X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/d739042d5aedd9a2cef19deb591cccc57d639353..12b7a5c3693734b902aad0b928218de4e72bc4ab:/lib/controller/localdb/login_pam_test.go diff --git a/lib/controller/localdb/login_pam_test.go b/lib/controller/localdb/login_pam_test.go index 885aa86b88..c5876bbfad 100644 --- a/lib/controller/localdb/login_pam_test.go +++ b/lib/controller/localdb/login_pam_test.go @@ -7,6 +7,7 @@ package localdb import ( "context" "io/ioutil" + "net/http" "os" "strings" @@ -31,26 +32,26 @@ func (s *PamSuite) SetUpSuite(c *check.C) { c.Assert(err, check.IsNil) s.cluster, err = cfg.GetCluster("") c.Assert(err, check.IsNil) - s.cluster.Login.PAM = true - s.cluster.Login.PAMDefaultEmailDomain = "example.com" + s.cluster.Login.PAM.Enable = true + s.cluster.Login.PAM.DefaultEmailDomain = "example.com" s.railsSpy = arvadostest.NewProxy(c, s.cluster.Services.RailsAPI) s.ctrl = &pamLoginController{ - Cluster: s.cluster, - RailsProxy: rpc.NewConn(s.cluster.ClusterID, s.railsSpy.URL, true, rpc.PassthroughTokenProvider), + Cluster: s.cluster, + Parent: &Conn{railsProxy: rpc.NewConn(s.cluster.ClusterID, s.railsSpy.URL, true, rpc.PassthroughTokenProvider)}, } } func (s *PamSuite) TestLoginFailure(c *check.C) { - resp, err := s.ctrl.Login(context.Background(), arvados.LoginOptions{ + resp, err := s.ctrl.UserAuthenticate(context.Background(), arvados.UserAuthenticateOptions{ Username: "bogususername", Password: "boguspassword", - ReturnTo: "https://example.com/foo", }) - c.Check(err, check.IsNil) - c.Check(resp.RedirectLocation, check.Equals, "") - c.Check(resp.Token, check.Equals, "") - c.Check(resp.Message, check.Equals, "Authentication failure") - c.Check(resp.HTML.String(), check.Equals, "") + c.Check(err, check.ErrorMatches, `PAM: Authentication failure \(with username "bogususername" and password\)`) + hs, ok := err.(interface{ HTTPStatus() int }) + if c.Check(ok, check.Equals, true) { + c.Check(hs.HTTPStatus(), check.Equals, http.StatusUnauthorized) + } + c.Check(resp.APIToken, check.Equals, "") } // This test only runs if the ARVADOS_TEST_PAM_CREDENTIALS_FILE env @@ -68,17 +69,16 @@ func (s *PamSuite) TestLoginSuccess(c *check.C) { c.Assert(len(lines), check.Equals, 2, check.Commentf("credentials file %s should contain \"username\\npassword\"", testCredsFile)) u, p := lines[0], lines[1] - resp, err := s.ctrl.Login(context.Background(), arvados.LoginOptions{ + resp, err := s.ctrl.UserAuthenticate(context.Background(), arvados.UserAuthenticateOptions{ Username: u, Password: p, - ReturnTo: "https://example.com/foo", }) c.Check(err, check.IsNil) - c.Check(resp.RedirectLocation, check.Equals, "") - c.Check(resp.Token, check.Matches, `v2/zzzzz-gj3su-.*/.*`) - c.Check(resp.HTML.String(), check.Equals, "") + c.Check(resp.APIToken, check.Not(check.Equals), "") + c.Check(resp.UUID, check.Matches, `zzzzz-gj3su-.*`) + c.Check(resp.Scopes, check.DeepEquals, []string{"all"}) authinfo := getCallbackAuthInfo(c, s.railsSpy) - c.Check(authinfo.Email, check.Equals, u+"@"+s.cluster.Login.PAMDefaultEmailDomain) + c.Check(authinfo.Email, check.Equals, u+"@"+s.cluster.Login.PAM.DefaultEmailDomain) c.Check(authinfo.AlternateEmails, check.DeepEquals, []string(nil)) }