doesnm/quickshare
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

test(auth): add permission tests for files and settings api

Browse source
This commit is contained in:
hexxa 2022-02-23 11:40:51 +08:00 committed by Hexxa
parent cff87bdddd
commit d2d269171d
5 changed files with 404 additions and 317 deletions
Download patch file Download diff file Expand all files Collapse all files

5
src/handlers/fileshdr/handlers.go
View file

@ -992,6 +992,11 @@ func (h *FileHandlers) GenerateHash(c *gin.Context) {
return return
} }
if req.FilePath == "" {
c.JSON(q.ErrResp(c, 400, errors.New("invalid file path")))
return
}
role := c.MustGet(q.RoleParam).(string) role := c.MustGet(q.RoleParam).(string)
userName := c.MustGet(q.UserParam).(string) userName := c.MustGet(q.UserParam).(string)
if !h.canAccess(userName, role, "hash.gen", req.FilePath) { if !h.canAccess(userName, role, "hash.gen", req.FilePath) {

8
src/handlers/settings/handlers.go
View file

@ -73,7 +73,7 @@ func (h *SettingsSvc) SetClientCfg(c *gin.Context) {
role := c.MustGet(q.RoleParam).(string) role := c.MustGet(q.RoleParam).(string)
if role != userstore.AdminRole { if role != userstore.AdminRole {
c.JSON(q.ErrResp(c, 401, q.ErrUnauthorized)) c.JSON(q.ErrResp(c, 403, q.ErrUnauthorized))
return return
} }
@ -102,6 +102,12 @@ type ClientErrorReports struct {
} }
func (h *SettingsSvc) ReportErrors(c *gin.Context) { func (h *SettingsSvc) ReportErrors(c *gin.Context) {
role := c.MustGet(q.RoleParam).(string)
if role == userstore.VisitorRole {
c.JSON(q.ErrResp(c, 403, q.ErrUnauthorized))
return
}
var err error var err error
req := &ClientErrorReports{} req := &ClientErrorReports{}
if err = c.ShouldBindJSON(&req); err != nil { if err = c.ShouldBindJSON(&req); err != nil {

590
src/server/server_permission_test.go
View file

@ -2,6 +2,7 @@ package server
import ( import (
"encoding/base64" "encoding/base64"
"fmt"
"net/http" "net/http"
"os" "os"
"path/filepath" "path/filepath"
@ -11,6 +12,7 @@ import (
"github.com/ihexxa/quickshare/src/client" "github.com/ihexxa/quickshare/src/client"
"github.com/ihexxa/quickshare/src/db/userstore" "github.com/ihexxa/quickshare/src/db/userstore"
q "github.com/ihexxa/quickshare/src/handlers" q "github.com/ihexxa/quickshare/src/handlers"
"github.com/ihexxa/quickshare/src/handlers/settings"
) )
func TestPermissions(t *testing.T) { func TestPermissions(t *testing.T) {
@ -81,76 +83,49 @@ func TestPermissions(t *testing.T) {
// tests only check the status code for checking permission // tests only check the status code for checking permission
t.Run("Users API Permissions", func(t *testing.T) { t.Run("Users API Permissions", func(t *testing.T) {
testUsersAPIs := func(user string, pwd string, requireAuth bool, expectedCodes map[string]int) { testUsersAPIs := func(user string, pwd string, requireAuth bool, expectedCodes map[string]int) {
desc := user
cl := client.NewSingleUserClient(addr) cl := client.NewSingleUserClient(addr)
token := &http.Cookie{} token := &http.Cookie{}
if requireAuth { if requireAuth {
resp, _, errs := cl.Login(user, pwd) resp, _, errs := cl.Login(user, pwd)
if len(errs) > 0 { assertResp(t, resp, errs, 200, desc)
t.Fatal(errs)
} else if resp.StatusCode != 200 {
t.Fatal(resp.StatusCode)
}
token = client.GetCookie(resp.Cookies(), q.TokenCookie) token = client.GetCookie(resp.Cookies(), q.TokenCookie)
} }
expectedCode := expectedCodes["SetPwd"]
newPwd := "12345" newPwd := "12345"
resp, _, errs := cl.SetPwd(pwd, newPwd, token) newRole := userstore.AdminRole
if len(errs) > 0 { newQuota := &userstore.Quota{
t.Fatal(errs) SpaceLimit: int64(2046),
