mirror of
https://github.com/status-im/consul.git
synced 2025-01-24 04:31:12 +00:00
66f1dd9425
Most HTTP API calls will use the default namespace of the calling token to additionally filter/select the data used for the response if one is not specified by the frontend. The internal permissions/authorize endpoint does not do this (you can ask for permissions from different namespaces in on request). Therefore this PR adds the tokens default namespace in the frontend only to our calls to the authorize endpoint. I tried to do it in a place that made it feel like it's getting added in the backend, i.e. in a place which was least likely to ever require changing or thinking about. Note: We are probably going to change this internal endpoint to also inspect the tokens default namespace on the backend. At which point we can revert this commit/PR. * Add the same support for the tokens default partition
155 lines
3.4 KiB
JavaScript
155 lines
3.4 KiB
JavaScript
import { module, test } from 'qunit';
|
|
import { setupTest } from 'ember-qunit';
|
|
|
|
const assertAuthorize = function(assertion, params = {}, token, $, adapter) {
|
|
const rpc = adapter.rpc;
|
|
const env = adapter.env;
|
|
const settings = adapter.settings;
|
|
adapter.env = {
|
|
var: str => $[str]
|
|
};
|
|
adapter.settings = {
|
|
findBySlug: _ => token
|
|
};
|
|
|
|
adapter.rpc = function(request, respond) {
|
|
request(
|
|
{
|
|
requestForAuthorize: (request, params) => {
|
|
assertion(request, params);
|
|
}
|
|
},
|
|
() => {},
|
|
params,
|
|
params
|
|
)
|
|
};
|
|
adapter.authorize({}, {modelName: 'permission'}, 1, {});
|
|
adapter.rpc = rpc;
|
|
adapter.env = env;
|
|
adapter.settings = settings;
|
|
}
|
|
module('Unit | Adapter | permission', function(hooks) {
|
|
setupTest(hooks);
|
|
|
|
test('it exists', function(assert) {
|
|
let adapter = this.owner.lookup('adapter:permission');
|
|
assert.ok(adapter);
|
|
});
|
|
|
|
test(`authorize adds the tokens default namespace if one isn't specified`, function(assert) {
|
|
const adapter = this.owner.lookup('adapter:permission');
|
|
const expected = 'test';
|
|
const token = {
|
|
Namespace: expected
|
|
};
|
|
const env = {
|
|
CONSUL_NSPACES_ENABLED: true
|
|
};
|
|
const cases = [
|
|
undefined,
|
|
{
|
|
ns: undefined
|
|
},
|
|
{
|
|
ns: ''
|
|
}
|
|
];
|
|
assert.expect(cases.length);
|
|
cases.forEach(
|
|
(params) => {
|
|
assertAuthorize(
|
|
(request, params) => {
|
|
assert.equal(params.ns, expected)
|
|
},
|
|
params,
|
|
token,
|
|
env,
|
|
adapter
|
|
)
|
|
}
|
|
);
|
|
});
|
|
|
|
test(`authorize doesn't add the tokens default namespace if one is specified`, function(assert) {
|
|
assert.expect(1);
|
|
const adapter = this.owner.lookup('adapter:permission');
|
|
const notExpected = 'test';
|
|
const expected = 'default';
|
|
const token = {
|
|
Namespace: notExpected
|
|
};
|
|
const env = {
|
|
CONSUL_NSPACES_ENABLED: true
|
|
};
|
|
assertAuthorize(
|
|
(request, params) => {
|
|
assert.equal(params.ns, expected)
|
|
},
|
|
{
|
|
ns: expected
|
|
},
|
|
token,
|
|
env,
|
|
adapter
|
|
)
|
|
});
|
|
test(`authorize adds the tokens default partition if one isn't specified`, function(assert) {
|
|
const adapter = this.owner.lookup('adapter:permission');
|
|
const expected = 'test';
|
|
const token = {
|
|
Partition: expected
|
|
};
|
|
const env = {
|
|
CONSUL_PARTITIONS_ENABLED: true
|
|
};
|
|
const cases = [
|
|
undefined,
|
|
{
|
|
partition: undefined
|
|
},
|
|
{
|
|
partition: ''
|
|
}
|
|
];
|
|
assert.expect(cases.length);
|
|
cases.forEach(
|
|
(params) => {
|
|
assertAuthorize(
|
|
(request, params) => {
|
|
assert.equal(params.partition, expected)
|
|
},
|
|
params,
|
|
token,
|
|
env,
|
|
adapter
|
|
)
|
|
}
|
|
);
|
|
});
|
|
|
|
test(`authorize doesn't add the tokens default partition if one is specified`, function(assert) {
|
|
assert.expect(1);
|
|
const adapter = this.owner.lookup('adapter:permission');
|
|
const notExpected = 'test';
|
|
const expected = 'default';
|
|
const token = {
|
|
Partition: notExpected
|
|
};
|
|
const env = {
|
|
CONSUL_PARTITIONS_ENABLED: true
|
|
};
|
|
assertAuthorize(
|
|
(request, params) => {
|
|
assert.equal(params.partition, expected)
|
|
},
|
|
{
|
|
partition: expected
|
|
},
|
|
token,
|
|
env,
|
|
adapter
|
|
)
|
|
});
|
|
});
|