doesnm/quickshare
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
quickshare/src/server/server_permission_test.go
hexxa ce77eb7534 test(server): fix bugs and tests
2022-09-25 12:14:55 +08:00

792 lines
25 KiB
Go
Raw Blame History

package server
import (
"encoding/base64"
"fmt"
"net/http"
"os"
"path/filepath"
"strconv"
"testing"
"github.com/ihexxa/quickshare/src/client"
"github.com/ihexxa/quickshare/src/db"
q "github.com/ihexxa/quickshare/src/handlers"
"github.com/ihexxa/quickshare/src/handlers/settings"
)
func TestPermissions(t *testing.T) {
addr := "http://127.0.0.1:8686"
rootPath := "tmpTestData"
config := `{
"users": {
"enableAuth": true,
"minUserNameLen": 2,
"minPwdLen": 4,
"captchaEnabled": false,
"uploadSpeedLimit": 409600,
"downloadSpeedLimit": 409600,
"spaceLimit": 1000,
"limiterCapacity": 1000,
"limiterCyc": 1000,
"predefinedUsers": [
{
"name": "admin",
"pwd": "1234",
"role": "admin"
},
{
"name": "admin2",
"pwd": "1234",
"role": "admin"
},
{
"name": "user",
"pwd": "1234",
"role": "user"
},
{
"name": "user2",
"pwd": "1234",
"role": "user"
},
{
"name": "share",
"pwd": "1234",
"role": "user"
}
]
},
"server": {
"debug": true,
"host": "127.0.0.1"
},
"fs": {
"root": "tmpTestData"
},
"db": {
"dbPath": "tmpTestData/quickshare"
}
}`
adminName := "qs"
adminPwd := "quicksh@re"
setUpEnv(t, rootPath, adminName, adminPwd)
defer os.RemoveAll(rootPath)
srv := startTestServer(config)
defer srv.Shutdown()
if !isServerReady(addr) {
t.Fatal("fail to start server")
}
// tests only check the status code for checking permission
t.Run("users API authz tests", func(t *testing.T) {
// Login
// SetPwd
// Self
// SetPreferences
// IsAuthed
// AddUser
// AddUser
// ListUsers
// ForceSetPwd
// ForceSetPwdOther
// ForceSetPwdOtherAdmin
// SetUserSelf
// SetUserOthers
// SetUserOthers
// DelUser
// AddRole
// ListRoles
// DelRole
// Logout
testUsersAPIs := func(desc, user string, pwd string, requireAuth bool, expectedCodes map[string]int) {
newPwd := "12345"
newRole := db.AdminRole
newQuota := &db.Quota{
SpaceLimit: int64(2046),
UploadSpeedLimit: int(8 * 1024 * 1024),
DownloadSpeedLimit: int(8 * 1024 * 1024),
}
tmpUser, tmpPwd, tmpRole := "tmpUser", "1234", "user"
tmpAdmin, tmpAdminPwd := "tmpAdmin", "1234"
// tmpNewRole := "tmpNewRole"
cl := client.NewUsersClient(addr)
// token := &http.Cookie{}
if requireAuth {
resp, _, errs := cl.Login(user, pwd)
assertResp(t, resp, errs, 200, desc)
// token = client.GetCookie(resp.Cookies(), q.TokenCookie)
// token = cl.Token()
} else {
resp, _, errs := cl.Login(user, pwd)
assertResp(t, resp, errs, 403, desc)
}
resp, _, errs := cl.SetPwd(pwd, newPwd)
assertResp(t, resp, errs, expectedCodes["SetPwd"], fmt.Sprintf("%s-%s", desc, "SetPwd"))
// set back the password
resp, _, errs = cl.SetPwd(newPwd, pwd)
assertResp(t, resp, errs, expectedCodes["SetPwd"], fmt.Sprintf("%s-%s", desc, "SetPwd"))
resp, selfResp, errs := cl.Self()
assertResp(t, resp, errs, expectedCodes["Self"], fmt.Sprintf("%s-%s", desc, "Self"))
prefer := selfResp.Preferences
resp, _, errs = cl.SetPreferences(prefer)
assertResp(t, resp, errs, expectedCodes["SetPreferences"], fmt.Sprintf("%s-%s", desc, "SetPreferences"))
resp, _, errs = cl.IsAuthed()
assertResp(t, resp, errs, expectedCodes["IsAuthed"], fmt.Sprintf("%s-%s", desc, "IsAuthed"))
