|
| 1 | +%% The contents of this file are subject to the Mozilla Public License |
| 2 | +%% Version 1.1 (the "License"); you may not use this file except in |
| 3 | +%% compliance with the License. You may obtain a copy of the License at |
| 4 | +%% http://www.mozilla.org/MPL/ |
| 5 | +%% |
| 6 | +%% Software distributed under the License is distributed on an "AS IS" |
| 7 | +%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See the |
| 8 | +%% License for the specific language governing rights and limitations |
| 9 | +%% under the License. |
| 10 | +%% |
| 11 | +%% The Original Code is RabbitMQ. |
| 12 | +%% |
| 13 | +%% The Initial Developer of the Original Code is GoPivotal, Inc. |
| 14 | +%% Copyright (c) 2017 Pivotal Software, Inc. All rights reserved. |
| 15 | + |
| 16 | +-module(auth_SUITE). |
| 17 | + |
| 18 | +-include_lib("common_test/include/ct.hrl"). |
| 19 | +-include_lib("eunit/include/eunit.hrl"). |
| 20 | +-include_lib("rabbit_common/include/rabbit.hrl"). |
| 21 | + |
| 22 | +-compile(export_all). |
| 23 | + |
| 24 | +-define(AUTH_PORT, 8000). |
| 25 | +-define(USER_PATH, "/auth/user"). |
| 26 | +-define(BACKEND_CONFIG, |
| 27 | + [{http_method, get}, |
| 28 | + {user_path, "http://localhost:" ++ integer_to_list(?AUTH_PORT) ++ ?USER_PATH}, |
| 29 | + {vhost_path, "http://localhost:" ++ integer_to_list(?AUTH_PORT) ++ "/auth/vhost"}, |
| 30 | + {resource_path, "http://localhost:" ++ integer_to_list(?AUTH_PORT) ++ "/auth/resource"}, |
| 31 | + {topic_path, "http://localhost:" ++ integer_to_list(?AUTH_PORT) ++ "/auth/topic"}]). |
| 32 | +-define(ALLOWED_USER, #{username => <<"Ala">>, |
| 33 | + password => <<"Kocur">>, |
| 34 | + tags => [policymaker, monitoring]}). |
| 35 | +-define(DENIED_USER, #{username => <<"Alice">>, password => <<"Cat">>}). |
| 36 | + |
| 37 | +all() -> [grants_access_to_user, denies_access_to_user]. |
| 38 | + |
| 39 | +init_per_suite(Config) -> |
| 40 | + configure_http_auth_backend(), |
| 41 | + #{username := Username, password := Password, tags := Tags} = ?ALLOWED_USER, |
| 42 | + start_http_auth_server(?AUTH_PORT, ?USER_PATH, #{Username => {Password, Tags}}), |
| 43 | + [{allowed_user, ?ALLOWED_USER}, {denied_user, ?DENIED_USER} | Config]. |
| 44 | + |
| 45 | +end_per_suite(_Config) -> |
| 46 | + stop_http_auth_server(). |
| 47 | + |
| 48 | +grants_access_to_user(Config) -> |
| 49 | + #{username := U, password := P, tags := T} = ?config(allowed_user, Config), |
| 50 | + ?assertMatch({ok, #auth_user{username = U, tags = T}}, |
| 51 | + rabbit_auth_backend_http:user_login_authentication(U, [{password, P}])). |
| 52 | + |
| 53 | +denies_access_to_user(Config) -> |
| 54 | + #{username := U, password := P} = ?config(denied_user, Config), |
| 55 | + ?assertMatch({refused,"Denied by HTTP plugin",[]}, |
| 56 | + rabbit_auth_backend_http:user_login_authentication(U, [{password, P}])). |
| 57 | + |
| 58 | +%%% HELPERS |
| 59 | + |
| 60 | +configure_http_auth_backend() -> |
| 61 | + {ok, _} = application:ensure_all_started(inets), |
| 62 | + [application:set_env(rabbitmq_auth_backend_http, K, V) || {K, V} <- ?BACKEND_CONFIG]. |
| 63 | + |
| 64 | +start_http_auth_server(Port, Path, Users) -> |
| 65 | + application:ensure_all_started(cowboy), |
| 66 | + Dispatch = cowboy_router:compile([{'_', [{Path, auth_http_mock, Users}]}]), |
| 67 | + {ok, _} = cowboy:start_clear( |
| 68 | + mock_http_auth_listener, [{port, Port}], #{env => #{dispatch => Dispatch}}). |
| 69 | + |
| 70 | +stop_http_auth_server() -> |
| 71 | + cowboy:stop_listener(mock_http_auth_listener). |
0 commit comments