func (s *VisitorSuite) TestVisitWebPageErrorResult(c *gc.C) {
v := authentication.NewVisitor("bob", func(username string) (string, error) {
return "hunter2", nil
})
s.handler = http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
http.Error(w, `{"Message":"bleh"}`, http.StatusInternalServerError)
})
err := v.VisitWebPage(s.client, map[string]*url.URL{
"juju_userpass": mustParseURL(s.server.URL),
})
c.Assert(err, gc.ErrorMatches, "bleh")
}
func (s *VisitorSuite) TestVisitWebPage(c *gc.C) {
v := authentication.NewVisitor("bob", func(username string) (string, error) {
c.Assert(username, gc.Equals, "bob")
return "hunter2", nil
})
var formUser, formPassword string
s.handler = http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
r.ParseForm()
formUser = r.Form.Get("user")
formPassword = r.Form.Get("password")
})
err := v.VisitWebPage(s.client, map[string]*url.URL{
"juju_userpass": mustParseURL(s.server.URL),
})
c.Assert(err, jc.ErrorIsNil)
c.Assert(formUser, gc.Equals, "bob")
c.Assert(formPassword, gc.Equals, "hunter2")
}
func (s *toolsWithMacaroonsSuite) TestCanPostWithLocalLogin(c *gc.C) {
// Create a new local user that we can log in as
// using macaroon authentication.
const password = "******"
user := s.Factory.MakeUser(c, &factory.UserParams{Password: password})
// Install a "web-page" visitor that deals with the interaction
// method that Juju controllers support for authenticating local
// users. Note: the use of httpbakery.NewMultiVisitor is necessary
// to trigger httpbakery to query the authentication methods and
// bypass browser authentication.
var prompted bool
jar := apitesting.NewClearableCookieJar()
client := utils.GetNonValidatingHTTPClient()
client.Jar = jar
bakeryClient := httpbakery.NewClient()
bakeryClient.Client = client
bakeryClient.WebPageVisitor = httpbakery.NewMultiVisitor(apiauthentication.NewVisitor(
user.UserTag().Id(),
func(username string) (string, error) {
c.Assert(username, gc.Equals, user.UserTag().Id())
prompted = true
return password, nil
},
))
bakeryDo := func(req *http.Request) (*http.Response, error) {
var body io.ReadSeeker
if req.Body != nil {
body = req.Body.(io.ReadSeeker)
req.Body = nil
}
return bakeryClient.DoWithBodyAndCustomError(req, body, bakeryGetError)
}
resp := s.sendRequest(c, httpRequestParams{
method: "POST",
url: s.toolsURI(c, ""),
tag: user.UserTag().String(),
password: "", // no password forces macaroon usage
do: bakeryDo,
})
s.assertErrorResponse(c, resp, http.StatusBadRequest, "expected binaryVersion argument")
c.Assert(prompted, jc.IsTrue)
}
func (c *changePasswordCommand) recordMacaroon(user, password string) error {
accountDetails := &jujuclient.AccountDetails{User: user}
args, err := c.NewAPIConnectionParams(
c.ClientStore(), c.ControllerName(), "", accountDetails,
)
if err != nil {
return errors.Trace(err)
}
args.DialOpts.BakeryClient.WebPageVisitor = httpbakery.NewMultiVisitor(
authentication.NewVisitor(accountDetails.User, func(string) (string, error) {
return password, nil
}),
args.DialOpts.BakeryClient.WebPageVisitor,
)
api, err := c.newAPIConnection(args)
if err != nil {
return errors.Annotate(err, "connecting to API")
}
return api.Close()
}
func newAPIConnectionParams(
store jujuclient.ClientStore,
controllerName,
modelName string,
accountDetails *jujuclient.AccountDetails,
bakery *httpbakery.Client,
apiOpen api.OpenFunc,
getPassword func(string) (string, error),
) (juju.NewAPIConnectionParams, error) {
if controllerName == "" {
return juju.NewAPIConnectionParams{}, errors.Trace(errNoNameSpecified)
}
var modelUUID string
if modelName != "" {
modelDetails, err := store.ModelByName(controllerName, modelName)
if err != nil {
return juju.NewAPIConnectionParams{}, errors.Trace(err)
}
modelUUID = modelDetails.ModelUUID
}
dialOpts := api.DefaultDialOpts()
dialOpts.BakeryClient = bakery
if accountDetails != nil {
bakery.WebPageVisitor = httpbakery.NewMultiVisitor(
authentication.NewVisitor(accountDetails.User, getPassword),
bakery.WebPageVisitor,
)
}
return juju.NewAPIConnectionParams{
Store: store,
ControllerName: controllerName,
AccountDetails: accountDetails,
ModelUUID: modelUUID,
DialOpts: dialOpts,
OpenAPI: apiOpen,
}, nil
}
func (s *VisitorSuite) TestVisitWebPageMethodNotSupported(c *gc.C) {
v := authentication.NewVisitor("bob", nil)
err := v.VisitWebPage(s.client, map[string]*url.URL{})
c.Assert(err, gc.Equals, httpbakery.ErrMethodNotSupported)
}