// user management
resp, addUserResp, errs := cl.AddUser(tmpUser, tmpPwd, tmpRole)
assertResp(t, resp, errs, expectedCodes["AddUser"], fmt.Sprintf("%s-%s", desc, "AddUser"))
resp, addAdminResp, errs := cl.AddUser(tmpAdmin, tmpAdminPwd, db.AdminRole)
assertResp(t, resp, errs, expectedCodes["AddUser"], fmt.Sprintf("%s-%s", desc, "AddUser"))
resp, _, errs = cl.ListUsers()
assertResp(t, resp, errs, expectedCodes["ListUsers"], fmt.Sprintf("%s-%s", desc, "ListUsers"))
// TODO: the id here should be uint64
tmpUserID := uint64(12345)
var err error
if addUserResp.ID != "" {
tmpUserID, err = strconv.ParseUint(addUserResp.ID, 10, 64)
if err != nil {
t.Fatal(err)
}
}
userID := uint64(12345)
if selfResp.ID != "" {
userID, err = strconv.ParseUint(selfResp.ID, 10, 64)
if err != nil {
t.Fatal(err)
}
}
tmpAdminID := uint64(12345)
if addAdminResp.ID != "" {
tmpAdminID, err = strconv.ParseUint(addAdminResp.ID, 10, 64)
if err != nil {
t.Fatal(err)
}
}
resp, _, errs = cl.ForceSetPwd(selfResp.ID, newPwd)
assertResp(t, resp, errs, expectedCodes["ForceSetPwd"], fmt.Sprintf("%s-%s", desc, "ForceSetPwd"))
resp, _, errs = cl.ForceSetPwd(selfResp.ID, pwd)
assertResp(t, resp, errs, expectedCodes["ForceSetPwd"], fmt.Sprintf("%s-%s", desc, "ForceSetPwdBack"))
resp, _, errs = cl.ForceSetPwd(addUserResp.ID, newPwd)
assertResp(t, resp, errs, expectedCodes["ForceSetPwdOther"], fmt.Sprintf("%s-%s", desc, "ForceSetPwdOther"))
resp, _, errs = cl.ForceSetPwd(addUserResp.ID, pwd)
assertResp(t, resp, errs, expectedCodes["ForceSetPwdOther"], fmt.Sprintf("%s-%s", desc, "ForceSetPwdOtherBack"))
resp, _, errs = cl.ForceSetPwd(addAdminResp.ID, newPwd)
assertResp(t, resp, errs, expectedCodes["ForceSetPwdOtherAdmin"], fmt.Sprintf("%s-%s", desc, "ForceSetPwdOtherAdmin"))
// update self
resp, _, errs = cl.SetUser(userID, newRole, newQuota)
assertResp(t, resp, errs, expectedCodes["SetUserSelf"], fmt.Sprintf("%s-%s", desc, "SetUserSelf"))
// update other users
resp, _, errs = cl.SetUser(tmpUserID, db.AdminRole, newQuota)
assertResp(t, resp, errs, expectedCodes["SetUserOthers"], fmt.Sprintf("%s-%s", desc, "SetUserOthers"))
resp, _, errs = cl.SetUser(tmpAdminID, db.UserRole, newQuota)
assertResp(t, resp, errs, expectedCodes["SetUserOthersAdmin"], fmt.Sprintf("%s-%s", desc, "SetUserOthersAdmin"))
resp, _, errs = cl.DelUser(addUserResp.ID)
assertResp(t, resp, errs, expectedCodes["DelUser"], fmt.Sprintf("%s-%s", desc, "DelUser"))
resp, _, errs = cl.DelUser(addAdminResp.ID)
assertResp(t, resp, errs, expectedCodes["DelUserAdmin"], fmt.Sprintf("%s-%s", desc, "DelUserAdmin"))
// role management
// resp, _, errs = cl.AddRole(tmpNewRole)
// assertResp(t, resp, errs, expectedCodes["AddRole"], fmt.Sprintf("%s-%s", desc, "AddRole"))
// resp, _, errs = cl.ListRoles()
// assertResp(t, resp, errs, expectedCodes["ListRoles"], fmt.Sprintf("%s-%s", desc, "ListRoles"))
// resp, _, errs = cl.DelRole(tmpNewRole)
// assertResp(t, resp, errs, expectedCodes["DelRole"], fmt.Sprintf("%s-%s", desc, "DelRole"))
if requireAuth {
resp, _, errs := cl.Logout()
assertResp(t, resp, errs, 200, fmt.Sprintf("%s-%s", desc, "logout"))
} else {
resp, _, errs := cl.Logout()
assertResp(t, resp, errs, 403, fmt.Sprintf("%s-%s", desc, "logout"))
}
}
testUsersAPIs("admin user operations", "admin", "1234", true, map[string]int{