} else if resp.StatusCode != expectedCode { UploadSpeedLimit: int(8 * 1024 * 1024),
t.Fatal(resp.StatusCode) DownloadSpeedLimit: int(8 * 1024 * 1024),
} }
// set back the pwd
resp, _, errs = cl.SetPwd(newPwd, pwd, token)
if len(errs) > 0 {
t.Fatal(errs)
} else if resp.StatusCode != expectedCode {
t.Fatal(resp.StatusCode)
}
expectedCode = expectedCodes["Self"]
resp, selfResp, errs := cl.Self(token)
if len(errs) > 0 {
t.Fatal(errs)
} else if resp.StatusCode != expectedCode {
t.Fatal(resp.StatusCode)
}
expectedCode = expectedCodes["SetPreferences"]
prefer := selfResp.Preferences
resp, _, errs = cl.SetPreferences(prefer, token)
if len(errs) > 0 {
t.Fatal(errs)
} else if resp.StatusCode != expectedCode {
t.Fatal(resp.StatusCode)
}
expectedCode = expectedCodes["IsAuthed"]
resp, _, errs = cl.IsAuthed(token)
if len(errs) > 0 {
t.Fatal(errs)
} else if resp.StatusCode != expectedCode {
t.Fatalf("%s %d %d", user, expectedCode, resp.StatusCode)
}
// test user operations
expectedCode = expectedCodes["AddUser"]
tmpUser, tmpPwd, tmpRole := "tmpUser", "1234", "admin" tmpUser, tmpPwd, tmpRole := "tmpUser", "1234", "admin"
resp, addUserResp, errs := cl.AddUser(tmpUser, tmpPwd, tmpRole, token) tmpNewRole := "tmpNewRole"
if len(errs) > 0 {
t.Fatal(errs) resp, _, errs := cl.SetPwd(pwd, newPwd, token)
} else if resp.StatusCode != expectedCode { assertResp(t, resp, errs, expectedCodes["SetPwd"], desc)
t.Fatalf("%s %d %d", user, expectedCode, resp.StatusCode)
} // set back the password
resp, _, errs = cl.SetPwd(newPwd, pwd, token)
assertResp(t, resp, errs, expectedCodes["SetPwd"], desc)
resp, selfResp, errs := cl.Self(token)
assertResp(t, resp, errs, expectedCodes["Self"], desc)
prefer := selfResp.Preferences
resp, _, errs = cl.SetPreferences(prefer, token)
assertResp(t, resp, errs, expectedCodes["SetPreferences"], desc)
resp, _, errs = cl.IsAuthed(token)
assertResp(t, resp, errs, expectedCodes["IsAuthed"], desc)
resp, addUserResp, errs := cl.AddUser(tmpUser, tmpPwd, tmpRole, token)
assertResp(t, resp, errs, expectedCodes["AddUser"], desc)
expectedCode = expectedCodes["ListUsers"]
resp, _, errs = cl.ListUsers(token) resp, _, errs = cl.ListUsers(token)
if len(errs) > 0 { assertResp(t, resp, errs, expectedCodes["ListUsers"], desc)
t.Fatal(errs)
} else if resp.StatusCode != expectedCode {
t.Fatalf("%s %d %d", user, expectedCode, resp.StatusCode)
}
// TODO: the id here should be uint64 // TODO: the id here should be uint64
tmpUserID := uint64(0) tmpUserID := uint64(0)
@ -169,76 +144,31 @@ func TestPermissions(t *testing.T) {
} }
} }
newRole := userstore.AdminRole
newQuota := &userstore.Quota{
SpaceLimit: int64(2046),
UploadSpeedLimit: int(8 * 1024 * 1024),
DownloadSpeedLimit: int(8 * 1024 * 1024),
}
// update self // update self
expectedCode = expectedCodes["SetUserSelf"]
resp, _, errs = cl.SetUser(userID, newRole, newQuota, token) resp, _, errs = cl.SetUser(userID, newRole, newQuota, token)
if len(errs) > 0 { assertResp(t, resp, errs, expectedCodes["SetUserSelf"], desc)
t.Fatal(errs)
} else if resp.StatusCode != expectedCode {
t.Fatalf("%s %d %d", user, expectedCode, resp.StatusCode)
}
// update other users // update other users
expectedCode = expectedCodes["SetUserOthers"]
resp, _, errs = cl.SetUser(tmpUserID, userstore.AdminRole, newQuota, token) resp, _, errs = cl.SetUser(tmpUserID, userstore.AdminRole, newQuota, token)
if len(errs) > 0 { assertResp(t, resp, errs, expectedCodes["SetUserOthers"], desc)
t.Fatal(errs)
} else if resp.StatusCode != expectedCode {
t.Fatalf("%s %d %d", user, expectedCode, resp.StatusCode)
}
