2fas-server/tests/pass/pass_test.go

package pass

import (
	"bytes"
	"encoding/base64"
	"encoding/json"
	"fmt"
	"io"
	"net/http"
	"os"
	"testing"
	"time"

	"github.com/google/uuid"
	"github.com/gorilla/websocket"
)

type ConfigureBrowserExtensionResponse struct {
	BrowserExtensionPairingToken string `json:"browser_extension_pairing_token"`
	ConnectionToken              string `json:"connection_token"`
}

var (
	httpClient = http.DefaultClient
	wsDialer   = websocket.DefaultDialer
)

func getApiURL() string {
	apiURL := os.Getenv("API_URL")
	if apiURL != "" {
		return apiURL
	}
	return "http://" + getPassAddr()
}

func getWsURL() string {
	wsURL := os.Getenv("WS_URL")
	if wsURL != "" {
		return wsURL
	}
	return "ws://" + getPassAddr()
}

func getPassAddr() string {
	addr := os.Getenv("PASS_ADDR")
	if addr != "" {
		return addr
	}
	return "localhost:8082"
}

func TestPassHappyFlow(t *testing.T) {
	resp, err := configureBrowserExtension()
	if err != nil {
		t.Fatalf("Failed to configure browser extension: %v", err)
	}

	browserExtensionDone := make(chan struct{})
	mobileDone := make(chan struct{})

	go func() {
		defer close(browserExtensionDone)

		extProxyToken, err := browserExtensionWaitForConfirm(resp.BrowserExtensionPairingToken)
		if err != nil {
			t.Errorf("Error when Browser Extension waited for confirm: %v", err)
			return
		}

		err = proxyWebSocket(
			getWsURL()+"/browser_extension/proxy_to_mobile",
			extProxyToken,
			"sent from browser extension",
			"sent from mobile")
		if err != nil {
			t.Errorf("Browser Extension: proxy failed: %v", err)
			return
		}

	}()
	go func() {
		defer close(mobileDone)

		mobileProxyToken, err := confirmMobile(resp.ConnectionToken)
		if err != nil {
			t.Errorf("Mobile: confirm failed: %v", err)
			return
		}

		err = proxyWebSocket(
			getWsURL()+"/mobile/proxy_to_browser_extension",
			mobileProxyToken,
			"sent from mobile",
			"sent from browser extension",
		)
		if err != nil {
			t.Errorf("Mobile: proxy failed: %v", err)
			return
		}
	}()
	<-browserExtensionDone
	<-mobileDone
}

func browserExtensionWaitForConfirm(token string) (string, error) {
	url := getWsURL() + "/browser_extension/wait_for_connection"

	var resp struct {
		BrowserExtensionProxyToken string `json:"browser_extension_proxy_token"`
		Status                     string `json:"status"`
		DeviceID                   string `json:"device_id"`
	}

	conn, err := dialWS(url, token)
	if err != nil {
		return "", err
	}
	defer conn.Close()

	conn.SetReadDeadline(time.Now().Add(5 * time.Second))
	_, message, err := conn.ReadMessage()
	if err != nil {
		return "", fmt.Errorf("error reading from connection: %w", err)
	}
	if err := json.Unmarshal(message, &resp); err != nil {
		return "", fmt.Errorf("failed to decode message: %w", err)
	}
	const expectedStatus = "ok"
	if resp.Status != expectedStatus {
		return "", fmt.Errorf("received status %q, expected %q", resp.Status, expectedStatus)
	}
	return resp.BrowserExtensionProxyToken, nil
}

func configureBrowserExtension() (ConfigureBrowserExtensionResponse, error) {
	url := getApiURL() + "/browser_extension/configure"

	extensionID := uuid.NewString()
	if extensionIDFromEnv := os.Getenv("TEST_EXTENSION_ID"); extensionIDFromEnv != "" {
		extensionID = extensionIDFromEnv
	}

	req, err := http.NewRequest("POST", url, bytesPrintf(`{"extension_id":"%s"}`, extensionID))
	if err != nil {
		return ConfigureBrowserExtensionResponse{}, fmt.Errorf("failed to create http request: %w", err)
	}
	httpResp, err := httpClient.Do(req)
	if err != nil {
		return ConfigureBrowserExtensionResponse{}, fmt.Errorf("failed perform the request: %w", err)
	}
	defer httpResp.Body.Close()

