mirror of
https://github.com/kanidm/kanidm.git
synced 2025-02-23 12:37:00 +01:00
1399 some async cleanup (#1421)
* More cleanerer * More async! * Fix up tests
This commit is contained in:
Firstyear
GitHub
parent
3c3e8b1e82
commit
0e57b6f914
2
Cargo.lock
generated
2
Cargo.lock
generated
|
|
@ -222,7 +222,6 @@ dependencies = [
|
|||
"blocking",
|
||||
"futures-lite",
|
||||
"once_cell",
|
||||
"tokio",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
|
|
@ -2410,7 +2409,6 @@ dependencies = [
|
|||
name = "kanidmd_lib"
|
||||
version = "1.1.0-alpha.12-dev"
|
||||
dependencies = [
|
||||
"async-std",
|
||||
"async-trait",
|
||||
"base64 0.13.1",
|
||||
"base64urlsafedata",
|
||||
|
|
|
|||
|
|
@ -38,7 +38,6 @@ homepage = "https://github.com/kanidm/kanidm/"
|
|||
repository = "https://github.com/kanidm/kanidm/"
|
||||
|
||||
[workspace.dependencies]
|
||||
async-std = { version = "^1.12.0", features = ["tokio1"] }
|
||||
async-trait = "^0.1.62"
|
||||
base32 = "^0.4.0"
|
||||
base64 = "^0.13.1"
|
||||
|
|
|
|||
|
|
@ -117,7 +117,7 @@ impl QueryServerReadV1 {
|
|||
// the credentials provided is sufficient to say if someone is
|
||||
// "authenticated" or not.
|
||||
let ct = duration_from_epoch_now();
|
||||
let mut idm_auth = self.idms.auth_async().await;
|
||||
let mut idm_auth = self.idms.auth().await;
|
||||
security_info!(?sessionid, ?req, "Begin auth event");
|
||||
|
||||
// Destructure it.
|
||||
|
|
@ -840,7 +840,7 @@ impl QueryServerReadV1 {
|
|||
eventid: Uuid,
|
||||
) -> Result<Option<UnixUserToken>, OperationError> {
|
||||
let ct = duration_from_epoch_now();
|
||||
let mut idm_auth = self.idms.auth_async().await;
|
||||
let mut idm_auth = self.idms.auth().await;
|
||||
// resolve the id
|
||||
let ident = idm_auth
|
||||
.validate_and_parse_token_to_ident(uat.as_deref(), ct)
|
||||
|
|
@ -980,7 +980,7 @@ impl QueryServerReadV1 {
|
|||
eventid: Uuid,
|
||||
) -> Result<CUStatus, OperationError> {
|
||||
let ct = duration_from_epoch_now();
|
||||
let idms_cred_update = self.idms.cred_update_transaction_async().await;
|
||||
let idms_cred_update = self.idms.cred_update_transaction().await;
|
||||
let session_token = CredentialUpdateSessionToken {
|
||||
token_enc: session_token.token,
|
||||
};
|
||||
|
|
@ -1009,7 +1009,7 @@ impl QueryServerReadV1 {
|
|||
eventid: Uuid,
|
||||
) -> Result<CUStatus, OperationError> {
|
||||
let ct = duration_from_epoch_now();
|
||||
let idms_cred_update = self.idms.cred_update_transaction_async().await;
|
||||
let idms_cred_update = self.idms.cred_update_transaction().await;
|
||||
let session_token = CredentialUpdateSessionToken {
|
||||
token_enc: session_token.token,
|
||||
};
|
||||
|
|
|
|||
|
|
@ -119,7 +119,7 @@ async fn setup_qs_idms(
|
|||
|
||||
// We generate a SINGLE idms only!
|
||||
|
||||
let (idms, idms_delayed) = IdmServer::new(query_server.clone(), &config.origin)?;
|
||||
let (idms, idms_delayed) = IdmServer::new(query_server.clone(), &config.origin).await?;
|
||||
|
||||
Ok((query_server, idms, idms_delayed))
|
||||
}
|
||||
|
|
@ -696,7 +696,7 @@ pub async fn create_server_core(
|
|||
None => {}
|
||||
}
|
||||
|
||||
let ldap = match LdapServer::new(&idms) {
|
||||
let ldap = match LdapServer::new(&idms).await {
|
||||
Ok(l) => l,
|
||||
Err(e) => {
|
||||
error!("Unable to start LdapServer -> {:?}", e);
|
||||
|
|
|
|||
|
|
@ -20,7 +20,6 @@ name = "scaling_10k"
|
|||
harness = false
|
||||
|
||||
[dependencies]
|
||||
async-std.workspace = true
|
||||
async-trait.workspace = true
|
||||
base64.workspace = true
|
||||
base64urlsafedata.workspace = true
|
||||
|
|
|
|||
|
|
@ -1552,7 +1552,6 @@ impl IdlSqlite {
|
|||
pub fn read(&self) -> IdlSqliteReadTransaction {
|
||||
// When we make this async, this will allow us to backoff
|
||||
// when we miss-grabbing from the conn-pool.
|
||||
// async_std::task::yield_now().await
|
||||
#[allow(clippy::expect_used)]
|
||||
let conn = self
|
||||
.pool
|
||||
|
|
|
|||
|
|
@ -683,108 +683,100 @@ impl<'a> IdmServerProxyReadTransaction<'a> {
|
|||
#[cfg(test)]
|
||||
mod tests {
|
||||
use crate::prelude::*;
|
||||
use async_std::task;
|
||||
use kanidm_proto::v1::{AuthType, UiHint};
|
||||
|
||||
#[test]
|
||||
fn test_idm_account_from_anonymous() {
|
||||
let anon_e = entry_str_to_account!(JSON_ANONYMOUS_V1);
|
||||
let anon_e = entry_to_account!(E_ANONYMOUS_V1.clone());
|
||||
debug!("{:?}", anon_e);
|
||||
// I think that's it? we may want to check anonymous mech ...
