Ejemplo n.º 1
0
func (wrappa *WebAuthWrappa) Wrap(handlers rata.Handlers) rata.Handlers {
	wrapped := rata.Handlers{}

	for name, handler := range handlers {
		newHandler := handler

		switch name {
		case web.Index:
		case web.Pipeline:
		case web.TriggerBuild:
		case web.GetBuild:
		case web.GetBuilds:
		case web.GetJoblessBuild:
		case web.Public:
		case web.GetResource:
		case web.GetJob:
		case web.LogIn:
		case web.BasicAuth:
			newHandler = auth.WrapHandler(
				auth.CheckAuthHandler(
					handler,
					auth.BasicAuthRejector{},
				),
				wrappa.Validator,
				wrappa.UserContextReader,
			)

		default:
			panic("you missed a spot")
		}

		wrapped[name] = newHandler
	}

	return wrapped
}
Ejemplo n.º 2
0
		teamNameChan = tn
		teamIDChan = ti
		isAdminChan = ia
		foundChan = f
		simpleHandler := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
			a <- auth.IsAuthenticated(r)
			teamName, teamID, isAdmin, found := auth.GetTeam(r)
			f <- found
			tn <- teamName
			ti <- teamID
			ia <- isAdmin
		})

		server = httptest.NewServer(auth.WrapHandler(
			simpleHandler,
			fakeValidator,
			fakeUserContextReader,
		))

		client = &http.Client{
			Transport: &http.Transport{},
		}
	})

	Context("when a request is made", func() {
		var request *http.Request
		var response *http.Response

		BeforeEach(func() {
			var err error
Ejemplo n.º 3
0
func (wrappa *APIAuthWrappa) Wrap(handlers rata.Handlers) rata.Handlers {
	wrapped := rata.Handlers{}

	rejector := auth.UnauthorizedRejector{}

	for name, handler := range handlers {
		newHandler := handler

		switch name {
		// authenticated
		case atc.GetAuthToken,
			atc.AbortBuild,
			atc.CreateBuild,
			atc.CreatePipe,
			atc.DeletePipeline,
			atc.DisableResourceVersion,
			atc.EnableResourceVersion,
			atc.GetConfig,
			atc.GetContainer,
			atc.HijackContainer,
			atc.ListContainers,
			atc.ListJobInputs,
			atc.ListWorkers,
			atc.OrderPipelines,
			atc.PauseJob,
			atc.PausePipeline,
			atc.PauseResource,
			atc.ReadPipe,
			atc.RegisterWorker,
			atc.SaveConfig,
			atc.SetLogLevel,
			atc.SetTeam,
			atc.UnpauseJob,
			atc.UnpausePipeline,
			atc.UnpauseResource,
			atc.CheckResource,
			atc.WritePipe,
			atc.ListVolumes,
			atc.GetVersionsDB,
			atc.CreateJobBuild,
			atc.RenamePipeline:
			newHandler = auth.CheckAuthHandler(handler, rejector)

		// unauthenticated
		case atc.ListAuthMethods, atc.GetInfo:

		// unauthenticated if publicly viewable
		case atc.BuildEvents,
			atc.DownloadCLI,
			atc.GetBuild,
			atc.GetJobBuild,
			atc.BuildResources,
			atc.GetJob,
			atc.GetLogLevel,
			atc.GetResource,
			atc.ListResourceVersions,
			atc.ListBuilds,
			atc.ListBuildsWithVersionAsInput,
			atc.ListBuildsWithVersionAsOutput,
			atc.ListJobBuilds,
			atc.ListJobs,
			atc.ListPipelines,
			atc.GetPipeline,
			atc.ListResources,
			atc.GetBuildPlan,
			atc.GetBuildPreparation:
			if !wrappa.PubliclyViewable {
				newHandler = auth.CheckAuthHandler(handler, rejector)
			}

		// think about it!
		default:
			panic("you missed a spot")
		}

		newHandler = auth.WrapHandler(newHandler, wrappa.Validator, wrappa.UserContextReader)

		wrapped[name] = newHandler
	}

	return wrapped
}
Ejemplo n.º 4
0
func (wrappa *WebAuthWrappa) Wrap(handlers rata.Handlers) rata.Handlers {
	wrapped := rata.Handlers{}

	loginPath, err := web.Routes.CreatePathForRoute(web.LogIn, nil)
	if err != nil {
		panic("could not construct login route")
	}

	loginRedirectRejector := auth.RedirectRejector{
		Location: loginPath,
	}

	for name, handler := range handlers {
		newHandler := handler

		if name != web.LogIn && name != web.Public && !wrappa.PubliclyViewable {
			newHandler = auth.CheckAuthHandler(
				handler,
				loginRedirectRejector,
			)
		}

