Adjust golden files to cover broker cache structure

ubuntu · May 28, 2024 · 3591378 · 3591378
1 parent 1bd8b66
commit 3591378
Show file tree

Hide file tree

Showing 44 changed files with 59 additions and 34 deletions.
diff --git a/internal/broker/broker_test.go b/internal/broker/broker_test.go
@@ -16,6 +16,7 @@ import (
 	"github.com/ubuntu/oidc-broker/internal/providers/group"
 	"github.com/ubuntu/oidc-broker/internal/testutils"
 	"golang.org/x/oauth2"
+	"gopkg.in/yaml.v3"
 )
 
 var defaultProvider *httptest.Server
@@ -360,11 +361,14 @@ func TestIsAuthenticated(t *testing.T) {
 				require.NoError(t, err, "Setup: SaveToken should not have returned an error")
 			}
 
+			var readOnlyCacheCleanup, readOnlyTokenCleanup func()
 			if tc.readOnlyCacheDir {
 				if tc.preexistentToken != "" {
-					testutils.MakeReadOnly(t, b.TokenPathForSession(sessionID))
+					readOnlyTokenCleanup = testutils.MakeReadOnly(t, b.TokenPathForSession(sessionID))
+					t.Cleanup(readOnlyTokenCleanup)
 				}
-				testutils.MakeReadOnly(t, b.CachePath())
+				readOnlyCacheCleanup = testutils.MakeReadOnly(t, b.CachePath())
+				t.Cleanup(readOnlyCacheCleanup)
 			}
 
 			switch tc.firstChallenge {
@@ -414,46 +418,59 @@ func TestIsAuthenticated(t *testing.T) {
 				errStr := strings.ReplaceAll(fmt.Sprintf("%v", err), sessionID, "SESSION_ID")
 
 				got := isAuthenticatedResponse{Access: access, Data: data, Err: errStr}
-				goldenPath := testutils.GoldenPath(t) + ".first_call"
 
-				want := testutils.LoadWithUpdateFromGoldenYAML(t, got, testutils.WithGoldenPath(goldenPath))
-				require.Equal(t, want, got, "IsAuthenticated should have returned the expected value")
+				out, err := yaml.Marshal(got)
+				require.NoError(t, err, "Failed to marshal first response")
+
+				err = os.WriteFile(filepath.Join(outDir, "first_call"), out, 0600)
+				require.NoError(t, err, "Failed to write first response")
 			}()
+
 			if !tc.dontWaitForFirstCall {
 				<-firstCallDone
 			}
-			if !tc.wantSecondCall {
-				return
-			}
 
-			// Give some time for the first call
-			time.Sleep(10 * time.Millisecond)
+			if tc.wantSecondCall {
+				// Give some time for the first call
+				time.Sleep(10 * time.Millisecond)
 
-			secondAuthData := `{"challenge":"` + encryptChallenge(t, "passwordpassword", key) + `"}`
-			if tc.invalidAuthData {
-				secondAuthData = "invalid json"
-			}
+				secondAuthData := `{"challenge":"` + encryptChallenge(t, "passwordpassword", key) + `"}`
+				if tc.invalidAuthData {
+					secondAuthData = "invalid json"
+				}
 
-			secondCallDone := make(chan struct{})
-			go func() {
-				defer close(secondCallDone)
+				secondCallDone := make(chan struct{})
+				go func() {
+					defer close(secondCallDone)
 
-				updateAuthModes(t, b, sessionID, "newpassword")
+					updateAuthModes(t, b, sessionID, "newpassword")
 
-				access, data, err := b.IsAuthenticated(sessionID, secondAuthData)
+					access, data, err := b.IsAuthenticated(sessionID, secondAuthData)
 
-				// Redact variant session id from the response
-				data = strings.ReplaceAll(data, sessionID, "SESSION_ID")
-				errStr := strings.ReplaceAll(fmt.Sprintf("%v", err), sessionID, "SESSION_ID")
+					// Redact variant session id from the response
+					data = strings.ReplaceAll(data, sessionID, "SESSION_ID")
+					errStr := strings.ReplaceAll(fmt.Sprintf("%v", err), sessionID, "SESSION_ID")
 
-				got := isAuthenticatedResponse{Access: access, Data: data, Err: errStr}
-				goldenPath := testutils.GoldenPath(t) + ".second_call"
+					got := isAuthenticatedResponse{Access: access, Data: data, Err: errStr}
+					out, err := yaml.Marshal(got)
+					require.NoError(t, err, "Failed to marshal second response")
 