	bb, err := io.ReadAll(httpResp.Body)
	if err != nil {
		return ConfigureBrowserExtensionResponse{}, fmt.Errorf("failed to read body from response: %w", err)
	}

	if httpResp.StatusCode >= 300 {
		return ConfigureBrowserExtensionResponse{}, fmt.Errorf("received status %s and body %q", httpResp.Status, string(bb))
	}

	var resp ConfigureBrowserExtensionResponse
	if err := json.Unmarshal(bb, &resp); err != nil {
		return resp, fmt.Errorf("failed to decode the response: %w", err)
	}

	return resp, nil
}

// confirmMobile confirms pairing and returns mobile proxy token.
func confirmMobile(connectionToken string) (string, error) {
	url := getApiURL() + "/mobile/confirm"

	deviceID := uuid.NewString()
	if deviceIDFromEnv := os.Getenv("TEST_DEVICE_ID"); deviceIDFromEnv != "" {
		deviceID = deviceIDFromEnv
	}

	req, err := http.NewRequest("POST", url, bytesPrintf(`{"device_id":"%s"}`, deviceID))
	if err != nil {
		return "", fmt.Errorf("failed to prepare the reqest: %w", err)
	}
	req.Header.Set("Authorization", fmt.Sprintf("Bearer %s", connectionToken))

	httpResp, err := httpClient.Do(req)
	if err != nil {
		return "", fmt.Errorf("failed to perform the reqest: %w", err)
	}
	defer httpResp.Body.Close()

	bb, err := io.ReadAll(httpResp.Body)
	if err != nil {
		return "", fmt.Errorf("failed to read body from response: %w", err)
	}

	if httpResp.StatusCode >= 300 {
		return "", fmt.Errorf("received status %s and body %q", httpResp.Status, string(bb))
	}

	var resp struct {
		ProxyToken string `json:"proxy_token"`
	}
	if err := json.Unmarshal(bb, &resp); err != nil {
		return "", fmt.Errorf("failed to decode the response: %w", err)
	}

	return resp.ProxyToken, nil
}

// proxyWebSocket will dial `endpoint`, using `token` for auth. It will then write exactly one message and
// read exactly one message (and then check it is `expectedReadMsg`).
func proxyWebSocket(url, token string, writeMsg, expectedReadMsg string) error {
	conn, err := dialWS(url, token)
	if err != nil {
		return err
	}
	defer conn.Close()

	doneReading := make(chan error)

	go func() {
		defer close(doneReading)
		_, message, err := conn.ReadMessage()
		if err != nil {
			doneReading <- fmt.Errorf("faile to read message: %w", err)
			return
		}
		if string(message) != expectedReadMsg {
			doneReading <- fmt.Errorf("expected to read %q, read %q", expectedReadMsg, string(message))
			return
		}
	}()

	if err := conn.WriteMessage(websocket.TextMessage, []byte(writeMsg)); err != nil {
		return fmt.Errorf("failed to write message: %w", err)
	}
	err, _ = <-doneReading
	if err != nil {
		return fmt.Errorf("error when reading: %w", err)
	}
	return nil
}

func dialWS(url, auth string) (*websocket.Conn, error) {
	authEncodedAsProtocol := fmt.Sprintf("base64url.bearer.authorization.2pass.io.%s", base64.RawURLEncoding.EncodeToString([]byte(auth)))

	conn, _, err := wsDialer.Dial(url, http.Header{
		"Sec-WebSocket-Protocol": []string{
			"2pass.io",
			authEncodedAsProtocol,
		},
	})
	if err != nil {
		return nil, fmt.Errorf("failed to dial ws %q: %w", url, err)
	}
	return conn, nil
}

func bytesPrintf(format string, ii ...interface{}) io.Reader {
	s := fmt.Sprintf(format, ii...)
	return bytes.NewBufferString(s)
}
feat: e2e tests for pass (#28) 2024-01-22 20:07:37 +01:00			`package pass`

			`import (`
			`"bytes"`
			`"encoding/base64"`
			`"encoding/json"`
			`"fmt"`
			`"io"`
			`"net/http"`
feat: connect pass with kms (#29) 2024-01-24 20:57:31 +01:00			`"os"`
feat: e2e tests for pass (#28) 2024-01-22 20:07:37 +01:00			`"testing"`
			`"time"`