resp, _, errs = cl.SetUser(0, userstore.UserRole, newQuota, token) resp, _, errs = cl.SetUser(0, userstore.UserRole, newQuota, token)
if len(errs) > 0 { assertResp(t, resp, errs, expectedCodes["SetUserOthers"], desc)
t.Fatal(errs)
} else if resp.StatusCode != expectedCode {
t.Fatalf("%s %d %d", user, expectedCode, resp.StatusCode)
}
expectedCode = expectedCodes["DelUser"]
resp, _, errs = cl.DelUser(addUserResp.ID, token) resp, _, errs = cl.DelUser(addUserResp.ID, token)
if len(errs) > 0 { assertResp(t, resp, errs, expectedCodes["DelUser"], desc)
t.Fatal(errs)
} else if resp.StatusCode != expectedCode {
t.Fatalf("%s %d %d", user, expectedCode, resp.StatusCode)
}
// test role operations // test role operations
expectedCode = expectedCodes["AddRole"]
tmpNewRole := "tmpNewRole"
resp, _, errs = cl.AddRole(tmpNewRole, token) resp, _, errs = cl.AddRole(tmpNewRole, token)
if len(errs) > 0 { assertResp(t, resp, errs, expectedCodes["AddRole"], desc)
t.Fatal(errs)
} else if resp.StatusCode != expectedCode {
t.Fatalf("%s %d %d", user, expectedCode, resp.StatusCode)
}
expectedCode = expectedCodes["ListRoles"]
resp, _, errs = cl.ListRoles(token) resp, _, errs = cl.ListRoles(token)
if len(errs) > 0 { assertResp(t, resp, errs, expectedCodes["ListRoles"], desc)
t.Fatal(errs)
} else if resp.StatusCode != expectedCode {
t.Fatalf("%s %d %d", user, expectedCode, resp.StatusCode)
}
expectedCode = expectedCodes["DelRole"]
resp, _, errs = cl.DelRole(tmpNewRole, token) resp, _, errs = cl.DelRole(tmpNewRole, token)
if len(errs) > 0 { assertResp(t, resp, errs, expectedCodes["DelRole"], desc)
t.Fatal(errs)
} else if resp.StatusCode != expectedCode {
t.Fatalf("%s %d %d", user, expectedCode, resp.StatusCode)
}
if requireAuth { if requireAuth {
resp, _, errs := cl.Logout(token) resp, _, errs := cl.Logout(token)
if len(errs) > 0 { assertResp(t, resp, errs, 200, desc)
t.Fatal(errs)
} else if resp.StatusCode != 200 {
t.Fatal(resp.StatusCode)
}
} }
} }
@ -290,68 +220,42 @@ func TestPermissions(t *testing.T) {
}) })
t.Run("Files operation API Permissions", func(t *testing.T) { t.Run("Files operation API Permissions", func(t *testing.T) {
// ListUploadings(c *gin.Context) {
// DelUploading(c *gin.Context) {
// AddSharing(c *gin.Context) {
// DelSharing(c *gin.Context) {
// IsSharing(c *gin.Context) {
// ListSharings(c *gin.Context) {
// ListSharingIDs(c *gin.Context) {
// GenerateHash(c *gin.Context) {
// GetSharingDir(c *gin.Context) {
testFolderOpPermission := func(user string, pwd string, requireAuth bool, expectedCodes map[string]int) { testFolderOpPermission := func(user string, pwd string, requireAuth bool, expectedCodes map[string]int) {
// List(c *gin.Context) { // List
// ListHome(c *gin.Context) { // ListHome
// Mkdir(c *gin.Context) { // Mkdir
// Move(c *gin.Context) { // Move
// Create
// Create(c *gin.Context) { // UploadChunk
// UploadChunk(c *gin.Context) { // UploadStatus
// UploadStatus(c *gin.Context) { // Metadata
// Metadata(c *gin.Context) { // Move
// Move(c *gin.Context) { // Download
// Download(c *gin.Context) { // Delete
// GetStreamReader(userID uint64, fd io.Reader) (io.ReadCloser, error) {
// Delete(c *gin.Context) {
cl := client.NewSingleUserClient(addr) cl := client.NewSingleUserClient(addr)
token := &http.Cookie{} token := &http.Cookie{}
desc := user
if requireAuth { if requireAuth {
resp, _, errs := cl.Login(user, pwd) resp, _, errs := cl.Login(user, pwd)
if len(errs) > 0 { assertResp(t, resp, errs, 200, desc)
t.Fatal(errs)
} else if resp.StatusCode != 200 {
t.Fatal(resp.StatusCode)
}
token = client.GetCookie(resp.Cookies(), q.TokenCookie) token = client.GetCookie(resp.Cookies(), q.TokenCookie)
