chronograf/oauth2/heroku_test.go

package oauth2_test

import (
	"encoding/json"
	"net/http"
	"net/http/httptest"
	"testing"

	clog "github.com/influxdata/chronograf/log"
	"github.com/influxdata/chronograf/oauth2"
)

func Test_Heroku_PrincipalID_ExtractsEmailAddress(t *testing.T) {
	t.Parallel()

	expected := struct {
		Email string `json:"email"`
	}{
		"martymcfly@example.com",
	}

	mockAPI := httptest.NewServer(http.HandlerFunc(func(rw http.ResponseWriter, r *http.Request) {
		if r.URL.Path != "/account" {
			rw.WriteHeader(http.StatusNotFound)
			return
		}
		enc := json.NewEncoder(rw)

		rw.WriteHeader(http.StatusOK)
		_ = enc.Encode(expected)
	}))
	defer mockAPI.Close()

	logger := clog.New(clog.ParseLevel("debug"))
	prov := oauth2.Heroku{
		Logger: logger,
	}
	tt, err := oauth2.NewTestTripper(logger, mockAPI, http.DefaultTransport)
	if err != nil {
		t.Fatal("Error initializing TestTripper: err:", err)
	}

	tc := &http.Client{
		Transport: tt,
	}

	email, err := prov.PrincipalID(tc)
	if err != nil {
		t.Fatal("Unexpected error while retrieiving PrincipalID: err:", err)
	}

	if email != expected.Email {
		t.Fatal("Retrieved email was not as expected. Want:", expected.Email, "Got:", email)
	}
}

func Test_Heroku_PrincipalID_RestrictsByOrganization(t *testing.T) {
	t.Parallel()

	expected := struct {
		Email               string            `json:"email"`
		DefaultOrganization map[string]string `json:"default_organization"`
	}{
		"martymcfly@example.com",
		map[string]string{
			"id":   "a85eac89-56cc-498e-9a89-d8f49f6aed71",
			"name": "hill-valley-preservation-society",
		},
	}

	mockAPI := httptest.NewServer(http.HandlerFunc(func(rw http.ResponseWriter, r *http.Request) {
		if r.URL.Path != "/account" {
			rw.WriteHeader(http.StatusNotFound)
			return
		}
		enc := json.NewEncoder(rw)

		rw.WriteHeader(http.StatusOK)
		_ = enc.Encode(expected)
	}))
	defer mockAPI.Close()

	logger := clog.New(clog.ParseLevel("debug"))
	prov := oauth2.Heroku{
		Logger:        logger,
		Organizations: []string{"enchantment-under-the-sea-dance-committee"},
	}

	tt, err := oauth2.NewTestTripper(logger, mockAPI, http.DefaultTransport)
	if err != nil {
		t.Fatal("Error initializing TestTripper: err:", err)
	}

	tc := &http.Client{
		Transport: tt,
	}

	_, err = prov.PrincipalID(tc)
	if err == nil {
		t.Fatal("Expected error while authenticating user with mismatched orgs, but received none")
	}
}
Add Heroku Oauth2 Provider This adds an Oauth2 Provider for authenticating users against Heroku's API. In contrast to other Providers, a maintained client library for interacting with the Heroku API was not available, so direct HTTP calls are made instead. This follows with their documentation posted here: https://devcenter.heroku.com/articles/oauth2-heroku-go 2017-02-16 17:05:55 +00:00			`package oauth2_test`

			`import (`
			`"encoding/json"`
			`"net/http"`
			`"net/http/httptest"`
			`"testing"`

Add Github OAuth2 principal email/org tests 2017-02-16 19:26:08 +00:00			`clog "github.com/influxdata/chronograf/log"`
Add Heroku Oauth2 Provider This adds an Oauth2 Provider for authenticating users against Heroku's API. In contrast to other Providers, a maintained client library for interacting with the Heroku API was not available, so direct HTTP calls are made instead. This follows with their documentation posted here: https://devcenter.heroku.com/articles/oauth2-heroku-go 2017-02-16 17:05:55 +00:00			`"github.com/influxdata/chronograf/oauth2"`
			`)`

