Reject empty fields for insert token
This commit is contained in:
Daniel Krol
parent
bb9b2b845e
commit
fac36a7931
2 changed files with 60 additions and 2 deletions
|
|
@ -77,6 +77,19 @@ func (s *Store) Migrate() error {
|
||||||
device_id TEXT NOT NULL,
|
device_id TEXT NOT NULL,
|
||||||
scope TEXT NOT NULL,
|
scope TEXT NOT NULL,
|
||||||
expiration DATETIME NOT NULL,
|
expiration DATETIME NOT NULL,
|
||||||
|
CHECK (
|
||||||
|
-- should eventually fail for foreign key constraint instead
|
||||||
|
user_id <> 0 AND
|
||||||
|
|
||||||
|
token <> '' AND
|
||||||
|
device_id <> '' AND
|
||||||
|
scope <> '' AND
|
||||||
|
|
||||||
|
-- Don't know when it uses either format to denote UTC
|
||||||
|
expiration <> "0001-01-01 00:00:00+00:00" AND
|
||||||
|
expiration <> "0001-01-01 00:00:00Z"
|
||||||
|
|
||||||
|
),
|
||||||
PRIMARY KEY (user_id, device_id)
|
PRIMARY KEY (user_id, device_id)
|
||||||
);
|
);
|
||||||
CREATE TABLE IF NOT EXISTS wallets(
|
CREATE TABLE IF NOT EXISTS wallets(
|
||||||
|
|
|
||||||
|
|
@ -1,11 +1,14 @@
|
||||||
package store
|
package store
|
||||||
|
|
||||||
import (
|
import (
|
||||||
|
"errors"
|
||||||
"reflect"
|
"reflect"
|
||||||
"strings"
|
"strings"
|
||||||
"testing"
|
"testing"
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
|
"github.com/mattn/go-sqlite3"
|
||||||
|
|
||||||
"orblivion/lbry-id/auth"
|
"orblivion/lbry-id/auth"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
|
@ -339,8 +342,50 @@ func TestStoreTokenUTC(t *testing.T) {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// TODO - Tests each db method. Check for missing "NOT NULL" fields. Do the loop thing, and always just check for null error.
|
|
||||||
func TestStoreTokenEmptyFields(t *testing.T) {
|
func TestStoreTokenEmptyFields(t *testing.T) {
|
||||||
// Make sure expiration doesn't get set if sanitization fails
|
// Make sure expiration doesn't get set if sanitization fails
|
||||||
t.Fatalf("Test me")
|
tt := []struct {
|
||||||
|
name string
|
||||||
|
authToken auth.AuthToken
|
||||||
|
expiration time.Time
|
||||||
|
}{
|
||||||
|
{
|
||||||
|
name: "missing token",
|
||||||
|
authToken: auth.AuthToken{Token: "", DeviceId: "dId", Scope: "*", UserId: 123},
|
||||||
|
expiration: time.Now().Add(time.Hour * 24 * 14).UTC(),
|
||||||
|
}, {
|
||||||
|
name: "missing device id",
|
||||||
|
authToken: auth.AuthToken{Token: "seekrit-1", DeviceId: "", Scope: "*", UserId: 123},
|
||||||
|
expiration: time.Now().Add(time.Hour * 24 * 14).UTC(),
|
||||||
|
}, {
|
||||||
|
name: "missing scope",
|
||||||
|
authToken: auth.AuthToken{Token: "seekrit-1", DeviceId: "dId", Scope: "", UserId: 123},
|
||||||
|
expiration: time.Now().Add(time.Hour * 24 * 14).UTC(),
|
||||||
|
}, {
|
||||||
|
name: "missing user id",
|
||||||
|
authToken: auth.AuthToken{Token: "seekrit-1", DeviceId: "dId", Scope: "*", UserId: 0},
|
||||||
|
expiration: time.Now().Add(time.Hour * 24 * 14).UTC(),
|
||||||
|
}, {
|
||||||
|
name: "missing expiration",
|
||||||
|
authToken: auth.AuthToken{Token: "seekrit-1", DeviceId: "dId", Scope: "*", UserId: 123},
|
||||||
|
expiration: time.Time{},
|
||||||
|
},
|
||||||
|
}
|
||||||
|
|
||||||
|
for _, tc := range tt {
|
||||||
|
t.Run(tc.name, func(t *testing.T) {
|
||||||
|
s, sqliteTmpFile := StoreTestInit(t)
|
||||||
|
defer StoreTestCleanup(sqliteTmpFile)
|
||||||
|
|
||||||
|
var sqliteErr sqlite3.Error
|
||||||
|
|
||||||
|
err := s.insertToken(&tc.authToken, tc.expiration)
|
||||||
|
if errors.As(err, &sqliteErr) {
|
||||||
|
if errors.Is(sqliteErr.ExtendedCode, sqlite3.ErrConstraintCheck) {
|
||||||
|
return // We got the error we expected
|
||||||
|
}
|
||||||
|
}
|
||||||
|
t.Errorf("Expected check constraint error for empty field. Got %+v", err)
|
||||||
|
})
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue