ocket8888 commented on a change in pull request #4374: Create API v2 tests URL: https://github.com/apache/trafficcontrol/pull/4374#discussion_r375403210
########## File path: traffic_ops/testing/api/v2/loginfail_test.go ########## @@ -0,0 +1,129 @@ +package v2 + +/* + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +*/ + +import ( + "crypto/tls" + "net/http" + "net/http/cookiejar" + "testing" + "time" + + "golang.org/x/net/publicsuffix" + + toclient "github.com/apache/trafficcontrol/traffic_ops/client" +) + +func TestLoginFail(t *testing.T) { + WithObjs(t, []TCObj{CDNs}, func() { + PostTestLoginFail(t) + LoginWithEmptyCredentialsTest(t) + }) + WithObjs(t, []TCObj{Roles, Tenants, Users}, func() { + LoginWithTokenTest(t) + }) +} + +func PostTestLoginFail(t *testing.T) { + // This specifically tests a previous bug: auth failure returning a 200, causing the client to think the request succeeded, and deserialize no matching fields successfully, and return an empty object. + + userAgent := "to-api-v1-client-tests-loginfailtest" + uninitializedTOClient, err := getUninitializedTOClient(Config.TrafficOps.Users.Admin, Config.TrafficOps.UserPassword, Config.TrafficOps.URL, userAgent, time.Second*time.Duration(Config.Default.Session.TimeoutInSecs)) + if err != nil { + t.Fatalf("getting uninitialized client: %+v", err) + } + + if len(testData.CDNs) < 1 { + t.Fatal("cannot test login: must have at least 1 test data cdn") + } + expectedCDN := testData.CDNs[0] + actualCDNs, _, err := uninitializedTOClient.GetCDNByName(expectedCDN.Name) + if err != nil { + t.Fatalf("GetCDNByName err expected nil, actual '%+v'", err) + } + if len(actualCDNs) < 1 { + t.Fatal("uninitialized client should have retried login (possibly login failed with a 200, so it didn't try again, and the CDN request returned an auth failure with a 200, which the client reasonably thought was success, and deserialized with no matching keys, resulting in an empty object); len(actualCDNs) expected >1, actual 0") + } + actualCDN := actualCDNs[0] + if expectedCDN.Name != actualCDN.Name { + t.Fatalf("cdn.Name expected '%+v' actual '%+v'", expectedCDN.Name, actualCDN.Name) + } +} + +func LoginWithEmptyCredentialsTest(t *testing.T) { + userAgent := "to-api-v1-client-tests-loginfailtest" + _, _, err := toclient.LoginWithAgent(Config.TrafficOps.URL, Config.TrafficOps.Users.Admin, "", true, userAgent, false, time.Second*time.Duration(Config.Default.Session.TimeoutInSecs)) + if err == nil { + t.Fatal("expected error when logging in with empty credentials, actual nil") + } +} + +func LoginWithTokenTest(t *testing.T) { + db, err := OpenConnection() + if err != nil { + t.Fatalf("Failed to get database connection: %v", err) + } + + allowedToken := "test" + disallowedToken := "quest" + + if _, err = db.Exec(`UPDATE tm_user SET token=$1 WHERE id = (SELECT id FROM tm_user WHERE role != (SELECT id FROM role WHERE name='disallowed') LIMIT 1)`, allowedToken); err != nil { + t.Fatalf("Failed to set allowed token: %v", err) + } + + if _, err = db.Exec(`UPDATE tm_user SET token=$1 WHERE id = (SELECT id FROM tm_user WHERE role = (SELECT id FROM role WHERE name='disallowed') LIMIT 1)`, disallowedToken); err != nil { + t.Fatalf("Failed to set disallowed token: %v", err) + } + + userAgent := "to-api-v1-client-tests-loginfailtest" Review comment: should say v2 now ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected] With regards, Apache Git Services