			`func Test_Heroku_PrincipalID_ExtractsEmailAddress(t *testing.T) {`
			`t.Parallel()`

			`expected := struct {`
			Email string `json:"email"`
			`}{`
			`"martymcfly@example.com",`
			`}`

			`mockAPI := httptest.NewServer(http.HandlerFunc(func(rw http.ResponseWriter, r *http.Request) {`
			`if r.URL.Path != "/account" {`
			`rw.WriteHeader(http.StatusNotFound)`
			`return`
			`}`
			`enc := json.NewEncoder(rw)`

			`rw.WriteHeader(http.StatusOK)`
			`_ = enc.Encode(expected)`
			`}))`
			`defer mockAPI.Close()`

Add Github OAuth2 principal email/org tests 2017-02-16 19:26:08 +00:00			`logger := clog.New(clog.ParseLevel("debug"))`
			`prov := oauth2.Heroku{`
			`Logger: logger,`
			`}`
Add new auth duration CLI option; add client heartbeat; fix logout (#1119) * User can now set oauth cookie session duration via the CLI to any duration or to expire on browser close * Refactor GET 'me' into heartbeat at constant interval * Add ping route to all routes * Add /chronograf/v1/ping endpoint for server status * Refactor cookie generation to use an interface * WIP adding refreshable tokens * Add reminder to review index.js Login error handling * Refactor Authenticator interface to accommodate cookie duration and logout delay * Update make run-dev to be more TICKStack compliant * Remove heartbeat/logout duration from authentication * WIP Refactor tests to accommodate cookie and auth refactor * Update oauth2 tests to newly refactored design * Update oauth provider tests * Remove unused oauth2/consts.go * Move authentication middleware to server package * Fix authentication comment * Update authenication documentation to mention AUTH_DURATION * Update /chronograf/v1/ping to simply return 204 * Fix Makefile run-dev target * Remove spurious ping route * Update auth docs to clarify authentication duration * Revert "Refactor GET 'me' into heartbeat at constant interval" This reverts commit 298a8c47e1431720d9bd97a9cb853744f04501a3. Conflicts: ui/src/index.js * Add auth test for JWT signing method * Add comments for why coverage isn't written for some areas of jwt code * Update auth docs to explicitly mention how to require re-auth for all users on server restart * Add Duration to Validation interface for Tokens * Make auth duration of zero yield a everlasting token * Revert "Revert "Refactor GET 'me' into heartbeat at constant interval"" This reverts commit b4773c15afe4fcd227ad88aa9d5686beb6b0a6cd. * Rename http status constants and add FORBIDDEN * Heartbeat only when logged in, notify user if heartbeat fails * Update changelog * Fix minor word semantics * Update oauth2 tests to be in the oauth2_test package * Add check at compile time that JWT implements Tokenizer * Rename CookieMux to AuthMux for consistency with earlier refactor * Fix logout middleware * Fix logout button not showing due to obsolete data shape expectations * Update changelog * Fix proptypes for logout button data shape in SideNav 2017-04-06 18:40:57 +00:00			`tt, err := oauth2.NewTestTripper(logger, mockAPI, http.DefaultTransport)`
Add Heroku Oauth2 Provider This adds an Oauth2 Provider for authenticating users against Heroku's API. In contrast to other Providers, a maintained client library for interacting with the Heroku API was not available, so direct HTTP calls are made instead. This follows with their documentation posted here: https://devcenter.heroku.com/articles/oauth2-heroku-go 2017-02-16 17:05:55 +00:00			`if err != nil {`
			`t.Fatal("Error initializing TestTripper: err:", err)`
			`}`

			`tc := &http.Client{`
			`Transport: tt,`
			`}`

			`email, err := prov.PrincipalID(tc)`
			`if err != nil {`
			`t.Fatal("Unexpected error while retrieiving PrincipalID: err:", err)`
			`}`

			`if email != expected.Email {`
			`t.Fatal("Retrieved email was not as expected. Want:", expected.Email, "Got:", email)`
			`}`
			`}`
Add organization restriction on Heroku provider This allows operators to permit access to Chronograf only to users belonging to a set of specific Heroku organizations. This is controlled using the HEROKU_ORGS env or the --heroku-organizations switch. 2017-02-21 18:04:17 +00:00
			`func Test_Heroku_PrincipalID_RestrictsByOrganization(t *testing.T) {`
			`t.Parallel()`

