github.com/randomtask1155/cli@v6.41.1-0.20181227003417-a98eed78cbde+incompatible/integration/shared/isolated/auth_command_test.go (about) 1 package isolated 2 3 import ( 4 "code.cloudfoundry.org/cli/api/uaa/uaaversion" 5 "code.cloudfoundry.org/cli/integration/helpers" 6 . "github.com/onsi/ginkgo" 7 . "github.com/onsi/gomega" 8 . "github.com/onsi/gomega/gbytes" 9 . "github.com/onsi/gomega/gexec" 10 ) 11 12 var _ = Describe("auth command", func() { 13 Context("Help", func() { 14 It("displays the help information", func() { 15 session := helpers.CF("auth", "--help") 16 Eventually(session).Should(Say("NAME:")) 17 Eventually(session).Should(Say("auth - Authenticate non-interactively\n\n")) 18 19 Eventually(session).Should(Say("USAGE:")) 20 Eventually(session).Should(Say("cf auth USERNAME PASSWORD\n")) 21 Eventually(session).Should(Say("cf auth CLIENT_ID CLIENT_SECRET --client-credentials\n\n")) 22 23 Eventually(session).Should(Say("ENVIRONMENT VARIABLES:")) 24 Eventually(session).Should(Say(`CF_USERNAME=user\s+Authenticating user. Overridden if USERNAME argument is provided.`)) 25 Eventually(session).Should(Say(`CF_PASSWORD=password\s+Password associated with user. Overriden if PASSWORD argument is provided.`)) 26 27 Eventually(session).Should(Say("WARNING:")) 28 Eventually(session).Should(Say("Providing your password as a command line option is highly discouraged")) 29 Eventually(session).Should(Say("Your password may be visible to others and may be recorded in your shell history\n")) 30 Eventually(session).Should(Say("Consider using the CF_PASSWORD environment variable instead\n\n")) 31 32 Eventually(session).Should(Say("EXAMPLES:")) 33 Eventually(session).Should(Say("cf auth name@example\\.com \"my password\" \\(use quotes for passwords with a space\\)")) 34 Eventually(session).Should(Say("cf auth name@example\\.com \\\"\\\\\"password\\\\\"\\\" \\(escape quotes if used in password\\)\n\n")) 35 36 Eventually(session).Should(Say("OPTIONS:")) 37 Eventually(session).Should(Say("--client-credentials\\s+Use \\(non-user\\) service account \\(also called client credentials\\)\n")) 38 Eventually(session).Should(Say("--origin\\s+Indicates the identity provider to be used for authentication\n\n")) 39 40 Eventually(session).Should(Say("SEE ALSO:")) 41 Eventually(session).Should(Say("api, login, target")) 42 43 Eventually(session).Should(Exit(0)) 44 }) 45 }) 46 47 When("no positional arguments are provided", func() { 48 Context("and no env variables are provided", func() { 49 It("errors-out with the help information", func() { 50 session := helpers.CF("auth") 51 Eventually(session.Err).Should(Say("Username and password not provided.")) 52 Eventually(session).Should(Say("NAME:")) 53 54 Eventually(session).Should(Exit(1)) 55 }) 56 }) 57 58 When("env variables are provided", func() { 59 It("authenticates the user", func() { 60 username, password := helpers.GetCredentials() 61 env := map[string]string{ 62 "CF_USERNAME": username, 63 "CF_PASSWORD": password, 64 } 65 session := helpers.CFWithEnv(env, "auth") 66 67 Eventually(session).Should(Say("API endpoint: %s", helpers.GetAPI())) 68 Eventually(session).Should(Say(`Authenticating\.\.\.`)) 69 Eventually(session).Should(Say("OK")) 70 Eventually(session).Should(Say("Use 'cf target' to view or set your target org and space")) 71 72 Eventually(session).Should(Exit(0)) 73 }) 74 }) 75 }) 76 77 When("only a username is provided", func() { 78 It("errors-out with a password required error and the help information", func() { 79 session := helpers.CF("auth", "some-user") 80 Eventually(session.Err).Should(Say("Password not provided.")) 81 Eventually(session).Should(Say("NAME:")) 82 83 Eventually(session).Should(Exit(1)) 84 }) 85 }) 86 87 When("only a password is provided", func() { 88 It("errors-out with a username required error and the help information", func() { 89 env := map[string]string{ 90 "CF_PASSWORD": "some-pass", 91 } 92 session := helpers.CFWithEnv(env, "auth") 93 Eventually(session.Err).Should(Say("Username not provided.")) 