2020-10-16 02:46:14 -05:00
|
|
|
// +build integration
|
|
|
|
|
|
2018-04-05 20:05:24 -05:00
|
|
|
package sqlstore
|
|
|
|
|
|
|
|
|
|
import (
|
2018-06-15 14:23:57 -05:00
|
|
|
"context"
|
2018-04-05 20:05:24 -05:00
|
|
|
"fmt"
|
2021-04-09 06:28:35 -05:00
|
|
|
"github.com/stretchr/testify/require"
|
2018-04-05 20:05:24 -05:00
|
|
|
"testing"
|
2019-02-01 18:40:57 -06:00
|
|
|
"time"
|
2018-04-05 20:05:24 -05:00
|
|
|
|
2020-02-29 06:35:15 -06:00
|
|
|
"github.com/grafana/grafana/pkg/models"
|
2019-02-01 18:40:57 -06:00
|
|
|
"golang.org/x/oauth2"
|
2018-04-05 20:05:24 -05:00
|
|
|
)
|
|
|
|
|
|
2019-07-02 08:06:59 -05:00
|
|
|
//nolint:goconst
|
2018-04-05 20:05:24 -05:00
|
|
|
func TestUserAuth(t *testing.T) {
|
2021-03-17 10:06:10 -05:00
|
|
|
sqlStore := InitTestDB(t)
|
2018-04-05 20:05:24 -05:00
|
|
|
|
2021-04-09 06:28:35 -05:00
|
|
|
t.Run("Given 5 users", func(t *testing.T) {
|
2018-04-05 20:05:24 -05:00
|
|
|
for i := 0; i < 5; i++ {
|
2021-03-17 10:06:10 -05:00
|
|
|
cmd := models.CreateUserCommand{
|
2018-04-05 20:05:24 -05:00
|
|
|
Email: fmt.Sprint("user", i, "@test.com"),
|
|
|
|
|
Name: fmt.Sprint("user", i),
|
|
|
|
|
Login: fmt.Sprint("loginuser", i),
|
|
|
|
|
}
|
2021-03-17 10:06:10 -05:00
|
|
|
_, err := sqlStore.CreateUser(context.Background(), cmd)
|
2021-04-09 06:28:35 -05:00
|
|
|
require.Nil(t, err)
|
2018-04-05 20:05:24 -05:00
|
|
|
}
|
|
|
|
|
|
2021-04-09 06:28:35 -05:00
|
|
|
t.Run("Can find existing user", func(t *testing.T) {
|
2018-04-05 20:05:24 -05:00
|
|
|
// By Login
|
|
|
|
|
login := "loginuser0"
|
|
|
|
|
|
2020-02-29 06:35:15 -06:00
|
|
|
query := &models.GetUserByAuthInfoQuery{Login: login}
|
2021-03-17 10:06:10 -05:00
|
|
|
err := GetUserByAuthInfo(query)
|
2018-04-05 20:05:24 -05:00
|
|
|
|
2021-04-09 06:28:35 -05:00
|
|
|
require.Nil(t, err)
|
|
|
|
|
require.Equal(t, query.Result.Login, login)
|
2018-04-05 20:05:24 -05:00
|
|
|
|
|
|
|
|
// By ID
|
|
|
|
|
id := query.Result.Id
|
|
|
|
|
|
2020-02-29 06:35:15 -06:00
|
|
|
query = &models.GetUserByAuthInfoQuery{UserId: id}
|
2018-04-05 20:05:24 -05:00
|
|
|
err = GetUserByAuthInfo(query)
|
|
|
|
|
|
2021-04-09 06:28:35 -05:00
|
|
|
require.Nil(t, err)
|
|
|
|
|
require.Equal(t, query.Result.Id, id)
|
2018-04-05 20:05:24 -05:00
|
|
|
|
|
|
|
|
// By Email
|
|
|
|
|
email := "user1@test.com"
|
|
|
|
|
|
2020-02-29 06:35:15 -06:00
|
|
|
query = &models.GetUserByAuthInfoQuery{Email: email}
|
2018-04-05 20:05:24 -05:00
|
|
|
err = GetUserByAuthInfo(query)
|
|
|
|
|
|
2021-04-09 06:28:35 -05:00
|
|
|
require.Nil(t, err)
|
|
|
|
|
require.Equal(t, query.Result.Email, email)
|
2018-04-05 20:05:24 -05:00
|
|
|
|
|
|
|
|
// Don't find nonexistent user
|
|
|
|
|
email = "nonexistent@test.com"
|
|
|
|
|
|
2020-02-29 06:35:15 -06:00
|
|
|
query = &models.GetUserByAuthInfoQuery{Email: email}
|
2018-04-05 20:05:24 -05:00
|
|
|
err = GetUserByAuthInfo(query)
|
|
|
|
|
|
2021-04-09 06:28:35 -05:00
|
|
|
require.Equal(t, err, models.ErrUserNotFound)
|
|
