github.com/lukasheimann/cloudfoundrycli@v7.1.0+incompatible/actor/v7action/auth_test.go (about)

     1  package v7action_test
     2  
     3  import (
     4  	"errors"
     5  
     6  	"code.cloudfoundry.org/cli/actor/actionerror"
     7  	. "code.cloudfoundry.org/cli/actor/v7action"
     8  	"code.cloudfoundry.org/cli/actor/v7action/v7actionfakes"
     9  	"code.cloudfoundry.org/cli/api/uaa/constant"
    10  	. "github.com/onsi/ginkgo"
    11  	. "github.com/onsi/gomega"
    12  )
    13  
    14  var _ = Describe("Auth Actions", func() {
    15  	var (
    16  		actor                     *Actor
    17  		fakeCloudControllerClient *v7actionfakes.FakeCloudControllerClient
    18  		fakeUAAClient             *v7actionfakes.FakeUAAClient
    19  		fakeConfig                *v7actionfakes.FakeConfig
    20  		creds                     map[string]string
    21  	)
    22  
    23  	BeforeEach(func() {
    24  		fakeCloudControllerClient = new(v7actionfakes.FakeCloudControllerClient)
    25  		fakeUAAClient = new(v7actionfakes.FakeUAAClient)
    26  		fakeConfig = new(v7actionfakes.FakeConfig)
    27  		actor = NewActor(fakeCloudControllerClient, fakeConfig, nil, fakeUAAClient, nil, nil)
    28  		creds = map[string]string{
    29  			"client_id":     "some-username",
    30  			"client_secret": "some-password",
    31  			"origin":        "uaa",
    32  		}
    33  	})
    34  
    35  	Describe("Authenticate", func() {
    36  		var (
    37  			grantType constant.GrantType
    38  			actualErr error
    39  		)
    40  
    41  		JustBeforeEach(func() {
    42  			actualErr = actor.Authenticate(creds, "uaa", grantType)
    43  		})
    44  
    45  		When("no API errors occur", func() {
    46  			BeforeEach(func() {
    47  				fakeUAAClient.AuthenticateReturns(
    48  					"some-access-token",
    49  					"some-refresh-token",
    50  					nil,
    51  				)
    52  			})
    53  			When("nothing is weird", func() {
    54  				It("works", func() {
    55  					Expect(fakeUAAClient.AuthenticateCallCount()).To(Equal(1))
    56  				})
    57  			})
    58  			When("the grant type is a password grant", func() {
    59  				BeforeEach(func() {
    60  					grantType = constant.GrantTypePassword
    61  				})
    62  
    63  				It("authenticates the user and returns access and refresh tokens", func() {
    64  					Expect(actualErr).NotTo(HaveOccurred())
    65  
    66  					Expect(fakeUAAClient.AuthenticateCallCount()).To(Equal(1))
    67  					creds, origin, passedGrantType := fakeUAAClient.AuthenticateArgsForCall(0)
    68  					Expect(creds["client_id"]).To(Equal("some-username"))
    69  					Expect(creds["client_secret"]).To(Equal("some-password"))
    70  					Expect(origin).To(Equal("uaa"))
