mirror of
https://github.com/goharbor/harbor.git
synced 2024-10-01 06:47:33 +02:00
remove oidc controller and add more UTs
Signed-off-by: wang yan <wangyan@vmware.com>
This commit is contained in:
parent
0de5999f52
commit
41018041f7
@ -36,6 +36,12 @@ const (
|
|||||||
// ErrDupRows is returned by DAO when inserting failed with error "duplicate key value violates unique constraint"
|
// ErrDupRows is returned by DAO when inserting failed with error "duplicate key value violates unique constraint"
|
||||||
var ErrDupRows = errors.New("sql: duplicate row in DB")
|
var ErrDupRows = errors.New("sql: duplicate row in DB")
|
||||||
|
|
||||||
|
// ErrRollback is returned by DAO when transaction roll back failed
|
||||||
|
var ErrRollback = errors.New("<Ormer.Rollback> transaction roll back error")
|
||||||
|
|
||||||
|
// ErrCommit is returned by DAO when transaction commit failed
|
||||||
|
var ErrCommit = errors.New("<Ormer.Commit> transaction roll back error")
|
||||||
|
|
||||||
// Database is an interface of different databases
|
// Database is an interface of different databases
|
||||||
type Database interface {
|
type Database interface {
|
||||||
// Name returns the name of database
|
// Name returns the name of database
|
||||||
|
@ -18,27 +18,13 @@ import (
|
|||||||
"fmt"
|
"fmt"
|
||||||
"strings"
|
"strings"
|
||||||
"time"
|
"time"
|
||||||
|
"errors"
|
||||||
|
|
||||||
"github.com/astaxie/beego/orm"
|
"github.com/astaxie/beego/orm"
|
||||||
"github.com/goharbor/harbor/src/common/models"
|
"github.com/goharbor/harbor/src/common/models"
|
||||||
"github.com/goharbor/harbor/src/common/utils/log"
|
"github.com/goharbor/harbor/src/common/utils/log"
|
||||||
)
|
)
|
||||||
|
|
||||||
// AddOIDCUser adds a oidc user
|
|
||||||
func AddOIDCUser(meta *models.OIDCUser) (int64, error) {
|
|
||||||
now := time.Now()
|
|
||||||
meta.CreationTime = now
|
|
||||||
meta.UpdateTime = now
|
|
||||||
id, err := GetOrmer().Insert(meta)
|
|
||||||
if err != nil {
|
|
||||||
if strings.Contains(err.Error(), "duplicate key value violates unique constraint") {
|
|
||||||
return 0, ErrDupRows
|
|
||||||
}
|
|
||||||
return 0, err
|
|
||||||
}
|
|
||||||
return id, nil
|
|
||||||
}
|
|
||||||
|
|
||||||
// GetOIDCUserByID ...
|
// GetOIDCUserByID ...
|
||||||
func GetOIDCUserByID(id int64) (*models.OIDCUser, error) {
|
func GetOIDCUserByID(id int64) (*models.OIDCUser, error) {
|
||||||
oidcUser := &models.OIDCUser{
|
oidcUser := &models.OIDCUser{
|
||||||
@ -54,10 +40,10 @@ func GetOIDCUserByID(id int64) (*models.OIDCUser, error) {
|
|||||||
return oidcUser, nil
|
return oidcUser, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
// GetUserBySub ...
|
// GetUserBySubIss ...
