Merge branch 'auth-duration' into 'release-2.4'

Configurable session validity!

See merge request !173

cmd/bytemark/config_test.go

@@ -97,7 +97,7 @@ func TestCommandConfigSet(t *testing.T) {
 		config.When("GetV", "endpoint").Return(util.ConfigVar{"endpoint", "", ""})
 		config.When("GetV", "group").Return(util.ConfigVar{"group", "", ""})
 		config.When("GetV", "debug-level").Return(util.ConfigVar{"debug-level", "", ""})
-		config.When("Get", "token").Return("test-token", nil)
+		config.When("GetIgnoreErr", "token").Return("test-token")
 		config.When("GetIgnoreErr", "user").Return("old-test-user")
 		config.When("GetIgnoreErr", "yubikey").Return("")
 		config.When("GetIgnoreErr", "2fa-otp").Return("")

cmd/bytemark/create_test.go

@@ -270,19 +270,15 @@ func TestCreateServer(t *testing.T) {
 
 func TestCreateBackup(t *testing.T) {
 	is := is.New(t)
-	config, c := baseTestSetup(t, false)
+	config, c := baseTestAuthSetup(t, false)
 
-	config.When("Get", "account").Return("test-account")
-	config.When("Get", "token").Return("test-token")
-	config.When("GetIgnoreErr", "yubikey").Return("")
 	config.When("GetVirtualMachine").Return(&defVM)
 
 	vmname := lib.VirtualMachineName{
 		VirtualMachine: "test-server",
 		Group:          "default",
 		Account:        "default-account",
 	}
-	c.When("AuthWithToken", "test-token").Return(nil).Times(1)
 
 	c.When("CreateBackup", vmname, "test-disc").Return(brain.Backup{}, nil).Times(1)
 

cmd/bytemark/delete_test.go

@@ -93,12 +93,10 @@ func TestDeleteKey(t *testing.T) {
 	if ok, vErr := c.Verify(); !ok {
 		t.Fatal(vErr)
 	}
-	c.Reset()
-	config.Reset()
-	config.When("Get", "token").Return("test-token")
+
+	config, c = baseTestAuthSetup(t, false)
+
 	config.When("Force").Return(true)
-	config.When("GetIgnoreErr", "yubikey").Return("")
-	config.When("GetIgnoreErr", "2fa-otp").Return("")
 	config.When("GetIgnoreErr", "user").Return("test-user")
 
 	c.When("AuthWithToken", "test-token").Return(nil)
@@ -117,19 +115,16 @@ func TestDeleteKey(t *testing.T) {
 
 func TestDeleteBackup(t *testing.T) {
 	is := is.New(t)
-	config, c := baseTestSetup(t, false)
+	config, c := baseTestAuthSetup(t, false)
 
 	vmname := lib.VirtualMachineName{
 		VirtualMachine: "test-server",
 		Group:          "default",
 		Account:        "default-account",
 	}
 
-	config.When("Get", "token").Return("test-token")
-	config.When("GetIgnoreErr", "yubikey").Return("")
 	config.When("GetVirtualMachine").Return(&defVM)
 
-	c.When("AuthWithToken", "test-token").Return(nil).Times(1)
 	c.When("DeleteBackup", vmname, "test-disc", "test-backup").Return(nil).Times(1)
 
 	err := global.App.Run([]string{

cmd/bytemark/list_test.go

@@ -100,19 +100,16 @@ func TestListServers(t *testing.T) {
 
 func TestListBackups(t *testing.T) {
 	is := is.New(t)
-	config, c := baseTestSetup(t, false)
+	config, c := baseTestAuthSetup(t, false)
 
 	vmname := lib.VirtualMachineName{
 		VirtualMachine: "test-server",
 		Group:          "default",
 		Account:        "default-account",
 	}
 
-	config.When("Get", "token").Return("test-token")
-	config.When("GetIgnoreErr", "yubikey").Return("")
 	config.When("GetVirtualMachine").Return(&defVM)
 
