func (as *authSuite) TestAuthContextUpdateUserAuthOtherUpdate(c *C) {
as.state.Lock()
user, _ := auth.NewUser(as.state, "username", "macaroon", []string{"discharge"})
otherUpdateUser := *user
otherUpdateUser.Macaroon = "macaroon2"
otherUpdateUser.StoreDischarges = []string{"other-discharges"}
err := auth.UpdateUser(as.state, &otherUpdateUser)
as.state.Unlock()
c.Assert(err, IsNil)
newDischarges := []string{"updated-discharge"}
authContext := auth.NewAuthContext(as.state, nil)
// last discharges win
curUser, err := authContext.UpdateUserAuth(user, newDischarges)
c.Assert(err, IsNil)
as.state.Lock()
userFromState, err := auth.User(as.state, user.ID)
as.state.Unlock()
c.Check(err, IsNil)
c.Check(userFromState, DeepEquals, curUser)
c.Check(curUser, DeepEquals, &auth.UserState{
ID: user.ID,
Username: "******",
Macaroon: "macaroon2",
Discharges: []string{"discharge"},
StoreMacaroon: "macaroon",
StoreDischarges: newDischarges,
})
}
func (as *authSuite) TestUpdateUserInvalid(c *C) {
as.state.Lock()
_, _ = auth.NewUser(as.state, "username", "macaroon", []string{"discharge"})
as.state.Unlock()
user := &auth.UserState{
ID: 102,
Username: "******",
Macaroon: "macaroon",
}
as.state.Lock()
err := auth.UpdateUser(as.state, user)
as.state.Unlock()
c.Assert(err, ErrorMatches, "invalid user")
}
func (as *authSuite) TestUpdateUser(c *C) {
as.state.Lock()
user, _ := auth.NewUser(as.state, "username", "macaroon", []string{"discharge"})
as.state.Unlock()
user.Username = "******"
user.StoreDischarges = []string{"updated-discharge"}
as.state.Lock()
err := auth.UpdateUser(as.state, user)
as.state.Unlock()
c.Check(err, IsNil)
as.state.Lock()
userFromState, err := auth.User(as.state, user.ID)
as.state.Unlock()
c.Check(err, IsNil)
c.Check(userFromState, DeepEquals, user)
}
func (as *authSuite) TestCheckMacaroonValidUserOldStyle(c *C) {
// create a fake store-deserializable macaroon
m, err := macaroon.New([]byte("secret"), "some-id", "location")
c.Check(err, IsNil)
serializedMacaroon, err := auth.MacaroonSerialize(m)
c.Check(err, IsNil)
as.state.Lock()
expectedUser, err := auth.NewUser(as.state, "username", "*****@*****.**", serializedMacaroon, []string{"discharge"})
c.Check(err, IsNil)
// set user local macaroons with store macaroons
expectedUser.Macaroon = expectedUser.StoreMacaroon
expectedUser.Discharges = expectedUser.StoreDischarges
err = auth.UpdateUser(as.state, expectedUser)
c.Check(err, IsNil)
as.state.Unlock()
as.state.Lock()
user, err := auth.CheckMacaroon(as.state, expectedUser.Macaroon, expectedUser.Discharges)
as.state.Unlock()
c.Check(err, IsNil)
c.Check(user, DeepEquals, expectedUser)
}
