SAAS-175 Add tests for auth API

docker-compose.yml

@@ -18,6 +18,7 @@ services:
       # for check-dev
       - PERCONA_TEST_CHECKS_HOST=check-dev.percona.com:443
       - PERCONA_TEST_CHECKS_PUBLIC_KEY=RWTg+ZmCCjt7O8eWeAmTLAqW+1ozUbpRSKSwNTmO+exlS5KEIPYWuYdX
+      - PERCONA_TEST_AUTH_HOST=check-dev.percona.com:443
     volumes:
       - ./testdata/checks:/srv/checks
 

init.go

@@ -16,6 +16,7 @@ import (
 	"testing"
 	"time"
 
+	"github.com/brianvoe/gofakeit"
 	"github.com/go-openapi/runtime"
 	httptransport "github.com/go-openapi/runtime/client"
 	"github.com/percona/pmm/api/alertmanager/amclient"
@@ -99,7 +100,9 @@ func Transport(baseURL *url.URL, insecureTLS bool) *httptransport.Runtime {
 
 //nolint:gochecknoinits
 func init() {
-	rand.Seed(time.Now().UnixNano())
+	seed := time.Now().UnixNano()
+	rand.Seed(seed)
+	gofakeit.Seed(seed)
 
 	debugF := flag.Bool("pmm.debug", false, "Enable debug output [PMM_DEBUG].")
 	traceF := flag.Bool("pmm.trace", false, "Enable trace output [PMM_TRACE].")

management/rds_test.go

@@ -1,10 +1,8 @@
 package management
 
 import (
-	"math/rand"
 	"os"
 	"testing"
-	"time"
 
 	"github.com/AlekSi/pointer"
 	"github.com/percona/pmm/api/managementpb/json/client"
@@ -40,7 +38,6 @@ func TestRDSDiscovery(t *testing.T) {
 }
 
 func TestAddRds(t *testing.T) {
-	rand.Seed(time.Now().UnixNano())
 	t.Run("BasicAddRDS", func(t *testing.T) {
 		params := &rds.AddRDSParams{
 			Body: rds.AddRDSBody{

server/auth_test.go

@@ -220,7 +220,7 @@ func TestSwagger(t *testing.T) {
 	}
 }
 
-func TestPermissionsForSTTChecksPage(t *testing.T) {
+func TestPermissions(t *testing.T) {
 	ts := strconv.FormatInt(time.Now().Unix(), 10)
 	none := "none-" + ts
 	viewer := "viewer-" + ts
@@ -239,40 +239,66 @@ func TestPermissionsForSTTChecksPage(t *testing.T) {
 	adminID := createUserWithRole(t, admin, "Admin")
 	defer deleteUser(t, adminID)
 
-	tests := []struct {
-		name       string
-		url        string
-		method     string
+	type userCase struct {
+		userType   string
 		login      string
 		statusCode int
+	}
+
+	tests := []struct {
+		name     string
+		url      string
+		method   string
+		userCase []userCase
 	}{
-		{name: "settings-default", url: "/v1/Settings/Get", method: "POST", login: none, statusCode: 401},
-		{name: "settings-viewer", url: "/v1/Settings/Get", method: "POST", login: viewer, statusCode: 401},
-		{name: "settings-editor", url: "/v1/Settings/Get", method: "POST", login: editor, statusCode: 401},
-		{name: "settings-admin", url: "/v1/Settings/Get", method: "POST", login: admin, statusCode: 200},
-		{name: "alerts-default", url: "/alertmanager/api/v2/alerts", method: "GET", login: none, statusCode: 401},
-		{name: "alerts-viewer", url: "/alertmanager/api/v2/alerts", method: "GET", login: viewer, statusCode: 401},
-		{name: "alerts-editor", url: "/alertmanager/api/v2/alerts", method: "GET", login: editor, statusCode: 401},
-		{name: "alerts-admin", url: "/alertmanager/api/v2/alerts", method: "GET", login: admin, statusCode: 200},
+		{name: "settings", url: "/v1/Settings/Get", method: "POST", userCase: []userCase{
+			{userType: "default", login: none, statusCode: 401},
+			{userType: "viewer", login: viewer, statusCode: 401},
+			{userType: "editor", login: editor, statusCode: 401},
+			{userType: "admin", login: admin, statusCode: 200},
+		}},
+		{name: "alerts-default", url: "/alertmanager/api/v2/alerts", method: "GET", userCase: []userCase{
+			{userType: "default", login: none, statusCode: 401},
+			{userType: "viewer", login: viewer, statusCode: 401},
+			{userType: "editor", login: editor, statusCode: 401},
+			{userType: "admin", login: admin, statusCode: 200},
+		}},
+		{name: "platform-sign-up", url: "/v1/Platform/SignUp", method: "POST", userCase: []userCase{
+			{userType: "default", login: none, statusCode: 401},
+			{userType: "viewer", login: viewer, statusCode: 401},
+			{userType: "editor", login: editor, statusCode: 401},
+			{userType: "admin", login: admin, statusCode: 400}, // We send bad request, but have access to endpoint
+		}},
+		{name: "platform-sign-in", url: "/v1/Platform/SignIn", method: "POST", userCase: []userCase{
+			{userType: "default", login: none, statusCode: 401},
+			{userType: "viewer", login: viewer, statusCode: 401},
+			{userType: "editor", login: editor, statusCode: 401},
+			{userType: "admin", login: admin, statusCode: 400}, // We send bad request, but have access to endpoint
+		}},
 	}
 