-	c.When("AuthWithToken", "test-token").Return(nil).Times(1)
 	c.When("GetBackups", vmname, "test-disc").Return(nil).Times(1)
 
 	err := global.App.Run([]string{

cmd/bytemark/main.go

@@ -128,11 +128,28 @@ func outputDebugInfo() {
 	log.Debugf(log.LvlFlags, "invocation: %s\r\n\r\n", strings.Join(os.Args, " "))
 }
 
+func makeCredentials() (credents map[string]string, err error) {
+	err = PromptForCredentials()
+	if err != nil {
+		return
+	}
+	credents = map[string]string{
+		"username": global.Config.GetIgnoreErr("user"),
+		"password": global.Config.GetIgnoreErr("pass"),
+		"validity": global.Config.GetIgnoreErr("session-validity"),
+	}
+	if useKey, _ := global.Config.GetBool("yubikey"); useKey {
+		credents["yubikey"] = global.Config.GetIgnoreErr("yubikey-otp")
+	}
+	return
+}
+
 // EnsureAuth authenticates with the Bytemark authentication server, prompting for credentials if necessary.
+// TODO(telyn): This REALLY, REALLY needs breaking apart into more manageable chunks
 func EnsureAuth() error {
-	token, err := global.Config.Get("token")
+	token := global.Config.GetIgnoreErr("token")
 
-	err = global.Client.AuthWithToken(token)
+	err := global.Client.AuthWithToken(token)
 	if err != nil {
 		if aErr, ok := err.(*auth3.Error); ok {
 			if _, ok := aErr.Err.(*url.Error); ok {
@@ -145,18 +162,11 @@ func EnsureAuth() error {
 		for err != nil {
 			attempts--
 
-			err = PromptForCredentials()
+			credents, err := makeCredentials()
+
 			if err != nil {
 				return err
 			}
-			credents := map[string]string{
-				"username": global.Config.GetIgnoreErr("user"),
-				"password": global.Config.GetIgnoreErr("pass"),
-			}
-			if useKey, _ := global.Config.GetBool("yubikey"); useKey {
-				credents["yubikey"] = global.Config.GetIgnoreErr("yubikey-otp")
-			}
-
 			err = global.Client.AuthWithCredentials(credents)
 
 			// Handle the special case here where we just need to prompt for 2FA and try again
@@ -173,7 +183,7 @@ func EnsureAuth() error {
 
 			if err == nil {
 				// success!
-				// it doesn't _really_ matter if we can't write the token to the token place, right?
+				// TODO(telyn): warn on failure to write to token
 				_ = global.Config.SetPersistent("token", global.Client.GetSessionToken(), "AUTH")
 
 				// Check this here, as it is only relevant the initial login,
@@ -374,6 +384,12 @@ func globalFlags() (flags []cli.Flag) {
 			Name:  "yubikey-otp",
 			Usage: "one-time password from your yubikey to use to login",
 		},
+		cli.IntFlag{
+			Name:  "session-validity",
+			Usage: "seconds until your session is automatically invalidated (max 3600)",
+			Value: util.DefaultSessionValidity,
+			// TODO(telyn): add more defaults to these flags
+		},
 	}
 }
 

cmd/bytemark/main_test.go

@@ -101,6 +101,7 @@ func TestEnsureAuth(t *testing.T) {
 		credentials := auth3.Credentials{
 			"username": test.InputUsername,
 			"password": test.InputPassword,
+			"validity": "1800",
 		}
 
 		c.When("AuthWithCredentials", credentials).Return(test.AuthWithCredentialsErrors[0]).Times(1)
@@ -110,6 +111,7 @@ func TestEnsureAuth(t *testing.T) {
 			credentials := auth3.Credentials{
 				"username": test.InputUsername,
 				"password": test.InputPassword,
+				"validity": "1800",
 				"2fa":      test.Input2FA,
 			}
 			c.When("AuthWithCredentials", credentials).Return(test.AuthWithCredentialsErrors[1]).Times(1) // Returns nil means success
@@ -170,8 +172,8 @@ func baseTestSetup(t *testing.T, admin bool) (config *mocks.Config, client *mock
 func baseTestAuthSetup(t *testing.T, admin bool) (config *mocks.Config, c *mocks.Client) {
 	config, c = baseTestSetup(t, admin)
 
