luci: Index | Files

package authtest

import ""

Package authtest implements some interfaces used by auth package to simplify unit testing.


Package Files

config.go db.go doc.go method.go session.go state.go


var ErrAuthenticationError = errors.New("authtest: fake Authenticate error")

ErrAuthenticationError is returned by FakeAuth.Authenticate.

func MockAuthConfig Uses

func MockAuthConfig(ctx context.Context) context.Context

MockAuthConfig configures the auth library for unit tests environment.

You need this *only* if your tests call auth.Authenticate(...) or auth.GetRPCTransport(...). If your tests only check groups or permissions (for example when testing bodies of request handlers), use FakeState instead. See its docs for some examples.

type FakeAuth Uses

type FakeAuth struct {
    User *auth.User // user to return in Authenticate or nil for error

FakeAuth implements auth.Method's Authenticate by returning predefined user.

func (FakeAuth) Authenticate Uses

func (m FakeAuth) Authenticate(context.Context, *http.Request) (*auth.User, error)

Authenticate returns predefined User object (if it is not nil) or error.

func (FakeAuth) LoginURL Uses

func (m FakeAuth) LoginURL(ctx context.Context, dest string) (string, error)

LoginURL returns fake login URL.

func (FakeAuth) LogoutURL Uses

func (m FakeAuth) LogoutURL(ctx context.Context, dest string) (string, error)

LogoutURL returns fake logout URL.

type FakeDB Uses

type FakeDB struct {
    // contains filtered or unexported fields

FakeDB implements authdb.DB by mocking membership and permission checks.

Initialize it with a bunch of mocks like:

db := authtest.NewFakeDB(

authtest.MockMembership("", "group"),
authtest.MockPermission("", "proj:realm", perm),


The list of mocks can also be extended later via db.AddMocks(...).

func NewFakeDB Uses

func NewFakeDB(mocks ...MockedDatum) *FakeDB

NewFakeDB creates a FakeDB populated with the given mocks.

Construct mocks using MockMembership, MockPermission, MockIPWhitelist and MockError functions.

func (*FakeDB) AddMocks Uses

func (db *FakeDB) AddMocks(mocks ...MockedDatum)

AddMocks applies a bunch of mocks to the state in the db.

func (*FakeDB) CheckMembership Uses

func (db *FakeDB) CheckMembership(ctx context.Context, id identity.Identity, groups []string) (out []string, err error)

CheckMembership is part of authdb.DB interface.

func (*FakeDB) GetAuthServiceURL Uses

func (db *FakeDB) GetAuthServiceURL(ctx context.Context) (string, error)

GetAuthServiceURL is part of authdb.DB interface.

func (*FakeDB) GetCertificates Uses

func (db *FakeDB) GetCertificates(ctx context.Context, id identity.Identity) (*signing.PublicCertificates, error)

GetCertificates is part of authdb.DB interface.

func (*FakeDB) GetRealmData Uses

func (db *FakeDB) GetRealmData(ctx context.Context, realm string) (*protocol.RealmData, error)

GetRealmData is part of authdb.DB interface.

func (*FakeDB) GetTokenServiceURL Uses

func (db *FakeDB) GetTokenServiceURL(ctx context.Context) (string, error)

GetTokenServiceURL is part of authdb.DB interface.

func (*FakeDB) GetWhitelistForIdentity Uses

func (db *FakeDB) GetWhitelistForIdentity(ctx context.Context, ident identity.Identity) (string, error)

GetWhitelistForIdentity is part of authdb.DB interface.

func (*FakeDB) HasPermission Uses

func (db *FakeDB) HasPermission(ctx context.Context, id identity.Identity, perm realms.Permission, realm string) (bool, error)

HasPermission is part of authdb.DB interface.

func (*FakeDB) IsAllowedOAuthClientID Uses

func (db *FakeDB) IsAllowedOAuthClientID(ctx context.Context, email, clientID string) (bool, error)

IsAllowedOAuthClientID is part of authdb.DB interface.

func (*FakeDB) IsInWhitelist Uses

func (db *FakeDB) IsInWhitelist(ctx context.Context, ip net.IP, whitelist string) (bool, error)

IsInWhitelist is part of authdb.DB interface.

func (*FakeDB) IsInternalService Uses

func (db *FakeDB) IsInternalService(ctx context.Context, hostname string) (bool, error)

IsInternalService is part of authdb.DB interface.

func (*FakeDB) IsMember Uses

func (db *FakeDB) IsMember(ctx context.Context, id identity.Identity, groups []string) (bool, error)

IsMember is part of authdb.DB interface.

func (*FakeDB) Use Uses

func (db *FakeDB) Use(ctx context.Context) context.Context

Use installs the fake db into the context.

