grafana/pkg/services/authn/clients/basic_test.go

package clients

import (
	"context"
	"net/http"
	"testing"

	"github.com/grafana/authlib/claims"
	"github.com/stretchr/testify/assert"

	"github.com/grafana/grafana/pkg/services/authn"
	"github.com/grafana/grafana/pkg/services/authn/authntest"
)

func TestBasic_Authenticate(t *testing.T) {
	type TestCase struct {
		desc             string
		req              *authn.Request
		client           authn.PasswordClient
		expectedErr      error
		expectedIdentity *authn.Identity
	}

	tests := []TestCase{
		{
			desc:             "should success when password client return identity",
			req:              &authn.Request{HTTPRequest: &http.Request{Header: map[string][]string{authorizationHeaderName: {encodeBasicAuth("user", "password")}}}},
			client:           authntest.FakePasswordClient{ExpectedIdentity: &authn.Identity{ID: "1", Type: claims.TypeUser}},
			expectedIdentity: &authn.Identity{ID: "1", Type: claims.TypeUser},
		},
		{
			desc:        "should fail when basic auth header could not be decoded",
			req:         &authn.Request{HTTPRequest: &http.Request{Header: map[string][]string{authorizationHeaderName: {}}}},
			expectedErr: errDecodingBasicAuthHeader,
		},
	}

	for _, tt := range tests {
		t.Run(tt.desc, func(t *testing.T) {
			c := ProvideBasic(tt.client)

			identity, err := c.Authenticate(context.Background(), tt.req)
			if tt.expectedErr != nil {
				assert.ErrorIs(t, err, tt.expectedErr)
				assert.Nil(t, identity)
			} else {
				assert.NoError(t, err)
				assert.EqualValues(t, *tt.expectedIdentity, *identity)
			}
		})
	}
}

func TestBasic_Test(t *testing.T) {
	type TestCase struct {
		desc     string
		req      *authn.Request
		expected bool
	}

	tests := []TestCase{
		{
			desc: "should succeed when authorization header is set with basic prefix",
			req: &authn.Request{
				HTTPRequest: &http.Request{
					Header: map[string][]string{
						authorizationHeaderName: {encodeBasicAuth("user", "password")},
					},
				},
			},
			expected: true,
		},
		{
			desc: "should fail when no http request is passed",
			req:  &authn.Request{},
		},
		{
			desc: "should fail when no http authorization header is set in http request",
			req: &authn.Request{
				HTTPRequest: &http.Request{Header: map[string][]string{}},
			},
		},
		{
			desc: "should fail when authorization header is set but without basic prefix",
			req: &authn.Request{
				HTTPRequest: &http.Request{Header: map[string][]string{authorizationHeaderName: {"something"}}},
			},
		},
	}

	for _, tt := range tests {
		t.Run(tt.desc, func(t *testing.T) {
			c := ProvideBasic(authntest.FakePasswordClient{})
			assert.Equal(t, tt.expected, c.Test(context.Background(), tt.req))
		})
	}
}
AuthN: Add client to perform basic authentication (#60877) * AuthN: Add basic auth client boilerplate * AuthN: Implement test function for basic auth client * AuthN: Implement the authentication method for basic auth * AuthN: Add tests for basic auth authentication * ContextHandler: perform basic auth authentication through authn service if feature toggle is enabled * AuthN: Add providers for sync services and pass required dependencies 2023-01-03 03:23:38 -06:00			`package clients`

			`import (`
			`"context"`
			`"net/http"`
			`"testing"`

Identity: Remove typed id (#91801) * Refactor identity struct to store type in separate field * Update ResolveIdentity to take string representation of typedID * Add IsIdentityType to requester interface * Use IsIdentityType from interface * Remove usage of TypedID * Remote typedID struct * fix GetInternalID 2024-08-13 03:18:28 -05:00			`"github.com/grafana/authlib/claims"`
Chore: Fix goimports grouping (#62426) fix goimports ordering 2023-01-30 02:34:18 -06:00			`"github.com/stretchr/testify/assert"`

