mirrors/scylladb
1
0
Fork 0
mirror of https://github.com/scylladb/scylladb.git synced 2026-06-07 07:23:15 +00:00
Code Issues Packages Projects Releases Wiki Activity

tests: Validate authentication correctly

Browse Source 
There are additional validation steps that the server executes in
addition to simply invoking the authenticator, so we adapt the tests to
also perform that validation.

We also eliminate lots of code duplication.
This commit is contained in:
Jesse Haber-Kucharsky
2019-02-28 14:20:46 -05:00
parent baefde0f6c
commit afed9c7bee
1 changed files with 24 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

31
tests/auth_test.cc
View File

@@ -65,6 +65,23 @@ SEASTAR_TEST_CASE(test_password_authenticator_attributes) {
}, cfg);
}
static future<auth::authenticated_user>
authenticate(cql_test_env& env, std::string_view username, std::string_view password) {
auto& c = env.local_client_state();
auto& a = env.local_auth_service().underlying_authenticator();
return do_with(
auth::authenticator::credentials_map{
{auth::authenticator::USERNAME_KEY, sstring(username)},
{auth::authenticator::PASSWORD_KEY, sstring(password)}},
[&a, &c, username](const auto& credentials) {
return a.authenticate(credentials).then([&c, username](auth::authenticated_user u) {
c.set_login(::make_shared<auth::authenticated_user>(std::move(u)));
return c.check_user_exists().then([&c] { return *c.user(); });
});
});
}
SEASTAR_TEST_CASE(test_password_authenticator_operations) {
db::config cfg;
cfg.authenticator(auth::password_authenticator_name());
@@ -82,7 +99,7 @@ SEASTAR_TEST_CASE(test_password_authenticator_operations) {
auto& a = env.local_auth_service().underlying_authenticator();
// check non-existing user
return a.authenticate({ { authenticator::USERNAME_KEY, username }, { authenticator::PASSWORD_KEY, password } }).then_wrapped([&a](future<auth::authenticated_user>&& f) {
return authenticate(env, username, password).then_wrapped([&a](future<auth::authenticated_user>&& f) {
try {
f.get();
BOOST_FAIL("should not reach");
@@ -94,16 +111,16 @@ SEASTAR_TEST_CASE(test_password_authenticator_operations) {
config.can_login = true;
options.password = password;
return auth::create_role(env.local_auth_service(), username, config, options).then([&a] {
return a.authenticate({ { authenticator::USERNAME_KEY, username }, { authenticator::PASSWORD_KEY, password } }).then([](auth::authenticated_user user) {
return auth::create_role(env.local_auth_service(), username, config, options).then([&env, &a] {
return authenticate(env, username, password).then([](auth::authenticated_user user) {
BOOST_REQUIRE_EQUAL(auth::is_anonymous(user), false);
BOOST_REQUIRE_EQUAL(*user.name, username);
});
});
});
}).then([&a] {
}).then([&env, &a] {
// check wrong password
return a.authenticate( { {authenticator::USERNAME_KEY, username}, {authenticator::PASSWORD_KEY, "hejkotte"}}).then_wrapped([](future<auth::authenticated_user>&& f) {
return authenticate(env, username, "hejkotte").then_wrapped([](future<auth::authenticated_user>&& f) {
try {
f.get();
BOOST_FAIL("should not reach");
@@ -133,8 +150,8 @@ SEASTAR_TEST_CASE(test_password_authenticator_operations) {
});
}).then([&env, &a] {
// check deleted user
return auth::drop_role(env.local_auth_service(), username).then([&a] {
return a.authenticate({ { authenticator::USERNAME_KEY, username }, { authenticator::PASSWORD_KEY, password } }).then_wrapped([](future<auth::authenticated_user>&& f) {
return auth::drop_role(env.local_auth_service(), username).then([&env, &a] {
return authenticate(env, username, password).then_wrapped([](future<auth::authenticated_user>&& f) {
try {
f.get();
BOOST_FAIL("should not reach");