    71  					Expect(passedGrantType).To(Equal(constant.GrantTypePassword))
    72  
    73  					Expect(fakeConfig.SetTokenInformationCallCount()).To(Equal(1))
    74  					accessToken, refreshToken, sshOAuthClient := fakeConfig.SetTokenInformationArgsForCall(0)
    75  					Expect(accessToken).To(Equal("bearer some-access-token"))
    76  					Expect(refreshToken).To(Equal("some-refresh-token"))
    77  					Expect(sshOAuthClient).To(BeEmpty())
    78  
    79  					Expect(fakeConfig.UnsetOrganizationAndSpaceInformationCallCount()).To(Equal(1))
    80  					Expect(fakeConfig.SetUAAGrantTypeCallCount()).To(Equal(1))
    81  					Expect(fakeConfig.SetUAAGrantTypeArgsForCall(0)).To(Equal(""))
    82  				})
    83  
    84  				When("a previous user authenticated with a client grant type", func() {
    85  					BeforeEach(func() {
    86  						fakeConfig.UAAGrantTypeReturns("client_credentials")
    87  					})
    88  
    89  					It("returns a PasswordGrantTypeLogoutRequiredError", func() {
    90  						Expect(actualErr).To(MatchError(actionerror.PasswordGrantTypeLogoutRequiredError{}))
    91  						Expect(fakeConfig.UAAGrantTypeCallCount()).To(Equal(1))
    92  					})
    93  				})
    94  			})
    95  
    96  			When("the grant type is not password", func() {
    97  				BeforeEach(func() {
    98  					grantType = constant.GrantTypeClientCredentials
    99  				})
   100  
   101  				It("stores the grant type and the client id", func() {
   102  					Expect(fakeConfig.SetUAAClientCredentialsCallCount()).To(Equal(1))
   103  					client, clientSecret := fakeConfig.SetUAAClientCredentialsArgsForCall(0)
   104  					Expect(client).To(Equal("some-username"))
   105  					Expect(clientSecret).To(BeEmpty())
   106  					Expect(fakeConfig.SetUAAGrantTypeCallCount()).To(Equal(1))
   107  					Expect(fakeConfig.SetUAAGrantTypeArgsForCall(0)).To(Equal(string(constant.GrantTypeClientCredentials)))
   108  				})
   109  			})
   110  
   111  			When("extra information is needed to authenticate, e.g., MFA", func() {
   112  				BeforeEach(func() {
   113  					creds = map[string]string{
   114  						"username": "some-username",
   115  						"password": "some-password",
   116  						"mfaCode":  "some-one-time-code",
   117  					}
   118  				})
   119  
   120  				It("passes the extra information on to the UAA client", func() {
   121  					uaaCredentials, _, _ := fakeUAAClient.AuthenticateArgsForCall(0)
   122  					Expect(uaaCredentials).To(BeEquivalentTo(map[string]string{
   123  						"username": "some-username",
   124  						"password": "some-password",
   125  						"mfaCode":  "some-one-time-code",
   126  					}))
   127  				})
   128  			})
   129  		})
   130  
