MCPcopy Index your code
hub / github.com/coder/coder / TestAsAuthzSystem

Function TestAsAuthzSystem

coderd/httpmw/authz_test.go:17–89  ·  view source on GitHub ↗
(t *testing.T)

Source from the content-addressed store, hash-verified

15)
16
17func TestAsAuthzSystem(t *testing.T) {
18 t.Parallel()
19 userActor := coderdtest.RandomRBACSubject()
20
21 base := http.HandlerFunc(func(_ http.ResponseWriter, r *http.Request) {
22 actor, ok := dbauthz.ActorFromContext(r.Context())
23 assert.True(t, ok, "actor should exist")
24 assert.True(t, userActor.Equal(actor), "actor should be the user actor")
25 })
26
27 mwSetUser := func(next http.Handler) http.Handler {
28 return http.HandlerFunc(func(rw http.ResponseWriter, r *http.Request) {
29 r = r.WithContext(dbauthz.As(r.Context(), userActor))
30 next.ServeHTTP(rw, r)
31 })
32 }
33
34 mwAssertSystem := mwAssert(func(req *http.Request) {
35 actor, ok := dbauthz.ActorFromContext(req.Context())
36 assert.True(t, ok, "actor should exist")
37 assert.False(t, userActor.Equal(actor), "systemActor should not be the user actor")
38 assert.Contains(t, actor.Roles.Names(), rbac.RoleIdentifier{Name: "system"}, "should have system role")
39 })
40
41 mwAssertUser := mwAssert(func(req *http.Request) {
42 actor, ok := dbauthz.ActorFromContext(req.Context())
43 assert.True(t, ok, "actor should exist")
44 assert.True(t, userActor.Equal(actor), "should be the useractor")
45 })
46
47 mwAssertNoUser := mwAssert(func(req *http.Request) {
48 _, ok := dbauthz.ActorFromContext(req.Context())
49 assert.False(t, ok, "actor should not exist")
50 })
51
52 // Request as the user actor
53 const pattern = "/"
54 req := httptest.NewRequest("GET", pattern, nil)
55 res := httptest.NewRecorder()
56
57 handler := chi.NewRouter()
58 handler.Route(pattern, func(r chi.Router) {
59 r.Use(
60 // First assert there is no actor context
61 mwAssertNoUser,
62 httpmw.AsAuthzSystem(
63 // Assert the system actor
64 mwAssertSystem,
65 mwAssertSystem,
66 ),
67 // Assert no user present outside of the AsAuthzSystem chain
68 mwAssertNoUser,
69 // ----
70 // Set to the user actor
71 mwSetUser,
72 // Assert the user actor
73 mwAssertUser,
74 httpmw.AsAuthzSystem(

Callers

nothing calls this directly

Calls 12

RandomRBACSubjectFunction · 0.92
ActorFromContextFunction · 0.92
AsFunction · 0.92
AsAuthzSystemFunction · 0.92
mwAssertFunction · 0.85
WithContextMethod · 0.80
ContextMethod · 0.65
NamesMethod · 0.65
EqualMethod · 0.45
ServeHTTPMethod · 0.45
ContainsMethod · 0.45
FailMethod · 0.45

Tested by

no test coverage detected