94 Eventually(session).Should(Say("NAME:")) 95 96 Eventually(session).Should(Exit(1)) 97 }) 98 }) 99 100 When("too many arguments are provided", func() { 101 It("displays an 'unknown flag' error message", func() { 102 session := helpers.CF("auth", "some-username", "some-password", "-a", "api.bosh-lite.com") 103 104 Eventually(session.Err).Should(Say("Incorrect Usage: unknown flag `a'")) 105 Eventually(session).Should(Say("NAME:")) 106 107 Eventually(session).Should(Exit(1)) 108 }) 109 }) 110 111 When("the API endpoint is not set", func() { 112 BeforeEach(func() { 113 helpers.UnsetAPI() 114 }) 115 116 It("displays an error message", func() { 117 session := helpers.CF("auth", "some-username", "some-password") 118 119 Eventually(session).Should(Say("FAILED")) 120 Eventually(session.Err).Should(Say(`No API endpoint set\. Use 'cf login' or 'cf api' to target an endpoint\.`)) 121 122 Eventually(session).Should(Exit(1)) 123 }) 124 }) 125 126 When("no flags are set (logging in with password grant type)", func() { 127 When("the user provides an invalid username/password combo", func() { 128 BeforeEach(func() { 129 helpers.LoginCF() 130 helpers.TargetOrgAndSpace(ReadOnlyOrg, ReadOnlySpace) 131 }) 132 133 It("clears the cached tokens and target info, then displays an error message", func() { 134 session := helpers.CF("auth", "some-username", "some-password") 135 136 Eventually(session).Should(Say("API endpoint: %s", helpers.GetAPI())) 137 Eventually(session).Should(Say(`Authenticating\.\.\.`)) 138 Eventually(session).Should(Say("FAILED")) 139 Eventually(session.Err).Should(Say(`Credentials were rejected, please try again\.`)) 140 Eventually(session).Should(Exit(1)) 141 142 // Verify that the user is not logged-in 143 targetSession1 := helpers.CF("target") 144 Eventually(targetSession1.Err).Should(Say(`Not logged in\. Use 'cf login' to log in\.`)) 145 Eventually(targetSession1).Should(Say("FAILED")) 146 Eventually(targetSession1).Should(Exit(1)) 147 148 // Verify that neither org nor space is targeted 149 helpers.LoginCF() 150 targetSession2 := helpers.CF("target") 151 Eventually(targetSession2).Should(Say("No org or space targeted, use 'cf target -o ORG -s SPACE'")) 152 Eventually(targetSession2).Should(Exit(0)) 153 }) 154 }) 155 156 When("the username and password are valid", func() { 157 It("authenticates the user", func() { 158 username, password := helpers.GetCredentials() 159 session := helpers.CF("auth", username, password) 160 161 Eventually(session).Should(Say("API endpoint: %s", helpers.GetAPI())) 162 Eventually(session).Should(Say(`Authenticating\.\.\.`)) 163 Eventually(session).Should(Say("OK")) 164 Eventually(session).Should(Say("Use 'cf target' to view or set your target org and space")) 165 166 Eventually(session).Should(Exit(0)) 167 }) 168 }) 169 }) 170 171 When("the 'client-credentials' flag is set", func() { 172 When("the user provides an invalid client id/secret combo", func() { 173 BeforeEach(func() { 174 helpers.LoginCF() 175 helpers.TargetOrgAndSpace(ReadOnlyOrg, ReadOnlySpace) 176 }) 177 178 It("clears the cached tokens and target info, then displays an error message", func() { 179 session := helpers.CF("auth", "some-client-id", "some-client-secret", "--client-credentials") 180 181 Eventually(session).Should(Say("API endpoint: %s", helpers.GetAPI())) 182 Eventually(session).Should(Say(`Authenticating\.\.\.`)) 183 Eventually(session).Should(Say("FAILED")) 184 Eventually(session.Err).Should(Say(`Credentials were rejected, please try again\.`)) 185 Eventually(session).Should(Exit(1)) 186 187 // Verify that the user is not logged-in 188 targetSession1 := helpers.CF("target") 189 Eventually(targetSession1.Err).Should(Say(`Not logged in\. Use 'cf login' to log in\.`)) 190 Eventually(targetSession1).Should(Say("FAILED")) 191 Eventually(targetSession1).Should(Exit(1)) 192 193 // Verify that neither org nor space is targeted 194 helpers.LoginCF() 195 targetSession2 := helpers.CF("target") 196 Eventually(targetSession2).Should(Say("No org or space targeted, use 'cf target -o ORG -s SPACE'")) 197 Eventually(targetSession2).Should(Exit(0)) 198 }) 199 }) 200 201 When("the client id and client secret are valid", func() { 202 It("authenticates the user", func() { 203 clientID, clientSecret := helpers.SkipIfClientCredentialsNotSet() 204 session := helpers.CF("auth", clientID, clientSecret, "--client-credentials") 205 206 Eventually(session).Should(Say("API endpoint: %s", helpers.GetAPI())) 207 Eventually(session).Should(Say(`Authenticating\.