extern/netbird
1
0
Fork 0
mirror of https://github.com/netbirdio/netbird.git synced 2025-03-04 01:41:17 +01:00
Code Issues Packages Projects Releases Wiki Activity

add different users

Browse Source
This commit is contained in:
Pascal Fischer 2024-11-25 15:07:58 +01:00
parent 426b38a2e0
commit 63b000c3b7
4 changed files with 431 additions and 153 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
management/server/http/posture_checks_handler_test.go
View File

@ -70,7 +70,7 @@ func initPostureChecksTestData(postureChecks ...*posture.Checks) *PostureChecksH
return claims.AccountId, claims.UserId, nil return claims.AccountId, claims.UserId, nil
}, },
}, },
geolocationManager: &geolocation.geolocationImpl{}, geolocationManager: &geolocation.GeolocationMock{},
claimsExtractor: jwtclaims.NewClaimsExtractor( claimsExtractor: jwtclaims.NewClaimsExtractor(
jwtclaims.WithFromRequestContext(func(r *http.Request) jwtclaims.AuthorizationClaims { jwtclaims.WithFromRequestContext(func(r *http.Request) jwtclaims.AuthorizationClaims {
return jwtclaims.AuthorizationClaims{ return jwtclaims.AuthorizationClaims{

301
management/server/http/setupkeys_integration_test.go
View File

@ -25,12 +25,20 @@ import (
) )
const ( const (
testAccountId = "testUserId" testAccountId = "testAccountId"
testUserId = "testAccountId"
testPeerId = "testPeerId" testPeerId = "testPeerId"
testGroupId = "testGroupId" testGroupId = "testGroupId"
testKeyId = "testKeyId" testKeyId = "testKeyId"
testUserId = "testUserId"
testAdminId = "testAdminId"
testOwnerId = "testOwnerId"
testServiceUserId = "testServiceUserId"
testServiceAdminId = "testServiceAdminId"
blockedUserId = "blockedUserId"
otherUserId = "otherUserId"
invalidToken = "invalidToken"
newKeyName = "newKey" newKeyName = "newKey"
newGroupId = "newGroupId" newGroupId = "newGroupId"
expiresIn = 3600 expiresIn = 3600
@ -42,6 +50,54 @@ const (
func Test_SetupKeys_Create(t *testing.T) { func Test_SetupKeys_Create(t *testing.T) {
truePointer := true truePointer := true
users := []struct {
name string
userId string
expectResponse bool
}{
{
name: "Regular user",
userId: testUserId,
expectResponse: false,
},
{
name: "Admin user",
userId: testAdminId,
expectResponse: true,
},
{
name: "Owner user",
userId: testOwnerId,
expectResponse: true,
},
{
name: "Regular service user",
userId: testServiceUserId,
expectResponse: false,
},
{
name: "Admin service user",
userId: testServiceAdminId,
expectResponse: true,
},
{
name: "Blocked user",
userId: blockedUserId,
expectResponse: false,
},
{
name: "Other user",
userId: otherUserId,
expectResponse: false,
},
{
name: "Invalid token",
userId: invalidToken,
expectResponse: false,
},
}
tt := []struct { tt := []struct {
name string name string
expectedStatus int expectedStatus int
@ -49,6 +105,7 @@ func Test_SetupKeys_Create(t *testing.T) {
requestBody *api.CreateSetupKeyRequest requestBody *api.CreateSetupKeyRequest
requestType string requestType string
requestPath string requestPath string
userId string
}{ }{
{ {
name: "Create Setup Key", name: "Create Setup Key",
@ -256,21 +313,22 @@ func Test_SetupKeys_Create(t *testing.T) {
} }
for _, tc := range tt { for _, tc := range tt {
t.Run(tc.name, func(t *testing.T) { for _, user := range users {
t.Run(user.name+" - "+tc.name, func(t *testing.T) {
