mirror of
https://github.com/pomerium/pomerium.git
synced 2025-05-02 20:06:03 +02:00
66b4c2d3cd
proxy: Add user dashboard. [GH-123] proxy/authenticate: Add manual refresh of their session. [GH-73] authorize: Add administrator (super user) account support. [GH-110] internal/policy: Allow administrators to impersonate other users. [GH-110]
77 lines
2.1 KiB
Go
77 lines
2.1 KiB
Go
package clients
|
|
|
|
import (
|
|
"context"
|
|
"testing"
|
|
|
|
"github.com/golang/mock/gomock"
|
|
"github.com/pomerium/pomerium/internal/sessions"
|
|
"github.com/pomerium/pomerium/proto/authorize"
|
|
mock "github.com/pomerium/pomerium/proto/authorize/mock_authorize"
|
|
)
|
|
|
|
func TestAuthorizeGRPC_Authorize(t *testing.T) {
|
|
ctrl := gomock.NewController(t)
|
|
defer ctrl.Finish()
|
|
client := mock.NewMockAuthorizerClient(ctrl)
|
|
client.EXPECT().Authorize(
|
|
gomock.Any(),
|
|
gomock.Any(),
|
|
).Return(&authorize.AuthorizeReply{IsValid: true}, nil).AnyTimes()
|
|
|
|
tests := []struct {
|
|
name string
|
|
route string
|
|
s *sessions.SessionState
|
|
want bool
|
|
wantErr bool
|
|
}{
|
|
{"good", "hello.pomerium.io", &sessions.SessionState{User: "admin@pomerium.io", Email: "admin@pomerium.io"}, true, false},
|
|
{"session cannot be nil", "hello.pomerium.io", nil, false, true},
|
|
}
|
|
for _, tt := range tests {
|
|
t.Run(tt.name, func(t *testing.T) {
|
|
a := &AuthorizeGRPC{client: client}
|
|
got, err := a.Authorize(context.Background(), tt.route, tt.s)
|
|
if (err != nil) != tt.wantErr {
|
|
t.Errorf("AuthorizeGRPC.Authorize() error = %v, wantErr %v", err, tt.wantErr)
|
|
return
|
|
}
|
|
if got != tt.want {
|
|
t.Errorf("AuthorizeGRPC.Authorize() = %v, want %v", got, tt.want)
|
|
}
|
|
})
|
|
}
|
|
}
|
|
func TestAuthorizeGRPC_IsAdmin(t *testing.T) {
|
|
ctrl := gomock.NewController(t)
|
|
defer ctrl.Finish()
|
|
client := mock.NewMockAuthorizerClient(ctrl)
|
|
client.EXPECT().IsAdmin(
|
|
gomock.Any(),
|
|
gomock.Any(),
|
|
).Return(&authorize.IsAdminReply{IsAdmin: true}, nil).AnyTimes()
|
|
|
|
tests := []struct {
|
|
name string
|
|
s *sessions.SessionState
|
|
want bool
|
|
wantErr bool
|
|
}{
|
|
{"good", &sessions.SessionState{User: "admin@pomerium.io", Email: "admin@pomerium.io"}, true, false},
|
|
{"session cannot be nil", nil, false, true},
|
|
}
|
|
for _, tt := range tests {
|
|
t.Run(tt.name, func(t *testing.T) {
|
|
a := &AuthorizeGRPC{client: client}
|
|
got, err := a.IsAdmin(context.Background(), tt.s)
|
|
if (err != nil) != tt.wantErr {
|
|
t.Errorf("AuthorizeGRPC.IsAdmin() error = %v, wantErr %v", err, tt.wantErr)
|
|
return
|
|
}
|
|
if got != tt.want {
|
|
t.Errorf("AuthorizeGRPC.IsAdmin() = %v, want %v", got, tt.want)
|
|
}
|
|
})
|
|
}
|
|
}
|