NOISSUE - Switch to Google Zanzibar Access control approach (#1919)
* Return Auth service
Signed-off-by: dusanb94 <dusan.borovcanin@mainflux.com>
Update Compose to run with SpiceDB and Auth svc
Signed-off-by: dusanb94 <dusan.borovcanin@mainflux.com>
Update auth gRPC API
Signed-off-by: dusanb94 <dusan.borovcanin@mainflux.com>
Remove Users' policies
Signed-off-by: dusanb94 <dusan.borovcanin@mainflux.com>
Move Groups to internal
Signed-off-by: dusanb94 <dusan.borovcanin@mainflux.com>
Use shared groups in Users
Signed-off-by: dusanb94 <dusan.borovcanin@mainflux.com>
Remove unused code
Signed-off-by: dusanb94 <dusan.borovcanin@mainflux.com>
Use pkg Groups in Things
Signed-off-by: dusanb94 <dusan.borovcanin@mainflux.com>
Remove Things groups
Signed-off-by: dusanb94 <dusan.borovcanin@mainflux.com>
Make imports consistent
Signed-off-by: dusanb94 <dusan.borovcanin@mainflux.com>
Update Groups networking
Signed-off-by: dusanb94 <dusan.borovcanin@mainflux.com>
Remove things groups-specific API
Signed-off-by: dusanb94 <dusan.borovcanin@mainflux.com>
Move Things Clients to the root
Signed-off-by: dusanb94 <dusan.borovcanin@mainflux.com>
Move Clients to Users root
Signed-off-by: dusanb94 <dusan.borovcanin@mainflux.com>
Temporarily remove tracing
Signed-off-by: dusanb94 <dusan.borovcanin@mainflux.com>
Fix imports
Signed-off-by: dusanb94 <dusan.borovcanin@mainflux.com>
Add buffer config for gRPC
Signed-off-by: dusanb94 <dusan.borovcanin@mainflux.com>
Update auth type for Things
Signed-off-by: dusanb94 <dusan.borovcanin@mainflux.com>
Use Auth for login
Signed-off-by: dusanb94 <dusan.borovcanin@mainflux.com>
Add temporary solution for refresh token
Signed-off-by: dusanb94 <dusan.borovcanin@mainflux.com>
Update Tokenizer interface
Signed-off-by: dusanb94 <dusan.borovcanin@mainflux.com>
Updade tokens issuing
Signed-off-by: dusanb94 <dusan.borovcanin@mainflux.com>
Fix token issuing
Signed-off-by: dusanb94 <dusan.borovcanin@mainflux.com>
Update JWT validator and refactor Tokenizer
Signed-off-by: dusanb94 <dusan.borovcanin@mainflux.com>
Rename access timeout
Signed-off-by: dusanb94 <dusan.borovcanin@mainflux.com>
Rename login to authenticate
Signed-off-by: dusanb94 <dusan.borovcanin@mainflux.com>
Update Identify to use SubjectID
Signed-off-by: dusanb94 <dusan.borovcanin@mainflux.com>
Add Auth to Groups
Signed-off-by: dusanb94 <dusan.borovcanin@mainflux.com>
Use the Auth service for Groups
Signed-off-by: dusanb94 <dusan.borovcanin@mainflux.com>
Update auth schema
Signed-off-by: dusanb94 <dusan.borovcanin@mainflux.com>
Fix Auth for Groups
Signed-off-by: dusanb94 <dusan.borovcanin@mainflux.com>
Add auth for addons (#14)
Signed-off-by: Arvindh <arvindh91@gmail.com>
Speparate Login and Refresh tokens
Signed-off-by: dusanb94 <dusan.borovcanin@mainflux.com>
Merge authN and authZ requests for things
Signed-off-by: dusanb94 <dusan.borovcanin@mainflux.com>
Add connect and disconnect
Signed-off-by: dusanb94 <dusan.borovcanin@mainflux.com>
Update sharing
Signed-off-by: dusanb94 <dusan.borovcanin@mainflux.com>
Fix policies addition and removal
Signed-off-by: dusanb94 <dusan.borovcanin@mainflux.com>
Update relation with roels
Signed-off-by: dusanb94 <dusan.borovcanin@mainflux.com>
Add gRPC to Things
Signed-off-by: dusanb94 <dusan.borovcanin@mainflux.com>
Assign and Unassign members to group and Listing of Group members (#15)
* add auth for addons
Signed-off-by: Arvindh <arvindh91@gmail.com>
* add assign and unassign to group
Signed-off-by: Arvindh <arvindh91@gmail.com>
* add group incomplete repo implementation
Signed-off-by: Arvindh <arvindh91@gmail.com>
* groups for users
Signed-off-by: Arvindh <arvindh91@gmail.com>
* groups for users
Signed-off-by: Arvindh <arvindh91@gmail.com>
* groups for users
Signed-off-by: Arvindh <arvindh91@gmail.com>
* groups for users
Signed-off-by: Arvindh <arvindh91@gmail.com>
---------
Signed-off-by: Arvindh <arvindh91@gmail.com>
Move coap mqtt and ws policies to spicedb (#16)
Signed-off-by: Rodney Osodo <28790446+rodneyosodo@users.noreply.github.com>
Remove old policies
Signed-off-by: dusanb94 <dusan.borovcanin@mainflux.com>
NOISSUE - Things authorize to return thingID (#18)
This commit modifies the authorize endpoint to the grpc endpoint to return thingID. The authorize endpoint allows adapters to get the publisher of the message.
Signed-off-by: Rodney Osodo <28790446+rodneyosodo@users.noreply.github.com>
Add Groups to users service (#17)
* add assign and unassign to group
Signed-off-by: Arvindh <arvindh91@gmail.com>
* add group incomplete repo implementation
Signed-off-by: Arvindh <arvindh91@gmail.com>
* groups for users
Signed-off-by: Arvindh <arvindh91@gmail.com>
* groups for users
Signed-off-by: Arvindh <arvindh91@gmail.com>
* groups for users
Signed-off-by: Arvindh <arvindh91@gmail.com>
* groups for users
Signed-off-by: Arvindh <arvindh91@gmail.com>
* groups for users stable 1
Signed-off-by: Arvindh <arvindh91@gmail.com>
* groups for users stable 2
Signed-off-by: Arvindh <arvindh91@gmail.com>
* groups for users & things
Signed-off-by: Arvindh <arvindh91@gmail.com>
* Amend signature
Signed-off-by: Arvindh <arvindh91@gmail.com>
* fix merge error
Signed-off-by: Arvindh <arvindh91@gmail.com>
---------
Signed-off-by: Arvindh <arvindh91@gmail.com>
Signed-off-by: dusanb94 <dusan.borovcanin@mainflux.com>
* NOISSUE - Fix es code (#21)
Signed-off-by: Rodney Osodo <28790446+rodneyosodo@users.noreply.github.com>
Signed-off-by: dusanb94 <dusan.borovcanin@mainflux.com>
* NOISSUE - Fix Bugs (#20)
* fix bugs
Signed-off-by: Arvindh <arvindh91@gmail.com>
* fix bugs
Signed-off-by: Arvindh <arvindh91@gmail.com>
---------
Signed-off-by: Arvindh <arvindh91@gmail.com>
Signed-off-by: dusanb94 <dusan.borovcanin@mainflux.com>
* NOISSUE - Test e2e (#19)
* fix: connect method
Signed-off-by: Rodney Osodo <28790446+rodneyosodo@users.noreply.github.com>
* fix: e2e
Signed-off-by: Rodney Osodo <28790446+rodneyosodo@users.noreply.github.com>
* fix changes in sdk and e2e
Signed-off-by: Rodney Osodo <28790446+rodneyosodo@users.noreply.github.com>
* feat(docker): remove unnecessary port mapping
Remove the port mapping for MQTT broker in the docker-compose.yml file.
