func (wrappa *WebAuthWrappa) Wrap(handlers rata.Handlers) rata.Handlers { wrapped := rata.Handlers{} for name, handler := range handlers { newHandler := handler switch name { case web.Index: case web.Pipeline: case web.TriggerBuild: case web.GetBuild: case web.GetBuilds: case web.GetJoblessBuild: case web.Public: case web.GetResource: case web.GetJob: case web.LogIn: case web.BasicAuth: newHandler = auth.WrapHandler( auth.CheckAuthHandler( handler, auth.BasicAuthRejector{}, ), wrappa.Validator, wrappa.UserContextReader, ) default: panic("you missed a spot") } wrapped[name] = newHandler } return wrapped }
teamNameChan = tn teamIDChan = ti isAdminChan = ia foundChan = f simpleHandler := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { a <- auth.IsAuthenticated(r) teamName, teamID, isAdmin, found := auth.GetTeam(r) f <- found tn <- teamName ti <- teamID ia <- isAdmin }) server = httptest.NewServer(auth.WrapHandler( simpleHandler, fakeValidator, fakeUserContextReader, )) client = &http.Client{ Transport: &http.Transport{}, } }) Context("when a request is made", func() { var request *http.Request var response *http.Response BeforeEach(func() { var err error
func (wrappa *APIAuthWrappa) Wrap(handlers rata.Handlers) rata.Handlers { wrapped := rata.Handlers{} rejector := auth.UnauthorizedRejector{} for name, handler := range handlers { newHandler := handler switch name { // authenticated case atc.GetAuthToken, atc.AbortBuild, atc.CreateBuild, atc.CreatePipe, atc.DeletePipeline, atc.DisableResourceVersion, atc.EnableResourceVersion, atc.GetConfig, atc.GetContainer, atc.HijackContainer, atc.ListContainers, atc.ListJobInputs, atc.ListWorkers, atc.OrderPipelines, atc.PauseJob, atc.PausePipeline, atc.PauseResource, atc.ReadPipe, atc.RegisterWorker, atc.SaveConfig, atc.SetLogLevel, atc.SetTeam, atc.UnpauseJob, atc.UnpausePipeline, atc.UnpauseResource, atc.CheckResource, atc.WritePipe, atc.ListVolumes, atc.GetVersionsDB, atc.CreateJobBuild, atc.RenamePipeline: newHandler = auth.CheckAuthHandler(handler, rejector) // unauthenticated case atc.ListAuthMethods, atc.GetInfo: // unauthenticated if publicly viewable case atc.BuildEvents, atc.DownloadCLI, atc.GetBuild, atc.GetJobBuild, atc.BuildResources, atc.GetJob, atc.GetLogLevel, atc.GetResource, atc.ListResourceVersions, atc.ListBuilds, atc.ListBuildsWithVersionAsInput, atc.ListBuildsWithVersionAsOutput, atc.ListJobBuilds, atc.ListJobs, atc.ListPipelines, atc.GetPipeline, atc.ListResources, atc.GetBuildPlan, atc.GetBuildPreparation: if !wrappa.PubliclyViewable { newHandler = auth.CheckAuthHandler(handler, rejector) } // think about it! default: panic("you missed a spot") } newHandler = auth.WrapHandler(newHandler, wrappa.Validator, wrappa.UserContextReader) wrapped[name] = newHandler } return wrapped }
func (wrappa *WebAuthWrappa) Wrap(handlers rata.Handlers) rata.Handlers { wrapped := rata.Handlers{} loginPath, err := web.Routes.CreatePathForRoute(web.LogIn, nil) if err != nil { panic("could not construct login route") } loginRedirectRejector := auth.RedirectRejector{ Location: loginPath, } for name, handler := range handlers { newHandler := handler if name != web.LogIn && name != web.Public && !wrappa.PubliclyViewable { newHandler = auth.CheckAuthHandler( handler, loginRedirectRejector, ) } switch name { case web.Index: case web.Pipeline: case web.TriggerBuild: newHandler = auth.CheckAuthHandler( handler, loginRedirectRejector, ) case web.GetBuild: case web.GetBuilds: case web.GetJoblessBuild: case web.Public: case web.GetResource: case web.GetJob: case web.LogIn: case web.BasicAuth: newHandler = auth.CheckAuthHandler( handler, auth.BasicAuthRejector{}, ) case web.Debug: newHandler = auth.CheckAuthHandler( handler, loginRedirectRejector, ) default: panic("you missed a spot") } newHandler = auth.WrapHandler( newHandler, wrappa.Validator, ) wrapped[name] = newHandler } return wrapped }
BeforeEach(func() { fakeValidator = new(fakes.FakeValidator) fakeRejector = new(fakes.FakeRejector) fakeRejector.UnauthorizedStub = func(w http.ResponseWriter, r *http.Request) { http.Error(w, "nope", http.StatusUnauthorized) } a := make(chan bool, 1) authenticated = a simpleHandler := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { a <- auth.IsAuthenticated(r) }) server = httptest.NewServer(auth.WrapHandler( simpleHandler, fakeValidator, )) client = &http.Client{ Transport: &http.Transport{}, } }) Context("when a request is made", func() { var request *http.Request var response *http.Response BeforeEach(func() { var err error request, err = http.NewRequest("GET", server.URL, bytes.NewBufferString("hello"))
expectedHandlers = rata.Handlers{ web.Index: inputHandlers[web.Index], web.Pipeline: inputHandlers[web.Pipeline], web.TriggerBuild: inputHandlers[web.TriggerBuild], web.GetBuild: inputHandlers[web.GetBuild], web.GetBuilds: inputHandlers[web.GetBuilds], web.GetJoblessBuild: inputHandlers[web.GetJoblessBuild], web.Public: inputHandlers[web.Public], web.GetResource: inputHandlers[web.GetResource], web.GetJob: inputHandlers[web.GetJob], web.LogIn: inputHandlers[web.LogIn], web.BasicAuth: auth.WrapHandler( auth.CheckAuthHandler( inputHandlers[web.BasicAuth], auth.BasicAuthRejector{}, ), fakeValidator, fakeUserContextReader, ), } }) JustBeforeEach(func() { wrappedHandlers = wrappa.NewWebAuthWrappa( fakeValidator, fakeUserContextReader, ).Wrap(inputHandlers) }) It("requires validation for the basic auth route", func() { for name, _ := range inputHandlers {
. "github.com/onsi/ginkgo" . "github.com/onsi/gomega" ) var _ = Describe("APIAuthWrappa", func() { var ( fakeValidator *fakes.FakeValidator ) BeforeEach(func() { fakeValidator = new(fakes.FakeValidator) }) unauthed := func(handler http.Handler) http.Handler { return auth.WrapHandler( handler, fakeValidator, ) } authed := func(handler http.Handler) http.Handler { return auth.WrapHandler( auth.CheckAuthHandler( handler, auth.UnauthorizedRejector{}, ), fakeValidator, ) } Describe("Wrap", func() { var (
) var _ = Describe("WebAuthWrappa", func() { var ( publiclyViewable bool fakeValidator *fakes.FakeValidator ) BeforeEach(func() { publiclyViewable = true fakeValidator = new(fakes.FakeValidator) }) unauthed := func(handler http.Handler) http.Handler { return auth.WrapHandler( handler, fakeValidator, ) } authed := func(handler http.Handler) http.Handler { return auth.WrapHandler( auth.CheckAuthHandler( handler, auth.RedirectRejector{ Location: "/login", }, ), fakeValidator, ) }