github.com/lukasheimann/cloudfoundrycli@v7.1.0+incompatible/actor/v7action/auth_test.go (about) 1 package v7action_test 2 3 import ( 4 "errors" 5 6 "code.cloudfoundry.org/cli/actor/actionerror" 7 . "code.cloudfoundry.org/cli/actor/v7action" 8 "code.cloudfoundry.org/cli/actor/v7action/v7actionfakes" 9 "code.cloudfoundry.org/cli/api/uaa/constant" 10 . "github.com/onsi/ginkgo" 11 . "github.com/onsi/gomega" 12 ) 13 14 var _ = Describe("Auth Actions", func() { 15 var ( 16 actor *Actor 17 fakeCloudControllerClient *v7actionfakes.FakeCloudControllerClient 18 fakeUAAClient *v7actionfakes.FakeUAAClient 19 fakeConfig *v7actionfakes.FakeConfig 20 creds map[string]string 21 ) 22 23 BeforeEach(func() { 24 fakeCloudControllerClient = new(v7actionfakes.FakeCloudControllerClient) 25 fakeUAAClient = new(v7actionfakes.FakeUAAClient) 26 fakeConfig = new(v7actionfakes.FakeConfig) 27 actor = NewActor(fakeCloudControllerClient, fakeConfig, nil, fakeUAAClient, nil, nil) 28 creds = map[string]string{ 29 "client_id": "some-username", 30 "client_secret": "some-password", 31 "origin": "uaa", 32 } 33 }) 34 35 Describe("Authenticate", func() { 36 var ( 37 grantType constant.GrantType 38 actualErr error 39 ) 40 41 JustBeforeEach(func() { 42 actualErr = actor.Authenticate(creds, "uaa", grantType) 43 }) 44 45 When("no API errors occur", func() { 46 BeforeEach(func() { 47 fakeUAAClient.AuthenticateReturns( 48 "some-access-token", 49 "some-refresh-token", 50 nil, 51 ) 52 }) 53 When("nothing is weird", func() { 54 It("works", func() { 55 Expect(fakeUAAClient.AuthenticateCallCount()).To(Equal(1)) 56 }) 57 }) 58 When("the grant type is a password grant", func() { 59 BeforeEach(func() { 60 grantType = constant.GrantTypePassword 61 }) 62 63 It("authenticates the user and returns access and refresh tokens", func() { 64 Expect(actualErr).NotTo(HaveOccurred()) 65 66 Expect(fakeUAAClient.AuthenticateCallCount()).To(Equal(1)) 67 creds, origin, passedGrantType := fakeUAAClient.AuthenticateArgsForCall(0) 68 Expect(creds["client_id"]).To(Equal("some-username")) 69 Expect(creds["client_secret"]).To(Equal("some-password")) 70 Expect(origin).To(Equal("uaa")) 71 Expect(passedGrantType).To(Equal(constant.GrantTypePassword)) 72 73 Expect(fakeConfig.SetTokenInformationCallCount()).To(Equal(1)) 74 accessToken, refreshToken, sshOAuthClient := fakeConfig.SetTokenInformationArgsForCall(0) 