Signed-off-by: Rodney Osodo <28790446+rodneyosodo@users.noreply.github.com>
* Enable group listing
Signed-off-by: Rodney Osodo <28790446+rodneyosodo@users.noreply.github.com>
* feat(responses): update ChannelsPage struct
The ChannelsPage struct in the responses.go file has been updated. The "Channels" field has been renamed to "Groups" to provide more accurate naming. This change ensures consistency and clarity in the codebase.
Signed-off-by: Rodney Osodo <28790446+rodneyosodo@users.noreply.github.com>
* feat(things): add UpdateClientSecret method
Add the UpdateClientSecret method to the things service. This method allows updating the client secret for a specific client identified by the provided token, id, and key parameters.
Signed-off-by: Rodney Osodo <28790446+rodneyosodo@users.noreply.github.com>
---------
Signed-off-by: Rodney Osodo <28790446+rodneyosodo@users.noreply.github.com>
Signed-off-by: dusanb94 <dusan.borovcanin@mainflux.com>
* Use smaller buffers for gRPC
Signed-off-by: dusanb94 <dusan.borovcanin@mainflux.com>
* Clean up tests (#22)
Signed-off-by: Rodney Osodo <28790446+rodneyosodo@users.noreply.github.com>
Signed-off-by: dusanb94 <dusan.borovcanin@mainflux.com>
* Add Connect Disconnect endpoints (#23)
* fix bugs
Signed-off-by: Arvindh <arvindh91@gmail.com>
* fix bugs
Signed-off-by: Arvindh <arvindh91@gmail.com>
* fix list of things in a channel and Add connect disconnect endpoint
Signed-off-by: Arvindh <arvindh91@gmail.com>
* fix list of things in a channel and Add connect disconnect endpoint
Signed-off-by: Arvindh <arvindh91@gmail.com>
---------
Signed-off-by: Arvindh <arvindh91@gmail.com>
Signed-off-by: dusanb94 <dusan.borovcanin@mainflux.com>
* Add: Things share with users (#25)
* fix list of things in a channel and Add connect disconnect endpoint
Signed-off-by: Arvindh <arvindh91@gmail.com>
* add: things share with other users
Signed-off-by: Arvindh <arvindh91@gmail.com>
---------
Signed-off-by: Arvindh <arvindh91@gmail.com>
Signed-off-by: dusanb94 <dusan.borovcanin@mainflux.com>
* NOISSUE - Rename gRPC Services (#24)
* Rename things and users auth service
Signed-off-by: Rodney Osodo <28790446+rodneyosodo@users.noreply.github.com>
* docs: add authorization docs for gRPC services
Signed-off-by: Rodney Osodo <28790446+rodneyosodo@users.noreply.github.com>
* Rename things and users grpc services
Signed-off-by: Rodney Osodo <28790446+rodneyosodo@users.noreply.github.com>
* Remove mainflux.env package
Signed-off-by: Rodney Osodo <28790446+rodneyosodo@users.noreply.github.com>
---------
Signed-off-by: Rodney Osodo <28790446+rodneyosodo@users.noreply.github.com>
Signed-off-by: dusanb94 <dusan.borovcanin@mainflux.com>
* Add: Listing of things, channels, groups, users (#26)
* add: listing of channels, users, groups, things
Signed-off-by: Arvindh <arvindh91@gmail.com>
* add: listing of channels, users, groups, things
Signed-off-by: Arvindh <arvindh91@gmail.com>
* add: listing of channels, users, groups, things
Signed-off-by: Arvindh <arvindh91@gmail.com>
* add: listing of channels, users, groups, things
Signed-off-by: Arvindh <arvindh91@gmail.com>
---------
Signed-off-by: Arvindh <arvindh91@gmail.com>
Signed-off-by: dusanb94 <dusan.borovcanin@mainflux.com>
* NOISSUE - Clean Up Users (#27)
* feat(groups): rename redis package to events
- Renamed the `redis` package to `events` in the `internal/groups` directory.
- Updated the file paths and names accordingly.
- This change reflects the more accurate purpose of the package and improves code organization.
Signed-off-by: Rodney Osodo <28790446+rodneyosodo@users.noreply.github.com>
* feat(auth): Modify identity method
Change request and response of identity method
Add accessToken and refreshToken to Token response
Signed-off-by: Rodney Osodo <28790446+rodneyosodo@users.noreply.github.com>
* clean up users, remove dead code
Signed-off-by: Rodney Osodo <28790446+rodneyosodo@users.noreply.github.com>
* feat(users): add unit tests for user service
This commit adds unit tests for the user service in the `users` package. The tests cover various scenarios and ensure the correct behavior of the service.
Signed-off-by: Rodney Osodo <28790446+rodneyosodo@users.noreply.github.com>
---------
Signed-off-by: Rodney Osodo <28790446+rodneyosodo@users.noreply.github.com>
Signed-off-by: dusanb94 <dusan.borovcanin@mainflux.com>
* Add: List of user groups & removed repeating code in groups (#29)
* removed repeating code in list groups
Signed-off-by: Arvindh <arvindh91@gmail.com>
* add: list of user group
Signed-off-by: Arvindh <arvindh91@gmail.com>
* fix: otel handler operator name for endpoints
Signed-off-by: Arvindh <arvindh91@gmail.com>
---------
Signed-off-by: Arvindh <arvindh91@gmail.com>
Signed-off-by: dusanb94 <dusan.borovcanin@mainflux.com>
* NOISSUE - Clean Up Things Service (#28)
* Rework things service
Signed-off-by: Rodney Osodo <28790446+rodneyosodo@users.noreply.github.com>
* add tests
Signed-off-by: Rodney Osodo <28790446+rodneyosodo@users.noreply.github.com>
---------
Signed-off-by: Rodney Osodo <28790446+rodneyosodo@users.noreply.github.com>
Signed-off-by: dusanb94 <dusan.borovcanin@mainflux.com>
* NOISSUE - Clean Up Auth Service (#30)
* clean up auth service
Signed-off-by: Rodney Osodo <28790446+rodneyosodo@users.noreply.github.com>
* feat(auth): remove unused import
Remove the unused import of `emptypb` in `auth.pb.go`. This import is not being used in the codebase and can be safely removed.