   131  		When("an API error occurs", func() {
   132  			var expectedErr error
   133  
   134  			BeforeEach(func() {
   135  				expectedErr = errors.New("some error")
   136  				fakeUAAClient.AuthenticateReturns(
   137  					"",
   138  					"",
   139  					expectedErr,
   140  				)
   141  			})
   142  
   143  			It("returns the error", func() {
   144  				Expect(actualErr).To(MatchError(expectedErr))
   145  
   146  				Expect(fakeConfig.SetTokenInformationCallCount()).To(Equal(1))
   147  				accessToken, refreshToken, sshOAuthClient := fakeConfig.SetTokenInformationArgsForCall(0)
   148  				Expect(accessToken).To(BeEmpty())
   149  				Expect(refreshToken).To(BeEmpty())
   150  				Expect(sshOAuthClient).To(BeEmpty())
   151  
   152  				Expect(fakeConfig.UnsetOrganizationAndSpaceInformationCallCount()).To(Equal(1))
   153  			})
   154  		})
   155  	})
   156  
   157  	Describe("RevokeAccessAndRefreshTokens", func() {
   158  		var (
   159  			expectedAccessToken  string
   160  			expectedRefreshToken string
   161  		)
   162  
   163  		BeforeEach(func() {
   164  			expectedAccessToken = "eyJhbGciOiJSUzI1NiIsImprdSI6Imh0dHBzOi8vdWFhLmdlb2RlLWJhbmUubGl0ZS5jbGkuZnVuL3Rva2VuX2tleXMiLCJraWQiOiJrZXktMSIsInR5cCI6IkpXVCJ9.eyJqdGkiOiIzN2IyZjA0NmIyMGY0MjY1OGY1MWYzZGY4NDZhNjFhOSIsInN1YiI6IjExMjc0OTU2LTYyNTUtNDAyNi05MjUzLWM4ZjE0OWMxZDBkOCIsInNjb3BlIjpbImNsb3VkX2NvbnRyb2xsZXIuYWRtaW4iLCJyb3V0aW5nLnJvdXRlcl9ncm91cHMucmVhZCIsImNsb3VkX2NvbnRyb2xsZXIud3JpdGUiLCJuZXR3b3JrLmFkbWluIiwiZG9wcGxlci5maXJlaG9zZSIsImNsaWVudHMucmVhZCIsInVhYS5yZXNvdXJjZSIsIm9wZW5pZCIsInJvdXRpbmcucm91dGVyX2dyb3Vwcy53cml0ZSIsInNjaW0ucmVhZCIsInVhYS51c2VyIiwiY2xvdWRfY29udHJvbGxlci5yZWFkIiwicGFzc3dvcmQud3JpdGUiLCJzY2ltLndyaXRlIl0sImNsaWVudF9pZCI6ImNmIiwiY2lkIjoiY2YiLCJhenAiOiJjZiIsInJldm9jYWJsZSI6dHJ1ZSwiZ3JhbnRfdHlwZSI6InBhc3N3b3JkIiwidXNlcl9pZCI6IjExMjc0OTU2LTYyNTUtNDAyNi05MjUzLWM4ZjE0OWMxZDBkOCIsIm9yaWdpbiI6InVhYSIsInVzZXJfbmFtZSI6ImFkbWluIiwiZW1haWwiOiJhZG1pbiIsImF1dGhfdGltZSI6MTU5NjY2Nzk0NywicmV2X3NpZyI6ImNlNzJmN2IzIiwiaWF0IjoxNTk2NjY3OTQ3LCJleHAiOjE1OTY2Njg1NDcsImlzcyI6Imh0dHBzOi8vdWFhLmdlb2RlLWJhbmUubGl0ZS5jbGkuZnVuL29hdXRoL3Rva2VuIiwiemlkIjoidWFhIiwiYXVkIjpbImNsb3VkX2NvbnRyb2xsZXIiLCJzY2ltIiwicGFzc3dvcmQiLCJjZiIsImNsaWVudHMiLCJ1YWEiLCJvcGVuaWQiLCJkb3BwbGVyIiwicm91dGluZy5yb3V0ZXJfZ3JvdXBzIiwibmV0d29yayJdfQ.WGRIexU6aheL6VOxK3lOCdQzv8GNK_O1IHu77pyEl0Y5wxa10T1H0VppzpKPbxYJ1C9QvQp1UwTk8fU9ylJ6lFAhA1xXLpBHNMI66QSVYc2m2TmOMUbJjWoE3w7cF-cBM1Unle3JlRk7y8yK4jeo0Gwj1fWcE4JNDKypTrT7yd5WxRCcMk1pWTJtLH9Rgng0Ei6i15NJ9K2SbF-rQWQp0qr1l4PBcyrjf7hWbf365yZFUSDMtPAToiJeKT3qmmN37elDmvFYzFNN4MEqEoirWYfjjakulLh9TPWELiygwNzDi11MYO07ksCUow9ArcA7cSlpnh9qrfPOqlfZTizBGg"
