test(authenticate): add validation for authenticate command

fastly · Sep 12, 2023 · 34b99fd · 34b99fd
1 parent 831dbcd
commit 34b99fd
Show file tree

Hide file tree

Showing 3 changed files with 215 additions and 4 deletions.
diff --git a/pkg/commands/authenticate/auth_test.go b/pkg/commands/authenticate/auth_test.go
@@ -0,0 +1,179 @@
+package authenticate_test
+
+import (
+	"bytes"
+	"errors"
+	"fmt"
+	"io"
+	"strings"
+	"testing"
+	"time"
+
+	"github.com/fastly/cli/pkg/app"
+	"github.com/fastly/cli/pkg/auth"
+	"github.com/fastly/cli/pkg/config"
+	"github.com/fastly/cli/pkg/mock"
+	"github.com/fastly/cli/pkg/testutil"
+)
+
+func TestAuth(t *testing.T) {
+	args := testutil.Args
+	type ts struct {
+		testutil.TestScenario
+
+		AuthResult    *auth.AuthorizationResult
+		ConfigProfile *config.Profile
+		Opener        func(input string) error
+		Stdin         []string
+	}
+	scenarios := []ts{
+		// User cancels authentication prompt
+		{
+			TestScenario: testutil.TestScenario{
+				Args:      args("authenticate"),
+				WantError: "user cancelled execution",
+			},
+			Stdin: []string{
+				"N", // when prompted to open a web browser to start authentication
+			},
+		},
+		// Error opening web browser
+		{
+			TestScenario: testutil.TestScenario{
+				Args:      args("authenticate"),
+				WantError: "failed to open web browser",
+			},
+			Opener: func(input string) error {
+				return errors.New("failed to open web browser")
+			},
+			Stdin: []string{
+				"Y", // when prompted to open a web browser to start authentication
+			},
+		},
+		// Error processing OAuth flow (error encountered)
+		{
+			TestScenario: testutil.TestScenario{
+				Args:      args("authenticate"),
+				WantError: "failed to authorize: no authorization code returned",
+			},
+			AuthResult: &auth.AuthorizationResult{
+				Err: errors.New("no authorization code returned"),
+			},
+			Stdin: []string{
+				"Y", // when prompted to open a web browser to start authentication
+			},
+		},
+		// Error processing OAuth flow (empty SessionToken field)
+		{
+			TestScenario: testutil.TestScenario{
+				Args:      args("authenticate"),
+				WantError: "failed to authorize: no session token",
+			},
+			AuthResult: &auth.AuthorizationResult{
+				SessionToken: "",
+			},
+			Stdin: []string{
+				"Y", // when prompted to open a web browser to start authentication
+			},
+		},
+		// Success processing OAuth flow
+		{
+			TestScenario: testutil.TestScenario{
+				Args:       args("authenticate"),
+				WantOutput: "Session token (persisted to your local configuration): 123",
+			},
+			AuthResult: &auth.AuthorizationResult{
+				SessionToken: "123",
+			},
+			ConfigProfile: &config.Profile{
+				Token: "123",
+			},
+			Stdin: []string{
+				"Y", // when prompted to open a web browser to start authentication
+			},
+		},
+	}
+
+	for testcaseIdx := range scenarios {
+		testcase := &scenarios[testcaseIdx]
+		t.Run(testcase.Name, func(t *testing.T) {
+			var stdout bytes.Buffer
+			opts := testutil.NewRunOpts(testcase.Args, &stdout)
+			opts.APIClient = mock.APIClient(testcase.API)
+
+			if testcase.AuthResult != nil {
+				result := make(chan auth.AuthorizationResult)
+				opts.AuthServer = testutil.MockAuthServer{
+					Result: result,
+				}
+				go func() {
+					result <- *testcase.AuthResult
+				}()
+			}
+			if testcase.Opener != nil {
+				opts.Opener = testcase.Opener
+			}
+
+			var err error
+
+			if len(testcase.Stdin) > 1 {
+				// To handle multiple prompt input from the user we need to do some
+				// coordination around io pipes to mimic the required user behaviour.
+				stdin, prompt := io.Pipe()
+				opts.Stdin = stdin
+
+				// Wait for user input and write it to the prompt
+				inputc := make(chan string)
+				go func() {
+					for input := range inputc {
+						fmt.Fprintln(prompt, input)
+					}
+				}()
+
+				// We need a channel so we wait for `Run()` to complete
+				done := make(chan bool)
+
+				// Call `app.Run()` and wait for response
+				go func() {
+					err = app.Run(opts)
+					done <- true
+				}()
+
+				// User provides input
+				//
+				// NOTE: Must provide as much input as is expected to be waited on by `run()`.
+				//       For example, if `run()` calls `input()` twice, then provide two messages.
+				//       Otherwise the select statement will trigger the timeout error.
+				for _, input := range testcase.Stdin {
+					inputc <- input
+				}
+
+				select {
+				case <-done:
+					// Wait for app.Run() to finish
+				case <-time.After(10 * time.Second):
+					t.Fatalf("unexpected timeout waiting for mocked prompt inputs to be processed")
+				}
+			} else {
+				stdin := ""
+				if len(testcase.Stdin) > 0 {
+					stdin = testcase.Stdin[0]
+				}
+				opts.Stdin = strings.NewReader(stdin)
+				err = app.Run(opts)
+			}
+
+			if testcase.ConfigProfile != nil {
+				userProfile := opts.ConfigFile.Profiles["user"]
+				if userProfile.Token != testcase.ConfigProfile.Token {
+					t.Errorf("want token: %s, got token: %s", testcase.ConfigProfile.Token, userProfile.Token)
+				}
+			}
+
+			t.Log(stdout.String())
+
+			testutil.AssertErrorContains(t, err, testcase.WantError)
+			testutil.AssertStringContains(t, stdout.String(), testcase.WantOutput)
+		})
+	}
+}
diff --git a/pkg/commands/authenticate/root.go b/pkg/commands/authenticate/root.go
@@ -1,6 +1,7 @@
 package authenticate
 
