Extend LUCI_CONTEXT["local_auth"] protocol to understand accounts.

common/auth/localauth/server_test.go

Index: common/auth/localauth/server_test.go
diff --git a/common/auth/localauth/server_test.go b/common/auth/localauth/server_test.go
index bd9cf7c5c181e229e645c8dfa5d38057a59ec7bb..6dedc14313579fc1ba137a38f933191c2dde8e87 100644
--- a/common/auth/localauth/server_test.go
+++ b/common/auth/localauth/server_test.go
@@ -90,25 +90,28 @@ func TestProtocol(t *testing.T) {
 		// Use channels to pass mocked requests/responses back and forth.
 		requests := make(chan []string, 10000)
 		responses := make(chan interface{}, 1)
+
+		testGen := func(ctx context.Context, scopes []string, lifetime time.Duration) (*oauth2.Token, error) {

[Vadim Sh., 2017/06/19 20:16:28]

no changes here, just moved

+			requests <- scopes
+			var resp interface{}
+			select {
+			case resp = <-responses:
+			default:
+				c.Println("Unexpected token request")
+				return nil, fmt.Errorf("Unexpected request")
+			}
+			switch resp := resp.(type) {
+			case error:
+				return nil, resp
+			case *oauth2.Token:
+				return resp, nil
+			default:
+				panic("unknown response")
+			}
+		}
+
 		s := Server{
-			TokenGenerator: func(ctx context.Context, scopes []string, lifetime time.Duration) (*oauth2.Token, error) {
-				requests <- scopes
-				var resp interface{}
-				select {
-				case resp = <-responses:
-				default:
-					c.Println("Unexpected token request")
-					return nil, fmt.Errorf("Unexpected request")
-				}
-				switch resp := resp.(type) {
-				case error:
-					return nil, resp
-				case *oauth2.Token:
-					return resp, nil
-				default:
-					panic("unknown response")
-				}
-			},
+			TokenGenerators: map[string]TokenGenerator{"acc_id": testGen},
 		}
 		p, err := s.Initialize(ctx)
 		So(err, ShouldBeNil)
@@ -125,8 +128,9 @@ func TestProtocol(t *testing.T) {
 
 		goodRequest := func() *http.Request {
 			return prepReq(p, "/rpc/LuciLocalAuthService.GetOAuthToken", map[string]interface{}{
-				"scopes": []string{"B", "A"},
-				"secret": p.Secret,
+				"scopes":     []string{"B", "A"},
+				"secret":     p.Secret,
+				"account_id": "acc_id",
 			})
 		}
 
@@ -201,24 +205,42 @@ func TestProtocol(t *testing.T) {
 			req := prepReq(p, "/rpc/LuciLocalAuthService.GetOAuthToken", map[string]interface{}{
 				"secret": p.Secret,
 			})
-			So(call(req), ShouldEqual, `HTTP 400: Field "scopes" is required.`)
+			So(call(req), ShouldEqual, `HTTP 400: Bad request: field "scopes" is required.`)
 		})
 
 		Convey("No secret", func() {
 			req := prepReq(p, "/rpc/LuciLocalAuthService.GetOAuthToken", map[string]interface{}{
 				"scopes": []string{"B", "A"},
 			})
-			So(call(req), ShouldEqual, `HTTP 400: Field "secret" is required.`)
+			So(call(req), ShouldEqual, `HTTP 400: Bad request: field "secret" is required.`)
 		})
 
 		Convey("Bad secret", func() {
 			req := prepReq(p, "/rpc/LuciLocalAuthService.GetOAuthToken", map[string]interface{}{
-				"scopes": []string{"B", "A"},
-				"secret": []byte{0, 1, 2, 3},
+				"scopes":     []string{"B", "A"},
+				"secret":     []byte{0, 1, 2, 3},
+				"account_id": "acc_id",
 			})
 			So(call(req), ShouldEqual, `HTTP 403: Invalid secret.`)
 		})
 
+		Convey("No account ID", func() {
+			req := prepReq(p, "/rpc/LuciLocalAuthService.GetOAuthToken", map[string]interface{}{
+				"scopes": []string{"B", "A"},
+				"secret": p.Secret,
+			})
+			So(call(req), ShouldEqual, `HTTP 400: Bad request: field "account_id" is required.`)
+		})
+
+		Convey("Unknown account ID", func() {
+			req := prepReq(p, "/rpc/LuciLocalAuthService.GetOAuthToken", map[string]interface{}{
+				"scopes":     []string{"B", "A"},
+				"secret":     p.Secret,
+				"account_id": "unknown_acc_id",
+			})
+			So(call(req), ShouldEqual, `HTTP 404: Unrecognized account ID "unknown_acc_id".`)
+		})
+
 		Convey("Token generator returns fatal error", func() {
 			responses <- fmt.Errorf("fatal!!111")
 			So(call(goodRequest()), ShouldEqual, `HTTP 200 (json): {"error_code":-1,"error_message":"fatal!!111"}`)