Merge branch '20690-remove-wb1-from-installer'. Closes #20690

[arvados.git] / lib / controller / federation / logout_test.go

// Copyright (C) The Arvados Authors. All rights reserved.
//
// SPDX-License-Identifier: AGPL-3.0

package federation

import (
        "context"
        "errors"
        "fmt"
        "net/url"

        "git.arvados.org/arvados.git/lib/ctrlctx"
        "git.arvados.org/arvados.git/sdk/go/arvados"
        "git.arvados.org/arvados.git/sdk/go/arvadostest"
        "git.arvados.org/arvados.git/sdk/go/auth"
        check "gopkg.in/check.v1"
)

var _ = check.Suite(&LogoutSuite{})
var emptyURL = &url.URL{}

type LogoutStub struct {
        arvadostest.APIStub
        redirectLocation *url.URL
}

func (as *LogoutStub) CheckCalls(c *check.C, returnURL *url.URL) bool {
        actual := as.APIStub.Calls(as.APIStub.Logout)
        allOK := c.Check(actual, check.Not(check.HasLen), 0,
                check.Commentf("Logout stub never called"))
        expected := returnURL.String()
        for _, call := range actual {
                opts, ok := call.Options.(arvados.LogoutOptions)
                allOK = c.Check(ok, check.Equals, true,
                        check.Commentf("call options were not LogoutOptions")) &&
                        c.Check(opts.ReturnTo, check.Equals, expected) &&
                        allOK
        }
        return allOK
}

func (as *LogoutStub) Logout(ctx context.Context, options arvados.LogoutOptions) (arvados.LogoutResponse, error) {
        as.APIStub.Logout(ctx, options)
        loc := as.redirectLocation.String()
        if loc == "" {
                loc = options.ReturnTo
        }
        return arvados.LogoutResponse{
                RedirectLocation: loc,
        }, as.Error
}

type LogoutSuite struct {
        FederationSuite
}

func (s *LogoutSuite) badReturnURL(path string) *url.URL {
        return &url.URL{
                Scheme: "https",
                Host:   "example.net",
                Path:   path,
        }
}

func (s *LogoutSuite) goodReturnURL(path string) *url.URL {
        u, _ := url.Parse(s.cluster.Services.Workbench2.ExternalURL.String())
        u.Path = path
        return u
}

func (s *LogoutSuite) setupFederation(loginCluster string) {
        if loginCluster == "" {
                s.cluster.Login.Test.Enable = true
        } else {
                s.cluster.Login.LoginCluster = loginCluster
        }
        dbconn := ctrlctx.DBConnector{PostgreSQL: s.cluster.PostgreSQL}
        s.fed = New(s.ctx, s.cluster, nil, dbconn.GetDB)
}

func (s *LogoutSuite) setupStub(c *check.C, id string, stubURL *url.URL, stubErr error) *LogoutStub {
        loc, err := url.Parse(stubURL.String())
        c.Check(err, check.IsNil)
        stub := LogoutStub{redirectLocation: loc}
        stub.Error = stubErr
        if id == s.cluster.ClusterID {
                s.fed.local = &stub
        } else {
                s.addDirectRemote(c, id, &stub)
        }
        return &stub
}

func (s *LogoutSuite) v2Token(clusterID string) string {
        return fmt.Sprintf("v2/%s-gj3su-12345abcde67890/abcdefghijklmnopqrstuvwxy", clusterID)
}

func (s *LogoutSuite) TestLocalLogoutOK(c *check.C) {
        s.setupFederation("")
        resp, err := s.fed.Logout(s.ctx, arvados.LogoutOptions{})
        c.Check(err, check.IsNil)
        c.Check(resp.RedirectLocation, check.Equals, s.cluster.Services.Workbench2.ExternalURL.String())
}

