lnd/macaroons/constraints_test.go

110 lines
3.4 KiB
Go
Raw Normal View History

package macaroons_test
2017-09-22 07:51:15 +02:00
import (
"strings"
2018-07-31 09:17:17 +02:00
"testing"
"time"
"github.com/lightningnetwork/lnd/macaroons"
macaroon "gopkg.in/macaroon.v2"
)
2017-09-22 07:51:15 +02:00
var (
testRootKey = []byte("dummyRootKey")
2019-07-24 10:58:13 +02:00
testID = []byte("dummyId")
testLocation = "lnd"
testVersion = macaroon.LatestVersion
expectedTimeCaveatSubstring = "time-before " + string(time.Now().Year())
2017-09-22 07:51:15 +02:00
)
func createDummyMacaroon(t *testing.T) *macaroon.Macaroon {
2019-07-24 10:58:13 +02:00
dummyMacaroon, err := macaroon.New(testRootKey, testID,
testLocation, testVersion)
if err != nil {
t.Fatalf("Error creating initial macaroon: %v", err)
}
return dummyMacaroon
}
2017-09-22 07:51:15 +02:00
// TestAddConstraints tests that constraints can be added to an existing
// macaroon and therefore tighten its restrictions.
func TestAddConstraints(t *testing.T) {
// We need a dummy macaroon to start with. Create one without
// a bakery, because we mock everything anyway.
initialMac := createDummyMacaroon(t)
2017-09-22 07:51:15 +02:00
// Now add a constraint and make sure we have a cloned macaroon
// with the constraint applied instead of a mutated initial one.
newMac, err := macaroons.AddConstraints(initialMac,
macaroons.TimeoutConstraint(1))
2017-09-22 07:51:15 +02:00
if err != nil {
t.Fatalf("Error adding constraint: %v", err)
2017-09-22 07:51:15 +02:00
}
if &newMac == &initialMac {
t.Fatalf("Initial macaroon has been changed, something " +
"went wrong!")
2017-09-22 07:51:15 +02:00
}
// Finally, test that the constraint has been added.
if len(initialMac.Caveats()) == len(newMac.Caveats()) {
t.Fatalf("No caveat has been added to the macaroon when " +
"constraint was applied")
2017-09-22 07:51:15 +02:00
}
}
2017-09-22 07:51:15 +02:00
// TestTimeoutConstraint tests that a caveat for the lifetime of
// a macaroon is created.
func TestTimeoutConstraint(t *testing.T) {
// Get a configured version of the constraint function.
constraintFunc := macaroons.TimeoutConstraint(3)
2017-09-22 07:51:15 +02:00
// Now we need a dummy macaroon that we can apply the constraint
// function to.
testMacaroon := createDummyMacaroon(t)
err := constraintFunc(testMacaroon)
if err != nil {
t.Fatalf("Error applying timeout constraint: %v", err)
2017-09-22 07:51:15 +02:00
}
// Finally, check that the created caveat has an
// acceptable value
if strings.HasPrefix(string(testMacaroon.Caveats()[0].Id),
expectedTimeCaveatSubstring) {
t.Fatalf("Added caveat '%s' does not meet the expectations!",
testMacaroon.Caveats()[0].Id)
2017-09-22 07:51:15 +02:00
}
}
// TestTimeoutConstraint tests that a caveat for the lifetime of
// a macaroon is created.
func TestIpLockConstraint(t *testing.T) {
// Get a configured version of the constraint function.
constraintFunc := macaroons.IPLockConstraint("127.0.0.1")
2017-09-22 07:51:15 +02:00
// Now we need a dummy macaroon that we can apply the constraint
// function to.
testMacaroon := createDummyMacaroon(t)
err := constraintFunc(testMacaroon)
if err != nil {
t.Fatalf("Error applying timeout constraint: %v", err)
2017-09-22 07:51:15 +02:00
}
// Finally, check that the created caveat has an
// acceptable value
if string(testMacaroon.Caveats()[0].Id) != "ipaddr 127.0.0.1" {
t.Fatalf("Added caveat '%s' does not meet the expectations!",
testMacaroon.Caveats()[0].Id)
2017-09-22 07:51:15 +02:00
}
}
2017-09-22 07:51:15 +02:00
// TestIPLockBadIP tests that an IP constraint cannot be added if the
// provided string is not a valid IP address.
func TestIPLockBadIP(t *testing.T) {
constraintFunc := macaroons.IPLockConstraint("127.0.0/800")
testMacaroon := createDummyMacaroon(t)
err := constraintFunc(testMacaroon)
if err == nil {
t.Fatalf("IPLockConstraint with bad IP should fail.")
2017-09-22 07:51:15 +02:00
}
}