"SetPwd": 200,
"Self": 200,
"SetPreferences": 200,
"IsAuthed": 200,
"AddUser": 200,
"ListUsers": 200,
"ForceSetPwd": 403, // force setting admin's password is not allowed
"ForceSetPwdOther": 200,
"ForceSetPwdOtherAdmin": 403,
"SetUserSelf": 200,
"SetUserOthers": 200,
"SetUserOthersAdmin": 200,
"DelUser": 200,
"DelUserAdmin": 200,
"AddRole": 200,
"ListRoles": 200,
"DelRole": 200,
})
testUsersAPIs("user user operations", "user", "1234", true, map[string]int{
"SetPwd": 200,
"Self": 200,
"SetPreferences": 200,
"IsAuthed": 200,
"AddUser": 403,
"ListUsers": 403,
"ForceSetPwd": 403,
"ForceSetPwdOther": 403,
"ForceSetPwdOtherAdmin": 403,
"SetUserSelf": 403,
"SetUserOthers": 403,
"SetUserOthersAdmin": 403,
"DelUser": 403,
"DelUserAdmin": 403,
"AddRole": 403,
"ListRoles": 403,
"DelRole": 403,
})
testUsersAPIs("visitor user operations", "visitor", "", false, map[string]int{
"SetPwd": 403,
"Self": 403,
"SetPreferences": 403,
"IsAuthed": 403,
"AddUser": 403,
"ListUsers": 403,
"ForceSetPwd": 403,
"ForceSetPwdOther": 403,
"ForceSetPwdOtherAdmin": 403,
"SetUserSelf": 403,
"SetUserOthers": 403,
"SetUserOthersAdmin": 403,
"DelUser": 403,
"DelUserAdmin": 403,
"AddRole": 403,
"ListRoles": 403,
"DelRole": 403,
})
})
t.Run("files operation API authz tests", func(t *testing.T) {
testFolderOpPermission := func(desc, user string, pwd string, requireAuth bool, targetPaths []string, expectedCodes map[string]int) {
// ListHome
// List
// ListTarget
// Mkdir
// Move
cl := client.NewUsersClient(addr)
token := &http.Cookie{}
if requireAuth {
resp, _, errs := cl.Login(user, pwd)
assertResp(t, resp, errs, 200, desc)
token = client.GetCookie(resp.Cookies(), q.TokenCookie)
}
filesCl := client.NewFilesClient(addr, token)
resp, lhResp, errs := filesCl.ListHome()
assertResp(t, resp, errs, expectedCodes["ListHome"], fmt.Sprintf("%s-%s", desc, "ListHome"))
homePath := lhResp.Cwd
if !requireAuth {
homePath = "/"
}
testPath := filepath.Join(lhResp.Cwd, "test")
newPath := filepath.Join(lhResp.Cwd, "test2")
resp, _, errs = filesCl.List(homePath)
assertResp(t, resp, errs, expectedCodes["List"], fmt.Sprintf("%s-%s", desc, "List"))
for _, itemPath := range targetPaths {
resp, _, errs = filesCl.List(itemPath)
assertResp(t, resp, errs, expectedCodes["ListTarget"], fmt.Sprintf("%s-%s", desc, "ListTarget"))
}
resp, _, errs = filesCl.Mkdir(testPath)
assertResp(t, resp, errs, expectedCodes["Mkdir"], fmt.Sprintf("%s-%s", desc, "Mkdir"))
for _, itemPath := range targetPaths {
resp, _, errs = filesCl.Mkdir(filepath.Join(itemPath, "test"))
assertResp(t, resp, errs, expectedCodes["MkdirTarget"], fmt.Sprintf("%s-%s", desc, "MkdirTarget"))
}
resp, _, errs = filesCl.Move(testPath, newPath)
assertResp(t, resp, errs, expectedCodes["Move"], fmt.Sprintf("%s-%s", desc, "Move"))
for i, srcDir := range targetPaths {
srcPath := filepath.Join(srcDir, "test")
dstPath := filepath.Join(homePath, fmt.Sprintf("folder_%d", i))
resp, _, errs = filesCl.Move(srcPath, dstPath)
assertResp(t, resp, errs, expectedCodes["MoveFrom"], fmt.Sprintf("%s-%s", desc, "MoveFrom"))
}
if requireAuth {
resp, _, errs := cl.Logout()
assertResp(t, resp, errs, 200, desc)
}
}
targetPaths := []string{
"/",
"admin2/",
"admin2/files",
"user2/",
"user2/files",
}