|
||||||
func GetUserBySub(sub string) (*models.User, error) {
|
func GetUserBySubIss(sub, issuer string) (*models.User, error) {
|
||||||
var oidcUsers []models.OIDCUser
|
var oidcUsers []models.OIDCUser
|
||||||
n, err := GetOrmer().Raw(`select * from oidc_user where subiss = ? `, sub).QueryRows(&oidcUsers)
|
n, err := GetOrmer().Raw(`select * from oidc_user where subiss = ? `, sub+issuer).QueryRows(&oidcUsers)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
@ -85,7 +71,6 @@ func GetOIDCUserByUserID(userID int) (*models.OIDCUser, error) {
|
|||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
|
||||||
if n == 0 {
|
if n == 0 {
|
||||||
return nil, nil
|
return nil, nil
|
||||||
}
|
}
|
||||||
@ -107,17 +92,22 @@ func DeleteOIDCUser(id int64) error {
|
|||||||
}
|
}
|
||||||
|
|
||||||
// OnBoardOIDCUser onboard OIDC user
|
// OnBoardOIDCUser onboard OIDC user
|
||||||
func OnBoardOIDCUser(u models.User) error {
|
func OnBoardOIDCUser(u *models.User) error {
|
||||||
|
if u.OIDCUserMeta == nil {
|
||||||
|
return errors.New("unable to onboard as empty oidc user")
|
||||||
|
}
|
||||||
|
|
||||||
o := orm.NewOrm()
|
o := orm.NewOrm()
|
||||||
err := o.Begin()
|
err := o.Begin()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
// the password is the required attribute of user table,
|
|
||||||
// but not required in the oidc user login scenario.
|
|
||||||
u.Email = "odicpassword"
|
|
||||||
var errInsert error
|
var errInsert error
|
||||||
userID, err := o.Insert(&u)
|
|
||||||
|
// insert user
|
||||||
|
now := time.Now()
|
||||||
|
u.CreationTime = now
|
||||||
|
userID, err := o.Insert(u)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
errInsert = err
|
errInsert = err
|
||||||
log.Errorf("fail to insert user, %v", err)
|
log.Errorf("fail to insert user, %v", err)
|
||||||
@ -126,12 +116,18 @@ func OnBoardOIDCUser(u models.User) error {
|
|||||||
}
|
}
|
||||||
err := o.Rollback()
|
err := o.Rollback()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
log.Errorf("fail to rollback, %v", err)
|
||||||
|
return ErrRollback
|
||||||
}
|
}
|
||||||
return errInsert
|
return errInsert
|
||||||
|
|
||||||
}
|
}
|
||||||
|
u.UserID = int(userID)
|
||||||
u.OIDCUserMeta.UserID = int(userID)
|
u.OIDCUserMeta.UserID = int(userID)
|
||||||
|
|
||||||
|
// insert oidc user
|
||||||
|
now = time.Now()
|
||||||
|
u.OIDCUserMeta.CreationTime = now
|
||||||
_, err = o.Insert(u.OIDCUserMeta)
|
_, err = o.Insert(u.OIDCUserMeta)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
errInsert = err
|
errInsert = err
|
||||||
@ -141,14 +137,16 @@ func OnBoardOIDCUser(u models.User) error {
|
|||||||
}
|
}
|
||||||
err := o.Rollback()
|
err := o.Rollback()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
log.Errorf("fail to rollback, %v", err)
|
||||||
|
return ErrRollback
|
||||||
}
|
}
|
||||||
return errInsert
|
return errInsert
|
||||||
}
|
}
|
||||||
err = o.Commit()
|
err = o.Commit()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
log.Errorf("fail to commit, %v", err)
|
||||||
|
return ErrCommit
|
||||||
}
|
}
|
||||||
|
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
@ -22,45 +22,57 @@ import (
|
|||||||
"github.com/stretchr/testify/require"
|
"github.com/stretchr/testify/require"
|
||||||
)
|
)
|
||||||
|
|
||||||
var (
|
func TestOIDCUserMetaDaoMethods(t *testing.T) {
|
||||||
user111 = models.User{
|
|
||||||
|
user111 := models.User{
|
||||||
Username: "user111",
|
Username: "user111",
|
||||||
Email: "user111@email.com",
|
Email: "user111@email.com",
|
||||||
}
|
}
|
||||||
user222 = models.User{
|
user222 := models.User{
|
||||||
Username: "user222",
|
Username: "user222",
|
||||||
Email: "user222@email.com",
|
Email: "user222@email.com",
|
||||||
}
|
}
|
||||||
ou111 = &models.OIDCUser{
|
userEmptyOuMeta := models.User{
|
||||||
|
Username: "userEmptyOuMeta",
|
||||||
|
Email: "userEmptyOuMeta@email.com",
|
||||||
|
}
|
||||||
|
ou111 := models.OIDCUser{
|
||||||
SubIss: "QWE123123RT1",
|
SubIss: "QWE123123RT1",
|
||||||
Secret: "QWEQWE1",
|
Secret: "QWEQWE1",
|
||||||
}
|
}
|
||||||
ou222 = &models.OIDCUser{
|
ou222 := models.OIDCUser{
|
||||||
SubIss: "QWE123123RT2",
|
SubIss: "QWE123123RT2",
|
||||||
Secret: "QWEQWE2",
|
Secret: "QWEQWE2",
|
||||||
}
|
}
|
||||||
)
|
|
||||||
|
|
||||||
func TestOIDCUserMetaDaoMethods(t *testing.T) {
|
// onboard OIDC ...