-				want := testutils.LoadWithUpdateFromGoldenYAML(t, got, testutils.WithGoldenPath(goldenPath))
-				require.Equal(t, want, got, "IsAuthenticated should have returned the expected value")
-			}()
+					err = os.WriteFile(filepath.Join(outDir, "second_call"), out, 0600)
+					require.NoError(t, err, "Failed to write second response")
+				}()
+				<-secondCallDone
+			}
 			<-firstCallDone
-			<-secondCallDone
+
+			// We need to restore some permissions in order to save the golden files.
+			if tc.readOnlyCacheDir {
+				readOnlyCacheCleanup()
+				if tc.preexistentToken != "" {
+					readOnlyTokenCleanup()
+				}
+			}
+
+			testutils.CompareTreesWithFiltering(t, outDir, testutils.GoldenPath(t), testutils.Update())
 		})
 	}
 }

diff --git a/...ing_with_password_refreshes_expired_token/cache/127.0.0.1_39523/[email protected] b/...ing_with_password_refreshes_expired_token/cache/127.0.0.1_39523/[email protected]
diff --git a/...ith_password_refreshes_expired_token/cache/127.0.0.1_39523/[email protected] b/...ith_password_refreshes_expired_token/cache/127.0.0.1_39523/[email protected]
@@ -0,0 +1 @@
+password
diff --git a/...ssword_refreshes_expired_token.first_call → ...ssword_refreshes_expired_token/first_call b/...ssword_refreshes_expired_token.first_call → ...ssword_refreshes_expired_token/first_call
diff --git a/...eachable_and_token_is_not_offline-expired/cache/127.0.0.1_41365/[email protected] b/...eachable_and_token_is_not_offline-expired/cache/127.0.0.1_41365/[email protected]
diff --git a/...ble_and_token_is_not_offline-expired/cache/127.0.0.1_41365/[email protected] b/...ble_and_token_is_not_offline-expired/cache/127.0.0.1_41365/[email protected]
@@ -0,0 +1 @@
+password
diff --git a/...d_token_is_not_offline-expired.first_call → ...d_token_is_not_offline-expired/first_call b/...d_token_is_not_offline-expired.first_call → ...d_token_is_not_offline-expired/first_call
@@ -1,10 +1,10 @@
 access: granted
 data: |-
     {"userinfo": {
-    		"name": "saved[email protected]",
+    		"name": "test[email protected]",
     		"uuid": "saved-user-id",
     		"gecos": "saved-user",
-    		"dir": "/home/saved[email protected]",
+    		"dir": "/home/test[email protected]",
     		"shell": "/usr/bin/bash",
     		"groups": [{"name": "saved-remote-group", "gid": "12345"}, {"name": "saved-local-group", "gid": ""}]
     }}