\.\.`)) 208 Eventually(session).Should(Say("OK")) 209 Eventually(session).Should(Say("Use 'cf target' to view or set your target org and space")) 210 211 Eventually(session).Should(Exit(0)) 212 }) 213 }) 214 }) 215 216 When("a user authenticates with valid client credentials", func() { 217 BeforeEach(func() { 218 clientID, clientSecret := helpers.SkipIfClientCredentialsNotSet() 219 session := helpers.CF("auth", clientID, clientSecret, "--client-credentials") 220 Eventually(session).Should(Exit(0)) 221 }) 222 223 When("a different user authenticates with valid password credentials", func() { 224 It("should fail authentication and display an error informing the user they need to log out", func() { 225 username, password := helpers.GetCredentials() 226 session := helpers.CF("auth", username, password) 227 228 Eventually(session).Should(Say("FAILED")) 229 Eventually(session.Err).Should(Say(`Service account currently logged in\. Use 'cf logout' to log out service account and try again\.`)) 230 Eventually(session).Should(Exit(1)) 231 }) 232 }) 233 234 }) 235 236 When("the origin flag is set", func() { 237 When("the UAA version is too low to use the --origin flag", func() { 238 BeforeEach(func() { 239 helpers.SkipIfUAAVersionAtLeast(uaaversion.MinVersionOrigin) 240 }) 241 It("prints an error message", func() { 242 session := helpers.CF("auth", "some-username", "some-password", "--client-credentials", "sumcredz", "--origin", "garbaje") 243 Eventually(session.Err).Should(Say("Option '--origin' requires UAA API version 4.19.0 or higher. Update your Cloud Foundry instance.")) 244 Eventually(session).Should(Say("FAILED")) 245 Eventually(session).Should(Exit(1)) 246 }) 247 }) 248 249 When("the UAA version is recent enough to support the flag", func() { 250 BeforeEach(func() { 251 helpers.SkipIfUAAVersionLessThan(uaaversion.MinVersionOrigin) 252 }) 253 When("--client-credentials is also set", func() { 254 It("displays the appropriate error message", func() { 255 session := helpers.CF("auth", "some-username", "some-password", "--client-credentials", "sumcredz", "--origin", "garbaje") 256 257 Eventually(session.Err).Should(Say("Incorrect Usage: The following arguments cannot be used together: --client-credentials, --origin")) 258 Eventually(session).Should(Exit(1)) 259 }) 260 }) 261 262 When("a user authenticates with valid user credentials for that origin", func() { 263 It("authenticates the user", func() { 264 username, password := helpers.GetOIDCCredentials() 265 session := helpers.CF("auth", username, password, "--origin", "cli-oidc-provider") 266 267 Eventually(session).Should(Say("API endpoint: %s", helpers.GetAPI())) 268 Eventually(session).Should(Say(`Authenticating\.\.\.`)) 269 Eventually(session).Should(Say("OK")) 270 Eventually(session).Should(Say("Use 'cf target' to view or set your target org and space")) 271 Eventually(session).Should(Exit(0)) 272 }) 273 }) 274 275 When("the user provides the default origin and valid credentials", func() { 276 It("authenticates the user", func() { 277 username, password := helpers.GetCredentials() 278 session := helpers.CF("auth", username, password, "--origin", "uaa") 279 280 Eventually(session).Should(Say("API endpoint: %s", helpers.GetAPI())) 281 Eventually(session).Should(Say(`Authenticating\.\.\.`)) 282 Eventually(session).Should(Say("OK")) 283 Eventually(session).Should(Say("Use 'cf target' to view or set your target org and space")) 284 Eventually(session).Should(Exit(0)) 285 }) 286 }) 287 288 When("when the user provides an invalid origin", func() { 289 It("returns an error", func() { 290 session := helpers.CF("auth", "some-user", "some-password", "--origin", "EA") 291 Eventually(session.Err).Should(Say("The origin provided is invalid.")) 292 Eventually(session).Should(Say("FAILED")) 293 Eventually(session).Should(Exit(1)) 294 }) 295 }) 296 }) 297 }) 298 })