func (s *LogoutSuite) TestLocalLogoutRedirect(c *check.C) {
        s.setupFederation("")
        expURL := s.cluster.Services.Workbench1.ExternalURL
        opts := arvados.LogoutOptions{ReturnTo: expURL.String()}
        resp, err := s.fed.Logout(s.ctx, opts)
        c.Check(err, check.IsNil)
        c.Check(resp.RedirectLocation, check.Equals, expURL.String())
}

func (s *LogoutSuite) TestLocalLogoutBadRequestError(c *check.C) {
        s.setupFederation("")
        returnTo := s.badReturnURL("TestLocalLogoutBadRequestError")
        opts := arvados.LogoutOptions{ReturnTo: returnTo.String()}
        _, err := s.fed.Logout(s.ctx, opts)
        c.Check(err, check.NotNil)
}

func (s *LogoutSuite) TestRemoteLogoutRedirect(c *check.C) {
        s.setupFederation("zhome")
        redirect := url.URL{Scheme: "https", Host: "example.com"}
        loginStub := s.setupStub(c, "zhome", &redirect, nil)
        returnTo := s.goodReturnURL("TestRemoteLogoutRedirect")
        resp, err := s.fed.Logout(s.ctx, arvados.LogoutOptions{ReturnTo: returnTo.String()})
        c.Check(err, check.IsNil)
        c.Check(resp.RedirectLocation, check.Equals, redirect.String())
        loginStub.CheckCalls(c, returnTo)
}

func (s *LogoutSuite) TestRemoteLogoutError(c *check.C) {
        s.setupFederation("zhome")
        expErr := errors.New("TestRemoteLogoutError expErr")
        loginStub := s.setupStub(c, "zhome", emptyURL, expErr)
        returnTo := s.goodReturnURL("TestRemoteLogoutError")
        _, err := s.fed.Logout(s.ctx, arvados.LogoutOptions{ReturnTo: returnTo.String()})
        c.Check(err, check.Equals, expErr)
        loginStub.CheckCalls(c, returnTo)
}

func (s *LogoutSuite) TestRemoteLogoutLocalRedirect(c *check.C) {
        s.setupFederation("zhome")
        loginStub := s.setupStub(c, "zhome", emptyURL, nil)
        redirect := url.URL{Scheme: "https", Host: "example.com"}
        localStub := s.setupStub(c, "aaaaa", &redirect, nil)
        resp, err := s.fed.Logout(s.ctx, arvados.LogoutOptions{})
        c.Check(err, check.IsNil)
        c.Check(resp.RedirectLocation, check.Equals, redirect.String())
        // emptyURL to match the empty LogoutOptions
        loginStub.CheckCalls(c, emptyURL)
        localStub.CheckCalls(c, emptyURL)
}

func (s *LogoutSuite) TestRemoteLogoutLocalError(c *check.C) {
        s.setupFederation("zhome")
        expErr := errors.New("TestRemoteLogoutLocalError expErr")
        loginStub := s.setupStub(c, "zhome", emptyURL, nil)
        localStub := s.setupStub(c, "aaaaa", emptyURL, expErr)
        _, err := s.fed.Logout(s.ctx, arvados.LogoutOptions{})
        c.Check(err, check.Equals, expErr)
        loginStub.CheckCalls(c, emptyURL)
        localStub.CheckCalls(c, emptyURL)
}

func (s *LogoutSuite) TestV2TokenRedirect(c *check.C) {
        s.setupFederation("")
        redirect := url.URL{Scheme: "https", Host: "example.com"}
        returnTo := s.goodReturnURL("TestV2TokenRedirect")
        localErr := errors.New("TestV2TokenRedirect error")
        tokenStub := s.setupStub(c, "zzzzz", &redirect, nil)
        s.setupStub(c, "aaaaa", emptyURL, localErr)
        tokens := []string{s.v2Token("zzzzz")}
        ctx := auth.NewContext(s.ctx, &auth.Credentials{Tokens: tokens})
        resp, err := s.fed.Logout(ctx, arvados.LogoutOptions{ReturnTo: returnTo.String()})
        c.Check(err, check.IsNil)
        c.Check(resp.RedirectLocation, check.Equals, redirect.String())
        tokenStub.CheckCalls(c, returnTo)
}