Signed-off-by: Rodney Osodo <28790446+rodneyosodo@users.noreply.github.com>
---------
Signed-off-by: Rodney Osodo <28790446+rodneyosodo@users.noreply.github.com>
Signed-off-by: dusanb94 <dusan.borovcanin@mainflux.com>
* NOISSUE - Update API docs (#31)
Signed-off-by: rodneyosodo <blackd0t@protonmail.com>
Signed-off-by: dusanb94 <dusan.borovcanin@mainflux.com>
* Remove TODO comments and cleanup the code
Signed-off-by: dusanb94 <dusan.borovcanin@mainflux.com>
* Update dependenices
Signed-off-by: dusanb94 <dusan.borovcanin@mainflux.com>
---------
Signed-off-by: Arvindh <arvindh91@gmail.com>
Signed-off-by: dusanb94 <dusan.borovcanin@mainflux.com>
Signed-off-by: Rodney Osodo <28790446+rodneyosodo@users.noreply.github.com>
Signed-off-by: rodneyosodo <blackd0t@protonmail.com>
Co-authored-by: b1ackd0t <28790446+rodneyosodo@users.noreply.github.com>
Co-authored-by: Arvindh <30824765+arvindh123@users.noreply.github.com>
2023-10-15 22:02:13 +02:00
|
|
|
// Copyright (c) Mainflux
|
|
|
|
|
// SPDX-License-Identifier: Apache-2.0
|
|
|
|
|
|
|
|
|
|
package auth_test
|
|
|
|
|
|
|
|
|
|
import (
|
|
|
|
|
"context"
|
|
|
|
|
"fmt"
|
|
|
|
|
"testing"
|
|
|
|
|
"time"
|
|
|
|
|
|
|
|
|
|
"github.com/mainflux/mainflux/auth"
|
|
|
|
|
"github.com/mainflux/mainflux/auth/jwt"
|
|
|
|
|
"github.com/mainflux/mainflux/auth/mocks"
|
|
|
|
|
"github.com/mainflux/mainflux/pkg/errors"
|
|
|
|
|
"github.com/mainflux/mainflux/pkg/uuid"
|
|
|
|
|
"github.com/stretchr/testify/assert"
|
|
|
|
|
"github.com/stretchr/testify/mock"
|
|
|
|
|
"github.com/stretchr/testify/require"
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
var idProvider = uuid.New()
|
|
|
|
|
|
|
|
|
|
const (
|
|
|
|
|
secret = "secret"
|
|
|
|
|
email = "test@example.com"
|
|
|
|
|
id = "testID"
|
|
|
|
|
groupName = "mfx"
|
|
|
|
|
description = "Description"
|
|
|
|
|
|
|
|
|
|
memberRelation = "member"
|
|
|
|
|
authoritiesObj = "authorities"
|
|
|
|
|
loginDuration = 30 * time.Minute
|
|
|
|
|
refreshDuration = 24 * time.Hour
|
|
|
|
|
accessToken = "access"
|
2023-10-16 12:43:33 +03:00
|
|
|
|
|
|
|
|
readPolicy = "read"
|
|
|
|
|
writePolicy = "write"
|
|
|
|
|
deletePolicy = "delete"
|
NOISSUE - Switch to Google Zanzibar Access control approach (#1919)
* Return Auth service
Signed-off-by: dusanb94 <dusan.borovcanin@mainflux.com>
Update Compose to run with SpiceDB and Auth svc
Signed-off-by: dusanb94 <dusan.borovcanin@mainflux.com>
Update auth gRPC API
Signed-off-by: dusanb94 <dusan.borovcanin@mainflux.com>
Remove Users' policies
Signed-off-by: dusanb94 <dusan.borovcanin@mainflux.com>
Move Groups to internal
Signed-off-by: dusanb94 <dusan.borovcanin@mainflux.com>
Use shared groups in Users
Signed-off-by: dusanb94 <dusan.borovcanin@mainflux.com>
Remove unused code
Signed-off-by: dusanb94 <dusan.borovcanin@mainflux.com>
Use pkg Groups in Things
Signed-off-by: dusanb94 <dusan.borovcanin@mainflux.com>
Remove Things groups
Signed-off-by: dusanb94 <dusan.borovcanin@mainflux.com>
Make imports consistent
Signed-off-by: dusanb94 <dusan.borovcanin@mainflux.com>
Update Groups networking
Signed-off-by: dusanb94 <dusan.borovcanin@mainflux.com>
Remove things groups-specific API
Signed-off-by: dusanb94 <dusan.borovcanin@mainflux.com>
Move Things Clients to the root
Signed-off-by: dusanb94 <dusan.borovcanin@mainflux.com>
Move Clients to Users root
Signed-off-by: dusanb94 <dusan.borovcanin@mainflux.com>
Temporarily remove tracing
Signed-off-by: dusanb94 <dusan.borovcanin@mainflux.com>
Fix imports
Signed-off-by: dusanb94 <dusan.borovcanin@mainflux.com>
Add buffer config for gRPC
Signed-off-by: dusanb94 <dusan.borovcanin@mainflux.com>
Update auth type for Things
Signed-off-by: dusanb94 <dusan.borovcanin@mainflux.com>
Use Auth for login
Signed-off-by: dusanb94 <dusan.borovcanin@mainflux.com>
Add temporary solution for refresh token
Signed-off-by: dusanb94 <dusan.borovcanin@mainflux.com>
Update Tokenizer interface
Signed-off-by: dusanb94 <dusan.borovcanin@mainflux.com>
Updade tokens issuing
Signed-off-by: dusanb94 <dusan.borovcanin@mainflux.com>
Fix token issuing
Signed-off-by: dusanb94 <dusan.borovcanin@mainflux.com>
Update JWT validator and refactor Tokenizer
Signed-off-by: dusanb94 <dusan.borovcanin@mainflux.com>
Rename access timeout
Signed-off-by: dusanb94 <dusan.borovcanin@mainflux.com>
Rename login to authenticate
Signed-off-by: dusanb94 <dusan.borovcanin@mainflux.com>
Update Identify to use SubjectID
Signed-off-by: dusanb94 <dusan.borovcanin@mainflux.com>
Add Auth to Groups
Signed-off-by: dusanb94 <dusan.borovcanin@mainflux.com>
Use the Auth service for Groups
Signed-off-by: dusanb94 <dusan.borovcanin@mainflux.com>
Update auth schema
Signed-off-by: dusanb94 <dusan.borovcanin@mainflux.com>
Fix Auth for Groups
Signed-off-by: dusanb94 <dusan.borovcanin@mainflux.com>
Add auth for addons (#14)
Signed-off-by: Arvindh <arvindh91@gmail.com>
Speparate Login and Refresh tokens
Signed-off-by: dusanb94 <dusan.borovcanin@mainflux.com>
Merge authN and authZ requests for things
Signed-off-by: dusanb94 <dusan.borovcanin@mainflux.com>
Add connect and disconnect
Signed-off-by: dusanb94 <dusan.borovcanin@mainflux.com>
Update sharing
Signed-off-by: dusanb94 <dusan.borovcanin@mainflux.com>
Fix policies addition and removal
Signed-off-by: dusanb94 <dusan.borovcanin@mainflux.com>
Update relation with roels
Signed-off-by: dusanb94 <dusan.borovcanin@mainflux.com>
Add gRPC to Things
Signed-off-by: dusanb94 <dusan.borovcanin@mainflux.com>
Assign and Unassign members to group and Listing of Group members (#15)
* add auth for addons
Signed-off-by: Arvindh <arvindh91@gmail.com>
* add assign and unassign to group
Signed-off-by: Arvindh <arvindh91@gmail.com>
* add group incomplete repo implementation
Signed-off-by: Arvindh <arvindh91@gmail.com>
* groups for users
Signed-off-by: Arvindh <arvindh91@gmail.com>
* groups for users
Signed-off-by: Arvindh <arvindh91@gmail.com>
* groups for users
Signed-off-by: Arvindh <arvindh91@gmail.com>
* groups for users
Signed-off-by: Arvindh <arvindh91@gmail.com>
---------
Signed-off-by: Arvindh <arvindh91@gmail.com>
Move coap mqtt and ws policies to spicedb (#16)
Signed-off-by: Rodney Osodo <28790446+rodneyosodo@users.noreply.github.com>
Remove old policies
Signed-off-by: dusanb94 <dusan.borovcanin@mainflux.com>
NOISSUE - Things authorize to return thingID (#18)
This commit modifies the authorize endpoint to the grpc endpoint to return thingID. The authorize endpoint allows adapters to get the publisher of the message.
