mirror of
https://github.com/grafana/grafana.git
synced 2025-02-25 18:55:37 -06:00
Auth: implement auto_sign_up for auth.jwt (#43502)
Co-authored-by: James Brown <jbrown@easypost.com>
This commit is contained in:
Emil Tullstedt
GitHub
@@ -5,11 +5,12 @@ import (
|
||||
"errors"
|
||||
"testing"
|
||||
|
||||
"github.com/stretchr/testify/assert"
|
||||
|
||||
"github.com/grafana/grafana/pkg/bus"
|
||||
"github.com/grafana/grafana/pkg/models"
|
||||
"github.com/grafana/grafana/pkg/services/contexthandler"
|
||||
"github.com/grafana/grafana/pkg/setting"
|
||||
"github.com/stretchr/testify/assert"
|
||||
)
|
||||
|
||||
func TestMiddlewareJWTAuth(t *testing.T) {
|
||||
@@ -29,6 +30,10 @@ func TestMiddlewareJWTAuth(t *testing.T) {
|
||||
cfg.JWTAuthEmailClaim = "foo-email"
|
||||
}
|
||||
|
||||
configureAutoSignUp := func(cfg *setting.Cfg) {
|
||||
cfg.JWTAuthAutoSignUp = true
|
||||
}
|
||||
|
||||
token := "some-token"
|
||||
|
||||
middlewareScenario(t, "Valid token with valid login claim", func(t *testing.T, sc *scenarioContext) {
|
||||
@@ -37,6 +42,7 @@ func TestMiddlewareJWTAuth(t *testing.T) {
|
||||
sc.jwtAuthService.VerifyProvider = func(ctx context.Context, token string) (models.JWTClaims, error) {
|
||||
verifiedToken = token
|
||||
return models.JWTClaims{
|
||||
"sub": myUsername,
|
||||
"foo-username": myUsername,
|
||||
}, nil
|
||||
}
|
||||
@@ -64,6 +70,7 @@ func TestMiddlewareJWTAuth(t *testing.T) {
|
||||
sc.jwtAuthService.VerifyProvider = func(ctx context.Context, token string) (models.JWTClaims, error) {
|
||||
verifiedToken = token
|
||||
return models.JWTClaims{
|
||||
"sub": myEmail,
|
||||
"foo-email": myEmail,
|
||||
}, nil
|
||||
}
|
||||
@@ -85,11 +92,72 @@ func TestMiddlewareJWTAuth(t *testing.T) {
|
||||
assert.Equal(t, myEmail, sc.context.Email)
|
||||
}, configure, configureEmailClaim)
|
||||
|
||||
middlewareScenario(t, "Valid token with no user and auto_sign_up disabled", func(t *testing.T, sc *scenarioContext) {
|
||||
myEmail := "vladimir@example.com"
|
||||
var verifiedToken string
|
||||
sc.jwtAuthService.VerifyProvider = func(ctx context.Context, token string) (models.JWTClaims, error) {
|
||||
verifiedToken = token
|
||||
return models.JWTClaims{
|
||||
"sub": myEmail,
|
||||
"name": "Vladimir Example",
|
||||
"foo-email": myEmail,
|
||||
}, nil
|
||||
}
|
||||
bus.AddHandler("get-sign-user", func(ctx context.Context, query *models.GetSignedInUserQuery) error {
|
||||
return models.ErrUserNotFound
|
||||
})
|
||||
|
||||
sc.fakeReq("GET", "/").withJWTAuthHeader(token).exec()
|
||||
assert.Equal(t, verifiedToken, token)
|
||||
assert.Equal(t, 401, sc.resp.Code)
|
||||
assert.Equal(t, contexthandler.UserNotFound, sc.respJson["message"])
|
||||
}, configure, configureEmailClaim)
|
||||
|
||||
middlewareScenario(t, "Valid token with no user and auto_sign_up enabled", func(t *testing.T, sc *scenarioContext) {
|
||||
myEmail := "vladimir@example.com"
|
||||
var verifiedToken string
|
||||
sc.jwtAuthService.VerifyProvider = func(ctx context.Context, token string) (models.JWTClaims, error) {
|
||||
verifiedToken = token
|
||||
return models.JWTClaims{
|
||||
"sub": myEmail,
|
||||
"name": "Vladimir Example",
|
||||
"foo-email": myEmail,
|
||||
}, nil
|
||||
}
|
||||
bus.AddHandler("get-sign-user", func(ctx context.Context, query *models.GetSignedInUserQuery) error {
|
||||
query.Result = &models.SignedInUser{
|
||||
UserId: id,
|
||||
OrgId: orgID,
|
||||
Email: query.Email,
|
||||
}
|
||||
return nil
|
||||
})
|
||||
bus.AddHandler("upsert-user", func(ctx context.Context, command *models.UpsertUserCommand) error {
|
||||
command.Result = &models.User{
|
||||
Id: id,
|
||||
Name: command.ExternalUser.Name,
|
||||
Email: command.ExternalUser.Email,
|
||||
}
|
||||
return nil
|
||||
})
|
||||
|
||||
sc.fakeReq("GET", "/").withJWTAuthHeader(token).exec()
|
||||
assert.Equal(t, verifiedToken, token)
|
||||
assert.Equal(t, 200, sc.resp.Code)
|
||||
assert.True(t, sc.context.IsSignedIn)
|
||||
assert.Equal(t, orgID, sc.context.OrgId)
|
||||
assert.Equal(t, id, sc.context.UserId)
|
||||
assert.Equal(t, myEmail, sc.context.Email)
|
||||
}, configure, configureEmailClaim, configureAutoSignUp)
|
||||
|
||||
middlewareScenario(t, "Valid token without a login claim", func(t *testing.T, sc *scenarioContext) {
|
||||
var verifiedToken string
|
||||
sc.jwtAuthService.VerifyProvider = func(ctx context.Context, token string) (models.JWTClaims, error) {
|
||||
verifiedToken = token
|
||||
return models.JWTClaims{"foo": "bar"}, nil
|
||||
return models.JWTClaims{
|
||||
"sub": "baz",
|
||||
"foo": "bar",
|
||||
}, nil
|
||||
}
|
||||
|
||||
sc.fakeReq("GET", "/").withJWTAuthHeader(token).exec()
|
||||
@@ -102,7 +170,10 @@ func TestMiddlewareJWTAuth(t *testing.T) {
|
||||
var verifiedToken string
|
||||
sc.jwtAuthService.VerifyProvider = func(ctx context.Context, token string) (models.JWTClaims, error) {
|
||||
verifiedToken = token
|
||||
return models.JWTClaims{"foo": "bar"}, nil
|
||||
return models.JWTClaims{
|
||||
"sub": "baz",
|
||||
"foo": "bar",
|
||||
}, nil
|
||||
}
|
||||
|
||||
sc.fakeReq("GET", "/").withJWTAuthHeader(token).exec()
|
||||
|
||||
Reference in New Issue
Block a user