			`"github.com/google/uuid"`
			`"github.com/gorilla/websocket"`
			`)`

			`type ConfigureBrowserExtensionResponse struct {`
			BrowserExtensionPairingToken string `json:"browser_extension_pairing_token"`
			ConnectionToken string `json:"connection_token"`
			`}`

			`var (`
			`httpClient = http.DefaultClient`
			`wsDialer = websocket.DefaultDialer`
			`)`

feat: configurable tests (#30) 2024-02-16 07:45:58 +01:00			`func getApiURL() string {`
			`apiURL := os.Getenv("API_URL")`
			`if apiURL != "" {`
			`return apiURL`
			`}`
			`return "http://" + getPassAddr()`
			`}`

			`func getWsURL() string {`
			`wsURL := os.Getenv("WS_URL")`
			`if wsURL != "" {`
			`return wsURL`
			`}`
			`return "ws://" + getPassAddr()`
			`}`

			`func getPassAddr() string {`
feat: connect pass with kms (#29) 2024-01-24 20:57:31 +01:00			`addr := os.Getenv("PASS_ADDR")`
			`if addr != "" {`
			`return addr`
			`}`
			`return "localhost:8082"`
			`}`
feat: e2e tests for pass (#28) 2024-01-22 20:07:37 +01:00
			`func TestPassHappyFlow(t *testing.T) {`
			`resp, err := configureBrowserExtension()`
			`if err != nil {`
			`t.Fatalf("Failed to configure browser extension: %v", err)`
			`}`

			`browserExtensionDone := make(chan struct{})`
			`mobileDone := make(chan struct{})`

			`go func() {`
			`defer close(browserExtensionDone)`

feat: connect pass with kms (#29) 2024-01-24 20:57:31 +01:00			`extProxyToken, err := browserExtensionWaitForConfirm(resp.BrowserExtensionPairingToken)`
feat: e2e tests for pass (#28) 2024-01-22 20:07:37 +01:00			`if err != nil {`
			`t.Errorf("Error when Browser Extension waited for confirm: %v", err)`
			`return`
			`}`

			`err = proxyWebSocket(`
feat: configurable tests (#30) 2024-02-16 07:45:58 +01:00			`getWsURL()+"/browser_extension/proxy_to_mobile",`
feat: connect pass with kms (#29) 2024-01-24 20:57:31 +01:00			`extProxyToken,`
feat: e2e tests for pass (#28) 2024-01-22 20:07:37 +01:00			`"sent from browser extension",`
			`"sent from mobile")`
			`if err != nil {`
			`t.Errorf("Browser Extension: proxy failed: %v", err)`
			`return`
			`}`

			`}()`
			`go func() {`
			`defer close(mobileDone)`

feat: connect pass with kms (#29) 2024-01-24 20:57:31 +01:00			`mobileProxyToken, err := confirmMobile(resp.ConnectionToken)`
feat: e2e tests for pass (#28) 2024-01-22 20:07:37 +01:00			`if err != nil {`
			`t.Errorf("Mobile: confirm failed: %v", err)`
			`return`
			`}`

			`err = proxyWebSocket(`
feat: configurable tests (#30) 2024-02-16 07:45:58 +01:00			`getWsURL()+"/mobile/proxy_to_browser_extension",`
feat: connect pass with kms (#29) 2024-01-24 20:57:31 +01:00			`mobileProxyToken,`
feat: e2e tests for pass (#28) 2024-01-22 20:07:37 +01:00			`"sent from mobile",`
			`"sent from browser extension",`
			`)`
			`if err != nil {`
			`t.Errorf("Mobile: proxy failed: %v", err)`
			`return`
			`}`
			`}()`
			`<-browserExtensionDone`
			`<-mobileDone`
			`}`

feat: connect pass with kms (#29) 2024-01-24 20:57:31 +01:00			`func browserExtensionWaitForConfirm(token string) (string, error) {`
feat: configurable tests (#30) 2024-02-16 07:45:58 +01:00			`url := getWsURL() + "/browser_extension/wait_for_connection"`
feat: e2e tests for pass (#28) 2024-01-22 20:07:37 +01:00
			`var resp struct {`
feat: connect pass with kms (#29) 2024-01-24 20:57:31 +01:00			BrowserExtensionProxyToken string `json:"browser_extension_proxy_token"`
			Status string `json:"status"`
			DeviceID string `json:"device_id"`
feat: e2e tests for pass (#28) 2024-01-22 20:07:37 +01:00			`}`

