go.chromium.org/luci@v0.0.0-20240309015107-7cdc2e660f33/server/auth/authtest/state_test.go

go.chromium.org/luci@v0.0.0-20240309015107-7cdc2e660f33/server/auth/authtest/state_test.go (about)

     1  // Copyright 2015 The LUCI Authors.
     2  //
     3  // Licensed under the Apache License, Version 2.0 (the "License");
     4  // you may not use this file except in compliance with the License.
     5  // You may obtain a copy of the License at
     6  //
     7  //      http://www.apache.org/licenses/LICENSE-2.0
     8  //
     9  // Unless required by applicable law or agreed to in writing, software
    10  // distributed under the License is distributed on an "AS IS" BASIS,
    11  // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    12  // See the License for the specific language governing permissions and
    13  // limitations under the License.
    14  
    15  package authtest
    16  
    17  import (
    18  	"context"
    19  	"net"
    20  	"testing"
    21  
    22  	"go.chromium.org/luci/auth/identity"
    23  
    24  	"go.chromium.org/luci/server/auth"
    25  	"go.chromium.org/luci/server/auth/realms"
    26  
    27  	. "github.com/smartystreets/goconvey/convey"
    28  )
    29  
    30  var testPerm = realms.RegisterPermission("testing.tests.perm")
    31  
    32  func TestFakeState(t *testing.T) {
    33  	t.Parallel()
    34  
    35  	ctx := context.Background()
    36  
    37  	Convey("Default FakeState works", t, func() {
    38  		state := FakeState{}
    39  		So(state.DB(), ShouldResemble, &FakeDB{})
    40  		So(state.Method(), ShouldNotBeNil)
    41  		So(state.User(), ShouldResemble, &auth.User{Identity: identity.AnonymousIdentity})
    42  		So(state.PeerIdentity(), ShouldEqual, identity.AnonymousIdentity)
    43  		So(state.PeerIP().String(), ShouldEqual, "127.0.0.1")
    44  	})
    45  
    46  	Convey("Non-default FakeState works", t, func() {
    47  		state := FakeState{
    48  			Identity:       "user:abc@def.com",
    49  			IdentityGroups: []string{"abc"},
    50  			IdentityPermissions: []RealmPermission{
    51  				{"proj:realm1", testPerm},
    52  			},
    53  			PeerIPAllowlist:      []string{"allowlist"},
    54  			PeerIdentityOverride: "bot:blah",
    55  			PeerIPOverride:       net.ParseIP("192.192.192.192"),
    56  			UserExtra:            "blah",
    57  		}
    58  
    59  		So(state.Method(), ShouldNotBeNil)
    60  		So(state.User(), ShouldResemble, &auth.User{
    61  			Identity: "user:abc@def.com",
    62  			Email:    "abc@def.com",
    63  			Extra:    "blah",
    64  		})
    65  		So(state.PeerIdentity(), ShouldEqual, identity.Identity("bot:blah"))
    66  		So(state.PeerIP().String(), ShouldEqual, "192.192.192.192")
    67  
    68  		db := state.DB()
    69  
    70  		yes, err := db.IsMember(ctx, "user:abc@def.com", []string{"abc"})
    71  		So(err, ShouldBeNil)
    72  		So(yes, ShouldBeTrue)
    73  
    74  		yes, err = db.HasPermission(ctx, "user:abc@def.com", testPerm, "proj:realm1", nil)
    75  		So(err, ShouldBeNil)
    76  		So(yes, ShouldBeTrue)
    77  
    78  		yes, err = db.IsAllowedIP(ctx, net.ParseIP("192.192.192.192"), "allowlist")
    79  		So(err, ShouldBeNil)
    80  		So(yes, ShouldBeTrue)
    81  	})
    82  }