Esempio n. 1
0
func (wrappa *WebAuthWrappa) Wrap(handlers rata.Handlers) rata.Handlers {
	wrapped := rata.Handlers{}

	for name, handler := range handlers {
		newHandler := handler

		switch name {
		case web.Index:
		case web.Pipeline:
		case web.TriggerBuild:
		case web.GetBuild:
		case web.GetBuilds:
		case web.GetJoblessBuild:
		case web.Public:
		case web.GetResource:
		case web.GetJob:
		case web.LogIn:
		case web.BasicAuth:
			newHandler = auth.WrapHandler(
				auth.CheckAuthHandler(
					handler,
					auth.BasicAuthRejector{},
				),
				wrappa.Validator,
				wrappa.UserContextReader,
			)

		default:
			panic("you missed a spot")
		}

		wrapped[name] = newHandler
	}

	return wrapped
}
Esempio n. 2
0
func (wrappa *APIAuthWrappa) Wrap(handlers rata.Handlers) rata.Handlers {
	wrapped := rata.Handlers{}

	rejector := auth.UnauthorizedRejector{}

	for name, handler := range handlers {
		newHandler := handler

		switch name {
		// authenticated
		case atc.GetAuthToken,
			atc.AbortBuild,
			atc.CreateBuild,
			atc.CreatePipe,
			atc.DeletePipeline,
			atc.DisableResourceVersion,
			atc.EnableResourceVersion,
			atc.GetConfig,
			atc.GetContainer,
			atc.HijackContainer,
			atc.ListContainers,
			atc.ListJobInputs,
			atc.ListWorkers,
			atc.OrderPipelines,
			atc.PauseJob,
			atc.PausePipeline,
			atc.PauseResource,
			atc.ReadPipe,
			atc.RegisterWorker,
			atc.SaveConfig,
			atc.SetLogLevel,
			atc.SetTeam,
			atc.UnpauseJob,
			atc.UnpausePipeline,
			atc.UnpauseResource,
			atc.CheckResource,
			atc.WritePipe,
			atc.ListVolumes,
			atc.GetVersionsDB,
			atc.CreateJobBuild,
			atc.RenamePipeline:
			newHandler = auth.CheckAuthHandler(handler, rejector)

		// unauthenticated
		case atc.ListAuthMethods, atc.GetInfo:

		// unauthenticated if publicly viewable
		case atc.BuildEvents,
			atc.DownloadCLI,
			atc.GetBuild,
			atc.GetJobBuild,
			atc.BuildResources,
			atc.GetJob,
			atc.GetLogLevel,
			atc.GetResource,
			atc.ListResourceVersions,
			atc.ListBuilds,
			atc.ListBuildsWithVersionAsInput,
			atc.ListBuildsWithVersionAsOutput,
			atc.ListJobBuilds,
			atc.ListJobs,
			atc.ListPipelines,
			atc.GetPipeline,
			atc.ListResources,
			atc.GetBuildPlan,
			atc.GetBuildPreparation:
			if !wrappa.PubliclyViewable {
				newHandler = auth.CheckAuthHandler(handler, rejector)
			}

		// think about it!
		default:
			panic("you missed a spot")
		}

		newHandler = auth.WrapHandler(newHandler, wrappa.Validator, wrappa.UserContextReader)

		wrapped[name] = newHandler
	}

	return wrapped
}
Esempio n. 3
0
func (wrappa *WebAuthWrappa) Wrap(handlers rata.Handlers) rata.Handlers {
	wrapped := rata.Handlers{}

	loginPath, err := web.Routes.CreatePathForRoute(web.LogIn, nil)
	if err != nil {
		panic("could not construct login route")
	}

	loginRedirectRejector := auth.RedirectRejector{
		Location: loginPath,
	}

	for name, handler := range handlers {
		newHandler := handler

		if name != web.LogIn && name != web.Public && !wrappa.PubliclyViewable {
			newHandler = auth.CheckAuthHandler(
				handler,
				loginRedirectRejector,
			)
		}