|
||||
}
|
||||
|
||||
#[test]
|
||||
fn test_idm_account_ui_hints() {
|
||||
run_idm_test!(|_qs: &QueryServer,
|
||||
idms: &IdmServer,
|
||||
_idms_delayed: &mut IdmServerDelayed| {
|
||||
let ct = duration_from_epoch_now();
|
||||
let mut idms_prox_write = task::block_on(idms.proxy_write(ct));
|
||||
#[idm_test]
|
||||
async fn test_idm_account_ui_hints(idms: &IdmServer, _idms_delayed: &mut IdmServerDelayed) {
|
||||
let ct = duration_from_epoch_now();
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await;
|
||||
|
||||
let target_uuid = Uuid::new_v4();
|
||||
let target_uuid = Uuid::new_v4();
|
||||
|
||||
// Create a user. So far no ui hints.
|
||||
// Create a service account
|
||||
let e = entry_init!(
|
||||
("class", Value::new_class("object")),
|
||||
("class", Value::new_class("account")),
|
||||
("class", Value::new_class("person")),
|
||||
("name", Value::new_iname("testaccount")),
|
||||
("uuid", Value::Uuid(target_uuid)),
|
||||
("description", Value::new_utf8s("testaccount")),
|
||||
("displayname", Value::new_utf8s("Test Account"))
|
||||
);
|
||||
// Create a user. So far no ui hints.
|
||||
// Create a service account
|
||||
let e = entry_init!(
|
||||
("class", Value::new_class("object")),
|
||||
("class", Value::new_class("account")),
|
||||
("class", Value::new_class("person")),
|
||||
("name", Value::new_iname("testaccount")),
|
||||
("uuid", Value::Uuid(target_uuid)),
|
||||
("description", Value::new_utf8s("testaccount")),
|
||||
("displayname", Value::new_utf8s("Test Account"))
|
||||
);
|
||||
|
||||
let ce = CreateEvent::new_internal(vec![e]);
|
||||
assert!(idms_prox_write.qs_write.create(&ce).is_ok());
|
||||
let ce = CreateEvent::new_internal(vec![e]);
|
||||
assert!(idms_prox_write.qs_write.create(&ce).is_ok());
|
||||
|
||||
let account = idms_prox_write
|
||||
.target_to_account(target_uuid)
|
||||
.expect("account must exist");
|
||||
let session_id = uuid::Uuid::new_v4();
|
||||
let uat = account
|
||||
.to_userauthtoken(session_id, ct, AuthType::Passkey, None)
|
||||
.expect("Unable to create uat");
|
||||
let account = idms_prox_write
|
||||
.target_to_account(target_uuid)
|
||||
.expect("account must exist");
|
||||
let session_id = uuid::Uuid::new_v4();
|
||||
let uat = account
|
||||
.to_userauthtoken(session_id, ct, AuthType::Passkey, None)
|
||||
.expect("Unable to create uat");
|
||||
|
||||
// Check the ui hints are as expected.
|
||||
assert!(uat.ui_hints.len() == 1);
|
||||
assert!(uat.ui_hints.contains(&UiHint::CredentialUpdate));
|
||||
// Check the ui hints are as expected.
|
||||
assert!(uat.ui_hints.len() == 1);
|
||||
assert!(uat.ui_hints.contains(&UiHint::CredentialUpdate));
|
||||
|
||||
// Modify the user to be a posix account, ensure they get the hint.
|
||||
let me_posix = unsafe {
|
||||
ModifyEvent::new_internal_invalid(
|
||||
filter!(f_eq("name", PartialValue::new_iname("testaccount"))),
|
||||
ModifyList::new_list(vec![
|
||||
Modify::Present(
|
||||
AttrString::from("class"),
|
||||
Value::new_class("posixaccount"),
|
||||
),
|
||||
Modify::Present(AttrString::from("gidnumber"), Value::new_uint32(2001)),
|
||||
]),
|
||||
)
|
||||
};
|
||||
assert!(idms_prox_write.qs_write.modify(&me_posix).is_ok());
|
||||
// Modify the user to be a posix account, ensure they get the hint.
|
||||
let me_posix = unsafe {
|
||||
ModifyEvent::new_internal_invalid(
|
||||
filter!(f_eq("name", PartialValue::new_iname("testaccount"))),
|
||||
ModifyList::new_list(vec![
|
||||
Modify::Present(AttrString::from("class"), Value::new_class("posixaccount")),
|
||||
Modify::Present(AttrString::from("gidnumber"), Value::new_uint32(2001)),
|
||||
]),
|
||||
)
|
||||
};
|
||||
assert!(idms_prox_write.qs_write.modify(&me_posix).is_ok());
|
||||
|
||||
// Check the ui hints are as expected.
|
||||
let account = idms_prox_write
|
||||
.target_to_account(target_uuid)
|
||||
.expect("account must exist");
|
||||
let session_id = uuid::Uuid::new_v4();
|
||||
let uat = account
|
||||
.to_userauthtoken(session_id, ct, AuthType::Passkey, None)
|
||||
.expect("Unable to create uat");
|
||||
// Check the ui hints are as expected.
|
||||
let account = idms_prox_write
|
||||
.target_to_account(target_uuid)
|
||||
.expect("account must exist");
|
||||
let session_id = uuid::Uuid::new_v4();
|
||||
let uat = account
|
||||
.to_userauthtoken(session_id, ct, AuthType::Passkey, None)
|
||||
.expect("Unable to create uat");
|
||||
|
||||
assert!(uat.ui_hints.len() == 2);
|
||||
assert!(uat.ui_hints.contains(&UiHint::PosixAccount));
|
||||
assert!(uat.ui_hints.contains(&UiHint::CredentialUpdate));
|
||||
assert!(uat.ui_hints.len() == 2);
|
||||
assert!(uat.ui_hints.contains(&UiHint::PosixAccount));
|
||||
assert!(uat.ui_hints.contains(&UiHint::CredentialUpdate));
|
||||
|
||||
// Add a group with a ui hint, and then check they get the hint.