} }
filesCl := client.NewFilesClient(addr, token) filesCl := client.NewFilesClient(addr, token)
expectedCode := expectedCodes["ListHome"]
resp, lhResp, errs := filesCl.ListHome() resp, lhResp, errs := filesCl.ListHome()
if len(errs) > 0 { assertResp(t, resp, errs, expectedCodes["ListHome"], desc)
t.Fatal(errs)
} else if resp.StatusCode != expectedCode {
t.Fatal(user, resp.StatusCode, expectedCode)
}
expectedCode = expectedCodes["List"]
homePath := lhResp.Cwd homePath := lhResp.Cwd
if !requireAuth { if !requireAuth {
homePath = "/" homePath = "/"
} }
resp, _, errs = filesCl.List(homePath)
if len(errs) > 0 {
t.Fatal(errs)
} else if resp.StatusCode != expectedCode {
t.Fatal(user, resp.StatusCode, expectedCode)
}
expectedCode = expectedCodes["ListPaths"] resp, _, errs = filesCl.List(homePath)
assertResp(t, resp, errs, expectedCodes["List"], desc)
for _, itemPath := range []string{ for _, itemPath := range []string{
"/", "/",
"admin/", "admin/",
@ -360,38 +264,22 @@ func TestPermissions(t *testing.T) {
"user2/files", "user2/files",
} { } {
resp, _, errs = filesCl.List(itemPath) resp, _, errs = filesCl.List(itemPath)
if len(errs) > 0 { assertResp(t, resp, errs, expectedCodes["ListPaths"], desc)
t.Fatal(errs)
} else if resp.StatusCode != expectedCode {
t.Fatal(user, resp.StatusCode, expectedCode)
}
} }
expectedCode = expectedCodes["Mkdir"]
testPath := filepath.Join(lhResp.Cwd, "test") testPath := filepath.Join(lhResp.Cwd, "test")
resp, _, errs = filesCl.Mkdir(testPath)
if len(errs) > 0 {
t.Fatal(errs)
} else if resp.StatusCode != expectedCode {
t.Fatal(user, resp.StatusCode, expectedCode)
}
expectedCode = expectedCodes["Move"] resp, _, errs = filesCl.Mkdir(testPath)
assertResp(t, resp, errs, expectedCodes["Mkdir"], desc)
newPath := filepath.Join(lhResp.Cwd, "test2") newPath := filepath.Join(lhResp.Cwd, "test2")
resp, _, errs = filesCl.Move(testPath, newPath) resp, _, errs = filesCl.Move(testPath, newPath)
if len(errs) > 0 { assertResp(t, resp, errs, expectedCodes["Move"], desc)
t.Fatal(errs)
} else if resp.StatusCode != expectedCode {
t.Fatal(user, resp.StatusCode, expectedCode)
}
if requireAuth { if requireAuth {
resp, _, errs := cl.Logout(token) resp, _, errs := cl.Logout(token)
if len(errs) > 0 { assertResp(t, resp, errs, 200, desc)
t.Fatal(errs)
} else if resp.StatusCode != 200 {
t.Fatal(user, resp.StatusCode, expectedCode)
}
} }
} }
@ -418,13 +306,18 @@ func TestPermissions(t *testing.T) {
}) })
testFileOpPermission := func(user string, pwd string, requireAuth bool, targetPath, targetFile string, expectedCodes map[string]int) { testFileOpPermission := func(user string, pwd string, requireAuth bool, targetPath, targetFile string, expectedCodes map[string]int) {
// Create(c *gin.Context) { // Create
// UploadChunk(c *gin.Context) { // UploadChunk
// UploadStatus(c *gin.Context) { // UploadStatus
// Metadata(c *gin.Context) { // Metadata
// Move(c *gin.Context) { // Move
// Download(c *gin.Context) { // Download
// Delete(c *gin.Context) { // Delete
// ListUploadings
// DelUploading
// GenerateHash
cl := client.NewSingleUserClient(addr) cl := client.NewSingleUserClient(addr)
token := &http.Cookie{} token := &http.Cookie{}
@ -438,157 +331,167 @@ func TestPermissions(t *testing.T) {
token = client.GetCookie(resp.Cookies(), q.TokenCookie) token = client.GetCookie(resp.Cookies(), q.TokenCookie)
} }
expectedCode := expectedCodes["ListHome"] desc := user
filesCl := client.NewFilesClient(addr, token)
resp, _, errs := filesCl.ListHome()
if len(errs) > 0 {
t.Fatal(errs)
} else if resp.StatusCode != expectedCode {