   165  			expectedRefreshToken = "eyJhbGciOiJSUzI1NiIsImprdSI6Imh0dHBzOi8vdWFhLmdlb2RlLWJhbmUubGl0ZS5jbGkuZnVuL3Rva2VuX2tleXMiLCJraWQiOiJrZXktMSIsInR5cCI6IkpXVCJ9.eyJqdGkiOiIzN2IyZjA0NmIyMGY0MjY1OGY1MWYzZGY4NDZhNjFhOSIsInN1YiI6IjExMjc0OTU2LTYyNTUtNDAyNi05MjUzLWM4ZjE0OWMxZDBkOCIsInNjb3BlIjpbImNsb3VkX2NvbnRyb2xsZXIuYWRtaW4iLCJyb3V0aW5nLnJvdXRlcl9ncm91cHMucmVhZCIsImNsb3VkX2NvbnRyb2xsZXIud3JpdGUiLCJuZXR3b3JrLmFkbWluIiwiZG9wcGxlci5maXJlaG9zZSIsImNsaWVudHMucmVhZCIsInVhYS5yZXNvdXJjZSIsIm9wZW5pZCIsInJvdXRpbmcucm91dGVyX2dyb3Vwcy53cml0ZSIsInNjaW0ucmVhZCIsInVhYS51c2VyIiwiY2xvdWRfY29udHJvbGxlci5yZWFkIiwicGFzc3dvcmQud3JpdGUiLCJzY2ltLndyaXRlIl0sImNsaWVudF9pZCI6ImNmIiwiY2lkIjoiY2YiLCJhenAiOiJjZiIsInJldm9jYWJsZSI6dHJ1ZSwiZ3JhbnRfdHlwZSI6InBhc3N3b3JkIiwidXNlcl9pZCI6IjExMjc0OTU2LTYyNTUtNDAyNi05MjUzLWM4ZjE0OWMxZDBkOCIsIm9yaWdpbiI6InVhYSIsInVzZXJfbmFtZSI6ImFkbWluIiwiZW1haWwiOiJhZG1pbiIsImF1dGhfdGltZSI6MTU5NjY2Nzk0NywicmV2X3NpZyI6ImNlNzJmN2IzIiwiaWF0IjoxNTk2NjY3OTQ3LCJleHAiOjE1OTY2Njg1NDcsImlzcyI6Imh0dHBzOi8vdWFhLmdlb2RlLWJhbmUubGl0ZS5jbGkuZnVuL29hdXRoL3Rva2VuIiwiemlkIjoidWFhIiwiYXVkIjpbImNsb3VkX2NvbnRyb2xsZXIiLCJzY2ltIiwicGFzc3dvcmQiLCJjZiIsImNsaWVudHMiLCJ1YWEiLCJvcGVuaWQiLCJkb3BwbGVyIiwicm91dGluZy5yb3V0ZXJfZ3JvdXBzIiwibmV0d29yayJdfQ.WGRIexU6aheL6VOxK3lOCdQzv8GNK_O1IHu77pyEl0Y5wxa10T1H0VppzpKPbxYJ1C9QvQp1UwTk8fU9ylJ6lFAhA1xXLpBHNMI66QSVYc2m2TmOMUbJjWoE3w7cF-cBM1Unle3JlRk7y8yK4jeo0Gwj1fWcE4JNDKypTrT7yd5WxRCcMk1pWTJtLH9Rgng0Ei6i15NJ9K2SbF-rQWQp0qr1l4PBcyrjf7hWbf365yZFUSDMtPAToiJeKT3qmmN37elDmvFYzFNN4MEqEoirWYfjjakulLh9TPWELiygwNzDi11MYO07ksCUow9ArcA7cSlpnh9qrfPOqlfZTizBGg"
   166  			fakeConfig.AccessTokenReturns(expectedAccessToken)
   167  			fakeConfig.RefreshTokenReturns(expectedRefreshToken)
   168  		})
   169  
   170  		JustBeforeEach(func() {
   171  			_ = actor.RevokeAccessAndRefreshTokens()
   172  		})
   173  
   174  		When("the token is revokable", func() {
   175  
   176  			It("calls the UAA to revoke refresh and access tokens", func() {
   177  				Expect(fakeUAAClient.RevokeCallCount()).To(Equal(2))
   178  
   179  				Expect(fakeUAAClient.RevokeArgsForCall(0)).To(Equal(expectedRefreshToken))
   180  				Expect(fakeUAAClient.RevokeArgsForCall(1)).To(Equal(expectedAccessToken))
   181  			})
   182  		})
   183  
   184  		When("the token is not revokable", func() {
   185  			BeforeEach(func() {
   186  				expectedAccessToken = "eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiIxMTI3NDk1Ni02MjU1LTQwMjYtOTI1My1jOGYxNDljMWQwZDgiLCJhdWQiOltdfQ.rVlUqVTglhod_MEbdnczGwj4IJIMHqiLrqaX2wvEWMw"
   187  				fakeConfig.AccessTokenReturns(expectedAccessToken)
   188  			})
   189  
   190  			It("does not call the UAA to revoke refresh and access tokens", func() {
   191  				Expect(fakeUAAClient.RevokeCallCount()).To(Equal(0))
   192  			})
   193  		})
   194  	})
   195  
   196  })