@@ -9,92 +9,103 @@ use crate::error::result::CosmianResult;
99// let us not make other test cases fail
1010const PORT : u16 = 6667 ;
1111
12+ //TODO: please check equivalent - but more detailed - tests in src/tests/kms/auth_tests.rs
13+
1214#[ tokio:: test]
1315pub ( crate ) async fn test_all_authentications ( ) -> CosmianResult < ( ) > {
1416 log_init ( None ) ;
1517 let url = get_redis_url ( "REDIS_URL" ) ;
1618 trace ! ( "TESTS: using redis on {url}" ) ;
17- // plaintext no auth
18- info ! ( "Testing server with no auth" ) ;
19- let ctx = start_test_server_with_options (
20- DBConfig {
21- database_type : DatabaseType :: Redis ,
22- clear_database : false ,
23- database_url : url. clone ( ) ,
24- } ,
25- PORT ,
26- AuthenticationOptions {
27- use_jwt_token : false ,
28- use_https : false ,
29- use_client_cert : false ,
30- } ,
31- )
32- . await ?;
33- ctx. stop_server ( ) . await ?;
3419
3520 let default_db_config = DBConfig {
3621 database_type : DatabaseType :: Redis ,
3722 clear_database : false ,
38- database_url : url,
23+ database_url : url. clone ( ) ,
24+ } ;
25+
26+ // SCENARIO 1: plaintext no auth
27+ info ! ( "Testing server with no auth" ) ;
28+ let options = AuthenticationOptions {
29+ use_jwt_token : false ,
30+ use_https : false ,
31+ use_client_cert : false ,
32+ use_api_token : false ,
33+ ..Default :: default ( )
34+ } ;
35+
36+ let ctx = start_test_server_with_options ( default_db_config. clone ( ) , PORT , options) . await ?;
37+ ctx. stop_server ( ) . await ?;
38+
39+ // SCENARIO 2: plaintext JWT token auth - successful auth with token
40+ info ! ( "Testing server with JWT token auth - successful" ) ;
41+ let options = AuthenticationOptions {
42+ use_jwt_token : true ,
43+ use_https : false ,
44+ use_client_cert : false ,
45+ use_api_token : false ,
46+ ..Default :: default ( )
3947 } ;
48+ // Default behavior sends valid JWT token
4049
41- // plaintext JWT token auth
42- info ! ( "Testing server with JWT token auth" ) ;
43- let ctx = start_test_server_with_options (
44- default_db_config. clone ( ) ,
45- PORT ,
46- AuthenticationOptions {
47- use_jwt_token : true ,
48- use_https : false ,
49- use_client_cert : false ,
50- } ,
51- )
52- . await ?;
50+ let ctx = start_test_server_with_options ( default_db_config. clone ( ) , PORT , options) . await ?;
5351 ctx. stop_server ( ) . await ?;
5452
55- // tls token auth
53+ // SCENARIO 3: tls token auth
5654 info ! ( "Testing server with TLS token auth" ) ;
57- let ctx = start_test_server_with_options (
58- default_db_config. clone ( ) ,
59- PORT ,
60- AuthenticationOptions {
61- use_jwt_token : true ,
62- use_https : true ,
63- use_client_cert : false ,
64- } ,
65- )
66- . await ?;
55+ let options = AuthenticationOptions {
56+ use_jwt_token : true ,
57+ use_https : true ,
58+ use_client_cert : false ,
59+ use_api_token : false ,
60+ ..Default :: default ( )
61+ } ;
62+ // Default behavior sends valid JWT token
63+
64+ let ctx = start_test_server_with_options ( default_db_config. clone ( ) , PORT , options) . await ?;
65+ ctx. stop_server ( ) . await ?;
66+
67+ // SCENARIO 4: Client Certificates and JWT authentication are enabled, but the user only presents a JWT token.
68+ info ! ( "Testing server with both Client Certificates and JWT auth - JWT token only" ) ;
69+ let options = AuthenticationOptions {
70+ use_jwt_token : true ,
71+ use_https : true ,
72+ use_client_cert : true ,
73+ use_api_token : false ,
74+ do_not_send_client_certificate : true , // Don't send the client certificate
75+ ..Default :: default ( )
76+ } ;
77+
78+ let ctx = start_test_server_with_options ( default_db_config. clone ( ) , PORT , options) . await ?;
6779 ctx. stop_server ( ) . await ?;
6880
69- // tls client cert auth
70- info ! ( "Testing server with TLS client cert auth" ) ;
71- let ctx = start_test_server_with_options (
72- default_db_config. clone ( ) ,
73- PORT ,
74- AuthenticationOptions {
75- use_jwt_token : false ,
76- use_https : true ,
77- use_client_cert : true ,
78- } ,
79- )
80- . await ?;
81+ // SCENARIO 5: Both Client Certificates and API token authentication are enabled, the user presents an API token only
82+ info ! ( "Testing server with both Client Certificates and API token auth - API token only" ) ;
83+ let options = AuthenticationOptions {
84+ use_jwt_token : false ,
85+ use_https : true ,
86+ use_client_cert : true ,
87+ use_api_token : true ,
88+ do_not_send_client_certificate : true , // Don't send client certificate
89+ ..Default :: default ( )
90+ } ;
91+ // Default behavior sends a valid API token
92+
93+ let ctx = start_test_server_with_options ( default_db_config. clone ( ) , PORT , options) . await ?;
8194 ctx. stop_server ( ) . await ?;
8295
83- // Good JWT token auth but still cert auth used at first
84- info ! (
85- "Testing server with bad API token and good JWT token auth but still cert auth used at \
86-
87- ) ;
88- let ctx = start_test_server_with_options (
89- default_db_config,
90- PORT ,
91- AuthenticationOptions {
92- use_jwt_token : true ,
93- use_https : true ,
94- use_client_cert : true ,
95- } ,
96- )
97- . await ?;
96+ // SCENARIO 6: Both JWT and API token authentication are enabled, user presents an API token only
97+ info ! ( "Testing server with both JWT and API token auth - API token only" ) ;
98+ let options = AuthenticationOptions {
99+ use_jwt_token : true ,
100+ use_https : false ,
101+ use_client_cert : false ,
102+ use_api_token : true ,
103+ do_not_send_jwt_token : true , // Send invalid JWT token
104+ ..Default :: default ( )
105+ } ;
106+ // Default behavior sends valid API token
107+
108+ let ctx = start_test_server_with_options ( default_db_config. clone ( ) , PORT , options) . await ?;
98109 ctx. stop_server ( ) . await ?;
99110
100111 Ok ( ( ) )
0 commit comments