apiHandler, am, done := buildApiBlackBoxWithDBState(t, "testdata/setup_keys.sql", nil) apiHandler, am, done := buildApiBlackBoxWithDBState(t, "testdata/setup_keys.sql", nil)
body, err := json.Marshal(tc.requestBody) body, err := json.Marshal(tc.requestBody)
if err != nil { if err != nil {
t.Fatalf("Failed to marshal request body: %v", err) t.Fatalf("Failed to marshal request body: %v", err)
} }
req := buildRequest(t, body, tc.requestType, tc.requestPath) req := buildRequest(t, body, tc.requestType, tc.requestPath, user.userId)
recorder := httptest.NewRecorder() recorder := httptest.NewRecorder()
apiHandler.ServeHTTP(recorder, req) apiHandler.ServeHTTP(recorder, req)
content, noResponseExpected := readResponse(t, recorder, tc.expectedStatus) content, expectResponse := readResponse(t, recorder, tc.expectedStatus, user.expectResponse)
if noResponseExpected { if !expectResponse {
return return
} }
got := &api.SetupKey{} got := &api.SetupKey{}
@ -294,9 +352,57 @@ func Test_SetupKeys_Create(t *testing.T) {
} }
}) })
} }
}
} }
func Test_SetupKeys_Update(t *testing.T) { func Test_SetupKeys_Update(t *testing.T) {
users := []struct {
name string
userId string
expectResponse bool
}{
{
name: "Regular user",
userId: testUserId,
expectResponse: false,
},
{
name: "Admin user",
userId: testAdminId,
expectResponse: true,
},
{
name: "Owner user",
userId: testOwnerId,
expectResponse: true,
},
{
name: "Regular service user",
userId: testServiceUserId,
expectResponse: false,
},
{
name: "Admin service user",
userId: testServiceAdminId,
expectResponse: true,
},
{
name: "Blocked user",
userId: blockedUserId,
expectResponse: false,
},
{
name: "Other user",
userId: otherUserId,
expectResponse: false,
},
{
name: "Invalid token",
userId: invalidToken,
expectResponse: false,
},
}
tt := []struct { tt := []struct {
name string name string
expectedStatus int expectedStatus int
@ -492,6 +598,7 @@ func Test_SetupKeys_Update(t *testing.T) {
} }
for _, tc := range tt { for _, tc := range tt {
for _, user := range users {
t.Run(tc.name, func(t *testing.T) { t.Run(tc.name, func(t *testing.T) {
apiHandler, am, done := buildApiBlackBoxWithDBState(t, "testdata/setup_keys.sql", nil) apiHandler, am, done := buildApiBlackBoxWithDBState(t, "testdata/setup_keys.sql", nil)
@ -500,14 +607,14 @@ func Test_SetupKeys_Update(t *testing.T) {
t.Fatalf("Failed to marshal request body: %v", err) t.Fatalf("Failed to marshal request body: %v", err)
} }
req := buildRequest(t, body, tc.requestType, strings.Replace(tc.requestPath, "{id}", tc.requestId, 1)) req := buildRequest(t, body, tc.requestType, strings.Replace(tc.requestPath, "{id}", tc.requestId, 1), user.userId)
recorder := httptest.NewRecorder() recorder := httptest.NewRecorder()
apiHandler.ServeHTTP(recorder, req) apiHandler.ServeHTTP(recorder, req)
content, noResponseExpected := readResponse(t, recorder, tc.expectedStatus) content, expectResponse := readResponse(t, recorder, tc.expectedStatus, user.expectResponse)
if noResponseExpected { if !expectResponse {
return return
} }
got := &api.SetupKey{} got := &api.SetupKey{}
@ -531,9 +638,57 @@ func Test_SetupKeys_Update(t *testing.T) {
} }
}) })
} }
}
} }
func Test_SetupKeys_Get(t *testing.T) { func Test_SetupKeys_Get(t *testing.T) {
