Skip to content
Snippets Groups Projects
Code owners
Assign users and groups as approvers for specific file changes. Learn more.
auth_test.go 17.83 KiB
package server

import (
	"context"
	"reflect"
	"testing"

	apb "code.fbi.h-da.de/danet/gosdn/api/go/gosdn/rbac"
	"code.fbi.h-da.de/danet/gosdn/controller/rbac"
	"github.com/google/uuid"
)

const adminID = "5c248a22-8eb7-48cf-b392-45680a1863a5"
const userID = "57005d13-7a4d-493d-a02b-50ca51c40197"
const adminRoleID = "126683ae-5ff2-43ee-92f7-0e2b936f8c77"
const randomRoleName = "bertram"

var adminRoleMap = map[string]string{pndID: "admin"}
var userRoleMap = map[string]string{pndID: "user"}
var jwt *rbac.JWTManager

func TestAuth_Login(t *testing.T) {
	type args struct {
		ctx     context.Context
		request *apb.LoginRequest
	}
	tests := []struct {
		name    string
		args    args
		want    string
		wantErr bool
	}{
		{
			name: "default login",
			want: "testAdmin",
			args: args{
				request: &apb.LoginRequest{
					Username: "testAdmin",
					Pwd:      "admin",
				},
			},
			wantErr: false,
		},
		{
			name: "login fail wrong pwd",
			want: "",
			args: args{
				request: &apb.LoginRequest{
					Username: "testAdmin",
					Pwd:      "nope",
				},
			},
			wantErr: true,
		},
	}

	for _, tt := range tests {
		t.Run(tt.name, func(t *testing.T) {
			r := Auth{
				jwtManager: jwt,
			}
			resp, err := r.Login(tt.args.ctx, tt.args.request)
			if (err != nil) != tt.wantErr {
				t.Errorf("Auth.Login() error = %v, wantErr %v", err, tt.wantErr)
				return
			}

			if resp != nil {
				got := resp.Token
				if got == "" {
					t.Errorf("Auth.Login() = %v, want non empty token", got)
				}
			}
		})
	}
}

func TestAuth_Logout(t *testing.T) {
	type args struct {
		ctx     context.Context
		request *apb.LogoutRequest
	}
	tests := []struct {
		name    string
		args    args
		want    *apb.LogoutResponse
		wantErr bool
	}{
		// TODO: Add test cases.
		// Implement after session hdanling was added
	}
	for _, tt := range tests {
		t.Run(tt.name, func(t *testing.T) {
			s := Auth{}
			got, err := s.Logout(tt.args.ctx, tt.args.request)
			if (err != nil) != tt.wantErr {
				t.Errorf("Auth.Logout() error = %v, wantErr %v", err, tt.wantErr)
				return
			}
			if !reflect.DeepEqual(got, tt.want) {
				t.Errorf("Auth.Logout() = %v, want %v", got, tt.want)
			}
		})
	}
}

func TestAuth_CreateUsers(t *testing.T) {
	type args struct {
		ctx     context.Context
		request *apb.CreateUsersRequest
	}
	tests := []struct {
		name    string
		args    args
		want    apb.Status
		wantErr bool
	}{
		{
			name: "default create users",
			args: args{ctx: context.TODO(),
				request: &apb.CreateUsersRequest{
					User: []*apb.User{
						{
							Name:     "asdf",
							Roles:    map[string]string{pndID: "asdf"},
							Password: "asdf",
							Token:    "",
						},
					},
				},
			},
			want:    apb.Status_STATUS_OK,
			wantErr: false,
		},
	}
	for _, tt := range tests {
		t.Run(tt.name, func(t *testing.T) {
			s := Auth{}
			got, err := s.CreateUsers(tt.args.ctx, tt.args.request)
			if (err != nil) != tt.wantErr {
				t.Errorf("Auth.CreateUsers() error = %v, wantErr %v", err, tt.wantErr)
				return
			}

			if !reflect.DeepEqual(got.Status, tt.want) {
				t.Errorf("Auth.CreateUsers() = %v, want %v", got, tt.want)
			}
		})
	}
}