75 Expect(accessToken).To(Equal("bearer some-access-token")) 76 Expect(refreshToken).To(Equal("some-refresh-token")) 77 Expect(sshOAuthClient).To(BeEmpty()) 78 79 Expect(fakeConfig.UnsetOrganizationAndSpaceInformationCallCount()).To(Equal(1)) 80 Expect(fakeConfig.SetUAAGrantTypeCallCount()).To(Equal(1)) 81 Expect(fakeConfig.SetUAAGrantTypeArgsForCall(0)).To(Equal("")) 82 }) 83 84 When("a previous user authenticated with a client grant type", func() { 85 BeforeEach(func() { 86 fakeConfig.UAAGrantTypeReturns("client_credentials") 87 }) 88 89 It("returns a PasswordGrantTypeLogoutRequiredError", func() { 90 Expect(actualErr).To(MatchError(actionerror.PasswordGrantTypeLogoutRequiredError{})) 91 Expect(fakeConfig.UAAGrantTypeCallCount()).To(Equal(1)) 92 }) 93 }) 94 }) 95 96 When("the grant type is not password", func() { 97 BeforeEach(func() { 98 grantType = constant.GrantTypeClientCredentials 99 }) 100 101 It("stores the grant type and the client id", func() { 102 Expect(fakeConfig.SetUAAClientCredentialsCallCount()).To(Equal(1)) 103 client, clientSecret := fakeConfig.SetUAAClientCredentialsArgsForCall(0) 104 Expect(client).To(Equal("some-username")) 105 Expect(clientSecret).To(BeEmpty()) 106 Expect(fakeConfig.SetUAAGrantTypeCallCount()).To(Equal(1)) 107 Expect(fakeConfig.SetUAAGrantTypeArgsForCall(0)).To(Equal(string(constant.GrantTypeClientCredentials))) 108 }) 109 }) 110 111 When("extra information is needed to authenticate, e.g., MFA", func() { 112 BeforeEach(func() { 113 creds = map[string]string{ 114 "username": "some-username", 115 "password": "some-password", 116 "mfaCode": "some-one-time-code", 117 } 118 }) 119 120 It("passes the extra information on to the UAA client", func() { 121 uaaCredentials, _, _ := fakeUAAClient.AuthenticateArgsForCall(0) 122 Expect(uaaCredentials).To(BeEquivalentTo(map[string]string{ 123 "username": "some-username", 124 "password": "some-password", 125 "mfaCode": "some-one-time-code", 126 })) 127 }) 128 }) 129 }) 130 131 When("an API error occurs", func() { 132 var expectedErr error 133 134 BeforeEach(func() { 135 expectedErr = errors.New("some error") 136 fakeUAAClient.AuthenticateReturns( 137 "", 138 "", 139 expectedErr, 140 ) 141 }) 142 143 It("returns the error", func() { 144 Expect(actualErr).To(MatchError(expectedErr)) 145 146 Expect(fakeConfig.SetTokenInformationCallCount()).To(Equal(1)) 