			`conn, err := dialWS(url, token)`
			`if err != nil {`
feat: connect pass with kms (#29) 2024-01-24 20:57:31 +01:00			`return "", err`
feat: e2e tests for pass (#28) 2024-01-22 20:07:37 +01:00			`}`
			`defer conn.Close()`

feat: connect pass with kms (#29) 2024-01-24 20:57:31 +01:00			`conn.SetReadDeadline(time.Now().Add(5 * time.Second))`
feat: e2e tests for pass (#28) 2024-01-22 20:07:37 +01:00			`_, message, err := conn.ReadMessage()`
			`if err != nil {`
feat: connect pass with kms (#29) 2024-01-24 20:57:31 +01:00			`return "", fmt.Errorf("error reading from connection: %w", err)`
feat: e2e tests for pass (#28) 2024-01-22 20:07:37 +01:00			`}`
			`if err := json.Unmarshal(message, &resp); err != nil {`
feat: connect pass with kms (#29) 2024-01-24 20:57:31 +01:00			`return "", fmt.Errorf("failed to decode message: %w", err)`
feat: e2e tests for pass (#28) 2024-01-22 20:07:37 +01:00			`}`
			`const expectedStatus = "ok"`
			`if resp.Status != expectedStatus {`
feat: connect pass with kms (#29) 2024-01-24 20:57:31 +01:00			`return "", fmt.Errorf("received status %q, expected %q", resp.Status, expectedStatus)`
feat: e2e tests for pass (#28) 2024-01-22 20:07:37 +01:00			`}`
feat: connect pass with kms (#29) 2024-01-24 20:57:31 +01:00			`return resp.BrowserExtensionProxyToken, nil`
feat: e2e tests for pass (#28) 2024-01-22 20:07:37 +01:00			`}`

			`func configureBrowserExtension() (ConfigureBrowserExtensionResponse, error) {`
feat: configurable tests (#30) 2024-02-16 07:45:58 +01:00			`url := getApiURL() + "/browser_extension/configure"`

			`extensionID := uuid.NewString()`
			`if extensionIDFromEnv := os.Getenv("TEST_EXTENSION_ID"); extensionIDFromEnv != "" {`
			`extensionID = extensionIDFromEnv`
			`}`
feat: e2e tests for pass (#28) 2024-01-22 20:07:37 +01:00
feat: configurable tests (#30) 2024-02-16 07:45:58 +01:00			req, err := http.NewRequest("POST", url, bytesPrintf(`{"extension_id":"%s"}`, extensionID))
feat: e2e tests for pass (#28) 2024-01-22 20:07:37 +01:00			`if err != nil {`
			`return ConfigureBrowserExtensionResponse{}, fmt.Errorf("failed to create http request: %w", err)`
			`}`
			`httpResp, err := httpClient.Do(req)`
			`if err != nil {`
			`return ConfigureBrowserExtensionResponse{}, fmt.Errorf("failed perform the request: %w", err)`
			`}`
			`defer httpResp.Body.Close()`

			`bb, err := io.ReadAll(httpResp.Body)`
			`if err != nil {`
			`return ConfigureBrowserExtensionResponse{}, fmt.Errorf("failed to read body from response: %w", err)`
			`}`

			`if httpResp.StatusCode >= 300 {`
			`return ConfigureBrowserExtensionResponse{}, fmt.Errorf("received status %s and body %q", httpResp.Status, string(bb))`
			`}`

			`var resp ConfigureBrowserExtensionResponse`
			`if err := json.Unmarshal(bb, &resp); err != nil {`
			`return resp, fmt.Errorf("failed to decode the response: %w", err)`
			`}`

			`return resp, nil`
			`}`

feat: connect pass with kms (#29) 2024-01-24 20:57:31 +01:00			`// confirmMobile confirms pairing and returns mobile proxy token.`
			`func confirmMobile(connectionToken string) (string, error) {`
feat: configurable tests (#30) 2024-02-16 07:45:58 +01:00			`url := getApiURL() + "/mobile/confirm"`

