loginsrv

Unnamed repository; edit this file 'description' to name the repository.
git clone git@jamesshield.xyz:repos/loginsrv.git
Log | Files | Refs | README | LICENSE

user_claims_file_test.go (3607B)


      1 package login
      2 
      3 import (
      4 	"io/ioutil"
      5 	"os"
      6 	"testing"
      7 
      8 	. "github.com/stretchr/testify/assert"
      9 	"github.com/tarent/loginsrv/model"
     10 )
     11 
     12 var claimsExample = `
     13 - sub: bob
     14   origin: htpasswd
     15   claims:
     16     role: superAdmin
     17 
     18 - email: admin@example.org
     19   origin: google
     20   claims:
     21     role: admin
     22     projects:
     23       - example
     24     sub: overwrittenSubject
     25 
     26 - domain: example.org
     27   origin: google
     28   claims:
     29     role: user
     30     projects:
     31       - example
     32 
     33 - origin: gitlab
     34   groups:
     35     - "example/subgroup"
     36     - othergroup
     37   claims:
     38     role: admin
     39 
     40 - claims:
     41     role: unknown
     42 `
     43 
     44 var invalidClaimsExample = `
     45 - sub: bob
     46 	origin: google
     47 `
     48 
     49 func Test_newUserClaimsFile_InvalidFile(t *testing.T) {
     50 	c, err := newUserClaimsFile("notfound")
     51 
     52 	Error(t, err)
     53 	Equal(t, &userClaimsFile{
     54 		userFile:        "notfound",
     55 		userFileEntries: []userFileEntry{},
     56 	}, c)
     57 }
     58 
     59 func Test_newUserClaimsFile_InvalidYAML(t *testing.T) {
     60 	f, _ := ioutil.TempFile("", "")
     61 	f.WriteString(invalidClaimsExample)
     62 	f.Close()
     63 	defer os.Remove(f.Name())
     64 
     65 	c, err := newUserClaimsFile(f.Name())
     66 
     67 	Error(t, err)
     68 	Equal(t, &userClaimsFile{
     69 		userFile:        f.Name(),
     70 		userFileEntries: []userFileEntry{},
     71 	}, c)
     72 }
     73 
     74 func Test_newUserClaimsFile_ParseFile(t *testing.T) {
     75 	fileName, cleanup := createClaimsFile(claimsExample)
     76 	defer cleanup()
     77 
     78 	c, err := newUserClaimsFile(fileName)
     79 
     80 	NoError(t, err)
     81 	Equal(t, 5, len(c.userFileEntries))
     82 	Equal(t, "admin@example.org", c.userFileEntries[1].Email)
     83 	Equal(t, "google", c.userFileEntries[1].Origin)
     84 	Equal(t, "admin", c.userFileEntries[1].Claims["role"])
     85 	Equal(t, []interface{}{"example"}, c.userFileEntries[1].Claims["projects"])
     86 	Equal(t, []string{"example/subgroup", "othergroup"}, c.userFileEntries[3].Groups)
     87 }
     88 
     89 func Test_userClaimsFile_Claims(t *testing.T) {
     90 	f, _ := ioutil.TempFile("", "")
     91 	f.WriteString(claimsExample)
     92 	f.Close()
     93 	fileName := f.Name()
     94 	defer os.Remove(f.Name())
     95 
     96 	c, err := NewUserClaims(&Config{UserFile: fileName})
     97 	NoError(t, err)
     98 
     99 	// Match first entry
    100 	claims, _ := c.Claims(model.UserInfo{Sub: "bob", Origin: "htpasswd"})
    101 	Equal(t, customClaims{"sub": "bob", "origin": "htpasswd", "role": "superAdmin"}, claims)
    102 
    103 	// Match second entry
    104 	claims, _ = c.Claims(model.UserInfo{Sub: "any", Email: "admin@example.org", Origin: "google"})
    105 	Equal(t, customClaims{"sub": "overwrittenSubject", "email": "admin@example.org", "origin": "google", "role": "admin", "projects": []interface{}{"example"}}, claims)
    106 
    107 	// Match fourth entry
    108 	claims, _ = c.Claims(model.UserInfo{Sub: "any", Groups: []string{"example/subgroup", "othergroup"}, Origin: "gitlab"})
    109 	Equal(t, customClaims{"sub": "any", "groups": []string{"example/subgroup", "othergroup"}, "origin": "gitlab", "role": "admin"}, claims)
    110 
    111 	// default case with no rules
    112 	claims, _ = c.Claims(model.UserInfo{Sub: "bob"})
    113 	Equal(t, customClaims{"sub": "bob", "role": "unknown"}, claims)
    114 }
    115 
    116 func Test_userClaimsFile_NoMatch(t *testing.T) {
    117 	userFile, cleanup := createClaimsFile(`
    118 - sub: bob
    119   groups:
    120     - othergroup
    121   claims:
    122     role: superAdmin
    123 `)
    124 	defer cleanup()
    125 
    126 	c, err := NewUserClaims(&Config{UserFile: userFile})
    127 	NoError(t, err)
    128 
    129 	// No Match -> not Modified
    130 	claims, err := c.Claims(model.UserInfo{Sub: "foo"})
    131 	NoError(t, err)
    132 	Equal(t, model.UserInfo{Sub: "foo"}, claims)
    133 
    134 	claims, err = c.Claims(model.UserInfo{Sub: "bob", Groups: []string{"group"}})
    135 	NoError(t, err)
    136 	Equal(t, model.UserInfo{Sub: "bob", Groups: []string{"group"}}, claims)
    137 }
    138 
    139 func createClaimsFile(claims string) (string, func()) {
    140 	f, _ := ioutil.TempFile("", "")
    141 	f.WriteString(claims)
    142 	f.Close()
    143 
    144 	return f.Name(), func() { os.Remove(f.Name()) }
    145 }