1
0
mirror of https://github.com/zitadel/zitadel.git synced 2024-12-27 10:07:51 +00:00
Elio Bischof 4980cd6a0c
feat: add SYSTEM_OWNER role ()
* define roles and permissions

* support system user memberships

* don't limit system users

* cleanup permissions

* restrict memberships to aggregates

* default to SYSTEM_OWNER

* update unit tests

* test: system user token test ()

* update unit tests

* refactor: make authz testable

* move session constants

* cleanup

* comment

* comment

* decode member type string to enum ()

* decode member type string to enum

* handle all membership types

* decode enums where necessary

* decode member type in steps config

* update system api docs

* add technical advisory

* tweak docs a bit

* comment in comment

* lint

* extract token from Bearer header prefix

* review changes

* fix tests

* fix: add fix for activityhandler

* add isSystemUser

* remove IsSystemUser from activity info

* fix: add fix for activityhandler

---------

Co-authored-by: Stefan Benz <stefan@caos.ch>
2023-10-25 15:10:45 +00:00

67 lines
1.3 KiB
Go

package authz
import (
"context"
"testing"
"github.com/zitadel/zitadel/internal/errors"
)
func Test_extractBearerToken(t *testing.T) {
type args struct {
ctx context.Context
token string
verifier AccessTokenVerifier
}
tests := []struct {
name string
args args
wantErr bool
}{
{
name: "no auth header set",
args: args{
ctx: context.Background(),
token: "",
},
wantErr: true,
},
{
name: "wrong auth header set",
args: args{
ctx: context.Background(),
token: "Basic sds",
},
wantErr: true,
},
{
name: "auth header set",
args: args{
ctx: context.Background(),
token: "Bearer AUTH",
verifier: AccessTokenVerifierFunc(func(context.Context, string) (string, string, string, string, string, error) {
return "", "", "", "", "", nil
}),
},
wantErr: false,
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
_, err := extractBearerToken(tt.args.token)
if tt.wantErr && err == nil {
t.Errorf("got wrong result, should get err: actual: %v ", err)
}
if !tt.wantErr && err != nil {
t.Errorf("got wrong result, should not get err: actual: %v ", err)
}
if tt.wantErr && !errors.IsUnauthenticated(err) {
t.Errorf("got wrong err: %v ", err)
}
})
}
}