236 lines
6.1 KiB
Go
236 lines
6.1 KiB
Go
package authntest
|
|
|
|
import (
|
|
"context"
|
|
|
|
"github.com/grafana/grafana/pkg/apimachinery/identity"
|
|
"github.com/grafana/grafana/pkg/models/usertoken"
|
|
"github.com/grafana/grafana/pkg/services/authn"
|
|
)
|
|
|
|
var _ authn.SSOClientConfig = new(FakeSSOClientConfig)
|
|
|
|
type FakeSSOClientConfig struct {
|
|
ExpectedName string
|
|
ExpectedIsAutoLoginEnabled bool
|
|
ExpectedIsSingleLogoutEnabled bool
|
|
ExpectedIsSkipOrgRoleSyncEnabled bool
|
|
ExpectedIsAllowAssignGrafanaAdminEnabled bool
|
|
}
|
|
|
|
func (f *FakeSSOClientConfig) GetDisplayName() string {
|
|
return f.ExpectedName
|
|
}
|
|
|
|
func (f *FakeSSOClientConfig) IsAutoLoginEnabled() bool {
|
|
return f.ExpectedIsAutoLoginEnabled
|
|
}
|
|
|
|
func (f *FakeSSOClientConfig) IsSingleLogoutEnabled() bool {
|
|
return f.ExpectedIsSingleLogoutEnabled
|
|
}
|
|
|
|
func (f *FakeSSOClientConfig) IsSkipOrgRoleSyncEnabled() bool {
|
|
return f.ExpectedIsSkipOrgRoleSyncEnabled
|
|
}
|
|
|
|
func (f *FakeSSOClientConfig) IsAllowAssignGrafanaAdminEnabled() bool {
|
|
return f.ExpectedIsAllowAssignGrafanaAdminEnabled
|
|
}
|
|
|
|
var (
|
|
_ authn.Service = new(FakeService)
|
|
_ authn.IdentitySynchronizer = new(FakeService)
|
|
)
|
|
|
|
type FakeService struct {
|
|
ExpectedClientConfig authn.SSOClientConfig
|
|
ExpectedErr error
|
|
ExpectedRedirect *authn.Redirect
|
|
ExpectedIdentity *authn.Identity
|
|
ExpectedErrs []error
|
|
ExpectedIdentities []*authn.Identity
|
|
CurrentIndex int
|
|
EnabledClients []string
|
|
}
|
|
|
|
func (f *FakeService) Authenticate(ctx context.Context, r *authn.Request) (*authn.Identity, error) {
|
|
if f.ExpectedIdentities != nil {
|
|
if f.CurrentIndex >= len(f.ExpectedIdentities) {
|
|
panic("ExpectedIdentities is empty")
|
|
}
|
|
if f.CurrentIndex >= len(f.ExpectedErrs) {
|
|
panic("ExpectedErrs is empty")
|
|
}
|
|
|
|
identity := f.ExpectedIdentities[f.CurrentIndex]
|
|
err := f.ExpectedErrs[f.CurrentIndex]
|
|
|
|
f.CurrentIndex += 1
|
|
|
|
return identity, err
|
|
}
|
|
|
|
return f.ExpectedIdentity, f.ExpectedErr
|
|
}
|
|
|
|
func (f *FakeService) IsClientEnabled(name string) bool {
|
|
// Consider all clients as enabled if EnabledClients is not explicitly set
|
|
if f.EnabledClients == nil {
|
|
return true
|
|
}
|
|
// Check if client is in the list of enabled clients
|
|
for _, s := range f.EnabledClients {
|
|
if s == name {
|
|
return true
|
|
}
|
|
}
|
|
return false
|
|
}
|
|
|
|
func (f *FakeService) GetClientConfig(name string) (authn.SSOClientConfig, bool) {
|
|
if f.ExpectedClientConfig == nil {
|
|
return nil, false
|
|
}
|
|
return f.ExpectedClientConfig, true
|
|
}
|
|
|
|
func (f *FakeService) RegisterPostAuthHook(hook authn.PostAuthHookFn, priority uint) {}
|
|
|
|
func (f *FakeService) RegisterPreLogoutHook(hook authn.PreLogoutHookFn, priority uint) {}
|
|
|
|
func (f *FakeService) Login(ctx context.Context, client string, r *authn.Request) (*authn.Identity, error) {
|
|
if f.ExpectedIdentities != nil {
|
|
if f.CurrentIndex >= len(f.ExpectedIdentities) {
|
|
panic("ExpectedIdentities is empty")
|
|
}
|
|
if f.CurrentIndex >= len(f.ExpectedErrs) {
|
|
panic("ExpectedErrs is empty")
|
|
}
|
|
|
|
identity := f.ExpectedIdentities[f.CurrentIndex]
|
|
err := f.ExpectedErrs[f.CurrentIndex]
|
|
|
|
f.CurrentIndex += 1
|
|
|
|
return identity, err
|
|
}
|
|
|
|
return f.ExpectedIdentity, f.ExpectedErr
|
|
}
|
|
|
|