t.Fatal(user, resp.StatusCode, expectedCode)
}
fileContent := []byte("01010") fileContent := []byte("01010")
filePath := filepath.Join(targetPath, "old") filePath := filepath.Join(targetPath, "old")
fileSize := int64(len(fileContent)) fileSize := int64(len(fileContent))
expectedCode = expectedCodes["Create"] filesCl := client.NewFilesClient(addr, token)
resp, _, errs = filesCl.Create(filePath, fileSize)
if len(errs) > 0 {
t.Fatal(errs)
} else if resp.StatusCode != expectedCode {
t.Fatal(user, resp.StatusCode, expectedCode)
}
expectedCode = expectedCodes["UploadStatus"]
resp, _, errs = filesCl.UploadStatus(filePath)
if len(errs) > 0 {
t.Fatal(errs)
} else if resp.StatusCode != expectedCode {
t.Fatal(user, resp.StatusCode, expectedCode)
}
expectedCode = expectedCodes["UploadChunk"]
base64Content := base64.StdEncoding.EncodeToString([]byte(fileContent)) base64Content := base64.StdEncoding.EncodeToString([]byte(fileContent))
newPath := filepath.Join(targetPath, "new")
resp, _, errs := filesCl.ListHome()
assertResp(t, resp, errs, expectedCodes["ListHome"], fmt.Sprintf("%s-%s", desc, "ListHome"))
resp, _, errs = filesCl.List(targetPath)
assertResp(t, resp, errs, expectedCodes["ListTarget"], fmt.Sprintf("%s-%s", desc, "ListTarget"))
resp, _, errs = filesCl.Create(filePath, fileSize)
assertResp(t, resp, errs, expectedCodes["Create"], fmt.Sprintf("%s-%s", desc, "Create"))
resp, _, errs = filesCl.ListUploadings()
assertResp(t, resp, errs, expectedCodes["ListUploadings"], fmt.Sprintf("%s-%s", desc, "ListUploadings"))
resp, _, errs = filesCl.DelUploading(filePath)
assertResp(t, resp, errs, expectedCodes["DelUploading"], fmt.Sprintf("%s-%s", desc, "DelUploading"))
// create again
resp, _, errs = filesCl.Create(filePath, fileSize)
assertResp(t, resp, errs, expectedCodes["Create"], fmt.Sprintf("%s-%s", desc, "Create"))
resp, _, errs = filesCl.UploadStatus(filePath)
assertResp(t, resp, errs, expectedCodes["UploadStatus"], fmt.Sprintf("%s-%s", desc, "UploadStatus"))
resp, _, errs = filesCl.UploadChunk(filePath, base64Content, 0) resp, _, errs = filesCl.UploadChunk(filePath, base64Content, 0)
if len(errs) > 0 { assertResp(t, resp, errs, expectedCodes["UploadChunk"], fmt.Sprintf("%s-%s", desc, "UploadChunk"))
t.Fatal(errs)
} else if resp.StatusCode != expectedCode {
t.Fatal(user, resp.StatusCode, expectedCode)
}
expectedCode = expectedCodes["Metadata"]
resp, _, errs = filesCl.Metadata(filePath) resp, _, errs = filesCl.Metadata(filePath)
if len(errs) > 0 { assertResp(t, resp, errs, expectedCodes["Metadata"], fmt.Sprintf("%s-%s", desc, "Metadata"))
t.Fatal(errs)
} else if resp.StatusCode != expectedCode {
t.Fatal(user, resp.StatusCode, expectedCode)
}
expectedCode = expectedCodes["MetadataTarget"]
resp, _, errs = filesCl.Metadata(targetPath) resp, _, errs = filesCl.Metadata(targetPath)
if len(errs) > 0 { assertResp(t, resp, errs, expectedCodes["MetadataTarget"], fmt.Sprintf("%s-%s", desc, "MetadataTarget"))
t.Fatal(errs)
} else if resp.StatusCode != expectedCode { resp, _, errs = filesCl.GenerateHash(filePath)
t.Fatal(user, resp.StatusCode, expectedCode) assertResp(t, resp, errs, expectedCodes["GenerateHash"], fmt.Sprintf("%s-%s", desc, "GenerateHash"))
}
resp, _, errs = filesCl.GenerateHash(targetFile)
assertResp(t, resp, errs, expectedCodes["GenerateHashTarget"], fmt.Sprintf("%s-%s", desc, "GenerateHashTarget"))
expectedCode = expectedCodes["Download"]
resp, _, errs = filesCl.Download(filePath, map[string]string{}) resp, _, errs = filesCl.Download(filePath, map[string]string{})
