Skip to content
Snippets Groups Projects
auth_interceptor_test.go 6.39 KiB
Newer Older
  • Learn to ignore specific revisions
  • package server
    
    import (
    	"context"
    	"log"
    	"net"
    
    	"testing"
    
    	apb "code.fbi.h-da.de/danet/gosdn/api/go/gosdn/rbac"
    	"code.fbi.h-da.de/danet/gosdn/controller/rbac"
    	"code.fbi.h-da.de/danet/gosdn/controller/store"
    	"google.golang.org/grpc"
    	"google.golang.org/grpc/credentials/insecure"
    	"google.golang.org/grpc/metadata"
    	"google.golang.org/grpc/test/bufconn"
    )
    
    func dialer() func(context.Context, string) (net.Conn, error) {
    	listener := bufconn.Listen(1024 * 1024)
    
    	interceptor := NewAuthInterceptor(jwt)
    	server := grpc.NewServer(grpc.UnaryInterceptor(interceptor.Unary()), grpc.StreamInterceptor(interceptor.Stream()))
    
    	apb.RegisterUserServiceServer(server, &User{})
    
    	go func() {
    		if err := server.Serve(listener); err != nil {
    			log.Fatal(err)
    		}
    	}()
    
    	return func(context.Context, string) (net.Conn, error) {
    		return listener.Dial()
    	}
    }
    
    func TestAuthInterceptor_Unary(t *testing.T) {
    
    	validToken, err := jwt.GenerateToken(rbac.User{UserName: "testAdmin"})
    	if err != nil {
    		log.Fatal(err)
    	}
    
    	wrongUserToken, err := jwt.GenerateToken(rbac.User{UserName: "foo"})
    
    	if err != nil {
    		log.Fatal(err)
    	}
    
    	user, err := userc.Get(store.Query{Name: "testAdmin"})
    	if err != nil {
    		log.Fatal(err)
    	}
    
    
    	err = userc.Update(user)
    	if err != nil {
    		log.Fatal(err)
    	}
    
    
    	md := metadata.Pairs("authorize", validToken)
    
    
    	type args struct {
    		ctx     context.Context
    		request *apb.GetUsersRequest
    	}
    	tests := []struct {
    		name    string
    		args    args
    		want    *apb.GetUsersResponse
    		wantErr bool
    	}{
    		{
    			name: "default unary interceptor",
    			args: args{
    				ctx:     metadata.NewOutgoingContext(context.Background(), md),
    				request: &apb.GetUsersRequest{},
    			},
    			want: &apb.GetUsersResponse{
    				Status: apb.Status_STATUS_OK,
    			},
    			wantErr: false,
    		},
    
    		{
    			name: "error unary invalid user token",
    			args: args{
    				ctx:     metadata.NewOutgoingContext(context.Background(), metadata.Pairs("authorize", wrongUserToken)),
    				request: &apb.GetUsersRequest{},
    			},
    			want:    nil,
    			wantErr: true,
    		},
    		{
    			name: "error unary invalid token string",
    			args: args{
    				ctx:     metadata.NewOutgoingContext(context.Background(), metadata.Pairs("authorize", "foo")),
    				request: &apb.GetUsersRequest{},
    			},
    			want:    nil,
    			wantErr: true,
    		},
    		{
    			name: "error unary no token in metadata",
    			args: args{
    				ctx:     metadata.NewOutgoingContext(context.Background(), metadata.Pairs("foo", "foo")),
    				request: &apb.GetUsersRequest{},
    			},
    			want:    nil,
    			wantErr: true,
    		},
    
    	}
    
    	ctx := context.Background()
    	conn, err := grpc.DialContext(ctx, "", grpc.WithTransportCredentials(insecure.NewCredentials()), grpc.WithContextDialer(dialer()))
    	if err != nil {
    		log.Fatal(err)
    	}
    	defer conn.Close()
    
    	client := apb.NewUserServiceClient(conn)
    
    	for _, tt := range tests {
    		t.Run(tt.name, func(t *testing.T) {
    			got, err := client.GetUsers(tt.args.ctx, tt.args.request)
    			if (err != nil) != tt.wantErr {
    				t.Errorf("AuthInterceptor.Unary() = %v, wantErr %v", err, tt.wantErr)
    				return
    			}
    
    
    			if got != nil && got.Status != tt.want.Status {
    
    				t.Errorf("AuthInterceptor.Unary() = %v, wantErr %v", err, tt.wantErr)
    				return
    			}
    		})
    	}
    }
    
