103 lines
3.0 KiB
Go
103 lines
3.0 KiB
Go
package backends
|
|
|
|
import (
|
|
"path/filepath"
|
|
"testing"
|
|
|
|
"github.com/iegomez/mosquitto-go-auth/hashing"
|
|
log "github.com/sirupsen/logrus"
|
|
. "github.com/smartystreets/goconvey/convey"
|
|
)
|
|
|
|
func TestFilesBackend(t *testing.T) {
|
|
// The bulk of files testing is done in the internal files checker, we'll just check obvious initialization and defaults.
|
|
|
|
authOpts := make(map[string]string)
|
|
logLevel := log.DebugLevel
|
|
hasher := hashing.NewHasher(authOpts, "files")
|
|
|
|
Convey("When files backend is set, missing passwords path should make NewFiles fail when registered to check users", t, func() {
|
|
authOpts["backends"] = "files"
|
|
authOpts["files_register"] = "user"
|
|
|
|
_, err := NewFiles(authOpts, logLevel, hasher)
|
|
So(err, ShouldNotBeNil)
|
|
})
|
|
|
|
Convey("When files backend is set, missing passwords path should not make NewFiles fail when not registered to check users", t, func() {
|
|
authOpts["backends"] = "files"
|
|
delete(authOpts, "files_register")
|
|
|
|
_, err := NewFiles(authOpts, logLevel, hasher)
|
|
So(err, ShouldBeNil)
|
|
})
|
|
|
|
Convey("When passwords path is given, NewFiles should succeed", t, func() {
|
|
pwPath, err := filepath.Abs("../test-files/passwords")
|
|
So(err, ShouldBeNil)
|
|
|
|
authOpts["backends"] = "files"
|
|
authOpts["files_register"] = "user"
|
|
authOpts["files_password_path"] = pwPath
|
|
|
|
_, err = NewFiles(authOpts, logLevel, hasher)
|
|
So(err, ShouldBeNil)
|
|
})
|
|
|
|
Convey("When Files is only registered to check acls and there are no rules for the tested user", t, func() {
|
|
aclPath, err := filepath.Abs("../test-files/acls-only")
|
|
So(err, ShouldBeNil)
|
|
|
|
authOpts["backends"] = "files"
|
|
authOpts["files_register"] = "acl"
|
|
authOpts["files_acl_path"] = aclPath
|
|
delete(authOpts, "files_password_path")
|
|
|
|
f, err := NewFiles(authOpts, logLevel, hasher)
|
|
So(err, ShouldBeNil)
|
|
|
|
granted, err := f.CheckAcl("some-user", "any/topic", "client-id", 1)
|
|
So(err, ShouldBeNil)
|
|
So(granted, ShouldBeTrue)
|
|
|
|
granted, err = f.CheckAcl("test1", "any/topic", "client-id", 1)
|
|
So(err, ShouldBeNil)
|
|
So(granted, ShouldBeFalse)
|
|
})
|
|
|
|
Convey("With acls only test case", t, func() {
|
|
aclPath, err := filepath.Abs("../test-files/acls-read-only")
|
|
So(err, ShouldBeNil)
|
|
|
|
So(err, ShouldBeNil)
|
|
|
|
authOpts["backends"] = "files"
|
|
authOpts["files_register"] = "acl"
|
|
authOpts["files_acl_path"] = aclPath
|
|
delete(authOpts, "files_password_path")
|
|
|
|
f, err := NewFiles(authOpts, logLevel, hasher)
|
|
So(err, ShouldBeNil)
|
|
|
|
granted, err := f.CheckAcl("some-user", "clients/wrong-topic", "client-id", 1)
|
|
So(err, ShouldBeNil)
|
|
So(granted, ShouldBeFalse)
|
|
|
|
granted, err = f.CheckAcl("some-user", "clients/wrong-topic", "client-id", 2)
|
|
So(err, ShouldBeNil)
|
|
So(granted, ShouldBeFalse)
|
|
|
|
granted, err = f.CheckAcl("some-user", "clients/topic", "client-id", 2)
|
|
So(err, ShouldBeNil)
|
|
So(granted, ShouldBeFalse)
|
|
|
|
granted, err = f.CheckAcl("some-user", "clients/topic", "client-id", 1)
|
|
So(err, ShouldBeNil)
|
|
So(granted, ShouldBeTrue)
|
|
|
|
granted, err = f.CheckAcl("some-user", "clients/client-id", "client-id", 2)
|
|
So(err, ShouldBeNil)
|
|
So(granted, ShouldBeTrue)
|
|
})
|
|
}
|