Note that if you use auth.WithState(ctx, &authtest.FakeState{...}), you don't need this method. Modify FakeDB in the FakeState instead. See its doc for some examples.

type FakeState Uses

type FakeState struct {
    // Identity is main identity associated with the request.
    // identity.AnonymousIdentity if not set.
    Identity identity.Identity

    // IdentityGroups is list of groups the calling identity belongs to.
    IdentityGroups []string

    // IdentityPermissions is a list of (realm, permission) tuples that define
    // caller's permissions.
    IdentityPermissions []RealmPermission

    // PeerIPWhitelists is a list of IP whitelists the caller IP belongs to.
    PeerIPWhitelists []string

    // Error, if not nil, is returned by auth DB checks.
    Error error

    // FakeDB is an authdb.DB implementation to use.
    // If not nil, takes precedence over IdentityGroups, IdentityPermissions,
    // PeerIPWhitelists and Error.
    FakeDB authdb.DB

    // PeerIdentityOverride may be set for PeerIdentity() to return custom value.
    // By default PeerIdentity() returns Identity (i.e. no delegation is
    // happening).
    PeerIdentityOverride identity.Identity

    // PeerIPOverride may be set for PeerIP() to return custom value.
    // By default PeerIP() returns "".
    PeerIPOverride net.IP

    // UserCredentialsOverride may be set to override UserCredentials().
    // By default UserCredentials() returns ErrNoForwardableCreds error.
    UserCredentialsOverride *oauth2.Token

func (*FakeState) Authenticator Uses

func (s *FakeState) Authenticator() *auth.Authenticator

Authenticator is part of State interface.

func (*FakeState) DB Uses

func (s *FakeState) DB() authdb.DB

DB is part of State interface.

func (*FakeState) Method Uses

func (s *FakeState) Method() auth.Method

Method is part of State interface.

func (*FakeState) PeerIP Uses

func (s *FakeState) PeerIP() net.IP

PeerIP is part of State interface.

func (*FakeState) PeerIdentity Uses

func (s *FakeState) PeerIdentity() identity.Identity

PeerIdentity is part of State interface.

func (*FakeState) User Uses

func (s *FakeState) User() *auth.User

User is part of State interface.

func (*FakeState) UserCredentials Uses

func (s *FakeState) UserCredentials() (*oauth2.Token, error)

UserCredentials is part of State interface.

type MemorySessionStore Uses

type MemorySessionStore struct {
    // contains filtered or unexported fields

MemorySessionStore implement auth.SessionStore.

func (*MemorySessionStore) CloseSession Uses

func (s *MemorySessionStore) CloseSession(ctx context.Context, sessionID string) error

CloseSession closes a session given its ID. Does nothing if session is already closed or doesn't exist. Returns only transient errors.

func (*MemorySessionStore) GetSession Uses

func (s *MemorySessionStore) GetSession(ctx context.Context, sessionID string) (*auth.Session, error)

GetSession returns existing non-expired session given its ID. Returns nil if session doesn't exist, closed or expired. Returns only transient errors.

func (*MemorySessionStore) OpenSession Uses

func (s *MemorySessionStore) OpenSession(ctx context.Context, userID string, u *auth.User, exp time.Time) (string, error)

OpenSession create a new session for a user with given expiration time. It returns unique session ID.

type MockedDatum Uses

type MockedDatum struct {
    // contains filtered or unexported fields

MockedDatum is a return value of various Mock* constructors.

func MockError Uses

func MockError(err error) MockedDatum

MockError modifies db to make its methods return this error.

`err` may be nil, in which case the previously mocked error is removed.

func MockIPWhitelist Uses

func MockIPWhitelist(ip, whitelist string) MockedDatum

MockIPWhitelist modifies db to make IsInWhitelist(ip, whitelist) == true.

Panics if `ip` is not a valid IP address.

func MockMembership Uses

func MockMembership(id identity.Identity, group string) MockedDatum

MockMembership modifies db to make IsMember(id, group) == true.

func MockPermission Uses

func MockPermission(id identity.Identity, realm string, perm realms.Permission) MockedDatum

MockPermission modifies db to make HasPermission(id, realm, perm) == true.

Panics if `realm` is not a valid globally scoped realm, i.e. it doesn't look like "<project>:<realm>".

func MockRealmData Uses

func MockRealmData(realm string, data *protocol.RealmData) MockedDatum

MockRealmData modifies what db's GetRealmData returns.

Panics if `realm` is not a valid globally scoped realm, i.e. it doesn't look like "<project>:<realm>".

type RealmPermission Uses

type RealmPermission struct {
    Realm      string
    Permission realms.Permission

RealmPermission is used to populate IdentityPermissions in FakeState.

Package authtest imports 17 packages (graph) and is imported by 5 packages. Updated 2021-01-17. Refresh now. Tools for package owners.