Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Vault-5248] MFA support for api login helpers #14900

Merged
merged 11 commits into from
Apr 15, 2022
Merged

[Vault-5248] MFA support for api login helpers #14900

Changes from 1 commit
Commits
Show all changes
11 commits
Select commit Hold shift + click to select a range
de0f5b1
Add MFA support
VinnyHC Apr 1, 2022
876612f
changelog
VinnyHC Apr 4, 2022
c275c51
comment clarity
VinnyHC Apr 5, 2022
6538518
return secret with warning
VinnyHC Apr 5, 2022
78597c3
more context
VinnyHC Apr 5, 2022
ef006a3
typo
VinnyHC Apr 5, 2022
1ec3c84
refactor tests
VinnyHC Apr 14, 2022
2b6ced7
refactor tests
VinnyHC Apr 14, 2022
fbc4916
fmt
VinnyHC Apr 14, 2022
336119f
Update vault/external_tests/identity/login_mfa_okta_test.go
VinnyHC Apr 15, 2022
f903e6e
Update vault/external_tests/identity/login_mfa_totp_test.go
VinnyHC Apr 15, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
refactor tests
  • Loading branch information
@VinnyHC
VinnyHC committed Apr 14, 2022
commit 1ec3c843f7fa531a314925504268a878ae3dfd81
95 changes: 51 additions & 44 deletions api/auth_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,9 +2,8 @@ package api

import (
"context"
"testing"

"github.com/hashicorp/vault/sdk/logical"
"testing"
)

type mockAuthMethod struct {
Expand Down Expand Up @@ -48,13 +47,12 @@ func TestAuth_Login(t *testing.T) {
})
}

func TestAuth_MFALogin(t *testing.T) {
t.Parallel()

func TestAuth_MFALoginSinglePhase(t *testing.T) {
t.Run("MFALogin() should succeed if credentials are passed in", func(t *testing.T) {
averche marked this conversation as resolved.
Show resolved Hide resolved
a := &Auth{
c: &Client{},
}

m := mockAuthMethod{
mockedSecret: &Secret{
Auth: &SecretAuth{
Expand All @@ -74,47 +72,56 @@ func TestAuth_MFALogin(t *testing.T) {
return
}
})
}

t.Run("MFALogin() should return requirements if no creds are provided", func(t *testing.T) {
a := &Auth{
c: &Client{},
}
m := mockAuthMethod{
mockedSecret: &Secret{
Auth: &SecretAuth{
MFARequirement: &logical.MFARequirement{
MFARequestID: "a-req-id",
MFAConstraints: nil,
func TestAuth_MFALoginTwoPhase(t *testing.T) {
tests := []struct {
name string
a *Auth
m *mockAuthMethod
creds *string
wantErr bool
}{
{
name: "return MFARequirements",
a: &Auth{
c: &Client{},
},
m: &mockAuthMethod{
mockedSecret: &Secret{
Auth: &SecretAuth{
MFARequirement: &logical.MFARequirement{
MFARequestID: "a-req-id",
MFAConstraints: nil,
},
},
},
}},
wantErr: false,
},
{
name: "error if no MFARequirements",
a: &Auth{
c: &Client{},
},
mockedError: nil,
}

secret, err := a.MFALogin(context.Background(), &m)
if err != nil {
t.Errorf("MFALogin() returned an error: %v", err)
return
}
if secret.Auth.MFARequirement != m.mockedSecret.Auth.MFARequirement {
t.Errorf("MFALogin() returned %v, expected %v", secret.Auth.MFARequirement, m.mockedSecret.Auth.MFARequirement)
return
}
})
m: &mockAuthMethod{
mockedSecret: &Secret{
Auth: &SecretAuth{},
}},
wantErr: true,
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
secret, err := tt.a.MFALogin(context.Background(), tt.m)
if (err != nil) != tt.wantErr {
t.Errorf("MFALogin() error = %v, wantErr %v", err, tt.wantErr)
return
}

t.Run("MFALogin() should error if no creds provided and no requirements returned", func(t *testing.T) {
a := &Auth{
c: &Client{},
}
m := mockAuthMethod{
mockedSecret: &Secret{
Auth: &SecretAuth{},
},
mockedError: nil,
}
if _, err := a.MFALogin(context.Background(), &m); err == nil {
t.Errorf("MFALogin() should error if no credentials are set and no MFARequirements are returned")
return
}
})
if secret.Auth.MFARequirement != tt.m.mockedSecret.Auth.MFARequirement {
t.Errorf("MFALogin() returned %v, expected %v", secret.Auth.MFARequirement, tt.m.mockedSecret.Auth.MFARequirement)
return
}
})
}
}