if len(errs) > 0 { assertResp(t, resp, errs, expectedCodes["Download"], fmt.Sprintf("%s-%s", desc, "Download"))
t.Fatal(errs)
} else if resp.StatusCode != expectedCode {
t.Fatal(user, resp.StatusCode, expectedCode)
}
if targetFile != "" { if targetFile != "" {
expectedCode = expectedCodes["DownloadTarget"]
resp, _, errs = filesCl.Download(targetFile, map[string]string{}) resp, _, errs = filesCl.Download(targetFile, map[string]string{})
if len(errs) > 0 { assertResp(t, resp, errs, expectedCodes["DownloadTarget"], fmt.Sprintf("%s-%s", desc, "DownloadTarget"))
t.Fatal(errs)
} else if resp.StatusCode != expectedCode {
t.Fatal(user, resp.StatusCode, expectedCode)
}
} }
expectedCode = expectedCodes["Move"]
newPath := filepath.Join(targetPath, "new")
resp, _, errs = filesCl.Move(filePath, newPath) resp, _, errs = filesCl.Move(filePath, newPath)
if len(errs) > 0 { assertResp(t, resp, errs, expectedCodes["Move"], fmt.Sprintf("%s-%s", desc, "Move"))
t.Fatal(errs)
} else if resp.StatusCode != expectedCode {
t.Fatal(user, resp.StatusCode, expectedCode)
}
expectedCode = expectedCodes["Delete"]
resp, _, errs = filesCl.Delete(newPath) resp, _, errs = filesCl.Delete(newPath)
if len(errs) > 0 { assertResp(t, resp, errs, expectedCodes["Delete"], fmt.Sprintf("%s-%s", desc, "Delete"))
t.Fatal(errs)
} else if resp.StatusCode != expectedCode {
t.Fatal(user, resp.StatusCode, expectedCode)
}
if requireAuth { if requireAuth {
resp, _, errs := cl.Logout(token) resp, _, errs := cl.Logout(token)
if len(errs) > 0 { assertResp(t, resp, errs, 200, desc)
t.Fatal(errs)
} else if resp.StatusCode != 200 {
t.Fatal(user, resp.StatusCode, expectedCode)
}
} }
} }
testFileOpPermission("admin", "1234", true, "admin/files", "", map[string]int{ testFileOpPermission("admin", "1234", true, "admin/files", "", map[string]int{
"ListHome": 200, "ListHome": 200,
"ListTarget": 200,
"Create": 200, "Create": 200,
"ListUploadings": 200,
"DelUploading": 200,
"UploadChunk": 200, "UploadChunk": 200,
"UploadStatus": 200, "UploadStatus": 200,
"Metadata": 200, "Metadata": 200,
"MetadataTarget": 200, "MetadataTarget": 200,
"GenerateHash": 200,
"GenerateHashTarget": 400,
"Move": 200, "Move": 200,
"Download": 200, "Download": 200,
"Delete": 200, "Delete": 200,
}) })
testFileOpPermission("user", "1234", true, "user/files", "", map[string]int{ testFileOpPermission("user", "1234", true, "user/files", "", map[string]int{
"ListHome": 200, "ListHome": 200,
"ListTarget": 200,
"Create": 200, "Create": 200,
"ListUploadings": 200,
"DelUploading": 200,
"UploadChunk": 200, "UploadChunk": 200,
"UploadStatus": 200, "UploadStatus": 200,
"Metadata": 200, "Metadata": 200,
"MetadataTarget": 200, "MetadataTarget": 200,
"GenerateHash": 200,
"GenerateHashTarget": 400,
"Move": 200, "Move": 200,
"Download": 200, "Download": 200,
"Delete": 200, "Delete": 200,
}) })
testFileOpPermission("visitor", "", false, "user/files", "", map[string]int{ testFileOpPermission("visitor", "", false, "user/files", "", map[string]int{
"ListHome": 403, "ListHome": 403,
"ListTarget": 403,
"Create": 403, "Create": 403,
"ListUploadings": 403,
"DelUploading": 403,
"UploadChunk": 403, "UploadChunk": 403,
"UploadStatus": 403, "UploadStatus": 403,
"Metadata": 403, "Metadata": 403,
"MetadataTarget": 403, "MetadataTarget": 403,
"GenerateHash": 403,
"GenerateHashTarget": 403,
"Move": 403, "Move": 403,
"Download": 403, "Download": 403,
"Delete": 403, "Delete": 403,
}) })
testFileOpPermission("admin", "1234", true, "user2/files", "", map[string]int{
uploadSample := func() {
cl := client.NewSingleUserClient(addr)
token := &http.Cookie{}
resp, _, errs := cl.Login("user2", "1234")
