databricks-sql-go/auth/tokenprovider/authenticator_test.go at c7bd4b20044d72268727d159350fd6e1521f7bb3 · databricks/databricks-sql-go · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
package tokenprovider

import (
	"context"
	"errors"
	"net/http"
	"testing"

	"github.com/stretchr/testify/assert"
	"github.com/stretchr/testify/require"
)

func TestTokenProviderAuthenticator(t *testing.T) {
	t.Run("successful_authentication", func(t *testing.T) {
		provider := NewStaticTokenProvider("test-token-123")
		authenticator := NewAuthenticator(provider)

		req, _ := http.NewRequest("GET", "http://example.com", nil)
		err := authenticator.Authenticate(req)

		require.NoError(t, err)
		assert.Equal(t, "Bearer test-token-123", req.Header.Get("Authorization"))
	})

	t.Run("authentication_with_custom_token_type", func(t *testing.T) {
		provider := NewStaticTokenProviderWithType("test-token", "MAC")
		authenticator := NewAuthenticator(provider)

		req, _ := http.NewRequest("GET", "http://example.com", nil)
		err := authenticator.Authenticate(req)

		require.NoError(t, err)
		assert.Equal(t, "MAC test-token", req.Header.Get("Authorization"))
	})

	t.Run("authentication_error_propagation", func(t *testing.T) {
		provider := &mockProvider{
			tokenFunc: func() (*Token, error) {
				return nil, errors.New("provider failed")
			},
		}
		authenticator := NewAuthenticator(provider)

		req, _ := http.NewRequest("GET", "http://example.com", nil)
		err := authenticator.Authenticate(req)

		assert.Error(t, err)
		assert.Contains(t, err.Error(), "provider failed")
		assert.Empty(t, req.Header.Get("Authorization"))
	})

	t.Run("empty_token_error", func(t *testing.T) {
		provider := &mockProvider{
			tokenFunc: func() (*Token, error) {
				return &Token{
					AccessToken: "",
					TokenType:   "Bearer",
				}, nil
			},
		}
		authenticator := NewAuthenticator(provider)

		req, _ := http.NewRequest("GET", "http://example.com", nil)
		err := authenticator.Authenticate(req)

		assert.Error(t, err)
		assert.Contains(t, err.Error(), "empty access token")
		assert.Empty(t, req.Header.Get("Authorization"))
	})

	t.Run("uses_request_context", func(t *testing.T) {
		ctx, cancel := context.WithCancel(context.Background())
		cancel() // Cancel immediately

		provider := &mockProvider{
			tokenFunc: func() (*Token, error) {
				// This would normally check context cancellation
				return &Token{
					AccessToken: "test-token",
					TokenType:   "Bearer",
				}, nil
			},
		}
		authenticator := NewAuthenticator(provider)

		req, _ := http.NewRequestWithContext(ctx, "GET", "http://example.com", nil)
		err := authenticator.Authenticate(req)

		// Even with cancelled context, this should work as our mock doesn't check it
		require.NoError(t, err)
		assert.Equal(t, "Bearer test-token", req.Header.Get("Authorization"))
	})

	t.Run("external_token_integration", func(t *testing.T) {
		tokenFunc := func() (string, error) {
			return "external-token-456", nil
		}
		provider := NewExternalTokenProvider(tokenFunc)
		authenticator := NewAuthenticator(provider)

		req, _ := http.NewRequest("POST", "http://example.com/api", nil)
		err := authenticator.Authenticate(req)

		require.NoError(t, err)
		assert.Equal(t, "Bearer external-token-456", req.Header.Get("Authorization"))
	})
}