Tests

deps/rabbitmq_auth_backend_oauth2/Makefile

@@ -1,7 +1,7 @@
 PROJECT = rabbitmq_auth_backend_uaa
 
 DEPS = mochiweb amqp_client
-TEST_DEPS = rabbit
+TEST_DEPS = cowboy rabbitmq_web_dispatch rabbit
 
 DEP_PLUGINS = rabbit_common/mk/rabbitmq-plugin.mk
 
@@ -13,3 +13,6 @@ ERLANG_MK_COMMIT = rabbitmq-tmp
 
 include rabbitmq-components.mk
 include erlang.mk
+
+WITH_BROKER_TEST_COMMANDS:= \
+	rabbit_auth_backend_uaa_test:tests()

deps/rabbitmq_auth_backend_oauth2/src/rabbit_auth_backend_uaa.erl

@@ -84,10 +84,6 @@ check_token(Token) ->
     {port, Port} = lists:keyfind(port, 1, URI),
     HostHdr = rabbit_misc:format("~s:~b", [Host, Port]),
     ReqBody = "token=" ++ http_uri:encode(binary_to_list(Token)),
-    rabbit_log:info("Req ~p", [{Path, 
-                         [{"Host", HostHdr}, {"Authorization", "Basic " ++ Auth}], 
-                         "application/x-www-form-urlencoded", 
-                         ReqBody}]),
     Resp = httpc:request(post, 
                         {Path, 
                          [{"Host", HostHdr}, {"Authorization", "Basic " ++ Auth}], 
@@ -100,6 +96,7 @@ check_token(Token) ->
             case Code of
                 200 -> parse_resp(Body);
                 400 -> parse_err(Body);
+                401 -> {error, invalid_resource_authorization};
                 _   -> {error, {Code, Body}}
             end;
         {error, _} = E -> E

deps/rabbitmq_auth_backend_oauth2/test/src/rabbit_auth_backend_uaa_test.erl

@@ -0,0 +1,105 @@
+-module(rabbit_auth_backend_uaa_test).
+
+-compile(export_all).
+
+-include_lib("rabbit_common/include/rabbit.hrl").
+
+-define(CLIENT,      "client").
+-define(SECRET,      "secret").
+-define(TOKEN,       <<"valid_token">>).
+-define(URL,         "http://localhost:5678/uaa").
+-define(RESOURCE_ID, "rebbitmq").
+
+tests() ->
+    init(),
+    test_token(),
+    test_errors(),
+    passed.
+
+init() ->
+    uaa_mock:register_context().
+
+test_token() ->
+    application:set_env(rabbitmq_auth_backend_uaa, resource_server_id, ?RESOURCE_ID),
+    application:set_env(rabbitmq_auth_backend_uaa, uri, ?URL),
+    application:set_env(rabbitmq_auth_backend_uaa, username, ?CLIENT),
+    application:set_env(rabbitmq_auth_backend_uaa, password, ?SECRET),
+    application:set_env(rabbit, auth_backends, [rabbit_auth_backend_uaa]),
+    {ok, #auth_user{username = ?TOKEN} = User} = 
+        rabbit_auth_backend_uaa:user_login_authentication(?TOKEN, any),
+    {refused, _, _} = 
+        rabbit_auth_backend_uaa:user_login_authentication(<<"not token">>, any),
+
+    {ok, none} = 
+        rabbit_auth_backend_uaa:user_login_authorization(?TOKEN),
+    {refused, _, _} = 
+        rabbit_auth_backend_uaa:user_login_authorization(<<"not token">>),
+
+    true = rabbit_auth_backend_uaa:check_vhost_access(User, <<"vhost">>, none),
+    false = rabbit_auth_backend_uaa:check_vhost_access(User, <<"non_vhost">>, none),
+
+    true = rabbit_auth_backend_uaa:check_resource_access(
+        User, 
+        #resource{virtual_host = <<"vhost">>,
+                  kind = queue,
+                  name = <<"foo">>},
+        configure),
+    true = rabbit_auth_backend_uaa:check_resource_access(
+        User, 
+        #resource{virtual_host = <<"vhost">>,
+                  kind = exchange,
+                  name = <<"foo">>},
+        write),
+    true = rabbit_auth_backend_uaa:check_resource_access(
+        User, 
+        #resource{virtual_host = <<"vhost">>,
+                  kind = topic,
+                  name = <<"foo">>},
+        read),
+
+    false = rabbit_auth_backend_uaa:check_resource_access(
+        User, 
+        #resource{virtual_host = <<"vhost">>,
+                  kind = queue,
+                  name = <<"foo1">>},
+        configure),
+    false = rabbit_auth_backend_uaa:check_resource_access(
+        User, 
+        #resource{virtual_host = <<"vhost">>,
+                  kind = exchange,
+                  name = <<"foo">>},
+        read),
+    false = rabbit_auth_backend_uaa:check_resource_access(
+        User, 
+        #resource{virtual_host = <<"vhost1">>,
+                  kind = topic,
+                  name = <<"foo">>},
+        read).
+
+test_errors() ->
+    application:set_env(rabbitmq_auth_backend_uaa, resource_server_id, ?RESOURCE_ID),
+    application:set_env(rabbitmq_auth_backend_uaa, uri, ?URL),
+    application:set_env(rabbitmq_auth_backend_uaa, username, ?CLIENT),
+    application:set_env(rabbitmq_auth_backend_uaa, password, "wrong_sectet"),
+    application:set_env(rabbit, auth_backends, [rabbit_auth_backend_uaa]),
+    %TODO: resource id test
+    {error, invalid_resource_authorization} = 
+        rabbit_auth_backend_uaa:user_login_authorization(?TOKEN),
+
+    application:set_env(rabbitmq_auth_backend_uaa, username, "wrong_client"),
+    application:set_env(rabbitmq_auth_backend_uaa, password, ?SECRET),
+
+    {error, invalid_resource_authorization} = 
+        rabbit_auth_backend_uaa:user_login_authorization(?TOKEN),
+
+    application:set_env(rabbitmq_auth_backend_uaa, username, ?CLIENT),
+    application:set_env(rabbitmq_auth_backend_uaa, uri, "http://wrong.url"),
+    {error, _} = 
+        rabbit_auth_backend_uaa:user_login_authorization(?TOKEN).
+
+
+
+
+
+
+