		switch name {
		case web.Index:
		case web.Pipeline:
		case web.TriggerBuild:
			newHandler = auth.CheckAuthHandler(
				handler,
				loginRedirectRejector,
			)
		case web.GetBuild:
		case web.GetBuilds:
		case web.GetJoblessBuild:
		case web.Public:
		case web.GetResource:
		case web.GetJob:
		case web.LogIn:
		case web.BasicAuth:
			newHandler = auth.CheckAuthHandler(
				handler,
				auth.BasicAuthRejector{},
			)
		case web.Debug:
			newHandler = auth.CheckAuthHandler(
				handler,
				loginRedirectRejector,
			)
		default:
			panic("you missed a spot")
		}

		newHandler = auth.WrapHandler(
			newHandler,
			wrappa.Validator,
		)

		wrapped[name] = newHandler
	}

	return wrapped
}
		io.Copy(w, buffer)
		io.Copy(w, r.Body)
	})

	BeforeEach(func() {
		fakeValidator = new(fakes.FakeValidator)
		fakeUserContextReader = new(fakes.FakeUserContextReader)
		fakeRejector = new(fakes.FakeRejector)

		fakeRejector.UnauthorizedStub = func(w http.ResponseWriter, r *http.Request) {
			http.Error(w, "nope", http.StatusUnauthorized)
		}

		server = httptest.NewServer(auth.WrapHandler(
			auth.CheckAuthHandler(
				simpleHandler,
				fakeRejector,
			),
			fakeValidator,
			fakeUserContextReader,
		))

		client = &http.Client{
			Transport: &http.Transport{},
		}
	})

	Context("when a request is made", func() {
		var request *http.Request
		var response *http.Response

		BeforeEach(func() {
Esempio n. 5
0
			}

			expectedHandlers = rata.Handlers{
				web.Index:           inputHandlers[web.Index],
				web.Pipeline:        inputHandlers[web.Pipeline],
				web.TriggerBuild:    inputHandlers[web.TriggerBuild],
				web.GetBuild:        inputHandlers[web.GetBuild],
				web.GetBuilds:       inputHandlers[web.GetBuilds],
				web.GetJoblessBuild: inputHandlers[web.GetJoblessBuild],
				web.Public:          inputHandlers[web.Public],
				web.GetResource:     inputHandlers[web.GetResource],
				web.GetJob:          inputHandlers[web.GetJob],
				web.LogIn:           inputHandlers[web.LogIn],
				web.BasicAuth: auth.WrapHandler(
					auth.CheckAuthHandler(
						inputHandlers[web.BasicAuth],
						auth.BasicAuthRejector{},
					),
					fakeValidator,
					fakeUserContextReader,
				),
			}
		})

		JustBeforeEach(func() {
			wrappedHandlers = wrappa.NewWebAuthWrappa(
				fakeValidator,
				fakeUserContextReader,
			).Wrap(inputHandlers)
		})

		It("requires validation for the basic auth route", func() {
Esempio n. 6
0
	BeforeEach(func() {
		fakeValidator = new(fakes.FakeValidator)
	})

	unauthed := func(handler http.Handler) http.Handler {
		return auth.WrapHandler(
			handler,
			fakeValidator,
		)
	}

	authed := func(handler http.Handler) http.Handler {
		return auth.WrapHandler(
			auth.CheckAuthHandler(
				handler,
				auth.UnauthorizedRejector{},
			),
			fakeValidator,
		)
	}

	Describe("Wrap", func() {
		var (
			inputHandlers rata.Handlers

			wrappedHandlers rata.Handlers

			expectedHandlers rata.Handlers
		)

		BeforeEach(func() {
Esempio n. 7
0
		publiclyViewable = true
		fakeValidator = new(fakes.FakeValidator)
	})

	unauthed := func(handler http.Handler) http.Handler {
		return auth.WrapHandler(
			handler,
			fakeValidator,
		)
	}

	authed := func(handler http.Handler) http.Handler {
		return auth.WrapHandler(
			auth.CheckAuthHandler(
				handler,
				auth.RedirectRejector{
					Location: "/login",
				},
			),
			fakeValidator,
		)
	}

	Describe("Wrap", func() {
		var (
			inputHandlers rata.Handlers

			wrappedHandlers rata.Handlers
		)

		BeforeEach(func() {
			inputHandlers = rata.Handlers{}