TheArchive/zitadel
1
0
Fork 0
mirror of https://github.com/zitadel/zitadel.git synced 2024-12-12 19:14:23 +00:00
Code Issues Packages Projects Releases Wiki Activity
8203f2dad3
zitadel/internal/api/auth/permissions_test.go
Fabi c07ed83c41
Project commands (#26) 
* feat: eventstore repository

* fix: remove gorm

* version

* feat: pkg

* feat: add some files for project

* feat: eventstore without eventstore-lib

* rename files

* gnueg

* fix: key json

* fix: add object

* fix: change imports

* fix: internal models

* fix: some imports

* fix: global model

* fix: add some functions on repo

* feat(eventstore): sdk

* fix(eventstore): search query

* fix(eventstore): rename app to eventstore

* delete empty test

* remove unused func

* merge master

* fix(eventstore): tests

* fix(models): delete unused struct

* fix: some funcitons

* feat(eventstore): implemented push events

* fix: move project eventstore to project package

* fix: change project eventstore funcs

* feat(eventstore): overwrite context data

* fix: change project eventstore

* fix: add project repo to mgmt server

* feat(types): SQL-config

* fix: commented code

* feat(eventstore): options to overwrite editor

* feat: auth interceptor and cockroach migrations

* fix: migrations

* fix: fix filter

* fix: not found on getbyid

* fix: add sequence

* fix: add some tests

* fix(eventstore): nullable sequence

* fix: add some tests

* merge

* fix: add some tests

* fix(migrations): correct statements for sequence

* fix: add some tests

* fix: add some tests

* fix: changes from mr

* Update internal/eventstore/models/field.go

Co-Authored-By: livio-a <livio.a@gmail.com>

* fix(eventstore): code quality

* fix: add types to aggregate/Event-types

* fix(eventstore): rename modifier* to editor*

* fix(eventstore): delete editor_org

* fix(migrations): remove editor_org field,
rename modifier_* to editor_*

* fix: generate files

* fix(eventstore): tests

* fix(eventstore): rename modifier to editor

* fix(migrations): add cluster migration,
fix(migrations): fix typo of host in clean clsuter

* fix(eventstore): move health

* fix(eventstore): AggregateTypeFilter aggregateType as param

* code quality

* feat: start implementing project members

* feat: remove member funcs

* feat: remove member model

* feat: remove member events

* feat: remove member repo model

* fix: better error func testing

* Update docs/local.md

Co-Authored-By: Silvan <silvan.reusser@gmail.com>

* Update docs/local.md

Co-Authored-By: Silvan <silvan.reusser@gmail.com>

* fix: mr requests

* fix: md file

Co-authored-by: adlerhurst <silvan.reusser@gmail.com>
Co-authored-by: livio-a <livio.a@gmail.com>
2020-04-07 13:23:04 +02:00

