-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathroles_test.go
105 lines (88 loc) · 3.56 KB
/
roles_test.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
package middleware
import (
"context"
"io/ioutil"
"net/http"
"net/http/httptest"
"os"
"testing"
"github.com/sirupsen/logrus"
"github.com/stretchr/testify/assert"
"github.com/transcovo/go-chpr-middlewares/fixtures"
)
func TestRoleAuthorizationMiddleware_Success(t *testing.T) {
employeeMiddleware := RoleAuthorizationMiddleware("cp:employee:")
assert.NotNil(t, employeeMiddleware)
wrappedHandler := employeeMiddleware(fixtures.Fake200Handler)
recorder := httptest.NewRecorder()
req := &http.Request{}
claims := &TokenClaims{Roles: []Role{{"cp:employee:tech:"}}}
ctx := context.WithValue(req.Context(), tokenClaimsContextKey, claims)
req = req.WithContext(ctx)
wrappedHandler(recorder, req)
res := recorder.Result()
assert.Equal(t, 200, res.StatusCode)
}
func TestRoleAuthorizationMiddleware_Forbidden(t *testing.T) {
employeeMiddleware := RoleAuthorizationMiddleware("cp:employee:")
assert.NotNil(t, employeeMiddleware)
wrappedHandler := employeeMiddleware(fixtures.Fake200Handler)
recorder := httptest.NewRecorder()
wrappedHandler(recorder, &http.Request{})
res := recorder.Result()
assert.Equal(t, 403, res.StatusCode)
body, _ := ioutil.ReadAll(res.Body)
assert.Equal(t, "Forbidden\n", string(body))
}
func TestRoleAuthorizationMiddleware_ChainedSuccess(t *testing.T) {
jwtMiddleware := JwtAuthenticationMiddleware(fixtures.Fixtures.RawRsaPublicKey, &logrus.Logger{}, true, false)
employeeMiddleware := RoleAuthorizationMiddleware("cp:client:rider:")
wrappedHandler := jwtMiddleware(employeeMiddleware(fixtures.Fake200Handler))
headers := http.Header{"Authorization": {"Bearer " + fixtures.Fixtures.TokenValidWithRiderRole}}
recorder := httptest.NewRecorder()
wrappedHandler(recorder, &http.Request{Header: headers})
res := recorder.Result()
assert.Equal(t, 200, res.StatusCode)
}
func TestRoleAuthorizationMiddleware_ChainedForbidden(t *testing.T) {
jwtMiddleware := JwtAuthenticationMiddleware(fixtures.Fixtures.RawRsaPublicKey, &logrus.Logger{}, true, false)
employeeMiddleware := RoleAuthorizationMiddleware("cp:employee:")
wrappedHandler := jwtMiddleware(employeeMiddleware(fixtures.Fake200Handler))
headers := http.Header{"Authorization": {"Bearer " + fixtures.Fixtures.TokenValidWithRiderRole}}
recorder := httptest.NewRecorder()
wrappedHandler(recorder, &http.Request{Header: headers})
res := recorder.Result()
assert.Equal(t, 403, res.StatusCode)
}
func TestMatchesRole_IsPrefix(t *testing.T) {
patterns := []string{"cp:machine:", "cp:employee:"}
roles := []Role{{"cp:employee:tech:"}}
matches := matchesRoles(patterns, roles)
assert.True(t, matches, "should be true when one role matches")
}
func TestMatchesRole_NoMatch(t *testing.T) {
patterns := []string{"cp:machine:", "cp:employee:"}
roles := []Role{{"cp:client:rider:"}}
matches := matchesRoles(patterns, roles)
assert.False(t, matches, "should be false when no match")
}
func TestRespond403Forbidden(t *testing.T) {
recorder := httptest.NewRecorder()
respond403Forbidden(recorder)
res := recorder.Result()
assert.Equal(t, 403, res.StatusCode)
body, _ := ioutil.ReadAll(res.Body)
assert.Equal(t, "Forbidden\n", string(body))
}
func TestMiddleware_IgnoredAuthorizationForDevelopmentMode(t *testing.T) {
os.Setenv("IGNORE_AUTH", "true")
defer os.Setenv("IGNORE_AUTH", "")
roleMiddleware := RoleAuthorizationMiddleware("")
wrappedHandler := roleMiddleware(fixtures.Fake200Handler)
recorder := httptest.NewRecorder()
wrappedHandler(recorder, &http.Request{})
res := recorder.Result()
assert.Equal(t, 200, res.StatusCode)
body, _ := ioutil.ReadAll(res.Body)
assert.Equal(t, "", string(body))
}