tests for authorize method in interceptor and beautification

e774084a · Fabian Seidl · cf1caff0 · e774084a · e774084a
Commit e774084a authored 3 years ago by Fabian Seidl
--- a/controller/northbound/server/auth_interceptor_test.go
+++ b/controller/northbound/server/auth_interceptor_test.go
@@ -2,14 +2,13 @@ package server

 import (
 	"context"
+	"fmt"
 	"log"
 	"net"
 	"testing"

 	apb "code.fbi.h-da.de/danet/gosdn/api/go/gosdn/rbac"
 	spb "code.fbi.h-da.de/danet/gosdn/api/go/gosdn/southbound"
-	"code.fbi.h-da.de/danet/gosdn/controller/rbac"
-	"code.fbi.h-da.de/danet/gosdn/controller/store"
 	"google.golang.org/grpc"
 	"google.golang.org/grpc/credentials/insecure"
 	"google.golang.org/grpc/metadata"
@@ -37,29 +36,16 @@ func dialer() func(context.Context, string) (net.Conn, error) {
 }

 func TestAuthInterceptor_Unary(t *testing.T) {
-	validToken, err := jwt.GenerateToken(rbac.User{UserName: "testAdmin"})
+	validToken, err := createTestUserToken("testAdmin", true)
 	if err != nil {
 		log.Fatal(err)
 	}

-	wrongUserToken, err := jwt.GenerateToken(rbac.User{UserName: "foo"})
+	wrongUserToken, err := createTestUserToken("foo", false)
 	if err != nil {
 		log.Fatal(err)
 	}

-	user, err := userc.Get(store.Query{Name: "testAdmin"})
-	if err != nil {
-		log.Fatal(err)
-	}
-	user.SetToken(validToken)
-
-	err = userc.Update(user)
-	if err != nil {
-		log.Fatal(err)
-	}
-
-	md := metadata.Pairs("authorize", validToken)
-
 	ctx := context.Background()
 	conn, err := grpc.DialContext(ctx, "", grpc.WithTransportCredentials(insecure.NewCredentials()), grpc.WithContextDialer(dialer()))
 	if err != nil {
@@ -82,7 +68,7 @@ func TestAuthInterceptor_Unary(t *testing.T) {
 		{
 			name: "default unary interceptor",
 			args: args{
-				ctx:     metadata.NewOutgoingContext(context.Background(), md),
+				ctx:     metadata.NewOutgoingContext(context.Background(), metadata.Pairs("authorize", validToken)),
 				request: &apb.GetUsersRequest{},
 			},
 			want: &apb.GetUsersResponse{
@@ -136,23 +122,10 @@ func TestAuthInterceptor_Unary(t *testing.T) {
 }

 func TestAuthInterceptor_Stream(t *testing.T) {
-	validToken, err := jwt.GenerateToken(rbac.User{UserName: "testAdmin"})
-	if err != nil {
-		log.Fatal(err)
-	}
-
-	user, err := userc.Get(store.Query{Name: "testAdmin"})
+	validToken, err := createTestUserToken("testAdmin", true)
 	if err != nil {
 		log.Fatal(err)
 	}
-	user.SetToken(validToken)
-
-	err = userc.Update(user)
-	if err != nil {
-		log.Fatal(err)
-	}
-
-	md := metadata.Pairs("authorize", validToken)

 	ctx := context.Background()
 	conn, err := grpc.DialContext(ctx, "", grpc.WithTransportCredentials(insecure.NewCredentials()), grpc.WithContextDialer(dialer()))
@@ -175,7 +148,7 @@ func TestAuthInterceptor_Stream(t *testing.T) {
 		{
 			name: "default stream interceptor",
 			args: args{
-				ctx: metadata.NewOutgoingContext(context.Background(), md),
+				ctx: metadata.NewOutgoingContext(context.Background(), metadata.Pairs("authorize", validToken)),
 				request: &spb.GetSchemaRequest{
 					Pid: pndID,
 					Sid: sbiID,
@@ -212,3 +185,64 @@ func TestAuthInterceptor_Stream(t *testing.T) {
 		})
 	}
 }
+
+func TestAuthInterceptor_authorize(t *testing.T) {
+	validToken, err := createTestUserToken("testAdmin", true)
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	wrongUserToken, err := createTestUserToken("foo", false)
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	md := metadata.Pairs("authorize", validToken)
+	fmt.Println(md.Get("authorize"))
+
+	type args struct {
+		ctx    context.Context
+		method string
+	}
+	tests := []struct {
+		name    string
+		args    args
+		wantErr bool
+	}{
+		{
+			name: "default authorize",
+			args: args{
+				ctx:    metadata.NewIncomingContext(context.Background(), metadata.Pairs("authorize", validToken)),
+				method: "/gosdn.rbac.UserService/GetUsers",
+			},
+			wantErr: false,
+		},
+		{
+			name: "error invalid token",
+			args: args{
+				ctx:    metadata.NewIncomingContext(context.Background(), metadata.Pairs("authorize", wrongUserToken)),
+				method: "/gosdn.rbac.UserService/GetUsers",
+			},
+			wantErr: true,
+		},
+		{
+			name: "error no permission for request",
+			args: args{
+				ctx:    metadata.NewIncomingContext(context.Background(), metadata.Pairs("authorize", validToken)),
+				method: "/gosdn.pnd.PndService/DeleteOnd",
+			},
+			wantErr: true,
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			auth := &AuthInterceptor{
+				jwtManager: jwt,
+			}
+
+			if err := auth.authorize(tt.args.ctx, tt.args.method); (err != nil) != tt.wantErr {
+				t.Errorf("AuthInterceptor.authorize() error = %v, wantErr %v", err, tt.wantErr)
+			}
+		})
+	}
+}
--- a/controller/northbound/server/test_util_test.go
+++ b/controller/northbound/server/test_util_test.go
@@ -6,6 +6,7 @@ import (
 	"testing"

 	"code.fbi.h-da.de/danet/gosdn/controller/rbac"
+	"code.fbi.h-da.de/danet/gosdn/controller/store"
 	"github.com/google/uuid"
 )

@@ -136,3 +137,27 @@ func patchLogger(t *testing.T) {
 		log.SetOutput(orig)
 	})
 }
+
+// Creates a token to be used in auth interceptor tests. If validTokenRequired is set as true, the generated token will also
+// be attached to the provided user. Else the user won't have the token and can not be authorized.
+func createTestUserToken(userName string, validTokenRequired bool) (string, error) {
+	token, err := jwt.GenerateToken(rbac.User{UserName: userName})
+	if err != nil {
+		return token, err
+	}
+
+	if validTokenRequired {
+		user, err := userc.Get(store.Query{Name: userName})
+		if err != nil {
+			return token, err
+		}
+		user.SetToken(token)
+
+		err = userc.Update(user)
+		if err != nil {
+			return token, err
+		}
+	}
+
+	return token, nil
+}