github.com/pf-qiu/concourse/v6@v6.7.3-0.20201207032516-1f455d73275f/skymarshal/dexserver/dexserver_test.go (about) 1 package dexserver_test 2 3 import ( 4 "sort" 5 6 . "github.com/onsi/ginkgo" 7 . "github.com/onsi/gomega" 8 9 "code.cloudfoundry.org/lager" 10 "code.cloudfoundry.org/lager/lagertest" 11 "github.com/pf-qiu/concourse/v6/skymarshal/dexserver" 12 store "github.com/pf-qiu/concourse/v6/skymarshal/storage" 13 "github.com/concourse/dex/server" 14 "github.com/concourse/dex/storage" 15 "github.com/concourse/flag" 16 "golang.org/x/crypto/bcrypt" 17 ) 18 19 var _ = Describe("Dex Server", func() { 20 var config *dexserver.DexConfig 21 var serverConfig server.Config 22 var storage storage.Storage 23 var logger lager.Logger 24 var err error 25 26 BeforeEach(func() { 27 logger = lagertest.NewTestLogger("dex") 28 29 storage, err = store.NewPostgresStorage(logger, flag.PostgresConfig{ 30 Host: "127.0.0.1", 31 Port: uint16(5433 + GinkgoParallelNode()), 32 User: "postgres", 33 SSLMode: "disable", 34 Database: "testdb", 35 }) 36 Expect(err).ToNot(HaveOccurred()) 37 38 config = &dexserver.DexConfig{ 39 Logger: logger, 40 Storage: storage, 41 } 42 }) 43 44 AfterEach(func() { 45 storage.Close() 46 }) 47 48 JustBeforeEach(func() { 49 serverConfig, err = dexserver.NewDexServerConfig(config) 50 Expect(err).ToNot(HaveOccurred()) 51 }) 52 53 Describe("Configuration", func() { 54 55 Context("static configuration", func() { 56 BeforeEach(func() { 57 config.IssuerURL = "http://example.com/" 58 }) 59 60 It("configures expected values", func() { 61 Expect(serverConfig.PasswordConnector).To(Equal("local")) 62 Expect(serverConfig.SupportedResponseTypes).To(ConsistOf("code", "token", "id_token")) 63 Expect(serverConfig.SkipApprovalScreen).To(BeTrue()) 64 Expect(serverConfig.Issuer).To(Equal(config.IssuerURL)) 65 Expect(serverConfig.Logger).NotTo(BeNil()) 66 }) 67 }) 68 69 Context("when local users are configured", func() { 70 71 ConfiguresUsersCorrectly := func() { 72 It("should configure local connector", func() { 73 connectors, err := storage.ListConnectors() 74 Expect(err).NotTo(HaveOccurred()) 75 76 Expect(connectors[0].ID).To(Equal("local")) 77 Expect(connectors[0].Type).To(Equal("local")) 78 Expect(connectors[0].Name).To(Equal("Username/Password")) 79 }) 80 81 It("should configure local users", func() { 82 passwords, err := storage.ListPasswords() 83 Expect(err).NotTo(HaveOccurred()) 84 85 // we're adding users from a map, which is unordered 86 sort.Slice(passwords, func(i, j int) bool { 87 return passwords[i].Username < passwords[j].Username 88 }) 89 90 Expect(passwords[0].UserID).To(Equal("some-user-0")) 91 Expect(passwords[0].Username).To(Equal("some-user-0")) 92 Expect(passwords[0].Email).To(Equal("some-user-0")) 93 Expect(bcrypt.CompareHashAndPassword(passwords[0].Hash, []byte("some-password-0"))).NotTo(HaveOccurred()) 94 95 Expect(passwords[1].UserID).To(Equal("some-user-1")) 96 Expect(passwords[1].Username).To(Equal("some-user-1")) 97 Expect(passwords[1].Email).To(Equal("some-user-1")) 98 Expect(bcrypt.CompareHashAndPassword(passwords[1].Hash, []byte("some-password-1"))).NotTo(HaveOccurred()) 99 }) 100 } 101 102 Context("when the user's password is provided as a bcrypt hash", func() { 103 BeforeEach(func() { 104 config.Users = map[string]string{ 105 "some-user-0": "$2a$10$3veRX245rLrpOKrgu7jIyOEKF5Km5tY86bZql6/oTMssgPO/6XJju", 106 "some-user-1": "$2a$10$31qaZYMqx7mplkLoMrpPHeF3xf5eN37Zyv3e/QdPUs6S6IqrDA9Du", 107 } 108 }) 109 110 ConfiguresUsersCorrectly() 111 }) 112 113 Context("when the user's password is provided in plaintext", func() { 114 BeforeEach(func() { 115 config.Users = map[string]string{ 116 "some-user-0": "some-password-0", 117 "some-user-1": "some-password-1", 118 } 119 }) 