147 accessToken, refreshToken, sshOAuthClient := fakeConfig.SetTokenInformationArgsForCall(0) 148 Expect(accessToken).To(BeEmpty()) 149 Expect(refreshToken).To(BeEmpty()) 150 Expect(sshOAuthClient).To(BeEmpty()) 151 152 Expect(fakeConfig.UnsetOrganizationAndSpaceInformationCallCount()).To(Equal(1)) 153 }) 154 }) 155 }) 156 157 Describe("RevokeAccessAndRefreshTokens", func() { 158 var ( 159 expectedAccessToken string 160 expectedRefreshToken string 161 ) 162 163 BeforeEach(func() { 164 expectedAccessToken = "eyJhbGciOiJSUzI1NiIsImprdSI6Imh0dHBzOi8vdWFhLmdlb2RlLWJhbmUubGl0ZS5jbGkuZnVuL3Rva2VuX2tleXMiLCJraWQiOiJrZXktMSIsInR5cCI6IkpXVCJ9.eyJqdGkiOiIzN2IyZjA0NmIyMGY0MjY1OGY1MWYzZGY4NDZhNjFhOSIsInN1YiI6IjExMjc0OTU2LTYyNTUtNDAyNi05MjUzLWM4ZjE0OWMxZDBkOCIsInNjb3BlIjpbImNsb3VkX2NvbnRyb2xsZXIuYWRtaW4iLCJyb3V0aW5nLnJvdXRlcl9ncm91cHMucmVhZCIsImNsb3VkX2NvbnRyb2xsZXIud3JpdGUiLCJuZXR3b3JrLmFkbWluIiwiZG9wcGxlci5maXJlaG9zZSIsImNsaWVudHMucmVhZCIsInVhYS5yZXNvdXJjZSIsIm9wZW5pZCIsInJvdXRpbmcucm91dGVyX2dyb3Vwcy53cml0ZSIsInNjaW0ucmVhZCIsInVhYS51c2VyIiwiY2xvdWRfY29udHJvbGxlci5yZWFkIiwicGFzc3dvcmQud3JpdGUiLCJzY2ltLndyaXRlIl0sImNsaWVudF9pZCI6ImNmIiwiY2lkIjoiY2YiLCJhenAiOiJjZiIsInJldm9jYWJsZSI6dHJ1ZSwiZ3JhbnRfdHlwZSI6InBhc3N3b3JkIiwidXNlcl9pZCI6IjExMjc0OTU2LTYyNTUtNDAyNi05MjUzLWM4ZjE0OWMxZDBkOCIsIm9yaWdpbiI6InVhYSIsInVzZXJfbmFtZSI6ImFkbWluIiwiZW1haWwiOiJhZG1pbiIsImF1dGhfdGltZSI6MTU5NjY2Nzk0NywicmV2X3NpZyI6ImNlNzJmN2IzIiwiaWF0IjoxNTk2NjY3OTQ3LCJleHAiOjE1OTY2Njg1NDcsImlzcyI6Imh0dHBzOi8vdWFhLmdlb2RlLWJhbmUubGl0ZS5jbGkuZnVuL29hdXRoL3Rva2VuIiwiemlkIjoidWFhIiwiYXVkIjpbImNsb3VkX2NvbnRyb2xsZXIiLCJzY2ltIiwicGFzc3dvcmQiLCJjZiIsImNsaWVudHMiLCJ1YWEiLCJvcGVuaWQiLCJkb3BwbGVyIiwicm91dGluZy5yb3V0ZXJfZ3JvdXBzIiwibmV0d29yayJdfQ.WGRIexU6aheL6VOxK3lOCdQzv8GNK_O1IHu77pyEl0Y5wxa10T1H0VppzpKPbxYJ1C9QvQp1UwTk8fU9ylJ6lFAhA1xXLpBHNMI66QSVYc2m2TmOMUbJjWoE3w7cF-cBM1Unle3JlRk7y8yK4jeo0Gwj1fWcE4JNDKypTrT7yd5WxRCcMk1pWTJtLH9Rgng0Ei6i15NJ9K2SbF-rQWQp0qr1l4PBcyrjf7hWbf365yZFUSDMtPAToiJeKT3qmmN37elDmvFYzFNN4MEqEoirWYfjjakulLh9TPWELiygwNzDi11MYO07ksCUow9ArcA7cSlpnh9qrfPOqlfZTizBGg" 165 expectedRefreshToken = "eyJhbGciOiJSUzI1NiIsImprdSI6Imh0dHBzOi8vdWFhLmdlb2RlLWJhbmUubGl0ZS5jbGkuZnVuL3Rva2VuX2tleXMiLCJraWQiOiJrZXktMSIsInR5cCI6IkpXVCJ9.eyJqdGkiOiIzN2IyZjA0NmIyMGY0MjY1OGY1MWYzZGY4NDZhNjFhOSIsInN1YiI6IjExMjc0OTU2LTYyNTUtNDAyNi05MjUzLWM4ZjE0OWMxZDBkOCIsInNjb3BlIjpbImNsb3VkX2NvbnRyb2xsZXIuYWRtaW4iLCJyb3V0aW5nLnJvdXRlcl9ncm91cHMucmVhZCIsImNsb3VkX2NvbnRyb2xsZXIud3JpdGUiLCJuZXR3b3JrLmFkbWluIiwiZG9wcGxlci5maXJlaG9zZSIsImNsaWVudHMucmVhZCIsInVhYS5yZXNvdXJjZSIsIm9wZW5pZCIsInJvdXRpbmcucm91dGVyX2dyb3Vwcy53cml0ZSIsInNjaW0ucmVhZCIsInVhYS51c2VyIiwiY2xvdWRfY29udHJvbGxlci5yZWFkIiwicGFzc3dvcmQud3JpdGUiLCJzY2ltLndyaXRlIl0sImNsaWVudF9pZCI6ImNmIiwiY2lkIjoiY2YiLCJhenAiOiJjZiIsInJldm9jYWJsZSI6dHJ1ZSwiZ3JhbnRfdHlwZSI6InBhc3N3b3JkIiwidXNlcl9pZCI6IjExMjc0OTU2LTYyNTUtNDAyNi05MjUzLWM4ZjE0OWMxZDBkOCIsIm9yaWdpbiI6InVhYSIsInVzZXJfbmFtZSI6ImFkbWluIiwiZW1haWwiOiJhZG1pbiIsImF1dGhfdGltZSI6MTU5NjY2Nzk0NywicmV2X3NpZyI6ImNlNzJmN2IzIiwiaWF0IjoxNTk2NjY3OTQ3LCJleHAiOjE1OTY2Njg1NDcsImlzcyI6Imh0dHBzOi8vdWFhLmdlb2RlLWJhbmUubGl0ZS5jbGkuZnVuL29hdXRoL3Rva2VuIiwiemlkIjoidWFhIiwiYXVkIjpbImNsb3VkX2NvbnRyb2xsZXIiLCJzY2ltIiwicGFzc3dvcmQiLCJjZiIsImNsaWVudHMiLCJ1YWEiLCJvcGVuaWQiLCJkb3BwbGVyIiwicm91dGluZy5yb3V0ZXJfZ3JvdXBzIiwibmV0d29yayJdfQ.WGRIexU6aheL6VOxK3lOCdQzv8GNK_O1IHu77pyEl0Y5wxa10T1H0VppzpKPbxYJ1C9QvQp1UwTk8fU9ylJ6lFAhA1xXLpBHNMI66QSVYc2m2TmOMUbJjWoE3w7cF-cBM1Unle3JlRk7y8yK4jeo0Gwj1fWcE4JNDKypTrT7yd5WxRCcMk1pWTJtLH9Rgng0Ei6i15NJ9K2SbF-rQWQp0qr1l4PBcyrjf7hWbf365yZFUSDMtPAToiJeKT3qmmN37elDmvFYzFNN4MEqEoirWYfjjakulLh9TPWELiygwNzDi11MYO07ksCUow9ArcA7cSlpnh9qrfPOqlfZTizBGg" 166 fakeConfig.AccessTokenReturns(expectedAccessToken) 167 fakeConfig.RefreshTokenReturns(expectedRefreshToken) 168 }) 169 170 JustBeforeEach(func() { 171 _ = actor.RevokeAccessAndRefreshTokens() 172 }) 173 174 When("the token is revokable", func() { 175 176 It("calls the UAA to revoke refresh and access tokens", func() { 177 Expect(fakeUAAClient.RevokeCallCount()).To(Equal(2)) 178 179 Expect(fakeUAAClient.RevokeArgsForCall(0)).To(Equal(expectedRefreshToken)) 180 Expect(fakeUAAClient.RevokeArgsForCall(1)).To(Equal(expectedAccessToken)) 181 }) 182 }) 183 184 When("the token is not revokable", func() { 185 BeforeEach(func() { 186 expectedAccessToken = "eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiIxMTI3NDk1Ni02MjU1LTQwMjYtOTI1My1jOGYxNDljMWQwZDgiLCJhdWQiOltdfQ.rVlUqVTglhod_MEbdnczGwj4IJIMHqiLrqaX2wvEWMw" 187 fakeConfig.AccessTokenReturns(expectedAccessToken) 188 }) 189 190 It("does not call the UAA to revoke refresh and access tokens", func() { 191 Expect(fakeUAAClient.RevokeCallCount()).To(Equal(0)) 192 }) 193 }) 194 }) 195 196 })