Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(275)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: server/auth/auth_test.go

Issue 2830443003: auth: Refactor how authentication methods are passed to server/auth library. (Closed)
Patch Set: fix test Created 3 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « server/auth/auth.go ('k') | server/auth/authtest/method.go » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: server/auth/auth_test.go
diff --git a/server/auth/auth_test.go b/server/auth/auth_test.go
index 1bdcd7de9d12dda5f01cad8b2f5a8fbf77f19876..e3e0368c7e70a09fc64d8ccc15475840abfdd7ad 100644
--- a/server/auth/auth_test.go
+++ b/server/auth/auth_test.go
@@ -5,13 +5,15 @@
package auth
import (
- "errors"
+ "fmt"
"net"
"net/http"
+ "net/http/httptest"
"testing"
"golang.org/x/net/context"
+ "github.com/luci/luci-go/server/router"
"github.com/luci/luci-go/server/secrets"
"github.com/luci/luci-go/server/auth/authdb"
@@ -19,6 +21,7 @@ import (
"github.com/luci/luci-go/server/auth/service/protocol"
"github.com/luci/luci-go/server/auth/signing"
+ "github.com/luci/luci-go/common/errors"
. "github.com/luci/luci-go/common/testing/assertions"
. "github.com/smartystreets/goconvey/convey"
)
@@ -26,27 +29,56 @@ import (
func TestAuthenticate(t *testing.T) {
t.Parallel()
- Convey("IsAllowedOAuthClientID on default DB", t, func() {
- c := context.Background()
- auth := Authenticator{fakeOAuthMethod{clientID: "some_client_id"}}
- _, err := auth.Authenticate(c, makeRequest())
- So(err, ShouldErrLike, "the library is not properly configured")
+ Convey("Happy path", t, func() {
+ c := injectTestDB(context.Background(), &fakeDB{
+ allowedClientID: "some_client_id",
+ })
+ auth := Authenticator{
+ Methods: []Method{fakeAuthMethod{clientID: "some_client_id"}},
+ }
+ c, err := auth.Authenticate(c, makeRequest())
+ So(err, ShouldBeNil)
+
+ So(CurrentUser(c), ShouldResemble, &User{
+ Identity: "user:abc@example.com",
+ Email: "abc@example.com",
+ ClientID: "some_client_id",
+ })
+
+ url, err := LoginURL(c, "login")
+ So(err, ShouldBeNil)
+ So(url, ShouldEqual, "http://fake.login.url/login")
+
+ url, err = LogoutURL(c, "logout")
+ So(err, ShouldBeNil)
+ So(url, ShouldEqual, "http://fake.logout.url/logout")
})
- Convey("IsAllowedOAuthClientID with valid client_id", t, func() {
+ Convey("No methods given", t, func() {
c := injectTestDB(context.Background(), &fakeDB{
allowedClientID: "some_client_id",
})
- auth := Authenticator{fakeOAuthMethod{clientID: "some_client_id"}}
+ auth := Authenticator{}
_, err := auth.Authenticate(c, makeRequest())
- So(err, ShouldBeNil)
+ So(err, ShouldEqual, ErrNotConfigured)
+ })
+
+ Convey("IsAllowedOAuthClientID on default DB", t, func() {
+ c := context.Background()
+ auth := Authenticator{
+ Methods: []Method{fakeAuthMethod{clientID: "some_client_id"}},
+ }
+ _, err := auth.Authenticate(c, makeRequest())
+ So(err, ShouldErrLike, "the library is not properly configured")
})
Convey("IsAllowedOAuthClientID with invalid client_id", t, func() {
c := injectTestDB(context.Background(), &fakeDB{
allowedClientID: "some_client_id",
})
- auth := Authenticator{fakeOAuthMethod{clientID: "another_client_id"}}
+ auth := Authenticator{
+ Methods: []Method{fakeAuthMethod{clientID: "another_client_id"}},
+ }
_, err := auth.Authenticate(c, makeRequest())
So(err, ShouldEqual, ErrBadClientID)
})
@@ -73,7 +105,9 @@ func TestAuthenticate(t *testing.T) {
c := injectTestDB(context.Background(), db)
Convey("User is using IP whitelist and IP is in the whitelist.", func() {
- auth := Authenticator{fakeOAuthMethod{email: "abc@example.com"}}