			`deviceID := uuid.NewString()`
			`if deviceIDFromEnv := os.Getenv("TEST_DEVICE_ID"); deviceIDFromEnv != "" {`
			`deviceID = deviceIDFromEnv`
			`}`
feat: e2e tests for pass (#28) 2024-01-22 20:07:37 +01:00
feat: configurable tests (#30) 2024-02-16 07:45:58 +01:00			req, err := http.NewRequest("POST", url, bytesPrintf(`{"device_id":"%s"}`, deviceID))
feat: e2e tests for pass (#28) 2024-01-22 20:07:37 +01:00			`if err != nil {`
feat: connect pass with kms (#29) 2024-01-24 20:57:31 +01:00			`return "", fmt.Errorf("failed to prepare the reqest: %w", err)`
feat: e2e tests for pass (#28) 2024-01-22 20:07:37 +01:00			`}`
			`req.Header.Set("Authorization", fmt.Sprintf("Bearer %s", connectionToken))`

			`httpResp, err := httpClient.Do(req)`
			`if err != nil {`
feat: connect pass with kms (#29) 2024-01-24 20:57:31 +01:00			`return "", fmt.Errorf("failed to perform the reqest: %w", err)`
feat: e2e tests for pass (#28) 2024-01-22 20:07:37 +01:00			`}`
			`defer httpResp.Body.Close()`

feat: connect pass with kms (#29) 2024-01-24 20:57:31 +01:00			`bb, err := io.ReadAll(httpResp.Body)`
			`if err != nil {`
			`return "", fmt.Errorf("failed to read body from response: %w", err)`
feat: e2e tests for pass (#28) 2024-01-22 20:07:37 +01:00			`}`

feat: connect pass with kms (#29) 2024-01-24 20:57:31 +01:00			`if httpResp.StatusCode >= 300 {`
			`return "", fmt.Errorf("received status %s and body %q", httpResp.Status, string(bb))`
			`}`

			`var resp struct {`
			ProxyToken string `json:"proxy_token"`
			`}`
			`if err := json.Unmarshal(bb, &resp); err != nil {`
			`return "", fmt.Errorf("failed to decode the response: %w", err)`
			`}`

			`return resp.ProxyToken, nil`
feat: e2e tests for pass (#28) 2024-01-22 20:07:37 +01:00			`}`

			// proxyWebSocket will dial `endpoint`, using `token` for auth. It will then write exactly one message and
			// read exactly one message (and then check it is `expectedReadMsg`).
			`func proxyWebSocket(url, token string, writeMsg, expectedReadMsg string) error {`
			`conn, err := dialWS(url, token)`
			`if err != nil {`
feat: connect pass with kms (#29) 2024-01-24 20:57:31 +01:00			`return err`
feat: e2e tests for pass (#28) 2024-01-22 20:07:37 +01:00			`}`
			`defer conn.Close()`

			`doneReading := make(chan error)`

			`go func() {`
			`defer close(doneReading)`
			`_, message, err := conn.ReadMessage()`
			`if err != nil {`
			`doneReading <- fmt.Errorf("faile to read message: %w", err)`
			`return`
			`}`
			`if string(message) != expectedReadMsg {`
			`doneReading <- fmt.Errorf("expected to read %q, read %q", expectedReadMsg, string(message))`
			`return`
			`}`
			`}()`

			`if err := conn.WriteMessage(websocket.TextMessage, []byte(writeMsg)); err != nil {`
			`return fmt.Errorf("failed to write message: %w", err)`
			`}`
			`err, _ = <-doneReading`
			`if err != nil {`
			`return fmt.Errorf("error when reading: %w", err)`
			`}`
			`return nil`
			`}`

			`func dialWS(url, auth string) (*websocket.Conn, error) {`
			`authEncodedAsProtocol := fmt.Sprintf("base64url.bearer.authorization.2pass.io.%s", base64.RawURLEncoding.EncodeToString([]byte(auth)))`

			`conn, _, err := wsDialer.Dial(url, http.Header{`
			`"Sec-WebSocket-Protocol": []string{`
			`"2pass.io",`
			`authEncodedAsProtocol,`
			`},`
			`})`
			`if err != nil {`
feat: connect pass with kms (#29) 2024-01-24 20:57:31 +01:00			`return nil, fmt.Errorf("failed to dial ws %q: %w", url, err)`
feat: e2e tests for pass (#28) 2024-01-22 20:07:37 +01:00			`}`
			`return conn, nil`
			`}`

			`func bytesPrintf(format string, ii ...interface{}) io.Reader {`
			`s := fmt.Sprintf(format, ii...)`
			`return bytes.NewBufferString(s)`
			`}`