if len(errs) > 0 {
t.Fatal(errs)
} else if resp.StatusCode != 200 {
t.Fatal(resp.StatusCode)
}
token = client.GetCookie(resp.Cookies(), q.TokenCookie)
assertUploadOK(t, "user2/files/upload", "101", addr, token)
}
uploadSample()
testFileOpPermission("admin", "1234", true, "user2/files", "user2/files/upload", map[string]int{
"ListHome": 200, "ListHome": 200,
"ListTarget": 200,
"Create": 200, "Create": 200,
"ListUploadings": 200,
"DelUploading": 200,
"UploadChunk": 200, "UploadChunk": 200,
"UploadStatus": 200, "UploadStatus": 200,
"Metadata": 200, "Metadata": 200,
"MetadataTarget": 200, "MetadataTarget": 200,
"GenerateHash": 200,
"GenerateHashTarget": 200,
"Move": 200, "Move": 200,
"Download": 200, "Download": 200,
"DownloadTarget": 200,
"Delete": 200, "Delete": 200,
}) })
testFileOpPermission("user", "1234", true, "user2/files", "", map[string]int{ testFileOpPermission("user", "1234", true, "user2/files", "user2/files/upload", map[string]int{
"ListHome": 200, "ListHome": 200,
"ListTarget": 403,
"Create": 403, "Create": 403,
"ListUploadings": 200,
"DelUploading": 500,
"UploadChunk": 403, "UploadChunk": 403,
"UploadStatus": 403, "UploadStatus": 403,
"Metadata": 403, "Metadata": 403,
"MetadataTarget": 403, "MetadataTarget": 403,
"GenerateHash": 403, // target path is not user's home
"GenerateHashTarget": 403,
"Move": 403, "Move": 403,
"Download": 403, "Download": 403,
"DownloadTarget": 403,
"Delete": 403, "Delete": 403,
}) })
@ -619,20 +522,185 @@ func TestPermissions(t *testing.T) {
testFileOpPermission("user", "1234", true, "share/files", "share/files/share", map[string]int{ testFileOpPermission("user", "1234", true, "share/files", "share/files/share", map[string]int{
"ListHome": 200, "ListHome": 200,
"ListTarget": 200,
"Create": 403, "Create": 403,
"ListUploadings": 200,
"DelUploading": 500,
"UploadChunk": 403, "UploadChunk": 403,
"UploadStatus": 403, "UploadStatus": 403,
"Metadata": 403, "Metadata": 403,
"MetadataTarget": 403, "MetadataTarget": 403,
"GenerateHash": 403, // target path is not user's home
"GenerateHashTarget": 403,
"Move": 403, "Move": 403,
"Download": 404, "Download": 404,
"DownloadTarget": 200, "DownloadTarget": 200,
"Delete": 403, "Delete": 403,
// List is not tested })
testShareOpPermission := func(user string, pwd string, requireAuth bool, targetPath string, expectedCodes map[string]int) {
// AddSharing
// DelSharing
// IsSharing
// ListSharings deprecated
// ListSharingIDs
// GetSharingDir
cl := client.NewSingleUserClient(addr)
token := &http.Cookie{}
homePath := "/"
desc := user
if requireAuth {
resp, _, errs := cl.Login(user, pwd)
assertResp(t, resp, errs, 200, desc)
token = client.GetCookie(resp.Cookies(), q.TokenCookie)
}
filesCl := client.NewFilesClient(addr, token)
if requireAuth {
resp, lhResp, errs := filesCl.ListHome()
assertResp(t, resp, errs, 200, desc)
homePath = lhResp.Cwd
}
resp, _, errs := filesCl.AddSharing(homePath)
assertResp(t, resp, errs, expectedCodes["AddSharing"], desc)
resp, _, errs = filesCl.AddSharing(targetPath)
assertResp(t, resp, errs, expectedCodes["AddSharingTarget"], desc)
resp, _, errs = filesCl.IsSharing(homePath)
assertResp(t, resp, errs, expectedCodes["IsSharing"], desc)
resp, _, errs = filesCl.IsSharing(targetPath)
assertResp(t, resp, errs, expectedCodes["IsSharingTarget"], desc)
resp, lsResp, errs := filesCl.ListSharingIDs()
assertResp(t, resp, errs, expectedCodes["ListSharingIDs"], desc)
shareID := ""
if len(lsResp.IDs) == 0 && requireAuth {
t.Fatalf("sharing is not added: %s", desc)
} else if len(lsResp.IDs) > 0 {
for _, id := range lsResp.IDs {
shareID = id
break
}
}