429 lines
9.9 KiB
Go
Raw Blame History

package auth
import (
"context"
"testing"
caos_errs "github.com/caos/zitadel/internal/errors"
)
func getTestCtx(userID, orgID string) context.Context {
return context.WithValue(context.Background(), dataKey, CtxData{UserID: userID, OrgID: orgID})
}
type testVerifier struct {
grants []*Grant
}
func (v *testVerifier) VerifyAccessToken(ctx context.Context, token string) (string, string, string, error) {
return "userID", "clientID", "agentID", nil
}
func (v *testVerifier) ResolveGrants(ctx context.Context, sub, orgID string) ([]*Grant, error) {
return v.grants, nil
}
func (v *testVerifier) GetProjectIDByClientID(ctx context.Context, clientID string) (string, error) {
return "", nil
}
func equalStringArray(a, b []string) bool {
if len(a) != len(b) {
return false
}
for i, v := range a {
if v != b[i] {
return false
}
}
return true
}
func Test_GetUserMethodPermissions(t *testing.T) {
type args struct {
ctx context.Context
verifier TokenVerifier
requiredPerm string
authConfig *Config
}
tests := []struct {
name string
args args
wantErr bool
errFunc func(err error) bool
result []string
}{
{
name: "Empty Context",
args: args{
ctx: getTestCtx("", ""),
verifier: &testVerifier{grants: []*Grant{&Grant{
Roles: []string{"ORG_OWNER"}}}},
requiredPerm: "project.read",
authConfig: &Config{
RolePermissionMappings: []RoleMapping{
RoleMapping{
Role: "IAM_OWNER",
Permissions: []string{"project.read"},
},
RoleMapping{
Role: "ORG_OWNER",
Permissions: []string{"org.read", "project.read"},
},
},
},
},
wantErr: true,
errFunc: caos_errs.IsUnauthenticated,
result: []string{"project.read"},
},
{
name: "No Grants",
args: args{
ctx: getTestCtx("", ""),
verifier: &testVerifier{grants: []*Grant{}},
requiredPerm: "project.read",
authConfig: &Config{
RolePermissionMappings: []RoleMapping{
RoleMapping{
Role: "IAM_OWNER",
Permissions: []string{"project.read"},
},
RoleMapping{
Role: "ORG_OWNER",
Permissions: []string{"org.read", "project.read"},
},
},
},
},
result: make([]string, 0),
},
{
name: "Get Permissions",
args: args{
ctx: getTestCtx("userID", "orgID"),
verifier: &testVerifier{grants: []*Grant{&Grant{
Roles: []string{"ORG_OWNER"}}}},
requiredPerm: "project.read",
authConfig: &Config{
RolePermissionMappings: []RoleMapping{
RoleMapping{
Role: "IAM_OWNER",
Permissions: []string{"project.read"},
},
RoleMapping{
Role: "ORG_OWNER",
Permissions: []string{"org.read", "project.read"},
},
},
},
},
result: []string{"project.read"},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
_, perms, err := getUserMethodPermissions(tt.args.ctx, tt.args.verifier, tt.args.requiredPerm, tt.args.authConfig)
if tt.wantErr && err == nil {
t.Errorf("got wrong result, should get err: actual: %v ", err)
}
if tt.wantErr && !tt.errFunc(err) {
t.Errorf("got wrong err: %v ", err)
}
if !tt.wantErr && !equalStringArray(perms, tt.result) {
t.Errorf("got wrong result, expecting: %v, actual: %v ", tt.result, perms)
}
})
}
}
func Test_MapGrantsToPermissions(t *testing.T) {
type args struct {
requiredPerm string
grants []*Grant
authConfig *Config
}
tests := []struct {
name string
args args
result []string
}{
{
name: "One Role existing perm",
args: args{
requiredPerm: "project.read",
grants: []*Grant{&Grant{
Roles: []string{"ORG_OWNER"}}},
authConfig: &Config{
RolePermissionMappings: []RoleMapping{
RoleMapping{
Role: "IAM_OWNER",
Permissions: []string{"project.read"},
},
RoleMapping{
Role: "ORG_OWNER",
Permissions: []string{"org.read", "project.read"},
},
},
},
},
result: []string{"project.read"},
},
{
name: "One Role not existing perm",
args: args{
requiredPerm: "project.write",
grants: []*Grant{&Grant{
Roles: []string{"ORG_OWNER"}}},
authConfig: &Config{
RolePermissionMappings: []RoleMapping{
RoleMapping{
Role: "IAM_OWNER",
Permissions: []string{"project.read"},
},
RoleMapping{
Role: "ORG_OWNER",
Permissions: []string{"org.read", "project.read"},
},
},
},
},
result: []string{},
},
{
name: "Multiple Roles one existing",
args: args{
requiredPerm: "project.read",
grants: []*Grant{&Grant{
Roles: []string{"ORG_OWNER", "IAM_OWNER"}}},
authConfig: &Config{
RolePermissionMappings: []RoleMapping{
RoleMapping{
Role: "IAM_OWNER",
Permissions: []string{"project.read"},
},
RoleMapping{
Role: "ORG_OWNER",
