From 63b000c3b70f33396eea7f294a03bf6a8d85770d Mon Sep 17 00:00:00 2001 From: Pascal Fischer Date: Mon, 25 Nov 2024 15:07:58 +0100 Subject: [PATCH] add different users --- .../http/posture_checks_handler_test.go | 2 +- .../server/http/setupkeys_integration_test.go | 549 +++++++++++++----- .../server/http/testdata/setup_keys.sql | 12 +- management/server/jwtclaims/jwtValidator.go | 21 +- 4 files changed, 431 insertions(+), 153 deletions(-) diff --git a/management/server/http/posture_checks_handler_test.go b/management/server/http/posture_checks_handler_test.go index 9f7996e05..433205de2 100644 --- a/management/server/http/posture_checks_handler_test.go +++ b/management/server/http/posture_checks_handler_test.go @@ -70,7 +70,7 @@ func initPostureChecksTestData(postureChecks ...*posture.Checks) *PostureChecksH return claims.AccountId, claims.UserId, nil }, }, - geolocationManager: &geolocation.geolocationImpl{}, + geolocationManager: &geolocation.GeolocationMock{}, claimsExtractor: jwtclaims.NewClaimsExtractor( jwtclaims.WithFromRequestContext(func(r *http.Request) jwtclaims.AuthorizationClaims { return jwtclaims.AuthorizationClaims{ diff --git a/management/server/http/setupkeys_integration_test.go b/management/server/http/setupkeys_integration_test.go index dcbe13a5b..15153391b 100644 --- a/management/server/http/setupkeys_integration_test.go +++ b/management/server/http/setupkeys_integration_test.go @@ -25,12 +25,20 @@ import ( ) const ( - testAccountId = "testUserId" - testUserId = "testAccountId" + testAccountId = "testAccountId" testPeerId = "testPeerId" testGroupId = "testGroupId" testKeyId = "testKeyId" + testUserId = "testUserId" + testAdminId = "testAdminId" + testOwnerId = "testOwnerId" + testServiceUserId = "testServiceUserId" + testServiceAdminId = "testServiceAdminId" + blockedUserId = "blockedUserId" + otherUserId = "otherUserId" + invalidToken = "invalidToken" + newKeyName = "newKey" newGroupId = "newGroupId" expiresIn = 3600 @@ -42,6 +50,54 @@ const ( func Test_SetupKeys_Create(t *testing.T) { truePointer := true + + users := []struct { + name string + userId string + expectResponse bool + }{ + { + name: "Regular user", + userId: testUserId, + expectResponse: false, + }, + { + name: "Admin user", + userId: testAdminId, + expectResponse: true, + }, + { + name: "Owner user", + userId: testOwnerId, + expectResponse: true, + }, + { + name: "Regular service user", + userId: testServiceUserId, + expectResponse: false, + }, + { + name: "Admin service user", + userId: testServiceAdminId, + expectResponse: true, + }, + { + name: "Blocked user", + userId: blockedUserId, + expectResponse: false, + }, + { + name: "Other user", + userId: otherUserId, + expectResponse: false, + }, + { + name: "Invalid token", + userId: invalidToken, + expectResponse: false, + }, + } + tt := []struct { name string expectedStatus int @@ -49,6 +105,7 @@ func Test_SetupKeys_Create(t *testing.T) { requestBody *api.CreateSetupKeyRequest requestType string requestPath string + userId string }{ { name: "Create Setup Key", @@ -256,47 +313,96 @@ func Test_SetupKeys_Create(t *testing.T) { } for _, tc := range tt { - t.Run(tc.name, func(t *testing.T) { - apiHandler, am, done := buildApiBlackBoxWithDBState(t, "testdata/setup_keys.sql", nil) + for _, user := range users { + t.Run(user.name+" - "+tc.name, func(t *testing.T) { + apiHandler, am, done := buildApiBlackBoxWithDBState(t, "testdata/setup_keys.sql", nil) - body, err := json.Marshal(tc.requestBody) - if err != nil { - t.Fatalf("Failed to marshal request body: %v", err) - } - req := buildRequest(t, body, tc.requestType, tc.requestPath) + body, err := json.Marshal(tc.requestBody) + if err != nil { + t.Fatalf("Failed to marshal request body: %v", err) + } + req := buildRequest(t, body, tc.requestType, tc.requestPath, user.userId) - recorder := httptest.NewRecorder() + recorder := httptest.NewRecorder() - apiHandler.ServeHTTP(recorder, req) + apiHandler.ServeHTTP(recorder, req) - content, noResponseExpected := readResponse(t, recorder, tc.expectedStatus) - if noResponseExpected { - return - } - got := &api.SetupKey{} - if err := json.Unmarshal(content, &got); err != nil { - t.Fatalf("Sent content is not in correct json format; %v", err) - } + content, expectResponse := readResponse(t, recorder, tc.expectedStatus, user.expectResponse) + if !expectResponse { + return + } + got := &api.SetupKey{} + if err := json.Unmarshal(content, &got); err != nil { + t.Fatalf("Sent content is not in correct json format; %v", err) + } - validateCreatedKey(t, tc.expectedResponse, got) + validateCreatedKey(t, tc.expectedResponse, got) - key, err := am.GetSetupKey(context.Background(), testAccountId, testUserId, got.Id) - if err != nil { - return - } + key, err := am.GetSetupKey(context.Background(), testAccountId, testUserId, got.Id) + if err != nil { + return + } - validateCreatedKey(t, tc.expectedResponse, toResponseBody(key)) + validateCreatedKey(t, tc.expectedResponse, toResponseBody(key)) - select { - case <-done: - case <-time.After(time.Second): - t.Error("timeout waiting for peerShouldNotReceiveUpdate") - } - }) + select { + case <-done: + case <-time.After(time.Second): + t.Error("timeout waiting for peerShouldNotReceiveUpdate") + } + }) + } } } func Test_SetupKeys_Update(t *testing.T) { + users := []struct { + name string + userId string + expectResponse bool + }{ + { + name: "Regular user", + userId: testUserId, + expectResponse: false, + }, + { + name: "Admin user", + userId: testAdminId, + expectResponse: true, + }, + { + name: "Owner user", + userId: testOwnerId, + expectResponse: true, + }, + { + name: "Regular service user", + userId: testServiceUserId, + expectResponse: false, + }, + { + name: "Admin service user", + userId: testServiceAdminId, + expectResponse: true, + }, + { + name: "Blocked user", + userId: blockedUserId, + expectResponse: false, + }, + { + name: "Other user", + userId: otherUserId, + expectResponse: false, + }, + { + name: "Invalid token", + userId: invalidToken, + expectResponse: false, + }, + } + tt := []struct { name string expectedStatus int @@ -492,48 +598,97 @@ func Test_SetupKeys_Update(t *testing.T) { } for _, tc := range tt { - t.Run(tc.name, func(t *testing.T) { - apiHandler, am, done := buildApiBlackBoxWithDBState(t, "testdata/setup_keys.sql", nil) + for _, user := range users { + t.Run(tc.name, func(t *testing.T) { + apiHandler, am, done := buildApiBlackBoxWithDBState(t, "testdata/setup_keys.sql", nil) - body, err := json.Marshal(tc.requestBody) - if err != nil { - t.Fatalf("Failed to marshal request body: %v", err) - } + body, err := json.Marshal(tc.requestBody) + if err != nil { + t.Fatalf("Failed to marshal request body: %v", err) + } - req := buildRequest(t, body, tc.requestType, strings.Replace(tc.requestPath, "{id}", tc.requestId, 1)) + req := buildRequest(t, body, tc.requestType, strings.Replace(tc.requestPath, "{id}", tc.requestId, 1), user.userId) - recorder := httptest.NewRecorder() + recorder := httptest.NewRecorder() - apiHandler.ServeHTTP(recorder, req) + apiHandler.ServeHTTP(recorder, req) - content, noResponseExpected := readResponse(t, recorder, tc.expectedStatus) - if noResponseExpected { - return - } - got := &api.SetupKey{} - if err := json.Unmarshal(content, &got); err != nil { - t.Fatalf("Sent content is not in correct json format; %v", err) - } + content, expectResponse := readResponse(t, recorder, tc.expectedStatus, user.expectResponse) + if !expectResponse { + return + } + got := &api.SetupKey{} + if err := json.Unmarshal(content, &got); err != nil { + t.Fatalf("Sent content is not in