testFolderOpPermission("admin folder operations", "admin", "1234", true, targetPaths, map[string]int{
"ListHome": 200,
"List": 200,
"ListTarget": 200,
"Mkdir": 200,
"MkdirTarget": 200,
"Move": 200,
"MoveFrom": 200,
})
testFolderOpPermission("user folder operations", "user", "1234", true, targetPaths, map[string]int{
"ListHome": 200,
"List": 200,
"ListTarget": 403,
"Mkdir": 200,
"MkdirTarget": 403,
"Move": 200,
"MoveFrom": 403,
})
testFolderOpPermission("visitor folder operations", "visitor", "", false, targetPaths, map[string]int{
"ListHome": 403,
"List": 403,
"ListTarget": 403,
"Mkdir": 403,
"MkdirTarget": 403,
"Move": 403,
"MoveFrom": 403,
})
uploadSample := func() {
cl := client.NewUsersClient(addr)
token := &http.Cookie{}
resp, _, errs := cl.Login("user2", "1234")
if len(errs) > 0 {
t.Fatal(errs)
} else if resp.StatusCode != 200 {
t.Fatal(resp.StatusCode)
}
token = client.GetCookie(resp.Cookies(), q.TokenCookie)
assertUploadOK(t, "user2/files/upload", "101", addr, token)
}
uploadSample()
// test file operations in targetPath with targetFile
testFileOpPermission := func(desc, user string, pwd string, requireAuth bool, targetPath, targetFile string, expectedCodes map[string]int) {
// Create
// UploadChunk
// UploadStatus
// Metadata
// Move
// Download
// Delete
// ListUploadings
// DelUploading
// GenerateHash
// Search
cl := client.NewUsersClient(addr)
token := &http.Cookie{}
if requireAuth {
resp, _, errs := cl.Login(user, pwd)
if len(errs) > 0 {
t.Fatal(errs)
} else if resp.StatusCode != 200 {
t.Fatal(resp.StatusCode)
}
token = client.GetCookie(resp.Cookies(), q.TokenCookie)
}
filesCl := client.NewFilesClient(addr, token)
resp, lhResp, errs := filesCl.ListHome()
assertResp(t, resp, errs, expectedCodes["ListHome"], fmt.Sprintf("%s-%s", desc, "ListHome"))
resp, _, errs = filesCl.List(targetPath)
assertResp(t, resp, errs, expectedCodes["ListTarget"], fmt.Sprintf("%s-%s", desc, "ListTarget"))
fileContent := []byte("01010")
fileSize := int64(len(fileContent))
base64Content := base64.StdEncoding.EncodeToString([]byte(fileContent))
filePath := filepath.Join(lhResp.Cwd, "old")
homeNewPath := filepath.Join(lhResp.Cwd, "new")
targetPathFile := filepath.Join(targetPath, user)
resp, _, errs = filesCl.Create(filePath, fileSize)
assertResp(t, resp, errs, expectedCodes["Create"], fmt.Sprintf("%s-%s", desc, "Create1"))
resp, _, errs = filesCl.Create(targetPathFile, fileSize)
assertResp(t, resp, errs, expectedCodes["CreateTarget"], fmt.Sprintf("%s-%s", desc, "CreateTarget"))
resp, _, errs = filesCl.UploadStatus(filePath)
assertResp(t, resp, errs, expectedCodes["UploadStatus"], fmt.Sprintf("%s-%s", desc, "UploadStatus"))
resp, _, errs = filesCl.UploadStatus(targetPathFile)
assertResp(t, resp, errs, expectedCodes["UploadStatusTarget"], fmt.Sprintf("%s-%s", desc, "UploadStatusTarget"))
resp, _, errs = filesCl.ListUploadings()
assertResp(t, resp, errs, expectedCodes["ListUploadings"], fmt.Sprintf("%s-%s", desc, "ListUploadings"))
resp, _, errs = filesCl.DelUploading(filePath)
assertResp(t, resp, errs, expectedCodes["DelUploading"], fmt.Sprintf("%s-%s", desc, "DelUploading"))
resp, _, errs = filesCl.DelUploading(targetPathFile)
assertResp(t, resp, errs, expectedCodes["DelUploadingTarget"], fmt.Sprintf("%s-%s", desc, "DelUploadingTarget"))
// create again
