fluidb-old/auth/credential_store_test.go

package auth

import (
	"strings"
	"testing"
)

type testBasicAuther struct {
	ok       bool
	username string
	password string
}

func (t *testBasicAuther) BasicAuth() (string, string, bool) {
	return t.username, t.password, t.ok
}

func Test_AuthLoadSingle(t *testing.T) {
	const jsonStream = `
		[
			{"username": "username1", "password": "password1"}
		]
	`

	store := NewCredentialsStore()
	if err := store.Load(strings.NewReader(jsonStream)); err != nil {
		t.Fatalf("failed to load single credential: %s", err.Error())
	}

	if check := store.Check("username1", "password1"); !check {
		t.Fatalf("single credential not loaded correctly")
	}
	if check := store.Check("username1", "wrong"); check {
		t.Fatalf("single credential not loaded correctly")
	}

	if check := store.Check("wrong", "password1"); check {
		t.Fatalf("single credential not loaded correctly")
	}
	if check := store.Check("wrong", "wrong"); check {
		t.Fatalf("single credential not loaded correctly")
	}

	var pw string
	var ok bool
	pw, ok = store.Password("username1")
	if pw != "password1" || !ok {
		t.Fatalf("wrong password returned")
	}
	_, ok = store.Password("nonsense")
	if ok {
		t.Fatalf("password returned for nonexistent user")
	}
}

func Test_AuthLoadMultiple(t *testing.T) {
	const jsonStream = `
		[
			{"username": "username1", "password": "password1"},
			{"username": "username2", "password": "password2"}
		]
	`

	store := NewCredentialsStore()
	if err := store.Load(strings.NewReader(jsonStream)); err != nil {
		t.Fatalf("failed to load multiple credentials: %s", err.Error())
	}

	if check := store.Check("username1", "password1"); !check {
		t.Fatalf("username1 credential not loaded correctly")
	}
	if check := store.Check("username1", "password2"); check {
		t.Fatalf("username1 credential not loaded correctly")
	}

	if check := store.Check("username2", "password2"); !check {
		t.Fatalf("username2 credential not loaded correctly")
	}
	if check := store.Check("username2", "password1"); check {
		t.Fatalf("username2 credential not loaded correctly")
	}

	if check := store.Check("username1", "wrong"); check {
		t.Fatalf("multiple credential not loaded correctly")
	}
	if check := store.Check("wrong", "password1"); check {
		t.Fatalf("multiple credential not loaded correctly")
	}
	if check := store.Check("wrong", "wrong"); check {
		t.Fatalf("multiple credential not loaded correctly")
	}
}

func Test_AuthLoadSingleRequest(t *testing.T) {
	const jsonStream = `
		[
			{"username": "username1", "password": "password1"}
		]
	`

	store := NewCredentialsStore()
	if err := store.Load(strings.NewReader(jsonStream)); err != nil {
		t.Fatalf("failed to load multiple credentials: %s", err.Error())
	}

	b1 := &testBasicAuther{
		username: "username1",
		password: "password1",
		ok:       true,
	}
	b2 := &testBasicAuther{
		username: "username1",
		password: "wrong",
		ok:       true,
	}
	b3 := &testBasicAuther{}

	if check := store.CheckRequest(b1); !check {
		t.Fatalf("username1 (b1) credential not checked correctly via request")
	}
	if check := store.CheckRequest(b2); check {
		t.Fatalf("username1 (b2) credential not checked correctly via request")
	}
	if check := store.CheckRequest(b3); check {
		t.Fatalf("username1 (b3) credential not checked correctly via request")
	}
}

func Test_AuthPermsLoadSingle(t *testing.T) {
	const jsonStream = `
		[
			{
				"username": "username1",
				"password": "password1",
				"perms": ["foo", "bar"]
			},
			{
				"username": "username2",
				"password": "password1",
				"perms": ["baz"]
			}
		]
	`

	store := NewCredentialsStore()
	if err := store.Load(strings.NewReader(jsonStream)); err != nil {
		t.Fatalf("failed to load single credential: %s", err.Error())
	}

	if check := store.Check("username1", "password1"); !check {
		t.Fatalf("single credential not loaded correctly")
	}
	if check := store.Check("username1", "wrong"); check {
		t.Fatalf("single credential not loaded correctly")
	}

	if perm := store.HasPerm("wrong", "foo"); perm {
		t.Fatalf("wrong has foo perm")
	}

	if perm := store.HasPerm("username1", "foo"); !perm {
		t.Fatalf("username1 does not have foo perm")
	}
	if perm := store.HasPerm("username1", "bar"); !perm {
		t.Fatalf("username1 does not have bar perm")
	}
	if perm := store.HasPerm("username1", "baz"); perm {
		t.Fatalf("username1 does have baz perm")
	}

	if perm := store.HasPerm("username2", "baz"); !perm {
		t.Fatalf("username1 does not have baz perm")
	}

	if perm := store.HasAnyPerm("username1", "foo"); !perm {
		t.Fatalf("username1 does not have foo perm")
	}
	if perm := store.HasAnyPerm("username1", "bar"); !perm {
		t.Fatalf("username1 does not have bar perm")
	}
	if perm := store.HasAnyPerm("username1", "foo", "bar"); !perm {
		t.Fatalf("username1 does not have foo or bar perm")
	}
	if perm := store.HasAnyPerm("username1", "foo", "qux"); !perm {
		t.Fatalf("username1 does not have foo or qux perm")
	}
	if perm := store.HasAnyPerm("username1", "qux", "bar"); !perm {
		t.Fatalf("username1 does not have bar perm")
	}
	if perm := store.HasAnyPerm("username1", "baz", "qux"); perm {
		t.Fatalf("username1 has baz or qux perm")
	}
}