correct json format; %v", err) + } - validateCreatedKey(t, tc.expectedResponse, got) + validateCreatedKey(t, tc.expectedResponse, got) - key, err := am.GetSetupKey(context.Background(), testAccountId, testUserId, got.Id) - if err != nil { - return - } + key, err := am.GetSetupKey(context.Background(), testAccountId, testUserId, got.Id) + if err != nil { + return + } - validateCreatedKey(t, tc.expectedResponse, toResponseBody(key)) + validateCreatedKey(t, tc.expectedResponse, toResponseBody(key)) - select { - case <-done: - case <-time.After(time.Second): - t.Error("timeout waiting for peerShouldNotReceiveUpdate") - } - }) + select { + case <-done: + case <-time.After(time.Second): + t.Error("timeout waiting for peerShouldNotReceiveUpdate") + } + }) + } } } func Test_SetupKeys_Get(t *testing.T) { + users := []struct { + name string + userId string + expectResponse bool + }{ + { + name: "Regular user", + userId: testUserId, + expectResponse: false, + }, + { + name: "Admin user", + userId: testAdminId, + expectResponse: true, + }, + { + name: "Owner user", + userId: testOwnerId, + expectResponse: true, + }, + { + name: "Regular service user", + userId: testServiceUserId, + expectResponse: false, + }, + { + name: "Admin service user", + userId: testServiceAdminId, + expectResponse: true, + }, + { + name: "Blocked user", + userId: blockedUserId, + expectResponse: false, + }, + { + name: "Other user", + userId: otherUserId, + expectResponse: false, + }, + { + name: "Invalid token", + userId: invalidToken, + expectResponse: false, + }, + } + tt := []struct { name string expectedStatus int @@ -622,43 +777,92 @@ func Test_SetupKeys_Get(t *testing.T) { } for _, tc := range tt { - t.Run(tc.name, func(t *testing.T) { - apiHandler, am, done := buildApiBlackBoxWithDBState(t, "testdata/setup_keys.sql", nil) + for _, user := range users { + t.Run(tc.name, func(t *testing.T) { + apiHandler, am, done := buildApiBlackBoxWithDBState(t, "testdata/setup_keys.sql", nil) - req := buildRequest(t, []byte{}, tc.requestType, strings.Replace(tc.requestPath, "{id}", tc.requestId, 1)) + req := buildRequest(t, []byte{}, tc.requestType, strings.Replace(tc.requestPath, "{id}", tc.requestId, 1), user.userId) - recorder := httptest.NewRecorder() + recorder := httptest.NewRecorder() - apiHandler.ServeHTTP(recorder, req) + apiHandler.ServeHTTP(recorder, req) - content, noResponseExpected := readResponse(t, recorder, tc.expectedStatus) - if noResponseExpected { - return - } - got := &api.SetupKey{} - if err := json.Unmarshal(content, &got); err != nil { - t.Fatalf("Sent content is not in correct json format; %v", err) - } + content, noResponseExpected := readResponse(t, recorder, tc.expectedStatus, user.expectResponse) + if noResponseExpected { + return + } + got := &api.SetupKey{} + if err := json.Unmarshal(content, &got); err != nil { + t.Fatalf("Sent content is not in correct json format; %v", err) + } - validateCreatedKey(t, tc.expectedResponse, got) + validateCreatedKey(t, tc.expectedResponse, got) - key, err := am.GetSetupKey(context.Background(), testAccountId, testUserId, got.Id) - if err != nil { - return - } + key, err := am.GetSetupKey(context.Background(), testAccountId, testUserId, got.Id) + if err != nil { + return + } - validateCreatedKey(t, tc.expectedResponse, toResponseBody(key)) + validateCreatedKey(t, tc.expectedResponse, toResponseBody(key)) - select { - case <-done: - case <-time.After(time.Second): - t.Error("timeout waiting for peerShouldNotReceiveUpdate") - } - }) + select { + case <-done: + case <-time.After(time.Second): + t.Error("timeout waiting for peerShouldNotReceiveUpdate") + } + }) + } } } func Test_SetupKeys_GetAll(t *testing.T) { + users := []struct { + name string + userId string + expectResponse bool + }{ + { + name: "Regular user", + userId: testUserId, + expectResponse: false, + }, + { + name: "Admin user", + userId: testAdminId, + expectResponse: true, + }, + { + name: "Owner user", + userId: testOwnerId, + expectResponse: true, + }, + { + name: "Regular service user", + userId: testServiceUserId, + expectResponse: false, + }, + { + name: "Admin service user", + userId: testServiceAdminId, + expectResponse: true, + }, + { + name: "Blocked user", + userId: blockedUserId, + expectResponse: false, + }, + { + name: "Other user", + userId: otherUserId, + expectResponse: false, + }, + { + name: "Invalid token", + userId: invalidToken, + expectResponse: false, + }, + } + tt := []struct { name string expectedStatus int @@ -725,53 +929,102 @@ func Test_SetupKeys_GetAll(t *testing.T) { } for _, tc := range tt { - t.Run(tc.name, func(t *testing.T) { - apiHandler, am, done := buildApiBlackBoxWithDBState(t, "testdata/setup_keys.sql", nil) + for _, user := range users { + t.Run(tc.name, func(t *testing.T) { + apiHandler, am, done := buildApiBlackBoxWithDBState(t, "testdata/setup_keys.sql", nil) - req := buildRequest(t, []byte{}, tc.requestType, tc.requestPath) + req := buildRequest(t, []byte{}, tc.requestType, tc.requestPath, user.userId) - recorder := httptest.NewRecorder() + recorder := httptest.NewRecorder() - apiHandler.ServeHTTP(recorder, req) + apiHandler.ServeHTTP(recorder, req) - content, noResponseExpected := readResponse(t, recorder, tc.expectedStatus) - if noResponseExpected { - return - } - got := []api.SetupKey{} - if err := json.Unmarshal(content, &got); err != nil { - t.Fatalf("Sent content is not in correct json format; %v", err) - } - - sort.Slice(got, func(i, j int) bool { - return got[i].UsageLimit < got[j].UsageLimit - }) - - sort.Slice(tc.expectedResponse, func(i, j int) bool { - return tc.expectedResponse[i].UsageLimit < tc.expectedResponse[j].UsageLimit - }) - - for i, _ := range tc.expectedResponse { - validateCreatedKey(t, tc.expectedResponse[i], &got[i]) - - key, err := am.GetSetupKey(context.Background(), testAccountId, testUserId, got[i].Id) - if err != nil { + content, expectResponse := readResponse(t, recorder, tc.expectedStatus, user.expectResponse) + if !expectResponse { return } + got := []api.SetupKey{} + if err := json.Unmarshal(content, &got); err != nil { + t.Fatalf("Sent content is not in correct json format; %v", err) + } - validateCreatedKey(t, tc.expectedResponse[i], toResponseBody(key)) - } + sort.Slice(got, func(i, j int) bool { + return got[i].UsageLimit < got[j].UsageLimit + }) - select { - case <-done: - case <-time.After(time.Second): - t.Error("timeout waiting for peerShouldNotReceiveUpdate") - } - }) + sort.Slice(tc.expectedResponse, func(i, j int) bool { + return tc.expectedResponse[i].UsageLimit < tc.expectedResponse[j].UsageLimit + }) + + for i, _ := range tc.expectedResponse { + validateCreatedKey(t, tc.expectedResponse[i], &got[i]) + + key, err := am.GetSetupKey(context.Background(), testAccountId, testUserId, got[i].Id) + if err != nil { + return + } + + validateCreatedKey(t, tc.expectedResponse[i], toResponseBody(key)) + } + + select { + case <-done: + case <-time.After(time.Second): + t.Error("timeout waiting for peerShouldNotReceiveUpdate") + } + }) + } } } func Test_SetupKeys_Delete(t *testing.T) { + users := []struct { + name string + userId string + expectResponse bool + }{ + { + name: "Regular user", + userId: testUserId, + expectResponse: false, + }, + { + name: "Admin user", + userId: testAdminId, + expectResponse: true, + }, + { + name: "Owner user", + userId: testOwnerId, + expectResponse: true, + }, + { + name: "Regular service user", + userId: testServiceUserId, + expectResponse: false, + }, + { + name: "Admin service user", + userId: testServiceAdminId, + expectResponse: true, + }, + { + name: "Blocked