diff --git a/...thenticating_with_qrcode_reacquires_token/cache/127.0.0.1_39523/[email protected] b/...thenticating_with_qrcode_reacquires_token/cache/127.0.0.1_39523/[email protected]
diff --git a/...icating_with_qrcode_reacquires_token/cache/127.0.0.1_39523/[email protected] b/...icating_with_qrcode_reacquires_token/cache/127.0.0.1_39523/[email protected]
@@ -0,0 +1 @@
+qrcode
diff --git a/...g_with_qrcode_reacquires_token.first_call → ...g_with_qrcode_reacquires_token/first_call b/...g_with_qrcode_reacquires_token.first_call → ...g_with_qrcode_reacquires_token/first_call
diff --git a/..._with_qrcode_reacquires_token.second_call → ..._with_qrcode_reacquires_token/second_call b/..._with_qrcode_reacquires_token.second_call → ..._with_qrcode_reacquires_token/second_call
diff --git a/...authentication_data_is_invalid.first_call → ...authentication_data_is_invalid/first_call b/...authentication_data_is_invalid.first_call → ...authentication_data_is_invalid/first_call
@@ -1,3 +1,3 @@
-access: ""
+access: denied
 data: ""
 err: authentication data is not a valid json value
diff --git a/...error_when_can_not_cache_token.first_call → ...error_when_can_not_cache_token/first_call b/...error_when_can_not_cache_token.first_call → ...error_when_can_not_cache_token/first_call
diff --git a/...rror_when_can_not_cache_token.second_call → ...rror_when_can_not_cache_token/second_call b/...rror_when_can_not_cache_token.second_call → ...rror_when_can_not_cache_token/second_call
diff --git a/...challenge_can_not_be_decrypted.first_call → ...challenge_can_not_be_decrypted/first_call b/...challenge_can_not_be_decrypted.first_call → ...challenge_can_not_be_decrypted/first_call
diff --git a/...ticated_is_ongoing_for_session.first_call → ...ticated_is_ongoing_for_session/first_call b/...ticated_is_ongoing_for_session.first_call → ...ticated_is_ongoing_for_session/first_call
diff --git a/...icated_is_ongoing_for_session.second_call → ...icated_is_ongoing_for_session/second_call b/...icated_is_ongoing_for_session.second_call → ...icated_is_ongoing_for_session/second_call
@@ -1,3 +1,3 @@
-access: ""
+access: denied
 data: ""
 err: IsAuthenticated already running for session "SESSION_ID"
diff --git a/...rd_and_can_not_fetch_user_info.first_call → ...rd_and_can_not_fetch_user_info/first_call b/...rd_and_can_not_fetch_user_info.first_call → ...rd_and_can_not_fetch_user_info/first_call
diff --git a/...ssword_and_id_token_is_not_set.first_call → ...ssword_and_id_token_is_not_set/first_call b/...ssword_and_id_token_is_not_set.first_call → ...ssword_and_id_token_is_not_set/first_call
diff --git a/...wpassword_and_token_is_not_set.first_call → ...wpassword_and_token_is_not_set/first_call b/...wpassword_and_token_is_not_set.first_call → ...wpassword_and_token_is_not_set/first_call
diff --git a/...sword_and_cached_token_can't_be_refreshed/cache/127.0.0.1_39523/[email protected] b/...sword_and_cached_token_can't_be_refreshed/cache/127.0.0.1_39523/[email protected]
diff --git a/...ached_token_can't_be_refreshed.first_call → ...ached_token_can't_be_refreshed/first_call b/...ached_token_can't_be_refreshed.first_call → ...ached_token_can't_be_refreshed/first_call
diff --git a/...e_is_password_and_can_not_fetch_user_info/cache/127.0.0.1_39523/[email protected] b/...e_is_password_and_can_not_fetch_user_info/cache/127.0.0.1_39523/[email protected]
@@ -0,0 +1,2 @@
+�Vۇ�:�qBy?����pa�y-�Q/'W��;j^�	���I_��HN"˼���f��I=�~F�Q�{j)��8�7o���	�5�G[��j�$�ӑ�Ҕu=�����@�?�/Y�sE����+��M�����k�d�ϛ��V�yZ��;�~[�/�H&%Q�28T�W����(Sʤ����V�����qz�	�yg^�4#�L�":"o�@7��9%�I`n����^>�"��>���o����T�]��n�]j�,���ٹ{G�:���_0�L>ǿ=�UR���&�ŀ蜅Ј����=�V�����=�rO�2����'�q��:���[Q�'���I���%��h�P-I�ir�ϳے�/�I��y��!O�܇�ґ�����$��2�Co��;�gkf�S�W �Q��n��R�(���>��Jr]#���Z�S?�ٹ�ύ�A� G�T��l3-��/Q�5c���g����2w`sC)0��؇z�1)�r�	���G
+{۟�|�qc�e90�A[*��E