users := []struct {
name string
userId string
expectResponse bool
}{
{
name: "Regular user",
userId: testUserId,
expectResponse: false,
},
{
name: "Admin user",
userId: testAdminId,
expectResponse: true,
},
{
name: "Owner user",
userId: testOwnerId,
expectResponse: true,
},
{
name: "Regular service user",
userId: testServiceUserId,
expectResponse: false,
},
{
name: "Admin service user",
userId: testServiceAdminId,
expectResponse: true,
},
{
name: "Blocked user",
userId: blockedUserId,
expectResponse: false,
},
{
name: "Other user",
userId: otherUserId,
expectResponse: false,
},
{
name: "Invalid token",
userId: invalidToken,
expectResponse: false,
},
}
tt := []struct { tt := []struct {
name string name string
expectedStatus int expectedStatus int
@ -622,16 +777,17 @@ func Test_SetupKeys_Get(t *testing.T) {
} }
for _, tc := range tt { for _, tc := range tt {
for _, user := range users {
t.Run(tc.name, func(t *testing.T) { t.Run(tc.name, func(t *testing.T) {
apiHandler, am, done := buildApiBlackBoxWithDBState(t, "testdata/setup_keys.sql", nil) apiHandler, am, done := buildApiBlackBoxWithDBState(t, "testdata/setup_keys.sql", nil)
req := buildRequest(t, []byte{}, tc.requestType, strings.Replace(tc.requestPath, "{id}", tc.requestId, 1)) req := buildRequest(t, []byte{}, tc.requestType, strings.Replace(tc.requestPath, "{id}", tc.requestId, 1), user.userId)
recorder := httptest.NewRecorder() recorder := httptest.NewRecorder()
apiHandler.ServeHTTP(recorder, req) apiHandler.ServeHTTP(recorder, req)
content, noResponseExpected := readResponse(t, recorder, tc.expectedStatus) content, noResponseExpected := readResponse(t, recorder, tc.expectedStatus, user.expectResponse)
if noResponseExpected { if noResponseExpected {
return return
} }
@ -656,9 +812,57 @@ func Test_SetupKeys_Get(t *testing.T) {
} }
}) })
} }
}
} }
func Test_SetupKeys_GetAll(t *testing.T) { func Test_SetupKeys_GetAll(t *testing.T) {
users := []struct {
name string
userId string
expectResponse bool
}{
{
name: "Regular user",
userId: testUserId,
expectResponse: false,
},
{
name: "Admin user",
userId: testAdminId,
expectResponse: true,
},
{
name: "Owner user",
userId: testOwnerId,
expectResponse: true,
},
{
name: "Regular service user",
userId: testServiceUserId,
expectResponse: false,
},
{
name: "Admin service user",
userId: testServiceAdminId,
expectResponse: true,
},
{
name: "Blocked user",
userId: blockedUserId,
expectResponse: false,
},
{
name: "Other user",
userId: otherUserId,
expectResponse: false,
},
{
name: "Invalid token",
userId: invalidToken,
expectResponse: false,
},
}
tt := []struct { tt := []struct {
name string name string
expectedStatus int expectedStatus int
@ -725,17 +929,18 @@ func Test_SetupKeys_GetAll(t *testing.T) {
} }
for _, tc := range tt { for _, tc := range tt {
for _, user := range users {
t.Run(tc.name, func(t *testing.T) { t.Run(tc.name, func(t *testing.T) {
apiHandler, am, done := buildApiBlackBoxWithDBState(t, "testdata/setup_keys.sql", nil) apiHandler, am, done := buildApiBlackBoxWithDBState(t, "testdata/setup_keys.sql", nil)
req := buildRequest(t, []byte{}, tc.requestType, tc.requestPath) req := buildRequest(t, []byte{}, tc.requestType, tc.requestPath, user.userId)
recorder := httptest.NewRecorder() recorder := httptest.NewRecorder()
