mirror of
https://github.com/zitadel/zitadel.git
synced 2024-12-21 07:17:39 +00:00
4980cd6a0c
* define roles and permissions * support system user memberships * don't limit system users * cleanup permissions * restrict memberships to aggregates * default to SYSTEM_OWNER * update unit tests * test: system user token test (#6778) * update unit tests * refactor: make authz testable * move session constants * cleanup * comment * comment * decode member type string to enum (#6780) * decode member type string to enum * handle all membership types * decode enums where necessary * decode member type in steps config * update system api docs * add technical advisory * tweak docs a bit * comment in comment * lint * extract token from Bearer header prefix * review changes * fix tests * fix: add fix for activityhandler * add isSystemUser * remove IsSystemUser from activity info * fix: add fix for activityhandler --------- Co-authored-by: Stefan Benz <stefan@caos.ch>
67 lines
1.3 KiB
Go
67 lines
1.3 KiB
Go
package authz
|
|
|
|
import (
|
|
"context"
|
|
"testing"
|
|
|
|
"github.com/zitadel/zitadel/internal/errors"
|
|
)
|
|
|
|
func Test_extractBearerToken(t *testing.T) {
|
|
|
|
type args struct {
|
|
ctx context.Context
|
|
token string
|
|
verifier AccessTokenVerifier
|
|
}
|
|
tests := []struct {
|
|
name string
|
|
args args
|
|
wantErr bool
|
|
}{
|
|
{
|
|
name: "no auth header set",
|
|
args: args{
|
|
ctx: context.Background(),
|
|
token: "",
|
|
},
|
|
wantErr: true,
|
|
},
|
|
{
|
|
name: "wrong auth header set",
|
|
args: args{
|
|
ctx: context.Background(),
|
|
token: "Basic sds",
|
|
},
|
|
wantErr: true,
|
|
},
|
|
{
|
|
name: "auth header set",
|
|
args: args{
|
|
ctx: context.Background(),
|
|
token: "Bearer AUTH",
|
|
verifier: AccessTokenVerifierFunc(func(context.Context, string) (string, string, string, string, string, error) {
|
|
return "", "", "", "", "", nil
|
|
}),
|
|
},
|
|
wantErr: false,
|
|
},
|
|
}
|
|
for _, tt := range tests {
|
|
t.Run(tt.name, func(t *testing.T) {
|
|
_, err := extractBearerToken(tt.args.token)
|
|
if tt.wantErr && err == nil {
|
|
t.Errorf("got wrong result, should get err: actual: %v ", err)
|
|
}
|
|
|
|
if !tt.wantErr && err != nil {
|
|
t.Errorf("got wrong result, should not get err: actual: %v ", err)
|
|
}
|
|
|
|
if tt.wantErr && !errors.IsUnauthenticated(err) {
|
|
t.Errorf("got wrong err: %v ", err)
|
|
}
|
|
})
|
|
}
|
|
}
|