-	config.When("Get", "token").Return("test-token")
 	config.When("Get", "account").Return("test-account")
+	config.When("GetIgnoreErr", "token").Return("test-token")
 	config.When("GetIgnoreErr", "user").Return("test-user")
 	config.When("GetIgnoreErr", "yubikey").Return("")
 	config.When("GetIgnoreErr", "2fa-otp").Return("")

cmd/bytemark/restore_test.go

@@ -10,19 +10,16 @@ import (
 
 func TestRestoreBackup(t *testing.T) {
 	is := is.New(t)
-	config, c := baseTestSetup(t, false)
+	config, c := baseTestAuthSetup(t, false)
 
 	vmname := lib.VirtualMachineName{
 		VirtualMachine: "test-server",
 		Group:          "default",
 		Account:        "default-account",
 	}
 
-	config.When("Get", "token").Return("test-token")
-	config.When("GetIgnoreErr", "yubikey").Return("")
 	config.When("GetVirtualMachine").Return(&defVM)
 
-	c.When("AuthWithToken", "test-token").Return(nil).Times(1)
 	c.When("RestoreBackup", vmname, "test-disc", "test-backup").Return(nil).Times(1)
 
 	err := global.App.Run([]string{

cmd/bytemark/schedule_test.go

@@ -4,15 +4,11 @@ import (
 	"fmt"
 	"github.com/BytemarkHosting/bytemark-client/lib"
 	"github.com/BytemarkHosting/bytemark-client/lib/brain"
+	"github.com/BytemarkHosting/bytemark-client/mocks"
 	"testing"
 )
 
 func TestScheduleBackups(t *testing.T) {
-	config, client := baseTestSetup(t, false)
-	config.When("Get", "token").Return("test-token")
-	config.When("GetIgnoreErr", "yubikey").Return("")
-	config.When("GetVirtualMachine").Return(&defVM)
-
 	type ScheduleTest struct {
 		Args []string
 
@@ -24,17 +20,20 @@ func TestScheduleBackups(t *testing.T) {
 		ShouldErr  bool
 		ShouldCall bool
 		CreateErr  error
+		BaseTestFn func(*testing.T, bool) (*mocks.Config, *mocks.Client)
 	}
 
 	tests := []ScheduleTest{
 		{
 			ShouldCall: false,
 			ShouldErr:  true,
+			BaseTestFn: baseTestSetup,
 		},
 		{
 			Args:       []string{"vm-name"},
 			ShouldCall: false,
 			ShouldErr:  true,
+			BaseTestFn: baseTestSetup,
 		},
 		{
 			Args:       []string{"vm-name", "disc-label"},
@@ -44,6 +43,7 @@ func TestScheduleBackups(t *testing.T) {
 			Interval:   86400,
 			ShouldCall: true,
 			ShouldErr:  false,
+			BaseTestFn: baseTestAuthSetup,
 		},
 		{
 			ShouldCall: true,
@@ -52,6 +52,7 @@ func TestScheduleBackups(t *testing.T) {
 			DiscLabel:  "disc-label",
 			Start:      "00:00",
 			Interval:   3600,
+			BaseTestFn: baseTestAuthSetup,
 		},
 		{
 			Args:       []string{"--start", "thursday", "vm-name", "disc-label", "3235"},
@@ -62,6 +63,7 @@ func TestScheduleBackups(t *testing.T) {
 			ShouldCall: true,
 			ShouldErr:  true,
 			CreateErr:  fmt.Errorf("intermittent failure"),
+			BaseTestFn: baseTestAuthSetup,
 		},
 	}
 
