github.com/haalcala/mattermost-server-change-repo@v0.0.0-20210713015153-16753fbeee5f/app/login_test.go (about) 1 // Copyright (c) 2015-present Mattermost, Inc. All Rights Reserved. 2 // See LICENSE.txt for license information. 3 4 package app 5 6 import ( 7 "net/http" 8 "os" 9 "testing" 10 11 "github.com/stretchr/testify/require" 12 13 "github.com/mattermost/mattermost-server/v5/model" 14 ) 15 16 func TestCheckForClientSideCert(t *testing.T) { 17 th := Setup(t) 18 defer th.TearDown() 19 20 var tests = []struct { 21 pem string 22 subject string 23 expectedEmail string 24 }{ 25 {"blah", "blah", ""}, 26 {"blah", "C=US, ST=Maryland, L=Pasadena, O=Brent Baccala, OU=FreeSoft, CN=www.freesoft.org/emailAddress=test@test.com", "test@test.com"}, 27 {"blah", "C=US, ST=Maryland, L=Pasadena, O=Brent Baccala, OU=FreeSoft, CN=www.freesoft.org/EmailAddress=test@test.com", ""}, 28 {"blah", "CN=www.freesoft.org/EmailAddress=test@test.com, C=US, ST=Maryland, L=Pasadena, O=Brent Baccala, OU=FreeSoft", ""}, 29 } 30 31 for _, tt := range tests { 32 r := &http.Request{Header: http.Header{}} 33 r.Header.Add("X-SSL-Client-Cert", tt.pem) 34 r.Header.Add("X-SSL-Client-Cert-Subject-DN", tt.subject) 35 36 _, _, actualEmail := th.App.CheckForClientSideCert(r) 37 38 require.Equal(t, actualEmail, tt.expectedEmail, "CheckForClientSideCert(%v): expected %v, actual %v", tt.subject, tt.expectedEmail, actualEmail) 39 } 40 } 41 42 func TestCWSLogin(t *testing.T) { 43 44 th := Setup(t).InitBasic() 45 defer th.TearDown() 46 license := model.NewTestLicense() 47 license.Features.Cloud = model.NewBool(true) 48 th.App.Srv().SetLicense(license) 49 50 t.Run("Should authenticate user when CWS login is enabled and tokens are equal", func(t *testing.T) { 51 token := model.NewToken(TokenTypeCWSAccess, "") 52 defer th.App.DeleteToken(token) 53 os.Setenv("CWS_CLOUD_TOKEN", token.Token) 54 user, err := th.App.AuthenticateUserForLogin("", th.BasicUser.Username, "", "", token.Token, false) 55 require.Nil(t, err) 56 require.NotNil(t, user) 57 require.Equal(t, th.BasicUser.Username, user.Username) 58 _, apperr := th.App.Srv().Store.Token().GetByToken(token.Token) 59 require.NoError(t, apperr) 60 th.App.DeleteToken(token) 61 }) 62 63 t.Run("Should not authenticate the user when CWS token was used", func(t *testing.T) { 64 token := model.NewToken(TokenTypeCWSAccess, "") 65 os.Setenv("CWS_CLOUD_TOKEN", token.Token) 66 require.NoError(t, th.App.Srv().Store.Token().Save(token)) 67 defer th.App.DeleteToken(token) 68 user, err := th.App.AuthenticateUserForLogin("", th.BasicUser.Username, "", "", token.Token, false) 69 require.NotNil(t, err) 70 require.Nil(t, user) 71 }) 72 }