resp, _, errs = filesCl.Create(filePath, fileSize)
assertResp(t, resp, errs, expectedCodes["Create"], fmt.Sprintf("%s-%s", desc, "Create2"))
resp, _, errs = filesCl.Create(targetPathFile, fileSize)
assertResp(t, resp, errs, expectedCodes["CreateTarget"], fmt.Sprintf("%s-%s", desc, "CreateTarget"))
resp, _, errs = filesCl.UploadChunk(filePath, base64Content, 0)
assertResp(t, resp, errs, expectedCodes["UploadChunk"], fmt.Sprintf("%s-%s", desc, "UploadChunk"))
resp, _, errs = filesCl.UploadChunk(targetPathFile, base64Content, 0)
assertResp(t, resp, errs, expectedCodes["UploadChunkTarget"], fmt.Sprintf("%s-%s", desc, "UploadChunkTarget"))
resp, _, errs = filesCl.Metadata(filePath)
assertResp(t, resp, errs, expectedCodes["Metadata"], fmt.Sprintf("%s-%s", desc, "Metadata"))
resp, _, errs = filesCl.Metadata(targetPath)
assertResp(t, resp, errs, expectedCodes["MetadataTarget"], fmt.Sprintf("%s-%s", desc, "MetadataTarget"))
resp, _, errs = filesCl.GenerateHash(filePath)
assertResp(t, resp, errs, expectedCodes["GenerateHash"], fmt.Sprintf("%s-%s", desc, "GenerateHash"))
resp, _, errs = filesCl.GenerateHash(targetPathFile)
assertResp(t, resp, errs, expectedCodes["GenerateHashTarget"], fmt.Sprintf("%s-%s", desc, "GenerateHashTarget"))
resp, _, errs = filesCl.Download(filePath, map[string]string{})
assertResp(t, resp, errs, expectedCodes["Download"], fmt.Sprintf("%s-%s", desc, "Download"))
resp, _, errs = filesCl.Download(targetPathFile, map[string]string{})
assertResp(t, resp, errs, expectedCodes["DownloadTarget"], fmt.Sprintf("%s-%s", desc, "DownloadTarget"))
if targetFile != "" {
resp, _, errs = filesCl.Download(targetFile, map[string]string{})
assertResp(t, resp, errs, expectedCodes["DownloadTargetFile"], fmt.Sprintf("%s-%s", desc, "DownloadTarget"))
}
resp, _, errs = filesCl.Move(filePath, homeNewPath)
assertResp(t, resp, errs, expectedCodes["Move"], fmt.Sprintf("%s-%s", desc, "Move"))
// move target is already tested
resp, _, errs = filesCl.Delete(homeNewPath)
assertResp(t, resp, errs, expectedCodes["Delete"], fmt.Sprintf("%s-%s", desc, "Delete"))
resp, _, errs = filesCl.Delete(targetPathFile)
assertResp(t, resp, errs, expectedCodes["DeleteTarget"], fmt.Sprintf("%s-%s", desc, "DeleteTarget"))
resp, _, errs = filesCl.SearchItems([]string{targetPathFile})
assertResp(t, resp, errs, expectedCodes["SearchTarget"], fmt.Sprintf("%s-%s", desc, "SearchTarget"))
if requireAuth {
resp, _, errs := cl.Logout()
assertResp(t, resp, errs, 200, desc)
}
}
testFileOpPermission("admin file operations", "admin", "1234", true, "user2/files", "", map[string]int{
"ListHome": 200,
"ListTarget": 200,
"Create": 200,
"CreateTarget": 200,
"ListUploadings": 200,
"DelUploading": 200,
"DelUploadingTarget": 200,
"UploadChunk": 200,
"UploadChunkTarget": 200,
"UploadStatus": 200,
"UploadStatusTarget": 200,
"Metadata": 200,
"MetadataTarget": 200,
"GenerateHash": 200,
"GenerateHashTarget": 200,
"Move": 200,
"Download": 200,
"DownloadTarget": 200,
"Delete": 200,
"DeleteTarget": 200,
"SearchTarget": 200,
})
testFileOpPermission("user file operations", "user", "1234", true, "user2/files", "", map[string]int{
"ListHome": 200,
"ListTarget": 403,
"Create": 200,
"CreateTarget": 403,
"ListUploadings": 200,
"DelUploading": 200,
"DelUploadingTarget": 403,
"UploadChunk": 200,
