diff options
author | Ronny <ronny@apache.org> | 2022-08-08 16:56:26 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2022-08-08 16:56:26 +0200 |
commit | f8dad2fe60b61fb1a5a5917b57cc646de237ba36 (patch) | |
tree | d68f55a2ece728e18c98e5e76a786fa560a57607 | |
parent | cfed4bb076401a224bee5c1f003ceceedecff0f0 (diff) | |
download | couchdb-f8dad2fe60b61fb1a5a5917b57cc646de237ba36.tar.gz |
Fix proxyauth_test and remove it from skipping tests (#4129)
After reverting #4094, bringing this back as a seperate fix.
-rw-r--r-- | test/elixir/test/config/skip.elixir | 4 | ||||
-rw-r--r-- | test/elixir/test/proxyauth_test.exs | 95 |
2 files changed, 31 insertions, 68 deletions
diff --git a/test/elixir/test/config/skip.elixir b/test/elixir/test/config/skip.elixir index bb27f13cd..7fbcacef7 100644 --- a/test/elixir/test/config/skip.elixir +++ b/test/elixir/test/config/skip.elixir @@ -2,10 +2,6 @@ "CookieAuthTest": [ "cookie auth" ], - "ProxyAuthTest": [ - "proxy auth with secret", - "proxy auth without secret" - ], "ReaderACLTest": [ "unrestricted db can be read" ], diff --git a/test/elixir/test/proxyauth_test.exs b/test/elixir/test/proxyauth_test.exs index 6bf21920b..ea57c1a0e 100644 --- a/test/elixir/test/proxyauth_test.exs +++ b/test/elixir/test/proxyauth_test.exs @@ -4,27 +4,7 @@ defmodule ProxyAuthTest do @moduletag :authentication @tag :with_db - test "proxy auth with secret", context do - db_name = context[:db_name] - - design_doc = %{ - _id: "_design/test", - language: "javascript", - shows: %{ - welcome: """ - function(doc,req) { - return "Welcome " + req.userCtx["name"]; - } - """, - role: """ - function(doc, req) { - return req.userCtx['roles'][0]; - } - """ - } - } - - {:ok, _} = create_doc(db_name, design_doc) + test "proxy auth with secret" do users_db_name = random_db_name() create_db(users_db_name) @@ -38,19 +18,19 @@ defmodule ProxyAuthTest do :value => users_db_name }, %{ - :section => "couch_httpd_auth", + :section => "chttpd_auth", :key => "proxy_use_secret", :value => "true" }, %{ - :section => "couch_httpd_auth", + :section => "chttpd_auth", :key => "secret", :value => secret } ] run_on_modified_server(server_config, fn -> - test_fun(db_name, users_db_name, secret) + test_fun(users_db_name, secret) end) delete_db(users_db_name) end @@ -63,15 +43,11 @@ defmodule ProxyAuthTest do end defp hex_hmac_sha1(secret, message) do - signature = case :erlang.system_info(:otp_release) do - '20' -> :crypto.hmac(:sha, secret, message) - '21' -> :crypto.hmac(:sha, secret, message) - _ -> :crypto.mac(:hmac, :sha, secret, message) - end + signature = :crypto.mac(:hmac, :sha, secret, message) Base.encode16(signature, case: :lower) end - def test_fun(db_name, users_db_name, secret) do + def test_fun(users_db_name, secret) do user = prepare_user_doc(name: "couch@apache.org", password: "test") create_doc(users_db_name, user) @@ -85,38 +61,24 @@ defmodule ProxyAuthTest do headers = [ "X-Auth-CouchDB-UserName": "couch@apache.org", - "X-Auth-CouchDB-Roles": "test", + "X-Auth-CouchDB-Roles": "test_role", "X-Auth-CouchDB-Token": hex_hmac_sha1(secret, "couch@apache.org") ] - resp = Couch.get("/#{db_name}/_design/test/_show/welcome", headers: headers) - assert resp.body == "Welcome couch@apache.org" - resp = Couch.get("/#{db_name}/_design/test/_show/role", headers: headers) - assert resp.body == "test" + resp2 = + Couch.get("/_session", + headers: headers + ) + + assert resp2.body["userCtx"]["name"] == "couch@apache.org" + assert resp2.body["userCtx"]["roles"] == ["test_role"] + assert resp2.body["info"]["authenticated"] == "proxy" + assert resp2.body["ok"] == true + end @tag :with_db - test "proxy auth without secret", context do - db_name = context[:db_name] - - design_doc = %{ - _id: "_design/test", - language: "javascript", - shows: %{ - welcome: """ - function(doc,req) { - return "Welcome " + req.userCtx["name"]; - } - """, - role: """ - function(doc, req) { - return req.userCtx['roles'][0]; - } - """ - } - } - - {:ok, _} = create_doc(db_name, design_doc) + test "proxy auth without secret" do users_db_name = random_db_name() create_db(users_db_name) @@ -128,20 +90,20 @@ defmodule ProxyAuthTest do :value => users_db_name }, %{ - :section => "couch_httpd_auth", + :section => "chttpd_auth", :key => "proxy_use_secret", :value => "false" } ] run_on_modified_server(server_config, fn -> - test_fun_no_secret(db_name, users_db_name) + test_fun_no_secret(users_db_name) end) delete_db(users_db_name) end - def test_fun_no_secret(db_name, users_db_name) do + def test_fun_no_secret(users_db_name) do user = prepare_user_doc(name: "couch@apache.org", password: "test") create_doc(users_db_name, user) @@ -155,13 +117,18 @@ defmodule ProxyAuthTest do headers = [ "X-Auth-CouchDB-UserName": "couch@apache.org", - "X-Auth-CouchDB-Roles": "test" + "X-Auth-CouchDB-Roles": "test_role_1,test_role_2" ] - resp = Couch.get("/#{db_name}/_design/test/_show/welcome", headers: headers) - assert resp.body == "Welcome couch@apache.org" + resp2 = + Couch.get("/_session", + headers: headers + ) + + assert resp2.body["userCtx"]["name"] == "couch@apache.org" + assert resp2.body["userCtx"]["roles"] == ["test_role_1", "test_role_2"] + assert resp2.body["info"]["authenticated"] == "proxy" + assert resp2.body["ok"] == true - resp = Couch.get("/#{db_name}/_design/test/_show/role", headers: headers) - assert resp.body == "test" end end |