mirror of
https://github.com/binwiederhier/ntfy.git
synced 2024-12-22 17:52:30 +01:00
FullScenario_Default_DenyAll: add user "john" test case
Add new test for user john The user should have: "deny" to mytopic_deny*, "ro" to mytopic_ro*, "rw" to mytopic*, "ro" to the rest
This commit is contained in:
parent
0ff1f6520a
commit
1aa82ff06a
1 changed files with 34 additions and 0 deletions
|
@ -20,10 +20,15 @@ func TestManager_FullScenario_Default_DenyAll(t *testing.T) {
|
|||
a := newTestManagerFromFile(t, filepath.Join(t.TempDir(), "user.db"), "", PermissionDenyAll, DefaultUserPasswordBcryptCost, DefaultUserStatsQueueWriterInterval)
|
||||
require.Nil(t, a.AddUser("phil", "phil", RoleAdmin))
|
||||
require.Nil(t, a.AddUser("ben", "ben", RoleUser))
|
||||
require.Nil(t, a.AddUser("john", "john", RoleUser))
|
||||
require.Nil(t, a.AllowAccess("ben", "mytopic", PermissionReadWrite))
|
||||
require.Nil(t, a.AllowAccess("ben", "readme", PermissionRead))
|
||||
require.Nil(t, a.AllowAccess("ben", "writeme", PermissionWrite))
|
||||
require.Nil(t, a.AllowAccess("ben", "everyonewrite", PermissionDenyAll)) // How unfair!
|
||||
require.Nil(t, a.AllowAccess("john", "*", PermissionRead))
|
||||
require.Nil(t, a.AllowAccess("john", "mytopic*", PermissionReadWrite))
|
||||
require.Nil(t, a.AllowAccess("john", "mytopic_ro*", PermissionRead))
|
||||
require.Nil(t, a.AllowAccess("john", "mytopic_deny*", PermissionDenyAll))
|
||||
require.Nil(t, a.AllowAccess(Everyone, "announcements", PermissionRead))
|
||||
require.Nil(t, a.AllowAccess(Everyone, "everyonewrite", PermissionReadWrite))
|
||||
require.Nil(t, a.AllowAccess(Everyone, "up*", PermissionWrite)) // Everyone can write to /up*
|
||||
|
@ -53,6 +58,21 @@ func TestManager_FullScenario_Default_DenyAll(t *testing.T) {
|
|||
{"readme", PermissionRead},
|
||||
}, benGrants)
|
||||
|
||||
john, err := a.Authenticate("john", "john")
|
||||
require.Nil(t, err)
|
||||
require.Equal(t, "john", john.Name)
|
||||
require.True(t, strings.HasPrefix(john.Hash, "$2a$10$"))
|
||||
require.Equal(t, RoleUser, john.Role)
|
||||
|
||||
johnGrants, err := a.Grants("john")
|
||||
require.Nil(t, err)
|
||||
require.Equal(t, []Grant{
|
||||
{"mytopic_deny*", PermissionDenyAll},
|
||||
{"mytopic_ro*", PermissionRead},
|
||||
{"mytopic*", PermissionReadWrite},
|
||||
{"*", PermissionRead},
|
||||
}, johnGrants)
|
||||
|
||||
notben, err := a.Authenticate("ben", "this is wrong")
|
||||
require.Nil(t, notben)
|
||||
require.Equal(t, ErrUnauthenticated, err)
|
||||
|
@ -78,6 +98,20 @@ func TestManager_FullScenario_Default_DenyAll(t *testing.T) {
|
|||
require.Nil(t, a.Authorize(ben, "announcements", PermissionRead))
|
||||
require.Equal(t, ErrUnauthorized, a.Authorize(ben, "announcements", PermissionWrite))
|
||||
|
||||
// user john should have
|
||||
// "deny" to mytopic_deny*,
|
||||
// "ro" to mytopic_ro*,
|
||||
// "rw" to mytopic*,
|
||||
// "ro" to the rest
|
||||
require.Equal(t, ErrUnauthorized, a.Authorize(john, "mytopic_deny_case", PermissionRead))
|
||||
require.Equal(t, ErrUnauthorized, a.Authorize(john, "mytopic_deny_case", PermissionWrite))
|
||||
require.Nil(t, a.Authorize(john, "mytopic_ro_test_case", PermissionRead))
|
||||
require.Equal(t, ErrUnauthorized, a.Authorize(john, "mytopic_ro_test_case", PermissionWrite))
|
||||
require.Nil(t, a.Authorize(john, "mytopic_case1", PermissionRead))
|
||||
require.Nil(t, a.Authorize(john, "mytopic_case1", PermissionWrite))
|
||||
require.Nil(t, a.Authorize(john, "readme", PermissionRead))
|
||||
require.Equal(t, ErrUnauthorized, a.Authorize(john, "writeme", PermissionWrite))
|
||||
|
||||
// Everyone else can do barely anything
|
||||
require.Equal(t, ErrUnauthorized, a.Authorize(nil, "sometopicnotinthelist", PermissionRead))
|
||||
require.Equal(t, ErrUnauthorized, a.Authorize(nil, "sometopicnotinthelist", PermissionWrite))
|
||||
|
|
Loading…
Reference in a new issue