|
||||
let e = entry_init!(
|
||||
("class", Value::new_class("object")),
|
||||
("class", Value::new_class("group")),
|
||||
("name", Value::new_iname("test_uihint_group")),
|
||||
("member", Value::Refer(target_uuid)),
|
||||
("grant_ui_hint", Value::UiHint(UiHint::ExperimentalFeatures))
|
||||
);
|
||||
// Add a group with a ui hint, and then check they get the hint.
|
||||
let e = entry_init!(
|
||||
("class", Value::new_class("object")),
|
||||
("class", Value::new_class("group")),
|
||||
("name", Value::new_iname("test_uihint_group")),
|
||||
("member", Value::Refer(target_uuid)),
|
||||
("grant_ui_hint", Value::UiHint(UiHint::ExperimentalFeatures))
|
||||
);
|
||||
|
||||
let ce = CreateEvent::new_internal(vec![e]);
|
||||
assert!(idms_prox_write.qs_write.create(&ce).is_ok());
|
||||
let ce = CreateEvent::new_internal(vec![e]);
|
||||
assert!(idms_prox_write.qs_write.create(&ce).is_ok());
|
||||
|
||||
// Check the ui hints are as expected.
|
||||
let account = idms_prox_write
|
||||
.target_to_account(target_uuid)
|
||||
.expect("account must exist");
|
||||
let session_id = uuid::Uuid::new_v4();
|
||||
let uat = account
|
||||
.to_userauthtoken(session_id, ct, AuthType::Passkey, None)
|
||||
.expect("Unable to create uat");
|
||||
// Check the ui hints are as expected.
|
||||
let account = idms_prox_write
|
||||
.target_to_account(target_uuid)
|
||||
.expect("account must exist");
|
||||
let session_id = uuid::Uuid::new_v4();
|
||||
let uat = account
|
||||
.to_userauthtoken(session_id, ct, AuthType::Passkey, None)
|
||||
.expect("Unable to create uat");
|
||||
|
||||
assert!(uat.ui_hints.len() == 3);
|
||||
assert!(uat.ui_hints.contains(&UiHint::PosixAccount));
|
||||
assert!(uat.ui_hints.contains(&UiHint::ExperimentalFeatures));
|
||||
assert!(uat.ui_hints.contains(&UiHint::CredentialUpdate));
|
||||
assert!(uat.ui_hints.len() == 3);
|
||||
assert!(uat.ui_hints.contains(&UiHint::PosixAccount));
|
||||
assert!(uat.ui_hints.contains(&UiHint::ExperimentalFeatures));
|
||||
assert!(uat.ui_hints.contains(&UiHint::CredentialUpdate));
|
||||
|
||||
assert!(idms_prox_write.commit().is_ok());
|
||||
})
|
||||
assert!(idms_prox_write.commit().is_ok());
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -70,119 +70,114 @@ impl<'a> IdmServerProxyReadTransaction<'a> {
|
|||
|
||||
#[cfg(test)]
|
||||
mod tests {
|
||||
// use crate::prelude::*;
|
||||
use async_std::task;
|
||||
use crate::prelude::*;
|
||||
use kanidm_proto::internal::AppLink;
|
||||
|
||||
#[test]
|
||||
fn test_idm_applinks_list() {
|
||||
run_idm_test!(|_qs: &QueryServer,
|
||||
idms: &IdmServer,
|
||||
_idms_delayed: &mut IdmServerDelayed| {
|
||||
let ct = duration_from_epoch_now();
|
||||
let mut idms_prox_write = task::block_on(idms.proxy_write(ct));
|
||||
#[idm_test]
|
||||
async fn test_idm_applinks_list(idms: &IdmServer, _idms_delayed: &mut IdmServerDelayed) {
|
||||
let ct = duration_from_epoch_now();
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await;
|
||||
|
||||
// Create an RS, the user and a group..
|
||||
let usr_uuid = Uuid::new_v4();
|
||||
let grp_uuid = Uuid::new_v4();
|
||||
// Create an RS, the user and a group..