apiHandler.ServeHTTP(recorder, req) apiHandler.ServeHTTP(recorder, req)
content, noResponseExpected := readResponse(t, recorder, tc.expectedStatus) content, expectResponse := readResponse(t, recorder, tc.expectedStatus, user.expectResponse)
if noResponseExpected { if !expectResponse {
return return
} }
got := []api.SetupKey{} got := []api.SetupKey{}
@ -769,9 +974,57 @@ func Test_SetupKeys_GetAll(t *testing.T) {
} }
}) })
} }
}
} }
func Test_SetupKeys_Delete(t *testing.T) { func Test_SetupKeys_Delete(t *testing.T) {
users := []struct {
name string
userId string
expectResponse bool
}{
{
name: "Regular user",
userId: testUserId,
expectResponse: false,
},
{
name: "Admin user",
userId: testAdminId,
expectResponse: true,
},
{
name: "Owner user",
userId: testOwnerId,
expectResponse: true,
},
{
name: "Regular service user",
userId: testServiceUserId,
expectResponse: false,
},
{
name: "Admin service user",
userId: testServiceAdminId,
expectResponse: true,
},
{
name: "Blocked user",
userId: blockedUserId,
expectResponse: false,
},
{
name: "Other user",
userId: otherUserId,
expectResponse: false,
},
{
name: "Invalid token",
userId: invalidToken,
expectResponse: false,
},
}
tt := []struct { tt := []struct {
name string name string
expectedStatus int expectedStatus int
@ -860,17 +1113,18 @@ func Test_SetupKeys_Delete(t *testing.T) {
} }
for _, tc := range tt { for _, tc := range tt {
for _, user := range users {
t.Run(tc.name, func(t *testing.T) { t.Run(tc.name, func(t *testing.T) {
apiHandler, am, done := buildApiBlackBoxWithDBState(t, "testdata/setup_keys.sql", nil) apiHandler, am, done := buildApiBlackBoxWithDBState(t, "testdata/setup_keys.sql", nil)
req := buildRequest(t, []byte{}, tc.requestType, strings.Replace(tc.requestPath, "{id}", tc.requestId, 1)) req := buildRequest(t, []byte{}, tc.requestType, strings.Replace(tc.requestPath, "{id}", tc.requestId, 1), user.userId)
recorder := httptest.NewRecorder() recorder := httptest.NewRecorder()
apiHandler.ServeHTTP(recorder, req) apiHandler.ServeHTTP(recorder, req)
content, noResponseExpected := readResponse(t, recorder, tc.expectedStatus) content, expectResponse := readResponse(t, recorder, tc.expectedStatus, user.expectResponse)
if noResponseExpected { if !expectResponse {
return return
} }
got := &api.SetupKey{} got := &api.SetupKey{}
@ -888,6 +1142,7 @@ func Test_SetupKeys_Delete(t *testing.T) {
} }
}) })
} }
}
} }
func buildApiBlackBoxWithDBState(t *testing.T, sqlFile string, expectedPeerUpdate *server.UpdateMessage) (http.Handler, server.AccountManager, chan struct{}) { func buildApiBlackBoxWithDBState(t *testing.T, sqlFile string, expectedPeerUpdate *server.UpdateMessage) (http.Handler, server.AccountManager, chan struct{}) {
@ -926,16 +1181,16 @@ func buildApiBlackBoxWithDBState(t *testing.T, sqlFile string, expectedPeerUpdat
return apiHandler, am, done return apiHandler, am, done
} }
func buildRequest(t *testing.T, requestBody []byte, requestType, requestPath string) *http.Request { func buildRequest(t *testing.T, requestBody []byte, requestType, requestPath, user string) *http.Request {
t.Helper() t.Helper()
req := httptest.NewRequest(requestType, requestPath, bytes.NewBuffer(requestBody)) req := httptest.NewRequest(requestType, requestPath, bytes.NewBuffer(requestBody))