+ auth := Authenticator{
+ Methods: []Method{fakeAuthMethod{email: "abc@example.com"}},
+ }
req := makeRequest()
req.RemoteAddr = "1.2.3.4"
c, err := auth.Authenticate(c, req)
@@ -82,7 +116,9 @@ func TestAuthenticate(t *testing.T) {
})
Convey("User is using IP whitelist and IP is NOT in the whitelist.", func() {
- auth := Authenticator{fakeOAuthMethod{email: "abc@example.com"}}
+ auth := Authenticator{
+ Methods: []Method{fakeAuthMethod{email: "abc@example.com"}},
+ }
req := makeRequest()
req.RemoteAddr = "1.2.3.5"
_, err := auth.Authenticate(c, req)
@@ -90,7 +126,9 @@ func TestAuthenticate(t *testing.T) {
})
Convey("User is not using IP whitelist.", func() {
- auth := Authenticator{fakeOAuthMethod{email: "def@example.com"}}
+ auth := Authenticator{
+ Methods: []Method{fakeAuthMethod{email: "def@example.com"}},
+ }
req := makeRequest()
req.RemoteAddr = "1.2.3.5"
c, err := auth.Authenticate(c, req)
@@ -100,6 +138,52 @@ func TestAuthenticate(t *testing.T) {
})
}
+func TestMiddleware(t *testing.T) {
+ t.Parallel()
+
+ handler := func(c *router.Context) {
+ fmt.Fprintf(c.Writer, "%s", CurrentIdentity(c.Context))
+ }
+
+ call := func(a *Authenticator) *httptest.ResponseRecorder {
+ req, err := http.NewRequest("GET", "http://example.com/foo", nil)
+ So(err, ShouldBeNil)
+ w := httptest.NewRecorder()
+ router.RunMiddleware(&router.Context{
+ Context: injectTestDB(context.Background(), &fakeDB{
+ allowedClientID: "some_client_id",
+ }),
+ Writer: w,
+ Request: req,
+ }, router.NewMiddlewareChain(a.GetMiddleware()), handler)
+ return w
+ }
+
+ Convey("Happy path", t, func() {
+ rr := call(&Authenticator{
+ Methods: []Method{fakeAuthMethod{clientID: "some_client_id"}},
+ })
+ So(rr.Code, ShouldEqual, 200)
+ So(rr.Body.String(), ShouldEqual, "user:abc@example.com")
+ })
+
+ Convey("Fatal error", t, func() {
+ rr := call(&Authenticator{
+ Methods: []Method{fakeAuthMethod{clientID: "another_client_id"}},
+ })
+ So(rr.Code, ShouldEqual, 401)
+ So(rr.Body.String(), ShouldEqual, "Authentication error\n")
+ })
+
+ Convey("Transient error", t, func() {
+ rr := call(&Authenticator{
+ Methods: []Method{fakeAuthMethod{err: errors.WrapTransient(errors.New("boo"))}},
+ })
+ So(rr.Code, ShouldEqual, 500)
+ So(rr.Body.String(), ShouldEqual, "Transient error during authentication\n")
+ })
+}
+
///
func makeRequest() *http.Request {
@@ -109,13 +193,17 @@ func makeRequest() *http.Request {
///
-// fakeOAuthMethod implements Method.
-type fakeOAuthMethod struct {
+// fakeAuthMethod implements Method.
+type fakeAuthMethod struct {
+ err error
clientID string
email string
}
-func (m fakeOAuthMethod) Authenticate(context.Context, *http.Request) (*User, error) {
+func (m fakeAuthMethod) Authenticate(context.Context, *http.Request) (*User, error) {
+ if m.err != nil {
+ return nil, m.err
+ }
email := m.email
if email == "" {
email = "abc@example.com"
@@ -127,6 +215,14 @@ func (m fakeOAuthMethod) Authenticate(context.Context, *http.Request) (*User, er
}, nil
}
+func (m fakeAuthMethod) LoginURL(c context.Context, dest string) (string, error) {
+ return "http://fake.login.url/" + dest, nil
+}
+
+func (m fakeAuthMethod) LogoutURL(c context.Context, dest string) (string, error) {
+ return "http://fake.logout.url/" + dest, nil
+}
+
func injectTestDB(c context.Context, d authdb.DB) context.Context {
return SetConfig(c, Config{
DBProvider: func(c context.Context) (authdb.DB, error) {
« no previous file with comments | « server/auth/auth.go ('k') | server/auth/authtest/method.go » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698