 	for _, test := range tests {
 		test := test
 		t.Run(test.name, func(t *testing.T) {
-			// make a BaseURL without authentication
-			u, err := url.Parse(pmmapitests.BaseURL.String())
-			require.NoError(t, err)
-			u.User = url.UserPassword(test.login, test.login)
-			u.Path = test.url
-
-			req, err := http.NewRequest(test.method, u.String(), nil)
-			require.NoError(t, err)
-
-			resp, err := http.DefaultClient.Do(req)
-			require.NoError(t, err)
-			defer resp.Body.Close() //nolint:errcheck
-
-			assert.Equal(t, test.statusCode, resp.StatusCode)
+			for _, user := range test.userCase {
+				user := user
+				t.Run(user.userType, func(t *testing.T) {
+					// make a BaseURL without authentication
+					u, err := url.Parse(pmmapitests.BaseURL.String())
+					require.NoError(t, err)
+					u.User = url.UserPassword(user.login, user.login)
+					u.Path = test.url
+
+					req, err := http.NewRequestWithContext(pmmapitests.Context, test.method, u.String(), nil)
+					require.NoError(t, err)
+
+					resp, err := http.DefaultClient.Do(req)
+					require.NoError(t, err)
+					defer resp.Body.Close() //nolint:errcheck
+
+					assert.Equal(t, user.statusCode, resp.StatusCode)
+				})
+			}
 		})
 	}
 }