user", + userId: blockedUserId, + expectResponse: false, + }, + { + name: "Other user", + userId: otherUserId, + expectResponse: false, + }, + { + name: "Invalid token", + userId: invalidToken, + expectResponse: false, + }, + } + tt := []struct { name string expectedStatus int @@ -860,33 +1113,35 @@ func Test_SetupKeys_Delete(t *testing.T) { } for _, tc := range tt { - t.Run(tc.name, func(t *testing.T) { - apiHandler, am, done := buildApiBlackBoxWithDBState(t, "testdata/setup_keys.sql", nil) + for _, user := range users { + t.Run(tc.name, func(t *testing.T) { + apiHandler, am, done := buildApiBlackBoxWithDBState(t, "testdata/setup_keys.sql", nil) - req := buildRequest(t, []byte{}, tc.requestType, strings.Replace(tc.requestPath, "{id}", tc.requestId, 1)) + req := buildRequest(t, []byte{}, tc.requestType, strings.Replace(tc.requestPath, "{id}", tc.requestId, 1), user.userId) - recorder := httptest.NewRecorder() + recorder := httptest.NewRecorder() - apiHandler.ServeHTTP(recorder, req) + apiHandler.ServeHTTP(recorder, req) - content, noResponseExpected := readResponse(t, recorder, tc.expectedStatus) - if noResponseExpected { - return - } - got := &api.SetupKey{} - if err := json.Unmarshal(content, &got); err != nil { - t.Fatalf("Sent content is not in correct json format; %v", err) - } + content, expectResponse := readResponse(t, recorder, tc.expectedStatus, user.expectResponse) + if !expectResponse { + return + } + got := &api.SetupKey{} + if err := json.Unmarshal(content, &got); err != nil { + t.Fatalf("Sent content is not in correct json format; %v", err) + } - _, err := am.GetSetupKey(context.Background(), testAccountId, testUserId, got.Id) - assert.Errorf(t, err, "Expected error when trying to get deleted key") + _, err := am.GetSetupKey(context.Background(), testAccountId, testUserId, got.Id) + assert.Errorf(t, err, "Expected error when trying to get deleted key") - select { - case <-done: - case <-time.After(time.Second): - t.Error("timeout waiting for peerShouldNotReceiveUpdate") - } - }) + select { + case <-done: + case <-time.After(time.Second): + t.Error("timeout waiting for peerShouldNotReceiveUpdate") + } + }) + } } } @@ -926,16 +1181,16 @@ func buildApiBlackBoxWithDBState(t *testing.T, sqlFile string, expectedPeerUpdat return apiHandler, am, done } -func buildRequest(t *testing.T, requestBody []byte, requestType, requestPath string) *http.Request { +func buildRequest(t *testing.T, requestBody []byte, requestType, requestPath, user string) *http.Request { t.Helper() req := httptest.NewRequest(requestType, requestPath, bytes.NewBuffer(requestBody)) - req.Header.Set("Authorization", "Bearer "+"my.dummy.token") + req.Header.Set("Authorization", "Bearer "+user) return req } -func readResponse(t *testing.T, recorder *httptest.ResponseRecorder, expectedStatus int) ([]byte, bool) { +func readResponse(t *testing.T, recorder *httptest.ResponseRecorder, expectedStatus int, expectResponse bool) ([]byte, bool) { t.Helper() res := recorder.Result() @@ -946,12 +1201,16 @@ func readResponse(t *testing.T, recorder *httptest.ResponseRecorder, expectedSta t.Fatalf("Failed to read response body: %v", err) } + if !expectResponse { + return nil, false + } + if status := recorder.Code; status != expectedStatus { t.Fatalf("handler returned wrong status code: got %v want %v, content: %s", status, expectedStatus, string(content)) } - return content, expectedStatus != http.StatusOK + return content, expectedStatus == http.StatusOK } func validateCreatedKey(t *testing.T, expectedKey *api.SetupKey, got *api.SetupKey) { diff --git a/management/server/http/testdata/setup_keys.sql b/management/server/http/testdata/setup_keys.sql index 6fe374a6e..c0add3268 100644 --- a/management/server/http/testdata/setup_keys.sql +++ b/management/server/http/testdata/setup_keys.sql @@ -1,15 +1,23 @@ CREATE TABLE `accounts` (`id` text,`created_by` text,`created_at` datetime,`domain` text,`domain_category` text,`is_domain_primary_account` numeric,`network_identifier` text,`network_net` text,`network_dns` text,`network_serial` integer,`dns_settings_disabled_management_groups` text,`settings_peer_login_expiration_enabled` numeric,`settings_peer_login_expiration` integer,`settings_regular_users_view_blocked` numeric,`settings_groups_propagation_enabled` numeric,`settings_jwt_groups_enabled` numeric,`settings_jwt_groups_claim_name` text,`settings_jwt_allow_groups` text,`settings_extra_peer_approval_enabled` numeric,`settings_extra_integrated_validator_groups` text,PRIMARY KEY (`id`)); -CREATE TABLE `setup_keys` (`id` text,`account_id` text,`key` text,`key_secret` text,`name` text,`type` text,`created_at` datetime,`expires_at` datetime,`updated_at` datetime,`revoked` numeric,`used_times` integer,`last_used` datetime,`auto_groups` text,`usage_limit` integer,`ephemeral` numeric,PRIMARY KEY (`id`),CONSTRAINT `fk_accounts_setup_keys_g` FOREIGN KEY (`account_id`) REFERENCES `accounts`(`id`)); CREATE TABLE `users` (`id` text,`account_id` text,`role` text,`is_service_user` numeric,`non_deletable` numeric,`service_user_name` text,`auto_groups` text,`blocked` numeric,`last_login` datetime,`created_at` datetime,`issued` text DEFAULT "api",`integration_ref_id` integer,`integration_ref_integration_type` text,PRIMARY KEY (`id`),CONSTRAINT `fk_accounts_users_g` FOREIGN KEY (`account_id`) REFERENCES `accounts`(`id`)); CREATE TABLE `peers` (`id` text,`account_id` text,`key` text,`setup_key` text,`ip` text,`meta_hostname` text,`meta_go_os` text,`meta_kernel` text,`meta_core` text,`meta_platform` text,`meta_os` text,`meta_os_version` text,`meta_wt_version` text,`meta_ui_version` text,`meta_kernel_version` text,`meta_network_addresses` text,`meta_system_serial_number` text,`meta_system_product_name` text,`meta_system_manufacturer` text,`meta_environment` text,`meta_files` text,`name` text,`dns_label` text,`peer_status_last_seen` datetime,`peer_status_connected` numeric,`peer_status_login_expired` numeric,`peer_status_requires_approval` numeric,`user_id` text,`ssh_key` text,`ssh_enabled` numeric,`login_expiration_enabled` numeric,`last_login` datetime,`created_at` datetime,`ephemeral` numeric,`location_connection_ip` text,`location_country_code` text,`location_city_name` text,`location_geo_name_id` integer,PRIMARY KEY (`id`),CONSTRAINT `fk_accounts_peers_g` FOREIGN KEY (`account_id`) REFERENCES `accounts`(`id`)); CREATE TABLE `groups` (`id` text,`account_id` text,`name` text,`issued` text,`peers` text,`integration_ref_id` integer,`integration_ref_integration_type` text,PRIMARY KEY (`id`),CONSTRAINT `fk_accounts_groups_g` FOREIGN KEY (`account_id`) REFERENCES `accounts`(`id`)); INSERT INTO accounts VALUES('testAccountId','','2024-10-02 16:01:38.210014+02:00','test.com','private',1,'testNetworkIdentifier','{"IP":"100.64.0.0","Mask":"//8AAA=="}','',0,'[]',0,86400000000000,0,0,0,'',NULL,NULL,NULL); -INSERT INTO users VALUES('testUserId','testAccountId','admin',0,0,'','[]',0,'0001-01-01 00:00:00+00:00','2024-10-02 16:01:38.210678+02:00','api',0,''); +INSERT INTO users VALUES('testUserId','testAccountId','user',0,0,'','[]',0,'0001-01-01 00:00:00+00:00','2024-10-02 16:01:38.210678+02:00','api',0,''); +INSERT INTO users VALUES('testAdminId','testAccountId','admin',0,0,'','[]',0,'0001-01-01 00:00:00+00:00','2024-10-02 16:01:38.210678+02:00','api',0,''); +INSERT INTO users VALUES('testOwnerId','testAccountId','owner',0,0,'','[]',0,'0001-01-01 00:00:00+00:00','2024-10-02 16:01:38.210678+02:00','api',0,''); +INSERT INTO users VALUES('testServiceUserId','testAccountId','user',1,0,'','[]',0,'0001-01-01 00:00:00+00:00','2024-10-02 