blob: 80ce5f833078d48b34566205263c7e5ed1032aae [file] [log] [blame]
// Copyright 2019 The Flutter Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
import 'dart:io';
import 'package:cocoon_service/src/request_handling/authentication.dart' show AuthenticatedContext;
import 'package:cocoon_service/src/request_handling/exceptions.dart';
import 'package:cocoon_service/src/request_handling/swarming_authentication.dart';
import 'package:cocoon_service/src/service/config.dart';
import 'package:http/http.dart' as http;
import 'package:http/testing.dart';
import 'package:test/test.dart';
import '../src/datastore/fake_config.dart';
import '../src/request_handling/fake_authentication.dart';
import '../src/request_handling/fake_http.dart';
void main() {
group('SwarmingAuthenticationProvider', () {
late FakeConfig config;
late FakeClientContext clientContext;
late FakeHttpRequest request;
late SwarmingAuthenticationProvider auth;
setUp(() {
config = FakeConfig();
clientContext = FakeClientContext();
request = FakeHttpRequest();
auth = SwarmingAuthenticationProvider(
config: config,
clientContextProvider: () => clientContext,
);
});
test('fails for App Engine cronjobs', () async {
request.headers.set('X-Appengine-Cron', 'true');
expect(auth.authenticate(request), throwsA(isA<Unauthenticated>()));
});
group('when access token is given', () {
late MockClient httpClient;
setUp(() {
auth = SwarmingAuthenticationProvider(
config: config,
clientContextProvider: () => clientContext,
httpClientProvider: () => httpClient,
);
});
test('auth succeeds with flutter luci service account', () async {
httpClient = MockClient((_) async => http.Response('{"email": "${Config.luciProdAccount}"}', HttpStatus.ok));
auth = SwarmingAuthenticationProvider(
config: config,
clientContextProvider: () => clientContext,
httpClientProvider: () => httpClient,
);
request.headers.add(SwarmingAuthenticationProvider.kSwarmingTokenHeader, 'token');
final AuthenticatedContext result = await auth.authenticate(request);
expect(result.clientContext, same(clientContext));
});
test('auth succeeds with frob service account', () async {
httpClient = MockClient((_) async => http.Response('{"email": "${Config.frobAccount}"}', HttpStatus.ok));
auth = SwarmingAuthenticationProvider(
config: config,
clientContextProvider: () => clientContext,
httpClientProvider: () => httpClient,
);
request.headers.add(SwarmingAuthenticationProvider.kSwarmingTokenHeader, 'token');
final AuthenticatedContext result = await auth.authenticate(request);
expect(result.clientContext, same(clientContext));
});
test('auth fails with non-luci service account', () async {
httpClient = MockClient((_) async => http.Response('{"email": "abc@gmail.com"}', HttpStatus.ok));
auth = SwarmingAuthenticationProvider(
config: config,
clientContextProvider: () => clientContext,
httpClientProvider: () => httpClient,
);
request.headers.add(SwarmingAuthenticationProvider.kSwarmingTokenHeader, 'unauthenticated token');
expect(auth.authenticate(request), throwsA(isA<Unauthenticated>()));
});
test('auth fails with unauthenticated service account token', () async {
httpClient = MockClient((_) async => http.Response('Invalid token', HttpStatus.unauthorized));
auth = SwarmingAuthenticationProvider(
config: config,
clientContextProvider: () => clientContext,
httpClientProvider: () => httpClient,
);
request.headers.add(SwarmingAuthenticationProvider.kSwarmingTokenHeader, 'unauthenticated token');
expect(auth.authenticate(request), throwsA(isA<Unauthenticated>()));
});
});
});
}