Signed-off-by: Rodney Osodo <28790446+rodneyosodo@users.noreply.github.com>
Add Groups to users service (#17)
* add assign and unassign to group
Signed-off-by: Arvindh <arvindh91@gmail.com>
* add group incomplete repo implementation
Signed-off-by: Arvindh <arvindh91@gmail.com>
* groups for users
Signed-off-by: Arvindh <arvindh91@gmail.com>
* groups for users
Signed-off-by: Arvindh <arvindh91@gmail.com>
* groups for users
Signed-off-by: Arvindh <arvindh91@gmail.com>
* groups for users
Signed-off-by: Arvindh <arvindh91@gmail.com>
* groups for users stable 1
Signed-off-by: Arvindh <arvindh91@gmail.com>
* groups for users stable 2
Signed-off-by: Arvindh <arvindh91@gmail.com>
* groups for users & things
Signed-off-by: Arvindh <arvindh91@gmail.com>
* Amend signature
Signed-off-by: Arvindh <arvindh91@gmail.com>
* fix merge error
Signed-off-by: Arvindh <arvindh91@gmail.com>
---------
Signed-off-by: Arvindh <arvindh91@gmail.com>
Signed-off-by: dusanb94 <dusan.borovcanin@mainflux.com>
* NOISSUE - Fix es code (#21)
Signed-off-by: Rodney Osodo <28790446+rodneyosodo@users.noreply.github.com>
Signed-off-by: dusanb94 <dusan.borovcanin@mainflux.com>
* NOISSUE - Fix Bugs (#20)
* fix bugs
Signed-off-by: Arvindh <arvindh91@gmail.com>
* fix bugs
Signed-off-by: Arvindh <arvindh91@gmail.com>
---------
Signed-off-by: Arvindh <arvindh91@gmail.com>
Signed-off-by: dusanb94 <dusan.borovcanin@mainflux.com>
* NOISSUE - Test e2e (#19)
* fix: connect method
Signed-off-by: Rodney Osodo <28790446+rodneyosodo@users.noreply.github.com>
* fix: e2e
Signed-off-by: Rodney Osodo <28790446+rodneyosodo@users.noreply.github.com>
* fix changes in sdk and e2e
Signed-off-by: Rodney Osodo <28790446+rodneyosodo@users.noreply.github.com>
* feat(docker): remove unnecessary port mapping
Remove the port mapping for MQTT broker in the docker-compose.yml file.
Signed-off-by: Rodney Osodo <28790446+rodneyosodo@users.noreply.github.com>
* Enable group listing
Signed-off-by: Rodney Osodo <28790446+rodneyosodo@users.noreply.github.com>
* feat(responses): update ChannelsPage struct
The ChannelsPage struct in the responses.go file has been updated. The "Channels" field has been renamed to "Groups" to provide more accurate naming. This change ensures consistency and clarity in the codebase.
Signed-off-by: Rodney Osodo <28790446+rodneyosodo@users.noreply.github.com>
* feat(things): add UpdateClientSecret method
Add the UpdateClientSecret method to the things service. This method allows updating the client secret for a specific client identified by the provided token, id, and key parameters.
Signed-off-by: Rodney Osodo <28790446+rodneyosodo@users.noreply.github.com>
---------
Signed-off-by: Rodney Osodo <28790446+rodneyosodo@users.noreply.github.com>
Signed-off-by: dusanb94 <dusan.borovcanin@mainflux.com>
* Use smaller buffers for gRPC
Signed-off-by: dusanb94 <dusan.borovcanin@mainflux.com>
* Clean up tests (#22)
Signed-off-by: Rodney Osodo <28790446+rodneyosodo@users.noreply.github.com>
Signed-off-by: dusanb94 <dusan.borovcanin@mainflux.com>
* Add Connect Disconnect endpoints (#23)
* fix bugs
Signed-off-by: Arvindh <arvindh91@gmail.com>
* fix bugs
Signed-off-by: Arvindh <arvindh91@gmail.com>
* fix list of things in a channel and Add connect disconnect endpoint
Signed-off-by: Arvindh <arvindh91@gmail.com>
* fix list of things in a channel and Add connect disconnect endpoint
Signed-off-by: Arvindh <arvindh91@gmail.com>
---------
Signed-off-by: Arvindh <arvindh91@gmail.com>
Signed-off-by: dusanb94 <dusan.borovcanin@mainflux.com>
* Add: Things share with users (#25)
* fix list of things in a channel and Add connect disconnect endpoint
Signed-off-by: Arvindh <arvindh91@gmail.com>
* add: things share with other users
Signed-off-by: Arvindh <arvindh91@gmail.com>
---------
Signed-off-by: Arvindh <arvindh91@gmail.com>
Signed-off-by: dusanb94 <dusan.borovcanin@mainflux.com>
* NOISSUE - Rename gRPC Services (#24)
* Rename things and users auth service
Signed-off-by: Rodney Osodo <28790446+rodneyosodo@users.noreply.github.com>
* docs: add authorization docs for gRPC services
Signed-off-by: Rodney Osodo <28790446+rodneyosodo@users.noreply.github.com>
* Rename things and users grpc services
Signed-off-by: Rodney Osodo <28790446+rodneyosodo@users.noreply.github.com>
* Remove mainflux.env package
Signed-off-by: Rodney Osodo <28790446+rodneyosodo@users.noreply.github.com>
---------
Signed-off-by: Rodney Osodo <28790446+rodneyosodo@users.noreply.github.com>
Signed-off-by: dusanb94 <dusan.borovcanin@mainflux.com>
* Add: Listing of things, channels, groups, users (#26)
* add: listing of channels, users, groups, things
Signed-off-by: Arvindh <arvindh91@gmail.com>
* add: listing of channels, users, groups, things
Signed-off-by: Arvindh <arvindh91@gmail.com>
* add: listing of channels, users, groups, things
Signed-off-by: Arvindh <arvindh91@gmail.com>
* add: listing of channels, users, groups, things
Signed-off-by: Arvindh <arvindh91@gmail.com>
---------
Signed-off-by: Arvindh <arvindh91@gmail.com>
Signed-off-by: dusanb94 <dusan.borovcanin@mainflux.com>
* NOISSUE - Clean Up Users (#27)
* feat(groups): rename redis package to events
- Renamed the `redis` package to `events` in the `internal/groups` directory.
