleUser, ben.Role)
    228. 

  228. 	require.Equal(t, 2, len(ben.Grants))
    229. 

  229. 

  230. 	require.Nil(t, a.ChangeRole("ben", RoleAdmin))
    231. 

  231. 

  232. 	ben, err = a.User("ben")
    233. 

  233. 	require.Nil(t, err)
    234. 

  234. 	require.Equal(t, RoleAdmin, ben.Role)
    235. 

  235. 	require.Equal(t, 0, len(ben.Grants))
    236. 

  236. }
    237. 

  237. 

  238. func TestManager_Token_Valid(t *testing.T) {
    239. 

  239. 	a := newTestManager(t, false, false)
    240. 

  240. 	require.Nil(t, a.AddUser("ben", "ben", RoleUser))
    241. 

  241. 

  242. 	u, err := a.User("ben")
    243. 

  243. 	require.Nil(t, err)
    244. 

  244. 

  245. 	// Create token for user
    246. 

  246. 	token, err := a.CreateToken(u)
    247. 

  247. 	require.Nil(t, err)
    248. 

  248. 	require.NotEmpty(t, token.Value)
    249. 

  249. 	require.True(t, time.Now().Add(71*time.Hour).Unix() < token.Expires.Unix())
    250. 

  250. 

  251. 	u2, err := a.AuthenticateToken(token.Value)
    252. 

  252. 	require.Nil(t, err)
    253. 

  253. 	require.Equal(t, u.Name, u2.Name)
    254. 

  254. 	require.Equal(t, token.Value, u2.Token)
    255. 

  255. 

  256. 	// Remove token and auth again
    257. 

  257. 	require.Nil(t, a.RemoveToken(u2))
    258. 

  258. 	u3, err := a.AuthenticateToken(token.Value)
    259. 

  259. 	require.Equal(t, ErrUnauthenticated, err)
    260. 

  260. 	require.Nil(t, u3)
    261. 

  261. }
    262. 

  262. 

  263. func TestManager_Token_Invalid(t *testing.T) {
    264. 

  264. 	a := newTestManager(t, false, false)
    265. 

  265. 	require.Nil(t, a.AddUser("ben", "ben", RoleUser))
    266. 

  266. 

  267. 	u, err := a.AuthenticateToken(strings.Repeat("x", 32)) // 32 == token length
    268. 

  268. 	require.Nil(t, u)
    269. 

  269. 	require.Equal(t, ErrUnauthenticated, err)
    270. 

  270. 

  271. 	u, err = a.AuthenticateToken("not long enough anyway")
    272. 

  272. 	require.Nil(t, u)
    273. 

  273. 	require.Equal(t, ErrUnauthenticated, err)
    274. 

  274. }
    275. 

  275. 

  276. func TestManager_Token_Expire(t *testing.T) {
    277. 

  277. 	a := newTestManager(t, false, false)
    278. 

  278. 	require.Nil(t, a.AddUser("ben", "ben", RoleUser))
    279. 

  279. 

  280. 	u, err := a.User("ben")
    281. 

  281. 	require.Nil(t, err)
    282. 

  282. 

  283. 	// Create tokens for user
    284. 

  284. 	token1, err := a.CreateToken(u)
    285. 

  285. 	require.Nil(t, err)
    286. 

  286. 	require.NotEmpty(t, token1.Value)
    287. 

  287. 	require.True(t, time.Now().Add(71*time.Hour).Unix() < token1.Expires.Unix())
    288. 

  288. 

  289. 	token2, err := a.CreateToken(u)
    290. 

  290. 	require.Nil(t, err)
    291. 

  291. 	require.NotEmpty(t, token2.Value)
    292. 

  292. 	require.NotEqual(t, token1.Value, token2.Value)
    293. 

  293. 	require.True(t, time.Now().Add(71*time.Hour).Unix() < token2.Expires.Unix())
    294. 

  294. 

  295. 	// See that tokens work
    296. 

  296. 	_, err = a.AuthenticateToken(token1.Value)
    297. 

  297. 	require.Nil(t, err)
    298. 

  298. 

  299. 	_, err = a.AuthenticateToken(token2.Value)
    300. 

  300. 	require.Nil(t, err)
    301. 

  301. 

  302. 	// Modify token expiration in database
    303. 

  303. 	_, err = a.db.Exec("UPDATE user_token SET expires = 1 WHERE token = ?", token1.Value)
    304. 

  304. 	require.Nil(t, err)
    305. 

  305. 

  306. 	// Now token1 shouldn't work anymore
    307. 