"UploadChunkTarget": 403,
"UploadStatus": 200,
"UploadStatusTarget": 403,
"Metadata": 200,
"MetadataTarget": 403,
"GenerateHash": 200,
"GenerateHashTarget": 403,
"Move": 200,
"Download": 200,
"DownloadTarget": 403,
"Delete": 200,
"DeleteTarget": 403,
"SearchTarget": 200,
})
testFileOpPermission("visitor file operations", "visitor", "", false, "user2/files", "", map[string]int{
"ListHome": 403,
"ListTarget": 403,
"Create": 403,
"CreateTarget": 403,
"ListUploadings": 403,
"DelUploading": 403,
"DelUploadingTarget": 403,
"UploadChunk": 403,
"UploadChunkTarget": 403,
"UploadStatus": 403,
"UploadStatusTarget": 403,
"Metadata": 403,
"MetadataTarget": 403,
"GenerateHash": 403,
"GenerateHashTarget": 403,
"Move": 403,
"Download": 403,
"DownloadTarget": 403,
"Delete": 403,
"DeleteTarget": 403,
"SearchTarget": 403,
})
// sharing permission tests
enableSharing := func() {
cl := client.NewUsersClient(addr)
token := &http.Cookie{}
resp, _, errs := cl.Login("share", "1234")
if len(errs) > 0 {
t.Fatal(errs)
} else if resp.StatusCode != 200 {
t.Fatal(resp.StatusCode)
}
token = client.GetCookie(resp.Cookies(), q.TokenCookie)
filesCl := client.NewFilesClient(addr, token)
resp, _, errs = filesCl.AddSharing("share/files")
if len(errs) > 0 {
t.Fatal(errs)
} else if resp.StatusCode != 200 {
t.Fatal(resp.StatusCode)
}
assertUploadOK(t, "share/files/share", "101", addr, token)
}
enableSharing()
testFileOpPermission("user file operations in sharing", "user", "1234", true, "share/files", "share/files/share", map[string]int{
"ListHome": 200,
"ListTarget": 200,
"Create": 200,
"CreateTarget": 403,
"ListUploadings": 200,
"DelUploading": 200,
"DelUploadingTarget": 403,
"UploadChunk": 200,
"UploadChunkTarget": 403,
"UploadStatus": 200,
"UploadStatusTarget": 403,
"Metadata": 200,
"MetadataTarget": 403,
"GenerateHash": 200,
"GenerateHashTarget": 403,
"Move": 200,
"Download": 200,
"DownloadTarget": 404, // uploading file to sharing folder is not allowd
"DownloadTargetFile": 200,
"Delete": 200,
"DeleteTarget": 403,
"SearchTarget": 200,
})
testShareOpPermission := func(user string, pwd string, requireAuth bool, targetPath string, expectedCodes map[string]int) {
// AddSharing
// DelSharing
// IsSharing
// ListSharings deprecated
// ListSharingIDs
// GetSharingDir
cl := client.NewUsersClient(addr)
token := &http.Cookie{}
homePath := "/"
desc := user
if requireAuth {
resp, _, errs := cl.Login(user, pwd)
assertResp(t, resp, errs, 200, desc)
token = client.GetCookie(resp.Cookies(), q.TokenCookie)
}
filesCl := client.NewFilesClient(addr, token)
if requireAuth {
resp, lhResp, errs := filesCl.ListHome()
assertResp(t, resp, errs, 200, desc)
homePath = lhResp.Cwd
}
resp, _, errs := filesCl.AddSharing(homePath)
assertResp(t, resp, errs, expectedCodes["AddSharing"], desc)
resp, _, errs = filesCl.AddSharing(targetPath)
assertResp(t, resp, errs, expectedCodes["AddSharingTarget"], desc)
resp, _, errs = filesCl.IsSharing(homePath)
assertResp(t, resp, errs, expectedCodes["IsSharing"], desc)
resp, _, errs = filesCl.IsSharing(targetPath)
assertResp(t, resp, errs, expectedCodes["IsSharingTarget"], desc)
resp, lsResp, errs := filesCl.ListSharingIDs()
assertResp(t, resp, errs, expectedCodes["ListSharingIDs"], desc)
shareID := ""
if len(lsResp.IDs) == 0 && requireAuth {
