diff options
| author | Greg Steuck <greg@nest.cx> | 2021-07-05 15:53:01 -0700 |
|---|---|---|
| committer | Dmitry Vyukov <dvyukov@google.com> | 2021-07-14 07:16:41 +0200 |
| commit | cfc934a81713b26518f1ae0fa94900a2da77553b (patch) | |
| tree | 5d6b2023aa9030a4e7e5cfdacb468ac993c0763c /dashboard/app/auth_test.go | |
| parent | 8a2d0342e072b3bdbc232f5158f421a3b96cc2a0 (diff) | |
dashboard/app: cover checkClient and fix for the exposed bug
Required checkClient to take the config as a parameter.
Diffstat (limited to 'dashboard/app/auth_test.go')
| -rw-r--r-- | dashboard/app/auth_test.go | 64 |
1 files changed, 62 insertions, 2 deletions
diff --git a/dashboard/app/auth_test.go b/dashboard/app/auth_test.go index 02d7ad9fc..b8457449f 100644 --- a/dashboard/app/auth_test.go +++ b/dashboard/app/auth_test.go @@ -1,3 +1,6 @@ +// Copyright 2017 syzkaller project authors. All rights reserved. +// Use of this source code is governed by Apache 2 LICENSE that can be found in the LICENSE file. + package main import ( @@ -54,7 +57,7 @@ func TestBearerWrongAudience(t *testing.T) { defer ts.Close() _, err := dut.determineAuthSubj([]string{"Bearer x"}) - if !strings.HasPrefix(err.Error(), "Unexpected audience") { + if !strings.HasPrefix(err.Error(), "unexpected audience") { t.Fatalf("Unexpected error %v", err) } } @@ -68,7 +71,7 @@ func TestBearerExpired(t *testing.T) { defer ts.Close() _, err := dut.determineAuthSubj([]string{"Bearer x"}) - if !strings.HasPrefix(err.Error(), "Token past expiration") { + if !strings.HasPrefix(err.Error(), "token past expiration") { t.Fatalf("Unexpected error %v", err) } } @@ -90,3 +93,60 @@ func TestBadHeader(t *testing.T) { t.Errorf("Unexpected error %v %v", got, err) } } + +func TestClientSecretOK(t *testing.T) { + got, err := checkClient(&GlobalConfig{ + Clients: map[string]string{ + "user": "secr1t", + }, + }, "user", "secr1t", "") + if err != nil || got != "" { + t.Errorf("Unexpected error %v %v", got, err) + } +} + +func TestClientOauthOK(t *testing.T) { + got, err := checkClient(&GlobalConfig{ + Clients: map[string]string{ + "user": "OauthSubject:public", + }, + }, "user", "", "OauthSubject:public") + if err != nil || got != "" { + t.Errorf("Unexpected error %v %v", got, err) + } +} + +func TestClientSecretFail(t *testing.T) { + got, err := checkClient(&GlobalConfig{ + Clients: map[string]string{ + "user": "secr1t", + }, + }, "user", "wrong", "") + if err != ErrAccess || got != "" { + t.Errorf("Unexpected error %v %v", got, err) + } +} + +func TestClientSecretMissing(t *testing.T) { + got, err := checkClient(&GlobalConfig{ + Clients: map[string]string{}, + }, "user", "ignored", "") + if err != ErrAccess || got != "" { + t.Errorf("Unexpected error %v %v", got, err) + } +} + +func TestClientNamespaceOK(t *testing.T) { + got, err := checkClient(&GlobalConfig{ + Namespaces: map[string]*Config{ + "ns1": { + Clients: map[string]string{ + "user": "secr1t", + }, + }, + }, + }, "user", "secr1t", "") + if err != nil || got != "ns1" { + t.Errorf("Unexpected error %v %v", got, err) + } +} |