...

Source file src/github.com/go-kivik/kivik/v4/x/kivikd/authdb/confadmin/confadmin_test.go

Documentation: github.com/go-kivik/kivik/v4/x/kivikd/authdb/confadmin 

     1  // Licensed under the Apache License, Version 2.0 (the "License"); you may not
     2  // use this file except in compliance with the License. You may obtain a copy of
     3  // the License at
     4  //
     5  //  http://www.apache.org/licenses/LICENSE-2.0
     6  //
     7  // Unless required by applicable law or agreed to in writing, software
     8  // distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
     9  // WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
    10  // License for the specific language governing permissions and limitations under
    11  // the License.
    12  
    13  //go:build !js
    14  
    15  package confadmin
    16  
    17  import (
    18  	"context"
    19  	"fmt"
    20  	"net/http"
    21  	"reflect"
    22  	"testing"
    23  
    24  	"github.com/spf13/viper"
    25  
    26  	"github.com/go-kivik/kivik/v4"
    27  	_ "github.com/go-kivik/kivik/v4/couchdb"
    28  	"github.com/go-kivik/kivik/v4/x/kivikd/authdb"
    29  	"github.com/go-kivik/kivik/v4/x/kivikd/conf"
    30  )
    31  
    32  func TestInvalidHashes(t *testing.T) {
    33  	c := &conf.Conf{Viper: viper.New()}
    34  	c.Set("admins.test", "-pbkXXdf2-792221164f257de22ad72a8e94760388233e5714,7897f3451f59da741c87ec5f10fe7abe,10")
    35  	auth := New(c)
    36  	if _, err := auth.Validate(context.Background(), "test", "123"); err == nil {
    37  		t.Errorf("Expected error for invalid scheme")
    38  	}
    39  	if _, err := auth.Validate(context.Background(), "test", "123"); err == nil {
    40  		t.Errorf("Expected error for too many commas")
    41  	}
    42  	c.Set("admins.test", "-pbkdf2-792221164f257de22ad72a8e94760388233e5714,7897f3451f59da741c87ec5f10fe7abe,pig")
    43  	if _, err := auth.Validate(context.Background(), "test", "123"); err == nil {
    44  		t.Errorf("Expected error for invalid iterations integer")
    45  	}
    46  }
    47  
    48  func TestConfAdminAuth(t *testing.T) {
    49  	c := &conf.Conf{Viper: viper.New()}
    50  	c.Set("admins.test", "-pbkdf2-792221164f257de22ad72a8e94760388233e5714,7897f3451f59da741c87ec5f10fe7abe,10")
    51  	auth := New(c)
    52  
    53  	t.Run("sync", func(t *testing.T) {
    54  		t.Run("Validate", func(t *testing.T) {
    55  			t.Parallel()
    56  			t.Run("ValidUser", func(t *testing.T) {
    57  				t.Parallel()
    58  				uCtx, err := auth.Validate(context.Background(), "test", "abc123")
    59  				if err != nil {
    60  					t.Errorf("Validation failure for good password: %s", err)
    61  				}
    62  				if uCtx == nil {
    63  					t.Errorf("User should have been validated")
    64  				}
    65  			})
    66  			t.Run("WrongPassword", func(t *testing.T) {
    67  				t.Parallel()
    68  				uCtx, err := auth.Validate(context.Background(), "test", "foobar")
    69  				if kivik.HTTPStatus(err) != http.StatusUnauthorized {
    70  					t.Errorf("Expected Unauthorized for bad password, got %s", err)
    71  				}
    72  				if uCtx != nil {
    73  					t.Errorf("User should not have been validated with wrong password")
    74  				}
    75  			})
    76  			t.Run("MissingUser", func(t *testing.T) {
    77  				t.Parallel()
    78  				uCtx, err := auth.Validate(context.Background(), "nobody", "foo")
    79  				if kivik.HTTPStatus(err) != http.StatusUnauthorized {
    80  					t.Errorf("Expected Unauthorized for bad username, got %s", err)
    81  				}
    82  				if uCtx != nil {
    83  					t.Errorf("User should not have been validated with wrong username")
    84  				}
    85  			})
    86  		})
    87  		t.Run("Context", func(t *testing.T) {
    88  			t.Parallel()
    89  			t.Run("ValidUser", func(t *testing.T) {
    90  				t.Parallel()
    91  				uCtx, err := auth.UserCtx(context.Background(), "test")
    92  				if err != nil {
    93  					t.Errorf("Failed to get roles for valid user: %s", err)
    94  				}
    95  				if !reflect.DeepEqual(uCtx, &authdb.UserContext{Name: "test", Roles: []string{"_admin"}, Salt: "7897f3451f59da741c87ec5f10fe7abe"}) {
    96  					t.Errorf("Got unexpected context: %v", uCtx)
    97  				}
    98  			})
    99  			t.Run("MissingUser", func(t *testing.T) {
   100  				_, err := auth.UserCtx(context.Background(), "nobody")
   101  				if kivik.HTTPStatus(err) != http.StatusNotFound {
   102  					var msg string
   103  					if err != nil {
   104  						msg = fmt.Sprintf(" Got: %s", err)
   105  					}
   106  					t.Errorf("Expected Not Found fetching roles for bad username.%s", msg)
   107  				}
   108  			})
   109  		})
   110  	})
   111  }
   112  

View as plain text