|
|
|
require.Nil(t, query.Result)
|
2018-04-05 20:05:24 -05:00
|
|
|
})
|
|
|
|
|
|
2021-04-09 06:28:35 -05:00
|
|
|
t.Run("Can set & locate by AuthModule and AuthId", func(t *testing.T) {
|
2018-04-05 20:05:24 -05:00
|
|
|
// get nonexistent user_auth entry
|
2020-02-29 06:35:15 -06:00
|
|
|
query := &models.GetUserByAuthInfoQuery{AuthModule: "test", AuthId: "test"}
|
2021-03-17 10:06:10 -05:00
|
|
|
err := GetUserByAuthInfo(query)
|
2018-04-05 20:05:24 -05:00
|
|
|
|
2021-04-09 06:28:35 -05:00
|
|
|
require.Equal(t, err, models.ErrUserNotFound)
|
|
|
|
|
require.Nil(t, query.Result)
|
2018-04-05 20:05:24 -05:00
|
|
|
|
|
|
|
|
// create user_auth entry
|
|
|
|
|
login := "loginuser0"
|
|
|
|
|
|
|
|
|
|
query.Login = login
|
|
|
|
|
err = GetUserByAuthInfo(query)
|
|
|
|
|
|
2021-04-09 06:28:35 -05:00
|
|
|
require.Nil(t, err)
|
|
|
|
|
require.Equal(t, query.Result.Login, login)
|
2018-04-05 20:05:24 -05:00
|
|
|
|
|
|
|
|
// get via user_auth
|
2020-02-29 06:35:15 -06:00
|
|
|
query = &models.GetUserByAuthInfoQuery{AuthModule: "test", AuthId: "test"}
|
2018-04-05 20:05:24 -05:00
|
|
|
err = GetUserByAuthInfo(query)
|
|
|
|
|
|
2021-04-09 06:28:35 -05:00
|
|
|
require.Nil(t, err)
|
|
|
|
|
require.Equal(t, query.Result.Login, login)
|
2018-04-05 20:05:24 -05:00
|
|
|
|
|
|
|
|
// get with non-matching id
|
|
|
|
|
id := query.Result.Id
|
|
|
|
|
|
|
|
|
|
query.UserId = id + 1
|
|
|
|
|
err = GetUserByAuthInfo(query)
|
|
|
|
|
|
2021-04-09 06:28:35 -05:00
|
|
|
require.Nil(t, err)
|
|
|
|
|
require.Equal(t, query.Result.Login, "loginuser1")
|
2018-04-05 20:05:24 -05:00
|
|
|
|
|
|
|
|
// get via user_auth
|
2020-02-29 06:35:15 -06:00
|
|
|
query = &models.GetUserByAuthInfoQuery{AuthModule: "test", AuthId: "test"}
|
2018-04-05 20:05:24 -05:00
|
|
|
err = GetUserByAuthInfo(query)
|
|
|
|
|
|
2021-04-09 06:28:35 -05:00
|
|
|
require.Nil(t, err)
|
|
|
|
|
require.Equal(t, query.Result.Login, "loginuser1")
|
2018-04-05 20:05:24 -05:00
|
|
|
|
|
|
|
|
// remove user
|
2018-04-23 09:02:59 -05:00
|
|
|
_, err = x.Exec("DELETE FROM "+dialect.Quote("user")+" WHERE id=?", query.Result.Id)
|
2021-04-09 06:28:35 -05:00
|
|
|
require.Nil(t, err)
|
2018-04-05 20:05:24 -05:00
|
|
|
|
|
|
|
|
// get via user_auth for deleted user
|
2020-02-29 06:35:15 -06:00
|
|
|
query = &models.GetUserByAuthInfoQuery{AuthModule: "test", AuthId: "test"}
|
2018-04-05 20:05:24 -05:00
|
|
|
err = GetUserByAuthInfo(query)
|
|
|
|
|
|
2021-04-09 06:28:35 -05:00
|
|
|
require.Equal(t, err, models.ErrUserNotFound)
|
|
|
|
|
require.Nil(t, query.Result)
|
2018-04-05 20:05:24 -05:00
|
|
|
})
|
2019-02-01 18:40:57 -06:00
|
|
|
|
2021-04-09 06:28:35 -05:00
|
|
|
t.Run("Can set & retrieve oauth token information", func(t *testing.T) {
|
2019-02-01 18:40:57 -06:00
|
|
|
token := &oauth2.Token{
|
|
|
|
|
AccessToken: "testaccess",
|
|
|
|
|
RefreshToken: "testrefresh",
|
|
|
|
|
Expiry: time.Now(),
|
|
|
|
|
TokenType: "Bearer",
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Find a user to set tokens on