    
    func TestAuthInterceptor_Stream(t *testing.T) {
    	type fields struct {
    		jwtManager *rbac.JWTManager
    	}
    	tests := []struct {
    		name   string
    		fields fields
    		want   grpc.StreamServerInterceptor
    	}{
    		// TODO: Add test cases.
    	}
    	for _, tt := range tests {
    		t.Run(tt.name, func(t *testing.T) {
    			auth := &AuthInterceptor{
    				jwtManager: tt.fields.jwtManager,
    			}
    			if got := auth.Stream(); !reflect.DeepEqual(got, tt.want) {
    				t.Errorf("AuthInterceptor.Stream() = %v, want %v", got, tt.want)
    			}
    		})
    	}
    }
    
    func TestAuthInterceptor_authorize(t *testing.T) {
    	type fields struct {
    		jwtManager *rbac.JWTManager
    	}
    	type args struct {
    		ctx    context.Context
    		method string
    	}
    	tests := []struct {
    		name    string
    		fields  fields
    		args    args
    		wantErr bool
    	}{
    		// TODO: Add test cases.
    	}
    	for _, tt := range tests {
    		t.Run(tt.name, func(t *testing.T) {
    			auth := &AuthInterceptor{
    				jwtManager: tt.fields.jwtManager,
    			}
    			if err := auth.authorize(tt.args.ctx, tt.args.method); (err != nil) != tt.wantErr {
    				t.Errorf("AuthInterceptor.authorize() error = %v, wantErr %v", err, tt.wantErr)
    			}
    		})
    	}
    }
    
    func TestAuthInterceptor_verifyPermisisonForRequestedCall(t *testing.T) {
    	type fields struct {
    		jwtManager *rbac.JWTManager
    	}
    	type args struct {
    		userRoles       map[string]string
    		requestedMethod string
    	}
    	tests := []struct {
    		name    string
    		fields  fields
    		args    args
    		wantErr bool
    	}{
    		// TODO: Add test cases.
    	}
    	for _, tt := range tests {
    		t.Run(tt.name, func(t *testing.T) {
    			auth := &AuthInterceptor{
    				jwtManager: tt.fields.jwtManager,
    			}
    			if err := auth.verifyPermisisonForRequestedCall(tt.args.userRoles, tt.args.requestedMethod); (err != nil) != tt.wantErr {
    				t.Errorf("AuthInterceptor.verifyPermisisonForRequestedCall() error = %v, wantErr %v", err, tt.wantErr)
    			}
    		})
    	}
    }
    
    func TestAuthInterceptor_verifyUserRoleAndRequestedCall(t *testing.T) {
    	type fields struct {
    		jwtManager *rbac.JWTManager
    	}
    	type args struct {
    		userRole        string
    		requestedMethod string
    	}
    	tests := []struct {
    		name    string
    		fields  fields
    		args    args
    		wantErr bool
    	}{
    		// TODO: Add test cases.
    	}
    	for _, tt := range tests {
    		t.Run(tt.name, func(t *testing.T) {
    			auth := &AuthInterceptor{
    				jwtManager: tt.fields.jwtManager,
    			}
    			if err := auth.verifyUserRoleAndRequestedCall(tt.args.userRole, tt.args.requestedMethod); (err != nil) != tt.wantErr {
    				t.Errorf("AuthInterceptor.verifyUserRoleAndRequestedCall() error = %v, wantErr %v", err, tt.wantErr)
    			}
    		})
    	}
    }
    
    func TestAuthInterceptor_compareRequestedPermissionWithRolePermissions(t *testing.T) {
    	type fields struct {
    		jwtManager *rbac.JWTManager
    	}
    	type args struct {
    		requestedMethod       string
    		storedRolePermissions []string
    	}
    	tests := []struct {
    		name    string
    		fields  fields
    		args    args
    		wantErr bool
    	}{
    		// TODO: Add test cases.
    	}
    	for _, tt := range tests {
    		t.Run(tt.name, func(t *testing.T) {
    			auth := &AuthInterceptor{
    				jwtManager: tt.fields.jwtManager,
    			}
    			if err := auth.compareRequestedPermissionWithRolePermissions(tt.args.requestedMethod, tt.args.storedRolePermissions); (err != nil) != tt.wantErr {
    				t.Errorf("AuthInterceptor.compareRequestedPermissionWithRolePermissions() error = %v, wantErr %v", err, tt.wantErr)
    			}
    		})
    	}
    }