harness-drone/handler/api/acl/acl_test.go

144 lines
3.3 KiB
Go

// Copyright 2019 Drone.IO Inc. All rights reserved.
// Use of this source code is governed by the Drone Non-Commercial License
// that can be found in the LICENSE file.
package acl
import (
"io/ioutil"
"net/http"
"net/http/httptest"
"testing"
"github.com/drone/drone/core"
"github.com/drone/drone/handler/api/request"
"github.com/sirupsen/logrus"
)
func init() {
logrus.SetOutput(ioutil.Discard)
}
var (
mockUser = &core.User{
ID: 1,
Login: "octocat",
Admin: false,
Active: true,
}
mockUserAdmin = &core.User{
ID: 1,
Login: "octocat",
Admin: true,
Active: true,
}
mockUserInactive = &core.User{
ID: 1,
Login: "octocat",
Admin: false,
Active: false,
}
mockRepo = &core.Repository{
ID: 1,
UID: "42",
Namespace: "octocat",
Name: "hello-world",
Slug: "octocat/hello-world",
Counter: 42,
Branch: "master",
Private: true,
Visibility: core.VisibilityPrivate,
}
)
func TestAuthorizeUser(t *testing.T) {
w := httptest.NewRecorder()
r := httptest.NewRequest("GET", "/", nil)
r = r.WithContext(
request.WithUser(r.Context(), mockUser),
)
AuthorizeUser(
http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
// use dummy status code to signal the next handler in
// the middleware chain was properly invoked.
w.WriteHeader(http.StatusTeapot)
}),
).ServeHTTP(w, r)
if got, want := w.Code, http.StatusTeapot; got != want {
t.Errorf("Want status code %d, got %d", want, got)
}
}
func TestAuthorizeUserErr(t *testing.T) {
w := httptest.NewRecorder()
r := httptest.NewRequest("GET", "/", nil)
AuthorizeUser(
http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
t.Errorf("Must not invoke next handler in middleware chain")
}),
).ServeHTTP(w, r)
if got, want := w.Code, http.StatusUnauthorized; got != want {
t.Errorf("Want status code %d, got %d", want, got)
}
}
func TestAuthorizeAdmin(t *testing.T) {
w := httptest.NewRecorder()
r := httptest.NewRequest("GET", "/", nil)
r = r.WithContext(
request.WithUser(r.Context(), &core.User{Admin: true}),
)
AuthorizeAdmin(
http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
// use dummy status code to signal the next handler in
// the middleware chain was properly invoked.
w.WriteHeader(http.StatusTeapot)
}),
).ServeHTTP(w, r)
if got, want := w.Code, http.StatusTeapot; got != want {
t.Errorf("Want status code %d, got %d", want, got)
}
}
func TestAuthorizeAdminUnauthorized(t *testing.T) {
w := httptest.NewRecorder()
r := httptest.NewRequest("GET", "/", nil)
AuthorizeAdmin(
http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
t.Errorf("Must not invoke next handler in middleware chain")
}),
).ServeHTTP(w, r)
if got, want := w.Code, http.StatusUnauthorized; got != want {
t.Errorf("Want status code %d, got %d", want, got)
}
}
func TestAuthorizeAdminForbidden(t *testing.T) {
w := httptest.NewRecorder()
r := httptest.NewRequest("GET", "/", nil)
r = r.WithContext(
request.WithUser(r.Context(), &core.User{Admin: false}),
)
AuthorizeAdmin(
http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
t.Errorf("Must not invoke next handler in middleware chain")
}),
).ServeHTTP(w, r)
if got, want := w.Code, http.StatusForbidden; got != want {
t.Errorf("Want status code %d, got %d", want, got)
}
}