|
||||
let usr_uuid = Uuid::new_v4();
|
||||
let grp_uuid = Uuid::new_v4();
|
||||
|
||||
let e_rs: Entry<EntryInit, EntryNew> = entry_init!(
|
||||
("class", Value::new_class("object")),
|
||||
("class", Value::new_class("oauth2_resource_server")),
|
||||
("class", Value::new_class("oauth2_resource_server_basic")),
|
||||
("oauth2_rs_name", Value::new_iname("test_resource_server")),
|
||||
("displayname", Value::new_utf8s("test_resource_server")),
|
||||
(
|
||||
"oauth2_rs_origin",
|
||||
Value::new_url_s("https://demo.example.com").unwrap()
|
||||
),
|
||||
(
|
||||
"oauth2_rs_origin_landing",
|
||||
Value::new_url_s("https://demo.example.com/landing").unwrap()
|
||||
),
|
||||
// System admins
|
||||
(
|
||||
"oauth2_rs_scope_map",
|
||||
Value::new_oauthscopemap(grp_uuid, btreeset!["read".to_string()])
|
||||
.expect("invalid oauthscope")
|
||||
)
|
||||
);
|
||||
let e_rs: Entry<EntryInit, EntryNew> = entry_init!(
|
||||
("class", Value::new_class("object")),
|
||||
("class", Value::new_class("oauth2_resource_server")),
|
||||
("class", Value::new_class("oauth2_resource_server_basic")),
|
||||
("oauth2_rs_name", Value::new_iname("test_resource_server")),
|
||||
("displayname", Value::new_utf8s("test_resource_server")),
|
||||
(
|
||||
"oauth2_rs_origin",
|
||||
Value::new_url_s("https://demo.example.com").unwrap()
|
||||
),
|
||||
(
|
||||
"oauth2_rs_origin_landing",
|
||||
Value::new_url_s("https://demo.example.com/landing").unwrap()
|
||||
),
|
||||
// System admins
|
||||
(
|
||||
"oauth2_rs_scope_map",
|
||||
Value::new_oauthscopemap(grp_uuid, btreeset!["read".to_string()])
|
||||
.expect("invalid oauthscope")
|
||||
)
|
||||
);
|
||||
|
||||
let e_usr = entry_init!(
|
||||
("class", Value::new_class("object")),
|
||||
("class", Value::new_class("account")),
|
||||
("class", Value::new_class("person")),
|
||||
("name", Value::new_iname("testaccount")),
|
||||
("uuid", Value::Uuid(usr_uuid)),
|
||||
("description", Value::new_utf8s("testaccount")),
|
||||
("displayname", Value::new_utf8s("Test Account"))
|
||||
);
|
||||
let e_usr = entry_init!(
|
||||
("class", Value::new_class("object")),
|
||||
("class", Value::new_class("account")),
|
||||
("class", Value::new_class("person")),
|
||||
("name", Value::new_iname("testaccount")),
|
||||
("uuid", Value::Uuid(usr_uuid)),
|
||||
("description", Value::new_utf8s("testaccount")),
|
||||
("displayname", Value::new_utf8s("Test Account"))
|
||||
);
|
||||
|
||||
let e_grp = entry_init!(
|
||||
("class", Value::new_class("object")),
|
||||
("class", Value::new_class("group")),
|
||||
("uuid", Value::Uuid(grp_uuid)),
|
||||
("name", Value::new_iname("test_oauth2_group"))
|
||||
);
|
||||
let e_grp = entry_init!(
|
||||
("class", Value::new_class("object")),
|
||||
("class", Value::new_class("group")),
|
||||
("uuid", Value::Uuid(grp_uuid)),
|
||||
("name", Value::new_iname("test_oauth2_group"))
|
||||
);
|
||||
|
||||
let ce = CreateEvent::new_internal(vec![e_rs, e_grp, e_usr]);
|
||||
assert!(idms_prox_write.qs_write.create(&ce).is_ok());
|
||||
assert!(idms_prox_write.commit().is_ok());
|
||||
let ce = CreateEvent::new_internal(vec![e_rs, e_grp, e_usr]);
|
||||
assert!(idms_prox_write.qs_write.create(&ce).is_ok());
|
||||
assert!(idms_prox_write.commit().is_ok());
|
||||
|
||||
// Now do an applink query, they will not be there.
|
||||
let mut idms_prox_read = task::block_on(idms.proxy_read());
|
||||
// Now do an applink query, they will not be there.
|
||||
let mut idms_prox_read = idms.proxy_read().await;
|
||||
|
||||
let ident = idms_prox_read
|
||||
.qs_read
|
||||
.internal_search_uuid(usr_uuid)
|
||||
.map(Identity::from_impersonate_entry_readonly)
|
||||
.expect("Failed to impersonate identity");
|
||||
let ident = idms_prox_read
|
||||
.qs_read
|
||||
.internal_search_uuid(usr_uuid)
|
||||
.map(Identity::from_impersonate_entry_readonly)
|
||||
.expect("Failed to impersonate identity");
|
||||
|
||||
let apps = idms_prox_read
|
||||
.list_applinks(&ident)
|
||||
.expect("Failed to access related apps");
|
||||
let apps = idms_prox_read
|
||||
.list_applinks(&ident)
|
||||
.expect("Failed to access related apps");
|
||||
|
||||
assert!(apps.is_empty());
|
||||
drop(idms_prox_read);
|
||||
assert!(apps.is_empty());
|
||||
drop(idms_prox_read);
|
||||
|
||||
// Add them to the group.
|
||||
let mut idms_prox_write = task::block_on(idms.proxy_write(ct));
|
||||
let me_inv_m = unsafe {
|
||||
ModifyEvent::new_internal_invalid(
|
||||
filter!(f_eq("uuid", PartialValue::Refer(grp_uuid))),
|
||||
ModifyList::new_append("member", Value::Refer(usr_uuid)),
|
||||
)
|
||||
};
|
||||
assert!(idms_prox_write.qs_write.modify(&me_inv_m).is_ok());
|
||||
assert!(idms_prox_write.commit().is_ok());
|
||||
// Add them to the group.
