Browse code
validator returns err on empty reason
jbalcita authored on 10/05/2017 17:29:51
Showing 5 changed files
Showing 5 changed files
... | ... |
@@ -63,7 +63,7 @@ int impl::authenticate (const pam_request &request) |
63 | 63 |
auto requester_user_name = sessions_.user_name (request); |
64 | 64 |
|
65 | 65 |
int auth_result = validator_.validate (requester_user_name, input.user_name, |
66 |
- input.token) ? PAM_SUCCESS : PAM_AUTH_ERR; |
|
66 |
+ input.token, input.reason) ? PAM_SUCCESS : PAM_AUTH_ERR; |
|
67 | 67 |
|
68 | 68 |
logger_.log (auth_result, requester_user_name, input.user_name, |
69 | 69 |
input.token); |
... | ... |
@@ -116,12 +116,13 @@ private: |
116 | 116 |
std::string requester_; |
117 | 117 |
std::string authorizer_; |
118 | 118 |
std::string token_; |
119 |
+ std::string reason_; |
|
119 | 120 |
public: |
120 | 121 |
fake_validator (const std::string &requester, const std::string &authorizer, |
121 |
- const std::string &token): requester_ (requester), authorizer_ (authorizer), |
|
122 |
- token_ (token) {} |
|
122 |
+ const std::string &token, const std::string &reason): requester_ (requester), authorizer_ (authorizer), |
|
123 |
+ token_ (token), reason_(reason) {} |
|
123 | 124 |
bool validate (const std::string &requester, const std::string &authorizer, |
124 |
- const std::string &token) |
|
125 |
+ const std::string &token, const std::string &reason) |
|
125 | 126 |
{ |
126 | 127 |
return requester_ == requester && authorizer_ == authorizer |
127 | 128 |
&& token_ == token; |
... | ... |
@@ -155,8 +156,9 @@ int authenticate_validates_with_received_token() |
155 | 156 |
std::string requester ("requester"); |
156 | 157 |
std::string authorizer ("authorizer"); |
157 | 158 |
std::string token ("token"); |
159 |
+ std::string reason("reason"); |
|
158 | 160 |
use_validator (configuration, new fake_validator (requester, authorizer, |
159 |
- token)); |
|
161 |
+ token, reason)); |
|
160 | 162 |
use_conversation (configuration, new fake_conversation (authorizer, token)); |
161 | 163 |
use_sessions (configuration, new fake_sessions (requester)); |
162 | 164 |
dual_control dc (dual_control::create (configuration)); |
... | ... |
@@ -177,7 +179,7 @@ int authenticate_fails_with_wrong_user() |
177 | 179 |
dual_control_configuration configuration; |
178 | 180 |
std::string token ("token"); |
179 | 181 |
use_validator (configuration, new fake_validator ("requester", "user", |
180 |
- token)); |
|
182 |
+ token, "reason")); |
|
181 | 183 |
use_conversation (configuration, new fake_conversation ("wrong user", |
182 | 184 |
token)); |
183 | 185 |
dual_control dc (dual_control::create (configuration)); |
... | ... |
@@ -197,7 +199,7 @@ int authenticate_fails_with_wrong_token() |
197 | 199 |
std::string requester ("requester"); |
198 | 200 |
std::string authorizer ("authorizer"); |
199 | 201 |
use_validator (configuration, new fake_validator (requester, authorizer, |
200 |
- "token")); |
|
202 |
+ "token", "reason")); |
|
201 | 203 |
use_conversation (configuration, new fake_conversation (authorizer, |
202 | 204 |
"wrong token")); |
203 | 205 |
dual_control dc (dual_control::create (configuration)); |
... | ... |
@@ -217,8 +219,9 @@ int logs_authentication() |
217 | 219 |
std::string requester ("requester"); |
218 | 220 |
std::string authorizer ("authorizer"); |
219 | 221 |
std::string token ("token"); |
222 |
+ std::string reason("reason"); |
|
220 | 223 |
use_validator (configuration, new fake_validator (requester, authorizer, |
221 |
- token)); |
|
224 |
+ token, reason)); |
|
222 | 225 |
use_conversation (configuration, new fake_conversation (authorizer, token)); |
223 | 226 |
use_sessions (configuration, new fake_sessions (requester)); |
224 | 227 |
mock_logger *test_logger; |
... | ... |
@@ -247,8 +250,9 @@ int logs_authentication_failure() |
247 | 250 |
std::string requester ("requester"); |
248 | 251 |
std::string authorizer ("authorizer"); |
249 | 252 |
std::string token ("token"); |
253 |
+ std::string reason ("reason"); |
|
250 | 254 |
use_validator (configuration, new fake_validator (requester, authorizer, |
251 |
- "not the received token")); |
|
255 |
+ "not the received token", reason)); |
|
252 | 256 |
use_conversation (configuration, new fake_conversation (authorizer, token)); |
253 | 257 |
use_sessions (configuration, new fake_sessions (requester)); |
254 | 258 |
mock_logger *test_logger; |
... | ... |
@@ -28,10 +28,14 @@ public: |
28 | 28 |
tokens_ (tokens) {} |
29 | 29 |
bool validate (const std::string &requester_user_name, |
30 | 30 |
const std::string &authorizer_user_name, |
31 |