func TestAuth_GetUser(t *testing.T) {
	type args struct {
		ctx     context.Context
		request *apb.GetUserRequest
	}
	tests := []struct {
		name    string
		args    args
		want    *apb.GetUserResponse
		wantErr bool
	}{
		{
			name: "default get user",
			args: args{
				ctx: context.TODO(),
				request: &apb.GetUserRequest{
					Name: "testAdmin",
				},
			},
			want: &apb.GetUserResponse{Status: apb.Status_STATUS_OK,
				User: &apb.User{Id: adminID,
					Name: "testAdmin"}},
			wantErr: false,
		},
		{
			name: "fail get user",
			args: args{
				ctx: context.TODO(),
				request: &apb.GetUserRequest{
					Name: "nope",
				},
			},
			want:    nil,
			wantErr: true,
		},
	}
	for _, tt := range tests {
		t.Run(tt.name, func(t *testing.T) {
			s := Auth{}
			got, err := s.GetUser(tt.args.ctx, tt.args.request)
			if (err != nil) != tt.wantErr {
				t.Errorf("Auth.GetUser() error = %v, wantErr %v", err, tt.wantErr)
				return
			}

			if got != nil && got.Status == tt.want.Status {
				if got.User.Name != tt.want.User.Name || got.User.Id != tt.want.User.Id {
					t.Errorf("Auth.GetUser() = %v, want %v", got, tt.want)
				}
			} else {
				if got != nil {
					t.Errorf("Auth.GetUser() = %v, want %v", got, tt.want)
				}
			}
		})
	}
}

func TestAuth_GetUsers(t *testing.T) {
	err := clearAndCreateAuthTestSetup()
	if err != nil {
		t.Fatalf("%v", err)
	}
	type args struct {
		ctx     context.Context
		request *apb.GetUsersRequest
	}
	tests := []struct {
		name    string
		args    args
		want    *apb.GetUsersResponse
		wantLen int
		wantErr bool
	}{
		{
			name: "default get users",
			args: args{ctx: context.TODO(),
				request: &apb.GetUsersRequest{},
			},
			want: &apb.GetUsersResponse{Status: apb.Status_STATUS_OK,
				User: []*apb.User{
					{Name: "testAdmin"},
					{Name: "testUser"},
					{Name: "testRandom"}},
			},
			wantLen: 3,
			wantErr: false,
		},
	}

	for _, tt := range tests {
		t.Run(tt.name, func(t *testing.T) {
			s := Auth{}
			got, err := s.GetUsers(tt.args.ctx, tt.args.request)
			if (err != nil) != tt.wantErr {
				t.Errorf("Auth.GetUsers() error = %v, wantErr %v", err, tt.wantErr)
				return
			}

			if got != nil && got.Status == apb.Status_STATUS_OK {
				if len(got.User) != tt.wantLen {
					t.Errorf("Auth.GetUsers() = %v, want %v", got, tt.want)
				}

				for _, gotU := range got.User {
					containsExpected := false
					for _, wantU := range tt.want.User {
						if gotU.Name == wantU.Name {
							containsExpected = true
							break
						}
					}
					if !containsExpected {
						t.Errorf("Auth.GetUsers() = %v, want %v", got, tt.want)
					}
				}
			}
		})
	}
}

func TestAuth_UpdateUsers(t *testing.T) {
	type args struct {
		ctx     context.Context
		request *apb.UpdateUsersRequest
	}
	tests := []struct {
		name    string
		args    args
		want    *apb.UpdateUsersResponse
		wantErr bool
	}{
		{
			name: "default update user",
			args: args{ctx: context.TODO(),
				request: &apb.UpdateUsersRequest{User: []*apb.User{
					{Id: adminID,
						Name: "sth Else"},
				},
				},
			},
			want: &apb.UpdateUsersResponse{
				Status: apb.Status_STATUS_OK},
			wantErr: false,
		},
		{
			name: "error update user",
			args: args{ctx: context.TODO(),
				request: &apb.UpdateUsersRequest{User: []*apb.User{
					{Id: uuid.NewString(),
						Name: "not a user"},
				},
				},
			},
			want:    nil,
			wantErr: true,
		},
	}

	for _, tt := range tests {
		t.Run(tt.name, func(t *testing.T) {
			s := Auth{}
			got, err := s.UpdateUsers(tt.args.ctx, tt.args.request)
			if (err != nil) != tt.wantErr {
				t.Errorf("Auth.UpdateUsers() error = %v, wantErr %v", err, tt.wantErr)
				return
			}
			if got != nil && got.Status != tt.want.Status {
				t.Errorf("Auth.UpdateUsers() = %v, want %v", got, tt.want)
			}
		})
	}
}

