github.com/weaviate/weaviate@v1.24.6/adapters/handlers/grpc/v1/auth_test.go (about) 1 // _ _ 2 // __ _____ __ ___ ___ __ _| |_ ___ 3 // \ \ /\ / / _ \/ _` \ \ / / |/ _` | __/ _ \ 4 // \ V V / __/ (_| |\ V /| | (_| | || __/ 5 // \_/\_/ \___|\__,_| \_/ |_|\__,_|\__\___| 6 // 7 // Copyright © 2016 - 2024 Weaviate B.V. All rights reserved. 8 // 9 // CONTACT: hello@weaviate.io 10 // 11 12 package v1 13 14 import ( 15 "context" 16 "fmt" 17 "testing" 18 19 "github.com/stretchr/testify/assert" 20 "github.com/stretchr/testify/require" 21 "github.com/weaviate/weaviate/entities/models" 22 "google.golang.org/grpc/metadata" 23 ) 24 25 func TestAuth(t *testing.T) { 26 tests := []struct { 27 name string 28 buildCtx func() context.Context 29 shouldErr bool 30 expectedOut *models.Principal 31 allowAnon bool 32 }{ 33 { 34 name: "nothing provided, anon allowed", 35 buildCtx: func() context.Context { 36 return context.Background() 37 }, 38 allowAnon: true, 39 shouldErr: false, 40 }, 41 { 42 name: "nothing provided, anon forbidden", 43 buildCtx: func() context.Context { 44 return context.Background() 45 }, 46 allowAnon: false, 47 shouldErr: true, 48 }, 49 { 50 name: "with md, but nothing usable, anon allowed", 51 buildCtx: func() context.Context { 52 md := metadata.Pairs("unrelated", "unrelated") 53 return metadata.NewIncomingContext(context.Background(), md) 54 }, 55 allowAnon: true, 56 shouldErr: false, 57 }, 58 { 59 name: "with md, but nothing usable, anon forbidden", 60 buildCtx: func() context.Context { 61 md := metadata.Pairs("unrelated", "unrelated") 62 return metadata.NewIncomingContext(context.Background(), md) 63 }, 64 allowAnon: false, 65 shouldErr: true, 66 }, 67 { 68 name: "with md, but nothing usable, anon allowed", 69 buildCtx: func() context.Context { 70 md := metadata.Pairs("authorization", "wrong-format") 71 return metadata.NewIncomingContext(context.Background(), md) 72 }, 73 allowAnon: true, 74 shouldErr: false, 75 }, 76 { 77 name: "with md, but nothing usable, anon forbidden", 78 buildCtx: func() context.Context { 79 md := metadata.Pairs("authorization", "wrong-format") 80 return metadata.NewIncomingContext(context.Background(), md) 81 }, 82 allowAnon: false, 83 shouldErr: true, 84 }, 85 { 86 name: "with md, and a token", 87 buildCtx: func() context.Context { 88 md := metadata.Pairs("authorization", "Bearer Foo") 89 return metadata.NewIncomingContext(context.Background(), md) 90 }, 91 shouldErr: false, 92 expectedOut: &models.Principal{Username: "Foo"}, 93 }, 94 { 95 name: "with a token that makes extraction error", 96 buildCtx: func() context.Context { 97 md := metadata.Pairs("authorization", "Bearer err") 98 return metadata.NewIncomingContext(context.Background(), md) 99 }, 100 shouldErr: true, 101 }, 102 } 103 104 for _, test := range tests { 105 t.Run(test.name, func(t *testing.T) { 106 s := &Service{ 107 allowAnonymousAccess: test.allowAnon, 108 authComposer: func(token string, scopes []string) (*models.Principal, error) { 109 if token == "" { 110 return nil, fmt.Errorf("not allowed") 111 } 112 if token == "err" { 113 return nil, fmt.Errorf("other error") 114 } 115 return &models.Principal{Username: token}, nil 116 }, 117 } 118 119 p, err := s.principalFromContext(test.buildCtx()) 120 if test.shouldErr { 121 require.NotNil(t, err) 122 } else { 123 require.Nil(t, err) 124 assert.Equal(t, test.expectedOut, p) 125 } 126 }) 127 } 128 }