16:01:38.210678+02:00','api',0,''); +INSERT INTO users VALUES('testServiceAdminId','testAccountId','admin',1,0,'','[]',0,'0001-01-01 00:00:00+00:00','2024-10-02 16:01:38.210678+02:00','api',0,''); +INSERT INTO users VALUES('blockedUserId','testAccountId','admin',0,0,'','[]',1,'0001-01-01 00:00:00+00:00','2024-10-02 16:01:38.210678+02:00','api',0,''); +INSERT INTO users VALUES('otherUserId','otherAccountId','admin',0,0,'','[]',0,'0001-01-01 00:00:00+00:00','2024-10-02 16:01:38.210678+02:00','api',0,''); INSERT INTO peers VALUES('testPeerId','testAccountId','5rvhvriKJZ3S9oxYToVj5TzDM9u9y8cxg7htIMWlYAg=','72546A29-6BC8-4311-BCFC-9CDBF33F1A48','"100.64.114.31"','f2a34f6a4731','linux','Linux','11','unknown','Debian GNU/Linux','','0.12.0','','',NULL,'','','','{"Cloud":"","Platform":""}',NULL,'f2a34f6a4731','f2a34f6a4731','2023-03-02 09:21:02.189035775+01:00',0,0,0,'','ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILzUUSYG/LGnV8zarb2SGN+tib/PZ+M7cL4WtTzUrTpk',0,1,'2023-03-01 19:48:19.817799698+01:00','2024-10-02 17:00:32.527947+02:00',0,'""','','',0); INSERT INTO "groups" VALUES('testGroupId','testAccountId','testGroupName','api','[]',0,''); INSERT INTO "groups" VALUES('newGroupId','testAccountId','newGroupName','api','[]',0,''); + +CREATE TABLE `setup_keys` (`id` text,`account_id` text,`key` text,`key_secret` text,`name` text,`type` text,`created_at` datetime,`expires_at` datetime,`updated_at` datetime,`revoked` numeric,`used_times` integer,`last_used` datetime,`auto_groups` text,`usage_limit` integer,`ephemeral` numeric,PRIMARY KEY (`id`),CONSTRAINT `fk_accounts_setup_keys_g` FOREIGN KEY (`account_id`) REFERENCES `accounts`(`id`)); + INSERT INTO setup_keys VALUES('testKeyId','testAccountId','testKey','testK****','existingKey','one-off','2021-08-19 20:46:20.005936822+02:00','2321-09-18 20:46:20.005936822+02:00','2021-08-19 20:46:20.005936822+02:00',0,0,'0001-01-01 00:00:00+00:00','["testGroupId"]',1,0); INSERT INTO setup_keys VALUES('revokedKeyId','testAccountId','revokedKey','testK****','existingKey','reusable','2021-08-19 20:46:20.005936822+02:00','2321-09-18 20:46:20.005936822+02:00','2021-08-19 20:46:20.005936822+02:00',1,0,'0001-01-01 00:00:00+00:00','["testGroupId"]',3,0); INSERT INTO setup_keys VALUES('expiredKeyId','testAccountId','expiredKey','testK****','existingKey','reusable','2021-08-19 20:46:20.005936822+02:00','1921-09-18 20:46:20.005936822+02:00','2021-08-19 20:46:20.005936822+02:00',0,1,'0001-01-01 00:00:00+00:00','["testGroupId"]',5,1); diff --git a/management/server/jwtclaims/jwtValidator.go b/management/server/jwtclaims/jwtValidator.go index b7b05d5e2..da61fda8e 100644 --- a/management/server/jwtclaims/jwtValidator.go +++ b/management/server/jwtclaims/jwtValidator.go @@ -319,11 +319,22 @@ type JwtValidatorMock struct{} func (j *JwtValidatorMock) ValidateAndParse(ctx context.Context, token string) (*jwt.Token, error) { claimMaps := jwt.MapClaims{} - claimMaps[UserIDClaim] = "testUserId" - claimMaps[AccountIDSuffix] = "testAccountId" - claimMaps[DomainIDSuffix] = "test.com" - claimMaps[DomainCategorySuffix] = "private" - jwtToken := jwt.NewWithClaims(jwt.SigningMethodHS256, claimMaps) + switch token { + case "testUserId", "testAdminId", "testOwnerId", "testServiceUserId", "testServiceAdminId", "blockedUserId": + claimMaps[UserIDClaim] = token + claimMaps[AccountIDSuffix] = "testAccountId" + claimMaps[DomainIDSuffix] = "test.com" + claimMaps[DomainCategorySuffix] = "private" + case "otherUserId": + claimMaps[UserIDClaim] = "otherUserId" + claimMaps[AccountIDSuffix] = "otherAccountId" + claimMaps[DomainIDSuffix] = "other.com" + claimMaps[DomainCategorySuffix] = "private" + case "invalidToken": + return nil, errors.New("invalid token") + } + + jwtToken := jwt.NewWithClaims(jwt.SigningMethodHS256, claimMaps) return jwtToken, nil }