- Updated the file paths and names accordingly.
- This change reflects the more accurate purpose of the package and improves code organization.
Signed-off-by: Rodney Osodo <28790446+rodneyosodo@users.noreply.github.com>
* feat(auth): Modify identity method
Change request and response of identity method
Add accessToken and refreshToken to Token response
Signed-off-by: Rodney Osodo <28790446+rodneyosodo@users.noreply.github.com>
* clean up users, remove dead code
Signed-off-by: Rodney Osodo <28790446+rodneyosodo@users.noreply.github.com>
* feat(users): add unit tests for user service
This commit adds unit tests for the user service in the `users` package. The tests cover various scenarios and ensure the correct behavior of the service.
Signed-off-by: Rodney Osodo <28790446+rodneyosodo@users.noreply.github.com>
---------
Signed-off-by: Rodney Osodo <28790446+rodneyosodo@users.noreply.github.com>
Signed-off-by: dusanb94 <dusan.borovcanin@mainflux.com>
* Add: List of user groups & removed repeating code in groups (#29)
* removed repeating code in list groups
Signed-off-by: Arvindh <arvindh91@gmail.com>
* add: list of user group
Signed-off-by: Arvindh <arvindh91@gmail.com>
* fix: otel handler operator name for endpoints
Signed-off-by: Arvindh <arvindh91@gmail.com>
---------
Signed-off-by: Arvindh <arvindh91@gmail.com>
Signed-off-by: dusanb94 <dusan.borovcanin@mainflux.com>
* NOISSUE - Clean Up Things Service (#28)
* Rework things service
Signed-off-by: Rodney Osodo <28790446+rodneyosodo@users.noreply.github.com>
* add tests
Signed-off-by: Rodney Osodo <28790446+rodneyosodo@users.noreply.github.com>
---------
Signed-off-by: Rodney Osodo <28790446+rodneyosodo@users.noreply.github.com>
Signed-off-by: dusanb94 <dusan.borovcanin@mainflux.com>
* NOISSUE - Clean Up Auth Service (#30)
* clean up auth service
Signed-off-by: Rodney Osodo <28790446+rodneyosodo@users.noreply.github.com>
* feat(auth): remove unused import
Remove the unused import of `emptypb` in `auth.pb.go`. This import is not being used in the codebase and can be safely removed.
Signed-off-by: Rodney Osodo <28790446+rodneyosodo@users.noreply.github.com>
---------
Signed-off-by: Rodney Osodo <28790446+rodneyosodo@users.noreply.github.com>
Signed-off-by: dusanb94 <dusan.borovcanin@mainflux.com>
* NOISSUE - Update API docs (#31)
Signed-off-by: rodneyosodo <blackd0t@protonmail.com>
Signed-off-by: dusanb94 <dusan.borovcanin@mainflux.com>
* Remove TODO comments and cleanup the code
Signed-off-by: dusanb94 <dusan.borovcanin@mainflux.com>
* Update dependenices
Signed-off-by: dusanb94 <dusan.borovcanin@mainflux.com>
---------
Signed-off-by: Arvindh <arvindh91@gmail.com>
Signed-off-by: dusanb94 <dusan.borovcanin@mainflux.com>
Signed-off-by: Rodney Osodo <28790446+rodneyosodo@users.noreply.github.com>
Signed-off-by: rodneyosodo <blackd0t@protonmail.com>
Co-authored-by: b1ackd0t <28790446+rodneyosodo@users.noreply.github.com>
Co-authored-by: Arvindh <30824765+arvindh123@users.noreply.github.com>
2023-10-15 22:02:13 +02:00
|
|
|
)
|
|
|
|
|
|
|
|
|
|
func newService() (auth.Service, *mocks.Keys) {
|
|
|
|
|
krepo := new(mocks.Keys)
|
|
|
|
|
prepo := new(mocks.PolicyAgent)
|
|
|
|
|
idProvider := uuid.NewMock()
|
|
|
|
|
|
|
|
|
|
t := jwt.New([]byte(secret))
|
|
|
|
|
|
|
|
|
|
return auth.New(krepo, idProvider, t, prepo, loginDuration, refreshDuration), krepo
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func TestIssue(t *testing.T) {
|
|
|
|
|
svc, krepo := newService()
|
|
|
|
|
|
|
|
|
|
cases := []struct {
|
|
|
|
|
desc string
|
|
|
|
|
key auth.Key
|
|
|
|
|
token string
|
|
|
|
|
err error
|
|
|
|
|
}{
|
|
|
|
|
{
|
|
|
|
|
desc: "issue login key",
|
|
|
|
|
key: auth.Key{
|
|
|
|
|
Type: auth.AccessKey,
|
|
|
|
|
IssuedAt: time.Now(),
|
|
|
|
|
},
|
|
|
|
|
token: accessToken,
|
|
|
|
|
err: nil,
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
desc: "issue login key with no time",
|
|
|
|
|
key: auth.Key{
|
|
|
|
|
Type: auth.AccessKey,
|
|
|
|
|
},
|
|
|
|
|
token: accessToken,
|
|
|
|
|
err: auth.ErrInvalidKeyIssuedAt,
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
desc: "issue API key",
|
|
|
|
|
key: auth.Key{
|
|
|
|
|
Type: auth.APIKey,
|
|
|
|
|
IssuedAt: time.Now(),
|
|
|
|
|
},
|
|
|
|
|
token: accessToken,
|
|
|
|
|
err: nil,
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
desc: "issue API key with an invalid token",
|
|
|
|
|
key: auth.Key{
|
|
|
|
|
Type: auth.APIKey,
|
|
|
|
|
IssuedAt: time.Now(),
|
|
|
|
|
},
|
|
|
|
|
token: "invalid",
|
|
|
|
|
err: errors.ErrAuthentication,
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
desc: "issue API key with no time",
|
|
|
|
|
key: auth.Key{
|
|
|
|
|
Type: auth.APIKey,
|
|
|
|
|
},
|
|
|
|
|
token: accessToken,
|
|
|
|
|
err: auth.ErrInvalidKeyIssuedAt,
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
desc: "issue recovery key",
|
|
|
|
|
key: auth.Key{
|
|
|
|
|
Type: auth.RecoveryKey,
|
|
|
|
|
IssuedAt: time.Now(),
|
|
|
|
|
},
|
|
|
|
|
token: "",
|
|
|
|
|
err: nil,
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
desc: "issue recovery with no issue time",
|
|
|
|
|
key: auth.Key{
|
|
|
|
|
Type: auth.RecoveryKey,
|
|
|
|
|
},
|
|
|
|
|
token: accessToken,
|
|
|
|
|
err: auth.ErrInvalidKeyIssuedAt,
|
|
|
|
|
},
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
for _, tc := range cases {
|
|
|
|
|
repocall := krepo.On("Save", mock.Anything, mock.Anything).Return(mock.Anything, tc.err)
|
|
|
|
|
_, err := svc.Issue(context.Background(), tc.token, tc.key)
|
|
|
|
|
assert.True(t, errors.Contains(err, tc.err), fmt.Sprintf("%s expected %s got %s\n", tc.desc, tc.err, err))
|
|
|
|
|
repocall.Unset()
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func TestRevoke(t *testing.T) {
|
|
|
|
|
svc, _ := newService()
|
|
|
|
|
secret, err := svc.Issue(context.Background(), "", auth.Key{Type: auth.AccessKey, IssuedAt: time.Now(), Subject: id})
|
|
|
|
|
assert.Nil(t, err, fmt.Sprintf("Issuing login key expected to succeed: %s", err))
|
|
|
|
|
key := auth.Key{
|
|
|
|
|
Type: auth.APIKey,
|
|
|
|
|
IssuedAt: time.Now(),
|
|
|
|
|
Subject: id,
|
|
|
|
|
}
|
|
|
|
|
_, err = svc.Issue(context.Background(), secret.AccessToken, key)
