1
package bakerytest_test
10
"github.com/juju/httprequest"
11
gc "gopkg.in/check.v1"
13
"gopkg.in/macaroon-bakery.v1/bakery"
14
"gopkg.in/macaroon-bakery.v1/bakery/checkers"
15
"gopkg.in/macaroon-bakery.v1/bakerytest"
16
"gopkg.in/macaroon-bakery.v1/httpbakery"
20
client *httpbakery.Client
23
func (s *suite) SetUpTest(c *gc.C) {
24
s.client = httpbakery.NewClient()
27
var _ = gc.Suite(&suite{})
29
func noCaveatChecker(_ *http.Request, cond, arg string) ([]checkers.Caveat, error) {
33
func (s *suite) TestDischargerSimple(c *gc.C) {
34
d := bakerytest.NewDischarger(nil, noCaveatChecker)
37
svc, err := bakery.NewService(bakery.NewServiceParams{
41
c.Assert(err, gc.IsNil)
42
m, err := svc.NewMacaroon("", nil, []checkers.Caveat{{
43
Location: d.Location(),
44
Condition: "something",
46
c.Assert(err, gc.IsNil)
47
ms, err := s.client.DischargeAll(m)
48
c.Assert(err, gc.IsNil)
49
c.Assert(ms, gc.HasLen, 2)
51
err = svc.Check(ms, failChecker)
52
c.Assert(err, gc.IsNil)
55
var failChecker = bakery.FirstPartyCheckerFunc(func(s string) error {
56
return fmt.Errorf("fail %s", s)
59
func (s *suite) TestDischargerTwoLevels(c *gc.C) {
60
d1checker := func(_ *http.Request, cond, arg string) ([]checkers.Caveat, error) {
62
return nil, fmt.Errorf("caveat refused")
66
d1 := bakerytest.NewDischarger(nil, d1checker)
68
d2checker := func(_ *http.Request, cond, arg string) ([]checkers.Caveat, error) {
69
return []checkers.Caveat{{
70
Location: d1.Location(),
71
Condition: "x" + cond,
74
d2 := bakerytest.NewDischarger(d1, d2checker)
76
locator := bakery.PublicKeyLocatorMap{
77
d1.Location(): d1.Service.PublicKey(),
78
d2.Location(): d2.Service.PublicKey(),
80
c.Logf("map: %s", locator)
81
svc, err := bakery.NewService(bakery.NewServiceParams{
85
c.Assert(err, gc.IsNil)
86
m, err := svc.NewMacaroon("", nil, []checkers.Caveat{{
87
Location: d2.Location(),
90
c.Assert(err, gc.IsNil)
92
ms, err := s.client.DischargeAll(m)
93
c.Assert(err, gc.IsNil)
94
c.Assert(ms, gc.HasLen, 3)
96
err = svc.Check(ms, failChecker)
97
c.Assert(err, gc.IsNil)
99
err = svc.AddCaveat(m, checkers.Caveat{
100
Location: d2.Location(),
103
c.Assert(err, gc.IsNil)
105
ms, err = s.client.DischargeAll(m)
106
c.Assert(err, gc.ErrorMatches, `cannot get discharge from "https://[^"]*": third party refused discharge: cannot discharge: caveat refused`)
107
c.Assert(ms, gc.HasLen, 0)
110
func (s *suite) TestInsecureSkipVerifyRestoration(c *gc.C) {
111
d1 := bakerytest.NewDischarger(nil, noCaveatChecker)
112
d2 := bakerytest.NewDischarger(nil, noCaveatChecker)
114
c.Assert(http.DefaultTransport.(*http.Transport).TLSClientConfig.InsecureSkipVerify, gc.Equals, true)
116
c.Assert(http.DefaultTransport.(*http.Transport).TLSClientConfig.InsecureSkipVerify, gc.Equals, false)
118
// When InsecureSkipVerify is already true, it should not
119
// be restored to false.