deps/rabbitmq_auth_backend_oauth2/test/src/uaa_mock.erl

@@ -0,0 +1,70 @@
+-module(uaa_mock).
+
+-export([
+         init/3
+        ,rest_init/2
+        ,allowed_methods/2
+        ,is_authorized/2
+        ]).
+
+-export([
+         content_types_accepted/2
+        ]).
+
+-export([
+         process_post/2
+        ]).
+
+-export([register_context/0]).
+
+-define(TOKEN, <<"valid_token">>).
+-define(CLIENT, <<"client">>).
+-define(SECRET, <<"secret">>).
+
+
+register_context() ->
+    rabbit_web_dispatch:register_context_handler(
+        rabbit_test_uaa, [{port, 5678}], "", 
+        cowboy_router:compile([{'_', [{"/uaa/check_token", uaa_mock, []}]}]), 
+        "UAA mock").
+
+init(_Transport, _Req, _Opts) ->
+    %% Compile the DTL template used for the authentication
+    %% form in the implicit grant flow.
+    {upgrade, protocol, cowboy_rest}.
+
+rest_init(Req, _Opts) ->
+    {ok, Req, undefined_state}.
+
+is_authorized(Req, State) ->
+    case cowboy_req:parse_header(<<"authorization">>, Req) of
+        {ok, {<<"basic">>, {Username, Password}}, _} ->
+            case {Username, Password} of
+                {?CLIENT, ?SECRET} -> {true, Req, State};
+                _                  -> {{false, <<>>}, Req, State}
+            end;
+        _ ->
+            {{false, <<>>}, Req, State}
+    end.
+
+content_types_accepted(Req, State) ->
+    {[{{<<"application">>, <<"x-www-form-urlencoded">>, []}, process_post}],
+    Req, State}.
+
+allowed_methods(Req, State) ->
+    {[<<"POST">>], Req, State}.
+
+process_post(Req, State) ->
+    {ok, Params, _Req2} = cowboy_req:body_qs(Req),
+    Token = proplists:get_value(<<"token">>, Params),
+    {ok, Reply} = case Token of
+        ?TOKEN -> cowboy_req:reply(200, [{<<"content-type">>, <<"application/json">>}], response(), Req);
+        _      -> cowboy_req:reply(400, [{<<"content-type">>, <<"application/json">>}], <<"{\"error\":\"invalid_token\"}">>, Req)
+    end,
+    {halt, Reply, State}.
+
+response() ->
+    mochijson2:encode([
+        {<<"foo">>, <<"bar">>},
+        {<<"scope">>, [<<"vhost_q_configure_foo">>, <<"vhost_ex_write_foo">>, <<"vhost_t_read_foo">>]}
+    ]).