X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/e9bfb6900e3340bfcdcea691466cd849ca7d9ffc..a9988d4cde254df59d1790ef1e3768d14e2a812e:/lib/controller/localdb/login_test.go diff --git a/lib/controller/localdb/login_test.go b/lib/controller/localdb/login_test.go index e36571ef16..db6daa195b 100644 --- a/lib/controller/localdb/login_test.go +++ b/lib/controller/localdb/login_test.go @@ -19,12 +19,12 @@ import ( "testing" "time" - "git.curoverse.com/arvados.git/lib/config" - "git.curoverse.com/arvados.git/lib/controller/rpc" - "git.curoverse.com/arvados.git/sdk/go/arvados" - "git.curoverse.com/arvados.git/sdk/go/arvadostest" - "git.curoverse.com/arvados.git/sdk/go/auth" - "git.curoverse.com/arvados.git/sdk/go/ctxlog" + "git.arvados.org/arvados.git/lib/config" + "git.arvados.org/arvados.git/lib/controller/rpc" + "git.arvados.org/arvados.git/sdk/go/arvados" + "git.arvados.org/arvados.git/sdk/go/arvadostest" + "git.arvados.org/arvados.git/sdk/go/auth" + "git.arvados.org/arvados.git/sdk/go/ctxlog" check "gopkg.in/check.v1" jose "gopkg.in/square/go-jose.v2" ) @@ -133,7 +133,7 @@ func (s *LoginSuite) SetUpTest(c *check.C) { w.Header().Set("Content-Type", "application/json") switch req.URL.Path { case "/v1/people/me": - if f := req.Form.Get("fields"); f != "emailAddresses,names" { + if f := req.Form.Get("personFields"); f != "emailAddresses,names" { w.WriteHeader(http.StatusBadRequest) break } @@ -146,8 +146,11 @@ func (s *LoginSuite) SetUpTest(c *check.C) { cfg, err := config.NewLoader(nil, ctxlog.TestLogger(c)).Load() s.cluster, err = cfg.GetCluster("") + s.cluster.Login.ProviderAppID = "" + s.cluster.Login.ProviderAppSecret = "" s.cluster.Login.GoogleClientID = "test%client$id" s.cluster.Login.GoogleClientSecret = "test#client/secret" + s.cluster.Users.PreferDomainForUsername = "PreferDomainForUsername.example.com" c.Assert(err, check.IsNil) s.localdb = NewConn(s.cluster) @@ -162,6 +165,12 @@ func (s *LoginSuite) TearDownTest(c *check.C) { s.railsSpy.Close() } +func (s *LoginSuite) TestGoogleLogout(c *check.C) { + resp, err := s.localdb.Logout(context.Background(), arvados.LogoutOptions{ReturnTo: "https://foo.example.com/bar"}) + c.Check(err, check.IsNil) + c.Check(resp.RedirectLocation, check.Equals, "https://foo.example.com/bar") +} + func (s *LoginSuite) TestGoogleLogin_Start_Bogus(c *check.C) { resp, err := s.localdb.Login(context.Background(), arvados.LoginOptions{}) c.Check(err, check.IsNil) @@ -209,6 +218,39 @@ func (s *LoginSuite) TestGoogleLogin_InvalidState(c *check.C) { c.Check(resp.HTML.String(), check.Matches, `(?ms).*invalid OAuth2 state.*`) } +func (s *LoginSuite) setupPeopleAPIError(c *check.C) { + s.fakePeopleAPI = httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) { + w.WriteHeader(http.StatusForbidden) + fmt.Fprintln(w, `Error 403: accessNotConfigured`) + })) + s.localdb.googleLoginController.peopleAPIBasePath = s.fakePeopleAPI.URL +} + +func (s *LoginSuite) TestGoogleLogin_PeopleAPIDisabled(c *check.C) { + s.cluster.Login.GoogleAlternateEmailAddresses = false + s.authEmail = "joe.smith@primary.example.com" + s.setupPeopleAPIError(c) + state := s.startLogin(c) + _, err := s.localdb.Login(context.Background(), arvados.LoginOptions{ + Code: s.validCode, + State: state, + }) + c.Check(err, check.IsNil) + authinfo := s.getCallbackAuthInfo(c) + c.Check(authinfo.Email, check.Equals, "joe.smith@primary.example.com") +} + +func (s *LoginSuite) TestGoogleLogin_PeopleAPIError(c *check.C) { + s.setupPeopleAPIError(c) + state := s.startLogin(c) + resp, err := s.localdb.Login(context.Background(), arvados.LoginOptions{ + Code: s.validCode, + State: state, + }) + c.Check(err, check.IsNil) + c.Check(resp.RedirectLocation, check.Equals, "") +} + func (s *LoginSuite) TestGoogleLogin_Success(c *check.C) { state := s.startLogin(c) resp, err := s.localdb.Login(context.Background(), arvados.LoginOptions{ @@ -331,6 +373,10 @@ func (s *LoginSuite) TestGoogleLogin_AlternateEmailAddresses_Primary(c *check.C) "metadata": map[string]interface{}{"verified": true}, "value": "joe.smith@alternate.example.com", }, + { + "metadata": map[string]interface{}{"verified": true}, + "value": "jsmith+123@preferdomainforusername.example.com", + }, }, } state := s.startLogin(c) @@ -340,7 +386,8 @@ func (s *LoginSuite) TestGoogleLogin_AlternateEmailAddresses_Primary(c *check.C) }) authinfo := s.getCallbackAuthInfo(c) c.Check(authinfo.Email, check.Equals, "joe.smith@primary.example.com") - c.Check(authinfo.AlternateEmails, check.DeepEquals, []string{"joe.smith@alternate.example.com"}) + c.Check(authinfo.AlternateEmails, check.DeepEquals, []string{"joe.smith@alternate.example.com", "jsmith+123@preferdomainforusername.example.com"}) + c.Check(authinfo.Username, check.Equals, "jsmith") } func (s *LoginSuite) TestGoogleLogin_NoPrimaryEmailAddress(c *check.C) { @@ -367,6 +414,7 @@ func (s *LoginSuite) TestGoogleLogin_NoPrimaryEmailAddress(c *check.C) { authinfo := s.getCallbackAuthInfo(c) c.Check(authinfo.Email, check.Equals, "joe.smith@work.example.com") // first verified email in People response c.Check(authinfo.AlternateEmails, check.DeepEquals, []string{"joe.smith@home.example.com"}) + c.Check(authinfo.Username, check.Equals, "") } func (s *LoginSuite) getCallbackAuthInfo(c *check.C) (authinfo rpc.UserSessionAuthInfo) {