Test case to exercise the duplicate identity name error

mdgreenfield · Apr 7, 2021 · 1c598aa · 1c598aa
1 parent 2fd3084
commit 1c598aa
Showing 1 changed file with 133 additions and 0 deletions.
diff --git a/vault/identity_store_aliases_test.go b/vault/identity_store_aliases_test.go
@@ -5,9 +5,11 @@ import (
 	"strings"
 	"testing"
 
+	"github.com/hashicorp/vault/builtin/credential/userpass"
 	"github.com/hashicorp/vault/helper/identity"
 	"github.com/hashicorp/vault/helper/namespace"
 	"github.com/hashicorp/vault/sdk/logical"
+	"github.com/mitchellh/mapstructure"
 )
 
 // Issue 5729
@@ -82,6 +84,137 @@ func TestIdentityStore_DuplicateAliases(t *testing.T) {
 	}
 }
 
+func TestIdentityStore_DuplicateAlias(t *testing.T) {
+	ctx := namespace.RootContext(nil)
+	core, _, root := TestCoreUnsealed(t)
+
+	if err := core.loadMounts(ctx); err != nil {
+		t.Fatalf("err: %v", err)
+	}
+
+	core.credentialBackends["userpass"] = userpass.Factory
+
+	resp, err := core.HandleRequest(ctx, &logical.Request{
+		Path:        "sys/auth/userpass",
+		ClientToken: root,
+		Operation:   logical.UpdateOperation,
+		Data: map[string]interface{}{
+			"type": "userpass",
+		},
+	})
+	if err != nil {
+		t.Fatalf("err: %v", err)
+	}
+	if resp != nil {
+		t.Fatalf("bad: %#v", resp)
+	}
+
+	resp, err = core.HandleRequest(ctx, &logical.Request{
+		Path:        "sys/auth",
+		ClientToken: root,
+		Operation:   logical.ReadOperation,
+	})
+	if err != nil {
+		t.Fatalf("err: %v", err)
+	}
+
+	var upMount map[string]string
+	_ = mapstructure.Decode(resp.Data["userpass/"], &upMount)
+	accessor := upMount["accessor"]
+
+	username := "test"
+	resp, err = core.HandleRequest(ctx, &logical.Request{
+		Path:        "auth/userpass/users/" + username,
+		Operation:   logical.CreateOperation,
+		ClientToken: root,
+		Data: map[string]interface{}{
+			"password": "foo",
+			"policies": "default",
+		},
+	})
+	if err != nil {
+		t.Fatalf("err: %v", err)
+	}
+	if resp != nil {
+		t.Fatalf("bad: %#v", resp)
+	}
+
+	// Login and create implicit Entity + EntityAlias
+	resp, err = core.HandleRequest(ctx, &logical.Request{
+		Path:      "auth/userpass/login/" + username,
+		Operation: logical.UpdateOperation,
+		Data: map[string]interface{}{
+			"password": "foo",
+		},
+	})
+	if err != nil {
+		t.Fatalf("err: %v", err)
+	}
+	if resp == nil {
+		t.Fatalf("bad: %v", resp)
+	}
+	if resp.WrapInfo != nil {
+		t.Fatalf("bad: %#v", resp)
+	}
+
+	// Create an entity
+	resp, err = core.HandleRequest(ctx, &logical.Request{
+		Path:        "identity/entity",
+		Operation:   logical.UpdateOperation,
+		ClientToken: root,
+	})
+	if err != nil || (resp != nil && resp.IsError()) {
+		t.Fatalf("bad: err:%v\nresp: %#v", err, resp)
+	}
+	entityID := resp.Data["id"].(string)
+
+	// Create an alias
+	resp, err = core.HandleRequest(ctx, &logical.Request{
+		Path:        "identity/entity-alias",
+		Operation:   logical.UpdateOperation,
+		ClientToken: root,
+		Data: map[string]interface{}{
+			"mount_accessor": accessor,
+			"canonical_id":   entityID,
+			"name":           username + "b",
+		},
+	})
+	if err != nil || (resp != nil && resp.IsError()) {
+		t.Fatalf("bad: err:%v\nresp: %#v", err, resp)
+	}
+	aliasID := resp.Data["id"].(string)
+
+	// Overwrite the alias using the username.
+	resp, err = core.HandleRequest(ctx, &logical.Request{
+		Path:        "identity/entity-alias/id/" + aliasID,
+		Operation:   logical.UpdateOperation,
+		ClientToken: root,
+		Data: map[string]interface{}{
+			"mount_accessor": accessor,
+			"canonical_id":   entityID,
+			"name":           username,
+		},
+	})
+	if err != nil || (resp != nil && resp.IsError()) {
+		t.Fatalf("bad: err:%v\nresp: %#v", err, resp)
+	}
+
+	// Trigger error! Overwrite the alias with the uppercased username.
+	resp, err = core.HandleRequest(ctx, &logical.Request{
+		Path:        "identity/entity-alias/id/" + aliasID,
+		Operation:   logical.UpdateOperation,
+		ClientToken: root,
+		Data: map[string]interface{}{
+			"mount_accessor": accessor,
+			"canonical_id":   entityID,
+			"name":           strings.ToUpper(username),
+		},
+	})
+	if err != nil || (resp != nil && resp.IsError()) {
+		t.Fatalf("bad: err:%v\nresp: %#v", err, resp)
+	}
+}
+
 func TestIdentityStore_CaseInsensitiveEntityAliasName(t *testing.T) {
 	ctx := namespace.RootContext(nil)
 	i, accessor, _ := testIdentityStoreWithGithubAuth(ctx, t)