AuthN: Add client to perform basic authentication (#60877) * AuthN: Add basic auth client boilerplate * AuthN: Implement test function for basic auth client * AuthN: Implement the authentication method for basic auth * AuthN: Add tests for basic auth authentication * ContextHandler: perform basic auth authentication through authn service if feature toggle is enabled * AuthN: Add providers for sync services and pass required dependencies 2023-01-03 03:23:38 -06:00			`"github.com/grafana/grafana/pkg/services/authn"`
AuthN: Refactor basic auth client to support multiple password auth (#61153) * AuthN: add interface for password clients * AuthN: Extract grafana password client * AuthN: Rewrite basic client tests * AuthN: Add Ldap client and rename method of PasswordClient * AuthN: Configure multiple password clients * AuthN: create ldap service and add tests 2023-01-09 09:40:29 -06:00			`"github.com/grafana/grafana/pkg/services/authn/authntest"`
AuthN: Add client to perform basic authentication (#60877) * AuthN: Add basic auth client boilerplate * AuthN: Implement test function for basic auth client * AuthN: Implement the authentication method for basic auth * AuthN: Add tests for basic auth authentication * ContextHandler: perform basic auth authentication through authn service if feature toggle is enabled * AuthN: Add providers for sync services and pass required dependencies 2023-01-03 03:23:38 -06:00			`)`

			`func TestBasic_Authenticate(t *testing.T) {`
			`type TestCase struct {`
AuthN: Refactor basic auth client to support multiple password auth (#61153) * AuthN: add interface for password clients * AuthN: Extract grafana password client * AuthN: Rewrite basic client tests * AuthN: Add Ldap client and rename method of PasswordClient * AuthN: Configure multiple password clients * AuthN: create ldap service and add tests 2023-01-09 09:40:29 -06:00			`desc string`
			`req *authn.Request`
AuthN: Perform login with authn.Service (#61466) * AuthN: Create password client wrapper and use that on in basic auth client * AuthN: fix basic auth client test * AuthN: Add tests for form authentication * API: Inject authn service * Login: If authnService feature flag is enabled use authn login * Login: Handle token creation errors 2023-01-17 02:11:45 -06:00			`client authn.PasswordClient`
AuthN: Refactor basic auth client to support multiple password auth (#61153) * AuthN: add interface for password clients * AuthN: Extract grafana password client * AuthN: Rewrite basic client tests * AuthN: Add Ldap client and rename method of PasswordClient * AuthN: Configure multiple password clients * AuthN: create ldap service and add tests 2023-01-09 09:40:29 -06:00			`expectedErr error`
			`expectedIdentity *authn.Identity`
AuthN: Add client to perform basic authentication (#60877) * AuthN: Add basic auth client boilerplate * AuthN: Implement test function for basic auth client * AuthN: Implement the authentication method for basic auth * AuthN: Add tests for basic auth authentication * ContextHandler: perform basic auth authentication through authn service if feature toggle is enabled * AuthN: Add providers for sync services and pass required dependencies 2023-01-03 03:23:38 -06:00			`}`

			`tests := []TestCase{`
			`{`
AuthN: Refactor basic auth client to support multiple password auth (#61153) * AuthN: add interface for password clients * AuthN: Extract grafana password client * AuthN: Rewrite basic client tests * AuthN: Add Ldap client and rename method of PasswordClient * AuthN: Configure multiple password clients * AuthN: create ldap service and add tests 2023-01-09 09:40:29 -06:00			`desc: "should success when password client return identity",`
			`req: &authn.Request{HTTPRequest: &http.Request{Header: map[string][]string{authorizationHeaderName: {encodeBasicAuth("user", "password")}}}},`
Identity: Remove typed id (#91801) * Refactor identity struct to store type in separate field * Update ResolveIdentity to take string representation of typedID * Add IsIdentityType to requester interface * Use IsIdentityType from interface * Remove usage of TypedID * Remote typedID struct * fix GetInternalID 2024-08-13 03:18:28 -05:00			`client: authntest.FakePasswordClient{ExpectedIdentity: &authn.Identity{ID: "1", Type: claims.TypeUser}},`
			`expectedIdentity: &authn.Identity{ID: "1", Type: claims.TypeUser},`
AuthN: Add client to perform basic authentication (#60877) * AuthN: Add basic auth client boilerplate * AuthN: Implement test function for basic auth client * AuthN: Implement the authentication method for basic auth * AuthN: Add tests for basic auth authentication * ContextHandler: perform basic auth authentication through authn service if feature toggle is enabled * AuthN: Add providers for sync services and pass required dependencies 2023-01-03 03:23:38 -06:00			`},`
			`{`
AuthN: Perform login with authn.Service (#61466) * AuthN: Create password client wrapper and use that on in basic auth client * AuthN: fix basic auth client test * AuthN: Add tests for form authentication * API: Inject authn service * Login: If authnService feature flag is enabled use authn login * Login: Handle token creation errors 2023-01-17 02:11:45 -06:00			`desc: "should fail when basic auth header could not be decoded",`
			`req: &authn.Request{HTTPRequest: &http.Request{Header: map[string][]string{authorizationHeaderName: {}}}},`
			`expectedErr: errDecodingBasicAuthHeader,`
AuthN: Add client to perform basic authentication (#60877) * AuthN: Add basic auth client boilerplate * AuthN: Implement test function for basic auth client * AuthN: Implement the authentication method for basic auth * AuthN: Add tests for basic auth authentication * ContextHandler: perform basic auth authentication through authn service if feature toggle is enabled * AuthN: Add providers for sync services and pass required dependencies 2023-01-03 03:23:38 -06:00			`},`
			`}`

