tests(user-agent): basic auth tests similar to server

2026-02-26 22:23:52 +01:00
parent 61c65ddbcb
commit 3478204b9f
4 changed files with 212 additions and 79 deletions
--- a/server/crates/arbiter-useragent/tests/auth.rs
+++ b/server/crates/arbiter-useragent/tests/auth.rs
@@ -0,0 +1,151 @@
+use arbiter_proto::{
+    format_challenge,
+    proto::{
+        UserAgentRequest, UserAgentResponse,
+        auth::{
+            AuthChallenge, AuthOk, ClientMessage as AuthClientMessage,
+            ServerMessage as AuthServerMessage, client_message::Payload as ClientAuthPayload,
+            server_message::Payload as ServerAuthPayload,
+        },
+        user_agent_request::Payload as UserAgentRequestPayload,
+        user_agent_response::Payload as UserAgentResponsePayload,
+    },
+    transport::Bi,
+};
+use arbiter_useragent::{InboundError, UserAgentActor};
+use ed25519_dalek::SigningKey;
+use kameo::actor::Spawn;
+use tokio::sync::mpsc;
+use tokio::time::{Duration, timeout};
+
+struct TestTransport {
+    inbound_rx: mpsc::Receiver<UserAgentResponse>,
+    outbound_tx: mpsc::Sender<UserAgentRequest>,
+}
+
+impl Bi<UserAgentResponse, UserAgentRequest> for TestTransport {
+    async fn send(&mut self, item: UserAgentRequest) -> Result<(), arbiter_proto::transport::Error> {
+        self.outbound_tx
+            .send(item)
+            .await
+            .map_err(|_| arbiter_proto::transport::Error::ChannelClosed)
+    }
+
+    async fn recv(&mut self) -> Option<UserAgentResponse> {
+        self.inbound_rx.recv().await
+    }
+}
+
+fn make_transport() -> (
+    TestTransport,
+    mpsc::Sender<UserAgentResponse>,
+    mpsc::Receiver<UserAgentRequest>,
+) {
+    let (inbound_tx, inbound_rx) = mpsc::channel(8);
+    let (outbound_tx, outbound_rx) = mpsc::channel(8);
+    (
+        TestTransport {
+            inbound_rx,
+            outbound_tx,
+        },
+        inbound_tx,
+        outbound_rx,
+    )
+}
+
+fn test_key() -> SigningKey {
+    SigningKey::from_bytes(&[7u8; 32])
+}
+
+fn auth_response(payload: ServerAuthPayload) -> UserAgentResponse {
+    UserAgentResponse {
+        payload: Some(UserAgentResponsePayload::AuthMessage(AuthServerMessage {
+            payload: Some(payload),
+        })),
+    }
+}
+
+#[tokio::test]
+async fn sends_auth_request_on_start_with_bootstrap_token() {
+    let key = test_key();
+    let pubkey = key.verifying_key().to_bytes().to_vec();
+    let bootstrap_token = Some("bootstrap-123".to_string());
+    let (transport, inbound_tx, mut outbound_rx) = make_transport();
+
+    let actor = UserAgentActor::spawn(UserAgentActor::new(key, bootstrap_token.clone(), transport));
+
+    let outbound = timeout(Duration::from_secs(1), outbound_rx.recv())
+        .await
+        .expect("timed out waiting for auth request")
+        .expect("channel closed before auth request");
+
+    let UserAgentRequest {
+        payload: Some(UserAgentRequestPayload::AuthMessage(AuthClientMessage {
+            payload: Some(ClientAuthPayload::AuthChallengeRequest(req)),
+        })),
+    } = outbound
+    else {
+        panic!("expected auth challenge request");
+    };
+
+    assert_eq!(req.pubkey, pubkey);
+    assert_eq!(req.bootstrap_token, bootstrap_token);
+
+    drop(inbound_tx);
+    drop(actor);
+}
+
+#[tokio::test]
+async fn challenge_flow_sends_solution_from_transport_inbound() {
+    let key = test_key();
+    let verify_key = key.verifying_key();
+    let (transport, inbound_tx, mut outbound_rx) = make_transport();
+
+    let actor = UserAgentActor::spawn(UserAgentActor::new(key, None, transport));
+
+    let _initial_auth_request = timeout(Duration::from_secs(1), outbound_rx.recv())
+        .await
+        .expect("timed out waiting for initial auth request")
+        .expect("missing initial auth request");
+
+    let challenge = AuthChallenge {
+        pubkey: verify_key.to_bytes().to_vec(),
+        nonce: 42,
+    };
+    inbound_tx
+        .send(auth_response(ServerAuthPayload::AuthChallenge(challenge.clone())))
+        .await
+        .unwrap();
+
+    let outbound = timeout(Duration::from_secs(1), outbound_rx.recv())
+        .await
+        .expect("timed out waiting for challenge solution")
+        .expect("missing challenge solution");
+
+    let UserAgentRequest {
+        payload: Some(UserAgentRequestPayload::AuthMessage(AuthClientMessage {
+            payload: Some(ClientAuthPayload::AuthChallengeSolution(solution)),
+        })),
+    } = outbound
+    else {
+        panic!("expected auth challenge solution");
+    };
+
+    let formatted = format_challenge(&challenge);
+    let sig: ed25519_dalek::Signature = solution
+        .signature
+        .as_slice()
+        .try_into()
+        .expect("signature bytes length");
+    verify_key
+        .verify_strict(&formatted, &sig)
+        .expect("solution signature should verify");
+
+    inbound_tx
+        .send(auth_response(ServerAuthPayload::AuthOk(AuthOk {})))
+        .await
+        .unwrap();
+
+    drop(inbound_tx);
+    drop(actor);
+}