Permissions: []string{"org.read", "project.read"},
},
},
},
},
result: []string{"project.read"},
},
{
name: "Multiple Roles, global and specific",
args: args{
requiredPerm: "project.read",
grants: []*Grant{&Grant{
Roles: []string{"ORG_OWNER", "PROJECT_OWNER:1"}}},
authConfig: &Config{
RolePermissionMappings: []RoleMapping{
RoleMapping{
Role: "PROJECT_OWNER",
Permissions: []string{"project.read"},
},
RoleMapping{
Role: "ORG_OWNER",
Permissions: []string{"org.read", "project.read"},
},
},
},
},
result: []string{"project.read", "project.read:1"},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
result := mapGrantsToPermissions(tt.args.requiredPerm, tt.args.grants, tt.args.authConfig)
if !equalStringArray(result, tt.result) {
t.Errorf("got wrong result, expecting: %v, actual: %v ", tt.result, result)
}
})
}
}
func Test_MapRoleToPerm(t *testing.T) {
type args struct {
requiredPerm string
actualRole string
authConfig *Config
resolvedPermissions []string
}
tests := []struct {
name string
args args
result []string
}{
{
name: "first perm without context id",
args: args{
requiredPerm: "project.read",
actualRole: "ORG_OWNER",
authConfig: &Config{
RolePermissionMappings: []RoleMapping{
RoleMapping{
Role: "IAM_OWNER",
Permissions: []string{"project.read"},
},
RoleMapping{
Role: "ORG_OWNER",
Permissions: []string{"org.read", "project.read"},
},
},
},
resolvedPermissions: []string{},
},
result: []string{"project.read"},
},
{
name: "existing perm without context id",
args: args{
requiredPerm: "project.read",
actualRole: "ORG_OWNER",
authConfig: &Config{
RolePermissionMappings: []RoleMapping{
RoleMapping{
Role: "IAM_OWNER",
Permissions: []string{"project.read"},
},
RoleMapping{
Role: "ORG_OWNER",
Permissions: []string{"org.read", "project.read"},
},
},
},
resolvedPermissions: []string{"project.read"},
},
result: []string{"project.read"},
},
{
name: "first perm with context id",
args: args{
requiredPerm: "project.read",
actualRole: "PROJECT_OWNER:1",
authConfig: &Config{
RolePermissionMappings: []RoleMapping{
RoleMapping{
Role: "PROJECT_OWNER",
Permissions: []string{"project.read"},
},
RoleMapping{
Role: "ORG_OWNER",
Permissions: []string{"org.read", "project.read"},
},
},
},
resolvedPermissions: []string{},
},
result: []string{"project.read:1"},
},
{
name: "perm with context id, existing global",
args: args{
requiredPerm: "project.read",
actualRole: "PROJECT_OWNER:1",
authConfig: &Config{
RolePermissionMappings: []RoleMapping{
RoleMapping{
Role: "PROJECT_OWNER",
Permissions: []string{"project.read"},
},
RoleMapping{
Role: "ORG_OWNER",
Permissions: []string{"org.read", "project.read"},
},
},
},
resolvedPermissions: []string{"project.read"},
},
result: []string{"project.read", "project.read:1"},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
result := mapRoleToPerm(tt.args.requiredPerm, tt.args.actualRole, tt.args.authConfig, tt.args.resolvedPermissions)
if !equalStringArray(result, tt.result) {
t.Errorf("got wrong result, expecting: %v, actual: %v ", tt.result, result)
}
})
}
}
func Test_AddRoleContextIDToPerm(t *testing.T) {
type args struct {
perm string
ctxID string
}
tests := []struct {
name string
args args
result string
}{
{
name: "with ctx id",
args: args{
perm: "perm1",
ctxID: "2",
},
result: "perm1:2",
},
{
name: "with ctx id",
args: args{
perm: "perm1",
ctxID: "",
},
result: "perm1",
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
result := addRoleContextIDToPerm(tt.args.perm, tt.args.ctxID)
if result != tt.result {
t.Errorf("got wrong result, expecting: %v, actual: %v ", tt.result, result)
}
})
}
}
func Test_ExistisPerm(t *testing.T) {
type args struct {
existing []string
perm string
}
tests := []struct {
name string
args args
result bool
}{
{
name: "not existing perm",
args: args{
existing: []string{"perm1", "perm2", "perm3"},
perm: "perm4",
},
result: false,
},
{
name: "existing perm",
args: args{
existing: []string{"perm1", "perm2", "perm3"},
perm: "perm2",
},
result: true,
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
result := existsPerm(tt.args.existing, tt.args.perm)
if result != tt.result {
t.Errorf("got wrong result, expecting: %v, actual: %v ", tt.result, result)
}
})
}
}
Reference in New Issue View Git Blame Copy Permalink