PAM service tests (#22)

Package tests for `internal/services/pam`.

UDENG-1172

internal/services/pam/testdata/TestAvailableBrokers/golden

@@ -0,0 +1,6 @@
+- id: local_ID
+  name: local
+  brandicon: ""
+- id: BrokerMock_ID
+  name: BrokerMock
+  brandicon: mock_icon.png

internal/services/pam/testdata/TestGetAuthenticationModes/golden/successfully_get_authentication_modes

@@ -0,0 +1,2 @@
+- id: mode1
+  label: Mode 1

internal/services/pam/testdata/TestGetAuthenticationModes/golden/successfully_get_multiple_authentication_modes

@@ -0,0 +1,4 @@
+- id: mode1
+  label: Mode 1
+- id: mode2
+  label: Mode 2

internal/services/pam/testdata/TestIsAuthorized/golden/denies_authentication_when_broker_times_out

@@ -0,0 +1,4 @@
+FIRST CALL:
+	access: denied
+	data: {"mock_answer": "denied by time out"}
+	err: <nil>

internal/services/pam/testdata/TestIsAuthorized/golden/empty_data_gets_json_formatted

@@ -0,0 +1,4 @@
+FIRST CALL:
+	access: allowed
+	data: {}
+	err: <nil>

internal/services/pam/testdata/TestIsAuthorized/golden/error_when_authorizing

@@ -0,0 +1,4 @@
+FIRST CALL:
+	access: 
+	data: 
+	err: rpc error: code = Unknown desc = can't check authorization: Broker "BrokerMock": IsAuthorized errored out

internal/services/pam/testdata/TestIsAuthorized/golden/error_when_broker_returns_invalid_access

@@ -0,0 +1,4 @@
+FIRST CALL:
+	access: 
+	data: 
+	err: rpc error: code = Unknown desc = can't check authorization: invalid access authorization key: invalid

internal/services/pam/testdata/TestIsAuthorized/golden/error_when_broker_returns_invalid_data

@@ -0,0 +1,4 @@
+FIRST CALL:
+	access: 
+	data: 
+	err: rpc error: code = Unknown desc = can't check authorization: invalid user information (not json formatted): invalid

internal/services/pam/testdata/TestIsAuthorized/golden/error_when_calling_second_time_without_cancelling

@@ -0,0 +1,8 @@
+FIRST CALL:
+	access: allowed
+	data: {"mock_answer": "authentication allowed by timeout"}
+	err: <nil>
+SECOND CALL:
+	access: 
+	data: 
+	err: rpc error: code = Unknown desc = can't check authorization: Broker "BrokerMock": IsAuthorized already running for session "TestIsAuthorized/Error_when_calling_second_time_without_cancelling_separator_IA_second_call-session_id"

internal/services/pam/testdata/TestIsAuthorized/golden/error_when_sessionid_is_empty

@@ -0,0 +1,4 @@
+FIRST CALL:
+	access: 
+	data: 
+	err: rpc error: code = Unknown desc = can't check authorization: no session ID provided

internal/services/pam/testdata/TestIsAuthorized/golden/error_when_there_is_no_broker

@@ -0,0 +1,4 @@
+FIRST CALL:
+	access: 
+	data: 
+	err: rpc error: code = Unknown desc = can't check authorization: no broker found for session "no broker"

internal/services/pam/testdata/TestIsAuthorized/golden/successfully_authorize

@@ -0,0 +1,4 @@
+FIRST CALL:
+	access: allowed
+	data: {"mock_answer": "authentication allowed by default"}
+	err: <nil>

internal/services/pam/testdata/TestIsAuthorized/golden/successfully_authorize_if_first_call_is_canceled

@@ -0,0 +1,8 @@
+FIRST CALL:
+	access: 
+	data: 
+	err: rpc error: code = Canceled desc = context canceled
+SECOND CALL:
+	access: allowed
+	data: {"mock_answer": "authentication allowed by timeout"}
+	err: <nil>

internal/services/pam/testdata/TestSelectAuthenticationMode/golden/successfully_select_mode_with_missing_optional_value

@@ -0,0 +1,6 @@
+type: optional-entry
+label: ""
+button: ""
+wait: ""
+entry: ""
+content: ""

internal/services/pam/testdata/TestSelectAuthenticationMode/golden/successfully_select_mode_with_required_value

@@ -0,0 +1,6 @@
+type: required-entry
+label: ""
+button: ""
+wait: ""
+entry: entry_type
+content: ""

internal/services/pam/testdata/TestSelectBroker/golden/successfully_select_a_broker_and_creates_the_session

@@ -0,0 +1,2 @@
+ID: BROKER_ID-TestSelectBroker/Successfully_select_a_broker_and_creates_the_session_separator_success-session_id
+Encryption Key: BrokerMock_key

internal/testutils/broker.go

@@ -17,8 +17,8 @@ const (
 	objectPathFmt = "/com/ubuntu/authd/%s"
 	interfaceFmt  = "com.ubuntu.authd.%s"
 
-	// IDPrefix is the value used to trim the sessionID in the broker mock.
-	IDPrefix = "_separator_"
+	// IDSeparator is the value used to append values to the sessionID in the broker mock.
+	IDSeparator = "_separator_"
 )
 
 var brokerConfigTemplate = `name = %s
@@ -108,10 +108,11 @@ func writeConfig(cfgDir, name string) (string, error) {
 
 // NewSession returns default values to be used in tests or an error if requested.
 func (b *BrokerBusMock) NewSession(username, lang string) (sessionID, encryptionKey string, dbusErr *dbus.Error) {
-	if username == "NS_error" {
+	parsedUsername := parseSessionID(username)
+	if parsedUsername == "NS_error" {
 		return "", "", dbus.MakeFailedError(fmt.Errorf("Broker %q: NewSession errored out", b.name))
 	}
-	if username == "NS_no_id" {
+	if parsedUsername == "NS_no_id" {
 		return "", username + "_key", nil
 	}
 	return fmt.Sprintf("%s-session_id", username), b.name + "_key", nil
@@ -281,10 +282,13 @@ func (b *BrokerBusMock) CancelIsAuthorized(sessionID string) (dbusErr *dbus.Erro
 }
 
 // parseSessionID is wrapper around the sessionID to remove some values appended during the tests.
+//
+// The sessionID can have multiple values appended to differentiate between subtests and avoid concurrency conflicts,
+// and only the last value (i.e. "..._separator_ID-session_id") will be considered.
 func parseSessionID(sessionID string) string {
-	// We need to prefix the sessionID with the test name in some tests, so we have to consider this here in the broker.
-	if _, after, found := strings.Cut(sessionID, IDPrefix); found {
-		sessionID = after
+	cut := strings.Split(sessionID, IDSeparator)
+	if len(cut) == 0 {
+		return ""
 	}
-	return strings.TrimSuffix(sessionID, "-session_id")
+	return strings.TrimSuffix(cut[len(cut)-1], "-session_id")
 }