func (as *authSuite) TestNewUserAddsToExistent(c *C) { as.state.Lock() firstUser, err := auth.NewUser(as.state, "username", "macaroon", []string{"discharge"}) as.state.Unlock() c.Check(err, IsNil) // adding a new one as.state.Lock() user, err := auth.NewUser(as.state, "new_username", "new_macaroon", []string{"new_discharge"}) as.state.Unlock() expected := &auth.UserState{ ID: 2, Username: "******", Macaroon: "new_macaroon", Discharges: []string{"new_discharge"}, StoreMacaroon: "new_macaroon", StoreDischarges: []string{"new_discharge"}, } c.Check(err, IsNil) c.Check(user, DeepEquals, expected) as.state.Lock() userFromState, err := auth.User(as.state, 2) as.state.Unlock() c.Check(err, IsNil) c.Check(userFromState, DeepEquals, expected) // first user is still in the state as.state.Lock() userFromState, err = auth.User(as.state, 1) as.state.Unlock() c.Check(err, IsNil) c.Check(userFromState, DeepEquals, firstUser) }
func (as *authSuite) TestRemove(c *C) { as.state.Lock() user, err := auth.NewUser(as.state, "username", "macaroon", []string{"discharge"}) as.state.Unlock() c.Check(err, IsNil) as.state.Lock() _, err = auth.User(as.state, user.ID) as.state.Unlock() c.Check(err, IsNil) as.state.Lock() err = auth.RemoveUser(as.state, user.ID) as.state.Unlock() c.Assert(err, IsNil) as.state.Lock() _, err = auth.User(as.state, user.ID) as.state.Unlock() c.Check(err, ErrorMatches, "invalid user") as.state.Lock() err = auth.RemoveUser(as.state, user.ID) as.state.Unlock() c.Assert(err, ErrorMatches, "invalid user") }
func (as *authSuite) TestGetAuthenticatorFromUser(c *C) { as.state.Lock() user, err := auth.NewUser(as.state, "username", "macaroon", []string{"discharge"}) as.state.Unlock() c.Check(err, IsNil) authenticator := user.Authenticator() c.Check(authenticator.Macaroon, Equals, user.Macaroon) c.Check(authenticator.Discharges, DeepEquals, user.Discharges) }
func (as *authSuite) TestUserForNonExistent(c *C) { as.state.Lock() _, err := auth.NewUser(as.state, "username", "macaroon", []string{"discharge"}) as.state.Unlock() c.Check(err, IsNil) as.state.Lock() userFromState, err := auth.User(as.state, 42) c.Check(err, ErrorMatches, "invalid user") c.Check(userFromState, IsNil) }
func (as *authSuite) TestUser(c *C) { as.state.Lock() user, err := auth.NewUser(as.state, "username", "macaroon", []string{"discharge"}) as.state.Unlock() c.Check(err, IsNil) as.state.Lock() userFromState, err := auth.User(as.state, 1) as.state.Unlock() c.Check(err, IsNil) c.Check(userFromState, DeepEquals, user) }
func (as *authSuite) TestAuthenticatorSetHeaders(c *C) { as.state.Lock() user, err := auth.NewUser(as.state, "username", "macaroon", []string{"discharge"}) as.state.Unlock() c.Check(err, IsNil) req, _ := http.NewRequest("GET", "http://example.com", nil) authenticator := user.Authenticator() authenticator.Authenticate(req) authorization := req.Header.Get("Authorization") c.Check(authorization, Equals, `Macaroon root="macaroon", discharge="discharge"`) }
func (as *authSuite) TestCheckMacaroonValidUser(c *C) { as.state.Lock() expectedUser, err := auth.NewUser(as.state, "username", "macaroon", []string{"discharge"}) as.state.Unlock() c.Check(err, IsNil) as.state.Lock() user, err := auth.CheckMacaroon(as.state, "macaroon", []string{"discharge"}) as.state.Unlock() c.Check(err, IsNil) c.Check(user, DeepEquals, expectedUser) }