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await;
|
||||
let me_inv_m = unsafe {
|
||||
ModifyEvent::new_internal_invalid(
|
||||
filter!(f_eq("uuid", PartialValue::Refer(grp_uuid))),
|
||||
ModifyList::new_append("member", Value::Refer(usr_uuid)),
|
||||
)
|
||||
};
|
||||
assert!(idms_prox_write.qs_write.modify(&me_inv_m).is_ok());
|
||||
assert!(idms_prox_write.commit().is_ok());
|
||||
|
||||
let mut idms_prox_read = task::block_on(idms.proxy_read());
|
||||
let mut idms_prox_read = idms.proxy_read().await;
|
||||
|
||||
let ident = idms_prox_read
|
||||
.qs_read
|
||||
.internal_search_uuid(usr_uuid)
|
||||
.map(Identity::from_impersonate_entry_readonly)
|
||||
.expect("Failed to impersonate identity");
|
||||
let ident = idms_prox_read
|
||||
.qs_read
|
||||
.internal_search_uuid(usr_uuid)
|
||||
.map(Identity::from_impersonate_entry_readonly)
|
||||
.expect("Failed to impersonate identity");
|
||||
|
||||
let apps = idms_prox_read
|
||||
.list_applinks(&ident)
|
||||
.expect("Failed to access related apps");
|
||||
let apps = idms_prox_read
|
||||
.list_applinks(&ident)
|
||||
.expect("Failed to access related apps");
|
||||
|
||||
let app = apps.get(0).expect("No apps return!");
|
||||
let app = apps.get(0).expect("No apps return!");
|
||||
|
||||
assert!(match app {
|
||||
AppLink::Oauth2 {
|
||||
name,
|
||||
display_name,
|
||||
redirect_url,
|
||||
icon,
|
||||
} => {
|
||||
name == "test_resource_server"
|
||||
&& display_name == "test_resource_server"
|
||||
&& redirect_url == &Url::parse("https://demo.example.com/landing").unwrap()
|
||||
&& icon.is_none()
|
||||
} // _ => false,
|
||||
})
|
||||
assert!(match app {
|
||||
AppLink::Oauth2 {
|
||||
name,
|
||||
display_name,
|
||||
redirect_url,
|
||||
icon,
|
||||
} => {
|
||||
name == "test_resource_server"
|
||||
&& display_name == "test_resource_server"
|
||||
&& redirect_url == &Url::parse("https://demo.example.com/landing").unwrap()
|
||||
&& icon.is_none()
|
||||
} // _ => false,
|
||||
})
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1037,7 +1037,7 @@ mod tests {
|
|||
|
||||
let webauthn = create_webauthn();
|
||||
|
||||
let anon_account = entry_str_to_account!(JSON_ANONYMOUS_V1);
|
||||
let anon_account = entry_to_account!(E_ANONYMOUS_V1.clone());
|
||||
|
||||
let (session, state) = AuthSession::new(
|
||||
anon_account,
|
||||
|
|
@ -1107,7 +1107,7 @@ mod tests {
|
|||
sketching::test_init();
|
||||
let webauthn = create_webauthn();
|
||||
// create the ent
|
||||
let mut account = entry_str_to_account!(JSON_ADMIN_V1);
|
||||
let mut account = entry_to_account!(E_ADMIN_V1.clone());
|
||||
// manually load in a cred
|
||||
let p = CryptoPolicy::minimum();
|
||||
let cred = Credential::new_password_only(&p, "test_password").unwrap();
|
||||
|
|
@ -1166,7 +1166,7 @@ mod tests {
|
|||
let jws_signer = create_jwt_signer();
|
||||
let webauthn = create_webauthn();
|
||||
// create the ent
|
||||
let mut account = entry_str_to_account!(JSON_ADMIN_V1);
|
||||
let mut account = entry_to_account!(E_ADMIN_V1.clone());
|
||||
// manually load in a cred
|
||||
let p = CryptoPolicy::minimum();
|
||||
let cred = Credential::new_password_only(&p, "list@no3IBTyqHu$bad").unwrap();
|
||||
|
|
@ -1258,7 +1258,7 @@ mod tests {
|
|||
let webauthn = create_webauthn();
|
||||
let jws_signer = create_jwt_signer();
|
||||
// create the ent
|
||||
let mut account = entry_str_to_account!(JSON_ADMIN_V1);
|
||||
let mut account = entry_to_account!(E_ADMIN_V1);
|
||||
|
||||
// Setup a fake time stamp for consistency.
|
||||
let ts = Duration::from_secs(12345);
|
||||
|
|
@ -1418,7 +1418,7 @@ mod tests {
|
|||
let webauthn = create_webauthn();
|
||||
let jws_signer = create_jwt_signer();
|
||||
// create the ent
|
||||
let mut account = entry_str_to_account!(JSON_ADMIN_V1);
|
||||
let mut account = entry_to_account!(E_ADMIN_V1);
|
||||
|
||||
// Setup a fake time stamp for consistency.
|
||||
let ts = Duration::from_secs(12345);
|
||||
|
|
@ -1582,7 +1582,7 @@ mod tests {
|
|||
let (async_tx, mut async_rx) = unbounded();
|
||||
let ts = duration_from_epoch_now();
|
||||
// create the ent
|
||||
let mut account = entry_str_to_account!(JSON_ADMIN_V1);
|
||||
let mut account = entry_to_account!(E_ADMIN_V1.clone());
|
||||
|
||||
let (webauthn, mut wa, wan_cred) = setup_webauthn_passkey(account.name.as_str());
|
||||
let jws_signer = create_jwt_signer();
|
||||
|
|
@ -1719,7 +1719,7 @@ mod tests {
|
|||
let (async_tx, mut async_rx) = unbounded();
|
||||
let ts = duration_from_epoch_now();
|
||||
// create the ent
|
||||
let mut account = entry_str_to_account!(JSON_ADMIN_V1);
|
||||
let mut account = entry_to_account!(E_ADMIN_V1);
|
||||
|
||||
let (webauthn, mut wa, wan_cred) = setup_webauthn_securitykey(account.name.as_str());
|
||||
let jws_signer = create_jwt_signer();
|
||||
|
|
@ -1896,7 +1896,7 @@ mod tests {
|
|||
let (async_tx, mut async_rx) = unbounded();
|
||||
let ts = duration_from_epoch_now();
|
||||
// create the ent
|
||||
let mut account = entry_str_to_account!(JSON_ADMIN_V1);
|
||||
let mut account = entry_to_account!(E_ADMIN_V1);
|
||||
|
||||
let (webauthn, mut wa, wan_cred) = setup_webauthn_securitykey(account.name.as_str());
|
||||
let jws_signer = create_jwt_signer();
|
||||
|
|
@ -2145,7 +2145,7 @@ mod tests {
|
|||
let jws_signer = create_jwt_signer();
|
||||
let webauthn = create_webauthn();
|
||||
// create the ent
|
||||
let mut account = entry_str_to_account!(JSON_ADMIN_V1);
|
||||
let mut account = entry_to_account!(E_ADMIN_V1);
|
||||
|
||||
// Setup a fake time stamp for consistency.
