lnd.xprv/macaroons/constraints_test.go

package macaroons

import (
	"errors"
	"fmt"
	"testing"
	"time"

	"gopkg.in/macaroon-bakery.v1/bakery"
	"gopkg.in/macaroon-bakery.v1/bakery/checkers"
	macaroon "gopkg.in/macaroon.v1"
)

type macError struct {
	message string
}

func (err macError) Error() string {
	return err.message
}

func testConstraint(constraint Constraint, ok checkers.Checker,
	failFn func() checkers.Checker) error {
	macParams := bakery.NewServiceParams{}
	svc, err := bakery.NewService(macParams)
	if err != nil {
		return errors.New("Failed to create a new service")
	}
	mac, err := svc.NewMacaroon("", nil, nil)
	if err != nil {
		return errors.New("Failed to create a new macaroon")
	}

	mac, err = AddConstraints(mac, constraint)
	if err != nil {
		return errors.New("Failed to add macaroon constraint")
	}

	okChecker := checkers.New(ok)
	if err := svc.Check(macaroon.Slice{mac}, okChecker); err != nil {
		msg := "Correct checker failed: %v"
		return macError{fmt.Sprintf(msg, ok)}
	}

	fail := failFn()
	failChecker := checkers.New(fail)
	if err := svc.Check(macaroon.Slice{mac}, failChecker); err == nil {
		msg := "Incorrect checker succeeded: %v"
		return macError{fmt.Sprintf(msg, fail)}
	}
	return nil
}

func TestAllowConstraint(t *testing.T) {
	if err := testConstraint(
		AllowConstraint("op1", "op2", "op4"),
		AllowChecker("op1"),
		func() checkers.Checker {
			return AllowChecker("op3")
		},
	); err != nil {
		t.Fatalf(err.Error())
	}
}

func TestTimeoutConstraint(t *testing.T) {
	if err := testConstraint(
		TimeoutConstraint(1),
		TimeoutChecker(),
		func() checkers.Checker {
			time.Sleep(time.Second)
			return TimeoutChecker()
		},
	); err != nil {
		t.Fatalf(err.Error())
	}
}

func TestIPLockConstraint(t *testing.T) {
	if err := testConstraint(
		IPLockConstraint("127.0.0.1"),
		IPLockChecker("127.0.0.1"),
		func() checkers.Checker {
			return IPLockChecker("0.0.0.0")
		},
	); err != nil {
		t.Fatalf(err.Error())
	}
}

func TestIPLockEmptyIP(t *testing.T) {
	if err := testConstraint(
		IPLockConstraint(""),
		IPLockChecker("127.0.0.1"),
		func() checkers.Checker {
			return IPLockChecker("0.0.0.0")
		},
	); err != nil {
		if _, ok := err.(macError); !ok {
			t.Fatalf("IPLock with an empty IP should always pass")
		}
	}
}

func TestIPLockBadIP(t *testing.T) {
	if err := IPLockConstraint("127.0.0/800"); err == nil {
		t.Fatalf("IPLockConstraint with bad IP should fail")
	}
}
macaroons: add constraints unit tests 2017-09-22 08:51:15 +03:00			`package macaroons`

			`import (`
macaroons: add utilities for constraint tests 2017-09-22 09:35:47 +03:00			`"errors"`
			`"fmt"`
macaroons: add constraints unit tests 2017-09-22 08:51:15 +03:00			`"testing"`
			`"time"`

			`"gopkg.in/macaroon-bakery.v1/bakery"`
			`"gopkg.in/macaroon-bakery.v1/bakery/checkers"`
			`macaroon "gopkg.in/macaroon.v1"`
			`)`

macaroons: add utilities for constraint tests 2017-09-22 09:35:47 +03:00			`type macError struct {`
			`message string`
			`}`
macaroons: add constraints unit tests 2017-09-22 08:51:15 +03:00
macaroons: add utilities for constraint tests 2017-09-22 09:35:47 +03:00			`func (err macError) Error() string {`
			`return err.message`
macaroons: add constraints unit tests 2017-09-22 08:51:15 +03:00			`}`

macaroons: add utilities for constraint tests 2017-09-22 09:35:47 +03:00			`func testConstraint(constraint Constraint, ok checkers.Checker,`
			`failFn func() checkers.Checker) error {`
macaroons: add constraints unit tests 2017-09-22 08:51:15 +03:00			`macParams := bakery.NewServiceParams{}`
			`svc, err := bakery.NewService(macParams)`
			`if err != nil {`
macaroons: add utilities for constraint tests 2017-09-22 09:35:47 +03:00			`return errors.New("Failed to create a new service")`
macaroons: add constraints unit tests 2017-09-22 08:51:15 +03:00			`}`
			`mac, err := svc.NewMacaroon("", nil, nil)`
			`if err != nil {`
macaroons: add utilities for constraint tests 2017-09-22 09:35:47 +03:00			`return errors.New("Failed to create a new macaroon")`
macaroons: add constraints unit tests 2017-09-22 08:51:15 +03:00			`}`