func Test_AuthLoadHashedSingleRequest(t *testing.T) {
	const jsonStream = `
		[
			{
				"username": "username1",
				"password": "$2a$10$fKRHxrEuyDTP6tXIiDycr.nyC8Q7UMIfc31YMyXHDLgRDyhLK3VFS"
			},
			{	"username": "username2",
				"password": "password2"
			}
		]
	`

	store := NewCredentialsStore()
	if err := store.Load(strings.NewReader(jsonStream)); err != nil {
		t.Fatalf("failed to load multiple credentials: %s", err.Error())
	}

	b1 := &testBasicAuther{
		username: "username1",
		password: "password1",
		ok:       true,
	}
	b2 := &testBasicAuther{
		username: "username2",
		password: "password2",
		ok:       true,
	}

	b3 := &testBasicAuther{
		username: "username1",
		password: "wrong",
		ok:       true,
	}
	b4 := &testBasicAuther{
		username: "username2",
		password: "wrong",
		ok:       true,
	}

	if check := store.CheckRequest(b1); !check {
		t.Fatalf("username1 (b1) credential not checked correctly via request")
	}
	if check := store.CheckRequest(b2); !check {
		t.Fatalf("username2 (b2) credential not checked correctly via request")
	}
	if check := store.CheckRequest(b3); check {
		t.Fatalf("username1 (b3) credential not checked correctly via request")
	}
	if check := store.CheckRequest(b4); check {
		t.Fatalf("username2 (b4) credential not checked correctly via request")
	}
}

func Test_AuthPermsRequestLoadSingle(t *testing.T) {
	const jsonStream = `
		[
			{
				"username": "username1",
				"password": "password1",
				"perms": ["foo", "bar"]
			}
		]
	`

	store := NewCredentialsStore()
	if err := store.Load(strings.NewReader(jsonStream)); err != nil {
		t.Fatalf("failed to load single credential: %s", err.Error())
	}

	if check := store.Check("username1", "password1"); !check {
		t.Fatalf("single credential not loaded correctly")
	}

	b1 := &testBasicAuther{
		username: "username1",
		password: "password1",
		ok:       true,
	}
	if perm := store.HasPermRequest(b1, "foo"); !perm {
		t.Fatalf("username1 does not has perm foo via request")
	}
	b2 := &testBasicAuther{
		username: "username2",
		password: "password1",
		ok:       true,
	}
	if perm := store.HasPermRequest(b2, "foo"); perm {
		t.Fatalf("username1 does have perm foo via request")
	}

}

func Test_AuthPermsEmptyLoadSingle(t *testing.T) {
	const jsonStream = `
		[
			{
				"username": "username1",
				"password": "password1",
				"perms": []
			}
		]
	`

	store := NewCredentialsStore()
	if err := store.Load(strings.NewReader(jsonStream)); err != nil {
		t.Fatalf("failed to load single credential: %s", err.Error())
	}

	if check := store.Check("username1", "password1"); !check {
		t.Fatalf("single credential not loaded correctly")
	}
	if check := store.Check("username1", "wrong"); check {
		t.Fatalf("single credential not loaded correctly")
	}

	if perm := store.HasPerm("username1", "foo"); perm {
		t.Fatalf("wrong has foo perm")
	}
}

func Test_AuthPermsNilLoadSingle(t *testing.T) {
	const jsonStream = `
		[
			{
				"username": "username1",
				"password": "password1"
			}
		]
	`

	store := NewCredentialsStore()
	if err := store.Load(strings.NewReader(jsonStream)); err != nil {
		t.Fatalf("failed to load single credential: %s", err.Error())
	}

	if check := store.Check("username1", "password1"); !check {
		t.Fatalf("single credential not loaded correctly")
	}
	if check := store.Check("username1", "wrong"); check {
		t.Fatalf("single credential not loaded correctly")
	}

	if perm := store.HasPerm("username1", "foo"); perm {
		t.Fatalf("wrong has foo perm")
	}
}

func Test_AuthPermsAllUsers(t *testing.T) {
	const jsonStream = `
		[
			{
				"username": "username1",
				"password": "password1",
				"perms": ["foo"]
			},
			{
				"username": "*",
				"perms": ["bar", "abc"]
			}
		]
	`

	store := NewCredentialsStore()
	if err := store.Load(strings.NewReader(jsonStream)); err != nil {
		t.Fatalf("failed to load single credential: %s", err.Error())
	}

	if check := store.Check("username1", "password1"); !check {
		t.Fatalf("single credential not loaded correctly")
	}
	if check := store.Check("username1", "wrong"); check {
		t.Fatalf("single credential not loaded correctly")
	}

	if perm := store.HasPerm("username1", "qux"); perm {
		t.Fatalf("username1 has qux perm")
	}
	if perm := store.HasPerm(AllUsers, "bar"); !perm {
		t.Fatalf("* does not have bar perm")
	}
	if perm := store.HasPerm(AllUsers, "abc"); !perm {
		t.Fatalf("* does not have abc perm")
	}
	if perm := store.HasPerm(AllUsers, "foo"); perm {
		t.Fatalf("* has foo perm")
	}
	if perm := store.HasPerm("username1", "bar"); !perm {
		t.Fatalf("username1 does not have bar perm via *")
	}
	if perm := store.HasPerm("username1", "abc"); !perm {
		t.Fatalf("username1 does not have abc perm via *")
	}
}