|
||||
let ts = Duration::from_secs(12345);
|
||||
|
|
|
|||
|
|
@ -1741,7 +1741,7 @@ mod tests {
|
|||
pw: &str,
|
||||
ct: Duration,
|
||||
) -> Option<String> {
|
||||
let mut idms_auth = idms.auth();
|
||||
let mut idms_auth = idms.auth().await;
|
||||
|
||||
let auth_init = AuthEvent::named_init("testperson");
|
||||
|
||||
|
|
@ -1800,7 +1800,7 @@ mod tests {
|
|||
token: &Totp,
|
||||
ct: Duration,
|
||||
) -> Option<String> {
|
||||
let mut idms_auth = idms.auth();
|
||||
let mut idms_auth = idms.auth().await;
|
||||
|
||||
let auth_init = AuthEvent::named_init("testperson");
|
||||
|
||||
|
|
@ -1873,7 +1873,7 @@ mod tests {
|
|||
code: &str,
|
||||
ct: Duration,
|
||||
) -> Option<String> {
|
||||
let mut idms_auth = idms.auth();
|
||||
let mut idms_auth = idms.auth().await;
|
||||
|
||||
let auth_init = AuthEvent::named_init("testperson");
|
||||
|
||||
|
|
@ -1948,7 +1948,7 @@ mod tests {
|
|||
origin: Url,
|
||||
ct: Duration,
|
||||
) -> Option<String> {
|
||||
let mut idms_auth = idms.auth();
|
||||
let mut idms_auth = idms.auth().await;
|
||||
|
||||
let auth_init = AuthEvent::named_init("testperson");
|
||||
|
||||
|
|
@ -2027,7 +2027,7 @@ mod tests {
|
|||
let ct = Duration::from_secs(TEST_CURRENT_TIME);
|
||||
let (cust, _) = setup_test_session(idms, ct).await;
|
||||
|
||||
let cutxn = idms.cred_update_transaction_async().await;
|
||||
let cutxn = idms.cred_update_transaction().await;
|
||||
// The session exists
|
||||
let c_status = cutxn.credential_update_status(&cust, ct);
|
||||
assert!(c_status.is_ok());
|
||||
|
|
@ -2037,7 +2037,7 @@ mod tests {
|
|||
let (_cust, _) =
|
||||
renew_test_session(idms, ct + MAXIMUM_CRED_UPDATE_TTL + Duration::from_secs(1)).await;
|
||||
|
||||
let cutxn = idms.cred_update_transaction();
|
||||
let cutxn = idms.cred_update_transaction().await;
|
||||
|
||||
// Now fake going back in time .... allows the tokne to decrypt, but the session
|
||||
// is gone anyway!
|
||||
|
|
@ -2057,7 +2057,7 @@ mod tests {
|
|||
|
||||
let (cust, _) = setup_test_session(idms, ct).await;
|
||||
|
||||
let cutxn = idms.cred_update_transaction();
|
||||
let cutxn = idms.cred_update_transaction().await;
|
||||
|
||||
// Get the credential status - this should tell
|
||||
// us the details of the credentials, as well as
|
||||
|
|
@ -2088,7 +2088,7 @@ mod tests {
|
|||
|
||||
// Test deleting the pw
|
||||
let (cust, _) = renew_test_session(idms, ct).await;
|
||||
let cutxn = idms.cred_update_transaction();
|
||||
let cutxn = idms.cred_update_transaction().await;
|
||||
|
||||
let c_status = cutxn
|
||||
.credential_update_status(&cust, ct)
|
||||
|
|
@ -2125,7 +2125,7 @@ mod tests {
|
|||
let ct = Duration::from_secs(TEST_CURRENT_TIME);
|
||||
|
||||
let (cust, _) = setup_test_session(idms, ct).await;
|
||||
let cutxn = idms.cred_update_transaction();
|
||||
let cutxn = idms.cred_update_transaction().await;
|
||||
|
||||
// Setup the PW
|
||||
let c_status = cutxn
|
||||
|
|
@ -2188,7 +2188,7 @@ mod tests {
|
|||
|
||||
// If we remove TOTP, show it reverts back.
|
||||
let (cust, _) = renew_test_session(idms, ct).await;
|
||||
let cutxn = idms.cred_update_transaction();
|
||||
let cutxn = idms.cred_update_transaction().await;
|
||||
|
||||
let c_status = cutxn
|
||||
.credential_primary_remove_totp(&cust, ct, "totp")
|
||||
|
|
@ -2219,7 +2219,7 @@ mod tests {
|
|||
let ct = Duration::from_secs(TEST_CURRENT_TIME);
|
||||
|
||||
let (cust, _) = setup_test_session(idms, ct).await;
|
||||
let cutxn = idms.cred_update_transaction();
|
||||
let cutxn = idms.cred_update_transaction().await;
|
||||
|
||||
// Setup the PW
|
||||
let c_status = cutxn
|
||||
|
|
@ -2293,7 +2293,7 @@ mod tests {
|
|||
let ct = Duration::from_secs(TEST_CURRENT_TIME);
|
||||
|
||||
let (cust, _) = setup_test_session(idms, ct).await;
|
||||
let cutxn = idms.cred_update_transaction();
|
||||
let cutxn = idms.cred_update_transaction().await;
|
||||
|
||||
// Setup the PW
|
||||
let _c_status = cutxn
|
||||
|
|
@ -2369,7 +2369,7 @@ mod tests {
|
|||
|
||||
// Renew to start the next steps
|
||||
let (cust, _) = renew_test_session(idms, ct).await;
|
||||
let cutxn = idms.cred_update_transaction();
|
||||
let cutxn = idms.cred_update_transaction().await;
|
||||
|
||||
// Only 7 codes left.