|
||||||
|
user111.OIDCUserMeta = &ou111
|
||||||
err := OnBoardUser(&user111)
|
err := OnBoardOIDCUser(&user111)
|
||||||
require.Nil(t, err)
|
require.Nil(t, err)
|
||||||
ou111.UserID = user111.UserID
|
user222.OIDCUserMeta = &ou222
|
||||||
err = OnBoardUser(&user222)
|
err = OnBoardOIDCUser(&user222)
|
||||||
require.Nil(t, err)
|
|
||||||
ou222.UserID = user222.UserID
|
|
||||||
|
|
||||||
// test add
|
|
||||||
_, err = AddOIDCUser(ou111)
|
|
||||||
require.Nil(t, err)
|
|
||||||
_, err = AddOIDCUser(ou222)
|
|
||||||
require.Nil(t, err)
|
require.Nil(t, err)
|
||||||
|
|
||||||
// test get
|
// empty OIDC user meta ...
|
||||||
|
err = OnBoardOIDCUser(&userEmptyOuMeta)
|
||||||
|
require.NotNil(t, err)
|
||||||
|
assert.Equal(t, "unable to onboard as empty oidc user", err.Error())
|
||||||
|
|
||||||
|
// test get by ID
|
||||||
oidcUser1, err := GetOIDCUserByID(ou111.ID)
|
oidcUser1, err := GetOIDCUserByID(ou111.ID)
|
||||||
require.Nil(t, err)
|
require.Nil(t, err)
|
||||||
assert.Equal(t, ou111.UserID, oidcUser1.UserID)
|
assert.Equal(t, ou111.UserID, oidcUser1.UserID)
|
||||||
|
|
||||||
|
// test get by userID
|
||||||
|
oidcUser2, err := GetOIDCUserByUserID(user111.UserID)
|
||||||
|
require.Nil(t, err)
|
||||||
|
assert.Equal(t, "QWE123123RT1", oidcUser2.SubIss)
|
||||||
|
|
||||||
|
// test get by sub and iss
|
||||||
|
userGetBySubIss, err := GetUserBySubIss("QWE123", "123RT1")
|
||||||
|
require.Nil(t, err)
|
||||||
|
assert.Equal(t, "user111@email.com", userGetBySubIss.Email)
|
||||||
|
|
||||||
// test update
|
// test update
|
||||||
meta3 := &models.OIDCUser{
|
meta3 := &models.OIDCUser{
|
||||||
ID: ou111.ID,
|
ID: ou111.ID,
|
||||||
@ -72,9 +84,15 @@ func TestOIDCUserMetaDaoMethods(t *testing.T) {
|
|||||||
require.Nil(t, err)
|
require.Nil(t, err)
|
||||||
assert.Equal(t, "newSub", oidcUser1Update.SubIss)
|
assert.Equal(t, "newSub", oidcUser1Update.SubIss)
|
||||||
|
|
||||||
user, err := GetUserBySub("newSub")
|
user, err := GetUserBySubIss("new", "Sub")
|
||||||
require.Nil(t, err)
|
require.Nil(t, err)
|
||||||
assert.Equal(t, "user111", user.Username)
|
assert.Equal(t, "user111", user.Username)
|
||||||
|
|
||||||
|
// clear data
|
||||||
|
defer func() {
|
||||||
|
_, err := GetOrmer().Raw(`delete from oidc_user`).Exec()
|
||||||
|
require.Nil(t, err)
|
||||||
|
}()
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestOIDCOnboard(t *testing.T) {
|
func TestOIDCOnboard(t *testing.T) {
|
||||||
@ -86,38 +104,67 @@ func TestOIDCOnboard(t *testing.T) {
