Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(395)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: server/auth/auth_test.go

Issue 2830443003: auth: Refactor how authentication methods are passed to server/auth library. (Closed)
Patch Set: Created 3 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« scheduler/appengine/frontend/handler.go ('K') | « server/auth/auth.go ('k') | server/auth/authtest/state.go » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2015 The LUCI Authors. All rights reserved. 1 // Copyright 2015 The LUCI Authors. All rights reserved.
2 // Use of this source code is governed under the Apache License, Version 2.0 2 // Use of this source code is governed under the Apache License, Version 2.0
3 // that can be found in the LICENSE file. 3 // that can be found in the LICENSE file.
4 4
5 package auth 5 package auth
6 6
7 import ( 7 import (
8 "errors" 8 "errors"
9 "net" 9 "net"
10 "net/http" 10 "net/http"
(...skipping 10 matching lines...) Expand all
21 21
22 . "github.com/luci/luci-go/common/testing/assertions" 22 . "github.com/luci/luci-go/common/testing/assertions"
23 . "github.com/smartystreets/goconvey/convey" 23 . "github.com/smartystreets/goconvey/convey"
24 ) 24 )
25 25
26 func TestAuthenticate(t *testing.T) { 26 func TestAuthenticate(t *testing.T) {
27 t.Parallel() 27 t.Parallel()
28 28
29 Convey("IsAllowedOAuthClientID on default DB", t, func() { 29 Convey("IsAllowedOAuthClientID on default DB", t, func() {
30 c := context.Background() 30 c := context.Background()
31 » » auth := Authenticator{fakeOAuthMethod{clientID: "some_client_id" }} 31 » » auth := Authenticator{
32 » » » Methods: []Method{fakeOAuthMethod{clientID: "some_client _id"}},
33 » » }
32 _, err := auth.Authenticate(c, makeRequest()) 34 _, err := auth.Authenticate(c, makeRequest())
33 So(err, ShouldErrLike, "the library is not properly configured") 35 So(err, ShouldErrLike, "the library is not properly configured")
34 }) 36 })
35 37
36 Convey("IsAllowedOAuthClientID with valid client_id", t, func() { 38 Convey("IsAllowedOAuthClientID with valid client_id", t, func() {
37 c := injectTestDB(context.Background(), &fakeDB{ 39 c := injectTestDB(context.Background(), &fakeDB{
38 allowedClientID: "some_client_id", 40 allowedClientID: "some_client_id",
39 }) 41 })
40 » » auth := Authenticator{fakeOAuthMethod{clientID: "some_client_id" }} 42 » » auth := Authenticator{
43 » » » Methods: []Method{fakeOAuthMethod{clientID: "some_client _id"}},
44 » » }
41 _, err := auth.Authenticate(c, makeRequest()) 45 _, err := auth.Authenticate(c, makeRequest())
42 So(err, ShouldBeNil) 46 So(err, ShouldBeNil)
43 }) 47 })
44 48
45 Convey("IsAllowedOAuthClientID with invalid client_id", t, func() { 49 Convey("IsAllowedOAuthClientID with invalid client_id", t, func() {
46 c := injectTestDB(context.Background(), &fakeDB{ 50 c := injectTestDB(context.Background(), &fakeDB{
47 allowedClientID: "some_client_id", 51 allowedClientID: "some_client_id",
48 }) 52 })
49 » » auth := Authenticator{fakeOAuthMethod{clientID: "another_client_ id"}} 53 » » auth := Authenticator{
54 » » » Methods: []Method{fakeOAuthMethod{clientID: "another_cli ent_id"}},
55 » » }
50 _, err := auth.Authenticate(c, makeRequest()) 56 _, err := auth.Authenticate(c, makeRequest())
51 So(err, ShouldEqual, ErrBadClientID) 57 So(err, ShouldEqual, ErrBadClientID)
52 }) 58 })
53 59
54 Convey("IP whitelist restriction works", t, func() { 60 Convey("IP whitelist restriction works", t, func() {
55 db, err := authdb.NewSnapshotDB(&protocol.AuthDB{ 61 db, err := authdb.NewSnapshotDB(&protocol.AuthDB{
56 IpWhitelistAssignments: []*protocol.AuthIPWhitelistAssig nment{ 62 IpWhitelistAssignments: []*protocol.AuthIPWhitelistAssig nment{
