mirror of
https://github.com/zitadel/zitadel.git
synced 2024-12-12 19:14:23 +00:00
958362e6c9
* commander * commander * selber! * move to packages * fix(errors): implement Is interface * test: command * test: commands * add init steps * setup tenant * add default step yaml * possibility to set password * merge v2 into v2-commander * fix: rename iam command side to instance * fix: rename iam command side to instance * fix: rename iam command side to instance * fix: rename iam command side to instance * fix: search query builder can filter events in memory * fix: filters for add member * fix(setup): add `ExternalSecure` to config * chore: name iam to instance * fix: matching * remove unsued func * base url * base url * test(command): filter funcs * test: commands * fix: rename orgiampolicy to domain policy * start from init * commands * config * fix indexes and add constraints * fixes * fix: merge conflicts * fix: protos * fix: md files * setup * add deprecated org iam policy again * typo * fix search query * fix filter * Apply suggestions from code review * remove custom org from org setup * add todos for verification * change apps creation * simplify package structure * fix error * move preparation helper for tests * fix unique constraints * fix config mapping in setup * fix error handling in encryption_keys.go * fix projection config * fix query from old views to projection * fix setup of mgmt api * set iam project and fix instance projection * fix tokens view * fix steps.yaml and defaults.yaml * fix projections * change instance context to interface * instance interceptors and additional events in setup * cleanup * tests for interceptors * fix label policy * add todo * single api endpoint in environment.json Co-authored-by: adlerhurst <silvan.reusser@gmail.com> Co-authored-by: fabi <fabienne.gerschwiler@gmail.com>
259 lines
5.1 KiB
Go
259 lines
5.1 KiB
Go
package middleware
|
|
|
|
import (
|
|
"context"
|
|
"fmt"
|
|
"net/http"
|
|
"net/http/httptest"
|
|
"reflect"
|
|
"testing"
|
|
|
|
"github.com/stretchr/testify/assert"
|
|
|
|
"github.com/caos/zitadel/internal/api/authz"
|
|
)
|
|
|
|
func Test_instanceInterceptor_Handler(t *testing.T) {
|
|
type fields struct {
|
|
verifier authz.InstanceVerifier
|
|
headerName string
|
|
}
|
|
type args struct {
|
|
request *http.Request
|
|
}
|
|
type res struct {
|
|
statusCode int
|
|
context context.Context
|
|
}
|
|
tests := []struct {
|
|
name string
|
|
fields fields
|
|
args args
|
|
res res
|
|
}{
|
|
{
|
|
"setInstance error",
|
|
fields{
|
|
verifier: &mockInstanceVerifier{},
|
|
headerName: "header",
|
|
},
|
|
args{
|
|
request: httptest.NewRequest("", "/url", nil),
|
|
},
|
|
res{
|
|
statusCode: 403,
|
|
context: nil,
|
|
},
|
|
},
|
|
{
|
|
"setInstance ok",
|
|
fields{
|
|
verifier: &mockInstanceVerifier{"host"},
|
|
headerName: "header",
|
|
},
|
|
args{
|
|
request: func() *http.Request {
|
|
r := httptest.NewRequest("", "/url", nil)
|
|
r.Header.Set("header", "host")
|
|
return r
|
|
}(),
|
|
},
|
|
res{
|
|
statusCode: 200,
|
|
context: authz.WithInstance(context.Background(), &mockInstance{}),
|
|
},
|
|
},
|
|
}
|
|
for _, tt := range tests {
|
|
t.Run(tt.name, func(t *testing.T) {
|
|
a := &instanceInterceptor{
|
|
verifier: tt.fields.verifier,
|
|
headerName: tt.fields.headerName,
|
|
}
|
|
next := &testHandler{}
|
|
got := a.HandlerFunc(next.ServeHTTP)
|
|
rr := httptest.NewRecorder()
|
|
got.ServeHTTP(rr, tt.args.request)
|
|
assert.Equal(t, tt.res.statusCode, rr.Code)
|
|
assert.Equal(t, tt.res.context, next.context)
|
|
})
|
|
}
|
|
}
|
|
|
|
func Test_instanceInterceptor_HandlerFunc(t *testing.T) {
|
|
type fields struct {
|
|
verifier authz.InstanceVerifier
|
|
