diff options
| author | Clement Michaud <clement.michaud34@gmail.com> | 2019-11-17 11:47:07 +0100 |
|---|---|---|
| committer | Clément Michaud <clement.michaud34@gmail.com> | 2019-11-17 16:30:33 +0100 |
| commit | 3b2d733367c88621e4178301f2bcb4bc03613eee (patch) | |
| tree | 41ac41fc5b6cece04db85a08bfa7c32a022f7354 /internal/authentication/file_user_provider_test.go | |
| parent | a06b69dd458e756f1a3d6867eb5b9f54560e2ee1 (diff) | |
Move source code into internal directory to follow standard project layout.
https://github.com/golang-standards/project-layout
Diffstat (limited to 'internal/authentication/file_user_provider_test.go')
| -rw-r--r-- | internal/authentication/file_user_provider_test.go | 144 |
1 files changed, 144 insertions, 0 deletions
diff --git a/internal/authentication/file_user_provider_test.go b/internal/authentication/file_user_provider_test.go new file mode 100644 index 000000000..704d456b0 --- /dev/null +++ b/internal/authentication/file_user_provider_test.go @@ -0,0 +1,144 @@ +package authentication + +import ( + "io/ioutil" + "log" + "os" + "testing" + + "github.com/stretchr/testify/assert" +) + +func WithDatabase(content []byte, f func(path string)) { + tmpfile, err := ioutil.TempFile("", "users_database.*.yaml") + if err != nil { + log.Fatal(err) + } + + defer os.Remove(tmpfile.Name()) // clean up + + if _, err := tmpfile.Write(content); err != nil { + tmpfile.Close() + log.Fatal(err) + } + + f(tmpfile.Name()) + + if err := tmpfile.Close(); err != nil { + log.Fatal(err) + } +} + +func TestShouldCheckUserPasswordIsCorrect(t *testing.T) { + WithDatabase(UserDatabaseContent, func(path string) { + provider := NewFileUserProvider(path) + ok, err := provider.CheckUserPassword("john", "password") + + assert.NoError(t, err) + assert.True(t, ok) + }) +} + +func TestShouldCheckUserPasswordIsWrong(t *testing.T) { + WithDatabase(UserDatabaseContent, func(path string) { + provider := NewFileUserProvider(path) + ok, err := provider.CheckUserPassword("john", "wrong_password") + + assert.NoError(t, err) + assert.False(t, ok) + }) +} + +func TestShouldCheckUserPasswordOfUnexistingUser(t *testing.T) { + WithDatabase(UserDatabaseContent, func(path string) { + provider := NewFileUserProvider(path) + _, err := provider.CheckUserPassword("fake", "password") + assert.Error(t, err) + assert.Equal(t, "User 'fake' does not exist in database", err.Error()) + }) +} + +func TestShouldRetrieveUserDetails(t *testing.T) { + WithDatabase(UserDatabaseContent, func(path string) { + provider := NewFileUserProvider(path) + details, err := provider.GetDetails("john") + assert.NoError(t, err) + assert.Equal(t, details.Emails, []string{"john.doe@authelia.com"}) + assert.Equal(t, details.Groups, []string{"admins", "dev"}) + }) +} + +func TestShouldUpdatePassword(t *testing.T) { + WithDatabase(UserDatabaseContent, func(path string) { + provider := NewFileUserProvider(path) + err := provider.UpdatePassword("john", "newpassword") + assert.NoError(t, err) + + // Reset the provider to force a read from disk. + provider = NewFileUserProvider(path) + ok, err := provider.CheckUserPassword("john", "newpassword") + assert.NoError(t, err) + assert.True(t, ok) + }) +} + +func TestShouldRaiseWhenLoadingMalformedDatabaseForFirstTime(t *testing.T) { + WithDatabase(MalformedUserDatabaseContent, func(path string) { + assert.Panics(t, func() { + NewFileUserProvider(path) + }) + }) +} + +func TestShouldRaiseWhenLoadingDatabaseWithBadSchemaForFirstTime(t *testing.T) { + WithDatabase(BadSchemaUserDatabaseContent, func(path string) { + assert.Panics(t, func() { + NewFileUserProvider(path) + }) + }) +} + +var UserDatabaseContent = []byte(` +users: + john: + password: "{CRYPT}$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/" + email: john.doe@authelia.com + groups: + - admins + - dev + + harry: + password: "{CRYPT}$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/" + email: harry.potter@authelia.com + groups: [] + + bob: + password: "{CRYPT}$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/" + email: bob.dylan@authelia.com + groups: + - dev + + james: + password: "{CRYPT}$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/" + email: james.dean@authelia.com +`) + +var MalformedUserDatabaseContent = []byte(` +users +john +email: john.doe@authelia.com +groups: +- admin +- dev +`) + +// The YAML is valid but the root key is user instead of users +var BadSchemaUserDatabaseContent = []byte(` +user: + john: + password: "{CRYPT}$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/" + email: john.doe@authelia.com + groups: + - admins + - dev +`) |