server/platform_auth_test.go

@@ -0,0 +1,145 @@
+package server
+
+import (
+	"testing"
+
+	"github.com/brianvoe/gofakeit"
+	serverClient "github.com/percona/pmm/api/serverpb/json/client"
+	"github.com/percona/pmm/api/serverpb/json/client/server"
+	"github.com/stretchr/testify/require"
+	"google.golang.org/grpc/codes"
+
+	pmmapitests "github.com/Percona-Lab/pmm-api-tests"
+)
+
+// Tests in this file cover Percona Platform authentication.
+
+func TestPlatform(t *testing.T) {
+	client := serverClient.Default.Server
+
+	t.Run("signUp", func(t *testing.T) {
+		t.Run("normal", func(t *testing.T) {
+			_, err := client.PlatformSignUp(&server.PlatformSignUpParams{
+				Body: server.PlatformSignUpBody{
+					Email:    gofakeit.Email(),
+					Password: gofakeit.Password(true, true, true, false, false, 14),
+				},
+				Context: pmmapitests.Context,
+			})
+			require.NoError(t, err)
+		})
+
+		t.Run("invalid email", func(t *testing.T) {
+			_, err := client.PlatformSignUp(&server.PlatformSignUpParams{
+				Body: server.PlatformSignUpBody{
+					Email:    "not-email",
+					Password: gofakeit.Password(true, true, true, false, false, 14),
+				},
+				Context: pmmapitests.Context,
+			})
+			pmmapitests.AssertAPIErrorf(t, err, 400, codes.InvalidArgument, "Error Creating Your Account.")
+		})
+
+		t.Run("invalid password", func(t *testing.T) {
+			_, err := client.PlatformSignUp(&server.PlatformSignUpParams{
+				Body: server.PlatformSignUpBody{
+					Email:    gofakeit.Email(),
+					Password: "weak-pass",
+				},
+				Context: pmmapitests.Context,
+			})
+			pmmapitests.AssertAPIErrorf(t, err, 400, codes.InvalidArgument, "Error Creating Your Account.")
+		})
+
+		t.Run("empty email", func(t *testing.T) {
+			_, err := client.PlatformSignUp(&server.PlatformSignUpParams{
+				Body: server.PlatformSignUpBody{
+					Email:    "",
+					Password: gofakeit.Password(true, true, true, false, false, 14),
+				},
+				Context: pmmapitests.Context,
+			})
+			pmmapitests.AssertAPIErrorf(t, err, 400, codes.InvalidArgument, "invalid field Email: value '' must not be an empty string")
+		})
+
+		t.Run("empty password", func(t *testing.T) {
+			_, err := client.PlatformSignUp(&server.PlatformSignUpParams{
+				Body: server.PlatformSignUpBody{
+					Email:    gofakeit.Email(),
+					Password: "",
+				},
+				Context: pmmapitests.Context,
+			})
+			pmmapitests.AssertAPIErrorf(t, err, 400, codes.InvalidArgument, "invalid field Password: value '' must not be an empty string")
+		})
+	})
+
+	t.Run("signIn", func(t *testing.T) {
+		email := gofakeit.Email()
+		password := gofakeit.Password(true, true, true, false, false, 14)
+
+		_, err := client.PlatformSignUp(&server.PlatformSignUpParams{
+			Body: server.PlatformSignUpBody{
+				Email:    email,
+				Password: password,
+			},
+			Context: pmmapitests.Context,
+		})
+		require.NoError(t, err)
+
+		t.Run("normal", func(t *testing.T) {
+			_, err = client.PlatformSignIn(&server.PlatformSignInParams{
+				Body: server.PlatformSignInBody{
+					Email:    email,
+					Password: password,
+				},
+				Context: pmmapitests.Context,
+			})
+			require.NoError(t, err)
+		})
+
+		t.Run("wrong email", func(t *testing.T) {
+			_, err = client.PlatformSignIn(&server.PlatformSignInParams{
+				Body: server.PlatformSignInBody{
+					Email:    "wrong@example.com",
+					Password: password,
+				},
+				Context: pmmapitests.Context,
+			})
+			pmmapitests.AssertAPIErrorf(t, err, 400, codes.InvalidArgument, "Incorrect username or password.")
+		})
+
+		t.Run("wrong password", func(t *testing.T) {
+			_, err = client.PlatformSignIn(&server.PlatformSignInParams{
+				Body: server.PlatformSignInBody{
+					Email:    email,
+					Password: "WrongPassword12345",
+				},
+				Context: pmmapitests.Context,
+			})
+			pmmapitests.AssertAPIErrorf(t, err, 400, codes.InvalidArgument, "Incorrect username or password.")
+		})
+
+		t.Run("empty email", func(t *testing.T) {
+			_, err = client.PlatformSignIn(&server.PlatformSignInParams{
+				Body: server.PlatformSignInBody{
+					Email:    "",
+					Password: password,
+				},
+				Context: pmmapitests.Context,
+			})
+			pmmapitests.AssertAPIErrorf(t, err, 400, codes.InvalidArgument, "invalid field Email: value '' must not be an empty string")
+		})
+
+		t.Run("empty password", func(t *testing.T) {
+			_, err = client.PlatformSignIn(&server.PlatformSignInParams{
+				Body: server.PlatformSignInBody{
+					Email:    email,
+					Password: "",
+				},
+				Context: pmmapitests.Context,
+			})
+			pmmapitests.AssertAPIErrorf(t, err, 400, codes.InvalidArgument, "invalid field Password: value '' must not be an empty string")
+		})
+	})
+}