headerName string
|
|
}
|
|
type args struct {
|
|
request *http.Request
|
|
}
|
|
type res struct {
|
|
statusCode int
|
|
context context.Context
|
|
}
|
|
tests := []struct {
|
|
name string
|
|
fields fields
|
|
args args
|
|
res res
|
|
}{
|
|
{
|
|
"setInstance error",
|
|
fields{
|
|
verifier: &mockInstanceVerifier{},
|
|
headerName: "header",
|
|
},
|
|
args{
|
|
request: httptest.NewRequest("", "/url", nil),
|
|
},
|
|
res{
|
|
statusCode: 403,
|
|
context: nil,
|
|
},
|
|
},
|
|
{
|
|
"setInstance ok",
|
|
fields{
|
|
verifier: &mockInstanceVerifier{"host"},
|
|
headerName: "header",
|
|
},
|
|
args{
|
|
request: func() *http.Request {
|
|
r := httptest.NewRequest("", "/url", nil)
|
|
r.Header.Set("header", "host")
|
|
return r
|
|
}(),
|
|
},
|
|
res{
|
|
statusCode: 200,
|
|
context: authz.WithInstance(context.Background(), &mockInstance{}),
|
|
},
|
|
},
|
|
}
|
|
for _, tt := range tests {
|
|
t.Run(tt.name, func(t *testing.T) {
|
|
a := &instanceInterceptor{
|
|
verifier: tt.fields.verifier,
|
|
headerName: tt.fields.headerName,
|
|
}
|
|
next := &testHandler{}
|
|
got := a.HandlerFunc(next.ServeHTTP)
|
|
rr := httptest.NewRecorder()
|
|
got.ServeHTTP(rr, tt.args.request)
|
|
assert.Equal(t, tt.res.statusCode, rr.Code)
|
|
assert.Equal(t, tt.res.context, next.context)
|
|
})
|
|
}
|
|
}
|
|
|
|
func Test_setInstance(t *testing.T) {
|
|
type args struct {
|
|
r *http.Request
|
|
verifier authz.InstanceVerifier
|
|
headerName string
|
|
}
|
|
type res struct {
|
|
want context.Context
|
|
err bool
|
|
}
|
|
tests := []struct {
|
|
name string
|
|
args args
|
|
res res
|
|
}{
|
|
{
|
|
"hostname not found, error",
|
|
args{
|
|
r: func() *http.Request {
|
|
r := httptest.NewRequest("", "/url", nil)
|
|
return r
|
|
}(),
|
|
verifier: &mockInstanceVerifier{},
|
|
headerName: "",
|
|
},
|
|
res{
|
|
want: nil,
|
|
err: true,
|
|
},
|
|
},
|
|
{
|
|
"invalid host, error",
|
|
args{
|
|
r: func() *http.Request {
|
|
r := httptest.NewRequest("", "/url", nil)
|
|
r.Header.Set("header", "host2")
|
|
return r
|
|
}(),
|
|
verifier: &mockInstanceVerifier{"host"},
|
|
headerName: "header",
|
|
},
|
|
res{
|
|
want: nil,
|
|
err: true,
|
|
},
|
|
},
|
|
{
|
|
"valid host",
|
|
args{
|
|
r: func() *http.Request {
|
|
r := httptest.NewRequest("", "/url", nil)
|
|
r.Header.Set("header", "host")
|
|
return r
|
|
}(),
|
|
verifier: &mockInstanceVerifier{"host"},
|
|
headerName: "header",
|
|
},
|
|
res{
|
|
want: authz.WithInstance(context.Background(), &mockInstance{}),
|
|
err: false,
|
|
},
|
|
},
|
|
}
|
|
for _, tt := range tests {
|
|
t.Run(tt.name, func(t *testing.T) {
|
|
got, err := setInstance(tt.args.r, tt.args.verifier, tt.args.headerName)
|
|
if (err != nil) != tt.res.err {
|
|
t.Errorf("setInstance() error = %v, wantErr %v", err, tt.res.err)
|
|
return
|
|
}
|
|
if !reflect.DeepEqual(got, tt.res.want) {
|
|
t.Errorf("setInstance() got = %v, want %v", got, tt.res.want)
|
|
}
|
|
})
|
|
}
|
|
}
|
|
|
|
type testHandler struct {
|
|
context context.Context
|
|
}
|
|
|
|
func (t *testHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
|
|
t.context = r.Context()
|
|
}
|
|
|
|
type mockInstanceVerifier struct {
|
|
host string
|
|
}
|
|
|
|
func (m *mockInstanceVerifier) InstanceByHost(ctx context.Context, host string) (authz.Instance, error) {
|
|
if host != m.host {
|
|
return nil, fmt.Errorf("invalid host")
|
|
}
|
|
return &mockInstance{}, nil
|
|
}
|
|
|
|
type mockInstance struct{}
|
|
|
|
func (m *mockInstance) InstanceID() string {
|
|
return "instanceID"
|
|
}
|
|
|
|
func (m *mockInstance) ProjectID() string {
|
|
return "projectID"
|
|
}
|
|
|
|
func (m *mockInstance) ConsoleClientID() string {
|
|
return "consoleClientID"
|
|
}
|