- const std::string &token) override |
|
31 |
+ const std::string &token, const std::string &reason) override |
|
32 | 32 |
{ |
33 | 33 |
std::vector<user> found_user = directory_.find_user (authorizer_user_name); |
34 | 34 |
|
35 |
+ if (reason.empty()) { |
|
36 |
+ return false; |
|
37 |
+ } |
|
38 |
+ |
|
35 | 39 |
if (requester_user_name.empty()) { |
36 | 40 |
return false; |
37 | 41 |
} |
... | ... |
@@ -24,7 +24,8 @@ public: |
24 | 24 |
virtual ~validator_ifc() {} |
25 | 25 |
virtual bool validate (const std::string &requester_user_name, |
26 | 26 |
const std::string &authorizer_user_name, |
27 |
- const std::string &authorizer_token) |
|
27 |
+ const std::string &authorizer_token, |
|
28 |
+ const std::string &reason) |
|
28 | 29 |
{ |
29 | 30 |
return false; |
30 | 31 |
} |
... | ... |
@@ -41,10 +42,11 @@ public: |
41 | 42 |
(new validator_ifc)) {} |
42 | 43 |
bool validate (const std::string &requester_user_name, |
43 | 44 |
const std::string &authorizer_user_name, |
44 |
- const std::string &authorizer_token) |
|
45 |
+ const std::string &authorizer_token, |
|
46 |
+ const std::string &reason) |
|
45 | 47 |
{ |
46 | 48 |
return delegate_->validate (requester_user_name, authorizer_user_name, |
47 |
- authorizer_token); |
|
49 |
+ authorizer_token, reason); |
|
48 | 50 |
} |
49 | 51 |
static validator create (const directory &directory, |
50 | 52 |
const tokens &token_supplier); |
... | ... |
@@ -70,7 +70,7 @@ bool validator_validates() |
70 | 70 |
validator validator = validator::create (directory, tokens); |
71 | 71 |
|
72 | 72 |
// when |
73 |
- bool actual = validator.validate ("requester", user_name, token); |
|
73 |
+ bool actual = validator.validate ("requester", user_name, token, "reason"); |
|
74 | 74 |
|
75 | 75 |
// then |
76 | 76 |
check (actual, "should be valid"); |
... | ... |
@@ -88,7 +88,7 @@ bool validator_fails_unknown_user() |
88 | 88 |
validator validator = validator::create (directory, tokens); |
89 | 89 |
|
90 | 90 |
// when |
91 |
- bool actual = validator.validate ("requester", "notuser", token); |
|
91 |
+ bool actual = validator.validate ("requester", "notuser", token, "reason"); |
|
92 | 92 |
|
93 | 93 |
// then |
94 | 94 |
check (!actual, "should not be valid"); |
... | ... |
@@ -106,7 +106,7 @@ bool validator_fails_incorrect_token() |
106 | 106 |
validator validator = validator::create (directory, tokens); |
107 | 107 |
|
108 | 108 |
// when |
109 |
- bool actual = validator.validate ("requester", user_name, "token"); |
|
109 |
+ bool actual = validator.validate ("requester", user_name, "token", "reason"); |
|
110 | 110 |
|
111 | 111 |
// then |
112 | 112 |
check (!actual, "should not be valid"); |
... | ... |
@@ -126,7 +126,7 @@ bool validator_fails_with_own_token() |
126 | 126 |
|
127 | 127 |
// when |
128 | 128 |
bool actual = validator.validate (requester_user_name, authorizer_user_name, |
129 |
- authorizer_token); |
|
129 |
+ authorizer_token, "reason"); |
|
130 | 130 |
|
131 | 131 |
// then |
132 | 132 |
check (!actual, "should not be valid"); |
... | ... |
@@ -147,12 +147,31 @@ bool validator_fails_with_unknown_requester() |
147 | 147 |
|
148 | 148 |
// when |
149 | 149 |
bool actual = validator.validate (requester_user_name, authorizer_user_name, |
150 |
- authorizer_token); |
|
150 |
+ authorizer_token, "reason"); |
|
151 | 151 |
|
152 | 152 |
// then |
153 | 153 |
check (!actual, "should not be valid"); |
154 | 154 |
succeed(); |
155 |
+} |
|
156 |
+ |
|
157 |
+bool validator_fails_on_empty_reason() { |
|
158 |
+ //given |
|
159 |
+ std::string requester_user_name (""); |
|
160 |
+ std::string authorizer_user_name ("authorizer"); |
|
161 |
+ std::string authorizer_token ("token"); |
|
162 |
+ std::string reason; |
|
163 |
+ directory directory (share (new fake_directory (authorizer_user_name))); |
|
164 |
+ tokens tokens (share (new |
|
165 |
+ fake_tokens (authorizer_token))); |
|
166 |
+ validator validator = validator::create (directory, tokens); |
|
155 | 167 |
|
168 |
+ //when |
|
169 |
+ bool actual = validator.validate (requester_user_name, authorizer_user_name, |
|
170 |
+ authorizer_token, reason); |
|
171 |
+ |
|
172 |
+ //then |
|
173 |
+ check(!actual, "should not be valid"); |
|
174 |
+ succeed(); |
|
156 | 175 |
} |
157 | 176 |
|
158 | 177 |
bool run_tests() |
... | ... |
@@ -162,6 +181,7 @@ bool run_tests() |
162 | 181 |
test (validator_fails_incorrect_token); |
163 | 182 |
test (validator_fails_with_own_token); |
164 | 183 |
test (validator_fails_with_unknown_requester); |
184 |
+ test (validator_fails_on_empty_reason); |
|
165 | 185 |
succeed(); |
166 | 186 |
} |
167 | 187 |
|