57 { 63 {
58 Identity: strPtr("user:abc@example.co m"), 64 Identity: strPtr("user:abc@example.co m"),
59 IpWhitelist: strPtr("whitelist"), 65 IpWhitelist: strPtr("whitelist"),
60 }, 66 },
61 }, 67 },
62 IpWhitelists: []*protocol.AuthIPWhitelist{ 68 IpWhitelists: []*protocol.AuthIPWhitelist{
63 { 69 {
64 Name: strPtr("whitelist"), 70 Name: strPtr("whitelist"),
65 Subnets: []string{ 71 Subnets: []string{
66 "1.2.3.4/32", 72 "1.2.3.4/32",
67 }, 73 },
68 }, 74 },
69 }, 75 },
70 }, "http://auth-service", 1234) 76 }, "http://auth-service", 1234)
71 So(err, ShouldBeNil) 77 So(err, ShouldBeNil)
72 78
73 c := injectTestDB(context.Background(), db) 79 c := injectTestDB(context.Background(), db)
74 80
75 Convey("User is using IP whitelist and IP is in the whitelist.", func() { 81 Convey("User is using IP whitelist and IP is in the whitelist.", func() {
76 » » » auth := Authenticator{fakeOAuthMethod{email: "abc@exampl e.com"}} 82 » » » auth := Authenticator{
83 » » » » Methods: []Method{fakeOAuthMethod{email: "abc@ex ample.com"}},
84 » » » }
77 req := makeRequest() 85 req := makeRequest()
78 req.RemoteAddr = "1.2.3.4" 86 req.RemoteAddr = "1.2.3.4"
79 c, err := auth.Authenticate(c, req) 87 c, err := auth.Authenticate(c, req)
80 So(err, ShouldBeNil) 88 So(err, ShouldBeNil)
81 So(CurrentIdentity(c), ShouldEqual, identity.Identity("u ser:abc@example.com")) 89 So(CurrentIdentity(c), ShouldEqual, identity.Identity("u ser:abc@example.com"))
82 }) 90 })
83 91
84 Convey("User is using IP whitelist and IP is NOT in the whitelis t.", func() { 92 Convey("User is using IP whitelist and IP is NOT in the whitelis t.", func() {
85 » » » auth := Authenticator{fakeOAuthMethod{email: "abc@exampl e.com"}} 93 » » » auth := Authenticator{
94 » » » » Methods: []Method{fakeOAuthMethod{email: "abc@ex ample.com"}},
95 » » » }
86 req := makeRequest() 96 req := makeRequest()
87 req.RemoteAddr = "1.2.3.5" 97 req.RemoteAddr = "1.2.3.5"
88 _, err := auth.Authenticate(c, req) 98 _, err := auth.Authenticate(c, req)
89 So(err, ShouldEqual, ErrIPNotWhitelisted) 99 So(err, ShouldEqual, ErrIPNotWhitelisted)
90 }) 100 })
91 101
92 Convey("User is not using IP whitelist.", func() { 102 Convey("User is not using IP whitelist.", func() {
93 » » » auth := Authenticator{fakeOAuthMethod{email: "def@exampl e.com"}} 103 » » » auth := Authenticator{
104 » » » » Methods: []Method{fakeOAuthMethod{email: "def@ex ample.com"}},
105 » » » }
94 req := makeRequest() 106 req := makeRequest()
95 req.RemoteAddr = "1.2.3.5" 107 req.RemoteAddr = "1.2.3.5"
96 c, err := auth.Authenticate(c, req) 108 c, err := auth.Authenticate(c, req)
97 So(err, ShouldBeNil) 109 So(err, ShouldBeNil)
98 So(CurrentIdentity(c), ShouldEqual, identity.Identity("u ser:def@example.com")) 110 So(CurrentIdentity(c), ShouldEqual, identity.Identity("u ser:def@example.com"))
99 }) 111 })
100 }) 112 })
101 } 113 }
102 114
103 /// 115 ///
(...skipping 72 matching lines...) Expand 10 before | Expand all | Expand 10 after
176 } 188 }
177 return db.authServiceURL, nil 189 return db.authServiceURL, nil
178 } 190 }
179 191
180 func (db *fakeDB) GetTokenServiceURL(c context.Context) (string, error) { 192 func (db *fakeDB) GetTokenServiceURL(c context.Context) (string, error) {
181 if db.tokenServiceURL == "" { 193 if db.tokenServiceURL == "" {
182 return "", errors.New("fakeDB: GetTokenServiceURL is not configu red") 194 return "", errors.New("fakeDB: GetTokenServiceURL is not configu red")
183 } 195 }
184 return db.tokenServiceURL, nil 196 return db.tokenServiceURL, nil
185 } 197 }
OLDNEW
« scheduler/appengine/frontend/handler.go ('K') | « server/auth/auth.go ('k') | server/auth/authtest/state.go » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698