From 14f590a6a765d9fbe53e2f7bacb5d9f6d7cb9063 Mon Sep 17 00:00:00 2001 From: Greg Steuck Date: Wed, 28 Jul 2021 10:44:02 -0700 Subject: dashboard/app: chop off auth so it can be reused in syz-hub --- dashboard/app/api.go | 27 +++++++++++++++++++ dashboard/app/api_test.go | 65 ++++++++++++++++++++++++++++++++++++++++++++++ dashboard/app/auth.go | 27 ------------------- dashboard/app/auth_test.go | 57 ---------------------------------------- 4 files changed, 92 insertions(+), 84 deletions(-) create mode 100644 dashboard/app/api_test.go diff --git a/dashboard/app/api.go b/dashboard/app/api.go index dad31c3df..748d7abb2 100644 --- a/dashboard/app/api.go +++ b/dashboard/app/api.go @@ -1346,3 +1346,30 @@ func GetEmails(r dashapi.Recipients, filter dashapi.RecipientType) []string { sort.Strings(emails) return emails } + +// Verifies that the given credentials are acceptable and returns the +// corresponding namespace. +func checkClient(conf *GlobalConfig, name0, secretPassword, oauthSubject string) (string, error) { + checkAuth := func(ns, a string) (string, error) { + if strings.HasPrefix(a, oauthMagic) && a == oauthSubject { + return ns, nil + } + if a != secretPassword { + return ns, ErrAccess + } + return ns, nil + } + for name, authenticator := range conf.Clients { + if name == name0 { + return checkAuth("", authenticator) + } + } + for ns, cfg := range conf.Namespaces { + for name, authenticator := range cfg.Clients { + if name == name0 { + return checkAuth(ns, authenticator) + } + } + } + return "", ErrAccess +} diff --git a/dashboard/app/api_test.go b/dashboard/app/api_test.go new file mode 100644 index 000000000..8d63ce7a7 --- /dev/null +++ b/dashboard/app/api_test.go @@ -0,0 +1,65 @@ +// Copyright 2017 syzkaller project authors. All rights reserved. +// Use of this source code is governed by Apache 2 LICENSE that can be found in the LICENSE file. + +package main + +import ( + "testing" +) + +func TestClientSecretOK(t *testing.T) { + got, err := checkClient(&GlobalConfig{ + Clients: map[string]string{ + "user": "secr1t", + }, + }, "user", "secr1t", "") + if err != nil || got != "" { + t.Errorf("Unexpected error %v %v", got, err) + } +} + +func TestClientOauthOK(t *testing.T) { + got, err := checkClient(&GlobalConfig{ + Clients: map[string]string{ + "user": "OauthSubject:public", + }, + }, "user", "", "OauthSubject:public") + if err != nil || got != "" { + t.Errorf("Unexpected error %v %v", got, err) + } +} + +func TestClientSecretFail(t *testing.T) { + got, err := checkClient(&GlobalConfig{ + Clients: map[string]string{ + "user": "secr1t", + }, + }, "user", "wrong", "") + if err != ErrAccess || got != "" { + t.Errorf("Unexpected error %v %v", got, err) + } +} + +func TestClientSecretMissing(t *testing.T) { + got, err := checkClient(&GlobalConfig{ + Clients: map[string]string{}, + }, "user", "ignored", "") + if err != ErrAccess || got != "" { + t.Errorf("Unexpected error %v %v", got, err) + } +} + +func TestClientNamespaceOK(t *testing.T) { + got, err := checkClient(&GlobalConfig{ + Namespaces: map[string]*Config{ + "ns1": { + Clients: map[string]string{ + "user": "secr1t", + }, + }, + }, + }, "user", "secr1t", "") + if err != nil || got != "ns1" { + t.Errorf("Unexpected error %v %v", got, err) + } +} diff --git a/dashboard/app/auth.go b/dashboard/app/auth.go index 42d59e6ee..a6da8e24d 100644 --- a/dashboard/app/auth.go +++ b/dashboard/app/auth.go @@ -124,30 +124,3 @@ func (auth *authEndpoint) determineAuthSubj(now time.Time, authHeader []string) } return oauthMagic + claims.Subject, nil } - -// Verifies that the given credentials are acceptable and returns the -// corresponding namespace. -func checkClient(conf *GlobalConfig, name0, secretPassword, oauthSubject string) (string, error) { - checkAuth := func(ns, a string) (string, error) { - if strings.HasPrefix(a, oauthMagic) && a == oauthSubject { - return ns, nil - } - if a != secretPassword { - return ns, ErrAccess - } - return ns, nil - } - for name, authenticator := range conf.Clients { - if name == name0 { - return checkAuth("", authenticator) - } - } - for ns, cfg := range conf.Namespaces { - for name, authenticator := range cfg.Clients { - if name == name0 { - return checkAuth(ns, authenticator) - } - } - } - return "", ErrAccess -} diff --git a/dashboard/app/auth_test.go b/dashboard/app/auth_test.go index ae52721e7..c6d5fba23 100644 --- a/dashboard/app/auth_test.go +++ b/dashboard/app/auth_test.go @@ -97,60 +97,3 @@ func TestBadHeader(t *testing.T) { t.Errorf("Unexpected error %v %v", got, err) } } - -func TestClientSecretOK(t *testing.T) { - got, err := checkClient(&GlobalConfig{ - Clients: map[string]string{ - "user": "secr1t", - }, - }, "user", "secr1t", "") - if err != nil || got != "" { - t.Errorf("Unexpected error %v %v", got, err) - } -} - -func TestClientOauthOK(t *testing.T) { - got, err := checkClient(&GlobalConfig{ - Clients: map[string]string{ - "user": "OauthSubject:public", - }, - }, "user", "", "OauthSubject:public") - if err != nil || got != "" { - t.Errorf("Unexpected error %v %v", got, err) - } -} - -func TestClientSecretFail(t *testing.T) { - got, err := checkClient(&GlobalConfig{ - Clients: map[string]string{ - "user": "secr1t", - }, - }, "user", "wrong", "") - if err != ErrAccess || got != "" { - t.Errorf("Unexpected error %v %v", got, err) - } -} - -func TestClientSecretMissing(t *testing.T) { - got, err := checkClient(&GlobalConfig{ - Clients: map[string]string{}, - }, "user", "ignored", "") - if err != ErrAccess || got != "" { - t.Errorf("Unexpected error %v %v", got, err) - } -} - -func TestClientNamespaceOK(t *testing.T) { - got, err := checkClient(&GlobalConfig{ - Namespaces: map[string]*Config{ - "ns1": { - Clients: map[string]string{ - "user": "secr1t", - }, - }, - }, - }, "user", "secr1t", "") - if err != nil || got != "ns1" { - t.Errorf("Unexpected error %v %v", got, err) - } -} -- cgit mrf-deployment