|
|
|
|
|
login := "loginuser0"
|
|
|
|
|
|
|
|
|
|
// Calling GetUserByAuthInfoQuery on an existing user will populate an entry in the user_auth table
|
2020-02-29 06:35:15 -06:00
|
|
|
query := &models.GetUserByAuthInfoQuery{Login: login, AuthModule: "test", AuthId: "test"}
|
2021-03-17 10:06:10 -05:00
|
|
|
err := GetUserByAuthInfo(query)
|
2019-02-01 18:40:57 -06:00
|
|
|
|
2021-04-09 06:28:35 -05:00
|
|
|
require.Nil(t, err)
|
|
|
|
|
require.Equal(t, query.Result.Login, login)
|
2019-02-01 18:40:57 -06:00
|
|
|
|
2020-02-29 06:35:15 -06:00
|
|
|
cmd := &models.UpdateAuthInfoCommand{
|
2019-02-01 18:40:57 -06:00
|
|
|
UserId: query.Result.Id,
|
|
|
|
|
AuthId: query.AuthId,
|
|
|
|
|
AuthModule: query.AuthModule,
|
|
|
|
|
OAuthToken: token,
|
|
|
|
|
}
|
|
|
|
|
err = UpdateAuthInfo(cmd)
|
|
|
|
|
|
2021-04-09 06:28:35 -05:00
|
|
|
require.Nil(t, err)
|
2019-02-01 18:40:57 -06:00
|
|
|
|
2020-02-29 06:35:15 -06:00
|
|
|
getAuthQuery := &models.GetAuthInfoQuery{
|
2019-02-01 18:40:57 -06:00
|
|
|
UserId: query.Result.Id,
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
err = GetAuthInfo(getAuthQuery)
|
|
|
|
|
|
2021-04-09 06:28:35 -05:00
|
|
|
require.Nil(t, err)
|
|
|
|
|
require.Equal(t, getAuthQuery.Result.OAuthAccessToken, token.AccessToken)
|
|
|
|
|
require.Equal(t, getAuthQuery.Result.OAuthRefreshToken, token.RefreshToken)
|
|
|
|
|
require.Equal(t, getAuthQuery.Result.OAuthTokenType, token.TokenType)
|
2019-02-01 18:40:57 -06:00
|
|
|
})
|
2019-03-13 10:29:13 -05:00
|
|
|
|
2021-04-09 06:28:35 -05:00
|
|
|
t.Run("Always return the most recently used auth_module", func(t *testing.T) {
|
|
|
|
|
// Restore after destructive operation
|
|
|
|
|
sqlStore = InitTestDB(t)
|
|
|
|
|
|
|
|
|
|
for i := 0; i < 5; i++ {
|
|
|
|
|
cmd := models.CreateUserCommand{
|
|
|
|
|
Email: fmt.Sprint("user", i, "@test.com"),
|
|
|
|
|
Name: fmt.Sprint("user", i),
|
|
|
|
|
Login: fmt.Sprint("loginuser", i),
|
|
|
|
|
}
|
|
|
|
|
_, err := sqlStore.CreateUser(context.Background(), cmd)
|
|
|
|
|
require.Nil(t, err)
|
|
|
|
|
}
|
|
|
|
|
|
2019-03-13 10:29:13 -05:00
|
|
|
// Find a user to set tokens on
|
|
|
|
|
login := "loginuser0"
|
|
|
|
|
|
|
|
|
|
// Calling GetUserByAuthInfoQuery on an existing user will populate an entry in the user_auth table
|
2019-03-20 14:34:31 -05:00
|
|
|
// Make the first log-in during the past
|
|
|
|
|
getTime = func() time.Time { return time.Now().AddDate(0, 0, -2) }
|
2020-02-29 06:35:15 -06:00
|
|
|
query := &models.GetUserByAuthInfoQuery{Login: login, AuthModule: "test1", AuthId: "test1"}
|
2021-03-17 10:06:10 -05:00
|
|
|
err := GetUserByAuthInfo(query)
|
2019-03-20 14:34:31 -05:00
|
|
|
getTime = time.Now
|
2019-03-13 10:29:13 -05:00
|
|
|
|
2021-04-09 06:28:35 -05:00
|
|
|
require.Nil(t, err)
|
|
|
|
|
require.Equal(t, query.Result.Login, login)
|
2019-03-13 10:29:13 -05:00
|
|
|
|
|
|
|
|
// Add a second auth module for this user
|
2019-03-20 14:34:31 -05:00
|
|