|
||||
let c_status = cutxn
|
||||
|
|
@ -2430,7 +2430,7 @@ mod tests {
|
|||
let ct = Duration::from_secs(TEST_CURRENT_TIME);
|
||||
|
||||
let (cust, _) = setup_test_session(idms, ct).await;
|
||||
let cutxn = idms.cred_update_transaction();
|
||||
let cutxn = idms.cred_update_transaction().await;
|
||||
|
||||
// Setup the PW
|
||||
let c_status = cutxn
|
||||
|
|
@ -2482,7 +2482,7 @@ mod tests {
|
|||
let ct = Duration::from_secs(TEST_CURRENT_TIME);
|
||||
|
||||
let (cust, _) = setup_test_session(idms, ct).await;
|
||||
let cutxn = idms.cred_update_transaction();
|
||||
let cutxn = idms.cred_update_transaction().await;
|
||||
let origin = cutxn.get_origin().clone();
|
||||
|
||||
// Create a soft passkey
|
||||
|
|
@ -2538,7 +2538,7 @@ mod tests {
|
|||
|
||||
// Now test removing the token
|
||||
let (cust, _) = renew_test_session(idms, ct).await;
|
||||
let cutxn = idms.cred_update_transaction();
|
||||
let cutxn = idms.cred_update_transaction().await;
|
||||
|
||||
trace!(?c_status);
|
||||
assert!(c_status.primary.is_none());
|
||||
|
|
|
|||
File diff suppressed because it is too large
Load diff
File diff suppressed because it is too large
Load diff
|
|
@ -75,7 +75,7 @@ mod tests {
|
|||
|
||||
// Update session is setup.
|
||||
|
||||
let cutxn = idms.cred_update_transaction();
|
||||
let cutxn = idms.cred_update_transaction().await;
|
||||
let origin = cutxn.get_origin().clone();
|
||||
|
||||
let mut wa = WebauthnAuthenticator::new(SoftPasskey::new());
|
||||
|
|
@ -120,7 +120,7 @@ mod tests {
|
|||
wa: &mut WebauthnAuthenticator<SoftPasskey>,
|
||||
idms_delayed: &mut IdmServerDelayed,
|
||||
) -> Option<String> {
|
||||
let mut idms_auth = idms.auth();
|
||||
let mut idms_auth = idms.auth().await;
|
||||
let origin = idms_auth.get_origin().clone();
|
||||
|
||||
let auth_init = AuthEvent::named_init("testperson");
|
||||
|
|
|
|||
File diff suppressed because it is too large
Load diff
File diff suppressed because it is too large
Load diff
|
|
@ -13,7 +13,9 @@ macro_rules! setup_test {
|
|||
.expect("Failed to init BE");
|
||||
|
||||
let qs = QueryServer::new(be, schema_outer, "example.com".to_string());
|
||||
async_std::task::block_on(qs.initialise_helper(duration_from_epoch_now()))
|
||||
tokio::runtime::Runtime::new()
|
||||
.unwrap()
|
||||
.block_on(qs.initialise_helper(duration_from_epoch_now()))
|
||||
.expect("init failed!");
|
||||
qs
|
||||
}};
|
||||
|
|
@ -34,11 +36,15 @@ macro_rules! setup_test {
|
|||
.expect("Failed to init BE");
|
||||
|
||||
let qs = QueryServer::new(be, schema_outer, "example.com".to_string());
|
||||
async_std::task::block_on(qs.initialise_helper(duration_from_epoch_now()))
|
||||
tokio::runtime::Runtime::new()
|
||||
.unwrap()
|
||||
.block_on(qs.initialise_helper(duration_from_epoch_now()))
|
||||
.expect("init failed!");
|
||||
|
||||
if !$preload_entries.is_empty() {
|
||||
let mut qs_write = async_std::task::block_on(qs.write(duration_from_epoch_now()));
|
||||
let mut qs_write = tokio::runtime::Runtime::new()
|
||||
.unwrap()
|
||||
.block_on(qs.write(duration_from_epoch_now()));
|
||||
qs_write
|
||||
.internal_create($preload_entries)
|
||||
.expect("Failed to preload entries");
|
||||
|
|
@ -48,30 +54,6 @@ macro_rules! setup_test {
|
|||
}};
|
||||
}
|
||||
|
||||
#[cfg(test)]
|
||||
macro_rules! entry_str_to_account {
|
||||
($entry_str:expr) => {{
|
||||
use std::iter::once;
|
||||
|
||||
use crate::entry::{Entry, EntryInvalid, EntryNew};
|
||||
use crate::idm::account::Account;
|
||||
use crate::value::Value;
|
||||
|
||||
let mut e: Entry<EntryInvalid, EntryNew> =
|
||||
unsafe { Entry::unsafe_from_entry_str($entry_str).into_invalid_new() };
|
||||
// Add spn, because normally this is generated but in tests we can't.
|
||||
let spn = e
|
||||
.get_ava_single_iname("name")
|
||||
.map(|s| Value::new_spn_str(s, "example.com"))
|
||||
.expect("Failed to munge spn from name!");
|
||||
e.set_ava("spn", once(spn));
|
||||
|
||||
let e = unsafe { e.into_sealed_committed() };
|
||||
|
||||
Account::try_from_entry_no_groups(&e).expect("Account conversion failure")
|
||||
}};
|
||||
}
|
||||
|
||||
#[cfg(test)]
|
||||
macro_rules! entry_to_account {
|
||||
($entry:expr) => {{
|
||||
|
|
@ -95,48 +77,6 @@ macro_rules! entry_to_account {
|
|||
}};
|
||||
}
|
||||
|
||||
#[cfg(test)]
|
||||
macro_rules! run_idm_test_inner {
|
||||
($test_fn:expr) => {{
|
||||
#[allow(unused_imports)]
|
||||
use crate::be::{Backend, BackendConfig};
|
||||
#[allow(unused_imports)]
|
||||
use crate::idm::server::{IdmServer, IdmServerDelayed};
|
||||
use crate::prelude::*;
|
||||
#[allow(unused_imports)]
|
||||
use crate::schema::Schema;
|
||||
/*
|
||||
use env_logger;
|
||||
::std::env::set_var("RUST_LOG", "actix_web=debug,kanidm=debug");
|
||||
let _ = env_logger::builder()
|
||||
.format_timestamp(None)
|
||||
.format_level(false)
|
||||
.is_test(true)
|
||||
.try_init();
|
||||
*/
|
||||
|
||||
let test_server = setup_test!();
|
||||
|
||||
let (test_idm_server, mut idms_delayed) =
|
||||
IdmServer::new(test_server.clone(), "https://idm.example.com")
|
||||
.expect("Failed to setup idms");
|
||||
|
||||
$test_fn(&test_server, &test_idm_server, &mut idms_delayed);
|
||||
// Any needed teardown?