t.Fatalf("sharing is not added: %s", desc)
} else if len(lsResp.IDs) > 0 {
for _, id := range lsResp.IDs {
shareID = id
break
}
}
// TODO: visitor accessing is not tested
resp, _, errs = filesCl.GetSharingDir(shareID)
assertResp(t, resp, errs, expectedCodes["GetSharingDir"], desc)
resp, _, errs = filesCl.DelSharing(homePath)
assertResp(t, resp, errs, expectedCodes["DelSharing"], desc)
resp, _, errs = filesCl.DelSharing(targetPath)
assertResp(t, resp, errs, expectedCodes["DelSharingTarget"], desc)
}
testShareOpPermission("admin", "1234", true, "user2/files", map[string]int{
"AddSharing": 200,
"AddSharingTarget": 200,
"IsSharing": 200,
"IsSharingTarget": 200, // sharing is added by admin
"ListSharingIDs": 200,
"GetSharingDir": 200,
"DelSharing": 200,
"DelSharingTarget": 200, // it returns 200 even it is not in sharing
})
testShareOpPermission("user", "1234", true, "user2/files", map[string]int{
"AddSharing": 200,
"AddSharingTarget": 403,
"IsSharing": 200,
"IsSharingTarget": 404, // sharing is deleted in previous test...
"ListSharingIDs": 200,
"GetSharingDir": 200,
"DelSharing": 200,
"DelSharingTarget": 403,
})
testShareOpPermission("visitor", "", false, "user2/files", map[string]int{
"AddSharing": 403,
"AddSharingTarget": 403,
"IsSharing": 404,
"IsSharingTarget": 404, // sharing is deleted in previous test...
"ListSharingIDs": 403,
"GetSharingDir": 400,
"DelSharing": 403,
"DelSharingTarget": 403,
})
})
t.Run("Settings API Permissions", func(t *testing.T) {
testSettingsOpPermission := func(user string, pwd string, requireAuth bool, expectedCodes map[string]int) {
// Health
// GetClientCfg
// SetClientCfg
// ReportErrors
cl := client.NewUsersClient(addr)
token := &http.Cookie{}
desc := user
errReports := &settings.ClientErrorReports{
Reports: []*settings.ClientErrorReport{
&settings.ClientErrorReport{
Report: "report1",
Version: "v1",
},
&settings.ClientErrorReport{
Report: "report2",
Version: "v2",
},
},
}
if requireAuth {
resp, _, errs := cl.Login(user, pwd)
assertResp(t, resp, errs, 200, desc)
token = client.GetCookie(resp.Cookies(), q.TokenCookie)
}
settingsCl := client.NewSettingsClient(addr, token)
resp, _, errs := settingsCl.Health()
assertResp(t, resp, errs, expectedCodes["Health"], fmt.Sprintf("%s-%s", desc, "Health"))
resp, gccResp, errs := settingsCl.GetClientCfg()
assertResp(t, resp, errs, expectedCodes["GetClientCfg"], fmt.Sprintf("%s-%s", desc, "GetClientCfg"))
clientCfgMsg := gccResp
clientCfgMsg.ClientCfg.SiteName = "new name"
resp, _, errs = settingsCl.SetClientCfg(clientCfgMsg)
assertResp(t, resp, errs, expectedCodes["SetClientCfg"], fmt.Sprintf("%s-%s", desc, "SetClientCfg"))
resp, _, errs = settingsCl.ReportErrors(errReports)
assertResp(t, resp, errs, expectedCodes["ReportErrors"], fmt.Sprintf("%s-%s", desc, "ReportErrors"))
}
testSettingsOpPermission("admin", "1234", true, map[string]int{
"Health": 200,
"GetClientCfg": 200,
"SetClientCfg": 200,
"ReportErrors": 200,
})
testSettingsOpPermission("user", "1234", true, map[string]int{
"Health": 200,
"GetClientCfg": 200,
"SetClientCfg": 403,
"ReportErrors": 200,
})
testSettingsOpPermission("visitor", "", false, map[string]int{
"Health": 200,
"GetClientCfg": 200,
"SetClientCfg": 403,
"ReportErrors": 403,
})
})
}
Reference in a new issue View git blame Copy permalink