github.com/deiscc/workflow-e2e@v0.0.0-20181208071258-117299af888f/tests/auth_test.go

github.com/deiscc/workflow-e2e@v0.0.0-20181208071258-117299af888f/tests/auth_test.go (about)

     1  package tests
     2  
     3  import (
     4  	"os"
     5  
     6  	"github.com/deiscc/workflow-e2e/tests/cmd"
     7  	"github.com/deiscc/workflow-e2e/tests/cmd/auth"
     8  	"github.com/deiscc/workflow-e2e/tests/model"
     9  	"github.com/deiscc/workflow-e2e/tests/settings"
    10  
    11  	. "github.com/onsi/ginkgo"
    12  	. "github.com/onsi/gomega"
    13  	. "github.com/onsi/gomega/gbytes"
    14  	. "github.com/onsi/gomega/gexec"
    15  )
    16  
    17  var _ = Describe("deis auth", func() {
    18  
    19  	Context("with no user logged in", func() {
    20  
    21  		BeforeEach(func() {
    22  			// Important: All the tests use profiles. In theory, no client.json containing a token
    23  			// exists because of this. However, in order to future-proof this test against any fallout
    24  			// from any test added in the future that might deliberately or accidentally behave
    25  			// differently, we explicitly log out, without specifying a profile. This is meant to
    26  			// GUARANTEE that client.json does not exist.
    27  			sess, err := cmd.Start("deis auth:logout", nil)
    28  			Eventually(sess).Should(Say("Logged out\n"))
    29  			Expect(err).NotTo(HaveOccurred())
    30  			Eventually(sess).Should(Exit(0))
    31  		})
    32  
    33  		Specify("information on the current user cannot be printed", func() {
    34  			sess, err := cmd.Start("deis auth:whoami", nil)
    35  			Eventually(sess.Err).Should(Say("Error: Client configuration file not found"))
    36  			Expect(err).NotTo(HaveOccurred())
    37  			Eventually(sess).Should(Exit(1))
    38  		})
    39  
    40  	})
    41  
    42  	Context("with a non-admin user", func() {
    43  
    44  		var user model.User
    45  
    46  		BeforeEach(func() {
    47  			user = model.NewUser()
    48  			os.Setenv("DEIS_PROFILE", user.Username)
    49  		})
    50  
    51  		AfterEach(func() {
    52  			sess, err := cmd.Start("deis auth:cancel --username=%s --password=%s --yes", &user, user.Username, user.Password)
    53  			Expect(err).To(BeNil())
    54  			Eventually(sess).Should(Exit(1))
    55  			Expect(err).NotTo(HaveOccurred())
    56  			os.Unsetenv("DEIS_PROFILE")
    57  		})
    58  
    59  		Specify("that user cannot register when registration mode is 'admin_only', as is the default", func() {
    60  			sess, err := cmd.Start("deis auth:register %s --username=%s --password=%s --email=%s", nil, settings.DeisControllerURL, user.Username, user.Password, user.Email)
    61  			Expect(err).NotTo(HaveOccurred())
    62  			Eventually(sess.Err).Should(Say("Registration failed: Error: You do not have permission to perform this action."))
    63  			Eventually(sess).Should(Exit(1))
    64  		})
    65  
    66  	})
    67  
    68  	Context("with an existing user", func() {
    69  		admin := model.Admin
    70  		var user model.User
    71  
    72  		BeforeEach(func() {
    73  			user = auth.RegisterAndLogin()
    74  		})
    75  
    76  		AfterEach(func() {
    77  			auth.Cancel(user)
    78  		})
    79  
    80  		Specify("that user can log out", func() {
    81  			auth.Logout(user)
    82  			auth.Login(user) // Log back in so cleanup won't fail.
    83  		})
    84  
    85  		Specify("a new user cannot be registered using the same details", func() {
    86  			sess, err := cmd.Start("deis auth:register %s --username=%s --password=%s --email=%s", &admin, settings.DeisControllerURL, user.Username, user.Password, user.Email)
    87  			Eventually(sess.Err).Should(Say("Registration failed"))
    88  			Expect(err).NotTo(HaveOccurred())
    89  			Eventually(sess).Should(Exit(1))
    90  		})
    91  
    92  		Specify("that user can print information about themself", func() {
    93  			auth.Whoami(user)
    94  		})
    95  
    96  		Specify("that user can print extensive information about themself", func() {
    97  			auth.WhoamiAll(user)
    98  		})
    99  
   100  		Specify("that user can regenerates their own token", func() {
   101  			auth.Regenerate(user)
   102  		})
   103  
   104  	})
   105  
   106  	Context("with an existing admin", func() {
   107  
   108  		admin := model.Admin
   109  
   110  		Specify("that admin can list admins", func() {
   111  			sess, err := cmd.Start("deis perms:list --admin", &admin)
   112  			Eventually(sess).Should(Say("=== Administrators"))
   113  			Eventually(sess).Should(Say(admin.Username))
   114  			Expect(err).NotTo(HaveOccurred())
   115  			Eventually(sess).Should(Exit(0))
   116  		})
   117  
   118  		Context("and another existing user", func() {
   119  
   120  			var otherUser model.User
   121  
   122  			BeforeEach(func() {
   123  				otherUser = auth.RegisterAndLogin()
   124  			})
   125  
   126  			AfterEach(func() {
   127  				auth.Cancel(otherUser)
   128  			})
   129  
   130  			Specify("that admin can regenerate the token for the other user", func() {
   131  				sess, err := cmd.Start("deis auth:regenerate -u %s", &admin, otherUser.Username)
   132  				Eventually(sess).Should(Say("Token Regenerated"))
   133  				Expect(err).NotTo(HaveOccurred())
   134  				Eventually(sess).Should(Exit(0))
   135  				auth.Login(otherUser) // Log back in so cleanup won't fail.
   136  			})
   137  
   138  		})
   139  
   140  		// TODO: This is marked pending because it resets all user auth tokens. Because we run the
   141  		// tests in parallel, this can wreak havoc on tests that may be in flight. We will need to
   142  		// reevaluate how we want to test this functionality.
   143  		XSpecify("that admin can regenerate the tokens of all other users", func() {
   144  			sess, err := cmd.Start("deis auth:regenerate --all", &admin)
   145  			Eventually(sess).Should(Say("Token Regenerated"))
   146  			Expect(err).NotTo(HaveOccurred())
   147  			Eventually(sess).Should(Exit(0))
   148  		})
   149  
   150  	})
   151  
   152  })