Auth jetstream refactor (#3882)

* Sketch out minimal login/logout refactor implementation Signed-off-by: Kate E. Reinecke <[email protected]> * 1st version of auth refactor building and unit tests pass Signed-off-by: Kate E. Reinecke <[email protected]> * Finish sketching out minimal login/logout refactor implementation Signed-off-by: Kate E. Reinecke <[email protected]> * 1st version of auth refactor working * More imprvements to auth refactor Signed-off-by: Kate E. Reinecke <[email protected]> * Refactor complete docs started Signed-off-by: Kate E. Reinecke <[email protected]> * UAA Auth documented and complete Signed-off-by: Kate E. Reinecke <[email protected]> * Local Auth documented and complete Signed-off-by: Kate E. Reinecke <[email protected]> * Transfer some portalProxy fields to localAuth and uaaAuth structs Signed-off-by: Kate E. Reinecke <[email protected]> * Complete Login Auth refactor. Tidy up echo routing - create session and login auth groups Signed-off-by: Kate E. Reinecke <[email protected]> * Codeclimate fixes Signed-off-by: Kate E. Reinecke <[email protected]> * Fix codeclimate issue Signed-off-by: Kate E. Reinecke <[email protected]> * Don't log error when verifying session and session not found Signed-off-by: Kate E. Reinecke <[email protected]> * More appropriate log statement for login failure Signed-off-by: Kate E. Reinecke <[email protected]> * Fix automatic merge issue * Remove need for overriding auth type and initing auth service in CF hosting plugin * CF hosted remote user working * CF hosted local users working * Fix formatting of http error * Move back manifest file * Remove InitStratosAuthService from API
cloudfoundry · Nov 1, 2019 · ffc629e · ffc629e
1 parent dfd39c9
commit ffc629e
Show file tree

Hide file tree

Showing 29 changed files with 1,670 additions and 1,422 deletions.
diff --git a/src/jetstream/auth.go b/src/jetstream/auth.go
diff --git a/src/jetstream/auth_test.go b/src/jetstream/auth_test.go
@@ -14,7 +14,7 @@ import (
 
 	log "github.com/sirupsen/logrus"
 
-	"github.com/cloudfoundry-incubator/stratos/src/jetstream/repository/crypto"
+	"github.com/cloudfoundry-incubator/stratos/src/jetstream/crypto"
 	"github.com/cloudfoundry-incubator/stratos/src/jetstream/repository/interfaces"
 	"github.com/labstack/echo"
 	. "github.com/smartystreets/goconvey/convey"
@@ -48,14 +48,19 @@ func TestLoginToUAA(t *testing.T) {
 		pp.Config.ConsoleConfig.UAAEndpoint = uaaURL
 		pp.Config.ConsoleConfig.SkipSSLValidation = true
 		pp.Config.ConsoleConfig.AuthEndpointType = string(interfaces.Remote)
+		//Init the auth service
+		err := pp.InitStratosAuthService(interfaces.AuthEndpointTypes[pp.Config.ConsoleConfig.AuthEndpointType])
+		if err != nil {
+			log.Fatalf("Could not initialise auth service: %v", err)
+		}
 
 		mock.ExpectQuery(selectAnyFromTokens).
 			WillReturnRows(expectNoRows())
 
 		mock.ExpectExec(insertIntoTokens).
 			WillReturnResult(sqlmock.NewResult(1, 1))
 
-		loginErr := pp.loginToUAA(ctx)
+		loginErr := pp.StratosAuthService.Login(ctx)
 
 		Convey("Should not fail to login", func() {
 			So(loginErr, ShouldBeNil)
@@ -78,7 +83,7 @@ func TestLocalLogin(t *testing.T) {
 		scope := "stratos.admin"
 
 		//Hash the password
-		passwordHash, _ := HashPassword(password)
+		passwordHash, _ := crypto.HashPassword(password)
 
 		//generate a user GUID
 		userGUID := uuid.NewV4().String()
@@ -94,6 +99,11 @@ func TestLocalLogin(t *testing.T) {
 		defer db.Close()
 
 		pp.Config.ConsoleConfig.AuthEndpointType = string(interfaces.Local)
+		//Init the auth service
+		err := pp.InitStratosAuthService(interfaces.AuthEndpointTypes[pp.Config.ConsoleConfig.AuthEndpointType])
+		if err != nil {
+			log.Fatalf("Could not initialise auth service: %v", err)
+		}
 
 		rows := sqlmock.NewRows([]string{"user_guid"}).AddRow(userGUID)
 		mock.ExpectQuery(findUserGUID).WithArgs(username).WillReturnRows(rows)
@@ -107,7 +117,7 @@ func TestLocalLogin(t *testing.T) {
 		//Expect exec to update local login time
 		mock.ExpectExec(updateLastLoginTime).WillReturnResult(sqlmock.NewResult(1, 1))
 
-		loginErr := pp.localLogin(ctx)
+		loginErr := pp.StratosAuthService.Login(ctx)
 
 		Convey("Should not fail to login", func() {
 			So(loginErr, ShouldBeNil)
@@ -130,7 +140,7 @@ func TestLocalLoginWithBadCredentials(t *testing.T) {
 		scope := "stratos.admin"
 
 		//Hash the password
-		passwordHash, _ := HashPassword(password)
+		passwordHash, _ := crypto.HashPassword(password)
 