func loginUser(c *Command, r *http.Request) Response { var loginData struct { Username string `json:"username"` Password string `json:"password"` Otp string `json:"otp"` } decoder := json.NewDecoder(r.Body) if err := decoder.Decode(&loginData); err != nil { return BadRequest("cannot decode login data from request body: %v", err) } macaroon, err := store.RequestPackageAccessMacaroon() if err != nil { return InternalError(err.Error()) } discharge, err := store.DischargeAuthCaveat(loginData.Username, loginData.Password, macaroon, loginData.Otp) if err == store.ErrAuthenticationNeeds2fa { twofactorRequiredResponse := &resp{ Type: ResponseTypeError, Result: &errorResult{ Kind: errorKindTwoFactorRequired, Message: store.ErrAuthenticationNeeds2fa.Error(), }, Status: http.StatusUnauthorized, } return SyncResponse(twofactorRequiredResponse, nil) } if err != nil { return Unauthorized(err.Error()) } overlord := c.d.overlord state := overlord.State() state.Lock() _, err = auth.NewUser(state, loginData.Username, macaroon, []string{discharge}) state.Unlock() if err != nil { return InternalError("cannot persist authentication details: %v", err) } result := loginResponseData{ Macaroon: macaroon, Discharges: []string{discharge}, } return SyncResponse(result, nil) }
func (s *daemonSuite) TestAutherValidUser(c *check.C) { d := newTestDaemon(c) state := d.overlord.State() state.Lock() expectedUser, err := auth.NewUser(state, "username", "macaroon", []string{"discharge"}) state.Unlock() c.Check(err, check.IsNil) req, _ := http.NewRequest("GET", "http://example.com", nil) req.Header.Set("Authorization", `Macaroon root="macaroon", discharge="discharge"`) user, err := d.auther(req) c.Check(err, check.IsNil) c.Check(user, check.DeepEquals, expectedUser.Authenticator()) }
func (as *authSuite) TestCheckMacaroonInvalidAuth(c *C) { as.state.Lock() user, err := auth.CheckMacaroon(as.state, "other-macaroon", []string{"discharge"}) as.state.Unlock() c.Check(err, Equals, auth.ErrInvalidAuth) c.Check(user, IsNil) as.state.Lock() _, err = auth.NewUser(as.state, "username", "macaroon", []string{"discharge"}) as.state.Unlock() c.Check(err, IsNil) as.state.Lock() user, err = auth.CheckMacaroon(as.state, "other-macaroon", []string{"discharge"}) as.state.Unlock() c.Check(err, Equals, auth.ErrInvalidAuth) c.Check(user, IsNil) }
func (as *authSuite) TestNewUserSortsDischarges(c *C) { as.state.Lock() user, err := auth.NewUser(as.state, "username", "macaroon", []string{"discharge2", "discharge1"}) as.state.Unlock() expected := &auth.UserState{ ID: 1, Username: "******", Macaroon: "macaroon", Discharges: []string{"discharge1", "discharge2"}, StoreMacaroon: "macaroon", StoreDischarges: []string{"discharge1", "discharge2"}, } c.Check(err, IsNil) c.Check(user, DeepEquals, expected) as.state.Lock() userFromState, err := auth.User(as.state, 1) as.state.Unlock() c.Check(err, IsNil) c.Check(userFromState, DeepEquals, expected) }
func (s *snapmgrTestSuite) SetUpTest(c *C) { s.fakeBackend = &fakeSnappyBackend{ fakeCurrentProgress: 75, fakeTotalProgress: 100, } s.state = state.New(nil) var err error s.snapmgr, err = snapstate.Manager(s.state) c.Assert(err, IsNil) s.snapmgr.AddForeignTaskHandlers() // XXX: have just one, reset! snapstate.SetSnapManagerBackend(s.snapmgr, s.fakeBackend) snapstate.SetSnapstateBackend(s.fakeBackend) s.reset = snapstate.MockReadInfo(s.fakeBackend.ReadInfo) s.state.Lock() s.user, err = auth.NewUser(s.state, "username", "macaroon", []string{"discharge"}) c.Assert(err, IsNil) s.state.Unlock() }