req.Header.Set("Authorization", "Bearer "+"my.dummy.token") req.Header.Set("Authorization", "Bearer "+user)
return req return req
} }
func readResponse(t *testing.T, recorder *httptest.ResponseRecorder, expectedStatus int) ([]byte, bool) { func readResponse(t *testing.T, recorder *httptest.ResponseRecorder, expectedStatus int, expectResponse bool) ([]byte, bool) {
t.Helper() t.Helper()
res := recorder.Result() res := recorder.Result()
@ -946,12 +1201,16 @@ func readResponse(t *testing.T, recorder *httptest.ResponseRecorder, expectedSta
t.Fatalf("Failed to read response body: %v", err) t.Fatalf("Failed to read response body: %v", err)
} }
if !expectResponse {
return nil, false
}
if status := recorder.Code; status != expectedStatus { if status := recorder.Code; status != expectedStatus {
t.Fatalf("handler returned wrong status code: got %v want %v, content: %s", t.Fatalf("handler returned wrong status code: got %v want %v, content: %s",
status, expectedStatus, string(content)) status, expectedStatus, string(content))
} }
return content, expectedStatus != http.StatusOK return content, expectedStatus == http.StatusOK
} }
func validateCreatedKey(t *testing.T, expectedKey *api.SetupKey, got *api.SetupKey) { func validateCreatedKey(t *testing.T, expectedKey *api.SetupKey, got *api.SetupKey) {

12
management/server/http/testdata/setup_keys.sql vendored
View File

@ -1,15 +1,23 @@
CREATE TABLE `accounts` (`id` text,`created_by` text,`created_at` datetime,`domain` text,`domain_category` text,`is_domain_primary_account` numeric,`network_identifier` text,`network_net` text,`network_dns` text,`network_serial` integer,`dns_settings_disabled_management_groups` text,`settings_peer_login_expiration_enabled` numeric,`settings_peer_login_expiration` integer,`settings_regular_users_view_blocked` numeric,`settings_groups_propagation_enabled` numeric,`settings_jwt_groups_enabled` numeric,`settings_jwt_groups_claim_name` text,`settings_jwt_allow_groups` text,`settings_extra_peer_approval_enabled` numeric,`settings_extra_integrated_validator_groups` text,PRIMARY KEY (`id`)); CREATE TABLE `accounts` (`id` text,`created_by` text,`created_at` datetime,`domain` text,`domain_category` text,`is_domain_primary_account` numeric,`network_identifier` text,`network_net` text,`network_dns` text,`network_serial` integer,`dns_settings_disabled_management_groups` text,`settings_peer_login_expiration_enabled` numeric,`settings_peer_login_expiration` integer,`settings_regular_users_view_blocked` numeric,`settings_groups_propagation_enabled` numeric,`settings_jwt_groups_enabled` numeric,`settings_jwt_groups_claim_name` text,`settings_jwt_allow_groups` text,`settings_extra_peer_approval_enabled` numeric,`settings_extra_integrated_validator_groups` text,PRIMARY KEY (`id`));
CREATE TABLE `setup_keys` (`id` text,`account_id` text,`key` text,`key_secret` text,`name` text,`type` text,`created_at` datetime,`expires_at` datetime,`updated_at` datetime,`revoked` numeric,`used_times` integer,`last_used` datetime,`auto_groups` text,`usage_limit` integer,`ephemeral` numeric,PRIMARY KEY (`id`),CONSTRAINT `fk_accounts_setup_keys_g` FOREIGN KEY (`account_id`) REFERENCES `accounts`(`id`));
