blob: 859d582c6a42e69140bcde1e56a8d12d63910b56 [file] [log] [blame]
// Copyright 2016 The LUCI Authors.
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// See the License for the specific language governing permissions and
// limitations under the License.
package auth
import (
. ""
. ""
func withSigner(s signing.Signer) router.MiddlewareChain {
return router.NewMiddlewareChain(
func(c *router.Context, next router.Handler) {
c.Context = ModifyConfig(c.Context, func(cfg Config) Config {
cfg.Signer = s
return cfg
func TestCertificatesHandler(t *testing.T) {
call := func(s signing.Signer) (*signing.PublicCertificates, error) {
r := router.New()
InstallHandlers(r, withSigner(s))
ts := httptest.NewServer(r)
defer ts.Close()
// Note: there are two contexts. One for outer /certificates call
// (this one), and another for /certificates request handler (it is setup
// in the middleware chain above).
ctx := caching.WithEmptyProcessCache(context.Background())
ctx = ModifyConfig(ctx, func(cfg Config) Config {
cfg.AnonymousTransport = func(context.Context) http.RoundTripper {
return http.DefaultTransport
return cfg
return signing.FetchCertificates(ctx, ts.URL+"/auth/api/v1/server/certificates")
Convey("Works", t, func() {
certs, err := call(&phonySigner{})
So(err, ShouldBeNil)
So(len(certs.Certificates), ShouldEqual, 1)
Convey("No signer", t, func() {
_, err := call(nil)
So(err, ShouldErrLike, "HTTP code (404)")
Convey("Error getting certs", t, func() {
_, err := call(&phonySigner{errors.New("fail")})
So(err, ShouldErrLike, "HTTP code (500)")
func TestServiceInfoHandler(t *testing.T) {
Convey("Works", t, func() {
r := router.New()
signer := &phonySigner{}
InstallHandlers(r, withSigner(signer))
w := httptest.NewRecorder()
req, _ := http.NewRequest("GET", "/auth/api/v1/server/info", nil)
r.ServeHTTP(w, req)
So(w.Code, ShouldEqual, 200)
So(w.Body.String(), ShouldResemble,
signer.err = errors.New("fail")
w = httptest.NewRecorder()
req, _ = http.NewRequest("GET", "/auth/api/v1/server/info", nil)
r.ServeHTTP(w, req)
So(w.Code, ShouldEqual, 500)
So(w.Body.String(), ShouldResemble, "{\"error\":\"Can't grab service info - fail\"}\n")
func TestClientIDHandler(t *testing.T) {
Convey("Works", t, func() {
var clientIDErr error
modConfig := router.NewMiddlewareChain(
func(c *router.Context, next router.Handler) {
c.Context = ModifyConfig(c.Context, func(cfg Config) Config {
cfg.FrontendClientID = func(context.Context) (string, error) {
return "fake-client-id", clientIDErr
return cfg
r := router.New()
InstallHandlers(r, modConfig)
w := httptest.NewRecorder()
req, _ := http.NewRequest("GET", "/auth/api/v1/server/client_id", nil)
r.ServeHTTP(w, req)
So(w.Code, ShouldEqual, 200)
So(w.Body.String(), ShouldResemble, `{"client_id":"fake-client-id"}`+"\n")
clientIDErr = errors.New("fail")
w = httptest.NewRecorder()
req, _ = http.NewRequest("GET", "/auth/api/v1/server/client_id", nil)
r.ServeHTTP(w, req)
So(w.Code, ShouldEqual, 500)
So(w.Body.String(), ShouldResemble, "{\"error\":\"Can't grab the client ID - fail\"}\n")
type phonySigner struct {
err error
func (s *phonySigner) SignBytes(ctx context.Context, blob []byte) (string, []byte, error) {
if s.err != nil {
return "", nil, s.err
return "phonyKey", []byte("signature"), nil
func (s *phonySigner) Certificates(ctx context.Context) (*signing.PublicCertificates, error) {
if s.err != nil {
return nil, s.err
return &signing.PublicCertificates{
Certificates: []signing.Certificate{
KeyName: "phonyKey",
X509CertificatePEM: "phonyPEM",
}, nil
func (s *phonySigner) ServiceInfo(ctx context.Context) (*signing.ServiceInfo, error) {
if s.err != nil {
return nil, s.err
return &signing.ServiceInfo{
AppID: "phony-app",
AppRuntime: "go",
AppRuntimeVersion: "go1.5.1",
AppVersion: "1234-abcdef",
ServiceAccountName: "",
}, nil