lib/ctrlctx/auth_test.go

   1 // Copyright (C) The Arvados Authors. All rights reserved.
   2 //
   3 // SPDX-License-Identifier: AGPL-3.0
   4
   5 package ctrlctx
   6
   7 import (
   8         "context"
   9
  10         "git.arvados.org/arvados.git/lib/config"
  11         "git.arvados.org/arvados.git/sdk/go/arvadostest"
  12         "git.arvados.org/arvados.git/sdk/go/auth"
  13         "git.arvados.org/arvados.git/sdk/go/ctxlog"
  14         "github.com/jmoiron/sqlx"
  15         _ "github.com/lib/pq"
  16         check "gopkg.in/check.v1"
  17 )
  18
  19 func (*DatabaseSuite) TestAuthContext(c *check.C) {
  20         cfg, err := config.NewLoader(nil, ctxlog.TestLogger(c)).Load()
  21         c.Assert(err, check.IsNil)
  22         cluster, err := cfg.GetCluster("")
  23         c.Assert(err, check.IsNil)
  24
  25         getter := func(context.Context) (*sqlx.DB, error) {
  26                 return sqlx.Open("postgres", cluster.PostgreSQL.Connection.String())
  27         }
  28         authwrapper := WrapCallsWithAuth(cluster)
  29         dbwrapper := WrapCallsInTransactions(getter)
  30
  31         // valid tokens
  32         for _, token := range []string{
  33                 arvadostest.ActiveToken,
  34                 arvadostest.ActiveTokenV2,
  35                 arvadostest.ActiveTokenV2 + "/asdfasdfasdf",
  36                 arvadostest.ActiveTokenV2, // cached
  37         } {
  38                 ok, err := dbwrapper(authwrapper(func(ctx context.Context, opts interface{}) (interface{}, error) {
  39                         user, aca, err := CurrentAuth(ctx)
  40                         if c.Check(err, check.IsNil) {
  41                                 c.Check(user.UUID, check.Equals, "zzzzz-tpzed-xurymjxw79nv3jz")
  42                                 c.Check(aca.UUID, check.Equals, "zzzzz-gj3su-077z32aux8dg2s1")
  43                                 c.Check(aca.Scopes, check.DeepEquals, []string{"all"})
  44                         }
  45                         return true, nil
  46                 }))(auth.NewContext(context.Background(), auth.NewCredentials(token)), "blah")
  47                 c.Check(ok, check.Equals, true)
  48                 c.Check(err, check.IsNil)
  49         }
  50
  51         // bad tokens
  52         for _, token := range []string{
  53                 arvadostest.ActiveToken + "X",
  54                 arvadostest.ActiveTokenV2 + "X",
  55                 arvadostest.ActiveTokenV2[:30], // "v2/{uuid}"
  56                 arvadostest.ActiveTokenV2[:31], // "v2/{uuid}/"
  57                 "bogus",
  58                 "",
  59         } {
  60                 ok, err := dbwrapper(authwrapper(func(ctx context.Context, opts interface{}) (interface{}, error) {
  61                         user, aca, err := CurrentAuth(ctx)
  62                         c.Check(err, check.Equals, ErrUnauthenticated)
  63                         c.Check(user, check.IsNil)
  64                         c.Check(aca, check.IsNil)
  65                         return true, err
  66                 }))(auth.NewContext(context.Background(), auth.NewCredentials(token)), "blah")
  67                 c.Check(ok, check.Equals, true)
  68                 c.Check(err, check.Equals, ErrUnauthenticated)
  69         }
  70
  71         // no auth context
  72         {
  73                 ok, err := dbwrapper(authwrapper(func(ctx context.Context, opts interface{}) (interface{}, error) {
  74                         user, aca, err := CurrentAuth(ctx)
  75                         c.Check(err, check.Equals, ErrUnauthenticated)
  76                         c.Check(user, check.IsNil)
  77                         c.Check(aca, check.IsNil)
  78                         return true, err
  79                 }))(context.Background(), "blah")
  80                 c.Check(ok, check.Equals, true)
  81                 c.Check(err, check.Equals, ErrUnauthenticated)
  82         }
  83 }