Support multiple topics in auth
This commit is contained in:
		
							parent
							
								
									e61a0c2f78
								
							
						
					
					
						commit
						631ade5430
					
				
					 2 changed files with 30 additions and 5 deletions
				
			
		|  | @ -1140,7 +1140,7 @@ func (s *Server) withAuth(next handleFunc, perm auth.Permission) handleFunc { | |||
| 		if s.auth == nil { | ||||
| 			return next(w, r, v) | ||||
| 		} | ||||
| 		t, err := s.topicFromPath(r.URL.Path) | ||||
| 		topics, _, err := s.topicsFromPath(r.URL.Path) | ||||
| 		if err != nil { | ||||
| 			return err | ||||
| 		} | ||||
|  | @ -1152,9 +1152,11 @@ func (s *Server) withAuth(next handleFunc, perm auth.Permission) handleFunc { | |||
| 				return errHTTPUnauthorized | ||||
| 			} | ||||
| 		} | ||||
| 		if err := s.auth.Authorize(user, t.ID, perm); err != nil { | ||||
| 			log.Printf("unauthorized: %s", err.Error()) | ||||
| 			return errHTTPForbidden | ||||
| 		for _, t := range topics { | ||||
| 			if err := s.auth.Authorize(user, t.ID, perm); err != nil { | ||||
| 				log.Printf("unauthorized: %s", err.Error()) | ||||
| 				return errHTTPForbidden | ||||
| 			} | ||||
| 		} | ||||
| 		return next(w, r, v) | ||||
| 	} | ||||
|  |  | |||
|  | @ -549,7 +549,7 @@ func TestServer_Auth_Success_User(t *testing.T) { | |||
| 
 | ||||
| 	manager := s.auth.(auth.Manager) | ||||
| 	require.Nil(t, manager.AddUser("ben", "ben", auth.RoleUser)) | ||||
| 	require.Nil(t, manager.AllowAccess("ben", "mytopic", true, true)) // Not mytopic! | ||||
| 	require.Nil(t, manager.AllowAccess("ben", "mytopic", true, true)) | ||||
| 
 | ||||
| 	response := request(t, s, "GET", "/mytopic/auth", "", map[string]string{ | ||||
| 		"Authorization": basicAuth("ben:ben"), | ||||
|  | @ -557,6 +557,29 @@ func TestServer_Auth_Success_User(t *testing.T) { | |||
| 	require.Equal(t, 200, response.Code) | ||||
| } | ||||
| 
 | ||||
| func TestServer_Auth_Success_User_MultipleTopics(t *testing.T) { | ||||
| 	c := newTestConfig(t) | ||||
| 	c.AuthFile = filepath.Join(t.TempDir(), "user.db") | ||||
| 	c.AuthDefaultRead = false | ||||
| 	c.AuthDefaultWrite = false | ||||
| 	s := newTestServer(t, c) | ||||
| 
 | ||||
| 	manager := s.auth.(auth.Manager) | ||||
| 	require.Nil(t, manager.AddUser("ben", "ben", auth.RoleUser)) | ||||
| 	require.Nil(t, manager.AllowAccess("ben", "mytopic", true, true)) | ||||
| 	require.Nil(t, manager.AllowAccess("ben", "anothertopic", true, true)) | ||||
| 
 | ||||
| 	response := request(t, s, "GET", "/mytopic,anothertopic/auth", "", map[string]string{ | ||||
| 		"Authorization": basicAuth("ben:ben"), | ||||
| 	}) | ||||
| 	require.Equal(t, 200, response.Code) | ||||
| 
 | ||||
| 	response = request(t, s, "GET", "/mytopic,anothertopic,NOT-THIS-ONE/auth", "", map[string]string{ | ||||
| 		"Authorization": basicAuth("ben:ben"), | ||||
| 	}) | ||||
| 	require.Equal(t, 403, response.Code) | ||||
| } | ||||
| 
 | ||||
| func TestServer_Auth_Fail_InvalidPass(t *testing.T) { | ||||
| 	c := newTestConfig(t) | ||||
| 	c.AuthFile = filepath.Join(t.TempDir(), "user.db") | ||||
|  |  | |||
		Loading…
	
	Add table
		Add a link
		
	
		Reference in a new issue