			`expected := struct {`
			Email string `json:"email"`
			DefaultOrganization map[string]string `json:"default_organization"`
			`}{`
			`"martymcfly@example.com",`
			`map[string]string{`
			`"id": "a85eac89-56cc-498e-9a89-d8f49f6aed71",`
			`"name": "hill-valley-preservation-society",`
			`},`
			`}`

			`mockAPI := httptest.NewServer(http.HandlerFunc(func(rw http.ResponseWriter, r *http.Request) {`
			`if r.URL.Path != "/account" {`
			`rw.WriteHeader(http.StatusNotFound)`
			`return`
			`}`
			`enc := json.NewEncoder(rw)`

			`rw.WriteHeader(http.StatusOK)`
			`_ = enc.Encode(expected)`
			`}))`
			`defer mockAPI.Close()`

			`logger := clog.New(clog.ParseLevel("debug"))`
			`prov := oauth2.Heroku{`
			`Logger: logger,`
			`Organizations: []string{"enchantment-under-the-sea-dance-committee"},`
			`}`

Add new auth duration CLI option; add client heartbeat; fix logout (#1119) * User can now set oauth cookie session duration via the CLI to any duration or to expire on browser close * Refactor GET 'me' into heartbeat at constant interval * Add ping route to all routes * Add /chronograf/v1/ping endpoint for server status * Refactor cookie generation to use an interface * WIP adding refreshable tokens * Add reminder to review index.js Login error handling * Refactor Authenticator interface to accommodate cookie duration and logout delay * Update make run-dev to be more TICKStack compliant * Remove heartbeat/logout duration from authentication * WIP Refactor tests to accommodate cookie and auth refactor * Update oauth2 tests to newly refactored design * Update oauth provider tests * Remove unused oauth2/consts.go * Move authentication middleware to server package * Fix authentication comment * Update authenication documentation to mention AUTH_DURATION * Update /chronograf/v1/ping to simply return 204 * Fix Makefile run-dev target * Remove spurious ping route * Update auth docs to clarify authentication duration * Revert "Refactor GET 'me' into heartbeat at constant interval" This reverts commit 298a8c47e1431720d9bd97a9cb853744f04501a3. Conflicts: ui/src/index.js * Add auth test for JWT signing method * Add comments for why coverage isn't written for some areas of jwt code * Update auth docs to explicitly mention how to require re-auth for all users on server restart * Add Duration to Validation interface for Tokens * Make auth duration of zero yield a everlasting token * Revert "Revert "Refactor GET 'me' into heartbeat at constant interval"" This reverts commit b4773c15afe4fcd227ad88aa9d5686beb6b0a6cd. * Rename http status constants and add FORBIDDEN * Heartbeat only when logged in, notify user if heartbeat fails * Update changelog * Fix minor word semantics * Update oauth2 tests to be in the oauth2_test package * Add check at compile time that JWT implements Tokenizer * Rename CookieMux to AuthMux for consistency with earlier refactor * Fix logout middleware * Fix logout button not showing due to obsolete data shape expectations * Update changelog * Fix proptypes for logout button data shape in SideNav 2017-04-06 18:40:57 +00:00			`tt, err := oauth2.NewTestTripper(logger, mockAPI, http.DefaultTransport)`
Add organization restriction on Heroku provider This allows operators to permit access to Chronograf only to users belonging to a set of specific Heroku organizations. This is controlled using the HEROKU_ORGS env or the --heroku-organizations switch. 2017-02-21 18:04:17 +00:00			`if err != nil {`
			`t.Fatal("Error initializing TestTripper: err:", err)`
			`}`

			`tc := &http.Client{`
			`Transport: tt,`
			`}`

			`_, err = prov.PrincipalID(tc)`
			`if err == nil {`
			`t.Fatal("Expected error while authenticating user with mismatched orgs, but received none")`
			`}`
			`}`