|
|
|
|
|
assert.Nil(t, err, fmt.Sprintf("Issuing user's key expected to succeed: %s", err))
|
|
|
|
|
|
|
|
|
|
cases := []struct {
|
|
|
|
|
desc string
|
|
|
|
|
id string
|
|
|
|
|
token string
|
|
|
|
|
err error
|
|
|
|
|
}{
|
|
|
|
|
{
|
|
|
|
|
desc: "revoke login key",
|
|
|
|
|
// id: newKey.ID,
|
|
|
|
|
token: secret.AccessToken,
|
|
|
|
|
err: nil,
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
desc: "revoke non-existing login key",
|
|
|
|
|
// id: newKey.ID,
|
|
|
|
|
token: secret.AccessToken,
|
|
|
|
|
err: nil,
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
desc: "revoke with empty login key",
|
|
|
|
|
// id: newKey.ID,
|
|
|
|
|
token: "",
|
|
|
|
|
err: errors.ErrAuthentication,
|
|
|
|
|
},
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
for _, tc := range cases {
|
|
|
|
|
err := svc.Revoke(context.Background(), tc.token, tc.id)
|
|
|
|
|
assert.True(t, errors.Contains(err, tc.err), fmt.Sprintf("%s expected %s got %s\n", tc.desc, tc.err, err))
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func TestRetrieve(t *testing.T) {
|
|
|
|
|
svc, _ := newService()
|
|
|
|
|
secret, err := svc.Issue(context.Background(), "", auth.Key{Type: auth.AccessKey, IssuedAt: time.Now(), Subject: id})
|
|
|
|
|
assert.Nil(t, err, fmt.Sprintf("Issuing login key expected to succeed: %s", err))
|
|
|
|
|
key := auth.Key{
|
|
|
|
|
ID: "id",
|
|
|
|
|
Type: auth.APIKey,
|
|
|
|
|
Subject: id,
|
|
|
|
|
IssuedAt: time.Now(),
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
userToken, err := svc.Issue(context.Background(), "", auth.Key{Type: auth.AccessKey, IssuedAt: time.Now(), Subject: id})
|
|
|
|
|
assert.Nil(t, err, fmt.Sprintf("Issuing login key expected to succeed: %s", err))
|
|
|
|
|
|
|
|
|
|
apiToken, err := svc.Issue(context.Background(), secret.AccessToken, key)
|
|
|
|
|
assert.Nil(t, err, fmt.Sprintf("Issuing login's key expected to succeed: %s", err))
|
|
|
|
|
|
|
|
|
|
resetToken, err := svc.Issue(context.Background(), "", auth.Key{Type: auth.RecoveryKey, IssuedAt: time.Now()})
|
|
|
|
|
assert.Nil(t, err, fmt.Sprintf("Issuing reset key expected to succeed: %s", err))
|
|
|
|
|
|
|
|
|
|
cases := []struct {
|
|
|
|
|
desc string
|
|
|
|
|
id string
|
|
|
|
|
token string
|
|
|
|
|
err error
|
|
|
|
|
}{
|
|
|
|
|
{
|
|
|
|
|
desc: "retrieve login key",
|
|
|
|
|
// id: apiKey.ID,
|
|
|
|
|
token: userToken.AccessToken,
|
|
|
|
|
err: nil,
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
desc: "retrieve non-existing login key",
|
|
|
|
|
id: "invalid",
|
|
|
|
|
token: userToken.AccessToken,
|
|
|
|
|
err: errors.ErrNotFound,
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
desc: "retrieve with wrong login key",
|
|
|
|
|
// id: apiKey.ID,
|
|
|
|
|
token: "wrong",
|
|
|
|
|
err: errors.ErrAuthentication,
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
desc: "retrieve with API token",
|
|
|
|
|
// id: apiKey.ID,
|
|
|
|
|
token: apiToken.AccessToken,
|
|
|
|
|
err: errors.ErrAuthentication,
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
desc: "retrieve with reset token",
|
|
|
|
|
// id: apiKey.ID,
|
|
|
|
|
token: resetToken.AccessToken,
|
|
|
|
|
err: errors.ErrAuthentication,
|
|
|
|
|
},
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
for _, tc := range cases {
|
|
|
|
|
_, err := svc.RetrieveKey(context.Background(), tc.token, tc.id)
|
|
|
|
|
assert.True(t, errors.Contains(err, tc.err), fmt.Sprintf("%s expected %s got %s\n", tc.desc, tc.err, err))
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func TestIdentify(t *testing.T) {
|
|
|
|
|
svc, _ := newService()
|
|
|
|
|
|
|
|
|
|
loginSecret, err := svc.Issue(context.Background(), "", auth.Key{Type: auth.AccessKey, IssuedAt: time.Now(), Subject: id})
|
|
|
|
|
assert.Nil(t, err, fmt.Sprintf("Issuing login key expected to succeed: %s", err))
|
|
|
|
|
|
|
|
|
|
recoverySecret, err := svc.Issue(context.Background(), "", auth.Key{Type: auth.RecoveryKey, IssuedAt: time.Now(), Subject: id})
|
|
|
|
|
assert.Nil(t, err, fmt.Sprintf("Issuing reset key expected to succeed: %s", err))
|
|
|
|
|
|
|
|
|
|
apiSecret, err := svc.Issue(context.Background(), loginSecret.AccessToken, auth.Key{Type: auth.APIKey, Subject: id, IssuedAt: time.Now(), ExpiresAt: time.Now().Add(time.Minute)})
|
|
|
|
|
assert.Nil(t, err, fmt.Sprintf("Issuing login key expected to succeed: %s", err))
|
|
|
|
|
|
|
|
|
|
exp1 := time.Now().Add(-2 * time.Second)
|
|
|
|
|
expSecret, err := svc.Issue(context.Background(), loginSecret.AccessToken, auth.Key{Type: auth.APIKey, IssuedAt: time.Now(), ExpiresAt: exp1})
|
|
|
|
|
assert.Nil(t, err, fmt.Sprintf("Issuing expired login key expected to succeed: %s", err))
|
|
|
|
|
|
|
|
|
|
invalidSecret, err := svc.Issue(context.Background(), loginSecret.AccessToken, auth.Key{Type: 22, IssuedAt: time.Now()})
|
|
|
|
|
assert.Nil(t, err, fmt.Sprintf("Issuing login key expected to succeed: %s", err))
|
|
|
|
|
|
|
|
|
|
cases := []struct {
|
|
|
|
|
desc string
|
|
|
|
|
key string
|
|
|
|
|
idt string
|
|
|
|
|
err error
|
|
|
|
|
}{
|
|
|
|
|
{
|
|
|
|
|
desc: "identify login key",
|
|
|
|
|
key: loginSecret.AccessToken,
|
|
|
|
|
idt: id,
|
|
|
|
|
err: nil,
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
desc: "identify recovery key",
|
|
|
|
|
key: recoverySecret.AccessToken,
|
|
|
|
|
idt: id,
|
|
|
|
|
err: nil,
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
desc: "identify API key",
|
|
|
|
|
key: apiSecret.AccessToken,
|
|
|
|
|
idt: id,
|
|
|
|
|
err: nil,
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
desc: "identify expired API key",
|
|
|
|
|
key: expSecret.AccessToken,
|
|
|
|
|
idt: "",
|
|
|
|
|
err: auth.ErrAPIKeyExpired,
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
desc: "identify expired key",
|
|
|
|
|
key: invalidSecret.AccessToken,
|
|
|
|
|
idt: "",
|
|
|
|
|
err: errors.ErrAuthentication,
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
desc: "identify invalid key",
|
|
|
|
|
key: "invalid",
|
|
|
|
|
idt: "",
|
|
|
|
|
err: errors.ErrAuthentication,
|
|
|
|
|
},
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
for _, tc := range cases {
