diff options
Diffstat (limited to 'internal/authz')
| -rw-r--r-- | internal/authz/middleware.go | 5 | ||||
| -rw-r--r-- | internal/authz/middleware_test.go | 18 |
2 files changed, 22 insertions, 1 deletions
diff --git a/internal/authz/middleware.go b/internal/authz/middleware.go index 6763323..abebcdb 100644 --- a/internal/authz/middleware.go +++ b/internal/authz/middleware.go @@ -54,6 +54,7 @@ func Authorization(adminSvc *admin.Servicer, next http.Handler) http.Handler { urn, ok := ctx.Value(AuthzUrnKey).(string) if !ok || urn == "" { http.Error(rw, "Bad Request", http.StatusBadRequest) + return } repo := req.URL.Path action := req.Method @@ -61,10 +62,12 @@ func Authorization(adminSvc *admin.Servicer, next http.Handler) http.Handler { if err != nil { log.Printf("error running enforce %s", err) http.Error(rw, "Bad Request", http.StatusBadRequest) + return } if !ok { - log.Printf("Access denied") + log.Printf("Not Authorized - attempted access %s", urn) http.Error(rw, "Access denied", http.StatusForbidden) + return } log.Printf("Method %s Url %s", action, repo) next.ServeHTTP(rw, req.WithContext(ctx)) diff --git a/internal/authz/middleware_test.go b/internal/authz/middleware_test.go index 9ed9081..314c24e 100644 --- a/internal/authz/middleware_test.go +++ b/internal/authz/middleware_test.go @@ -1,8 +1,11 @@ package authz import ( + "bytes" "context" "fmt" + "io" + "log" "net/http" "net/http/httptest" "testing" @@ -13,6 +16,10 @@ import ( func junkTestHandler() http.HandlerFunc { return func(rw http.ResponseWriter, req *http.Request) { rw.WriteHeader(http.StatusOK) + _, err := rw.Write([]byte("Im a body")) + if err != nil { + log.Fatalf("couldn't write http body %s", err) + } } } @@ -89,18 +96,21 @@ func TestAuthorization(t *testing.T) { user string expectedStatus int description string + body []byte }{ { url: fmt.Sprintf("%s/%s", baseURL, "repo/url"), user: "uid:jack", expectedStatus: 200, description: "an authorized action should yield a 200", + body: []byte("Im a body"), }, { url: fmt.Sprintf("%s/%s", baseURL, "repo/url/bar"), user: "uid:chumba", expectedStatus: 403, description: "an unauthorized action should yield a 403", + body: []byte("Access denied\n"), }, } svcr := admin.NewService( @@ -120,8 +130,16 @@ func TestAuthorization(t *testing.T) { authHandler.ServeHTTP(recorder, req) result := recorder.Result() defer result.Body.Close() + body, err := io.ReadAll(result.Body) + if err != nil { + t.Fatal("couldn't read response body") + } + if result.StatusCode != tc.expectedStatus { t.Fatalf("Test Case %s failed Expected: %d Found: %d", tc.description, tc.expectedStatus, result.StatusCode) } + if !bytes.Equal(body, tc.body) { + t.Fatalf("Test Case %s failed Expected: %d Found: %d", tc.description, tc.body, body) + } } } |