func (s *S) TestExportEnvironmentsBackward(c *gocheck.C) {
envNames := []string{
"TSURU_APP_TOKEN",
}
app := App{Name: "moon", Platform: "opeth", Env: make(map[string]bind.EnvVar)}
for _, name := range envNames {
envVar := bind.EnvVar{Name: name, Value: name, Public: false}
app.Env[name] = envVar
}
token, err := auth.CreateApplicationToken(app.Name)
c.Assert(err, gocheck.IsNil)
app.Env["TSURU_APP_TOKEN"] = bind.EnvVar{Name: "TSURU_APP_NAME", Value: token.Token}
err = s.conn.Apps().Insert(app)
c.Assert(err, gocheck.IsNil)
defer s.conn.Apps().Remove(bson.M{"name": app.Name})
ctx := action.BWContext{Params: []interface{}{&app}}
exportEnvironmentsAction.Backward(ctx)
copy, err := GetByName(app.Name)
c.Assert(err, gocheck.IsNil)
for _, name := range envNames {
if _, ok := copy.Env[name]; ok {
c.Errorf("Variable %q should be unexported, but it's still exported.", name)
}
}
_, err = auth.GetToken("bearer " + token.Token)
c.Assert(err, gocheck.Equals, auth.ErrInvalidToken)
}
func (fn AdminRequiredHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
setVersionHeaders(w)
defer func() {
if r.Body != nil {
r.Body.Close()
}
}()
fw := io.FlushingWriter{ResponseWriter: w}
header := r.Header.Get("Authorization")
if header == "" {
http.Error(&fw, "You must provide the Authorization header", http.StatusUnauthorized)
} else if t, err := auth.GetToken(header); err != nil {
http.Error(&fw, "Invalid token", http.StatusUnauthorized)
} else if user, err := t.User(); err != nil || !user.IsAdmin() {
http.Error(&fw, "Forbidden", http.StatusForbidden)
} else if err = fn(&fw, r, t); err != nil {
code := http.StatusInternalServerError
if e, ok := err.(*errors.HTTP); ok {
code = e.Code
}
if fw.Wrote() {
fmt.Fprintln(&fw, err)
} else {
http.Error(&fw, err.Error(), code)
}
log.Error(err.Error())
}
}
func (s *S) TestExportEnvironmentsForward(c *gocheck.C) {
expectedHost := "localhost"
config.Set("host", expectedHost)
app := App{Name: "mist", Platform: "opeth"}
err := s.conn.Apps().Insert(app)
c.Assert(err, gocheck.IsNil)
defer s.conn.Apps().Remove(bson.M{"name": app.Name})
ctx := action.FWContext{Params: []interface{}{&app}}
result, err := exportEnvironmentsAction.Forward(ctx)
c.Assert(err, gocheck.IsNil)
c.Assert(result, gocheck.Equals, nil)
gotApp, err := GetByName(app.Name)
c.Assert(err, gocheck.IsNil)
appEnv := gotApp.InstanceEnv("")
c.Assert(appEnv["TSURU_APPNAME"].Value, gocheck.Equals, app.Name)
c.Assert(appEnv["TSURU_APPNAME"].Public, gocheck.Equals, false)
c.Assert(appEnv["TSURU_HOST"].Value, gocheck.Equals, expectedHost)
c.Assert(appEnv["TSURU_HOST"].Public, gocheck.Equals, false)
c.Assert(appEnv["TSURU_APP_TOKEN"].Value, gocheck.Not(gocheck.Equals), "")
c.Assert(appEnv["TSURU_APP_TOKEN"].Public, gocheck.Equals, false)
t, err := auth.GetToken("bearer " + appEnv["TSURU_APP_TOKEN"].Value)
c.Assert(err, gocheck.IsNil)
c.Assert(t.AppName, gocheck.Equals, app.Name)
message, err := aqueue().Get(2e9)
c.Assert(err, gocheck.IsNil)
c.Assert(message.Action, gocheck.Equals, regenerateApprc)
c.Assert(message.Args, gocheck.DeepEquals, []string{app.Name})
}
func validate(token string, r *http.Request) (*auth.Token, error) {
if token == "" {
return nil, &errors.HTTP{
Message: "You must provide the Authorization header",
}
}
invalid := &errors.HTTP{Message: "Invalid token"}
t, err := auth.GetToken(token)
if err != nil {
return nil, invalid
}
if t.AppName != "" {
if q := r.URL.Query().Get(":app"); q != "" && t.AppName != q {
return nil, invalid
}
}
return t, nil
}