|
|
|
|
|
idt, err := svc.Identify(context.Background(), tc.key)
|
|
|
|
|
assert.True(t, errors.Contains(err, tc.err), fmt.Sprintf("%s expected %s got %s\n", tc.desc, tc.err, err))
|
|
|
|
|
assert.Equal(t, tc.idt, idt, fmt.Sprintf("%s expected %s got %s\n", tc.desc, tc.idt, idt))
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func TestAuthorize(t *testing.T) {
|
|
|
|
|
svc, _ := newService()
|
|
|
|
|
|
|
|
|
|
pr := auth.PolicyReq{Object: authoritiesObj, Relation: memberRelation, Subject: id}
|
|
|
|
|
err := svc.Authorize(context.Background(), pr)
|
|
|
|
|
require.Nil(t, err, fmt.Sprintf("authorizing initial %v policy expected to succeed: %s", pr, err))
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func TestAddPolicy(t *testing.T) {
|
|
|
|
|
svc, _ := newService()
|
|
|
|
|
|
|
|
|
|
pr := auth.PolicyReq{Object: "obj", Relation: "rel", Subject: "sub"}
|
|
|
|
|
err := svc.AddPolicy(context.Background(), pr)
|
|
|
|
|
require.Nil(t, err, fmt.Sprintf("adding %v policy expected to succeed: %v", pr, err))
|
|
|
|
|
|
|
|
|
|
err = svc.Authorize(context.Background(), pr)
|
|
|
|
|
require.Nil(t, err, fmt.Sprintf("checking shared %v policy expected to be succeed: %#v", pr, err))
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func TestDeletePolicy(t *testing.T) {
|
|
|
|
|
svc, _ := newService()
|
|
|
|
|
|
|
|
|
|
pr := auth.PolicyReq{Object: authoritiesObj, Relation: memberRelation, Subject: id}
|
|
|
|
|
err := svc.DeletePolicy(context.Background(), pr)
|
|
|
|
|
require.Nil(t, err, fmt.Sprintf("deleting %v policy expected to succeed: %s", pr, err))
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func TestAddPolicies(t *testing.T) {
|
|
|
|
|
svc, _ := newService()
|
|
|
|
|
secret, err := svc.Issue(context.Background(), "", auth.Key{Type: auth.AccessKey, IssuedAt: time.Now(), Subject: id})
|
|
|
|
|
assert.Nil(t, err, fmt.Sprintf("Issuing login key expected to succeed: %s", err))
|
|
|
|
|
|
|
|
|
|
key := auth.Key{
|
|
|
|
|
ID: "id",
|
|
|
|
|
Type: auth.APIKey,
|
|
|
|
|
Subject: id,
|
|
|
|
|
IssuedAt: time.Now(),
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
apiToken, err := svc.Issue(context.Background(), secret.AccessToken, key)
|
|
|
|
|
assert.Nil(t, err, fmt.Sprintf("Issuing user's key expected to succeed: %s", err))
|
|
|
|
|
|
|
|
|
|
thingID, err := idProvider.ID()
|
|
|
|
|
assert.Nil(t, err, fmt.Sprintf("got unexpected error: %s", err))
|
|
|
|
|
|
|
|
|
|
tmpID := "tmpid"
|
|
|
|
|
|
|
|
|
|
// Add read policy to users.
|
|
|
|
|
err = svc.AddPolicies(context.Background(), apiToken.AccessToken, thingID, []string{id, tmpID}, []string{readPolicy})
|
|
|
|
|
assert.Nil(t, err, fmt.Sprintf("adding policies expected to succeed: %s", err))
|
|
|
|
|
|
|
|
|
|
// Add write and delete policies to users.
|
|
|
|
|
err = svc.AddPolicies(context.Background(), apiToken.AccessToken, thingID, []string{id, tmpID}, []string{writePolicy, deletePolicy})
|
|
|
|
|
assert.Nil(t, err, fmt.Sprintf("adding multiple policies expected to succeed: %s", err))
|
|
|
|
|
|
|
|
|
|
cases := []struct {
|
|
|
|
|
desc string
|
|
|
|
|
policy auth.PolicyReq
|
|
|
|
|
err error
|
|
|
|
|
}{
|
|
|
|
|
{
|
|
|
|
|
desc: "check valid 'read' policy of user with id",
|
|
|
|
|
policy: auth.PolicyReq{Object: thingID, Relation: readPolicy, Subject: id},
|
|
|
|
|
err: nil,
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
desc: "check valid 'write' policy of user with id",
|
|
|
|
|
policy: auth.PolicyReq{Object: thingID, Relation: writePolicy, Subject: id},
|
|
|
|
|
err: nil,
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
desc: "check valid 'delete' policy of user with id",
|
|
|
|
|
policy: auth.PolicyReq{Object: thingID, Relation: deletePolicy, Subject: id},
|
|
|
|
|
err: nil,
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
desc: "check valid 'read' policy of user with tmpid",
|
|
|
|
|
policy: auth.PolicyReq{Object: thingID, Relation: readPolicy, Subject: tmpID},
|
|
|
|
|
err: nil,
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
desc: "check valid 'write' policy of user with tmpid",
|
|
|
|
|
policy: auth.PolicyReq{Object: thingID, Relation: writePolicy, Subject: tmpID},
|
|
|
|
|
err: nil,
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
desc: "check valid 'delete' policy of user with tmpid",
|
|
|
|
|
policy: auth.PolicyReq{Object: thingID, Relation: deletePolicy, Subject: tmpID},
|
|
|
|
|
err: nil,
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
desc: "check invalid 'access' policy of user with id",
|
|
|
|
|
policy: auth.PolicyReq{Object: thingID, Relation: "access", Subject: id},
|
|
|
|
|
err: errors.ErrAuthorization,
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
desc: "check invalid 'access' policy of user with tmpid",
|
|
|
|
|
policy: auth.PolicyReq{Object: thingID, Relation: "access", Subject: tmpID},
|
|
|
|
|
err: errors.ErrAuthorization,
|
|
|
|
|
},
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
for _, tc := range cases {
|
|
|
|
|
err := svc.Authorize(context.Background(), tc.policy)
|
|
|
|
|
assert.True(t, errors.Contains(err, tc.err), fmt.Sprintf("%s: expected %v, got %v", tc.desc, tc.err, err))
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func TestDeletePolicies(t *testing.T) {
|
|
|
|
|
svc, _ := newService()
|
|
|
|
|
secret, err := svc.Issue(context.Background(), "", auth.Key{Type: auth.AccessKey, IssuedAt: time.Now(), Subject: id})
|
|
|
|
|
assert.Nil(t, err, fmt.Sprintf("Issuing login key expected to succeed: %s", err))
|
|
|
|
|
|
|
|
|
|
key := auth.Key{
|
|
|
|
|
ID: "id",
|
|
|
|
|
Type: auth.APIKey,
|
|
|
|
|
Subject: id,
|
|
|
|
|
IssuedAt: time.Now(),
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
apiToken, err := svc.Issue(context.Background(), secret.AccessToken, key)
|
|
|
|
|
assert.Nil(t, err, fmt.Sprintf("Issuing user's key expected to succeed: %s", err))
|
|
|
|
|
|
|
|
|
|
thingID, err := idProvider.ID()
|
|
|
|
|
assert.Nil(t, err, fmt.Sprintf("got unexpected error: %s", err))
|
|
|
|
|
|
|
|
|
|
tmpID := "tmpid"
|
|
|
|
|
memberPolicy := "member"
|
|
|
|
|
|
|
|
|
|
// Add read, write and delete policies to users.
