func TestCreate(t *testing.T) {
subject, _ := sm.CreateSubject(&SubjectContext{
CreateSessions: true,
})
assert.False(t, subject.IsAuthenticated())
err := subject.Login(authc.NewToken("user", "password"))
// Shouldn't work
assert.NotNil(t, err, "got error", err)
assert.False(t, subject.IsAuthenticated())
err = subject.Login(authc.NewToken("foo", "incorrect password"))
// Shouldn't work
assert.NotNil(t, err, "got error", err)
assert.False(t, subject.IsAuthenticated())
// Should work
err = subject.Login(authc.NewToken("foo", "password"))
assert.Nil(t, err, "Login didn't succeed")
assert.True(t, subject.IsAuthenticated(), "User is not authenticated after successful login")
// TODO: This isn't particularly pretty, but we know it's a string...
assert.Equal(t, "foo", fmt.Sprintf("%s", subject.Principal()), "Incorrect name for user")
assert.True(t, subject.HasRole("manager"), "Did not have manager role")
assert.False(t, subject.HasRole("admin"), "Should not have admin role")
assert.True(t, subject.IsPermitted("write:foo"), "Does not have write permission")
assert.False(t, subject.IsPermitted("read:foo"), "Did get read permission")
// After logout, should no longer have any permissions
subject.Logout()
assert.False(t, subject.IsAuthenticated())
assert.False(t, subject.HasRole("manager"), "Did not have manager role")
assert.False(t, subject.HasRole("admin"), "Should not have admin role")
assert.False(t, subject.IsPermitted("write:foo"), "Does not have write permission")
assert.False(t, subject.IsPermitted("read:foo"), "Did get read permission")
}
func TestCache(t *testing.T) {
mock := MockRealm{}
cr := NewCaching(&mock, cache.NewMemoryCache())
tok := authc.NewToken("foo", "bar")
require.Equal(t, 0, mock.authinfocalled)
assert.True(t, cr.Supports(tok))
info, _ := cr.AuthenticationInfo(tok)
assert.Equal(t, "foo", info.Principals()[0])
assert.Equal(t, 1, mock.authinfocalled)
info, _ = cr.AuthenticationInfo(tok)
assert.Equal(t, "foo", info.Principals()[0])
assert.Equal(t, 1, mock.authinfocalled)
cr.ClearCache(info.Principals())
info, _ = cr.AuthenticationInfo(tok)
assert.Equal(t, "foo", info.Principals()[0])
assert.Equal(t, 2, mock.authinfocalled)
}
func TestIni(t *testing.T) {
src := `
# Start with a comment
something = other
[users]
foo = password
bar = password2, admin, agroup,manager
baz=pwd
[roles]
admin = *
agroup= read:*
manager = write:*, manage:*
`
ini, err := NewIni("test-ini", strings.NewReader(src))
assert.Nil(t, err, "Got an error: %s", err)
assert.Equal(t, "test-ini", ini.Name())
token := authc.NewToken("foo", "password")
assert.True(t, ini.Supports(token), "Does not support UsernamePasswordTokens!")
var acct authc.AuthenticationInfo
acct, err = ini.AuthenticationInfo(token)
assert.Nil(t, err, "Got an error:", err)
assert.NotNil(t, acct)
}
func TestRunAs(t *testing.T) {
msm := new(DefaultSecurityManager)
r, _ := realm.NewIni("ini", strings.NewReader(ini))
msm.SetRealm(r)
tmpFile, _ := ioutil.TempDir("", "runas")
msm.SetSessionManager(gorilla.NewGorillaManager(sessions.NewFilesystemStore(tmpFile, []byte("something-very-secret"))))
subject, _ := msm.CreateSubject(&SubjectContext{
CreateSessions: true,
Request: &http.Request{},
ResponseWriter: &httptest.ResponseRecorder{},
})
subject.Login(authc.NewToken("foo", "password"))
assert.True(t, subject.IsAuthenticated(), "User is not authenticated after successful login")
assert.Equal(t, "foo", fmt.Sprintf("%s", subject.Principal()))
assert.False(t, subject.IsPermitted("everything"))
err := subject.RunAs([]interface{}{"bar"})
assert.Nil(t, err)
assert.True(t, subject.IsAuthenticated(), "User is not authenticated after successful runas")
assert.Equal(t, "bar", fmt.Sprintf("%s", subject.Principal()))
assert.True(t, subject.IsPermitted("everything"))
subject.ReleaseRunAs()
assert.True(t, subject.IsAuthenticated(), "User is not authenticated after successful runas")
assert.Equal(t, "foo", fmt.Sprintf("%s", subject.Principal()))
assert.False(t, subject.IsPermitted("everything"))
}