github.com/pf-qiu/concourse/v6@v6.7.3-0.20201207032516-1f455d73275f/atc/api/accessor/accessor_factory_test.go

github.com/pf-qiu/concourse/v6@v6.7.3-0.20201207032516-1f455d73275f/atc/api/accessor/accessor_factory_test.go (about)

     1  package accessor_test
     2  
     3  import (
     4  	"errors"
     5  	"net/http"
     6  
     7  	"github.com/pf-qiu/concourse/v6/atc"
     8  	"github.com/pf-qiu/concourse/v6/atc/api/accessor/accessorfakes"
     9  	"github.com/pf-qiu/concourse/v6/atc/db/dbfakes"
    10  	. "github.com/onsi/ginkgo"
    11  	. "github.com/onsi/gomega"
    12  
    13  	"github.com/pf-qiu/concourse/v6/atc/api/accessor"
    14  	"github.com/pf-qiu/concourse/v6/atc/db"
    15  )
    16  
    17  var _ = Describe("AccessorFactory", func() {
    18  	var (
    19  		systemClaimKey    string
    20  		systemClaimValues []string
    21  
    22  		fakeTokenVerifier *accessorfakes.FakeTokenVerifier
    23  		fakeTeamFetcher   *accessorfakes.FakeTeamFetcher
    24  		dummyRequest      *http.Request
    25  
    26  		role string
    27  	)
    28  
    29  	BeforeEach(func() {
    30  		systemClaimKey = "sub"
    31  		systemClaimValues = []string{"some-sub"}
    32  
    33  		fakeTokenVerifier = new(accessorfakes.FakeTokenVerifier)
    34  		fakeTeamFetcher = new(accessorfakes.FakeTeamFetcher)
    35  		dummyRequest, _ = http.NewRequest("GET", "/", nil)
    36  
    37  		role = "viewer"
    38  	})
    39  
    40  	Describe("Create", func() {
    41  
    42  		var (
    43  			access accessor.Access
    44  			err    error
    45  		)
    46  
    47  		JustBeforeEach(func() {
    48  			factory := accessor.NewAccessFactory(fakeTokenVerifier, fakeTeamFetcher, systemClaimKey, systemClaimValues)
    49  			access, err = factory.Create(dummyRequest, role)
    50  		})
    51  
    52  		Context("when the token is valid", func() {
    53  			BeforeEach(func() {
    54  				fakeTokenVerifier.VerifyReturns(map[string]interface{}{
    55  					"preferred_username": "user1",
    56  					"federated_claims": map[string]interface{}{
    57  						"connector_id": "github",
    58  					},
    59  				}, nil)
    60  				teamWithUsers := func(name string, authenticated bool) db.Team {
    61  					t := new(dbfakes.FakeTeam)
    62  					t.NameReturns(name)
    63  					if authenticated {
    64  						t.AuthReturns(atc.TeamAuth{"viewer": map[string][]string{
    65  							"users": {"github:user1"},
    66  						}})
    67  					}
    68  					return t
    69  				}
    70  				fakeTeamFetcher.GetTeamsReturns([]db.Team{
    71  					teamWithUsers("t1", true),
    72  					teamWithUsers("t2", false),
    73  					teamWithUsers("t3", true),
    74  				}, nil)
    75  			})
    76  
    77  			It("returns an accessor with the correct teams", func() {
    78  				Expect(access.TeamNames()).To(ConsistOf("t1", "t3"))
    79  			})
    80  		})
    81  
    82  		Context("when the team fetcher returns an error", func() {
    83  			BeforeEach(func() {
    84  				fakeTeamFetcher.GetTeamsReturns(nil, errors.New("nope"))
    85  			})
    86  
    87  			It("returns an error", func() {
    88  				Expect(err).To(HaveOccurred())
    89  			})
    90  		})
    91  
    92  		Context("when the verifier returns a NoToken error", func() {
    93  			BeforeEach(func() {
    94  				fakeTokenVerifier.VerifyReturns(nil, accessor.ErrVerificationNoToken)
    95  			})
    96  
    97  			It("the accessor has no token", func() {
    98  				Expect(err).ToNot(HaveOccurred())
    99  				Expect(access.HasToken()).To(BeFalse())
   100  			})
   101  		})
   102  
   103  		Context("when the verifier returns some other error", func() {
   104  			BeforeEach(func() {
   105  				fakeTokenVerifier.VerifyReturns(nil, accessor.ErrVerificationTokenExpired)
   106  			})
   107  
   108  			It("the accessor is unauthenticated", func() {
   109  				Expect(err).ToNot(HaveOccurred())
   110  				Expect(access.IsAuthenticated()).To(BeFalse())
   111  			})
   112  		})
   113  	})
   114  })