2017-06-26 09:07:53 +00:00
|
|
|
package api
|
|
|
|
|
|
|
|
import (
|
2017-07-06 18:49:36 +00:00
|
|
|
"net/http"
|
|
|
|
"net/http/httptest"
|
2017-06-26 09:07:53 +00:00
|
|
|
"testing"
|
|
|
|
|
2017-07-06 18:49:36 +00:00
|
|
|
"github.com/gin-gonic/gin"
|
2017-06-26 09:07:53 +00:00
|
|
|
"github.com/stretchr/testify/assert"
|
2017-07-06 18:49:36 +00:00
|
|
|
|
2018-02-20 19:33:32 +00:00
|
|
|
"github.com/pterodactyl/wings/config"
|
|
|
|
"github.com/pterodactyl/wings/control"
|
2017-06-26 09:07:53 +00:00
|
|
|
)
|
|
|
|
|
2017-09-30 22:25:04 +00:00
|
|
|
const configFile = "_testdata/config.yml"
|
2017-07-06 18:49:36 +00:00
|
|
|
|
|
|
|
func TestAuthHandler(t *testing.T) {
|
|
|
|
gin.SetMode(gin.ReleaseMode)
|
|
|
|
|
|
|
|
t.Run("rejects missing token", func(t *testing.T) {
|
|
|
|
loadConfiguration(t, false)
|
|
|
|
|
|
|
|
responded, rec := requestMiddlewareWith("c:somepermission", "", "")
|
|
|
|
|
|
|
|
assert.False(t, responded)
|
2017-07-29 11:09:17 +00:00
|
|
|
assert.Equal(t, http.StatusBadRequest, rec.Code)
|
2017-07-06 18:49:36 +00:00
|
|
|
})
|
|
|
|
|
|
|
|
t.Run("rejects c:* with invalid key", func(t *testing.T) {
|
|
|
|
loadConfiguration(t, false)
|
|
|
|
|
|
|
|
responded, rec := requestMiddlewareWith("c:somepermission", "invalidkey", "")
|
|
|
|
|
|
|
|
assert.False(t, responded)
|
2017-07-29 11:09:17 +00:00
|
|
|
assert.Equal(t, http.StatusForbidden, rec.Code)
|
2017-07-06 18:49:36 +00:00
|
|
|
})
|
|
|
|
|
|
|
|
t.Run("accepts existing c: key", func(t *testing.T) {
|
|
|
|
loadConfiguration(t, false)
|
|
|
|
|
|
|
|
responded, rec := requestMiddlewareWith("c:somepermission", "existingkey", "") // TODO: working token
|
|
|
|
|
|
|
|
assert.True(t, responded)
|
2017-07-29 11:09:17 +00:00
|
|
|
assert.Equal(t, http.StatusOK, rec.Code)
|
2017-07-06 18:49:36 +00:00
|
|
|
})
|
|
|
|
|
|
|
|
t.Run("rejects not existing server", func(t *testing.T) {
|
|
|
|
loadConfiguration(t, true)
|
|
|
|
|
2017-08-02 19:35:15 +00:00
|
|
|
responded, rec := requestMiddlewareWith("g:testnotexisting", "existingkey", "notexistingserver")
|
2017-07-06 18:49:36 +00:00
|
|
|
|
|
|
|
assert.False(t, responded)
|
2017-08-02 19:35:15 +00:00
|
|
|
assert.Equal(t, http.StatusForbidden, rec.Code)
|
2017-07-06 18:49:36 +00:00
|
|
|
})
|
|
|
|
|
|
|
|
t.Run("accepts server with existing g: key", func(t *testing.T) {
|
|
|
|
loadConfiguration(t, true)
|
|
|
|
|
|
|
|
responded, rec := requestMiddlewareWith("g:test", "existingkey", "existingserver")
|
|
|
|
|
|
|
|
assert.True(t, responded)
|
2017-07-29 11:09:17 +00:00
|
|
|
assert.Equal(t, http.StatusOK, rec.Code)
|
2017-07-06 18:49:36 +00:00
|
|
|
})
|
|
|
|
|
|
|
|
t.Run("rejects server with not existing g: key", func(t *testing.T) {
|
|
|
|
loadConfiguration(t, true)
|
|
|
|
|
|
|
|
responded, rec := requestMiddlewareWith("g:test", "notexistingkey", "existingserver")
|
|
|
|
|
|
|
|
assert.False(t, responded)
|
2017-07-29 11:09:17 +00:00
|
|
|
