From afed9c7beed0e95de3cbec0445dee513346ea246 Mon Sep 17 00:00:00 2001 From: Jesse Haber-Kucharsky Date: Thu, 28 Feb 2019 14:20:46 -0500 Subject: [PATCH] tests: Validate authentication correctly There are additional validation steps that the server executes in addition to simply invoking the authenticator, so we adapt the tests to also perform that validation. We also eliminate lots of code duplication. --- tests/auth_test.cc | 31 ++++++++++++++++++++++++------- 1 file changed, 24 insertions(+), 7 deletions(-) diff --git a/tests/auth_test.cc b/tests/auth_test.cc index c69c9ac279..3f4e5d286d 100644 --- a/tests/auth_test.cc +++ b/tests/auth_test.cc @@ -65,6 +65,23 @@ SEASTAR_TEST_CASE(test_password_authenticator_attributes) { }, cfg); } +static future +authenticate(cql_test_env& env, std::string_view username, std::string_view password) { + auto& c = env.local_client_state(); + auto& a = env.local_auth_service().underlying_authenticator(); + + return do_with( + auth::authenticator::credentials_map{ + {auth::authenticator::USERNAME_KEY, sstring(username)}, + {auth::authenticator::PASSWORD_KEY, sstring(password)}}, + [&a, &c, username](const auto& credentials) { + return a.authenticate(credentials).then([&c, username](auth::authenticated_user u) { + c.set_login(::make_shared(std::move(u))); + return c.check_user_exists().then([&c] { return *c.user(); }); + }); + }); +} + SEASTAR_TEST_CASE(test_password_authenticator_operations) { db::config cfg; cfg.authenticator(auth::password_authenticator_name()); @@ -82,7 +99,7 @@ SEASTAR_TEST_CASE(test_password_authenticator_operations) { auto& a = env.local_auth_service().underlying_authenticator(); // check non-existing user - return a.authenticate({ { authenticator::USERNAME_KEY, username }, { authenticator::PASSWORD_KEY, password } }).then_wrapped([&a](future&& f) { + return authenticate(env, username, password).then_wrapped([&a](future&& f) { try { f.get(); BOOST_FAIL("should not reach"); @@ -94,16 +111,16 @@ SEASTAR_TEST_CASE(test_password_authenticator_operations) { config.can_login = true; options.password = password; - return auth::create_role(env.local_auth_service(), username, config, options).then([&a] { - return a.authenticate({ { authenticator::USERNAME_KEY, username }, { authenticator::PASSWORD_KEY, password } }).then([](auth::authenticated_user user) { + return auth::create_role(env.local_auth_service(), username, config, options).then([&env, &a] { + return authenticate(env, username, password).then([](auth::authenticated_user user) { BOOST_REQUIRE_EQUAL(auth::is_anonymous(user), false); BOOST_REQUIRE_EQUAL(*user.name, username); }); }); }); - }).then([&a] { + }).then([&env, &a] { // check wrong password - return a.authenticate( { {authenticator::USERNAME_KEY, username}, {authenticator::PASSWORD_KEY, "hejkotte"}}).then_wrapped([](future&& f) { + return authenticate(env, username, "hejkotte").then_wrapped([](future&& f) { try { f.get(); BOOST_FAIL("should not reach"); @@ -133,8 +150,8 @@ SEASTAR_TEST_CASE(test_password_authenticator_operations) { }); }).then([&env, &a] { // check deleted user - return auth::drop_role(env.local_auth_service(), username).then([&a] { - return a.authenticate({ { authenticator::USERNAME_KEY, username }, { authenticator::PASSWORD_KEY, password } }).then_wrapped([](future&& f) { + return auth::drop_role(env.local_auth_service(), username).then([&env, &a] { + return authenticate(env, username, password).then_wrapped([](future&& f) { try { f.get(); BOOST_FAIL("should not reach");