Support multiple topics in auth
parent
e61a0c2f78
commit
631ade5430
|
@ -1140,7 +1140,7 @@ func (s *Server) withAuth(next handleFunc, perm auth.Permission) handleFunc {
|
|||
if s.auth == nil {
|
||||
return next(w, r, v)
|
||||
}
|
||||
t, err := s.topicFromPath(r.URL.Path)
|
||||
topics, _, err := s.topicsFromPath(r.URL.Path)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
@ -1152,9 +1152,11 @@ func (s *Server) withAuth(next handleFunc, perm auth.Permission) handleFunc {
|
|||
return errHTTPUnauthorized
|
||||
}
|
||||
}
|
||||
if err := s.auth.Authorize(user, t.ID, perm); err != nil {
|
||||
log.Printf("unauthorized: %s", err.Error())
|
||||
return errHTTPForbidden
|
||||
for _, t := range topics {
|
||||
if err := s.auth.Authorize(user, t.ID, perm); err != nil {
|
||||
log.Printf("unauthorized: %s", err.Error())
|
||||
return errHTTPForbidden
|
||||
}
|
||||
}
|
||||
return next(w, r, v)
|
||||
}
|
||||
|
|
|
@ -549,7 +549,7 @@ func TestServer_Auth_Success_User(t *testing.T) {
|
|||
|
||||
manager := s.auth.(auth.Manager)
|
||||
require.Nil(t, manager.AddUser("ben", "ben", auth.RoleUser))
|
||||
require.Nil(t, manager.AllowAccess("ben", "mytopic", true, true)) // Not mytopic!
|
||||
require.Nil(t, manager.AllowAccess("ben", "mytopic", true, true))
|
||||
|
||||
response := request(t, s, "GET", "/mytopic/auth", "", map[string]string{
|
||||
"Authorization": basicAuth("ben:ben"),
|
||||
|
@ -557,6 +557,29 @@ func TestServer_Auth_Success_User(t *testing.T) {
|
|||
require.Equal(t, 200, response.Code)
|
||||
}
|
||||
|
||||
func TestServer_Auth_Success_User_MultipleTopics(t *testing.T) {
|
||||
c := newTestConfig(t)
|
||||
c.AuthFile = filepath.Join(t.TempDir(), "user.db")
|
||||
c.AuthDefaultRead = false
|
||||
c.AuthDefaultWrite = false
|
||||
s := newTestServer(t, c)
|
||||
|
||||
manager := s.auth.(auth.Manager)
|
||||
require.Nil(t, manager.AddUser("ben", "ben", auth.RoleUser))
|
||||
require.Nil(t, manager.AllowAccess("ben", "mytopic", true, true))
|
||||
require.Nil(t, manager.AllowAccess("ben", "anothertopic", true, true))
|
||||
|
||||
response := request(t, s, "GET", "/mytopic,anothertopic/auth", "", map[string]string{
|
||||
"Authorization": basicAuth("ben:ben"),
|
||||
})
|
||||
require.Equal(t, 200, response.Code)
|
||||
|
||||
response = request(t, s, "GET", "/mytopic,anothertopic,NOT-THIS-ONE/auth", "", map[string]string{
|
||||
"Authorization": basicAuth("ben:ben"),
|
||||
})
|
||||
require.Equal(t, 403, response.Code)
|
||||
}
|
||||
|
||||
func TestServer_Auth_Fail_InvalidPass(t *testing.T) {
|
||||
c := newTestConfig(t)
|
||||
c.AuthFile = filepath.Join(t.TempDir(), "user.db")
|
||||
|
|
Loading…
Reference in New Issue