-
Notifications
You must be signed in to change notification settings - Fork 10
/
auth_test.go
115 lines (98 loc) · 2.7 KB
/
auth_test.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
package main
import (
"net/http"
"net/http/httptest"
"testing"
)
// TrustingAuthService accepts all usernames and tokens.
type TrustingAuthService struct{}
// Validate always returns true.
func (service TrustingAuthService) Validate(username, token string) (bool, error) {
return true, nil
}
// Style yells at you for using this in production somehow, even though it's only defined for
// tests.
func (service TrustingAuthService) Style() string {
return "what are you, nuts"
}
func setupAuthRecorder(t *testing.T, username, key string) (*http.Request, *httptest.ResponseRecorder) {
r, err := http.NewRequest("GET", "https://localhost/v1/jobs", nil)
if err != nil {
t.Fatalf("Unable to create request: %v", err)
}
if username != "" {
r.SetBasicAuth(username, key)
}
w := httptest.NewRecorder()
return r, w
}
func TestAuthenticateMissingCredentials(t *testing.T) {
r, w := setupAuthRecorder(t, "", "")
c := &Context{
Storage: NullStorage{},
AuthService: NullAuthService{},
}
_, err := Authenticate(c, w, r)
if err == nil {
t.Error("Expected Authenticate to return an error without authentication provided.")
}
hasError(t, w, http.StatusUnauthorized, APIError{
Code: CodeCredentialsMissing,
Message: "You must authenticate.",
Retry: false,
})
}
func TestAuthenticateAdminCredentials(t *testing.T) {
r, w := setupAuthRecorder(t, "admin", "12345edcba")
c := &Context{
Settings: Settings{
AdminName: "admin",
AdminKey: "12345edcba",
},
Storage: NullStorage{},
AuthService: NullAuthService{},
}
a, err := Authenticate(c, w, r)
if err != nil {
t.Fatalf("Unable to authenticate: %v", err)
}
if a.Name != "admin" {
t.Errorf("Unexpected account name: [%s]", a.Name)
}
if !a.Admin {
t.Error("Expected account to be an administrator")
}
}
func TestAuthenticateUnknownAccount(t *testing.T) {
r, w := setupAuthRecorder(t, "wrong", "1234512345")
c := &Context{
Storage: NullStorage{},
AuthService: NullAuthService{},
}
_, err := Authenticate(c, w, r)
if err == nil {
t.Error("Expected Authenticate to return an error with unrecognized credentials.")
}
hasError(t, w, http.StatusUnauthorized, APIError{
Code: CodeCredentialsIncorrect,
Message: "Unable to authenticate account [wrong]",
Retry: false,
})
}
func TestAuthenticateNonAdminAccount(t *testing.T) {
r, w := setupAuthRecorder(t, "nonadmin", "1234512345")
c := &Context{
Storage: NullStorage{},
AuthService: TrustingAuthService{},
}
a, err := Authenticate(c, w, r)
if err != nil {
t.Errorf("Unable to authenticate: %v", err)
}
if a.Name != "nonadmin" {
t.Errorf("Unexpected account name: %s", a.Name)
}
if a.Admin {
t.Errorf("Expected account not to be an administrator")
}
}