vault: adding test for e33a904

2026-05-05 04:16:31 +02:00 · 2015-05-11 11:16:21 -07:00 · 2015-05-11 11:16:21 -07:00 · a672d9cde3
commit a672d9cde3
parent d9c5a691c8
1 changed files with 36 additions and 0 deletions
--- a/vault/core_test.go
+++ b/vault/core_test.go
@ -1308,3 +1308,39 @@ func TestCore_HandleRequest_InternalData(t *testing.T) {
 		t.Fatalf("bad: %#v", lresp)
 	}
 }
+
+// Ensure login does not return a secret
+func TestCore_HandleLogin_ReturnSecret(t *testing.T) {
+	// Create a badass credential backend that always logs in as armon
+	noopBack := &NoopBackend{
+		Login: []string{"login"},
+		Response: &logical.Response{
+			Secret: &logical.Secret{},
+			Auth: &logical.Auth{
+				Policies: []string{"foo", "bar"},
+			},
+		},
+	}
+	c, _, root := TestCoreUnsealed(t)
+	c.credentialBackends["noop"] = func(map[string]string) (logical.Backend, error) {
+		return noopBack, nil
+	}
+
+	// Enable the credential backend
+	req := logical.TestRequest(t, logical.WriteOperation, "sys/auth/foo")
+	req.Data["type"] = "noop"
+	req.ClientToken = root
+	_, err := c.HandleRequest(req)
+	if err != nil {
+		t.Fatalf("err: %v", err)
+	}
+
+	// Attempt to login
+	lreq := &logical.Request{
+		Path: "auth/foo/login",
+	}
+	_, err = c.HandleRequest(lreq)
+	if err != ErrInternalError {
+		t.Fatalf("err: %v", err)
+	}
+}