AuthN: set org id for authentication request in service (#60528)

* AuthN: Replicate functionallity to get org id for request * Authn: parse org id for the request and populate the auth request with it * AuthN: add simple mock for client to use in test * AuthN: add tests to verify that authentication is called with correct org id * AuthN: Add ClientParams to mock * AuthN: Fix flaky org id selection
2025-02-25 18:55:37 -06:00 · 2022-12-20 21:18:48 +01:00
parent 17696f8dec
commit c4b4baea2a
5 changed files with 170 additions and 13 deletions
--- a/pkg/services/authn/authnimpl/service_test.go
+++ b/pkg/services/authn/authnimpl/service_test.go
@@ -3,6 +3,8 @@ package authnimpl
 import (
 	"context"
 	"errors"
+	"net/http"
+	"net/url"
 	"testing"

 	"github.com/stretchr/testify/assert"
@@ -59,6 +61,77 @@ func TestService_Authenticate(t *testing.T) {
 	}
 }

+func TestService_AuthenticateOrgID(t *testing.T) {
+	type TestCase struct {
+		desc          string
+		req           *authn.Request
+		expectedOrgID int64
+	}
+
+	tests := []TestCase{
+		{
+			desc: "should set org id when present in header",
+			req: &authn.Request{HTTPRequest: &http.Request{
+				Header: map[string][]string{orgIDHeaderName: {"1"}},
+				URL:    &url.URL{},
+			}},
+			expectedOrgID: 1,
+		},
+		{
+			desc: "should set org id when present in url",
+			req: &authn.Request{HTTPRequest: &http.Request{
+				Header: map[string][]string{},
+				URL:    mustParseURL("http://localhost/?targetOrgId=2"),
+			}},
+			expectedOrgID: 2,
+		},
+		{
+			desc: "should prioritise org id from url when present in both header and url",
+			req: &authn.Request{HTTPRequest: &http.Request{
+				Header: map[string][]string{orgIDHeaderName: {"1"}},
+				URL:    mustParseURL("http://localhost/?targetOrgId=2"),
+			}},
+			expectedOrgID: 2,
+		},
+		{
+			desc: "should set org id to 0 when missing in both header and url",
+			req: &authn.Request{HTTPRequest: &http.Request{
+				Header: map[string][]string{},
+				URL:    &url.URL{},
+			}},
+			expectedOrgID: 0,
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.desc, func(t *testing.T) {
+			var calledWith int64
+			s := setupTests(t, func(svc *Service) {
+				svc.clients["fake"] = authntest.MockClient{
+					AuthenticateFunc: func(ctx context.Context, r *authn.Request) (*authn.Identity, error) {
+						calledWith = r.OrgID
+						return nil, nil
+					},
+					TestFunc: func(ctx context.Context, r *authn.Request) bool {
+						return true
+					},
+				}
+			})
+
+			_, _, _ = s.Authenticate(context.Background(), "fake", tt.req)
+			assert.Equal(t, tt.expectedOrgID, calledWith)
+		})
+	}
+}
+
+func mustParseURL(s string) *url.URL {
+	u, err := url.Parse(s)
+	if err != nil {
+		panic(err)
+	}
+	return u
+}
+
 func setupTests(t *testing.T, opts ...func(svc *Service)) *Service {
 	t.Helper()