|
||||
// Make sure there are no errors.
|
||||
assert!(async_std::task::block_on(test_server.verify()).len() == 0);
|
||||
idms_delayed.check_is_empty_or_panic();
|
||||
}};
|
||||
}
|
||||
|
||||
#[cfg(test)]
|
||||
macro_rules! run_idm_test {
|
||||
($test_fn:expr) => {{
|
||||
let _ = sketching::test_init();
|
||||
run_idm_test_inner!($test_fn);
|
||||
}};
|
||||
}
|
||||
|
||||
// Test helpers for all plugins.
|
||||
// #[macro_export]
|
||||
#[cfg(test)]
|
||||
|
|
@ -165,7 +105,9 @@ macro_rules! run_create_test {
|
|||
};
|
||||
|
||||
{
|
||||
let mut qs_write = async_std::task::block_on(qs.write(duration_from_epoch_now()));
|
||||
let mut qs_write = tokio::runtime::Runtime::new()
|
||||
.unwrap()
|
||||
.block_on(qs.write(duration_from_epoch_now()));
|
||||
let r = qs_write.create(&ce);
|
||||
trace!("test result: {:?}", r);
|
||||
assert!(r == $expect);
|
||||
|
|
@ -181,7 +123,9 @@ macro_rules! run_create_test {
|
|||
}
|
||||
// Make sure there are no errors.
|
||||
trace!("starting verification");
|
||||
let ver = async_std::task::block_on(qs.verify());
|
||||
let ver = tokio::runtime::Runtime::new()
|
||||
.unwrap()
|
||||
.block_on(qs.verify());
|
||||
trace!("verification -> {:?}", ver);
|
||||
assert!(ver.len() == 0);
|
||||
}};
|
||||
|
|
@ -207,7 +151,9 @@ macro_rules! run_modify_test {
|
|||
let qs = setup_test!($preload_entries);
|
||||
|
||||
{
|
||||
let mut qs_write = async_std::task::block_on(qs.write(duration_from_epoch_now()));
|
||||
let mut qs_write = tokio::runtime::Runtime::new()
|
||||
.unwrap()
|
||||
.block_on(qs.write(duration_from_epoch_now()));
|
||||
$pre_hook(&mut qs_write);
|
||||
qs_write.commit().expect("commit failure!");
|
||||
}
|
||||
|
|
@ -220,7 +166,9 @@ macro_rules! run_modify_test {
|
|||
};
|
||||
|
||||
{
|
||||
let mut qs_write = async_std::task::block_on(qs.write(duration_from_epoch_now()));
|
||||
let mut qs_write = tokio::runtime::Runtime::new()
|
||||
.unwrap()
|
||||
.block_on(qs.write(duration_from_epoch_now()));
|
||||
let r = qs_write.modify(&me);
|
||||
$check(&mut qs_write);
|
||||
trace!("test result: {:?}", r);
|
||||
|
|
@ -236,7 +184,9 @@ macro_rules! run_modify_test {
|
|||
}
|
||||
// Make sure there are no errors.
|
||||
trace!("starting verification");
|
||||
let ver = async_std::task::block_on(qs.verify());
|
||||
let ver = tokio::runtime::Runtime::new()
|
||||
.unwrap()
|
||||
.block_on(qs.verify());
|
||||
trace!("verification -> {:?}", ver);
|
||||
assert!(ver.len() == 0);
|
||||
}};
|
||||
|
|
@ -266,7 +216,9 @@ macro_rules! run_delete_test {
|
|||
};
|
||||
|
||||
{
|
||||
let mut qs_write = async_std::task::block_on(qs.write(duration_from_epoch_now()));
|
||||
let mut qs_write = tokio::runtime::Runtime::new()
|
||||
.unwrap()
|
||||
.block_on(qs.write(duration_from_epoch_now()));
|
||||
let r = qs_write.delete(&de);
|
||||
trace!("test result: {:?}", r);
|
||||
$check(&mut qs_write);
|
||||
|
|
@ -282,7 +234,9 @@ macro_rules! run_delete_test {
|
|||
}
|
||||
// Make sure there are no errors.
|
||||
trace!("starting verification");
|
||||
let ver = async_std::task::block_on(qs.verify());
|
||||
let ver = tokio::runtime::Runtime::new()
|
||||
.unwrap()
|
||||
.block_on(qs.verify());
|
||||
trace!("verification -> {:?}", ver);
|
||||
assert!(ver.len() == 0);
|
||||
}};
|
||||
|
|
|
|||
|
|
@ -63,5 +63,7 @@ pub async fn setup_idm_test() -> (IdmServer, IdmServerDelayed) {
|
|||
qs.initialise_helper(duration_from_epoch_now())
|
||||
.await
|
||||
.expect("init failed!");
|
||||
IdmServer::new(qs, "https://idm.example.com").expect("Failed to setup idms")
|
||||
IdmServer::new(qs, "https://idm.example.com")
|
||||
.await
|
||||
.expect("Failed to setup idms")
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in a new issue