			`mac, err = AddConstraints(mac, constraint)`
			`if err != nil {`
macaroons: add utilities for constraint tests 2017-09-22 09:35:47 +03:00			`return errors.New("Failed to add macaroon constraint")`
macaroons: add constraints unit tests 2017-09-22 08:51:15 +03:00			`}`

macaroons: add utilities for constraint tests 2017-09-22 09:35:47 +03:00			`okChecker := checkers.New(ok)`
			`if err := svc.Check(macaroon.Slice{mac}, okChecker); err != nil {`
			`msg := "Correct checker failed: %v"`
			`return macError{fmt.Sprintf(msg, ok)}`
macaroons: add constraints unit tests 2017-09-22 08:51:15 +03:00			`}`

macaroons: add utilities for constraint tests 2017-09-22 09:35:47 +03:00			`fail := failFn()`
			`failChecker := checkers.New(fail)`
			`if err := svc.Check(macaroon.Slice{mac}, failChecker); err == nil {`
			`msg := "Incorrect checker succeeded: %v"`
			`return macError{fmt.Sprintf(msg, fail)}`
macaroons: add constraints unit tests 2017-09-22 08:51:15 +03:00			`}`
macaroons: add utilities for constraint tests 2017-09-22 09:35:47 +03:00			`return nil`
macaroons: add constraints unit tests 2017-09-22 08:51:15 +03:00			`}`

macaroons: add utilities for constraint tests 2017-09-22 09:35:47 +03:00			`func TestAllowConstraint(t *testing.T) {`
			`if err := testConstraint(`
			`AllowConstraint("op1", "op2", "op4"),`
			`AllowChecker("op1"),`
			`func() checkers.Checker {`
			`return AllowChecker("op3")`
			`},`
			`); err != nil {`
			`t.Fatalf(err.Error())`
macaroons: add constraints unit tests 2017-09-22 08:51:15 +03:00			`}`
macaroons: add utilities for constraint tests 2017-09-22 09:35:47 +03:00			`}`

			`func TestTimeoutConstraint(t *testing.T) {`
			`if err := testConstraint(`
			`TimeoutConstraint(1),`
			`TimeoutChecker(),`
			`func() checkers.Checker {`
			`time.Sleep(time.Second)`
			`return TimeoutChecker()`
			`},`
			`); err != nil {`
			`t.Fatalf(err.Error())`
macaroons: add constraints unit tests 2017-09-22 08:51:15 +03:00			`}`
macaroons: add utilities for constraint tests 2017-09-22 09:35:47 +03:00			`}`
macaroons: add constraints unit tests 2017-09-22 08:51:15 +03:00
macaroons: add utilities for constraint tests 2017-09-22 09:35:47 +03:00			`func TestIPLockConstraint(t *testing.T) {`
			`if err := testConstraint(`
			`IPLockConstraint("127.0.0.1"),`
			`IPLockChecker("127.0.0.1"),`
			`func() checkers.Checker {`
			`return IPLockChecker("0.0.0.0")`
			`},`
			`); err != nil {`
			`t.Fatalf(err.Error())`
macaroons: add constraints unit tests 2017-09-22 08:51:15 +03:00			`}`
macaroons: add utilities for constraint tests 2017-09-22 09:35:47 +03:00			`}`
macaroons: add constraints unit tests 2017-09-22 08:51:15 +03:00
macaroons: add utilities for constraint tests 2017-09-22 09:35:47 +03:00			`func TestIPLockEmptyIP(t *testing.T) {`
			`if err := testConstraint(`
			`IPLockConstraint(""),`
			`IPLockChecker("127.0.0.1"),`
			`func() checkers.Checker {`
			`return IPLockChecker("0.0.0.0")`
			`},`
			`); err != nil {`
			`if _, ok := err.(macError); !ok {`
			`t.Fatalf("IPLock with an empty IP should always pass")`
			`}`
macaroons: add constraints unit tests 2017-09-22 08:51:15 +03:00			`}`
macaroons: add utilities for constraint tests 2017-09-22 09:35:47 +03:00			`}`
macaroons: add constraints unit tests 2017-09-22 08:51:15 +03:00
macaroons: add utilities for constraint tests 2017-09-22 09:35:47 +03:00			`func TestIPLockBadIP(t *testing.T) {`
			`if err := IPLockConstraint("127.0.0/800"); err == nil {`
			`t.Fatalf("IPLockConstraint with bad IP should fail")`
macaroons: add constraints unit tests 2017-09-22 08:51:15 +03:00			`}`
			`}`