From e6858db64f9a1c0121aed972cf7426a746eb7175 Mon Sep 17 00:00:00 2001 From: Zach Smith Date: Wed, 3 May 2017 17:42:45 -0700 Subject: Update AuthProvider to use cached permissions token --- src/test/scala/xyz/driver/core/AuthTest.scala | 71 ++++++++++++++++++++------- 1 file changed, 52 insertions(+), 19 deletions(-) (limited to 'src/test/scala/xyz/driver') diff --git a/src/test/scala/xyz/driver/core/AuthTest.scala b/src/test/scala/xyz/driver/core/AuthTest.scala index ad8cec8..441b9c8 100644 --- a/src/test/scala/xyz/driver/core/AuthTest.scala +++ b/src/test/scala/xyz/driver/core/AuthTest.scala @@ -3,39 +3,49 @@ package xyz.driver.core import akka.http.scaladsl.model.headers.{HttpChallenges, RawHeader} import akka.http.scaladsl.server.AuthenticationFailedRejection.CredentialsRejected import akka.http.scaladsl.server.Directives._ -import akka.http.scaladsl.server._ +import akka.http.scaladsl.server.{RequestContext => _, _} import akka.http.scaladsl.testkit.ScalatestRouteTest import org.scalatest.mock.MockitoSugar import org.scalatest.{FlatSpec, Matchers} +import pdi.jwt.{Jwt, JwtAlgorithm} import xyz.driver.core.auth._ import xyz.driver.core.logging._ -import xyz.driver.core.rest.{AuthProvider, Authorization, ServiceRequestContext} +import xyz.driver.core.rest.{AuthProvider, AuthenticatedRequestContext, Authorization, RequestContext} import scala.concurrent.Future import scalaz.OptionT class AuthTest extends FlatSpec with Matchers with MockitoSugar with ScalatestRouteTest { - case object TestRoleAllowedPermission extends Permission - case object TestRoleNotAllowedPermission extends Permission + case object TestRoleAllowedPermission extends Permission + case object TestRoleAllowedByTokenPermission extends Permission + case object TestRoleNotAllowedPermission extends Permission val TestRole = Role(Id("1"), Name("testRole")) - implicit val exec = scala.concurrent.ExecutionContext.global + val (publicKey, privateKey) = { + import java.security.KeyPairGenerator - val authorization: Authorization = new Authorization { - override def userHasPermission(user: User, permission: Permission)( - implicit ctx: ServiceRequestContext): Future[Boolean] = { - Future.successful(permission === TestRoleAllowedPermission) - } + val keygen = KeyPairGenerator.getInstance("RSA") + keygen.initialize(2048) + + val keyPair = keygen.generateKeyPair() + (keyPair.getPublic, keyPair.getPrivate) } - val authStatusService = new AuthProvider[User](authorization, NoLogger) { + val authorization: Authorization[User] = new Authorization[User] { - override def isSessionValid(user: User)(implicit ctx: ServiceRequestContext): Future[Boolean] = - Future.successful(true) + override def userHasPermissions(permissions: Seq[Permission])( + implicit ctx: AuthenticatedRequestContext[User]): OptionT[Future, + (Map[Permission, Boolean], PermissionsToken)] = { + val permissionsMap = permissions.map(p => p -> (p === TestRoleAllowedPermission)).toMap + val token = PermissionsToken("TODO") + OptionT.optionT(Future.successful(Option((permissionsMap, token)))) + } + } - override def authenticatedUser(implicit ctx: ServiceRequestContext): OptionT[Future, User] = + val authStatusService = new AuthProvider[User](authorization, publicKey, NoLogger) { + override def authenticatedUser(implicit ctx: RequestContext): OptionT[Future, User] = OptionT.optionT[Future] { if (ctx.contextHeaders.keySet.contains(AuthProvider.AuthenticationTokenHeader)) { Future.successful(Some(BasicUser(Id[User]("1"), Set(TestRole)))) @@ -47,7 +57,7 @@ class AuthTest extends FlatSpec with Matchers with MockitoSugar with ScalatestRo import authStatusService._ - "'authorize' directive" should "throw error is auth token is not in the request" in { + "'authorize' directive" should "throw error if auth token is not in the request" in { Get("/naive/attempt") ~> authorize(TestRoleAllowedPermission) { user => @@ -59,7 +69,7 @@ class AuthTest extends FlatSpec with Matchers with MockitoSugar with ScalatestRo } } - it should "throw error is authorized user is not having the requested permission" in { + it should "throw error if authorized user does not have the requested permission" in { val referenceAuthToken = AuthToken("I am a test role's token") @@ -85,12 +95,35 @@ class AuthTest extends FlatSpec with Matchers with MockitoSugar with ScalatestRo Get("/valid/attempt/?a=2&b=5").addHeader( RawHeader(AuthProvider.AuthenticationTokenHeader, referenceAuthToken.value) ) ~> - authorize(TestRoleAllowedPermission) { user => - complete("Alright, user \"" + user.id + "\" is authorized") + authorize(TestRoleAllowedPermission) { ctx => + complete(s"Alright, user ${ctx.authenticatedUser.id} is authorized") + } ~> + check { + handled shouldBe true + responseAs[String] shouldBe "Alright, user 1 is authorized" + } + } + + it should "authorize permission found in permissions token" in { + import spray.json._ + + val claim = JsObject(Map( + "iss" -> JsString("users"), + "sub" -> JsString("1"), + "permissions" -> JsObject(Map(TestRoleAllowedByTokenPermission.toString -> JsBoolean(true))) + )).prettyPrint + val permissionsToken = PermissionsToken(Jwt.encode(claim, privateKey, JwtAlgorithm.RS256)) + val referenceAuthToken = AuthToken("I am token") + + Get("/alic/attempt/?a=2&b=5") + .addHeader(RawHeader(AuthProvider.AuthenticationTokenHeader, referenceAuthToken.value)) + .addHeader(RawHeader(AuthProvider.PermissionsTokenHeader, permissionsToken.value)) ~> + authorize(TestRoleAllowedByTokenPermission) { ctx => + complete(s"Alright, user ${ctx.authenticatedUser.id} is authorized by permissions token") } ~> check { handled shouldBe true - responseAs[String] shouldBe "Alright, user \"1\" is authorized" + responseAs[String] shouldBe "Alright, user 1 is authorized by permissions token" } } } -- cgit v1.2.3