@@ -75,7 +77,9 @@ func TestScheduleBackups(t *testing.T) {
 
 	for i, test = range tests {
 		fmt.Println(i) // fmt.Println still works even when the test panics - unlike t.Log
-		client.When("AuthWithToken", "test-token").Return(nil)
+
+		config, client := test.BaseTestFn(t, false)
+		config.When("GetVirtualMachine").Return(&defVM)
 
 		retSched := brain.BackupSchedule{
 			StartDate: test.Start,

cmd/bytemark/set_test.go

@@ -72,15 +72,10 @@ func TestSetMemory(t *testing.T) {
 		t.Fatal(vErr)
 	}
 
-	config.Reset()
-	config.When("Get", "token").Return("test-token")
-	config.When("GetIgnoreErr", "yubikey").Return("")
-	config.When("GetIgnoreErr", "2fa-otp").Return("")
+	config, c = baseTestAuthSetup(t, false)
 	config.When("GetVirtualMachine").Return(&defVM)
 
-	c.Reset()
 	c.When("GetVirtualMachine", &vmname).Return(&vm)
-	c.When("AuthWithToken", "test-token").Return(nil).Times(1)
 	c.When("SetVirtualMachineMemory", &vmname, 16384).Return(nil).Times(1)
 
 	err = global.App.Run(strings.Split("bytemark set memory --force test-server 16384M", " "))

cmd/bytemark/unschedule_test.go

@@ -3,14 +3,11 @@ package main
 import (
 	"fmt"
 	"github.com/BytemarkHosting/bytemark-client/lib"
+	"github.com/BytemarkHosting/bytemark-client/mocks"
 	"testing"
 )
 
 func TestUnscheduleBackups(t *testing.T) {
-	config, client := baseTestSetup(t, false)
-	config.When("Get", "token").Return("test-token")
-	config.When("GetIgnoreErr", "yubikey").Return("")
-	config.When("GetVirtualMachine").Return(&defVM)
 
 	tests := []struct {
 		Args []string
@@ -22,35 +19,41 @@ func TestUnscheduleBackups(t *testing.T) {
 		ShouldErr  bool
 		ShouldCall bool
 		CreateErr  error
+		BaseTestFn func(*testing.T, bool) (*mocks.Config, *mocks.Client)
 	}{
 		{
 			ShouldCall: false,
 			ShouldErr:  true,
+			BaseTestFn: baseTestSetup,
 		},
 		{
 			Args:       []string{"vm-name"},
 			Name:       lib.VirtualMachineName{"vm-name", "default", "default-account"},
 			ShouldCall: false,
 			ShouldErr:  true,
+			BaseTestFn: baseTestSetup,
 		},
 		{
 			Args:       []string{"vm-name", "disc-label"},
 			Name:       lib.VirtualMachineName{"vm-name", "default", "default-account"},
 			ShouldCall: false,
 			ShouldErr:  true,
+			BaseTestFn: baseTestSetup,
 		},
 		{
 			ShouldCall: true,
 			Args:       []string{"vm-name", "disc-label", "324"},
 			Name:       lib.VirtualMachineName{"vm-name", "default", "default-account"},
 			DiscLabel:  "disc-label",
 			ID:         324,
+			BaseTestFn: baseTestAuthSetup,
 		},
 	}
 
 	for i, test := range tests {
+		config, client := test.BaseTestFn(t, false)
+		config.When("GetVirtualMachine").Return(&defVM)
 		fmt.Println(i) // fmt.Println still works even when the test panics - unlike t.Log
-		client.When("AuthWithToken", "test-token").Return(nil)
 
 		if test.ShouldCall {
 			client.When("DeleteBackupSchedule", test.Name, test.DiscLabel, test.ID).Return(test.CreateErr).Times(1)