120
http.DefaultTransport.(*http.Transport).TLSClientConfig.InsecureSkipVerify = true
121
d3 := bakerytest.NewDischarger(nil, noCaveatChecker)
124
c.Assert(http.DefaultTransport.(*http.Transport).TLSClientConfig.InsecureSkipVerify, gc.Equals, true)
127
func (s *suite) TestConcurrentDischargers(c *gc.C) {
128
var wg sync.WaitGroup
129
for i := 0; i < 5; i++ {
132
d := bakerytest.NewDischarger(nil, noCaveatChecker)
138
c.Assert(http.DefaultTransport.(*http.Transport).TLSClientConfig.InsecureSkipVerify, gc.Equals, false)
141
func (s *suite) TestInteractiveDischarger(c *gc.C) {
142
var d *bakerytest.InteractiveDischarger
143
d = bakerytest.NewInteractiveDischarger(nil, http.HandlerFunc(
144
func(w http.ResponseWriter, r *http.Request) {
145
d.FinishInteraction(w, r, []checkers.Caveat{
147
Condition: "test pass",
154
svc, err := bakery.NewService(bakery.NewServiceParams{
158
c.Assert(err, gc.IsNil)
159
m, err := svc.NewMacaroon("", nil, []checkers.Caveat{{
160
Location: d.Location(),
161
Condition: "something",
163
c.Assert(err, gc.IsNil)
164
client := httpbakery.NewClient()
165
client.VisitWebPage = func(u *url.URL) error {
166
var c httprequest.Client
167
return c.Get(u.String(), nil)
169
ms, err := client.DischargeAll(m)
170
c.Assert(err, gc.IsNil)
171
c.Assert(ms, gc.HasLen, 2)
173
var r recordingChecker
174
err = svc.Check(ms, &r)
175
c.Assert(err, gc.IsNil)
176
c.Assert(r.caveats, gc.HasLen, 1)
177
c.Assert(r.caveats[0], gc.Equals, "test pass")
180
func (s *suite) TestLoginDischargerError(c *gc.C) {
181
var d *bakerytest.InteractiveDischarger
182
d = bakerytest.NewInteractiveDischarger(nil, http.HandlerFunc(
183
func(w http.ResponseWriter, r *http.Request) {
184
d.FinishInteraction(w, r, nil, errors.New("test error"))
189
svc, err := bakery.NewService(bakery.NewServiceParams{
193
c.Assert(err, gc.IsNil)
194
m, err := svc.NewMacaroon("", nil, []checkers.Caveat{{
195
Location: d.Location(),
196
Condition: "something",
198
c.Assert(err, gc.IsNil)
199
client := httpbakery.NewClient()
200
client.VisitWebPage = func(u *url.URL) error {
201
c.Logf("visiting %s", u)
202
var c httprequest.Client
203
return c.Get(u.String(), nil)
205
_, err = client.DischargeAll(m)
206
c.Assert(err, gc.ErrorMatches, `cannot get discharge from ".*": failed to acquire macaroon after waiting: third party refused discharge: test error`)
209
func (s *suite) TestInteractiveDischargerURL(c *gc.C) {
210
var d *bakerytest.InteractiveDischarger
211
d = bakerytest.NewInteractiveDischarger(nil, http.HandlerFunc(
212
func(w http.ResponseWriter, r *http.Request) {
213
http.Redirect(w, r, d.URL("/redirect", r), http.StatusFound)
217
d.Mux.Handle("/redirect", http.HandlerFunc(
218
func(w http.ResponseWriter, r *http.Request) {
219
d.FinishInteraction(w, r, nil, nil)
222
svc, err := bakery.NewService(bakery.NewServiceParams{
226
c.Assert(err, gc.IsNil)
227
m, err := svc.NewMacaroon("", nil, []checkers.Caveat{{
228
Location: d.Location(),
229
Condition: "something",
231
c.Assert(err, gc.IsNil)
232
client := httpbakery.NewClient()
233
client.VisitWebPage = func(u *url.URL) error {
234
var c httprequest.Client
235
return c.Get(u.String(), nil)
237
ms, err := client.DischargeAll(m)
238
c.Assert(err, gc.IsNil)
239
c.Assert(ms, gc.HasLen, 2)
241
err = svc.Check(ms, failChecker)
242
c.Assert(err, gc.IsNil)
245
type recordingChecker struct {
249
func (c *recordingChecker) CheckFirstPartyCaveat(caveat string) error {
250
c.caveats = append(c.caveats, caveat)