Influxdata
/
influxdb
mirror of https://github.com/influxdata/influxdb.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
influxdb/chronograf/oauth2/auth0_test.go

140 lines
3.0 KiB
Go
Raw Normal View History

Add test coverage for Auth0 organizations This covers cases where users are or are not members of organizations as well as whether or not they should have access to the application based on their organization membership.
2017-06-28 20:27:37 +00:00
package oauth2_test
import (
"encoding/json"
"net/http"
"net/http/httptest"
"testing"
refactor: rewrite imports to include the /v2 suffix for version 2
2020-04-03 17:39:20 +00:00
"github.com/influxdata/influxdb/v2/chronograf"
"github.com/influxdata/influxdb/v2/chronograf/oauth2"
Add test coverage for Auth0 organizations This covers cases where users are or are not members of organizations as well as whether or not they should have access to the application based on their organization membership.
2017-06-28 20:27:37 +00:00
)
var auth0Tests = []struct {
name string
email string
organization string // empty string is "no organization"
allowedUsers []string
allowedOrgs []string // empty disables organization checking
shouldErr bool
}{
{
"Simple, no orgs",
"marty.mcfly@example.com",
"",
[]string{"marty.mcfly@example.com"},
[]string{},
false,
},
{
"Unauthorized",
"marty.mcfly@example.com",
"",
[]string{"doc.brown@example.com"},
[]string{},
true,
},
{
"Success - member of an org",
"marty.mcfly@example.com",
"time-travelers",
[]string{"marty.mcfly@example.com"},
[]string{"time-travelers"},
false,
},
{
"Failure - not a member of an org",
"marty.mcfly@example.com",
"time-travelers",
[]string{"marty.mcfly@example.com"},
[]string{"biffs-gang"},
true,
},
}
func Test_Auth0_PrincipalID_RestrictsByOrganization(t *testing.T) {
for _, test := range auth0Tests {
t.Run(test.name, func(tt *testing.T) {
tt.Parallel()
expected := struct {
Email string `json:"email"`
Organization string `json:"organization"`
}{
test.email,
test.organization,
}
mockAPI := httptest.NewServer(http.HandlerFunc(func(rw http.ResponseWriter, r *http.Request) {
if r.URL.Path != "/userinfo" {
rw.WriteHeader(http.StatusNotFound)
return
}
allowed := false
for _, user := range test.allowedUsers {
if test.email == user {
allowed = true
}
}
if !allowed {
rw.WriteHeader(http.StatusUnauthorized)
return
}
enc := json.NewEncoder(rw)
rw.WriteHeader(http.StatusOK)
_ = enc.Encode(expected)
}))
defer mockAPI.Close()
feat(vault): add vault implementation of secret service test(platform): run testcontainer integration tests for nightly release Integration tests for the vault secret service using testcontiners should not run along with unit tests, however, they should run on some regular schedule. This commit introduces `make test-integration` which runs integration tests for vault using testcontainers. The command introduced relies on docker being available on the host it is executed on. chore(platform): make go modules tidy chore: try to fix go mod chore(platform): remove explicit logrus dependency chore(platform): run go mod tidy chore(platform): replace github.com/Sirupsen/logrus with github.com/sirupsen/logrus chore(platform): update docker dependency feat(vault): add vault implementation of secret service test(platform): run testcontainer integration tests for nightly release Integration tests for the vault secret service using testcontiners should not run along with unit tests, however, they should run on some regular schedule. This commit introduces `make test-integration` which runs integration tests for vault using testcontainers. The command introduced relies on docker being available on the host it is executed on. chore(platform): make go modules tidy chore: try to fix go mod chore(platform): run go mod tidy feat(vault): add vault implementation of secret service chore(platform): make go modules tidy feat(platform): add Put/Patch/Delete methods on secret service feat(vault): add Put/Patch/Delete methods on vault secret service feat(http): add http handler methods for secret service feat(bolt): add Put/Delete/Patch methods to bolt secret service feat(testing): add tests for Put/Patch/Delete methods in secret service feat(mock): add mock secret service feat(http): add tests for secrets endpoints feat(http): update swagger for secrets endpoints chore: run go mod tidy
2018-11-16 16:45:00 +00:00
logger := &chronograf.NoopLogger{}
Add test coverage for Auth0 organizations This covers cases where users are or are not members of organizations as well as whether or not they should have access to the application based on their organization membership.
2017-06-28 20:27:37 +00:00
prov, err := oauth2.NewAuth0(mockAPI.URL, "id", "secret", mockAPI.URL+"/callback", test.allowedOrgs, logger)
if err != nil {
tt.Fatal("Unexpected error instantiating Auth0 provider: err:", err)
}
tripper, err := oauth2.NewTestTripper(logger, mockAPI, http.DefaultTransport)
if err != nil {
tt.Fatal("Error initializing TestTripper: err:", err)
}
tc := &http.Client{
Transport: tripper,
}
var email string
email, err = prov.PrincipalID(tc)
if !test.shouldErr {
if err != nil {
tt.Fatal(test.name, ": Unexpected error while attempting to authenticate: err:", err)
}
if email != test.email {
tt.Fatal(test.name, ": email mismatch. Got", email, "want:", test.email)
}
}
if err == nil && test.shouldErr {
tt.Fatal(test.name, ": Expected error while attempting to authenticate but received none")
}
})
}
}
func Test_Auth0_ErrsWithBadDomain(t *testing.T) {
t.Parallel()
feat(vault): add vault implementation of secret service test(platform): run testcontainer integration tests for nightly release Integration tests for the vault secret service using testcontiners should not run along with unit tests, however, they should run on some regular schedule. This commit introduces `make test-integration` which runs integration tests for vault using testcontainers. The command introduced relies on docker being available on the host it is executed on. chore(platform): make go modules tidy chore: try to fix go mod chore(platform): remove explicit logrus dependency chore(platform): run go mod tidy chore(platform): replace github.com/Sirupsen/logrus with github.com/sirupsen/logrus chore(platform): update docker dependency feat(vault): add vault implementation of secret service test(platform): run testcontainer integration tests for nightly release Integration tests for the vault secret service using testcontiners should not run along with unit tests, however, they should run on some regular schedule. This commit introduces `make test-integration` which runs integration tests for vault using testcontainers. The command introduced relies on docker being available on the host it is executed on. chore(platform): make go modules tidy chore: try to fix go mod chore(platform): run go mod tidy feat(vault): add vault implementation of secret service chore(platform): make go modules tidy feat(platform): add Put/Patch/Delete methods on secret service feat(vault): add Put/Patch/Delete methods on vault secret service feat(http): add http handler methods for secret service feat(bolt): add Put/Delete/Patch methods to bolt secret service feat(testing): add tests for Put/Patch/Delete methods in secret service feat(mock): add mock secret service feat(http): add tests for secrets endpoints feat(http): update swagger for secrets endpoints chore: run go mod tidy
2018-11-16 16:45:00 +00:00
logger := &chronograf.NoopLogger{}
Add test coverage for Auth0 organizations This covers cases where users are or are not members of organizations as well as whether or not they should have access to the application based on their organization membership.
2017-06-28 20:27:37 +00:00
_, err := oauth2.NewAuth0("!!@#$!@$%@#$%", "id", "secret", "http://example.com", []string{}, logger)
if err == nil {
t.Fatal("Expected err with bad domain but received none")
}
}