Fix auth when listing adr algorithms using api key.

Closes #112.
This commit is contained in:
Orne Brocaar 2023-02-10 11:23:35 +00:00
parent 154c4cde38
commit d3defb7dff
2 changed files with 103 additions and 2 deletions

View File

@ -145,6 +145,50 @@ impl Validator for ValidateIsAdmin {
}
}
pub struct ValidateActiveUserOrKey {}
impl ValidateActiveUserOrKey {
pub fn new() -> Self {
ValidateActiveUserOrKey {}
}
}
#[async_trait]
impl Validator for ValidateActiveUserOrKey {
async fn validate_key(&self, id: &Uuid) -> Result<i64, Error> {
task::spawn_blocking({
let id = *id;
move || -> Result<i64, Error> {
let mut c = get_db_conn()?;
let count = api_key::dsl::api_key
.select(dsl::count_star())
.find(&id)
.first(&mut c)?;
Ok(count)
}
})
.await?
}
async fn validate_user(&self, id: &Uuid) -> Result<i64, Error> {
task::spawn_blocking({
let id = *id;
move || -> Result<i64, Error> {
let mut c = get_db_conn()?;
let count = user::dsl::user
.select(dsl::count_star())
.find(id)
.filter(user::dsl::is_active.eq(true))
.first(&mut c)?;
Ok(count)
}
})
.await?
}
}
pub struct ValidateUsersAccess {
flag: Flag,
}
@ -2272,7 +2316,7 @@ pub mod test {
}
#[tokio::test]
async fn validate_user() {
async fn validate_active_user() {
let _guard = test::prepare().await;
let users = vec![
user::User {
@ -2318,6 +2362,60 @@ pub mod test {
run_tests(tests).await;
}
#[tokio::test]
async fn validate_active_user_or_key() {
let _guard = test::prepare().await;
let users = vec![
user::User {
email: "active@user".into(),
is_active: true,
is_admin: false,
..Default::default()
},
user::User {
email: "inactive@user".into(),
is_active: false,
is_admin: false,
..Default::default()
},
];
for u in &users {
user::create(u.clone()).await.unwrap();
}
let api_key = api_key::test::create_api_key(false, true).await;
let tests = vec![
// active user
ValidatorTest {
validators: vec![ValidateActiveUserOrKey::new()],
id: AuthID::User(users[0].id),
ok: true,
},
// inactive user
ValidatorTest {
validators: vec![ValidateActiveUserOrKey::new()],
id: AuthID::User(users[1].id),
ok: false,
},
// api key
ValidatorTest {
validators: vec![ValidateActiveUserOrKey::new()],
id: AuthID::Key(api_key.id),
ok: true,
},
// non-existing key
ValidatorTest {
validators: vec![ValidateActiveUserOrKey::new()],
id: AuthID::Key(Uuid::new_v4()),
ok: false,
},
];
run_tests(tests).await;
}
#[tokio::test]
async fn validate_tenant() {
let _guard = test::prepare().await;

View File

@ -334,7 +334,10 @@ impl DeviceProfileService for DeviceProfile {
request: Request<()>,
) -> Result<Response<api::ListDeviceProfileAdrAlgorithmsResponse>, Status> {
self.validator
.validate(request.extensions(), validator::ValidateActiveUser::new())
.validate(
request.extensions(),
validator::ValidateActiveUserOrKey::new(),
)
.await?;
let items = adr::get_algorithms().await;