github.com/haalcala/mattermost-server-change-repo@v0.0.0-20210713015153-16753fbeee5f/app/login_test.go

github.com/haalcala/mattermost-server-change-repo@v0.0.0-20210713015153-16753fbeee5f/app/login_test.go (about)

     1  // Copyright (c) 2015-present Mattermost, Inc. All Rights Reserved.
     2  // See LICENSE.txt for license information.
     3  
     4  package app
     5  
     6  import (
     7  	"net/http"
     8  	"os"
     9  	"testing"
    10  
    11  	"github.com/stretchr/testify/require"
    12  
    13  	"github.com/mattermost/mattermost-server/v5/model"
    14  )
    15  
    16  func TestCheckForClientSideCert(t *testing.T) {
    17  	th := Setup(t)
    18  	defer th.TearDown()
    19  
    20  	var tests = []struct {
    21  		pem           string
    22  		subject       string
    23  		expectedEmail string
    24  	}{
    25  		{"blah", "blah", ""},
    26  		{"blah", "C=US, ST=Maryland, L=Pasadena, O=Brent Baccala, OU=FreeSoft, CN=www.freesoft.org/emailAddress=test@test.com", "test@test.com"},
    27  		{"blah", "C=US, ST=Maryland, L=Pasadena, O=Brent Baccala, OU=FreeSoft, CN=www.freesoft.org/EmailAddress=test@test.com", ""},
    28  		{"blah", "CN=www.freesoft.org/EmailAddress=test@test.com, C=US, ST=Maryland, L=Pasadena, O=Brent Baccala, OU=FreeSoft", ""},
    29  	}
    30  
    31  	for _, tt := range tests {
    32  		r := &http.Request{Header: http.Header{}}
    33  		r.Header.Add("X-SSL-Client-Cert", tt.pem)
    34  		r.Header.Add("X-SSL-Client-Cert-Subject-DN", tt.subject)
    35  
    36  		_, _, actualEmail := th.App.CheckForClientSideCert(r)
    37  
    38  		require.Equal(t, actualEmail, tt.expectedEmail, "CheckForClientSideCert(%v): expected %v, actual %v", tt.subject, tt.expectedEmail, actualEmail)
    39  	}
    40  }
    41  
    42  func TestCWSLogin(t *testing.T) {
    43  
    44  	th := Setup(t).InitBasic()
    45  	defer th.TearDown()
    46  	license := model.NewTestLicense()
    47  	license.Features.Cloud = model.NewBool(true)
    48  	th.App.Srv().SetLicense(license)
    49  
    50  	t.Run("Should authenticate user when CWS login is enabled and tokens are equal", func(t *testing.T) {
    51  		token := model.NewToken(TokenTypeCWSAccess, "")
    52  		defer th.App.DeleteToken(token)
    53  		os.Setenv("CWS_CLOUD_TOKEN", token.Token)
    54  		user, err := th.App.AuthenticateUserForLogin("", th.BasicUser.Username, "", "", token.Token, false)
    55  		require.Nil(t, err)
    56  		require.NotNil(t, user)
    57  		require.Equal(t, th.BasicUser.Username, user.Username)
    58  		_, apperr := th.App.Srv().Store.Token().GetByToken(token.Token)
    59  		require.NoError(t, apperr)
    60  		th.App.DeleteToken(token)
    61  	})
    62  
    63  	t.Run("Should not authenticate the user when CWS token was used", func(t *testing.T) {
    64  		token := model.NewToken(TokenTypeCWSAccess, "")
    65  		os.Setenv("CWS_CLOUD_TOKEN", token.Token)
    66  		require.NoError(t, th.App.Srv().Store.Token().Save(token))
    67  		defer th.App.DeleteToken(token)
    68  		user, err := th.App.AuthenticateUserForLogin("", th.BasicUser.Username, "", "", token.Token, false)
    69  		require.NotNil(t, err)
    70  		require.Nil(t, user)
    71  	})
    72  }