github.com/makyo/juju@v0.0.0-20160425123129-2608902037e9/api/state_macaroon_test.go

github.com/makyo/juju@v0.0.0-20160425123129-2608902037e9/api/state_macaroon_test.go (about)

     1  // Copyright 2015 Canonical Ltd.
     2  // Licensed under the AGPLv3, see LICENCE file for details.
     3  
     4  package api_test
     5  
     6  import (
     7  	"net/url"
     8  
     9  	"github.com/juju/errors"
    10  	jc "github.com/juju/testing/checkers"
    11  	gc "gopkg.in/check.v1"
    12  
    13  	"github.com/juju/juju/api"
    14  	apitesting "github.com/juju/juju/api/testing"
    15  	"github.com/juju/juju/rpc"
    16  )
    17  
    18  var _ = gc.Suite(&macaroonLoginSuite{})
    19  
    20  type macaroonLoginSuite struct {
    21  	apitesting.MacaroonSuite
    22  	client api.Connection
    23  }
    24  
    25  const testUserName = "testuser@somewhere"
    26  
    27  func (s *macaroonLoginSuite) SetUpTest(c *gc.C) {
    28  	s.MacaroonSuite.SetUpTest(c)
    29  	s.AddModelUser(c, testUserName)
    30  	info := s.APIInfo(c)
    31  	info.SkipLogin = true
    32  	s.client = s.OpenAPI(c, info, nil)
    33  }
    34  
    35  func (s *macaroonLoginSuite) TearDownTest(c *gc.C) {
    36  	s.client.Close()
    37  	s.MacaroonSuite.TearDownTest(c)
    38  }
    39  
    40  func (s *macaroonLoginSuite) TestSuccessfulLogin(c *gc.C) {
    41  	s.DischargerLogin = func() string { return testUserName }
    42  	err := s.client.Login(nil, "", "", nil)
    43  	c.Assert(err, jc.ErrorIsNil)
    44  }
    45  
    46  func (s *macaroonLoginSuite) TestFailedToObtainDischargeLogin(c *gc.C) {
    47  	err := s.client.Login(nil, "", "", nil)
    48  	c.Assert(err, gc.ErrorMatches, `cannot get discharge from "https://.*": third party refused discharge: cannot discharge: login denied by discharger`)
    49  }
    50  
    51  func (s *macaroonLoginSuite) TestUnknownUserLogin(c *gc.C) {
    52  	s.DischargerLogin = func() string {
    53  		return "testUnknown"
    54  	}
    55  	err := s.client.Login(nil, "", "", nil)
    56  	c.Assert(errors.Cause(err), gc.DeepEquals, &rpc.RequestError{
    57  		Message: "invalid entity name or password",
    58  		Code:    "unauthorized access",
    59  	})
    60  }
    61  
    62  func (s *macaroonLoginSuite) TestConnectStream(c *gc.C) {
    63  	s.PatchValue(api.WebsocketDialConfig, echoURL(c))
    64  
    65  	dischargeCount := 0
    66  	s.DischargerLogin = func() string {
    67  		dischargeCount++
    68  		return testUserName
    69  	}
    70  	// First log into the regular API.
    71  	err := s.client.Login(nil, "", "", nil)
    72  	c.Assert(err, jc.ErrorIsNil)
    73  	c.Assert(dischargeCount, gc.Equals, 1)
    74  
    75  	// Then check that ConnectStream works OK and that it doesn't need
    76  	// to discharge again.
    77  	conn, err := s.client.ConnectStream("/path", nil)
    78  	c.Assert(err, gc.IsNil)
    79  	defer conn.Close()
    80  	connectURL := connectURLFromReader(c, conn)
    81  	c.Assert(connectURL.Path, gc.Equals, "/model/"+s.State.ModelTag().Id()+"/path")
    82  	c.Assert(dischargeCount, gc.Equals, 1)
    83  }
    84  
    85  func (s *macaroonLoginSuite) TestConnectStreamWithoutLogin(c *gc.C) {
    86  	s.PatchValue(api.WebsocketDialConfig, echoURL(c))
    87  
    88  	conn, err := s.client.ConnectStream("/path", nil)
    89  	c.Assert(err, gc.ErrorMatches, `cannot use ConnectStream without logging in`)
    90  	c.Assert(conn, gc.Equals, nil)
    91  }
    92  
    93  func (s *macaroonLoginSuite) TestConnectStreamFailedDischarge(c *gc.C) {
    94  	// This is really a test for ConnectStream, but to test ConnectStream's
    95  	// discharge failing logic, we need an actual endpoint to test against,
    96  	// and the debug-log endpoint makes a convenient example.
    97  
    98  	var dischargeError bool
    99  	s.DischargerLogin = func() string {
   100  		if dischargeError {
   101  			return ""
   102  		}
   103  		return testUserName
   104  	}
   105  
   106  	// Make an API connection that uses a cookie jar
   107  	// that allows us to remove all cookies.
   108  	jar := apitesting.NewClearableCookieJar()
   109  	client := s.OpenAPI(c, nil, jar)
   110  
   111  	// Ensure that the discharger won't discharge and try
   112  	// logging in again. We should succeed in getting past
   113  	// authorization because we have the cookies (but
   114  	// the actual debug-log endpoint will return an error).
   115  	dischargeError = true
   116  	logArgs := url.Values{"noTail": []string{"true"}}
   117  	conn, err := client.ConnectStream("/log", logArgs)
   118  	c.Assert(err, jc.ErrorIsNil)
   119  	c.Assert(conn, gc.NotNil)
   120  	conn.Close()
   121  
   122  	// Then delete all the cookies by deleting the cookie jar
   123  	// and try again. The login should fail.
   124  	jar.Clear()
   125  
   126  	conn, err = client.ConnectStream("/log", logArgs)
   127  	c.Assert(err, gc.ErrorMatches, `cannot get discharge from "https://.*": third party refused discharge: cannot discharge: login denied by discharger`)
   128  	c.Assert(conn, gc.IsNil)
   129  }