CREATE TABLE `users` (`id` text,`account_id` text,`role` text,`is_service_user` numeric,`non_deletable` numeric,`service_user_name` text,`auto_groups` text,`blocked` numeric,`last_login` datetime,`created_at` datetime,`issued` text DEFAULT "api",`integration_ref_id` integer,`integration_ref_integration_type` text,PRIMARY KEY (`id`),CONSTRAINT `fk_accounts_users_g` FOREIGN KEY (`account_id`) REFERENCES `accounts`(`id`)); CREATE TABLE `users` (`id` text,`account_id` text,`role` text,`is_service_user` numeric,`non_deletable` numeric,`service_user_name` text,`auto_groups` text,`blocked` numeric,`last_login` datetime,`created_at` datetime,`issued` text DEFAULT "api",`integration_ref_id` integer,`integration_ref_integration_type` text,PRIMARY KEY (`id`),CONSTRAINT `fk_accounts_users_g` FOREIGN KEY (`account_id`) REFERENCES `accounts`(`id`));
CREATE TABLE `peers` (`id` text,`account_id` text,`key` text,`setup_key` text,`ip` text,`meta_hostname` text,`meta_go_os` text,`meta_kernel` text,`meta_core` text,`meta_platform` text,`meta_os` text,`meta_os_version` text,`meta_wt_version` text,`meta_ui_version` text,`meta_kernel_version` text,`meta_network_addresses` text,`meta_system_serial_number` text,`meta_system_product_name` text,`meta_system_manufacturer` text,`meta_environment` text,`meta_files` text,`name` text,`dns_label` text,`peer_status_last_seen` datetime,`peer_status_connected` numeric,`peer_status_login_expired` numeric,`peer_status_requires_approval` numeric,`user_id` text,`ssh_key` text,`ssh_enabled` numeric,`login_expiration_enabled` numeric,`last_login` datetime,`created_at` datetime,`ephemeral` numeric,`location_connection_ip` text,`location_country_code` text,`location_city_name` text,`location_geo_name_id` integer,PRIMARY KEY (`id`),CONSTRAINT `fk_accounts_peers_g` FOREIGN KEY (`account_id`) REFERENCES `accounts`(`id`)); CREATE TABLE `peers` (`id` text,`account_id` text,`key` text,`setup_key` text,`ip` text,`meta_hostname` text,`meta_go_os` text,`meta_kernel` text,`meta_core` text,`meta_platform` text,`meta_os` text,`meta_os_version` text,`meta_wt_version` text,`meta_ui_version` text,`meta_kernel_version` text,`meta_network_addresses` text,`meta_system_serial_number` text,`meta_system_product_name` text,`meta_system_manufacturer` text,`meta_environment` text,`meta_files` text,`name` text,`dns_label` text,`peer_status_last_seen` datetime,`peer_status_connected` numeric,`peer_status_login_expired` numeric,`peer_status_requires_approval` numeric,`user_id` text,`ssh_key` text,`ssh_enabled` numeric,`login_expiration_enabled` numeric,`last_login` datetime,`created_at` datetime,`ephemeral` numeric,`location_connection_ip` text,`location_country_code` text,`location_city_name` text,`location_geo_name_id` integer,PRIMARY KEY (`id`),CONSTRAINT `fk_accounts_peers_g` FOREIGN KEY (`account_id`) REFERENCES `accounts`(`id`));
CREATE TABLE `groups` (`id` text,`account_id` text,`name` text,`issued` text,`peers` text,`integration_ref_id` integer,`integration_ref_integration_type` text,PRIMARY KEY (`id`),CONSTRAINT `fk_accounts_groups_g` FOREIGN KEY (`account_id`) REFERENCES `accounts`(`id`)); CREATE TABLE `groups` (`id` text,`account_id` text,`name` text,`issued` text,`peers` text,`integration_ref_id` integer,`integration_ref_integration_type` text,PRIMARY KEY (`id`),CONSTRAINT `fk_accounts_groups_g` FOREIGN KEY (`account_id`) REFERENCES `accounts`(`id`));
