dashboard/app: chop off auth so it can be reused in syz-hub

4 files changed, 92 insertions, 84 deletions

diff --git a/dashboard/app/api.go b/dashboard/app/api.go
index dad31c3df..748d7abb2 100644
--- a/dashboard/app/api.go
+++ b/dashboard/app/api.go
@@ -1346,3 +1346,30 @@ func GetEmails(r dashapi.Recipients, filter dashapi.RecipientType) []string {
 	sort.Strings(emails)
 	return emails
 }
+
+// Verifies that the given credentials are acceptable and returns the
+// corresponding namespace.
+func checkClient(conf *GlobalConfig, name0, secretPassword, oauthSubject string) (string, error) {
+	checkAuth := func(ns, a string) (string, error) {
+		if strings.HasPrefix(a, oauthMagic) && a == oauthSubject {
+			return ns, nil
+		}
+		if a != secretPassword {
+			return ns, ErrAccess
+		}
+		return ns, nil
+	}
+	for name, authenticator := range conf.Clients {
+		if name == name0 {
+			return checkAuth("", authenticator)
+		}
+	}
+	for ns, cfg := range conf.Namespaces {
+		for name, authenticator := range cfg.Clients {
+			if name == name0 {
+				return checkAuth(ns, authenticator)
+			}
+		}
+	}
+	return "", ErrAccess
+}
diff --git a/dashboard/app/api_test.go b/dashboard/app/api_test.go
new file mode 100644
index 000000000..8d63ce7a7
--- /dev/null
+++ b/dashboard/app/api_test.go
@@ -0,0 +1,65 @@
+// Copyright 2017 syzkaller project authors. All rights reserved.
+// Use of this source code is governed by Apache 2 LICENSE that can be found in the LICENSE file.
+
+package main
+
+import (
+	"testing"
+)
+
+func TestClientSecretOK(t *testing.T) {
+	got, err := checkClient(&GlobalConfig{
+		Clients: map[string]string{
+			"user": "secr1t",
+		},
+	}, "user", "secr1t", "")
+	if err != nil || got != "" {
+		t.Errorf("Unexpected error %v %v", got, err)
+	}
+}
+
+func TestClientOauthOK(t *testing.T) {
+	got, err := checkClient(&GlobalConfig{
+		Clients: map[string]string{
+			"user": "OauthSubject:public",
+		},
+	}, "user", "", "OauthSubject:public")
+	if err != nil || got != "" {
+		t.Errorf("Unexpected error %v %v", got, err)
+	}
+}
+
+func TestClientSecretFail(t *testing.T) {
+	got, err := checkClient(&GlobalConfig{
+		Clients: map[string]string{
+			"user": "secr1t",
+		},
+	}, "user", "wrong", "")
+	if err != ErrAccess || got != "" {
+		t.Errorf("Unexpected error %v %v", got, err)
+	}
+}
+
+func TestClientSecretMissing(t *testing.T) {
+	got, err := checkClient(&GlobalConfig{
+		Clients: map[string]string{},
+	}, "user", "ignored", "")
+	if err != ErrAccess || got != "" {
+		t.Errorf("Unexpected error %v %v", got, err)
+	}
+}
+
+func TestClientNamespaceOK(t *testing.T) {
+	got, err := checkClient(&GlobalConfig{
+		Namespaces: map[string]*Config{
+			"ns1": {
+				Clients: map[string]string{
+					"user": "secr1t",
+				},
+			},
+		},
+	}, "user", "secr1t", "")
+	if err != nil || got != "ns1" {
+		t.Errorf("Unexpected error %v %v", got, err)
+	}
+}
diff --git a/dashboard/app/auth.go b/dashboard/app/auth.go
index 42d59e6ee..a6da8e24d 100644
--- a/dashboard/app/auth.go
+++ b/dashboard/app/auth.go
@@ -124,30 +124,3 @@ func (auth *authEndpoint) determineAuthSubj(now time.Time, authHeader []string)
 	}
 	return oauthMagic + claims.Subject, nil
 }
-
-// Verifies that the given credentials are acceptable and returns the
-// corresponding namespace.
-func checkClient(conf *GlobalConfig, name0, secretPassword, oauthSubject string) (string, error) {
-	checkAuth := func(ns, a string) (string, error) {
-		if strings.HasPrefix(a, oauthMagic) && a == oauthSubject {
-			return ns, nil
-		}
-		if a != secretPassword {
-			return ns, ErrAccess
-		}
-		return ns, nil
-	}
-	for name, authenticator := range conf.Clients {
-		if name == name0 {
-			return checkAuth("", authenticator)
-		}
-	}
-	for ns, cfg := range conf.Namespaces {
-		for name, authenticator := range cfg.Clients {
-			if name == name0 {
-				return checkAuth(ns, authenticator)
-			}
-		}
-	}
-	return "", ErrAccess
-}
diff --git a/dashboard/app/auth_test.go b/dashboard/app/auth_test.go
index ae52721e7..c6d5fba23 100644
--- a/dashboard/app/auth_test.go
+++ b/dashboard/app/auth_test.go
@@ -97,60 +97,3 @@ func TestBadHeader(t *testing.T) {
 		t.Errorf("Unexpected error %v %v", got, err)
 	}
 }
-
-func TestClientSecretOK(t *testing.T) {
-	got, err := checkClient(&GlobalConfig{
-		Clients: map[string]string{
-			"user": "secr1t",
-		},
-	}, "user", "secr1t", "")
-	if err != nil || got != "" {
-		t.Errorf("Unexpected error %v %v", got, err)
-	}
-}
-
-func TestClientOauthOK(t *testing.T) {
-	got, err := checkClient(&GlobalConfig{
-		Clients: map[string]string{
-			"user": "OauthSubject:public",
-		},
-	}, "user", "", "OauthSubject:public")
-	if err != nil || got != "" {
-		t.Errorf("Unexpected error %v %v", got, err)
-	}
-}
-
-func TestClientSecretFail(t *testing.T) {
-	got, err := checkClient(&GlobalConfig{
-		Clients: map[string]string{
-			"user": "secr1t",
-		},
-	}, "user", "wrong", "")
-	if err != ErrAccess || got != "" {
-		t.Errorf("Unexpected error %v %v", got, err)
-	}
-}
-
-func TestClientSecretMissing(t *testing.T) {
-	got, err := checkClient(&GlobalConfig{
-		Clients: map[string]string{},
-	}, "user", "ignored", "")
-	if err != ErrAccess || got != "" {
-		t.Errorf("Unexpected error %v %v", got, err)
-	}
-}
-
-func TestClientNamespaceOK(t *testing.T) {
-	got, err := checkClient(&GlobalConfig{
-		Namespaces: map[string]*Config{
-			"ns1": {
-				Clients: map[string]string{
-					"user": "secr1t",
-				},
-			},
-		},
-	}, "user", "secr1t", "")
-	if err != nil || got != "ns1" {
-		t.Errorf("Unexpected error %v %v", got, err)
-	}
-}