Пример #1
0
func TestCreate(t *testing.T) {
	subject, _ := sm.CreateSubject(&SubjectContext{
		CreateSessions: true,
	})

	assert.False(t, subject.IsAuthenticated())

	err := subject.Login(authc.NewToken("user", "password"))

	// Shouldn't work
	assert.NotNil(t, err, "got error", err)

	assert.False(t, subject.IsAuthenticated())

	err = subject.Login(authc.NewToken("foo", "incorrect password"))

	// Shouldn't work
	assert.NotNil(t, err, "got error", err)

	assert.False(t, subject.IsAuthenticated())

	// Should work
	err = subject.Login(authc.NewToken("foo", "password"))

	assert.Nil(t, err, "Login didn't succeed")

	assert.True(t, subject.IsAuthenticated(), "User is not authenticated after successful login")

	// TODO: This isn't particularly pretty, but we know it's a string...
	assert.Equal(t, "foo", fmt.Sprintf("%s", subject.Principal()), "Incorrect name for user")

	assert.True(t, subject.HasRole("manager"), "Did not have manager role")

	assert.False(t, subject.HasRole("admin"), "Should not have admin role")

	assert.True(t, subject.IsPermitted("write:foo"), "Does not have write permission")
	assert.False(t, subject.IsPermitted("read:foo"), "Did get read permission")

	// After logout, should no longer have any permissions
	subject.Logout()

	assert.False(t, subject.IsAuthenticated())

	assert.False(t, subject.HasRole("manager"), "Did not have manager role")

	assert.False(t, subject.HasRole("admin"), "Should not have admin role")

	assert.False(t, subject.IsPermitted("write:foo"), "Does not have write permission")
	assert.False(t, subject.IsPermitted("read:foo"), "Did get read permission")

}
Пример #2
0
func TestCache(t *testing.T) {
	mock := MockRealm{}

	cr := NewCaching(&mock, cache.NewMemoryCache())

	tok := authc.NewToken("foo", "bar")

	require.Equal(t, 0, mock.authinfocalled)

	assert.True(t, cr.Supports(tok))

	info, _ := cr.AuthenticationInfo(tok)
	assert.Equal(t, "foo", info.Principals()[0])
	assert.Equal(t, 1, mock.authinfocalled)

	info, _ = cr.AuthenticationInfo(tok)
	assert.Equal(t, "foo", info.Principals()[0])
	assert.Equal(t, 1, mock.authinfocalled)

	cr.ClearCache(info.Principals())

	info, _ = cr.AuthenticationInfo(tok)
	assert.Equal(t, "foo", info.Principals()[0])
	assert.Equal(t, 2, mock.authinfocalled)
}
Пример #3
0
func TestIni(t *testing.T) {
	src := `
  # Start with a comment

  something = other

  [users]
  foo = password
  bar = password2, admin,     agroup,manager
  baz=pwd

  [roles]

  admin = *
  agroup= read:*
  manager = write:*, manage:*
`

	ini, err := NewIni("test-ini", strings.NewReader(src))

	assert.Nil(t, err, "Got an error: %s", err)

	assert.Equal(t, "test-ini", ini.Name())

	token := authc.NewToken("foo", "password")

	assert.True(t, ini.Supports(token), "Does not support UsernamePasswordTokens!")

	var acct authc.AuthenticationInfo

	acct, err = ini.AuthenticationInfo(token)

	assert.Nil(t, err, "Got an error:", err)

	assert.NotNil(t, acct)

}
Пример #4
0
func TestRunAs(t *testing.T) {
	msm := new(DefaultSecurityManager)
	r, _ := realm.NewIni("ini", strings.NewReader(ini))
	msm.SetRealm(r)
	tmpFile, _ := ioutil.TempDir("", "runas")
	msm.SetSessionManager(gorilla.NewGorillaManager(sessions.NewFilesystemStore(tmpFile, []byte("something-very-secret"))))

	subject, _ := msm.CreateSubject(&SubjectContext{
		CreateSessions: true,
		Request:        &http.Request{},
		ResponseWriter: &httptest.ResponseRecorder{},
	})

	subject.Login(authc.NewToken("foo", "password"))

	assert.True(t, subject.IsAuthenticated(), "User is not authenticated after successful login")
	assert.Equal(t, "foo", fmt.Sprintf("%s", subject.Principal()))

	assert.False(t, subject.IsPermitted("everything"))

	err := subject.RunAs([]interface{}{"bar"})

	assert.Nil(t, err)
	assert.True(t, subject.IsAuthenticated(), "User is not authenticated after successful runas")
	assert.Equal(t, "bar", fmt.Sprintf("%s", subject.Principal()))

	assert.True(t, subject.IsPermitted("everything"))

	subject.ReleaseRunAs()

	assert.True(t, subject.IsAuthenticated(), "User is not authenticated after successful runas")
	assert.Equal(t, "foo", fmt.Sprintf("%s", subject.Principal()))

	assert.False(t, subject.IsPermitted("everything"))

}