120 121 ConfiguresUsersCorrectly() 122 123 Context("when a user's password is changed", func() { 124 BeforeEach(func() { 125 // First create the first config based on the parent Context 126 serverConfig, err = dexserver.NewDexServerConfig(config) 127 Expect(err).ToNot(HaveOccurred()) 128 129 // The final config will be created in the JustBeforeEach block 130 config.Users = map[string]string{ 131 "some-user-0": "some-password-0", 132 "some-user-1": "some-password-1-changed", 133 } 134 }) 135 136 It("should update the user's password", func() { 137 passwords, err := storage.ListPasswords() 138 Expect(err).NotTo(HaveOccurred()) 139 140 // we're adding users from a map, which is unordered 141 sort.Slice(passwords, func(i, j int) bool { 142 return passwords[i].Username < passwords[j].Username 143 }) 144 145 Expect(passwords[0].UserID).To(Equal("some-user-0")) 146 Expect(passwords[0].Username).To(Equal("some-user-0")) 147 Expect(passwords[0].Email).To(Equal("some-user-0")) 148 Expect(bcrypt.CompareHashAndPassword(passwords[0].Hash, []byte("some-password-0"))).NotTo(HaveOccurred()) 149 150 Expect(passwords[1].UserID).To(Equal("some-user-1")) 151 Expect(passwords[1].Username).To(Equal("some-user-1")) 152 Expect(passwords[1].Email).To(Equal("some-user-1")) 153 Expect(bcrypt.CompareHashAndPassword(passwords[1].Hash, []byte("some-password-1-changed"))).NotTo(HaveOccurred()) 154 }) 155 }) 156 157 Context("when a user is then removed", func() { 158 BeforeEach(func() { 159 // First create the first config based on the parent Context 160 serverConfig, err = dexserver.NewDexServerConfig(config) 161 Expect(err).ToNot(HaveOccurred()) 162 163 // The final config will be created in the JustBeforeEach block 164 config.Users = map[string]string{ 165 "some-user-0": "some-password-0", 166 } 167 }) 168 169 It("should remove the user's password", func() { 170 passwords, err := storage.ListPasswords() 171 Expect(err).NotTo(HaveOccurred()) 172 173 Expect(len(passwords)).To(Equal(1)) 174 175 Expect(passwords[0].UserID).To(Equal("some-user-0")) 176 Expect(passwords[0].Username).To(Equal("some-user-0")) 177 Expect(passwords[0].Email).To(Equal("some-user-0")) 178 Expect(bcrypt.CompareHashAndPassword(passwords[0].Hash, []byte("some-password-0"))).NotTo(HaveOccurred()) 179 }) 180 }) 181 }) 182 }) 183 184 Context("when clients are configured in plain text", func() { 185 BeforeEach(func() { 186 config.Clients = map[string]string{ 187 "some-client-id": "some-client-secret", 188 } 189 config.RedirectURL = "http://example.com" 190 }) 191 192 It("should contain the configured clients with a bcrypted secret", func() { 193 clients, err := storage.ListClients() 194 Expect(err).NotTo(HaveOccurred()) 195 Expect(clients).To(HaveLen(1)) 196 Expect(clients[0].ID).To(Equal("some-client-id")) 197 Expect(bcrypt.CompareHashAndPassword([]byte(clients[0].Secret), []byte("some-client-secret"))).NotTo(HaveOccurred()) 198 Expect(clients[0].RedirectURIs).To(ContainElement("http://example.com")) 199 }) 200 }) 201 202 Context("when clients are configured in bcrypt format", func() { 203 BeforeEach(func() { 204 config.Clients = map[string]string{ 205 "some-client-id": "$2a$10$3veRX245rLrpOKrgu7jIyOEKF5Km5tY86bZql6/oTMssgPO/6XJju", 206 } 207 config.RedirectURL = "http://example.com" 208 }) 209 210 It("should contain the configured clients with the given secret", func() { 211 clients, err := storage.ListClients() 212 Expect(err).NotTo(HaveOccurred()) 213 Expect(clients).To(HaveLen(1)) 214 Expect(clients[0].ID).To(Equal("some-client-id")) 215 Expect(clients[0].Secret).To(Equal("$2a$10$3veRX245rLrpOKrgu7jIyOEKF5Km5tY86bZql6/oTMssgPO/6XJju")) 216 Expect(clients[0].RedirectURIs).To(ContainElement("http://example.com")) 217 }) 218 }) 219 }) 220 })