harness-drone/handler/api/acl/acl_test.go

// Copyright 2019 Drone.IO Inc. All rights reserved.
// Use of this source code is governed by the Drone Non-Commercial License
// that can be found in the LICENSE file.

package acl

import (
	"io/ioutil"
	"net/http"
	"net/http/httptest"
	"testing"

	"github.com/drone/drone/core"
	"github.com/drone/drone/handler/api/request"

	"github.com/sirupsen/logrus"
)

func init() {
	logrus.SetOutput(ioutil.Discard)
}

var (
	mockUser = &core.User{
		ID:     1,
		Login:  "octocat",
		Admin:  false,
		Active: true,
	}

	mockUserAdmin = &core.User{
		ID:     1,
		Login:  "octocat",
		Admin:  true,
		Active: true,
	}

	mockUserInactive = &core.User{
		ID:     1,
		Login:  "octocat",
		Admin:  false,
		Active: false,
	}

	mockRepo = &core.Repository{
		ID:         1,
		UID:        "42",
		Namespace:  "octocat",
		Name:       "hello-world",
		Slug:       "octocat/hello-world",
		Counter:    42,
		Branch:     "master",
		Private:    true,
		Visibility: core.VisibilityPrivate,
	}
)

func TestAuthorizeUser(t *testing.T) {
	w := httptest.NewRecorder()
	r := httptest.NewRequest("GET", "/", nil)
	r = r.WithContext(
		request.WithUser(r.Context(), mockUser),
	)

	AuthorizeUser(
		http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
			// use dummy status code to signal the next handler in
			// the middleware chain was properly invoked.
			w.WriteHeader(http.StatusTeapot)
		}),
	).ServeHTTP(w, r)

	if got, want := w.Code, http.StatusTeapot; got != want {
		t.Errorf("Want status code %d, got %d", want, got)
	}
}

func TestAuthorizeUserErr(t *testing.T) {
	w := httptest.NewRecorder()
	r := httptest.NewRequest("GET", "/", nil)

	AuthorizeUser(
		http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
			t.Errorf("Must not invoke next handler in middleware chain")
		}),
	).ServeHTTP(w, r)

	if got, want := w.Code, http.StatusUnauthorized; got != want {
		t.Errorf("Want status code %d, got %d", want, got)
	}
}

func TestAuthorizeAdmin(t *testing.T) {
	w := httptest.NewRecorder()
	r := httptest.NewRequest("GET", "/", nil)
	r = r.WithContext(
		request.WithUser(r.Context(), &core.User{Admin: true}),
	)

	AuthorizeAdmin(
		http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
			// use dummy status code to signal the next handler in
			// the middleware chain was properly invoked.
			w.WriteHeader(http.StatusTeapot)
		}),
	).ServeHTTP(w, r)

	if got, want := w.Code, http.StatusTeapot; got != want {
		t.Errorf("Want status code %d, got %d", want, got)
	}
}

func TestAuthorizeAdminUnauthorized(t *testing.T) {
	w := httptest.NewRecorder()
	r := httptest.NewRequest("GET", "/", nil)

	AuthorizeAdmin(
		http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
			t.Errorf("Must not invoke next handler in middleware chain")
		}),
	).ServeHTTP(w, r)

	if got, want := w.Code, http.StatusUnauthorized; got != want {
		t.Errorf("Want status code %d, got %d", want, got)
	}
}

func TestAuthorizeAdminForbidden(t *testing.T) {
	w := httptest.NewRecorder()
	r := httptest.NewRequest("GET", "/", nil)
	r = r.WithContext(
		request.WithUser(r.Context(), &core.User{Admin: false}),
	)

	AuthorizeAdmin(
		http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
			t.Errorf("Must not invoke next handler in middleware chain")
		}),
	).ServeHTTP(w, r)

	if got, want := w.Code, http.StatusForbidden; got != want {
		t.Errorf("Want status code %d, got %d", want, got)
	}
}
squash and merge local branch 2019-02-19 23:56:41 +00:00			`// Copyright 2019 Drone.IO Inc. All rights reserved.`
			`// Use of this source code is governed by the Drone Non-Commercial License`
			`// that can be found in the LICENSE file.`

			`package acl`

			`import (`
			`"io/ioutil"`
			`"net/http"`
			`"net/http/httptest"`
			`"testing"`

			`"github.com/drone/drone/core"`
inactive accounts cannot activate a repository 2019-07-29 20:58:32 +00:00			`"github.com/drone/drone/handler/api/request"`
squash and merge local branch 2019-02-19 23:56:41 +00:00
			`"github.com/sirupsen/logrus"`
			`)`