|
|||||||
Username: "user555",
|
Username: "user555",
|
||||||
Email: "user555@email.com",
|
Email: "user555@email.com",
|
||||||
}
|
}
|
||||||
|
user666 := models.User{
|
||||||
|
Username: "user666",
|
||||||
|
Email: "user666@email.com",
|
||||||
|
}
|
||||||
|
userDup := models.User{
|
||||||
|
Username: "user333",
|
||||||
|
Email: "user333@email.com",
|
||||||
|
}
|
||||||
|
|
||||||
ou333 := &models.OIDCUser{
|
ou333 := &models.OIDCUser{
|
||||||
UserID: 333,
|
SubIss: "QWE123123RT3",
|
||||||
SubIss: "QWE123123RT1",
|
Secret: "QWEQWE333",
|
||||||
|
}
|
||||||
|
ou555 := &models.OIDCUser{
|
||||||
|
SubIss: "QWE123123RT5",
|
||||||
|
Secret: "QWEQWE555",
|
||||||
|
}
|
||||||
|
ouDup := &models.OIDCUser{
|
||||||
|
SubIss: "QWE123123RT3",
|
||||||
Secret: "QWEQWE333",
|
Secret: "QWEQWE333",
|
||||||
}
|
}
|
||||||
ouDupSub := &models.OIDCUser{
|
ouDupSub := &models.OIDCUser{
|
||||||
UserID: 444,
|
SubIss: "QWE123123RT3",
|
||||||
SubIss: "QWE123123RT1",
|
Secret: "ouDupSub",
|
||||||
Secret: "QWEQWE444",
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// data prepare ...
|
||||||
|
user333.OIDCUserMeta = ou333
|
||||||
|
err := OnBoardOIDCUser(&user333)
|
||||||
|
require.Nil(t, err)
|
||||||
|
|
||||||
// duplicate user -- ErrDupRows
|
// duplicate user -- ErrDupRows
|
||||||
user111.OIDCUserMeta = ou333
|
// userDup is duplicate with user333
|
||||||
err := OnBoardOIDCUser(user111)
|
userDup.OIDCUserMeta = ou555
|
||||||
|
err = OnBoardOIDCUser(&userDup)
|
||||||
require.NotNil(t, err)
|
require.NotNil(t, err)
|
||||||
require.Equal(t, err, ErrDupRows)
|
require.Equal(t, err, ErrDupRows)
|
||||||
|
|
||||||
// duplicate OIDC user -- ErrDupRows
|
// duplicate OIDC user -- ErrDupRows
|
||||||
user333.OIDCUserMeta = ou111
|
// ouDup is duplicate with ou333
|
||||||
err = OnBoardOIDCUser(user333)
|
user555.OIDCUserMeta = ouDup
|
||||||
|
err = OnBoardOIDCUser(&user555)
|
||||||
require.NotNil(t, err)
|
require.NotNil(t, err)
|
||||||
require.Equal(t, err, ErrDupRows)
|
require.Equal(t, err, ErrDupRows)
|
||||||
|
|
||||||
// success
|
// success
|
||||||
user333.OIDCUserMeta = ou333
|
user555.OIDCUserMeta = ou555
|
||||||
err = OnBoardOIDCUser(user333)
|
err = OnBoardOIDCUser(&user555)
|
||||||
require.Nil(t, err)
|
require.Nil(t, err)
|
||||||
|
|
||||||
// duplicate OIDC user's sub -- ErrDupRows
|
// duplicate OIDC user's sub -- ErrDupRows
|
||||||
user555.OIDCUserMeta = ouDupSub
|
// ouDup is duplicate with ou333
|
||||||