func TestAuth_DeleteUsers(t *testing.T) {
	type args struct {
		ctx     context.Context
		request *apb.DeleteUsersRequest
	}
	tests := []struct {
		name    string
		args    args
		want    *apb.DeleteUsersResponse
		wantErr bool
	}{
		{
			name: "default delete users",
			args: args{ctx: context.TODO(),
				request: &apb.DeleteUsersRequest{Username: []string{"testUser"}},
			},
			want:    &apb.DeleteUsersResponse{Status: apb.Status_STATUS_OK},
			wantErr: false,
		},
		{
			name: "error delete users",
			args: args{ctx: context.TODO(),
				request: &apb.DeleteUsersRequest{Username: []string{"no user"}},
			},
			want:    &apb.DeleteUsersResponse{Status: apb.Status_STATUS_OK},
			wantErr: true,
		},
	}
	for _, tt := range tests {
		t.Run(tt.name, func(t *testing.T) {
			s := Auth{}
			got, err := s.DeleteUsers(tt.args.ctx, tt.args.request)
			if (err != nil) != tt.wantErr {
				t.Errorf("Auth.DeleteUsers() error = %v, wantErr %v", err, tt.wantErr)
				return
			}
			if got != nil && got.Status != tt.want.Status {
				t.Errorf("Auth.DeleteUsers() = %v, want %v", got, tt.want)
			}
		})
	}
}

func TestAuth_CreateRoles(t *testing.T) {
	type args struct {
		ctx     context.Context
		request *apb.CreateRolesRequest
	}
	tests := []struct {
		name    string
		args    args
		want    *apb.CreateRolesResponse
		wantErr bool
	}{
		{
			name: "default create roles",
			args: args{ctx: context.TODO(),
				request: &apb.CreateRolesRequest{
					Roles: []*apb.Role{
						{
							Name:        "new role 1",
							Description: "Role 1",
							Permissions: []string{"permission 1", "permission 2"},
						},
					},
				},
			},
			want:    &apb.CreateRolesResponse{Status: apb.Status_STATUS_OK},
			wantErr: false,
		},
	}
	for _, tt := range tests {
		t.Run(tt.name, func(t *testing.T) {
			s := Auth{}
			got, err := s.CreateRoles(tt.args.ctx, tt.args.request)
			if (err != nil) != tt.wantErr {
				t.Errorf("Auth.CreateRoles() error = %v, wantErr %v", err, tt.wantErr)
				return
			}

			if got != nil && got.Status != tt.want.Status {
				t.Errorf("Auth.CreateRoles() = %v, want %v", got, tt.want)
			}
		})
	}
}

func TestAuth_GetRole(t *testing.T) {
	type args struct {
		ctx     context.Context
		request *apb.GetRoleRequest
	}
	tests := []struct {
		name    string
		args    args
		want    *apb.GetRoleResponse
		wantErr bool
	}{
		{
			name: "default get role",
			args: args{
				ctx: context.TODO(),
				request: &apb.GetRoleRequest{
					RoleName: "adminTestRole",
				},
			},
			want: &apb.GetRoleResponse{
				Role: &apb.Role{
					Name:        "adminTestRole",
					Description: "Admin",
				},
				Status: apb.Status_STATUS_OK,
			},
			wantErr: false,
		},
		{
			name: "error get role",
			args: args{
				ctx: context.TODO(),
				request: &apb.GetRoleRequest{
					RoleName: "not role",
				},
			},
			want:    nil,
			wantErr: true,
		},
	}
	for _, tt := range tests {
		t.Run(tt.name, func(t *testing.T) {
			s := Auth{}
			got, err := s.GetRole(tt.args.ctx, tt.args.request)
			if (err != nil) != tt.wantErr {
				t.Errorf("Auth.GetRole() error = %v, wantErr %v", err, tt.wantErr)
				return
			}
			if got != nil && got.Status == tt.want.Status {
				if got.Role.Name != tt.want.Role.Name || got.Role.Description != tt.want.Role.Description {
					t.Errorf("Auth.GetRole() = %v, want %v", got, tt.want)
				}
			} else {
				if got != nil {
					t.Errorf("Auth.GetRole() = %v, want %v", got, tt.want)
				}
			}
		})
	}
}

func TestAuth_GetRoles(t *testing.T) {
	err := clearAndCreateAuthTestSetup()
	if err != nil {
		t.Fatalf("%v", err)
	}

