Skip to content

Commit

Permalink
auth: Fix simpleToken to respect disabled state for assign
Browse files Browse the repository at this point in the history
  • Loading branch information
jpbetz committed Oct 13, 2017
1 parent d392deb commit 5c46805
Show file tree
Hide file tree
Showing 2 changed files with 70 additions and 0 deletions.
3 changes: 3 additions & 0 deletions auth/simple_token.go
Original file line number Diff line number Diff line change
Expand Up @@ -118,6 +118,9 @@ func (t *tokenSimple) genTokenPrefix() (string, error) {
func (t *tokenSimple) assignSimpleTokenToUser(username, token string) {
t.simpleTokensMu.Lock()
defer t.simpleTokensMu.Unlock()
if t.simpleTokenKeeper == nil {
return
}

_, ok := t.simpleTokens[token]
if ok {
Expand Down
67 changes: 67 additions & 0 deletions auth/simple_token_test.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,67 @@
// Copyright 2017 The etcd Authors
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.

package auth

import (
"context"
"testing"
)

// TestSimpleTokenDisabled ensures that TokenProviderSimple behaves correctly when
// disabled.
func TestSimpleTokenDisabled(t *testing.T) {
initialState := newTokenProviderSimple(dummyIndexWaiter)

explicitlyDisabled := newTokenProviderSimple(dummyIndexWaiter)
explicitlyDisabled.enable()
explicitlyDisabled.disable()

for _, tp := range []*tokenSimple{initialState, explicitlyDisabled} {
ctx := context.WithValue(context.WithValue(context.TODO(), "index", uint64(1)), "simpleToken", "dummy")
token, err := tp.assign(ctx, "user1", 0)
if err != nil {
t.Fatal(err)
}
authInfo, ok := tp.info(ctx, token, 0)
if ok {
t.Errorf("expected (true, \"user1\") got (%t, %s)", ok, authInfo.Username)
}

tp.invalidateUser("user1") // should be no-op
}
}

// TestSimpleTokenAssign ensures that TokenProviderSimple can correctly assign a
// token, look it up with info, and invalidate it by user.
func TestSimpleTokenAssign(t *testing.T) {
tp := newTokenProviderSimple(dummyIndexWaiter)
tp.enable()
ctx := context.WithValue(context.WithValue(context.TODO(), "index", uint64(1)), "simpleToken", "dummy")
token, err := tp.assign(ctx, "user1", 0)
if err != nil {
t.Fatal(err)
}
authInfo, ok := tp.info(ctx, token, 0)
if !ok || authInfo.Username != "user1" {
t.Errorf("expected (true, \"token2\") got (%t, %s)", ok, authInfo.Username)
}

tp.invalidateUser("user1")

authInfo, ok = tp.info(context.TODO(), token, 0)
if ok {
t.Errorf("expected ok == false after user is invalidated")
}
}

0 comments on commit 5c46805

Please sign in to comment.