  307. 	_, err = a.AuthenticateToken(token1.Value)
    308. 

  308. 	require.Equal(t, ErrUnauthenticated, err)
    309. 

  309. 

  310. 	result, err := a.db.Query("SELECT * from user_token WHERE token = ?", token1.Value)
    311. 

  311. 	require.Nil(t, err)
    312. 

  312. 	require.True(t, result.Next()) // Still a matching row
    313. 

  313. 	require.Nil(t, result.Close())
    314. 

  314. 

  315. 	// Expire tokens and check database rows
    316. 

  316. 	require.Nil(t, a.RemoveExpiredTokens())
    317. 

  317. 

  318. 	result, err = a.db.Query("SELECT * from user_token WHERE token = ?", token1.Value)
    319. 

  319. 	require.Nil(t, err)
    320. 

  320. 	require.False(t, result.Next()) // No matching row!
    321. 

  321. 	require.Nil(t, result.Close())
    322. 

  322. }
    323. 

  323. 

  324. func TestManager_EnqueueStats(t *testing.T) {
    325. 

  325. 	a, err := newManager(filepath.Join(t.TempDir(), "db"), true, true, time.Hour, 1500*time.Millisecond)
    326. 

  326. 	require.Nil(t, err)
    327. 

  327. 	require.Nil(t, a.AddUser("ben", "ben", RoleUser))
    328. 

  328. 

  329. 	// Baseline: No messages or emails
    330. 

  330. 	u, err := a.User("ben")
    331. 

  331. 	require.Nil(t, err)
    332. 

  332. 	require.Equal(t, int64(0), u.Stats.Messages)
    333. 

  333. 	require.Equal(t, int64(0), u.Stats.Emails)
    334. 

  334. 

  335. 	u.Stats.Messages = 11
    336. 

  336. 	u.Stats.Emails = 2
    337. 

  337. 	a.EnqueueStats(u)
    338. 

  338. 

  339. 	// Still no change, because it's queued asynchronously
    340. 

  340. 	u, err = a.User("ben")
    341. 

  341. 	require.Nil(t, err)
    342. 

  342. 	require.Equal(t, int64(0), u.Stats.Messages)
    343. 

  343. 	require.Equal(t, int64(0), u.Stats.Emails)
    344. 

  344. 

  345. 	// After 2 seconds they should be persisted
    346. 

  346. 	time.Sleep(2 * time.Second)
    347. 

  347. 

  348. 	u, err = a.User("ben")
    349. 

  349. 	require.Nil(t, err)
    350. 

  350. 	require.Equal(t, int64(11), u.Stats.Messages)
    351. 

  351. 	require.Equal(t, int64(2), u.Stats.Emails)
    352. 

  352. }
    353. 

  353. 

  354. func TestSqliteCache_Migration_From1(t *testing.T) {
    355. 

  355. 	filename := filepath.Join(t.TempDir(), "user.db")
    356. 

  356. 	db, err := sql.Open("sqlite3", filename)
    357. 

  357. 	require.Nil(t, err)
    358. 

  358. 

  359. 	// Create "version 1" schema
    360. 

  360. 	_, err = db.Exec(`
    361. 

  361. 		BEGIN;
    362. 

  362. 		CREATE TABLE IF NOT EXISTS user (
    363. 

  363. 			user TEXT NOT NULL PRIMARY KEY,
    364. 

  364. 			pass TEXT NOT NULL,
    365. 

  365. 			role TEXT NOT NULL
    366. 

  366. 		);
    367. 

  367. 		CREATE TABLE IF NOT EXISTS access (
    368. 

  368. 			user TEXT NOT NULL,		
    369. 

  369. 			topic TEXT NOT NULL,
    370. 

  370. 			read INT NOT NULL,
    371. 

  371. 			write INT NOT NULL,
    372. 

  372. 			PRIMARY KEY (topic, user)
    373. 

  373. 		);
    374. 

  374. 		CREATE TABLE IF NOT EXISTS schemaVersion (
    375. 

  375. 			id INT PRIMARY KEY,
    376. 

  376. 			version INT NOT NULL
    377. 

  377. 		);
    378. 

  378. 		INSERT INTO schemaVersion (id, version) VALUES (1, 1);
    379. 

  379. 		COMMIT;	
    380. 

  380. 	`)
    381. 

  381. 	require.Nil(t, err)
    382. 

  382. 

  383. 	// Insert a bunch of users and ACL entries
    384. 

  384. 	_, err = db.Exec(`
    385. 

