|
| 1 | +(ns oauth2.auth-test |
| 2 | + (:require |
| 3 | + [taoensso.timbre :as timbre :refer [debug info error]] |
| 4 | + [clojure.test :refer [deftest is testing]] |
| 5 | + [ring.mock.request :refer [request] :rename {request mock-request}] |
| 6 | + [bidi.bidi] |
| 7 | + [bidi.ring] |
| 8 | + [modular.config :as config] |
| 9 | + [modular.oauth2.local.pass :as pass] |
| 10 | + [webly.spa.handler.handler :refer [make-handler]] |
| 11 | + [modular.permission.service :refer [add-permissioned-services]] |
| 12 | + [modular.permission.role :as role] |
| 13 | + [modular.permission.websocket :refer [set-user! service-authorized?]] |
| 14 | + [modular.permission.user :refer [print-users]])) |
| 15 | + |
| 16 | +(deftest pwd-hash-test [] |
| 17 | + (is (= (pass/pwd-hash "1234") "a231498f6c1f441aa98482ea0b224ffa"))) |
| 18 | + |
| 19 | +; set the required config for the auth test |
| 20 | + |
| 21 | +(config/set! :oauth2 |
| 22 | + {:local {:client-secret "123456789"}}) |
| 23 | + |
| 24 | +(config/set! :users |
| 25 | + {:demo {:roles #{:admin :logistic} |
| 26 | + :password "a231498f6c1f441aa98482ea0b224ffa" ; "1234" |
| 27 | + |
| 28 | + |
| 29 | +(print-users) |
| 30 | + |
| 31 | +(deftest auth-test [] |
| 32 | + (info "config: " (pr-str (config/get-in-config []))) |
| 33 | + (let [{:keys [user token] :as t} (pass/get-token "demo" "1234")] |
| 34 | + (info "get-token result token: " (pr-str t)) |
| 35 | + (is (= user :demo)) |
| 36 | + (is (= {:user :demo} (pass/verify-token token))))) |
| 37 | + |
| 38 | +(deftest perm-test [] |
| 39 | + (is (role/authorized? nil nil)) ; no user for route without permission requirement is authorized |
| 40 | + (is (role/authorized? nil :demo)) ; user for route with permssion is authorized |
| 41 | + |
| 42 | + (is (= (role/authorized? #{} :demo) true)) ; authorized user required |
| 43 | + (is (= (role/authorized? #{} nil) false)) ; no user for route with permission does not pass |
| 44 | + |
| 45 | + (is (role/authorized? #{:admin} :demo)) |
| 46 | + (is (not (role/authorized? #{:heroic-warrior} :demo))) |
| 47 | + (is (not (role/authorized? #{:admin} :crazy-ponny))) |
| 48 | + |
| 49 | + ; |
| 50 | + ) |
| 51 | +(add-permissioned-services |
| 52 | + {:public2 nil |
| 53 | + :hello #{} |
| 54 | + :add #{:math} |
| 55 | + :calc #{:logistic}}) |
| 56 | + |
| 57 | +(deftest service-test [] |
| 58 | + (is (= (service-authorized? :public2 "2") true)) ; public2 does not need any permission => authorized |
| 59 | + (is (= (service-authorized? :public1 "1") false)) ; public1 is not defined => not authorized. |
| 60 | + |
| 61 | + (is (= (service-authorized? :hello "3") false)) ; :hello needs login. but "3" is not logged in => not authorized |
| 62 | + (is (= (service-authorized? :add "4") false)) ; hello needs role :math, but "4" is not logged in ==> not authorized |
| 63 | + (set-user! "3" :demo) |
| 64 | + (set-user! "4" :demo) |
| 65 | + (is (= (service-authorized? :hello "3") true)) |
| 66 | + ; "3" => :demo [:admin :logistic} |
| 67 | + ; :hello does not need any role ==> authorized |
| 68 | + (is (not (service-authorized? :add "4"))) |
| 69 | + (is (service-authorized? :calc "3"))) |
| 70 | + |
| 71 | + |
0 commit comments