Support multiple topics in auth
This commit is contained in:
parent
e61a0c2f78
commit
631ade5430
2 changed files with 30 additions and 5 deletions
|
@ -1140,7 +1140,7 @@ func (s *Server) withAuth(next handleFunc, perm auth.Permission) handleFunc {
|
||||||
if s.auth == nil {
|
if s.auth == nil {
|
||||||
return next(w, r, v)
|
return next(w, r, v)
|
||||||
}
|
}
|
||||||
t, err := s.topicFromPath(r.URL.Path)
|
topics, _, err := s.topicsFromPath(r.URL.Path)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
@ -1152,9 +1152,11 @@ func (s *Server) withAuth(next handleFunc, perm auth.Permission) handleFunc {
|
||||||
return errHTTPUnauthorized
|
return errHTTPUnauthorized
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
if err := s.auth.Authorize(user, t.ID, perm); err != nil {
|
for _, t := range topics {
|
||||||
log.Printf("unauthorized: %s", err.Error())
|
if err := s.auth.Authorize(user, t.ID, perm); err != nil {
|
||||||
return errHTTPForbidden
|
log.Printf("unauthorized: %s", err.Error())
|
||||||
|
return errHTTPForbidden
|
||||||
|
}
|
||||||
}
|
}
|
||||||
return next(w, r, v)
|
return next(w, r, v)
|
||||||
}
|
}
|
||||||
|
|
|
@ -549,7 +549,7 @@ func TestServer_Auth_Success_User(t *testing.T) {
|
||||||
|
|
||||||
manager := s.auth.(auth.Manager)
|
manager := s.auth.(auth.Manager)
|
||||||
require.Nil(t, manager.AddUser("ben", "ben", auth.RoleUser))
|
require.Nil(t, manager.AddUser("ben", "ben", auth.RoleUser))
|
||||||
require.Nil(t, manager.AllowAccess("ben", "mytopic", true, true)) // Not mytopic!
|
require.Nil(t, manager.AllowAccess("ben", "mytopic", true, true))
|
||||||
|
|
||||||
response := request(t, s, "GET", "/mytopic/auth", "", map[string]string{
|
response := request(t, s, "GET", "/mytopic/auth", "", map[string]string{
|
||||||
"Authorization": basicAuth("ben:ben"),
|
"Authorization": basicAuth("ben:ben"),
|
||||||
|
@ -557,6 +557,29 @@ func TestServer_Auth_Success_User(t *testing.T) {
|
||||||
require.Equal(t, 200, response.Code)
|
require.Equal(t, 200, response.Code)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func TestServer_Auth_Success_User_MultipleTopics(t *testing.T) {
|
||||||
|
c := newTestConfig(t)
|
||||||
|
c.AuthFile = filepath.Join(t.TempDir(), "user.db")
|
||||||
|
c.AuthDefaultRead = false
|
||||||
|
c.AuthDefaultWrite = false
|
||||||
|
s := newTestServer(t, c)
|
||||||
|
|
||||||
|
manager := s.auth.(auth.Manager)
|
||||||
|
require.Nil(t, manager.AddUser("ben", "ben", auth.RoleUser))
|
||||||
|
require.Nil(t, manager.AllowAccess("ben", "mytopic", true, true))
|
||||||
|
require.Nil(t, manager.AllowAccess("ben", "anothertopic", true, true))
|
||||||
|
|
||||||
|
response := request(t, s, "GET", "/mytopic,anothertopic/auth", "", map[string]string{
|
||||||
|
"Authorization": basicAuth("ben:ben"),
|
||||||
|
})
|
||||||
|
require.Equal(t, 200, response.Code)
|
||||||
|
|
||||||
|
response = request(t, s, "GET", "/mytopic,anothertopic,NOT-THIS-ONE/auth", "", map[string]string{
|
||||||
|
"Authorization": basicAuth("ben:ben"),
|
||||||
|
})
|
||||||
|
require.Equal(t, 403, response.Code)
|
||||||
|
}
|
||||||
|
|
||||||
func TestServer_Auth_Fail_InvalidPass(t *testing.T) {
|
func TestServer_Auth_Fail_InvalidPass(t *testing.T) {
|
||||||
c := newTestConfig(t)
|
c := newTestConfig(t)
|
||||||
c.AuthFile = filepath.Join(t.TempDir(), "user.db")
|
c.AuthFile = filepath.Join(t.TempDir(), "user.db")
|
||||||
|
|
Loading…
Reference in a new issue