2019-02-19 23:56:41 +00:00
|
|
|
// Copyright 2019 Drone.IO Inc. All rights reserved.
|
|
|
|
// Use of this source code is governed by the Drone Non-Commercial License
|
|
|
|
// that can be found in the LICENSE file.
|
|
|
|
|
|
|
|
package acl
|
|
|
|
|
|
|
|
import (
|
|
|
|
"io/ioutil"
|
|
|
|
"net/http"
|
|
|
|
"net/http/httptest"
|
|
|
|
"testing"
|
|
|
|
|
|
|
|
"github.com/drone/drone/core"
|
2019-07-29 20:58:32 +00:00
|
|
|
"github.com/drone/drone/handler/api/request"
|
2019-02-19 23:56:41 +00:00
|
|
|
|
|
|
|
"github.com/sirupsen/logrus"
|
|
|
|
)
|
|
|
|
|
|
|
|
func init() {
|
|
|
|
logrus.SetOutput(ioutil.Discard)
|
|
|
|
}
|
|
|
|
|
|
|
|
var (
|
|
|
|
mockUser = &core.User{
|
2019-07-29 20:58:32 +00:00
|
|
|
ID: 1,
|
|
|
|
Login: "octocat",
|
|
|
|
Admin: false,
|
|
|
|
Active: true,
|
|
|
|
}
|
|
|
|
|
2019-09-29 20:51:56 +00:00
|
|
|
mockUserAdmin = &core.User{
|
|
|
|
ID: 1,
|
|
|
|
Login: "octocat",
|
|
|
|
Admin: true,
|
|
|
|
Active: true,
|
|
|
|
}
|
|
|
|
|
2019-07-29 20:58:32 +00:00
|
|
|
mockUserInactive = &core.User{
|
|
|
|
ID: 1,
|
|
|
|
Login: "octocat",
|
|
|
|
Admin: false,
|
|
|
|
Active: false,
|
2019-02-19 23:56:41 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
mockRepo = &core.Repository{
|
|
|
|
ID: 1,
|
|
|
|
UID: "42",
|
|
|
|
Namespace: "octocat",
|
|
|
|
Name: "hello-world",
|
|
|
|
Slug: "octocat/hello-world",
|
|
|
|
Counter: 42,
|
|
|
|
Branch: "master",
|
|
|
|
Private: true,
|
|
|
|
Visibility: core.VisibilityPrivate,
|
|
|
|
}
|
|
|
|
)
|
|
|
|
|
|
|
|
func TestAuthorizeUser(t *testing.T) {
|
|
|
|
w := httptest.NewRecorder()
|
|
|
|
r := httptest.NewRequest("GET", "/", nil)
|
|
|
|
r = r.WithContext(
|
|
|
|
request.WithUser(r.Context(), mockUser),
|
|
|
|
)
|
|
|
|
|
|
|
|
AuthorizeUser(
|
|
|
|
http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
|
|
|
// use dummy status code to signal the next handler in
|
|
|
|
// the middleware chain was properly invoked.
|
|
|
|
w.WriteHeader(http.StatusTeapot)
|
|
|
|
}),
|
|
|
|
).ServeHTTP(w, r)
|
|
|
|
|
|
|
|
if got, want := w.Code, http.StatusTeapot; got != want {
|
|
|
|
t.Errorf("Want status code %d, got %d", want, got)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
func TestAuthorizeUserErr(t *testing.T) {
|
|
|
|
w := httptest.NewRecorder()
|
|
|
|
r := httptest.NewRequest("GET", "/", nil)
|
|
|
|
|
|
|
|
AuthorizeUser(
|
|
|
|
http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
|
|
|
t.Errorf("Must not invoke next handler in middleware chain")
|
|
|
|
}),
|
|
|
|
).ServeHTTP(w, r)
|
|
|
|
|
|
|
|
if got, want := w.Code, http.StatusUnauthorized; got != want {
|
|
|
|
t.Errorf("Want status code %d, got %d", want, got)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
func TestAuthorizeAdmin(t *testing.T) {
|
|
|
|
w := httptest.NewRecorder()
|
|
|
|
r := httptest.NewRequest("GET", "/", nil)
|
|
|
|
r = r.WithContext(
|
|
|
|
request.WithUser(r.Context(), &core.User{Admin: true}),
|
|
|
|
)
|
|
|
|
|
|
|
|
AuthorizeAdmin(
|
|
|
|
http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
|
|
|
// use dummy status code to signal the next handler in
|
|
|
|
// the middleware chain was properly invoked.
|
|
|
|
w.WriteHeader(http.StatusTeapot)
|
|
|
|
}),
|
|
|
|
).ServeHTTP(w, r)
|
|
|
|
|
|
|
|
if got, want := w.Code, http.StatusTeapot; got != want {
|
|
|
|
t.Errorf("Want status code %d, got %d", want, got)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
func TestAuthorizeAdminUnauthorized(t *testing.T) {
|
|
|
|
w := httptest.NewRecorder()
|
|
|
|
r := httptest.NewRequest("GET", "/", nil)
|
|
|
|
|
|
|
|
AuthorizeAdmin(
|
|
|
|
http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
|
|
|
t.Errorf("Must not invoke next handler in middleware chain")
|
|
|
|
}),
|
|
|
|
).ServeHTTP(w, r)
|
|
|
|
|
|
|
|
if got, want := w.Code, http.StatusUnauthorized; got != want {
|
|
|
|
t.Errorf("Want status code %d, got %d", want, got)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
func TestAuthorizeAdminForbidden(t *testing.T) {
|
|
|
|
w := httptest.NewRecorder()
|
|
|
|
r := httptest.NewRequest("GET", "/", nil)
|
|
|
|
r = r.WithContext(
|
|
|
|
request.WithUser(r.Context(), &core.User{Admin: false}),
|
|
|
|
)
|
|
|
|
|
|
|
|
AuthorizeAdmin(
|
|
|
|
http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
|
|
|
t.Errorf("Must not invoke next handler in middleware chain")
|
|
|
|
}),
|
|
|
|
).ServeHTTP(w, r)
|
|
|
|
|
|
|
|
if got, want := w.Code, http.StatusForbidden; got != want {
|
|
|
|
t.Errorf("Want status code %d, got %d", want, got)
|
|
|
|
}
|
|
|
|
}
|