func (s *LogoutSuite) TestV2TokenError(c *check.C) {
        s.setupFederation("")
        returnTo := s.goodReturnURL("TestV2TokenError")
        tokenErr := errors.New("TestV2TokenError error")
        tokenStub := s.setupStub(c, "zzzzz", emptyURL, tokenErr)
        s.setupStub(c, "aaaaa", emptyURL, nil)
        tokens := []string{s.v2Token("zzzzz")}
        ctx := auth.NewContext(s.ctx, &auth.Credentials{Tokens: tokens})
        _, err := s.fed.Logout(ctx, arvados.LogoutOptions{ReturnTo: returnTo.String()})
        c.Check(err, check.Equals, tokenErr)
        tokenStub.CheckCalls(c, returnTo)
}

func (s *LogoutSuite) TestV2TokenLocalRedirect(c *check.C) {
        s.setupFederation("")
        redirect := url.URL{Scheme: "https", Host: "example.com"}
        tokenStub := s.setupStub(c, "zzzzz", emptyURL, nil)
        localStub := s.setupStub(c, "aaaaa", &redirect, nil)
        tokens := []string{s.v2Token("zzzzz")}
        ctx := auth.NewContext(s.ctx, &auth.Credentials{Tokens: tokens})
        resp, err := s.fed.Logout(ctx, arvados.LogoutOptions{})
        c.Check(err, check.IsNil)
        c.Check(resp.RedirectLocation, check.Equals, redirect.String())
        tokenStub.CheckCalls(c, emptyURL)
        localStub.CheckCalls(c, emptyURL)
}

func (s *LogoutSuite) TestV2TokenLocalError(c *check.C) {
        s.setupFederation("")
        tokenErr := errors.New("TestV2TokenLocalError error")
        tokenStub := s.setupStub(c, "zzzzz", emptyURL, nil)
        localStub := s.setupStub(c, "aaaaa", emptyURL, tokenErr)
        tokens := []string{s.v2Token("zzzzz")}
        ctx := auth.NewContext(s.ctx, &auth.Credentials{Tokens: tokens})
        _, err := s.fed.Logout(ctx, arvados.LogoutOptions{})
        c.Check(err, check.Equals, tokenErr)
        tokenStub.CheckCalls(c, emptyURL)
        localStub.CheckCalls(c, emptyURL)
}

func (s *LogoutSuite) TestV2LocalTokenRedirect(c *check.C) {
        s.setupFederation("")
        redirect := url.URL{Scheme: "https", Host: "example.com"}
        returnTo := s.goodReturnURL("TestV2LocalTokenRedirect")
        localStub := s.setupStub(c, "aaaaa", &redirect, nil)
        tokens := []string{s.v2Token("aaaaa")}
        ctx := auth.NewContext(s.ctx, &auth.Credentials{Tokens: tokens})
        resp, err := s.fed.Logout(ctx, arvados.LogoutOptions{ReturnTo: returnTo.String()})
        c.Check(err, check.IsNil)
        c.Check(resp.RedirectLocation, check.Equals, redirect.String())
        localStub.CheckCalls(c, returnTo)
}

func (s *LogoutSuite) TestV2LocalTokenError(c *check.C) {
        s.setupFederation("")
        returnTo := s.goodReturnURL("TestV2LocalTokenError")
        tokenErr := errors.New("TestV2LocalTokenError error")
        localStub := s.setupStub(c, "aaaaa", emptyURL, tokenErr)
        tokens := []string{s.v2Token("aaaaa")}
        ctx := auth.NewContext(s.ctx, &auth.Credentials{Tokens: tokens})
        _, err := s.fed.Logout(ctx, arvados.LogoutOptions{ReturnTo: returnTo.String()})
        c.Check(err, check.Equals, tokenErr)
        localStub.CheckCalls(c, returnTo)
}