inactive accounts cannot activate a repository

This commit is contained in:
Brad Rydzewski 2019-07-29 13:58:32 -07:00
parent c78f55cc2f
commit 27bc816a01
5 changed files with 65 additions and 8 deletions

4
go.mod
View file

@ -17,9 +17,9 @@ require (
github.com/docker/go-connections v0.3.0
github.com/docker/go-units v0.3.3
github.com/drone/drone-go v1.0.5
github.com/drone/drone-runtime v1.0.6
github.com/drone/drone-runtime v1.0.7
github.com/drone/drone-ui v0.0.0-20190530175131-92ba3df1e0a9
github.com/drone/drone-yaml v1.2.2-0.20190719012529-c50000a465ee
github.com/drone/drone-yaml v1.2.2
github.com/drone/envsubst v1.0.1
github.com/drone/go-license v1.0.2
github.com/drone/go-login v1.0.4-0.20190311170324-2a4df4f242a2

5
go.sum
View file

@ -52,6 +52,9 @@ github.com/drone/drone-runtime v1.0.5 h1:fEdUvKd5+l8BQaPXntjUtSIVLvGWo3Blgb/zrXL
github.com/drone/drone-runtime v1.0.5/go.mod h1:+osgwGADc/nyl40J0fdsf8Z09bgcBZXvXXnLOY48zYs=
github.com/drone/drone-runtime v1.0.6 h1:7aPvPCZI2uqt3IEmx/BZg+ml10+I5lE74lZ17Y7xy40=
github.com/drone/drone-runtime v1.0.6/go.mod h1:+osgwGADc/nyl40J0fdsf8Z09bgcBZXvXXnLOY48zYs=
github.com/drone/drone-runtime v1.0.7-0.20190729202838-87c84080f4a1/go.mod h1:+osgwGADc/nyl40J0fdsf8Z09bgcBZXvXXnLOY48zYs=
github.com/drone/drone-runtime v1.0.7 h1:qviHrNmEdT3aYfQW3NYOuClHw2IU6CECSOfrXe8QLvY=
github.com/drone/drone-runtime v1.0.7/go.mod h1:+osgwGADc/nyl40J0fdsf8Z09bgcBZXvXXnLOY48zYs=
github.com/drone/drone-ui v0.0.0-20190318170755-1ca48466a158 h1:u80WYtaGkKWVmxj1BMX9SukAqTxILzGFIKvY5as9zAc=
github.com/drone/drone-ui v0.0.0-20190318170755-1ca48466a158/go.mod h1:NBtVWW7NNJpD9+huMD/5TAE1db2nrEh0i35/9Rf1MPI=
github.com/drone/drone-ui v0.0.0-20190318215801-d6c3d11a1c3f h1:yMdZ/2BZFKrfMbWlc0cNH2TCXdC8MsSR0pnu3Dq4UH4=
@ -93,6 +96,8 @@ github.com/drone/drone-yaml v1.2.2-0.20190719011530-e8b24d482cda h1:vPXJLgkyScZ0
github.com/drone/drone-yaml v1.2.2-0.20190719011530-e8b24d482cda/go.mod h1:l/ehbHx9TGs4jgzhRnP5d+M9tmRsAmWyBHWAFEOXrk4=
github.com/drone/drone-yaml v1.2.2-0.20190719012529-c50000a465ee h1:/zyEkv56+T6JxLkYgYYwZAMLKBgEnHA3fwZXiVI9nuE=
github.com/drone/drone-yaml v1.2.2-0.20190719012529-c50000a465ee/go.mod h1:l/ehbHx9TGs4jgzhRnP5d+M9tmRsAmWyBHWAFEOXrk4=
github.com/drone/drone-yaml v1.2.2 h1:Srf8OlAHhR7SXX5Ax01dP5tpZENsrEKyg35E2nNkIew=
github.com/drone/drone-yaml v1.2.2/go.mod h1:QsqliFK8nG04AHFN9tTn9XJomRBQHD4wcejWW1uz/10=
github.com/drone/envsubst v1.0.1 h1:NOOStingM2sbBwsIUeQkKUz8ShwCUzmqMxWrpXItfPE=
github.com/drone/envsubst v1.0.1/go.mod h1:bkZbnc/2vh1M12Ecn7EYScpI4YGYU0etwLJICOWi8Z0=
github.com/drone/go-license v1.0.2 h1:7OwndfYk+Lp/cGHkxe4HUn/Ysrrw3WYH2pnd99yrkok=

View file

@ -10,8 +10,8 @@ import (
"net/http/httptest"
"testing"
"github.com/drone/drone/handler/api/request"
"github.com/drone/drone/core"
"github.com/drone/drone/handler/api/request"
"github.com/sirupsen/logrus"
)
@ -22,9 +22,17 @@ func init() {
var (
mockUser = &core.User{
ID: 1,
Login: "octocat",
Admin: false,
ID: 1,
Login: "octocat",
Admin: false,
Active: true,
}
mockUserInactive = &core.User{
ID: 1,
Login: "octocat",
Admin: false,
Active: false,
}
mockRepo = &core.Repository{

View file

@ -123,6 +123,9 @@ func CheckAccess(read, write, admin bool) func(http.Handler) http.Handler {
)
switch {
case user.Active == false:
render.Forbidden(w, errors.ErrForbidden)
log.Debugln("api: active account required")
case read == true && perm.Read == false:
render.NotFound(w, errors.ErrNotFound)
log.Debugln("api: read access required")

View file

@ -12,9 +12,9 @@ import (
"testing"
"time"
"github.com/drone/drone/core"
"github.com/drone/drone/handler/api/errors"
"github.com/drone/drone/handler/api/request"
"github.com/drone/drone/core"
"github.com/google/go-cmp/cmp"
"github.com/go-chi/chi"
@ -380,6 +380,47 @@ func TestCheckWriteAccess(t *testing.T) {
}
}
// this test verifies the the next handler in the middleware
// chain is not processed if the user has write access BUT
// has been inactivated (e.g. blocked).
func TestCheckWriteAccess_InactiveUser(t *testing.T) {
controller := gomock.NewController(t)
defer controller.Finish()
writeAccess := &core.Perm{
Synced: time.Now().Unix(),
Read: true,
Write: true,
Admin: false,
}
w := httptest.NewRecorder()
r := httptest.NewRequest("GET", "/api/repos/octocat/hello-world", nil)
r = r.WithContext(
request.WithPerm(
request.WithUser(
request.WithRepo(noContext, mockRepo),
mockUserInactive,
),
writeAccess,
),
)
router := chi.NewRouter()
router.Route("/api/repos/{owner}/{name}", func(router chi.Router) {
router.Use(CheckWriteAccess())
router.Get("/", func(w http.ResponseWriter, r *http.Request) {
t.Error("should not invoke hanlder")
})
})
router.ServeHTTP(w, r)
if got, want := w.Code, http.StatusForbidden; got != want {
t.Errorf("Want status code %d, got %d", want, got)
}
}
// this test verifies that a 404 not found error is written to
// the response if the user lacks write access to the repository.
//
@ -526,7 +567,7 @@ func TestCheckAdminAccess_SystemAdmin(t *testing.T) {
controller := gomock.NewController(t)
defer controller.Finish()
user := &core.User{ID: 1, Admin: true}
user := &core.User{ID: 1, Admin: true, Active: true}
w := httptest.NewRecorder()
r := httptest.NewRequest("GET", "/api/repos/octocat/hello-world", nil)