INSERT INTO accounts VALUES('testAccountId','','2024-10-02 16:01:38.210014+02:00','test.com','private',1,'testNetworkIdentifier','{"IP":"100.64.0.0","Mask":"//8AAA=="}','',0,'[]',0,86400000000000,0,0,0,'',NULL,NULL,NULL); INSERT INTO accounts VALUES('testAccountId','','2024-10-02 16:01:38.210014+02:00','test.com','private',1,'testNetworkIdentifier','{"IP":"100.64.0.0","Mask":"//8AAA=="}','',0,'[]',0,86400000000000,0,0,0,'',NULL,NULL,NULL);
INSERT INTO users VALUES('testUserId','testAccountId','admin',0,0,'','[]',0,'0001-01-01 00:00:00+00:00','2024-10-02 16:01:38.210678+02:00','api',0,''); INSERT INTO users VALUES('testUserId','testAccountId','user',0,0,'','[]',0,'0001-01-01 00:00:00+00:00','2024-10-02 16:01:38.210678+02:00','api',0,'');
INSERT INTO users VALUES('testAdminId','testAccountId','admin',0,0,'','[]',0,'0001-01-01 00:00:00+00:00','2024-10-02 16:01:38.210678+02:00','api',0,'');
INSERT INTO users VALUES('testOwnerId','testAccountId','owner',0,0,'','[]',0,'0001-01-01 00:00:00+00:00','2024-10-02 16:01:38.210678+02:00','api',0,'');
INSERT INTO users VALUES('testServiceUserId','testAccountId','user',1,0,'','[]',0,'0001-01-01 00:00:00+00:00','2024-10-02 16:01:38.210678+02:00','api',0,'');
INSERT INTO users VALUES('testServiceAdminId','testAccountId','admin',1,0,'','[]',0,'0001-01-01 00:00:00+00:00','2024-10-02 16:01:38.210678+02:00','api',0,'');
INSERT INTO users VALUES('blockedUserId','testAccountId','admin',0,0,'','[]',1,'0001-01-01 00:00:00+00:00','2024-10-02 16:01:38.210678+02:00','api',0,'');
INSERT INTO users VALUES('otherUserId','otherAccountId','admin',0,0,'','[]',0,'0001-01-01 00:00:00+00:00','2024-10-02 16:01:38.210678+02:00','api',0,'');
INSERT INTO peers VALUES('testPeerId','testAccountId','5rvhvriKJZ3S9oxYToVj5TzDM9u9y8cxg7htIMWlYAg=','72546A29-6BC8-4311-BCFC-9CDBF33F1A48','"100.64.114.31"','f2a34f6a4731','linux','Linux','11','unknown','Debian GNU/Linux','','0.12.0','','',NULL,'','','','{"Cloud":"","Platform":""}',NULL,'f2a34f6a4731','f2a34f6a4731','2023-03-02 09:21:02.189035775+01:00',0,0,0,'','ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILzUUSYG/LGnV8zarb2SGN+tib/PZ+M7cL4WtTzUrTpk',0,1,'2023-03-01 19:48:19.817799698+01:00','2024-10-02 17:00:32.527947+02:00',0,'""','','',0); INSERT INTO peers VALUES('testPeerId','testAccountId','5rvhvriKJZ3S9oxYToVj5TzDM9u9y8cxg7htIMWlYAg=','72546A29-6BC8-4311-BCFC-9CDBF33F1A48','"100.64.114.31"','f2a34f6a4731','linux','Linux','11','unknown','Debian GNU/Linux','','0.12.0','','',NULL,'','','','{"Cloud":"","Platform":""}',NULL,'f2a34f6a4731','f2a34f6a4731','2023-03-02 09:21:02.189035775+01:00',0,0,0,'','ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILzUUSYG/LGnV8zarb2SGN+tib/PZ+M7cL4WtTzUrTpk',0,1,'2023-03-01 19:48:19.817799698+01:00','2024-10-02 17:00:32.527947+02:00',0,'""','','',0);
INSERT INTO "groups" VALUES('testGroupId','testAccountId','testGroupName','api','[]',0,''); INSERT INTO "groups" VALUES('testGroupId','testAccountId','testGroupName','api','[]',0,'');
INSERT INTO "groups" VALUES('newGroupId','testAccountId','newGroupName','api','[]',0,''); INSERT INTO "groups" VALUES('newGroupId','testAccountId','newGroupName','api','[]',0,'');
