Exemple #1
0
func (s *S) TestExportEnvironmentsBackward(c *gocheck.C) {
	envNames := []string{
		"TSURU_APP_TOKEN",
	}
	app := App{Name: "moon", Platform: "opeth", Env: make(map[string]bind.EnvVar)}
	for _, name := range envNames {
		envVar := bind.EnvVar{Name: name, Value: name, Public: false}
		app.Env[name] = envVar
	}
	token, err := auth.CreateApplicationToken(app.Name)
	c.Assert(err, gocheck.IsNil)
	app.Env["TSURU_APP_TOKEN"] = bind.EnvVar{Name: "TSURU_APP_NAME", Value: token.Token}
	err = s.conn.Apps().Insert(app)
	c.Assert(err, gocheck.IsNil)
	defer s.conn.Apps().Remove(bson.M{"name": app.Name})
	ctx := action.BWContext{Params: []interface{}{&app}}
	exportEnvironmentsAction.Backward(ctx)
	copy, err := GetByName(app.Name)
	c.Assert(err, gocheck.IsNil)
	for _, name := range envNames {
		if _, ok := copy.Env[name]; ok {
			c.Errorf("Variable %q should be unexported, but it's still exported.", name)
		}
	}
	_, err = auth.GetToken("bearer " + token.Token)
	c.Assert(err, gocheck.Equals, auth.ErrInvalidToken)
}
Exemple #2
0
func (fn AdminRequiredHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
	setVersionHeaders(w)
	defer func() {
		if r.Body != nil {
			r.Body.Close()
		}
	}()
	fw := io.FlushingWriter{ResponseWriter: w}
	header := r.Header.Get("Authorization")
	if header == "" {
		http.Error(&fw, "You must provide the Authorization header", http.StatusUnauthorized)
	} else if t, err := auth.GetToken(header); err != nil {
		http.Error(&fw, "Invalid token", http.StatusUnauthorized)
	} else if user, err := t.User(); err != nil || !user.IsAdmin() {
		http.Error(&fw, "Forbidden", http.StatusForbidden)
	} else if err = fn(&fw, r, t); err != nil {
		code := http.StatusInternalServerError
		if e, ok := err.(*errors.HTTP); ok {
			code = e.Code
		}
		if fw.Wrote() {
			fmt.Fprintln(&fw, err)
		} else {
			http.Error(&fw, err.Error(), code)
		}
		log.Error(err.Error())
	}
}
Exemple #3
0
func (s *S) TestExportEnvironmentsForward(c *gocheck.C) {
	expectedHost := "localhost"
	config.Set("host", expectedHost)
	app := App{Name: "mist", Platform: "opeth"}
	err := s.conn.Apps().Insert(app)
	c.Assert(err, gocheck.IsNil)
	defer s.conn.Apps().Remove(bson.M{"name": app.Name})
	ctx := action.FWContext{Params: []interface{}{&app}}
	result, err := exportEnvironmentsAction.Forward(ctx)
	c.Assert(err, gocheck.IsNil)
	c.Assert(result, gocheck.Equals, nil)
	gotApp, err := GetByName(app.Name)
	c.Assert(err, gocheck.IsNil)
	appEnv := gotApp.InstanceEnv("")
	c.Assert(appEnv["TSURU_APPNAME"].Value, gocheck.Equals, app.Name)
	c.Assert(appEnv["TSURU_APPNAME"].Public, gocheck.Equals, false)
	c.Assert(appEnv["TSURU_HOST"].Value, gocheck.Equals, expectedHost)
	c.Assert(appEnv["TSURU_HOST"].Public, gocheck.Equals, false)
	c.Assert(appEnv["TSURU_APP_TOKEN"].Value, gocheck.Not(gocheck.Equals), "")
	c.Assert(appEnv["TSURU_APP_TOKEN"].Public, gocheck.Equals, false)
	t, err := auth.GetToken("bearer " + appEnv["TSURU_APP_TOKEN"].Value)
	c.Assert(err, gocheck.IsNil)
	c.Assert(t.AppName, gocheck.Equals, app.Name)
	message, err := aqueue().Get(2e9)
	c.Assert(err, gocheck.IsNil)
	c.Assert(message.Action, gocheck.Equals, regenerateApprc)
	c.Assert(message.Args, gocheck.DeepEquals, []string{app.Name})
}
Exemple #4
0
func validate(token string, r *http.Request) (*auth.Token, error) {
	if token == "" {
		return nil, &errors.HTTP{
			Message: "You must provide the Authorization header",
		}
	}
	invalid := &errors.HTTP{Message: "Invalid token"}
	t, err := auth.GetToken(token)
	if err != nil {
		return nil, invalid
	}
	if t.AppName != "" {
		if q := r.URL.Query().Get(":app"); q != "" && t.AppName != q {
			return nil, invalid
		}
	}
	return t, nil
}