// TODO: visitor accessing is not tested
resp, _, errs = filesCl.GetSharingDir(shareID)
assertResp(t, resp, errs, expectedCodes["GetSharingDir"], desc)
resp, _, errs = filesCl.DelSharing(homePath)
assertResp(t, resp, errs, expectedCodes["DelSharing"], desc)
resp, _, errs = filesCl.DelSharing(targetPath)
assertResp(t, resp, errs, expectedCodes["DelSharingTarget"], desc)
}
testShareOpPermission("admin", "1234", true, "user2/files", map[string]int{
"AddSharing": 200,
"AddSharingTarget": 200,
"IsSharing": 200,
"IsSharingTarget": 200, // sharing is added by admin
"ListSharingIDs": 200,
"GetSharingDir": 200,
"DelSharing": 200,
"DelSharingTarget": 200, // it returns 200 even it is not in sharing
})
testShareOpPermission("user", "1234", true, "user2/files", map[string]int{
"AddSharing": 200,
"AddSharingTarget": 403,
"IsSharing": 200,
"IsSharingTarget": 404, // sharing is deleted by admin
"ListSharingIDs": 200,
"GetSharingDir": 200,
"DelSharing": 200,
"DelSharingTarget": 403,
})
testShareOpPermission("visitor", "", false, "user2/files", map[string]int{
"AddSharing": 403,
"AddSharingTarget": 403,
"IsSharing": 404,
"IsSharingTarget": 404,
"ListSharingIDs": 403,
"GetSharingDir": 400,
"DelSharing": 403,
"DelSharingTarget": 403,
}) })
}) })
t.Run("Settings API Permissions", func(t *testing.T) { t.Run("Settings API Permissions", func(t *testing.T) {
testSettingsOpPermission := func(user string, pwd string, requireAuth bool, expectedCodes map[string]int) {
// Health
// GetClientCfg
// SetClientCfg
// ReportErrors
cl := client.NewSingleUserClient(addr)
token := &http.Cookie{}
desc := user
errReports := &settings.ClientErrorReports{
Reports: []*settings.ClientErrorReport{
&settings.ClientErrorReport{
Report: "report1",
Version: "v1",
},
&settings.ClientErrorReport{
Report: "report2",
Version: "v2",
},
},
}
if requireAuth {
resp, _, errs := cl.Login(user, pwd)
assertResp(t, resp, errs, 200, desc)
token = client.GetCookie(resp.Cookies(), q.TokenCookie)
}
settingsCl := client.NewSettingsClient(addr)
resp, _, errs := settingsCl.Health()
assertResp(t, resp, errs, expectedCodes["Health"], fmt.Sprintf("%s-%s", desc, "Health"))
resp, gccResp, errs := settingsCl.GetClientCfg(token)
assertResp(t, resp, errs, expectedCodes["GetClientCfg"], fmt.Sprintf("%s-%s", desc, "GetClientCfg"))
clientCfg := gccResp
clientCfg.SiteName = "new site name"
resp, _, errs = settingsCl.SetClientCfg(clientCfg, token)
assertResp(t, resp, errs, expectedCodes["SetClientCfg"], fmt.Sprintf("%s-%s", desc, "SetClientCfg"))
resp, _, errs = settingsCl.ReportErrors(errReports, token)
assertResp(t, resp, errs, expectedCodes["ReportErrors"], fmt.Sprintf("%s-%s", desc, "ReportErrors"))
}
testSettingsOpPermission("admin", "1234", true, map[string]int{
"Health": 200,
"GetClientCfg": 200,
"SetClientCfg": 200,
"ReportErrors": 200,
})
testSettingsOpPermission("user", "1234", true, map[string]int{
"Health": 200,
"GetClientCfg": 200,
"SetClientCfg": 403,
"ReportErrors": 200,
})
testSettingsOpPermission("visitor", "", false, map[string]int{
"Health": 200,
"GetClientCfg": 200,
"SetClientCfg": 403,
"ReportErrors": 403,
})
}) })
} }

8
src/server/test_helpers.go
View file

@ -212,3 +212,11 @@ func assertDownloadOK(t *testing.T, filePath, content, addr string, token *http.
return true return true
} }
func assertResp(t *testing.T, resp *http.Response, errs []error, expectedCode int, desc string) {
if len(errs) > 0 {
t.Fatal(errs)
} else if resp.StatusCode != expectedCode {
t.Fatal(desc, resp.StatusCode, expectedCode)
}
}

BIN
src/server/testdata/test_quickshare.db vendored
View file

Binary file not shown.