func (s *AdminSuite) TestIsAdmin(c *gc.C) {
s.createAdmins(c)
defer s.deleteAdmins(c)
for i, t := range []struct {
should string
admin t.TestAdmin
expectError string
}{{
should: "validate an existing admin",
admin: s.admins["bob"],
}, {
should: "not validate a nonexistent admin",
admin: t.TestAdmin{Key: "123456"},
expectError: `admin for key 123456: user not found`,
}} {
c.Logf("test %d: should %s", i, t.should)
if t.expectError == "" {
c.Check(admin.IsAdmin(s.d, t.admin.Key), jc.ErrorIsNil)
} else {
c.Check(admin.IsAdmin(s.d, t.admin.Key), gc.ErrorMatches, t.expectError)
}
}
}
func handleUserCreate(d db.DB) htr.Handle {
return func(w http.ResponseWriter, r *http.Request, ps htr.Params) {
if err := r.ParseForm(); err != nil {
WriteResponse(w, newApiError(err.Error(), err))
log.Printf("bad admin request: %#v", r)
return
}
key := util.Key(r.Form.Get("key"))
if err := admin.IsAdmin(d, key); err != nil {
WriteResponse(w, newApiError(err.Error(), err))
log.Printf("bad admin request: %#v", r)
return
}
email := r.Form.Get("email")
pwhash := r.Form.Get("pwhash")
if err := user.Create(d, email, pwhash); err != nil {
WriteResponse(w, newApiError(err.Error(), err))
log.Printf("error creating user %s: %s", email, err.Error())
return
}
log.Printf("user %s created", email)
WriteResponse(w, &user.User{
Email: email,
Hash: util.Hash(pwhash),
})
}
}
func handleAdminDelete(d db.DB) htr.Handle {
return func(w http.ResponseWriter, r *http.Request, ps htr.Params) {
if err := r.ParseForm(); err != nil {
WriteResponse(w, newApiError(err.Error(), err))
log.Printf("bad admin request: %#v", r)
return
}
key := util.Key(r.Form.Get("key"))
if err := admin.IsAdmin(d, key); err != nil {
WriteResponse(w, newApiError(err.Error(), err))
log.Printf("bad admin request: %s", err.Error())
return
}
if err := admin.Delete(d, key); err != nil {
WriteResponse(w, newApiError(err.Error(), err))
log.Printf("error deleting admin for %s: %s", key, err.Error())
return
}
log.Printf("admin %s deleted", key)
WriteResponse(w, &admin.Admin{
Key: key,
})
}
}
func (s *AdminSuite) deleteTests(adm t.TestAdmin, c *gc.C) error {
if err := admin.Delete(s.d, adm.Key); err != nil {
c.Logf("failed to delete admin %q", adm.Email)
return err
}
err := admin.IsAdmin(s.d, adm.Key)
c.Assert(err, gc.ErrorMatches, fmt.Sprintf("admin for key %s: user not found", adm.Key))
return nil
}
func handleUserDelete(d db.DB) htr.Handle {
return func(w http.ResponseWriter, r *http.Request, ps htr.Params) {
if err := r.ParseForm(); err != nil {
WriteResponse(w, newApiError(err.Error(), err))
log.Printf("bad admin request: %#v", r)
return
}
key := util.Key(r.Form.Get("key"))
email := r.Form.Get("email")
pwhash := r.Form.Get("pwhash")
switch {
case key != "":
// An admin can delete any user.
if err := admin.IsAdmin(d, key); err != nil {
WriteResponse(w, newApiError(err.Error(), err))
log.Printf("bad admin request: %#v", r)
return
}
case email != "", pwhash != "":
if err := user.CheckUser(d, email, pwhash); err != nil {
WriteResponse(w, newApiError(err.Error(), err))
log.Printf("invalid user %s: %s", email, err.Error())
return
}
default:
// No key, no email, no pwhash -- no delete.
WriteResponse(w, newApiError("must pass pwhash and email, or API key", nil))
log.Printf("invalid user delete request: no values")
return
}
if err := user.Delete(d, email); err != nil {
WriteResponse(w, newApiError(err.Error(), err))
log.Printf("error deleting user %q: %s", email, err.Error())
return
}
log.Printf("user %q deleted", email)
WriteResponse(w, &user.User{
Email: email,
})
}
}
func handleAdminValid(d db.DB) htr.Handle {
return func(w http.ResponseWriter, r *http.Request, ps htr.Params) {
if err := r.ParseForm(); err != nil {
WriteResponse(w, newApiError(err.Error(), err))
log.Printf("bad admin request: %#v", r)
return
}
key := r.Form.Get("key")
if err := admin.IsAdmin(d, util.Key(key)); err != nil {
WriteResponse(w, newApiError(err.Error(), err))
log.Printf("bad admin request: %s", err.Error())
return
}
WriteResponse(w, "ok")
log.Printf("admin %s verified", key)
}
}
func (s *AdminSuite) createTests(adm t.TestAdmin, c *gc.C) error {
key, err := admin.Create(s.d, adm.Email, adm.Pwhash)
if err != nil {
return err
}
err = admin.IsAdmin(s.d, util.Key(key))
c.Assert(err, jc.ErrorIsNil)
adminBytes, err := db.GetByKey(s.d, admin.Admins, []byte(key))
if err != nil {
return err
}
c.Assert(len(adminBytes), gc.Not(gc.Equals), 0)
var tmpAdmin admin.Admin
if err = json.Unmarshal(adminBytes, &tmpAdmin); err != nil {
return err
}
c.Check(tmpAdmin.Email, gc.Equals, adm.Email)
return nil
}
