user_claims_file_test.go (3607B)
1 package login 2 3 import ( 4 "io/ioutil" 5 "os" 6 "testing" 7 8 . "github.com/stretchr/testify/assert" 9 "github.com/tarent/loginsrv/model" 10 ) 11 12 var claimsExample = ` 13 - sub: bob 14 origin: htpasswd 15 claims: 16 role: superAdmin 17 18 - email: admin@example.org 19 origin: google 20 claims: 21 role: admin 22 projects: 23 - example 24 sub: overwrittenSubject 25 26 - domain: example.org 27 origin: google 28 claims: 29 role: user 30 projects: 31 - example 32 33 - origin: gitlab 34 groups: 35 - "example/subgroup" 36 - othergroup 37 claims: 38 role: admin 39 40 - claims: 41 role: unknown 42 ` 43 44 var invalidClaimsExample = ` 45 - sub: bob 46 origin: google 47 ` 48 49 func Test_newUserClaimsFile_InvalidFile(t *testing.T) { 50 c, err := newUserClaimsFile("notfound") 51 52 Error(t, err) 53 Equal(t, &userClaimsFile{ 54 userFile: "notfound", 55 userFileEntries: []userFileEntry{}, 56 }, c) 57 } 58 59 func Test_newUserClaimsFile_InvalidYAML(t *testing.T) { 60 f, _ := ioutil.TempFile("", "") 61 f.WriteString(invalidClaimsExample) 62 f.Close() 63 defer os.Remove(f.Name()) 64 65 c, err := newUserClaimsFile(f.Name()) 66 67 Error(t, err) 68 Equal(t, &userClaimsFile{ 69 userFile: f.Name(), 70 userFileEntries: []userFileEntry{}, 71 }, c) 72 } 73 74 func Test_newUserClaimsFile_ParseFile(t *testing.T) { 75 fileName, cleanup := createClaimsFile(claimsExample) 76 defer cleanup() 77 78 c, err := newUserClaimsFile(fileName) 79 80 NoError(t, err) 81 Equal(t, 5, len(c.userFileEntries)) 82 Equal(t, "admin@example.org", c.userFileEntries[1].Email) 83 Equal(t, "google", c.userFileEntries[1].Origin) 84 Equal(t, "admin", c.userFileEntries[1].Claims["role"]) 85 Equal(t, []interface{}{"example"}, c.userFileEntries[1].Claims["projects"]) 86 Equal(t, []string{"example/subgroup", "othergroup"}, c.userFileEntries[3].Groups) 87 } 88 89 func Test_userClaimsFile_Claims(t *testing.T) { 90 f, _ := ioutil.TempFile("", "") 91 f.WriteString(claimsExample) 92 f.Close() 93 fileName := f.Name() 94 defer os.Remove(f.Name()) 95 96 c, err := NewUserClaims(&Config{UserFile: fileName}) 97 NoError(t, err) 98 99 // Match first entry 100 claims, _ := c.Claims(model.UserInfo{Sub: "bob", Origin: "htpasswd"}) 101 Equal(t, customClaims{"sub": "bob", "origin": "htpasswd", "role": "superAdmin"}, claims) 102 103 // Match second entry 104 claims, _ = c.Claims(model.UserInfo{Sub: "any", Email: "admin@example.org", Origin: "google"}) 105 Equal(t, customClaims{"sub": "overwrittenSubject", "email": "admin@example.org", "origin": "google", "role": "admin", "projects": []interface{}{"example"}}, claims) 106 107 // Match fourth entry 108 claims, _ = c.Claims(model.UserInfo{Sub: "any", Groups: []string{"example/subgroup", "othergroup"}, Origin: "gitlab"}) 109 Equal(t, customClaims{"sub": "any", "groups": []string{"example/subgroup", "othergroup"}, "origin": "gitlab", "role": "admin"}, claims) 110 111 // default case with no rules 112 claims, _ = c.Claims(model.UserInfo{Sub: "bob"}) 113 Equal(t, customClaims{"sub": "bob", "role": "unknown"}, claims) 114 } 115 116 func Test_userClaimsFile_NoMatch(t *testing.T) { 117 userFile, cleanup := createClaimsFile(` 118 - sub: bob 119 groups: 120 - othergroup 121 claims: 122 role: superAdmin 123 `) 124 defer cleanup() 125 126 c, err := NewUserClaims(&Config{UserFile: userFile}) 127 NoError(t, err) 128 129 // No Match -> not Modified 130 claims, err := c.Claims(model.UserInfo{Sub: "foo"}) 131 NoError(t, err) 132 Equal(t, model.UserInfo{Sub: "foo"}, claims) 133 134 claims, err = c.Claims(model.UserInfo{Sub: "bob", Groups: []string{"group"}}) 135 NoError(t, err) 136 Equal(t, model.UserInfo{Sub: "bob", Groups: []string{"group"}}, claims) 137 } 138 139 func createClaimsFile(claims string) (string, func()) { 140 f, _ := ioutil.TempFile("", "") 141 f.WriteString(claims) 142 f.Close() 143 144 return f.Name(), func() { os.Remove(f.Name()) } 145 }