  385. 		BEGIN;
    386. 

  386. 		INSERT INTO user (user, pass, role) VALUES ('ben', '$2a$10$EEp6gBheOsqEFsXlo523E.gBVoeg1ytphXiEvTPlNzkenBlHZBPQy', 'user');
    387. 

  387. 		INSERT INTO user (user, pass, role) VALUES ('phil', '$2a$10$YLiO8U21sX1uhZamTLJXHuxgVC0Z/GKISibrKCLohPgtG7yIxSk4C', 'admin');
    388. 

  388. 		INSERT INTO access (user, topic, read, write) VALUES ('ben', 'stats', 1, 1);
    389. 

  389. 		INSERT INTO access (user, topic, read, write) VALUES ('ben', 'secret', 1, 0);
    390. 

  390. 		INSERT INTO access (user, topic, read, write) VALUES ('*', 'stats', 1, 0);
    391. 

  391. 		COMMIT;	
    392. 

  392. 	`)
    393. 

  393. 	require.Nil(t, err)
    394. 

  394. 

  395. 	// Create manager to trigger migration
    396. 

  396. 	a := newTestManagerFromFile(t, filename, false, false, userTokenExpiryDuration, userStatsQueueWriterInterval)
    397. 

  397. 	checkSchemaVersion(t, a.db)
    398. 

  398. 

  399. 	users, err := a.Users()
    400. 

  400. 	require.Nil(t, err)
    401. 

  401. 	require.Equal(t, 3, len(users))
    402. 

  402. 	phil, ben, everyone := users[0], users[1], users[2]
    403. 

  403. 

  404. 	require.Equal(t, "phil", phil.Name)
    405. 

  405. 	require.Equal(t, RoleAdmin, phil.Role)
    406. 

  406. 	require.Equal(t, 0, len(phil.Grants))
    407. 

  407. 

  408. 	require.Equal(t, "ben", ben.Name)
    409. 

  409. 	require.Equal(t, RoleUser, ben.Role)
    410. 

  410. 	require.Equal(t, 2, len(ben.Grants))
    411. 

  411. 	require.Equal(t, "stats", ben.Grants[0].TopicPattern)
    412. 

  412. 	require.Equal(t, true, ben.Grants[0].AllowRead)
    413. 

  413. 	require.Equal(t, true, ben.Grants[0].AllowWrite)
    414. 

  414. 	require.Equal(t, "secret", ben.Grants[1].TopicPattern)
    415. 

  415. 	require.Equal(t, true, ben.Grants[1].AllowRead)
    416. 

  416. 	require.Equal(t, false, ben.Grants[1].AllowWrite)
    417. 

  417. 

  418. 	require.Equal(t, Everyone, everyone.Name)
    419. 

  419. 	require.Equal(t, RoleAnonymous, everyone.Role)
    420. 

  420. 	require.Equal(t, 1, len(everyone.Grants))
    421. 

  421. 	require.Equal(t, "stats", everyone.Grants[0].TopicPattern)
    422. 

  422. 	require.Equal(t, true, everyone.Grants[0].AllowRead)
    423. 

  423. 	require.Equal(t, false, everyone.Grants[0].AllowWrite)
    424. 

  424. }
    425. 

  425. 

  426. func checkSchemaVersion(t *testing.T, db *sql.DB) {
    427. 

  427. 	rows, err := db.Query(`SELECT version FROM schemaVersion`)
    428. 

  428. 	require.Nil(t, err)
    429. 

  429. 	require.True(t, rows.Next())
    430. 

  430. 

  431. 	var schemaVersion int
    432. 

  432. 	require.Nil(t, rows.Scan(&schemaVersion))
    433. 

  433. 	require.Equal(t, currentSchemaVersion, schemaVersion)
    434. 

  434. 	require.Nil(t, rows.Close())
    435. 

  435. }
    436. 

  436. 

  437. func newTestManager(t *testing.T, defaultRead, defaultWrite bool) *Manager {
    438. 

  438. 	return newTestManagerFromFile(t, filepath.Join(t.TempDir(), "user.db"), defaultRead, defaultWrite, userTokenExpiryDuration, userStatsQueueWriterInterval)
    439. 

  439. }
    440. 

  440. 

  441. func newTestManagerFromFile(t *testing.T, filename string, defaultRead, defaultWrite bool, tokenExpiryDuration, statsWriterInterval time.Duration) *Manager {
    442. 

  442. 	a, err := newManager(filename, defaultRead, defaultWrite, tokenExpiryDuration, statsWriterInterval)
    443. 

  443. 	require.Nil(t, err)
    444. 

  444. 	return a
    445. 

  445. }
    446.