|
|
|
|
|
err = svc.AddPolicies(context.Background(), apiToken.AccessToken, thingID, []string{id, tmpID}, []string{readPolicy, writePolicy, deletePolicy, memberPolicy})
|
|
|
|
|
assert.Nil(t, err, fmt.Sprintf("adding policies expected to succeed: %s", err))
|
|
|
|
|
|
|
|
|
|
// Delete multiple policies from single user.
|
|
|
|
|
err = svc.DeletePolicies(context.Background(), apiToken.AccessToken, thingID, []string{id}, []string{readPolicy, writePolicy})
|
|
|
|
|
assert.Nil(t, err, fmt.Sprintf("deleting policies from single user expected to succeed: %s", err))
|
|
|
|
|
|
|
|
|
|
// Delete multiple policies from multiple user.
|
|
|
|
|
err = svc.DeletePolicies(context.Background(), apiToken.AccessToken, thingID, []string{id, tmpID}, []string{deletePolicy, memberPolicy})
|
|
|
|
|
assert.Nil(t, err, fmt.Sprintf("deleting policies from multiple user expected to succeed: %s", err))
|
|
|
|
|
|
|
|
|
|
cases := []struct {
|
|
|
|
|
desc string
|
|
|
|
|
policy auth.PolicyReq
|
|
|
|
|
err error
|
|
|
|
|
}{
|
|
|
|
|
{
|
|
|
|
|
desc: "check non-existing 'read' policy of user with id",
|
|
|
|
|
policy: auth.PolicyReq{Object: thingID, Relation: readPolicy, Subject: id},
|
|
|
|
|
err: errors.ErrAuthorization,
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
desc: "check non-existing 'write' policy of user with id",
|
|
|
|
|
policy: auth.PolicyReq{Object: thingID, Relation: writePolicy, Subject: id},
|
|
|
|
|
err: errors.ErrAuthorization,
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
desc: "check non-existing 'delete' policy of user with id",
|
|
|
|
|
policy: auth.PolicyReq{Object: thingID, Relation: deletePolicy, Subject: id},
|
|
|
|
|
err: errors.ErrAuthorization,
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
desc: "check non-existing 'member' policy of user with id",
|
|
|
|
|
policy: auth.PolicyReq{Object: thingID, Relation: memberPolicy, Subject: id},
|
|
|
|
|
err: errors.ErrAuthorization,
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
desc: "check non-existing 'delete' policy of user with tmpid",
|
|
|
|
|
policy: auth.PolicyReq{Object: thingID, Relation: deletePolicy, Subject: tmpID},
|
|
|
|
|
err: errors.ErrAuthorization,
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
desc: "check non-existing 'member' policy of user with tmpid",
|
|
|
|
|
policy: auth.PolicyReq{Object: thingID, Relation: memberPolicy, Subject: tmpID},
|
|
|
|
|
err: errors.ErrAuthorization,
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
desc: "check valid 'read' policy of user with tmpid",
|
|
|
|
|
policy: auth.PolicyReq{Object: thingID, Relation: readPolicy, Subject: tmpID},
|
|
|
|
|
err: nil,
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
desc: "check valid 'write' policy of user with tmpid",
|
|
|
|
|
policy: auth.PolicyReq{Object: thingID, Relation: writePolicy, Subject: tmpID},
|
|
|
|
|
err: nil,
|
|
|
|
|
},
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
for _, tc := range cases {
|
|
|
|
|
err := svc.Authorize(context.Background(), tc.policy)
|
|
|
|
|
assert.True(t, errors.Contains(err, tc.err), fmt.Sprintf("%s: expected %v, got %v", tc.desc, tc.err, err))
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func TestListPolicies(t *testing.T) {
|
|
|
|
|
svc, _ := newService()
|
|
|
|
|
secret, err := svc.Issue(context.Background(), "", auth.Key{Type: auth.AccessKey, IssuedAt: time.Now(), Subject: id})
|
|
|
|
|
assert.Nil(t, err, fmt.Sprintf("Issuing login key expected to succeed: %s", err))
|
|
|
|
|
|
|
|
|
|
key := auth.Key{
|
|
|
|
|
ID: "id",
|
|
|
|
|
Type: auth.APIKey,
|
|
|
|
|
Subject: id,
|
|
|
|
|
IssuedAt: time.Now(),
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
apiToken, err := svc.Issue(context.Background(), secret.AccessToken, key)
|
|
|
|
|
assert.Nil(t, err, fmt.Sprintf("Issuing user's key expected to succeed: %s", err))
|
|
|
|
|
pageLen := 15
|
|
|
|
|
|
|
|
|
|
// Add arbitrary policies to the user.
|
|
|
|
|
for i := 0; i < pageLen; i++ {
|
|
|
|
|
err = svc.AddPolicies(context.Background(), apiToken.AccessToken, fmt.Sprintf("thing-%d", i), []string{id}, []string{readPolicy})
|
|
|
|
|
assert.Nil(t, err, fmt.Sprintf("adding policies expected to succeed: %s", err))
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
page, err := svc.ListObjects(context.Background(), auth.PolicyReq{Subject: id, Relation: readPolicy}, "", 100)
|
|
|
|
|
assert.Nil(t, err, fmt.Sprintf("listing policies expected to succeed: %s", err))
|
|
|
|
|
assert.Equal(t, pageLen, len(page.Policies), fmt.Sprintf("unexpected listing page size, expected %d, got %d: %v", pageLen, len(page.Policies), err))
|
|
|
|
|
}
|