 import (
+	"errors"
 	"fmt"
 	"io"
 	"time"
@@ -107,8 +108,12 @@ func (c *RootCommand) Exec(in io.Reader, out io.Writer) error {
 
 	ar := <-c.authServer.GetResult()
 	if ar.Err != nil || ar.SessionToken == "" {
+		err := ar.Err
+		if ar.Err == nil {
+			err = errors.New("no session token")
+		}
 		return fsterr.RemediationError{
-			Inner:       fmt.Errorf("failed to authorize: %w", ar.Err),
+			Inner:       fmt.Errorf("failed to authorize: %w", err),
 			Remediation: auth.Remediation,
 		}
 	}

diff --git a/pkg/testutil/args.go b/pkg/testutil/args.go
@@ -1,13 +1,14 @@
 package testutil
 
 import (
-	"fmt"
 	"io"
 	"net/http"
 	"regexp"
 	"strings"
 	"time"
 
+	"github.com/hashicorp/cap/oidc"
+
 	"github.com/fastly/cli/pkg/app"
 	"github.com/fastly/cli/pkg/auth"
 	"github.com/fastly/cli/pkg/config"
@@ -54,6 +55,33 @@ func Args(args string) []string {
 	return s
 }
 
+// MockAuthServer is used to no-op the authentication server.
+type MockAuthServer struct {
+	auth.Starter
+
+	Result chan auth.AuthorizationResult
+}
+
+func (s MockAuthServer) GetResult() chan auth.AuthorizationResult {
+	return s.Result
+}
+
+func (s MockAuthServer) SetAccountEndpoint(_ string) {
+	// no-op
+}
+
+func (s MockAuthServer) SetAPIEndpoint(_ string) {
+	// no-op
+}
+
+func (s MockAuthServer) SetVerifier(_ *oidc.S256Verifier) {
+	// no-op
+}
+
+func (s MockAuthServer) Start() error {
+	return nil // no-op
+}
+
 // NewRunOpts returns a struct that can be used to populate a call to app.Run()
 // while the majority of fields will be pre-populated and only those fields
 // commonly changed for testing purposes will need to be provided.
@@ -68,7 +96,7 @@ func NewRunOpts(args []string, stdout io.Writer) app.RunOpts {
 		ConfigPath: "/dev/null",
 		Args:       args,
 		APIClient:  mock.APIClient(mock.API{}),
-		AuthServer: &auth.Server{},
+		AuthServer: &MockAuthServer{},
 		Env:        config.Environment{},
 		ErrLog:     errors.Log,
 		ConfigFile: config.File{
@@ -77,7 +105,6 @@ func NewRunOpts(args []string, stdout io.Writer) app.RunOpts {
 		HTTPClient: &http.Client{Timeout: time.Second * 5},
 		Manifest:   &md,
 		Opener: func(input string) error {
-			fmt.Printf("open url: %s\n", input)
 			return nil // no-op
 		},
 		Stdout: stdout,