|
// Have this module's last log-in be more recent
|
|
|
|
|
getTime = func() time.Time { return time.Now().AddDate(0, 0, -1) }
|
2020-02-29 06:35:15 -06:00
|
|
|
query = &models.GetUserByAuthInfoQuery{Login: login, AuthModule: "test2", AuthId: "test2"}
|
2019-03-13 10:29:13 -05:00
|
|
|
err = GetUserByAuthInfo(query)
|
2019-03-20 14:34:31 -05:00
|
|
|
getTime = time.Now
|
2019-03-13 10:29:13 -05:00
|
|
|
|
2021-04-09 06:28:35 -05:00
|
|
|
require.Nil(t, err)
|
|
|
|
|
require.Equal(t, query.Result.Login, login)
|
2019-03-13 10:29:13 -05:00
|
|
|
|
|
|
|
|
// Get the latest entry by not supply an authmodule or authid
|
2020-02-29 06:35:15 -06:00
|
|
|
getAuthQuery := &models.GetAuthInfoQuery{
|
2019-03-13 10:29:13 -05:00
|
|
|
UserId: query.Result.Id,
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
err = GetAuthInfo(getAuthQuery)
|
|
|
|
|
|
2021-04-09 06:28:35 -05:00
|
|
|
require.Nil(t, err)
|
|
|
|
|
require.Equal(t, getAuthQuery.Result.AuthModule, "test2")
|
2019-03-13 10:29:13 -05:00
|
|
|
|
2019-03-14 07:40:19 -05:00
|
|
|
// "log in" again with the first auth module
|
2020-02-29 06:35:15 -06:00
|
|
|
updateAuthCmd := &models.UpdateAuthInfoCommand{UserId: query.Result.Id, AuthModule: "test1", AuthId: "test1"}
|
2019-03-14 07:40:19 -05:00
|
|
|
err = UpdateAuthInfo(updateAuthCmd)
|
|
|
|
|
|
2021-04-09 06:28:35 -05:00
|
|
|
require.Nil(t, err)
|
2019-03-14 07:40:19 -05:00
|
|
|
|
|
|
|
|
// Get the latest entry by not supply an authmodule or authid
|
2020-02-29 06:35:15 -06:00
|
|
|
getAuthQuery = &models.GetAuthInfoQuery{
|
2019-03-14 07:40:19 -05:00
|
|
|
UserId: query.Result.Id,
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
err = GetAuthInfo(getAuthQuery)
|
|
|
|
|
|
2021-04-09 06:28:35 -05:00
|
|
|
require.Nil(t, err)
|
|
|
|
|
require.Equal(t, getAuthQuery.Result.AuthModule, "test1")
|
|
|
|
|
})
|
|
|
|
|
|
|
|
|
|
t.Run("Can set & locate by generic oauth auth module and user id", func(t *testing.T) {
|
|
|
|
|
// Find a user to set tokens on
|
|
|
|
|
login := "loginuser0"
|
|
|
|
|
|
|
|
|
|
// Expect to pass since there's a matching login user
|
|
|
|
|
getTime = func() time.Time { return time.Now().AddDate(0, 0, -2) }
|
|
|
|
|
query := &models.GetUserByAuthInfoQuery{Login: login, AuthModule: genericOAuthModule, AuthId: ""}
|
|
|
|
|
err := GetUserByAuthInfo(query)
|
|
|
|
|
getTime = time.Now
|
|
|
|
|
|
|
|
|
|
require.Nil(t, err)
|
|
|
|
|
require.Equal(t, query.Result.Login, login)
|
|
|
|
|
|
|
|
|
|
// Should throw a "user not found" error since there's no matching login user
|
|
|
|
|
getTime = func() time.Time { return time.Now().AddDate(0, 0, -2) }
|
|
|
|
|
query = &models.GetUserByAuthInfoQuery{Login: "aloginuser", AuthModule: genericOAuthModule, AuthId: ""}
|
|
|
|
|
err = GetUserByAuthInfo(query)
|
|
|
|
|
getTime = time.Now
|
|
|
|
|
|
|
|
|
|
require.NotNil(t, err)
|
|
|
|
|
require.Nil(t, query.Result)
|
2019-03-13 10:29:13 -05:00
|
|
|
})
|
2018-04-05 20:05:24 -05:00
|
|
|
})
|
|
|
|
|
}
|
