Ghost User
--- a/controller/northbound/server/auth_interceptor_test.go

+ 67

− 33
+++ b/controller/northbound/server/auth_interceptor_test.go

+ 67

− 33
 @@ -2,14 +2,13 @@ package server

 import (
 	"context"
+	"fmt"
 	"log"
 	"net"
 	"testing"

 	apb "code.fbi.h-da.de/danet/gosdn/api/go/gosdn/rbac"
 	spb "code.fbi.h-da.de/danet/gosdn/api/go/gosdn/southbound"
-	"code.fbi.h-da.de/danet/gosdn/controller/rbac"
-	"code.fbi.h-da.de/danet/gosdn/controller/store"
 	"google.golang.org/grpc"
 	"google.golang.org/grpc/credentials/insecure"
 	"google.golang.org/grpc/metadata"
 @@ -37,29 +36,16 @@ func dialer() func(context.Context, string) (net.Conn, error) {
 }

 func TestAuthInterceptor_Unary(t *testing.T) {
-	validToken, err := jwt.GenerateToken(rbac.User{UserName: "testAdmin"})
+	validToken, err := createTestUserToken("testAdmin", true)
 	if err != nil {
 		log.Fatal(err)
 	}

-	wrongUserToken, err := jwt.GenerateToken(rbac.User{UserName: "foo"})
+	wrongUserToken, err := createTestUserToken("foo", false)
 	if err != nil {
 		log.Fatal(err)
 	}

-	user, err := userc.Get(store.Query{Name: "testAdmin"})
-	if err != nil {
-		log.Fatal(err)
-	}
-	user.SetToken(validToken)
-
-	err = userc.Update(user)
-	if err != nil {
-		log.Fatal(err)
-	}
-
-	md := metadata.Pairs("authorize", validToken)
-
 	ctx := context.Background()
 	conn, err := grpc.DialContext(ctx, "", grpc.WithTransportCredentials(insecure.NewCredentials()), grpc.WithContextDialer(dialer()))
 	if err != nil {
 @@ -82,7 +68,7 @@ func TestAuthInterceptor_Unary(t *testing.T) {
 		{
 			name: "default unary interceptor",
 			args: args{
-				ctx:     metadata.NewOutgoingContext(context.Background(), md),
+				ctx:     metadata.NewOutgoingContext(context.Background(), metadata.Pairs("authorize", validToken)),
 				request: &apb.GetUsersRequest{},
 			},
 			want: &apb.GetUsersResponse{
 @@ -136,23 +122,10 @@ func TestAuthInterceptor_Unary(t *testing.T) {
 }

 func TestAuthInterceptor_Stream(t *testing.T) {
-	validToken, err := jwt.GenerateToken(rbac.User{UserName: "testAdmin"})
-	if err != nil {
-		log.Fatal(err)
-	}
-
-	user, err := userc.Get(store.Query{Name: "testAdmin"})
+	validToken, err := createTestUserToken("testAdmin", true)
 	if err != nil {
 		log.Fatal(err)
 	}
-	user.SetToken(validToken)
-
-	err = userc.Update(user)
-	if err != nil {
-		log.Fatal(err)
-	}
-
-	md := metadata.Pairs("authorize", validToken)

 	ctx := context.Background()
 	conn, err := grpc.DialContext(ctx, "", grpc.WithTransportCredentials(insecure.NewCredentials()), grpc.WithContextDialer(dialer()))
 @@ -175,7 +148,7 @@ func TestAuthInterceptor_Stream(t *testing.T) {
 		{
 			name: "default stream interceptor",
 			args: args{
-				ctx: metadata.NewOutgoingContext(context.Background(), md),
+				ctx: metadata.NewOutgoingContext(context.Background(), metadata.Pairs("authorize", validToken)),
 				request: &spb.GetSchemaRequest{
 					Pid: pndID,
 					Sid: sbiID,
 @@ -212,3 +185,64 @@ func TestAuthInterceptor_Stream(t *testing.T) {
 		})
 	}
 }
+
+func TestAuthInterceptor_authorize(t *testing.T) {
+	validToken, err := createTestUserToken("testAdmin", true)
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	wrongUserToken, err := createTestUserToken("foo", false)
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	md := metadata.Pairs("authorize", validToken)
+	fmt.Println(md.Get("authorize"))
+
+	type args struct {
+		ctx    context.Context
+		method string
+	}
+	tests := []struct {
+		name    string
+		args    args
+		wantErr bool
+	}{
+		{
+			name: "default authorize",
+			args: args{
+				ctx:    metadata.NewIncomingContext(context.Background(), metadata.Pairs("authorize", validToken)),
+				method: "/gosdn.rbac.UserService/GetUsers",
+			},
+			wantErr: false,
+		},
+		{
+			name: "error invalid token",
+			args: args{
+				ctx:    metadata.NewIncomingContext(context.Background(), metadata.Pairs("authorize", wrongUserToken)),
+				method: "/gosdn.rbac.UserService/GetUsers",
+			},
+			wantErr: true,
+		},
+		{
+			name: "error no permission for request",
+			args: args{
+				ctx:    metadata.NewIncomingContext(context.Background(), metadata.Pairs("authorize", validToken)),
+				method: "/gosdn.pnd.PndService/DeleteOnd",
+			},
+			wantErr: true,
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			auth := &AuthInterceptor{
+				jwtManager: jwt,
+			}
+
+			if err := auth.authorize(tt.args.ctx, tt.args.method); (err != nil) != tt.wantErr {
+				t.Errorf("AuthInterceptor.authorize() error = %v, wantErr %v", err, tt.wantErr)
+			}
+		})
+	}
+}