diff --git a/...rd_and_can_not_fetch_user_info.first_call → ...rd_and_can_not_fetch_user_info/first_call b/...rd_and_can_not_fetch_user_info.first_call → ...rd_and_can_not_fetch_user_info/first_call
diff --git a/..._password_and_can_not_update_cached_token/cache/127.0.0.1_39523/[email protected] b/..._password_and_can_not_update_cached_token/cache/127.0.0.1_39523/[email protected]
diff --git a/...nd_can_not_update_cached_token.first_call → ...nd_can_not_update_cached_token/first_call b/...nd_can_not_update_cached_token.first_call → ...nd_can_not_update_cached_token/first_call
diff --git a/...word_and_server_offline_and_token_expired/cache/127.0.0.1_38527/[email protected] b/...word_and_server_offline_and_token_expired/cache/127.0.0.1_38527/[email protected]
diff --git a/...rver_offline_and_token_expired.first_call → ...rver_offline_and_token_expired/first_call b/...rver_offline_and_token_expired.first_call → ...rver_offline_and_token_expired/first_call
diff --git a/...sword_and_token_does_not_exist.first_call → ...sword_and_token_does_not_exist/first_call b/...sword_and_token_does_not_exist.first_call → ...sword_and_token_does_not_exist/first_call
diff --git a/...hen_mode_is_password_and_token_is_invalid/cache/127.0.0.1_39523/[email protected] b/...hen_mode_is_password_and_token_is_invalid/cache/127.0.0.1_39523/[email protected]
@@ -0,0 +1 @@
+V4�-)�{�1�7h��:ko��T{��\����%�0����hT�?�Y�P��7��Z��%�t��5���M[���▸j{Rn!��'��9U�X��sX�7�
diff --git a/..._password_and_token_is_invalid.first_call → ..._password_and_token_is_invalid/first_call b/..._password_and_token_is_invalid.first_call → ..._password_and_token_is_invalid/first_call
diff --git a/...is_offline-valid_but_server_returns_error/cache/127.0.0.1_42373/[email protected] b/...is_offline-valid_but_server_returns_error/cache/127.0.0.1_42373/[email protected]
diff --git a/...valid_but_server_returns_error.first_call → ...valid_but_server_returns_error/first_call b/...valid_but_server_returns_error.first_call → ...valid_but_server_returns_error/first_call
diff --git a/...s_qrcode_and_can_not_get_token.first_call → ...s_qrcode_and_can_not_get_token/first_call b/...s_qrcode_and_can_not_get_token.first_call → ...s_qrcode_and_can_not_get_token/first_call
diff --git a/...qrcode_and_response_is_invalid.first_call → ...qrcode_and_response_is_invalid/first_call b/...qrcode_and_response_is_invalid.first_call → ...qrcode_and_response_is_invalid/first_call
diff --git a/...olden/error_when_provided_wrong_challenge/cache/127.0.0.1_39523/[email protected] b/...olden/error_when_provided_wrong_challenge/cache/127.0.0.1_39523/[email protected]
diff --git a/..._when_provided_wrong_challenge.first_call → ..._when_provided_wrong_challenge/first_call b/..._when_provided_wrong_challenge.first_call → ..._when_provided_wrong_challenge/first_call
diff --git a/...cessfully_authenticate_user_with_password/cache/127.0.0.1_39523/[email protected] b/...cessfully_authenticate_user_with_password/cache/127.0.0.1_39523/[email protected]
diff --git a/...ully_authenticate_user_with_password/cache/127.0.0.1_39523/[email protected] b/...ully_authenticate_user_with_password/cache/127.0.0.1_39523/[email protected]
@@ -0,0 +1 @@
+password
diff --git a/...uthenticate_user_with_password.first_call → ...uthenticate_user_with_password/first_call b/...uthenticate_user_with_password.first_call → ...uthenticate_user_with_password/first_call
@@ -1,10 +1,10 @@
 access: granted
 data: |-
     {"userinfo": {
-    		"name": "saved[email protected]",
+    		"name": "test[email protected]",
     		"uuid": "saved-user-id",
     		"gecos": "saved-user",
-    		"dir": "/home/saved[email protected]",
+    		"dir": "/home/test[email protected]",
     		"shell": "/usr/bin/bash",
     		"groups": [ {"name": "remote-group", "ugid": "12345"}, {"name": "linux-local-group", "ugid": ""} ]
     }}

diff --git a/...authenticate_user_with_qrcode+newpassword/cache/127.0.0.1_39523/[email protected] b/...authenticate_user_with_qrcode+newpassword/cache/127.0.0.1_39523/[email protected]
diff --git a/...nticate_user_with_qrcode+newpassword/cache/127.0.0.1_39523/[email protected] b/...nticate_user_with_qrcode+newpassword/cache/127.0.0.1_39523/[email protected]
@@ -0,0 +1 @@
+qrcode
diff --git a/...e_user_with_qrcode+newpassword.first_call → ...e_user_with_qrcode+newpassword/first_call b/...e_user_with_qrcode+newpassword.first_call → ...e_user_with_qrcode+newpassword/first_call
diff --git a/..._user_with_qrcode+newpassword.second_call → ..._user_with_qrcode+newpassword/second_call b/..._user_with_qrcode+newpassword.second_call → ..._user_with_qrcode+newpassword/second_call
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,2 @@
		�Vۇ�:�qBy?��pa�y-�Q/'W��;j^� ��I_��HN"˼��f��I=�~F�Q�{j)��8�7o�� 5�G[��j�$�ӑ�Ҕu=��@�?�/Y�sE��+��M����k�d�ϛ��V�yZ��;�~[�/�H&%Q�28T�W��(Sʤ��V��qz� �yg^�4#�L�":"o�@7��9%�I`n��^>�"��>��o��T�]��n�]j�,��ٹ{G�:��_0�L>ǿ=�UR��&�ŀ蜅Ј��=�V��=�rO�2��'�q��:��[Q�'��I��%��h�P-I�ir�ϳے�/�I��y��!O�܇�ґ��$��2�Co��;�gkf�S�W �Q��n��R�(��>��Jr]#��Z�S?�ٹ�ύ�A� G�T��l3-��/Q�5c��g��2w`sC)0��؇z�1)�r� ��G
		{۟�\|�qc�e90�A[*��E
Expand Down
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1 @@
		V4�-)�{�1�7h��:ko��T{��\��%�0��hT�?�Y�P��7��Z��%�t��5��M[��▸j{Rn!��'��9U�X��sX�7