			`func init() {`
			`logrus.SetOutput(ioutil.Discard)`
			`}`

			`var (`
			`mockUser = &core.User{`
inactive accounts cannot activate a repository 2019-07-29 20:58:32 +00:00			`ID: 1,`
			`Login: "octocat",`
			`Admin: false,`
			`Active: true,`
			`}`

check organization membership when authorizing orgsecret access 2019-09-29 20:51:56 +00:00			`mockUserAdmin = &core.User{`
			`ID: 1,`
			`Login: "octocat",`
			`Admin: true,`
			`Active: true,`
			`}`

inactive accounts cannot activate a repository 2019-07-29 20:58:32 +00:00			`mockUserInactive = &core.User{`
			`ID: 1,`
			`Login: "octocat",`
			`Admin: false,`
			`Active: false,`
squash and merge local branch 2019-02-19 23:56:41 +00:00			`}`

			`mockRepo = &core.Repository{`
			`ID: 1,`
			`UID: "42",`
			`Namespace: "octocat",`
			`Name: "hello-world",`
			`Slug: "octocat/hello-world",`
			`Counter: 42,`
			`Branch: "master",`
			`Private: true,`
			`Visibility: core.VisibilityPrivate,`
			`}`
			`)`

			`func TestAuthorizeUser(t *testing.T) {`
			`w := httptest.NewRecorder()`
			`r := httptest.NewRequest("GET", "/", nil)`
			`r = r.WithContext(`
			`request.WithUser(r.Context(), mockUser),`
			`)`

			`AuthorizeUser(`
			`http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {`
			`// use dummy status code to signal the next handler in`
			`// the middleware chain was properly invoked.`
			`w.WriteHeader(http.StatusTeapot)`
			`}),`
			`).ServeHTTP(w, r)`

			`if got, want := w.Code, http.StatusTeapot; got != want {`
			`t.Errorf("Want status code %d, got %d", want, got)`
			`}`
			`}`

			`func TestAuthorizeUserErr(t *testing.T) {`
			`w := httptest.NewRecorder()`
			`r := httptest.NewRequest("GET", "/", nil)`

			`AuthorizeUser(`
			`http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {`
			`t.Errorf("Must not invoke next handler in middleware chain")`
			`}),`
			`).ServeHTTP(w, r)`

			`if got, want := w.Code, http.StatusUnauthorized; got != want {`
			`t.Errorf("Want status code %d, got %d", want, got)`
			`}`
			`}`

			`func TestAuthorizeAdmin(t *testing.T) {`
			`w := httptest.NewRecorder()`
			`r := httptest.NewRequest("GET", "/", nil)`
			`r = r.WithContext(`
			`request.WithUser(r.Context(), &core.User{Admin: true}),`
			`)`

			`AuthorizeAdmin(`
			`http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {`
			`// use dummy status code to signal the next handler in`
			`// the middleware chain was properly invoked.`
			`w.WriteHeader(http.StatusTeapot)`
			`}),`
			`).ServeHTTP(w, r)`

			`if got, want := w.Code, http.StatusTeapot; got != want {`
			`t.Errorf("Want status code %d, got %d", want, got)`
			`}`
			`}`

			`func TestAuthorizeAdminUnauthorized(t *testing.T) {`
			`w := httptest.NewRecorder()`
			`r := httptest.NewRequest("GET", "/", nil)`

			`AuthorizeAdmin(`
			`http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {`
			`t.Errorf("Must not invoke next handler in middleware chain")`
			`}),`
			`).ServeHTTP(w, r)`

			`if got, want := w.Code, http.StatusUnauthorized; got != want {`
			`t.Errorf("Want status code %d, got %d", want, got)`
			`}`
			`}`

			`func TestAuthorizeAdminForbidden(t *testing.T) {`
			`w := httptest.NewRecorder()`
			`r := httptest.NewRequest("GET", "/", nil)`
			`r = r.WithContext(`
			`request.WithUser(r.Context(), &core.User{Admin: false}),`
			`)`

			`AuthorizeAdmin(`
			`http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {`
			`t.Errorf("Must not invoke next handler in middleware chain")`
			`}),`
			`).ServeHTTP(w, r)`

			`if got, want := w.Code, http.StatusForbidden; got != want {`
			`t.Errorf("Want status code %d, got %d", want, got)`
			`}`
			`}`