diff options
author | Corey Hulen <corey@hulen.com> | 2018-06-12 10:16:39 -0700 |
---|---|---|
committer | Christopher Speller <crspeller@gmail.com> | 2018-06-12 10:16:39 -0700 |
commit | 656c8a62d145fc565e9a98e060329239d2d59fbd (patch) | |
tree | b4922cbf8b14992c353742e9e4225d7736a2e3a3 /api4/user_test.go | |
parent | 4ea7f6a2f7e61356996a3dfa85169f8db5d4d064 (diff) | |
download | chat-656c8a62d145fc565e9a98e060329239d2d59fbd.tar.gz chat-656c8a62d145fc565e9a98e060329239d2d59fbd.tar.bz2 chat-656c8a62d145fc565e9a98e060329239d2d59fbd.zip |
Prototype for CBA (#8475)
* Prototype for CBA
* Fixing gofmt issues
* Do not require password if logging in with certificate
* Fixing issues from feedback
* Adding unit tests
* Fixing feedback
Diffstat (limited to 'api4/user_test.go')
-rw-r--r-- | api4/user_test.go | 52 |
1 files changed, 52 insertions, 0 deletions
diff --git a/api4/user_test.go b/api4/user_test.go index 10f65e766..96aa55d5f 100644 --- a/api4/user_test.go +++ b/api4/user_test.go @@ -2235,6 +2235,58 @@ func TestSetProfileImage(t *testing.T) { t.Fatal(err) } } +func TestCBALogin(t *testing.T) { + th := Setup().InitBasic() + defer th.TearDown() + Client := th.Client + Client.Logout() + + th.App.SetLicense(model.NewTestLicense("saml")) + th.App.UpdateConfig(func(cfg *model.Config) { + *cfg.ExperimentalSettings.ClientSideCertEnable = true + *cfg.ExperimentalSettings.ClientSideCertCheck = model.CLIENT_SIDE_CERT_CHECK_PRIMARY_AUTH + }) + + user, resp := Client.Login(th.BasicUser.Email, th.BasicUser.Password) + if resp.Error.StatusCode != 400 && user == nil { + t.Fatal("Should have failed because it's missing the cert header") + } + + Client.HttpHeader["X-SSL-Client-Cert"] = "valid_cert_fake" + user, resp = Client.Login(th.BasicUser.Email, th.BasicUser.Password) + if resp.Error.StatusCode != 400 && user == nil { + t.Fatal("Should have failed because it's missing the cert subject") + } + + Client.HttpHeader["X-SSL-Client-Cert-Subject-DN"] = "C=US, ST=Maryland, L=Pasadena, O=Brent Baccala, OU=FreeSoft, CN=www.freesoft.org/emailAddress=mis_match" + th.BasicUser.Email + user, resp = Client.Login(th.BasicUser.Email, "") + if resp.Error.StatusCode != 400 && user == nil { + t.Fatal("Should have failed because the emails mismatch") + } + + Client.HttpHeader["X-SSL-Client-Cert-Subject-DN"] = "C=US, ST=Maryland, L=Pasadena, O=Brent Baccala, OU=FreeSoft, CN=www.freesoft.org/emailAddress=" + th.BasicUser.Email + user, resp = Client.Login(th.BasicUser.Email, "") + if !(user != nil && user.Email == th.BasicUser.Email) { + t.Fatal("Should have been able to login") + } + + th.App.UpdateConfig(func(cfg *model.Config) { + *cfg.ExperimentalSettings.ClientSideCertEnable = true + *cfg.ExperimentalSettings.ClientSideCertCheck = model.CLIENT_SIDE_CERT_CHECK_SECONDARY_AUTH + }) + + Client.HttpHeader["X-SSL-Client-Cert-Subject-DN"] = "C=US, ST=Maryland, L=Pasadena, O=Brent Baccala, OU=FreeSoft, CN=www.freesoft.org/emailAddress=" + th.BasicUser.Email + user, resp = Client.Login(th.BasicUser.Email, "") + if resp.Error.StatusCode != 400 && user == nil { + t.Fatal("Should have failed because password is required") + } + + Client.HttpHeader["X-SSL-Client-Cert-Subject-DN"] = "C=US, ST=Maryland, L=Pasadena, O=Brent Baccala, OU=FreeSoft, CN=www.freesoft.org/emailAddress=" + th.BasicUser.Email + user, resp = Client.Login(th.BasicUser.Email, th.BasicUser.Password) + if !(user != nil && user.Email == th.BasicUser.Email) { + t.Fatal("Should have been able to login") + } +} func TestSwitchAccount(t *testing.T) { th := Setup().InitBasic().InitSystemAdmin() |