CREATE TABLE `setup_keys` (`id` text,`account_id` text,`key` text,`key_secret` text,`name` text,`type` text,`created_at` datetime,`expires_at` datetime,`updated_at` datetime,`revoked` numeric,`used_times` integer,`last_used` datetime,`auto_groups` text,`usage_limit` integer,`ephemeral` numeric,PRIMARY KEY (`id`),CONSTRAINT `fk_accounts_setup_keys_g` FOREIGN KEY (`account_id`) REFERENCES `accounts`(`id`));
INSERT INTO setup_keys VALUES('testKeyId','testAccountId','testKey','testK****','existingKey','one-off','2021-08-19 20:46:20.005936822+02:00','2321-09-18 20:46:20.005936822+02:00','2021-08-19 20:46:20.005936822+02:00',0,0,'0001-01-01 00:00:00+00:00','["testGroupId"]',1,0); INSERT INTO setup_keys VALUES('testKeyId','testAccountId','testKey','testK****','existingKey','one-off','2021-08-19 20:46:20.005936822+02:00','2321-09-18 20:46:20.005936822+02:00','2021-08-19 20:46:20.005936822+02:00',0,0,'0001-01-01 00:00:00+00:00','["testGroupId"]',1,0);
INSERT INTO setup_keys VALUES('revokedKeyId','testAccountId','revokedKey','testK****','existingKey','reusable','2021-08-19 20:46:20.005936822+02:00','2321-09-18 20:46:20.005936822+02:00','2021-08-19 20:46:20.005936822+02:00',1,0,'0001-01-01 00:00:00+00:00','["testGroupId"]',3,0); INSERT INTO setup_keys VALUES('revokedKeyId','testAccountId','revokedKey','testK****','existingKey','reusable','2021-08-19 20:46:20.005936822+02:00','2321-09-18 20:46:20.005936822+02:00','2021-08-19 20:46:20.005936822+02:00',1,0,'0001-01-01 00:00:00+00:00','["testGroupId"]',3,0);
INSERT INTO setup_keys VALUES('expiredKeyId','testAccountId','expiredKey','testK****','existingKey','reusable','2021-08-19 20:46:20.005936822+02:00','1921-09-18 20:46:20.005936822+02:00','2021-08-19 20:46:20.005936822+02:00',0,1,'0001-01-01 00:00:00+00:00','["testGroupId"]',5,1); INSERT INTO setup_keys VALUES('expiredKeyId','testAccountId','expiredKey','testK****','existingKey','reusable','2021-08-19 20:46:20.005936822+02:00','1921-09-18 20:46:20.005936822+02:00','2021-08-19 20:46:20.005936822+02:00',0,1,'0001-01-01 00:00:00+00:00','["testGroupId"]',5,1);

15
management/server/jwtclaims/jwtValidator.go
View File

@ -319,11 +319,22 @@ type JwtValidatorMock struct{}
func (j *JwtValidatorMock) ValidateAndParse(ctx context.Context, token string) (*jwt.Token, error) { func (j *JwtValidatorMock) ValidateAndParse(ctx context.Context, token string) (*jwt.Token, error) {
claimMaps := jwt.MapClaims{} claimMaps := jwt.MapClaims{}
claimMaps[UserIDClaim] = "testUserId"
switch token {
case "testUserId", "testAdminId", "testOwnerId", "testServiceUserId", "testServiceAdminId", "blockedUserId":
claimMaps[UserIDClaim] = token
claimMaps[AccountIDSuffix] = "testAccountId" claimMaps[AccountIDSuffix] = "testAccountId"
claimMaps[DomainIDSuffix] = "test.com" claimMaps[DomainIDSuffix] = "test.com"
claimMaps[DomainCategorySuffix] = "private" claimMaps[DomainCategorySuffix] = "private"
jwtToken := jwt.NewWithClaims(jwt.SigningMethodHS256, claimMaps) case "otherUserId":
claimMaps[UserIDClaim] = "otherUserId"
claimMaps[AccountIDSuffix] = "otherAccountId"
claimMaps[DomainIDSuffix] = "other.com"
claimMaps[DomainCategorySuffix] = "private"
case "invalidToken":
return nil, errors.New("invalid token")
}
jwtToken := jwt.NewWithClaims(jwt.SigningMethodHS256, claimMaps)
return jwtToken, nil return jwtToken, nil
} }