	type args struct {
		ctx     context.Context
		request *apb.GetRolesRequest
	}
	tests := []struct {
		name    string
		args    args
		want    *apb.GetRolesResponse
		wantLen int
		wantErr bool
	}{
		{
			name: "default get roles",
			args: args{
				ctx:     context.TODO(),
				request: &apb.GetRolesRequest{},
			},
			want: &apb.GetRolesResponse{
				Status: apb.Status_STATUS_OK,
				Roles: []*apb.Role{
					{
						Name:        "adminTestRole",
						Description: "Admin",
						Permissions: []string{
							"/gosdn.core.CoreService/GetPnd",
							"/gosdn.core.CoreService/GetPndList",
						}},
					{
						Name:        "userTestRole",
						Description: "User",
						Permissions: []string{
							"/gosdn.pnd.PndService/GetChangeList",
						}},
					{
						Name:        randomRoleName,
						Description: "Not a role",
						Permissions: []string{
							"nope",
						},
					},
				},
			},
			wantLen: 3,
			wantErr: false,
		},
	}
	for _, tt := range tests {
		t.Run(tt.name, func(t *testing.T) {
			s := Auth{}
			got, err := s.GetRoles(tt.args.ctx, tt.args.request)
			if (err != nil) != tt.wantErr {
				t.Errorf("Auth.GetRoles() error = %v, wantErr %v", err, tt.wantErr)
				return
			}
			if got != nil && got.Status == tt.want.Status {
				if len(got.Roles) != 3 {
					t.Errorf("Auth.GetRoles() = %v, want %v", got, tt.want)
				}
				for _, gotR := range got.Roles {
					containsExpected := false
					for _, wantR := range tt.want.Roles {
						gotPerm := gotR.Permissions
						wantPerm := wantR.Permissions
						if gotR.Description == wantR.Description && gotR.Name == wantR.Name &&
							reflect.DeepEqual(gotPerm, wantPerm) {
							containsExpected = true
							break
						}
					}
					if !containsExpected {
						t.Errorf("Auth.GetRoles() = %v, want %v", got, tt.want)
					}
				}
			}
		})
	}
}

func TestAuth_UpdateRoles(t *testing.T) {
	type args struct {
		ctx     context.Context
		request *apb.UpdateRolesRequest
	}
	tests := []struct {
		name    string
		args    args
		want    *apb.UpdateRolesResponse
		wantErr bool
	}{
		{
			name: "default update roles",
			args: args{
				ctx: context.TODO(),
				request: &apb.UpdateRolesRequest{
					Roles: []*apb.Role{
						{
							Id:   adminRoleID,
							Name: "New Name",
						},
					},
				},
			},
			want: &apb.UpdateRolesResponse{
				Status: apb.Status_STATUS_OK,
			},
			wantErr: false,
		},
		{
			name: "error update roles",
			args: args{
				ctx: context.TODO(),
				request: &apb.UpdateRolesRequest{
					Roles: []*apb.Role{
						{
							Id:   uuid.NewString(),
							Name: "New Name",
						},
					},
				},
			},
			want:    nil,
			wantErr: true,
		},
	}
	for _, tt := range tests {
		t.Run(tt.name, func(t *testing.T) {
			s := Auth{}
			got, err := s.UpdateRoles(tt.args.ctx, tt.args.request)
			if (err != nil) != tt.wantErr {
				t.Errorf("Auth.UpdateRoles() error = %v, wantErr %v", err, tt.wantErr)
				return
			}
			if got != nil && got.Status != tt.want.Status {
				t.Errorf("Auth.UpdateRoles() = %v, want %v", got, tt.want)
			}
		})
	}
}

func TestAuth_DeletePermissionsForRole(t *testing.T) {
	type args struct {
		ctx     context.Context
		request *apb.DeletePermissionsForRoleRequest
	}
	tests := []struct {
		name    string
		args    args
		want    *apb.DeletePermissionsForRoleResponse
		wantErr bool
	}{
		{
			name: "default delete permissions for role",
			args: args{
				ctx: context.TODO(),
				request: &apb.DeletePermissionsForRoleRequest{
					RoleName: "adminTestRole",
					PermissionsToDelete: []string{
						"/gosdn.core.CoreService/GetPnd",
						"/gosdn.core.CoreService/GetPndList",
					},
				},
			},
			want: &apb.DeletePermissionsForRoleResponse{
				Status: apb.Status_STATUS_OK,
			},
			wantErr: false,
		},
		{
			name: "error delete permissions for role no proper permissions provided",
			args: args{
				ctx: context.TODO(),
				request: &apb.DeletePermissionsForRoleRequest{
					RoleName: "adminTestRole",
					PermissionsToDelete: []string{
						"no",
					},
				},
			},
			want: &apb.DeletePermissionsForRoleResponse{
				Status: apb.Status_STATUS_OK,
			},
			wantErr: true,
		},
	}
	for _, tt := range tests {
		t.Run(tt.name, func(t *testing.T) {
			s := Auth{}
			got, err := s.DeletePermissionsForRole(tt.args.ctx, tt.args.request)
			if (err != nil) != tt.wantErr {
				t.Errorf("Auth.DeletePermissionsForRole() error = %v, wantErr %v", err, tt.wantErr)
				return
			}
			if got != nil && got.Status != tt.want.Status {
				t.Errorf("Auth.DeletePermissionsForRole() = %v, want %v", got, tt.want)
			}
		})
	}
}

