github.com/go-kivik/kivik/v4@v4.3.2/x/kivikd/authdb/confadmin/confadmin_test.go (about) 1 // Licensed under the Apache License, Version 2.0 (the "License"); you may not 2 // use this file except in compliance with the License. You may obtain a copy of 3 // the License at 4 // 5 // http://www.apache.org/licenses/LICENSE-2.0 6 // 7 // Unless required by applicable law or agreed to in writing, software 8 // distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 9 // WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the 10 // License for the specific language governing permissions and limitations under 11 // the License. 12 13 //go:build !js 14 15 package confadmin 16 17 import ( 18 "context" 19 "fmt" 20 "net/http" 21 "reflect" 22 "testing" 23 24 "github.com/spf13/viper" 25 26 "github.com/go-kivik/kivik/v4" 27 _ "github.com/go-kivik/kivik/v4/couchdb" 28 "github.com/go-kivik/kivik/v4/x/kivikd/authdb" 29 "github.com/go-kivik/kivik/v4/x/kivikd/conf" 30 ) 31 32 func TestInvalidHashes(t *testing.T) { 33 c := &conf.Conf{Viper: viper.New()} 34 c.Set("admins.test", "-pbkXXdf2-792221164f257de22ad72a8e94760388233e5714,7897f3451f59da741c87ec5f10fe7abe,10") 35 auth := New(c) 36 if _, err := auth.Validate(context.Background(), "test", "123"); err == nil { 37 t.Errorf("Expected error for invalid scheme") 38 } 39 if _, err := auth.Validate(context.Background(), "test", "123"); err == nil { 40 t.Errorf("Expected error for too many commas") 41 } 42 c.Set("admins.test", "-pbkdf2-792221164f257de22ad72a8e94760388233e5714,7897f3451f59da741c87ec5f10fe7abe,pig") 43 if _, err := auth.Validate(context.Background(), "test", "123"); err == nil { 44 t.Errorf("Expected error for invalid iterations integer") 45 } 46 } 47 48 func TestConfAdminAuth(t *testing.T) { 49 c := &conf.Conf{Viper: viper.New()} 50 c.Set("admins.test", "-pbkdf2-792221164f257de22ad72a8e94760388233e5714,7897f3451f59da741c87ec5f10fe7abe,10") 51 auth := New(c) 52 53 t.Run("sync", func(t *testing.T) { 54 t.Run("Validate", func(t *testing.T) { 55 t.Parallel() 56 t.Run("ValidUser", func(t *testing.T) { 57 t.Parallel() 58 uCtx, err := auth.Validate(context.Background(), "test", "abc123") 59 if err != nil { 60 t.Errorf("Validation failure for good password: %s", err) 61 } 62 if uCtx == nil { 63 t.Errorf("User should have been validated") 64 } 65 }) 66 t.Run("WrongPassword", func(t *testing.T) { 67 t.Parallel() 68 uCtx, err := auth.Validate(context.Background(), "test", "foobar") 69 if kivik.HTTPStatus(err) != http.StatusUnauthorized { 70 t.Errorf("Expected Unauthorized for bad password, got %s", err) 71 } 72 if uCtx != nil { 73 t.Errorf("User should not have been validated with wrong password") 74 } 75 }) 76 t.Run("MissingUser", func(t *testing.T) { 77 t.Parallel() 78 uCtx, err := auth.Validate(context.Background(), "nobody", "foo") 79 if kivik.HTTPStatus(err) != http.StatusUnauthorized { 80 t.Errorf("Expected Unauthorized for bad username, got %s", err) 81 } 82 if uCtx != nil { 83 t.Errorf("User should not have been validated with wrong username") 84 } 85 }) 86 }) 87 t.Run("Context", func(t *testing.T) { 88 t.Parallel() 89 t.Run("ValidUser", func(t *testing.T) { 90 t.Parallel() 91 uCtx, err := auth.UserCtx(context.Background(), "test") 92 if err != nil { 93 t.Errorf("Failed to get roles for valid user: %s", err) 94 } 95 if !reflect.DeepEqual(uCtx, &authdb.UserContext{Name: "test", Roles: []string{"_admin"}, Salt: "7897f3451f59da741c87ec5f10fe7abe"}) { 96 t.Errorf("Got unexpected context: %v", uCtx) 97 } 98 }) 99 t.Run("MissingUser", func(t *testing.T) { 100 _, err := auth.UserCtx(context.Background(), "nobody") 101 if kivik.HTTPStatus(err) != http.StatusNotFound { 102 var msg string 103 if err != nil { 104 msg = fmt.Sprintf(" Got: %s", err) 105 } 106 t.Errorf("Expected Not Found fetching roles for bad username.%s", msg) 107 } 108 }) 109 }) 110 }) 111 }