1 // Copyright (C) The Arvados Authors. All rights reserved.
3 // SPDX-License-Identifier: AGPL-3.0
13 "git.arvados.org/arvados.git/lib/config"
14 "git.arvados.org/arvados.git/lib/controller/rpc"
15 "git.arvados.org/arvados.git/sdk/go/arvados"
16 "git.arvados.org/arvados.git/sdk/go/arvadostest"
17 "git.arvados.org/arvados.git/sdk/go/ctxlog"
18 check "gopkg.in/check.v1"
21 var _ = check.Suite(&PamSuite{})
23 type PamSuite struct {
24 cluster *arvados.Cluster
25 ctrl *pamLoginController
26 railsSpy *arvadostest.Proxy
29 func (s *PamSuite) SetUpSuite(c *check.C) {
30 cfg, err := config.NewLoader(nil, ctxlog.TestLogger(c)).Load()
31 c.Assert(err, check.IsNil)
32 s.cluster, err = cfg.GetCluster("")
33 c.Assert(err, check.IsNil)
34 s.cluster.Login.PAM = true
35 s.cluster.Login.PAMDefaultEmailDomain = "example.com"
36 s.railsSpy = arvadostest.NewProxy(c, s.cluster.Services.RailsAPI)
37 s.ctrl = &pamLoginController{
39 RailsProxy: rpc.NewConn(s.cluster.ClusterID, s.railsSpy.URL, true, rpc.PassthroughTokenProvider),
43 func (s *PamSuite) TestLoginFailure(c *check.C) {
44 resp, err := s.ctrl.Login(context.Background(), arvados.LoginOptions{
45 Username: "bogususername",
46 Password: "boguspassword",
47 ReturnTo: "https://example.com/foo",
49 c.Check(err, check.IsNil)
50 c.Check(resp.RedirectLocation, check.Equals, "")
51 c.Check(resp.Token, check.Equals, "")
52 c.Check(resp.Message, check.Equals, "Authentication failure")
53 c.Check(resp.HTML.String(), check.Equals, "")
56 // This test only runs if the ARVADOS_TEST_PAM_CREDENTIALS_FILE env
57 // var is set. The credentials file should contain a valid username
58 // and password, separated by \n.
59 func (s *PamSuite) TestLoginSuccess(c *check.C) {
60 testCredsFile := os.Getenv("ARVADOS_TEST_PAM_CREDENTIALS_FILE")
61 if testCredsFile == "" {
62 c.Skip("no test credentials file given in ARVADOS_TEST_PAM_CREDENTIALS_FILE")
65 buf, err := ioutil.ReadFile(testCredsFile)
66 c.Assert(err, check.IsNil)
67 lines := strings.Split(string(buf), "\n")
68 c.Assert(len(lines), check.Equals, 2, check.Commentf("credentials file %s should contain \"username\\npassword\"", testCredsFile))
69 u, p := lines[0], lines[1]
71 resp, err := s.ctrl.Login(context.Background(), arvados.LoginOptions{
74 ReturnTo: "https://example.com/foo",
76 c.Check(err, check.IsNil)
77 c.Check(resp.RedirectLocation, check.Equals, "")
78 c.Check(resp.Token, check.Matches, `v2/zzzzz-gj3su-.*/.*`)
79 c.Check(resp.HTML.String(), check.Equals, "")
81 authinfo := getCallbackAuthInfo(c, s.railsSpy)
82 c.Check(authinfo.Email, check.Equals, u+"@"+s.cluster.Login.PAMDefaultEmailDomain)
83 c.Check(authinfo.AlternateEmails, check.DeepEquals, []string(nil))