func (f *FakeService) RegisterPostLoginHook(hook authn.PostLoginHookFn, priority uint) {}
|
|
|
|
func (f *FakeService) RedirectURL(ctx context.Context, client string, r *authn.Request) (*authn.Redirect, error) {
|
|
return f.ExpectedRedirect, f.ExpectedErr
|
|
}
|
|
|
|
func (f *FakeService) Logout(_ context.Context, _ identity.Requester, _ *usertoken.UserToken) (*authn.Redirect, error) {
|
|
panic("unimplemented")
|
|
}
|
|
|
|
func (f *FakeService) ResolveIdentity(ctx context.Context, orgID int64, typedID string) (*authn.Identity, error) {
|
|
if f.ExpectedIdentities != nil {
|
|
if f.CurrentIndex >= len(f.ExpectedIdentities) {
|
|
panic("ExpectedIdentities is empty")
|
|
}
|
|
if f.CurrentIndex >= len(f.ExpectedErrs) {
|
|
panic("ExpectedErrs is empty")
|
|
}
|
|
|
|
identity := f.ExpectedIdentities[f.CurrentIndex]
|
|
err := f.ExpectedErrs[f.CurrentIndex]
|
|
|
|
f.CurrentIndex += 1
|
|
|
|
return identity, err
|
|
}
|
|
|
|
identity := f.ExpectedIdentity
|
|
identity.OrgID = orgID
|
|
return identity, f.ExpectedErr
|
|
}
|
|
|
|
func (f *FakeService) RegisterClient(c authn.Client) {}
|
|
|
|
func (f *FakeService) SyncIdentity(ctx context.Context, identity *authn.Identity) error {
|
|
return f.ExpectedErr
|
|
}
|
|
|
|
var _ authn.ContextAwareClient = new(FakeClient)
|
|
|
|
type FakeClient struct {
|
|
ExpectedName string
|
|
ExpectedErr error
|
|
ExpectedTest bool
|
|
ExpectedPriority uint
|
|
ExpectedIdentity *authn.Identity
|
|
ExpectedStats map[string]any
|
|
}
|
|
|
|
func (f *FakeClient) Name() string {
|
|
return f.ExpectedName
|
|
}
|
|
|
|
func (f *FakeClient) Authenticate(ctx context.Context, r *authn.Request) (*authn.Identity, error) {
|
|
return f.ExpectedIdentity, f.ExpectedErr
|
|
}
|
|
|
|
func (f FakeClient) IsEnabled() bool { return true }
|
|
|
|
func (f *FakeClient) GetConfig() authn.SSOClientConfig {
|
|
return nil
|
|
}
|
|
|
|
func (f *FakeClient) Test(ctx context.Context, r *authn.Request) bool {
|
|
return f.ExpectedTest
|
|
}
|
|
|
|
func (f *FakeClient) Priority() uint {
|
|
return f.ExpectedPriority
|
|
}
|
|
|
|
func (f *FakeClient) UsageStatFn(ctx context.Context) (map[string]any, error) {
|
|
return f.ExpectedStats, f.ExpectedErr
|
|
}
|
|
|
|
var _ authn.PasswordClient = new(FakePasswordClient)
|
|
|
|
type FakePasswordClient struct {
|
|
ExpectedErr error
|
|
ExpectedIdentity *authn.Identity
|
|
}
|
|
|
|
func (f FakePasswordClient) AuthenticatePassword(ctx context.Context, r *authn.Request, username, password string) (*authn.Identity, error) {
|
|
return f.ExpectedIdentity, f.ExpectedErr
|
|
}
|
|
|
|
var _ authn.RedirectClient = new(FakeRedirectClient)
|
|
|
|
type FakeRedirectClient struct {
|
|
ExpectedErr error
|
|
ExpectedURL string
|
|
ExpectedName string
|
|
ExpectedOK bool
|
|
ExpectedRedirect *authn.Redirect
|
|
ExpectedIdentity *authn.Identity
|
|
}
|
|
|
|
func (f FakeRedirectClient) Name() string {
|
|
return f.ExpectedName
|
|
}
|
|
|
|
func (f FakeRedirectClient) Authenticate(ctx context.Context, r *authn.Request) (*authn.Identity, error) {
|
|
return f.ExpectedIdentity, f.ExpectedErr
|
|
}
|
|
|
|
func (f FakeRedirectClient) IsEnabled() bool { return true }
|
|
|
|
func (f FakeRedirectClient) RedirectURL(ctx context.Context, r *authn.Request) (*authn.Redirect, error) {
|
|
return f.ExpectedRedirect, f.ExpectedErr
|
|
}
|
|
|
|
func (f FakeRedirectClient) Test(ctx context.Context, r *authn.Request) bool {
|
|
return f.ExpectedOK
|
|
}
|