1a69fcfd04
- Updated the installation script to clarify that production wrappers do not include fixed test secrets, improving user guidance for local testing. - Modified the jiggablend-manager and jiggablend-runner scripts to remove fixed test configurations, emphasizing the use of local test credentials via `make init-test`. - Enhanced error handling in the runner script to ensure that an API key is provided, improving security and user feedback. - Added new flags and options for the runner, including sandboxing capabilities and GPU ray tracing control, enhancing flexibility for users. - Improved README documentation to reflect changes in usage and configuration, ensuring users have clear instructions for setup and execution.
89 lines
2.1 KiB
Go
89 lines
2.1 KiB
Go
package auth
|
|
|
|
import (
|
|
"context"
|
|
"net/http"
|
|
"net/http/httptest"
|
|
"os"
|
|
"testing"
|
|
"time"
|
|
)
|
|
|
|
func TestContextHelpers(t *testing.T) {
|
|
ctx := context.Background()
|
|
ctx = context.WithValue(ctx, contextKeyUserID, int64(123))
|
|
ctx = context.WithValue(ctx, contextKeyIsAdmin, true)
|
|
|
|
id, ok := GetUserID(ctx)
|
|
if !ok || id != 123 {
|
|
t.Fatalf("GetUserID() = (%d,%v), want (123,true)", id, ok)
|
|
}
|
|
if !IsAdmin(ctx) {
|
|
t.Fatal("expected IsAdmin to be true")
|
|
}
|
|
}
|
|
|
|
func TestIsProductionMode_UsesEnv(t *testing.T) {
|
|
t.Setenv("PRODUCTION", "true")
|
|
if !IsProductionMode() {
|
|
t.Fatal("expected production mode true when env is set")
|
|
}
|
|
}
|
|
|
|
func TestWriteUnauthorized_BehaviorByRequestType(t *testing.T) {
|
|
a := &Auth{}
|
|
|
|
reqAPI := httptest.NewRequest(http.MethodGet, "/api/jobs", nil)
|
|
rrAPI := httptest.NewRecorder()
|
|
a.writeUnauthorized(rrAPI, reqAPI)
|
|
if rrAPI.Code != http.StatusUnauthorized {
|
|
t.Fatalf("api code = %d", rrAPI.Code)
|
|
}
|
|
|
|
reqPage := httptest.NewRequest(http.MethodGet, "/dashboard", nil)
|
|
rrPage := httptest.NewRecorder()
|
|
a.writeUnauthorized(rrPage, reqPage)
|
|
if rrPage.Code != http.StatusFound {
|
|
t.Fatalf("page code = %d", rrPage.Code)
|
|
}
|
|
}
|
|
|
|
func TestIsProductionMode_DefaultFalse(t *testing.T) {
|
|
_ = os.Unsetenv("PRODUCTION")
|
|
if IsProductionMode() {
|
|
t.Fatal("expected false when PRODUCTION is unset")
|
|
}
|
|
}
|
|
|
|
func TestOAuthState_CreateConsumeAndReject(t *testing.T) {
|
|
a := &Auth{oauthStates: make(map[string]time.Time)}
|
|
state := a.CreateOAuthState()
|
|
if state == "" {
|
|
t.Fatal("expected non-empty state")
|
|
}
|
|
if !a.ConsumeOAuthState(state) {
|
|
t.Fatal("expected valid state to be accepted once")
|
|
}
|
|
if a.ConsumeOAuthState(state) {
|
|
t.Fatal("expected state to be single-use")
|
|
}
|
|
if a.ConsumeOAuthState("") {
|
|
t.Fatal("empty state must be rejected")
|
|
}
|
|
if a.ConsumeOAuthState("unknown-state") {
|
|
t.Fatal("unknown state must be rejected")
|
|
}
|
|
}
|
|
|
|
func TestOAuthState_ExpiredRejected(t *testing.T) {
|
|
a := &Auth{oauthStates: make(map[string]time.Time)}
|
|
state := "expired-state"
|
|
a.oauthMu.Lock()
|
|
a.oauthStates[state] = time.Now().Add(-time.Minute)
|
|
a.oauthMu.Unlock()
|
|
if a.ConsumeOAuthState(state) {
|
|
t.Fatal("expired state must be rejected")
|
|
}
|
|
}
|
|
|