Skip to content

Commit cb7d004

Browse files
EmyrkEmyrk
committed
add unit test for deleted role
1 parent 9466f74 commit cb7d004

File tree

1 file changed

+52
-5
lines changed

1 file changed

+52
-5
lines changed

enterprise/coderd/userauth_test.go

Lines changed: 52 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -15,6 +15,7 @@ import (
1515
"github.com/coder/coder/v2/coderd/coderdtest/oidctest"
1616
"github.com/coder/coder/v2/coderd/database"
1717
"github.com/coder/coder/v2/coderd/database/dbauthz"
18+
"github.com/coder/coder/v2/coderd/database/dbtestutil"
1819
"github.com/coder/coder/v2/coderd/rbac"
1920
"github.com/coder/coder/v2/coderd/util/slice"
2021
"github.com/coder/coder/v2/codersdk"
@@ -683,7 +684,10 @@ func TestGroupSync(t *testing.T) {
683684
}
684685
}
685686

686-
func TestUserLogin(t *testing.T) {
687+
func TestEnterpriseUserLogin(t *testing.T) {
688+
t.Parallel()
689+
690+
// Login to a user with a custom organization role set.
687691
t.Run("CustomRole", func(t *testing.T) {
688692
t.Parallel()
689693
dv := coderdtest.DeploymentValues(t)
@@ -714,15 +718,58 @@ func TestUserLogin(t *testing.T) {
714718
OrganizationID: owner.OrganizationID,
715719
},
716720
}, func(r *codersdk.CreateUserRequest) {
717-
r.Password = ""
718-
r.UserLoginType = codersdk.LoginTypeNone
721+
r.Password = "SomeSecurePassword!"
722+
r.UserLoginType = codersdk.LoginTypePassword
723+
})
724+
725+
_, err = anotherClient.LoginWithPassword(ctx, codersdk.LoginWithPasswordRequest{
726+
Email: anotherUser.Email,
727+
Password: "SomeSecurePassword!",
728+
})
729+
require.NoError(t, err)
730+
})
731+
732+
// Login to a user with a custom organization role that no longer exists
733+
t.Run("DeletedRole", func(t *testing.T) {
734+
t.Parallel()
735+
736+
// The dbauthz layer protects against deleted roles. So use the underlying
737+
// database directly to corrupt it.
738+
rawDB, pubsub := dbtestutil.NewDB(t)
739+
740+
dv := coderdtest.DeploymentValues(t)
741+
dv.Experiments = []string{string(codersdk.ExperimentCustomRoles)}
742+
ownerClient, owner := coderdenttest.New(t, &coderdenttest.Options{
743+
Options: &coderdtest.Options{
744+
DeploymentValues: dv,
745+
Database: rawDB,
746+
Pubsub: pubsub,
747+
},
748+
LicenseOptions: &coderdenttest.LicenseOptions{
749+
Features: license.Features{
750+
codersdk.FeatureCustomRoles: 1,
751+
},
752+
},
753+
})
754+
755+
anotherClient, anotherUser := coderdtest.CreateAnotherUserMutators(t, ownerClient, owner.OrganizationID, nil, func(r *codersdk.CreateUserRequest) {
756+
r.Password = "SomeSecurePassword!"
757+
r.UserLoginType = codersdk.LoginTypePassword
758+
})
759+
760+
ctx := testutil.Context(t, testutil.WaitShort)
761+
_, err := rawDB.UpdateMemberRoles(ctx, database.UpdateMemberRolesParams{
762+
GrantedRoles: []string{"not-exists"},
763+
UserID: anotherUser.ID,
764+
OrgID: owner.OrganizationID,
719765
})
766+
require.NoError(t, err, "assign not-exists role")
720767

721-
_, err = anotherClient.LoginWithPassword(context.Background(), codersdk.LoginWithPasswordRequest{
768+
_, err = anotherClient.LoginWithPassword(ctx, codersdk.LoginWithPasswordRequest{
722769
Email: anotherUser.Email,
723770
Password: "SomeSecurePassword!",
724771
})
725-
require.Error(t, err)
772+
require.NoError(t, err)
726773
})
727774
}
728775

0 commit comments

Comments
 (0)