		switch name {
		case web.Index:
		case web.Pipeline:
		case web.TriggerBuild:
			newHandler = auth.CheckAuthHandler(
				handler,
				loginRedirectRejector,
			)
		case web.GetBuild:
		case web.GetBuilds:
		case web.GetJoblessBuild:
		case web.Public:
		case web.GetResource:
		case web.GetJob:
		case web.LogIn:
		case web.BasicAuth:
			newHandler = auth.CheckAuthHandler(
				handler,
				auth.BasicAuthRejector{},
			)
		case web.Debug:
			newHandler = auth.CheckAuthHandler(
				handler,
				loginRedirectRejector,
			)
		default:
			panic("you missed a spot")
		}

		newHandler = auth.WrapHandler(
			newHandler,
			wrappa.Validator,
		)

		wrapped[name] = newHandler
	}

	return wrapped
}
Ejemplo n.º 5
0
	BeforeEach(func() {
		fakeValidator = new(fakes.FakeValidator)
		fakeRejector = new(fakes.FakeRejector)

		fakeRejector.UnauthorizedStub = func(w http.ResponseWriter, r *http.Request) {
			http.Error(w, "nope", http.StatusUnauthorized)
		}

		a := make(chan bool, 1)
		authenticated = a
		simpleHandler := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
			a <- auth.IsAuthenticated(r)
		})

		server = httptest.NewServer(auth.WrapHandler(
			simpleHandler,
			fakeValidator,
		))

		client = &http.Client{
			Transport: &http.Transport{},
		}
	})

	Context("when a request is made", func() {
		var request *http.Request
		var response *http.Response

		BeforeEach(func() {
			var err error

			request, err = http.NewRequest("GET", server.URL, bytes.NewBufferString("hello"))
Ejemplo n.º 6
0
			expectedHandlers = rata.Handlers{
				web.Index:           inputHandlers[web.Index],
				web.Pipeline:        inputHandlers[web.Pipeline],
				web.TriggerBuild:    inputHandlers[web.TriggerBuild],
				web.GetBuild:        inputHandlers[web.GetBuild],
				web.GetBuilds:       inputHandlers[web.GetBuilds],
				web.GetJoblessBuild: inputHandlers[web.GetJoblessBuild],
				web.Public:          inputHandlers[web.Public],
				web.GetResource:     inputHandlers[web.GetResource],
				web.GetJob:          inputHandlers[web.GetJob],
				web.LogIn:           inputHandlers[web.LogIn],
				web.BasicAuth: auth.WrapHandler(
					auth.CheckAuthHandler(
						inputHandlers[web.BasicAuth],
						auth.BasicAuthRejector{},
					),
					fakeValidator,
					fakeUserContextReader,
				),
			}
		})

		JustBeforeEach(func() {
			wrappedHandlers = wrappa.NewWebAuthWrappa(
				fakeValidator,
				fakeUserContextReader,
			).Wrap(inputHandlers)
		})

		It("requires validation for the basic auth route", func() {
			for name, _ := range inputHandlers {
Ejemplo n.º 7
0
	. "github.com/onsi/ginkgo"
	. "github.com/onsi/gomega"
)

var _ = Describe("APIAuthWrappa", func() {
	var (
		fakeValidator *fakes.FakeValidator
	)

	BeforeEach(func() {
		fakeValidator = new(fakes.FakeValidator)
	})

	unauthed := func(handler http.Handler) http.Handler {
		return auth.WrapHandler(
			handler,
			fakeValidator,
		)
	}

	authed := func(handler http.Handler) http.Handler {
		return auth.WrapHandler(
			auth.CheckAuthHandler(
				handler,
				auth.UnauthorizedRejector{},
			),
			fakeValidator,
		)
	}

	Describe("Wrap", func() {
		var (
Ejemplo n.º 8
0
)

var _ = Describe("WebAuthWrappa", func() {
	var (
		publiclyViewable bool
		fakeValidator    *fakes.FakeValidator
	)

	BeforeEach(func() {
		publiclyViewable = true
		fakeValidator = new(fakes.FakeValidator)
	})

	unauthed := func(handler http.Handler) http.Handler {
		return auth.WrapHandler(
			handler,
			fakeValidator,
		)
	}

	authed := func(handler http.Handler) http.Handler {
		return auth.WrapHandler(
			auth.CheckAuthHandler(
				handler,
				auth.RedirectRejector{
					Location: "/login",
				},
			),
			fakeValidator,
		)
	}