			`for _, tt := range tests {`
			`t.Run(tt.desc, func(t *testing.T) {`
AuthN: Perform login with authn.Service (#61466) * AuthN: Create password client wrapper and use that on in basic auth client * AuthN: fix basic auth client test * AuthN: Add tests for form authentication * API: Inject authn service * Login: If authnService feature flag is enabled use authn login * Login: Handle token creation errors 2023-01-17 02:11:45 -06:00			`c := ProvideBasic(tt.client)`
AuthN: Add client to perform basic authentication (#60877) * AuthN: Add basic auth client boilerplate * AuthN: Implement test function for basic auth client * AuthN: Implement the authentication method for basic auth * AuthN: Add tests for basic auth authentication * ContextHandler: perform basic auth authentication through authn service if feature toggle is enabled * AuthN: Add providers for sync services and pass required dependencies 2023-01-03 03:23:38 -06:00
			`identity, err := c.Authenticate(context.Background(), tt.req)`
			`if tt.expectedErr != nil {`
			`assert.ErrorIs(t, err, tt.expectedErr)`
			`assert.Nil(t, identity)`
			`} else {`
			`assert.NoError(t, err)`
			`assert.EqualValues(t, tt.expectedIdentity, identity)`
			`}`
			`})`
			`}`
			`}`

			`func TestBasic_Test(t *testing.T) {`
			`type TestCase struct {`
AuthN: Perform login with authn.Service (#61466) * AuthN: Create password client wrapper and use that on in basic auth client * AuthN: fix basic auth client test * AuthN: Add tests for form authentication * API: Inject authn service * Login: If authnService feature flag is enabled use authn login * Login: Handle token creation errors 2023-01-17 02:11:45 -06:00			`desc string`
			`req *authn.Request`
			`expected bool`
AuthN: Add client to perform basic authentication (#60877) * AuthN: Add basic auth client boilerplate * AuthN: Implement test function for basic auth client * AuthN: Implement the authentication method for basic auth * AuthN: Add tests for basic auth authentication * ContextHandler: perform basic auth authentication through authn service if feature toggle is enabled * AuthN: Add providers for sync services and pass required dependencies 2023-01-03 03:23:38 -06:00			`}`

			`tests := []TestCase{`
			`{`
			`desc: "should succeed when authorization header is set with basic prefix",`
			`req: &authn.Request{`
			`HTTPRequest: &http.Request{`
			`Header: map[string][]string{`
			`authorizationHeaderName: {encodeBasicAuth("user", "password")},`
			`},`
			`},`
			`},`
			`expected: true,`
			`},`
			`{`
			`desc: "should fail when no http request is passed",`
			`req: &authn.Request{},`
			`},`
			`{`
			`desc: "should fail when no http authorization header is set in http request",`
			`req: &authn.Request{`
			`HTTPRequest: &http.Request{Header: map[string][]string{}},`
			`},`
			`},`
			`{`
			`desc: "should fail when authorization header is set but without basic prefix",`
			`req: &authn.Request{`
			`HTTPRequest: &http.Request{Header: map[string][]string{authorizationHeaderName: {"something"}}},`
			`},`
			`},`
			`}`

			`for _, tt := range tests {`
			`t.Run(tt.desc, func(t *testing.T) {`
AuthN: Perform login with authn.Service (#61466) * AuthN: Create password client wrapper and use that on in basic auth client * AuthN: fix basic auth client test * AuthN: Add tests for form authentication * API: Inject authn service * Login: If authnService feature flag is enabled use authn login * Login: Handle token creation errors 2023-01-17 02:11:45 -06:00			`c := ProvideBasic(authntest.FakePasswordClient{})`
AuthN: Add client to perform basic authentication (#60877) * AuthN: Add basic auth client boilerplate * AuthN: Implement test function for basic auth client * AuthN: Implement the authentication method for basic auth * AuthN: Add tests for basic auth authentication * ContextHandler: perform basic auth authentication through authn service if feature toggle is enabled * AuthN: Add providers for sync services and pass required dependencies 2023-01-03 03:23:38 -06:00			`assert.Equal(t, tt.expected, c.Test(context.Background(), tt.req))`
			`})`
			`}`
			`}`