err = OnBoardOIDCUser(user555)
|
user666.OIDCUserMeta = ouDupSub
|
||||||
|
err = OnBoardOIDCUser(&user666)
|
||||||
require.NotNil(t, err)
|
require.NotNil(t, err)
|
||||||
require.Equal(t, err, ErrDupRows)
|
require.Equal(t, err, ErrDupRows)
|
||||||
|
|
||||||
|
// clear data
|
||||||
|
defer func() {
|
||||||
|
_, err := GetOrmer().Raw(`delete from oidc_user`).Exec()
|
||||||
|
require.Nil(t, err)
|
||||||
|
}()
|
||||||
|
|
||||||
}
|
}
|
||||||
|
@ -41,7 +41,7 @@ type User struct {
|
|||||||
CreationTime time.Time `orm:"column(creation_time);auto_now_add" json:"creation_time"`
|
CreationTime time.Time `orm:"column(creation_time);auto_now_add" json:"creation_time"`
|
||||||
UpdateTime time.Time `orm:"column(update_time);auto_now" json:"update_time"`
|
UpdateTime time.Time `orm:"column(update_time);auto_now" json:"update_time"`
|
||||||
GroupList []*UserGroup `orm:"-" json:"-"`
|
GroupList []*UserGroup `orm:"-" json:"-"`
|
||||||
OIDCUserMeta *OIDCUser `orm:"-" json:"oidc_user_meta"`
|
OIDCUserMeta *OIDCUser `orm:"-" json:"oidc_user_meta,omitempty"`
|
||||||
}
|
}
|
||||||
|
|
||||||
// UserQuery ...
|
// UserQuery ...
|
||||||
|
@ -50,7 +50,6 @@ func init() {
|
|||||||
beego.Router("/c/reset", &CommonController{}, "post:ResetPassword")
|
beego.Router("/c/reset", &CommonController{}, "post:ResetPassword")
|
||||||
beego.Router("/c/userExists", &CommonController{}, "post:UserExists")
|
beego.Router("/c/userExists", &CommonController{}, "post:UserExists")
|
||||||
beego.Router("/c/sendEmail", &CommonController{}, "get:SendResetEmail")
|
beego.Router("/c/sendEmail", &CommonController{}, "get:SendResetEmail")
|
||||||
beego.Router("/c/oidc/onboard", &OIDCController{}, "post:Onboard")
|
|
||||||
beego.Router("/v2/*", &RegistryProxy{}, "*:Handle")
|
beego.Router("/v2/*", &RegistryProxy{}, "*:Handle")
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -140,8 +139,4 @@ func TestAll(t *testing.T) {
|
|||||||
beego.BeeApp.Handlers.ServeHTTP(w, r)
|
beego.BeeApp.Handlers.ServeHTTP(w, r)
|
||||||
assert.Equal(int(404), w.Code, "GET v2/noproject/manifests/1.0 should get a 404 response")
|
assert.Equal(int(404), w.Code, "GET v2/noproject/manifests/1.0 should get a 404 response")
|
||||||
|
|
||||||
r, _ = http.NewRequest("POST", "/c/oidc/onboard", nil)
|
|
||||||
w = httptest.NewRecorder()
|
|
||||||
beego.BeeApp.Handlers.ServeHTTP(w, r)
|
|
||||||
assert.Equal(int(500), w.Code, "/c/oidc/onboard httpStatusCode should be 500")
|
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user