Merge branch '20295-fix-collection-tree-caching-bug' refs #20295
[arvados.git] / lib / ctrlctx / auth_test.go
1 // Copyright (C) The Arvados Authors. All rights reserved.
2 //
3 // SPDX-License-Identifier: AGPL-3.0
4
5 package ctrlctx
6
7 import (
8         "context"
9
10         "git.arvados.org/arvados.git/lib/config"
11         "git.arvados.org/arvados.git/sdk/go/arvadostest"
12         "git.arvados.org/arvados.git/sdk/go/auth"
13         "git.arvados.org/arvados.git/sdk/go/ctxlog"
14         "github.com/jmoiron/sqlx"
15         _ "github.com/lib/pq"
16         check "gopkg.in/check.v1"
17 )
18
19 func (*DatabaseSuite) TestAuthContext(c *check.C) {
20         cfg, err := config.NewLoader(nil, ctxlog.TestLogger(c)).Load()
21         c.Assert(err, check.IsNil)
22         cluster, err := cfg.GetCluster("")
23         c.Assert(err, check.IsNil)
24
25         getter := func(context.Context) (*sqlx.DB, error) {
26                 return sqlx.Open("postgres", cluster.PostgreSQL.Connection.String())
27         }
28         authwrapper := WrapCallsWithAuth(cluster)
29         dbwrapper := WrapCallsInTransactions(getter)
30
31         // valid tokens
32         for _, token := range []string{
33                 arvadostest.ActiveToken,
34                 arvadostest.ActiveTokenV2,
35                 arvadostest.ActiveTokenV2 + "/asdfasdfasdf",
36                 arvadostest.ActiveTokenV2, // cached
37         } {
38                 ok, err := dbwrapper(authwrapper(func(ctx context.Context, opts interface{}) (interface{}, error) {
39                         user, aca, err := CurrentAuth(ctx)
40                         if c.Check(err, check.IsNil) {
41                                 c.Check(user.UUID, check.Equals, "zzzzz-tpzed-xurymjxw79nv3jz")
42                                 c.Check(aca.UUID, check.Equals, "zzzzz-gj3su-077z32aux8dg2s1")
43                                 c.Check(aca.Scopes, check.DeepEquals, []string{"all"})
44                         }
45                         return true, nil
46                 }))(auth.NewContext(context.Background(), auth.NewCredentials(token)), "blah")
47                 c.Check(ok, check.Equals, true)
48                 c.Check(err, check.IsNil)
49         }
50
51         // bad tokens
52         for _, token := range []string{
53                 arvadostest.ActiveToken + "X",
54                 arvadostest.ActiveTokenV2 + "X",
55                 arvadostest.ActiveTokenV2[:30], // "v2/{uuid}"
56                 arvadostest.ActiveTokenV2[:31], // "v2/{uuid}/"
57                 "bogus",
58                 "",
59         } {
60                 ok, err := dbwrapper(authwrapper(func(ctx context.Context, opts interface{}) (interface{}, error) {
61                         user, aca, err := CurrentAuth(ctx)
62                         c.Check(err, check.Equals, ErrUnauthenticated)
63                         c.Check(user, check.IsNil)
64                         c.Check(aca, check.IsNil)
65                         return true, err
66                 }))(auth.NewContext(context.Background(), auth.NewCredentials(token)), "blah")
67                 c.Check(ok, check.Equals, true)
68                 c.Check(err, check.Equals, ErrUnauthenticated)
69         }
70
71         // no auth context
72         {
73                 ok, err := dbwrapper(authwrapper(func(ctx context.Context, opts interface{}) (interface{}, error) {
74                         user, aca, err := CurrentAuth(ctx)
75                         c.Check(err, check.Equals, ErrUnauthenticated)
76                         c.Check(user, check.IsNil)
77                         c.Check(aca, check.IsNil)
78                         return true, err
79                 }))(context.Background(), "blah")
80                 c.Check(ok, check.Equals, true)
81                 c.Check(err, check.Equals, ErrUnauthenticated)
82         }
83 }