2023-03-15 16:00:52 +00:00
|
|
|
// Copyright (c) HashiCorp, Inc.
|
|
|
|
// SPDX-License-Identifier: MPL-2.0
|
|
|
|
|
2022-04-15 18:13:15 +00:00
|
|
|
package api
|
|
|
|
|
|
|
|
import (
|
|
|
|
"context"
|
|
|
|
"testing"
|
|
|
|
)
|
|
|
|
|
|
|
|
type mockAuthMethod struct {
|
|
|
|
mockedSecret *Secret
|
|
|
|
mockedError error
|
|
|
|
}
|
|
|
|
|
|
|
|
func (m *mockAuthMethod) Login(_ context.Context, _ *Client) (*Secret, error) {
|
|
|
|
return m.mockedSecret, m.mockedError
|
|
|
|
}
|
|
|
|
|
|
|
|
func TestAuth_Login(t *testing.T) {
|
|
|
|
a := &Auth{
|
|
|
|
c: &Client{},
|
|
|
|
}
|
|
|
|
|
|
|
|
m := mockAuthMethod{
|
|
|
|
mockedSecret: &Secret{
|
|
|
|
Auth: &SecretAuth{
|
|
|
|
ClientToken: "a-client-token",
|
|
|
|
},
|
|
|
|
},
|
|
|
|
mockedError: nil,
|
|
|
|
}
|
|
|
|
|
|
|
|
t.Run("Login should set token on success", func(t *testing.T) {
|
|
|
|
if a.c.Token() != "" {
|
|
|
|
t.Errorf("client token was %v expected to be unset", a.c.Token())
|
|
|
|
}
|
|
|
|
|
|
|
|
_, err := a.Login(context.Background(), &m)
|
|
|
|
if err != nil {
|
|
|
|
t.Errorf("Login() error = %v", err)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
if a.c.Token() != m.mockedSecret.Auth.ClientToken {
|
|
|
|
t.Errorf("client token was %v expected %v", a.c.Token(), m.mockedSecret.Auth.ClientToken)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
})
|
|
|
|
}
|
|
|
|
|
|
|
|
func TestAuth_MFALoginSinglePhase(t *testing.T) {
|
|
|
|
t.Run("MFALogin() should succeed if credentials are passed in", func(t *testing.T) {
|
|
|
|
a := &Auth{
|
|
|
|
c: &Client{},
|
|
|
|
}
|
|
|
|
|
|
|
|
m := mockAuthMethod{
|
|
|
|
mockedSecret: &Secret{
|
|
|
|
Auth: &SecretAuth{
|
|
|
|
ClientToken: "a-client-token",
|
|
|
|
},
|
|
|
|
},
|
|
|
|
mockedError: nil,
|
|
|
|
}
|
|
|
|
|
|
|
|
_, err := a.MFALogin(context.Background(), &m, "testMethod:testPasscode")
|
|
|
|
if err != nil {
|
|
|
|
t.Errorf("MFALogin() error %v", err)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
if a.c.Token() != m.mockedSecret.Auth.ClientToken {
|
|
|
|
t.Errorf("client token was %v expected %v", a.c.Token(), m.mockedSecret.Auth.ClientToken)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
})
|
|
|
|
}
|
|
|
|
|
|
|
|
func TestAuth_MFALoginTwoPhase(t *testing.T) {
|
|
|
|
tests := []struct {
|
|
|
|
name string
|
|
|
|
a *Auth
|
|
|
|
m *mockAuthMethod
|
|
|
|
creds *string
|
|
|
|
wantErr bool
|
|
|
|
}{
|
|
|
|
{
|
|
|
|
name: "return MFARequirements",
|
|
|
|
a: &Auth{
|
|
|
|
c: &Client{},
|
|
|
|
},
|
|
|
|
m: &mockAuthMethod{
|
|
|
|
mockedSecret: &Secret{
|
|
|
|
Auth: &SecretAuth{
|
2023-02-06 14:41:56 +00:00
|
|
|
MFARequirement: &MFARequirement{
|
2022-04-15 18:13:15 +00:00
|
|
|
MFARequestID: "a-req-id",
|
|
|
|
MFAConstraints: nil,
|
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
wantErr: false,
|
|
|
|
},
|
|
|
|
{
|
|
|
|
name: "error if no MFARequirements",
|
|
|
|
a: &Auth{
|
|
|
|
c: &Client{},
|
|
|
|
},
|
|
|
|
m: &mockAuthMethod{
|
|
|
|
mockedSecret: &Secret{
|
|
|
|
Auth: &SecretAuth{},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
wantErr: true,
|
|
|
|
},
|
|
|
|
}
|
|
|
|
for _, tt := range tests {
|
|
|
|
t.Run(tt.name, func(t *testing.T) {
|
|
|
|
secret, err := tt.a.MFALogin(context.Background(), tt.m)
|
|
|
|
if (err != nil) != tt.wantErr {
|
|
|
|
t.Errorf("MFALogin() error = %v, wantErr %v", err, tt.wantErr)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
if secret.Auth.MFARequirement != tt.m.mockedSecret.Auth.MFARequirement {
|
|
|
|
t.Errorf("MFALogin() returned %v, expected %v", secret.Auth.MFARequirement, tt.m.mockedSecret.Auth.MFARequirement)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
})
|
|
|
|
}
|
|
|
|
}
|