func TestAuth_DeleteRoles(t *testing.T) {
	type args struct {
		ctx     context.Context
		request *apb.DeleteRolesRequest
	}
	tests := []struct {
		name    string
		args    args
		want    *apb.DeleteRolesResponse
		wantErr bool
	}{
		{
			name: "default delete roles",
			args: args{
				ctx: context.TODO(),
				request: &apb.DeleteRolesRequest{
					RoleName: []string{
						"userTestRole",
					},
				},
			},
			want: &apb.DeleteRolesResponse{
				Status: apb.Status_STATUS_OK,
			},
			wantErr: false,
		},
		{
			name: "error delete roles",
			args: args{
				ctx: context.TODO(),
				request: &apb.DeleteRolesRequest{
					RoleName: []string{
						"no",
					},
				},
			},
			want: &apb.DeleteRolesResponse{
				Status: apb.Status_STATUS_OK,
			},
			wantErr: true,
		},
	}
	for _, tt := range tests {
		t.Run(tt.name, func(t *testing.T) {
			s := Auth{}
			got, err := s.DeleteRoles(tt.args.ctx, tt.args.request)
			if (err != nil) != tt.wantErr {
				t.Errorf("Auth.DeleteRoles() error = %v, wantErr %v", err, tt.wantErr)
				return
			}
			if got != nil && got.Status != tt.want.Status {
				t.Errorf("Auth.DeleteRoles() = %v, want %v", got, tt.want)
			}
		})
	}
}

func clearAndCreateAuthTestSetup() error {
	//clear setup if changed
	storedUsers, err := userc.GetAll()
	if err != nil {
		return err
	}
	for _, u := range storedUsers {
		err = userc.Delete(u)
		if err != nil {
			return err
		}
	}

	storedRoles, err := rolec.GetAll()
	if err != nil {
		return err
	}
	for _, r := range storedRoles {
		err = rolec.Delete(r)
		if err != nil {
			return err
		}
	}

	// create dataset
	err = createTestUsers()
	if err != nil {
		return err
	}

	err = createTestRoles()
	if err != nil {
		return err
	}
	return nil
}

//TODO(faseid): change password to hashed/encrypted one
func createTestUsers() error {

	randomRoleMap := map[string]string{pndID: randomRoleName}

	users := []rbac.User{
		{UserID: uuid.MustParse(adminID), UserName: "testAdmin", Roles: adminRoleMap, Password: "admin"},
		{UserID: uuid.MustParse(userID), UserName: "testUser", Roles: userRoleMap, Password: "user"},
		{UserID: uuid.New(), UserName: "testRandom", Roles: randomRoleMap, Password: "aurelius", Token: "wrong token"},
	}

	for _, u := range users {
		err := userc.Add(rbac.NewUser(u.ID(), u.Name(), u.Roles, u.Password, ""))
		if err != nil {
			return err
		}
	}

	return nil
}

func createTestRoles() error {
	roles := []rbac.Role{
		{
			RoleID:      uuid.MustParse(adminRoleID),
			RoleName:    "adminTestRole",
			Description: "Admin",
			Permissions: []string{
				"/gosdn.core.CoreService/GetPnd",
				"/gosdn.core.CoreService/GetPndList",
			},
		},
		{
			RoleID:      uuid.New(),
			RoleName:    "userTestRole",
			Description: "User",
			Permissions: []string{
				"/gosdn.pnd.PndService/GetChangeList",
			},
		},
		{
			RoleID:      uuid.New(),
			RoleName:    randomRoleName,
			Description: "Not a role",
			Permissions: []string{
				"nope",
			},
		},
	}

	for _, r := range roles {
		err := rolec.Add(rbac.NewRole(r.ID(), r.Name(), r.Description, r.Permissions))
		if err != nil {
			return err
		}
	}

	return nil
}