assert.Equal(t, http.StatusForbidden, rec.Code)
|
2017-07-06 18:49:36 +00:00
|
|
|
})
|
|
|
|
|
|
|
|
t.Run("rejects server with not existing s: key", func(t *testing.T) {
|
|
|
|
loadConfiguration(t, true)
|
|
|
|
|
|
|
|
responded, rec := requestMiddlewareWith("s:test", "notexistingskey", "existingserver")
|
|
|
|
|
|
|
|
assert.False(t, responded)
|
2017-07-29 11:09:17 +00:00
|
|
|
assert.Equal(t, http.StatusForbidden, rec.Code)
|
2017-07-06 18:49:36 +00:00
|
|
|
})
|
|
|
|
|
|
|
|
t.Run("accepts server with existing s: key with specific permission", func(t *testing.T) {
|
|
|
|
loadConfiguration(t, true)
|
|
|
|
|
|
|
|
responded, rec := requestMiddlewareWith("s:test", "existingspecificskey", "existingserver")
|
|
|
|
|
|
|
|
assert.True(t, responded)
|
2017-07-29 11:09:17 +00:00
|
|
|
assert.Equal(t, http.StatusOK, rec.Code)
|
2017-07-06 18:49:36 +00:00
|
|
|
})
|
|
|
|
|
|
|
|
t.Run("accepts server with existing s: key with gloabl permission", func(t *testing.T) {
|
|
|
|
loadConfiguration(t, true)
|
|
|
|
|
|
|
|
responded, rec := requestMiddlewareWith("s:test", "existingglobalskey", "existingserver")
|
|
|
|
|
|
|
|
assert.True(t, responded)
|
2017-07-29 11:09:17 +00:00
|
|
|
assert.Equal(t, http.StatusOK, rec.Code)
|
2017-07-06 18:49:36 +00:00
|
|
|
})
|
|
|
|
|
|
|
|
t.Run("rejects server with existing s: key without permission", func(t *testing.T) {
|
|
|
|
loadConfiguration(t, true)
|
|
|
|
|
|
|
|
responded, rec := requestMiddlewareWith("s:without", "existingspecificskey", "existingserver")
|
|
|
|
|
|
|
|
assert.False(t, responded)
|
2017-07-29 11:09:17 +00:00
|
|
|
assert.Equal(t, http.StatusForbidden, rec.Code)
|
2017-07-06 18:49:36 +00:00
|
|
|
})
|
|
|
|
}
|
|
|
|
|
|
|
|
func requestMiddlewareWith(neededPermission string, token string, serverUUID string) (responded bool, recorder *httptest.ResponseRecorder) {
|
|
|
|
router := gin.New()
|
|
|
|
responded = false
|
|
|
|
recorder = httptest.NewRecorder()
|
2017-08-02 21:47:09 +00:00
|
|
|
req, _ := http.NewRequest("GET", "/"+serverUUID, nil)
|
|
|
|
|
|
|
|
endpoint := "/"
|
|
|
|
if serverUUID != "" {
|
|
|
|
endpoint += ":server"
|
|
|
|
}
|
2017-07-06 18:49:36 +00:00
|
|
|
|
2017-08-02 21:47:09 +00:00
|
|
|
router.GET(endpoint, AuthHandler(neededPermission), func(c *gin.Context) {
|
2017-07-06 18:49:36 +00:00
|
|
|
c.String(http.StatusOK, "Access granted.")
|
|
|
|
responded = true
|
|
|
|
})
|
|
|
|
|
|
|
|
req.Header.Set(accessTokenHeader, token)
|
|
|
|
router.ServeHTTP(recorder, req)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
func loadConfiguration(t *testing.T, serverConfig bool) {
|
|
|
|
if err := config.LoadConfiguration(configFile); err != nil {
|
|
|
|
t.Error(err)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
if serverConfig {
|
|
|
|
if err := control.LoadServerConfigurations("_testdata/servers/"); err != nil {
|
|
|
|
t.Error(err)
|
|
|
|
}
|
|
|
|
}
|
2017-06-26 09:07:53 +00:00
|
|
|
}
|