diff --git a/controller/northbound/server/auth_interceptor_test.go b/controller/northbound/server/auth_interceptor_test.go
index 1bf696bd36959cfac6a0b38f0106999607f84c20..2d975d9191ad0c6c84ecf396e2e07df87046b43b 100644
--- a/controller/northbound/server/auth_interceptor_test.go
+++ b/controller/northbound/server/auth_interceptor_test.go
@@ -2,14 +2,13 @@ package server
import (
"context"
+ "fmt"
"log"
"net"
"testing"
apb "code.fbi.h-da.de/danet/gosdn/api/go/gosdn/rbac"
spb "code.fbi.h-da.de/danet/gosdn/api/go/gosdn/southbound"
- "code.fbi.h-da.de/danet/gosdn/controller/rbac"
- "code.fbi.h-da.de/danet/gosdn/controller/store"
"google.golang.org/grpc"
"google.golang.org/grpc/credentials/insecure"
"google.golang.org/grpc/metadata"
@@ -37,29 +36,16 @@ func dialer() func(context.Context, string) (net.Conn, error) {
}
func TestAuthInterceptor_Unary(t *testing.T) {
- validToken, err := jwt.GenerateToken(rbac.User{UserName: "testAdmin"})
+ validToken, err := createTestUserToken("testAdmin", true)
if err != nil {
log.Fatal(err)
}
- wrongUserToken, err := jwt.GenerateToken(rbac.User{UserName: "foo"})
+ wrongUserToken, err := createTestUserToken("foo", false)
if err != nil {
log.Fatal(err)
}
- user, err := userc.Get(store.Query{Name: "testAdmin"})
- if err != nil {
- log.Fatal(err)
- }
- user.SetToken(validToken)
-
- err = userc.Update(user)
- if err != nil {
- log.Fatal(err)
- }
-
- md := metadata.Pairs("authorize", validToken)
-
ctx := context.Background()
conn, err := grpc.DialContext(ctx, "", grpc.WithTransportCredentials(insecure.NewCredentials()), grpc.WithContextDialer(dialer()))
if err != nil {
@@ -82,7 +68,7 @@ func TestAuthInterceptor_Unary(t *testing.T) {
{
name: "default unary interceptor",
args: args{
- ctx: metadata.NewOutgoingContext(context.Background(), md),
+ ctx: metadata.NewOutgoingContext(context.Background(), metadata.Pairs("authorize", validToken)),
request: &apb.GetUsersRequest{},
},
want: &apb.GetUsersResponse{
@@ -136,23 +122,10 @@ func TestAuthInterceptor_Unary(t *testing.T) {
}
func TestAuthInterceptor_Stream(t *testing.T) {
- validToken, err := jwt.GenerateToken(rbac.User{UserName: "testAdmin"})
- if err != nil {
- log.Fatal(err)
- }
-
- user, err := userc.Get(store.Query{Name: "testAdmin"})
+ validToken, err := createTestUserToken("testAdmin", true)
if err != nil {
log.Fatal(err)
}
- user.SetToken(validToken)
-
- err = userc.Update(user)
- if err != nil {
- log.Fatal(err)
- }
-
- md := metadata.Pairs("authorize", validToken)
ctx := context.Background()
conn, err := grpc.DialContext(ctx, "", grpc.WithTransportCredentials(insecure.NewCredentials()), grpc.WithContextDialer(dialer()))
@@ -175,7 +148,7 @@ func TestAuthInterceptor_Stream(t *testing.T) {
{
name: "default stream interceptor",
args: args{
- ctx: metadata.NewOutgoingContext(context.Background(), md),
+ ctx: metadata.NewOutgoingContext(context.Background(), metadata.Pairs("authorize", validToken)),
request: &spb.GetSchemaRequest{
Pid: pndID,
Sid: sbiID,
@@ -212,3 +185,64 @@ func TestAuthInterceptor_Stream(t *testing.T) {
})
}
}
+
+func TestAuthInterceptor_authorize(t *testing.T) {
+ validToken, err := createTestUserToken("testAdmin", true)
+ if err != nil {
+ log.Fatal(err)
+ }
+
+ wrongUserToken, err := createTestUserToken("foo", false)
+ if err != nil {
+ log.Fatal(err)
+ }
+
+ md := metadata.Pairs("authorize", validToken)
+ fmt.Println(md.Get("authorize"))
+
+ type args struct {
+ ctx context.Context
+ method string
+ }
+ tests := []struct {
+ name string
+ args args
+ wantErr bool
+ }{
+ {
+ name: "default authorize",
+ args: args{
+ ctx: metadata.NewIncomingContext(context.Background(), metadata.Pairs("authorize", validToken)),
+ method: "/gosdn.rbac.UserService/GetUsers",
+ },
+ wantErr: false,
+ },
+ {
+ name: "error invalid token",
+ args: args{
+ ctx: metadata.NewIncomingContext(context.Background(), metadata.Pairs("authorize", wrongUserToken)),
+ method: "/gosdn.rbac.UserService/GetUsers",
+ },
+ wantErr: true,
+ },
+ {
+ name: "error no permission for request",
+ args: args{
+ ctx: metadata.NewIncomingContext(context.Background(), metadata.Pairs("authorize", validToken)),
+ method: "/gosdn.pnd.PndService/DeleteOnd",
+ },
+ wantErr: true,
+ },
+ }
+ for _, tt := range tests {
+ t.Run(tt.name, func(t *testing.T) {
+ auth := &AuthInterceptor{
+ jwtManager: jwt,
+ }
+
+ if err := auth.authorize(tt.args.ctx, tt.args.method); (err != nil) != tt.wantErr {
+ t.Errorf("AuthInterceptor.authorize() error = %v, wantErr %v", err, tt.wantErr)
+ }
+ })
+ }
+}
diff --git a/controller/northbound/server/test_util_test.go b/controller/northbound/server/test_util_test.go
index 6da586aa99dcbaacbf70bffb0432b2dea4495189..96992775cf3d5a1033dae8fd20ab021658bdd9e0 100644
--- a/controller/northbound/server/test_util_test.go
+++ b/controller/northbound/server/test_util_test.go
@@ -6,6 +6,7 @@ import (
"testing"
"code.fbi.h-da.de/danet/gosdn/controller/rbac"
+ "code.fbi.h-da.de/danet/gosdn/controller/store"
"github.com/google/uuid"
)
@@ -136,3 +137,27 @@ func patchLogger(t *testing.T) {
log.SetOutput(orig)
})
}
+
+// Creates a token to be used in auth interceptor tests. If validTokenRequired is set as true, the generated token will also
+// be attached to the provided user. Else the user won't have the token and can not be authorized.
+func createTestUserToken(userName string, validTokenRequired bool) (string, error) {
+ token, err := jwt.GenerateToken(rbac.User{UserName: userName})
+ if err != nil {
+ return token, err
+ }
+
+ if validTokenRequired {
+ user, err := userc.Get(store.Query{Name: userName})
+ if err != nil {
+ return token, err
+ }
+ user.SetToken(token)
+
+ err = userc.Update(user)
+ if err != nil {
+ return token, err
+ }
+ }
+
+ return token, nil
+}