 		//generate a user GUID
 		userGUID := uuid.NewV4().String()
@@ -147,14 +157,19 @@ func TestLocalLoginWithBadCredentials(t *testing.T) {
 		defer db.Close()
 
 		pp.Config.ConsoleConfig.AuthEndpointType = string(interfaces.Local)
+		//Init the auth service
+		err := pp.InitStratosAuthService(interfaces.AuthEndpointTypes[pp.Config.ConsoleConfig.AuthEndpointType])
+		if err != nil {
+			log.Fatalf("Could not initialise auth service: %v", err)
+		}
 
 		rows := sqlmock.NewRows([]string{"user_guid"}).AddRow(userGUID)
 		mock.ExpectQuery(findUserGUID).WithArgs(username).WillReturnRows(rows)
 
 		rows = sqlmock.NewRows([]string{"password_hash"}).AddRow(passwordHash)
 		mock.ExpectQuery(findPasswordHash).WithArgs(userGUID).WillReturnRows(rows)
 
-		loginErr := pp.localLogin(ctx)
+		loginErr := pp.StratosAuthService.Login(ctx)
 
 		Convey("Should fail to login", func() {
 			So(loginErr, ShouldNotBeNil)
@@ -175,7 +190,7 @@ func TestLocalLoginWithNoAdminScope(t *testing.T) {
 		password := "localuserpass"
 
 		//Hash the password
-		passwordHash, _ := HashPassword(password)
+		passwordHash, _ := crypto.HashPassword(password)
 
 		//generate a user GUID
 		userGUID := uuid.NewV4().String()
@@ -200,12 +215,17 @@ func TestLocalLoginWithNoAdminScope(t *testing.T) {
 		pp.Config.ConsoleConfig = new(interfaces.ConsoleConfig)
 		pp.Config.ConsoleConfig.LocalUserScope = "stratos.admin"
 		pp.Config.ConsoleConfig.AuthEndpointType = string(interfaces.Local)
+		//Init the auth service
+		err := pp.InitStratosAuthService(interfaces.AuthEndpointTypes[pp.Config.ConsoleConfig.AuthEndpointType])
+		if err != nil {
+			log.Fatalf("Could not initialise auth service: %v", err)
+		}
 
 		//The user trying to log in has a non-admin scope
 		rows = sqlmock.NewRows([]string{"scope"}).AddRow(wrongScope)
 		mock.ExpectQuery(findUserScope).WithArgs(userGUID).WillReturnRows(rows)
 
-		loginErr := pp.localLogin(ctx)
+		loginErr := pp.StratosAuthService.Login(ctx)
 
 		Convey("Should fail to login", func() {
 			So(loginErr, ShouldNotBeNil)
@@ -242,8 +262,13 @@ func TestLoginToUAAWithBadCreds(t *testing.T) {
 		pp.Config.ConsoleConfig.UAAEndpoint = uaaURL
 		pp.Config.ConsoleConfig.SkipSSLValidation = true
 		pp.Config.ConsoleConfig.AuthEndpointType = string(interfaces.Remote)
+		//Init the auth service
+		err := pp.InitStratosAuthService(interfaces.AuthEndpointTypes[pp.Config.ConsoleConfig.AuthEndpointType])
+		if err != nil {
+			log.Fatalf("Could not initialise auth service: %v", err)
+		}
 
-		err := pp.loginToUAA(ctx)
+		err = pp.StratosAuthService.Login(ctx)
 		Convey("Login to UAA should fail", func() {
 			So(err, ShouldNotBeNil)
 		})
@@ -283,6 +308,11 @@ func TestLoginToUAAButCantSaveToken(t *testing.T) {
 		pp.Config.ConsoleConfig.UAAEndpoint = uaaURL
 		pp.Config.ConsoleConfig.SkipSSLValidation = true
 		pp.Config.ConsoleConfig.AuthEndpointType = string(interfaces.Remote)
+		//Init the auth service
+		err := pp.InitStratosAuthService(interfaces.AuthEndpointTypes[pp.Config.ConsoleConfig.AuthEndpointType])
+		if err != nil {
+			log.Fatalf("Could not initialise auth service: %v", err)
+		}
 
 		mock.ExpectQuery(selectAnyFromTokens).
 			// WithArgs(mockUserGUID).
@@ -292,7 +322,7 @@ func TestLoginToUAAButCantSaveToken(t *testing.T) {
 		mock.ExpectExec(insertIntoTokens).
 			WillReturnError(errors.New("Unknown Database Error"))
 
-		loginErr := pp.loginToUAA(ctx)
+		loginErr := pp.StratosAuthService.Login(ctx)
 		Convey("Should not fail to login", func() {
 			So(loginErr, ShouldNotBeNil)
 		})
@@ -544,7 +574,18 @@ func TestLogout(t *testing.T) {
 		res, _, ctx, pp, db, _ := setupHTTPTest(req)
 		defer db.Close()
 
-		pp.logout(ctx)
+		pp.Config.ConsoleConfig.AuthEndpointType = string(interfaces.Local)
+		//Init the auth service
+		err := pp.InitStratosAuthService(interfaces.AuthEndpointTypes[pp.Config.ConsoleConfig.AuthEndpointType])
+		if err != nil {
+			log.Warnf("%v, defaulting to auth type: remote", err)
+			err = pp.InitStratosAuthService(interfaces.Remote)
+			if err != nil {
+				log.Fatalf("Could not initialise auth service: %v", err)
+			}
+		}
+
+		pp.StratosAuthService.Logout(ctx)
 
 		header := res.Header()
 		setCookie := header.Get("Set-Cookie")