func (wrappa *WebAuthWrappa) Wrap(handlers rata.Handlers) rata.Handlers {
wrapped := rata.Handlers{}
for name, handler := range handlers {
newHandler := handler
switch name {
case web.Index:
case web.Pipeline:
case web.TriggerBuild:
case web.GetBuild:
case web.GetBuilds:
case web.GetJoblessBuild:
case web.Public:
case web.GetResource:
case web.GetJob:
case web.LogIn:
case web.BasicAuth:
newHandler = auth.WrapHandler(
auth.CheckAuthHandler(
handler,
auth.BasicAuthRejector{},
),
wrappa.Validator,
wrappa.UserContextReader,
)
default:
panic("you missed a spot")
}
wrapped[name] = newHandler
}
return wrapped
}
func (wrappa *APIAuthWrappa) Wrap(handlers rata.Handlers) rata.Handlers {
wrapped := rata.Handlers{}
rejector := auth.UnauthorizedRejector{}
for name, handler := range handlers {
newHandler := handler
switch name {
// authenticated
case atc.GetAuthToken,
atc.AbortBuild,
atc.CreateBuild,
atc.CreatePipe,
atc.DeletePipeline,
atc.DisableResourceVersion,
atc.EnableResourceVersion,
atc.GetConfig,
atc.GetContainer,
atc.HijackContainer,
atc.ListContainers,
atc.ListJobInputs,
atc.ListWorkers,
atc.OrderPipelines,
atc.PauseJob,
atc.PausePipeline,
atc.PauseResource,
atc.ReadPipe,
atc.RegisterWorker,
atc.SaveConfig,
atc.SetLogLevel,
atc.SetTeam,
atc.UnpauseJob,
atc.UnpausePipeline,
atc.UnpauseResource,
atc.CheckResource,
atc.WritePipe,
atc.ListVolumes,
atc.GetVersionsDB,
atc.CreateJobBuild,
atc.RenamePipeline:
newHandler = auth.CheckAuthHandler(handler, rejector)
// unauthenticated
case atc.ListAuthMethods, atc.GetInfo:
// unauthenticated if publicly viewable
case atc.BuildEvents,
atc.DownloadCLI,
atc.GetBuild,
atc.GetJobBuild,
atc.BuildResources,
atc.GetJob,
atc.GetLogLevel,
atc.GetResource,
atc.ListResourceVersions,
atc.ListBuilds,
atc.ListBuildsWithVersionAsInput,
atc.ListBuildsWithVersionAsOutput,
atc.ListJobBuilds,
atc.ListJobs,
atc.ListPipelines,
atc.GetPipeline,
atc.ListResources,
atc.GetBuildPlan,
atc.GetBuildPreparation:
if !wrappa.PubliclyViewable {
newHandler = auth.CheckAuthHandler(handler, rejector)
}
// think about it!
default:
panic("you missed a spot")
}
newHandler = auth.WrapHandler(newHandler, wrappa.Validator, wrappa.UserContextReader)
wrapped[name] = newHandler
}
return wrapped
}
func (wrappa *WebAuthWrappa) Wrap(handlers rata.Handlers) rata.Handlers {
wrapped := rata.Handlers{}
loginPath, err := web.Routes.CreatePathForRoute(web.LogIn, nil)
if err != nil {
panic("could not construct login route")
}
loginRedirectRejector := auth.RedirectRejector{
Location: loginPath,
}
for name, handler := range handlers {
newHandler := handler
if name != web.LogIn && name != web.Public && !wrappa.PubliclyViewable {
newHandler = auth.CheckAuthHandler(
handler,
loginRedirectRejector,
)
}
switch name {
case web.Index:
case web.Pipeline:
case web.TriggerBuild:
newHandler = auth.CheckAuthHandler(
handler,
loginRedirectRejector,
)
case web.GetBuild:
case web.GetBuilds:
case web.GetJoblessBuild:
case web.Public:
case web.GetResource:
case web.GetJob:
case web.LogIn:
case web.BasicAuth:
newHandler = auth.CheckAuthHandler(
handler,
auth.BasicAuthRejector{},
)
case web.Debug:
newHandler = auth.CheckAuthHandler(
handler,
loginRedirectRejector,
)
default:
panic("you missed a spot")
}
newHandler = auth.WrapHandler(
newHandler,
wrappa.Validator,
)
wrapped[name] = newHandler
}
return wrapped
}
io.Copy(w, buffer)
io.Copy(w, r.Body)
})
BeforeEach(func() {
fakeValidator = new(fakes.FakeValidator)
fakeUserContextReader = new(fakes.FakeUserContextReader)
fakeRejector = new(fakes.FakeRejector)
fakeRejector.UnauthorizedStub = func(w http.ResponseWriter, r *http.Request) {
http.Error(w, "nope", http.StatusUnauthorized)
}
server = httptest.NewServer(auth.WrapHandler(
auth.CheckAuthHandler(
simpleHandler,
fakeRejector,
),
fakeValidator,
fakeUserContextReader,
))
client = &http.Client{
Transport: &http.Transport{},
}
})
Context("when a request is made", func() {
var request *http.Request
var response *http.Response
BeforeEach(func() {
}
expectedHandlers = rata.Handlers{
web.Index: inputHandlers[web.Index],
web.Pipeline: inputHandlers[web.Pipeline],
web.TriggerBuild: inputHandlers[web.TriggerBuild],
web.GetBuild: inputHandlers[web.GetBuild],
web.GetBuilds: inputHandlers[web.GetBuilds],
web.GetJoblessBuild: inputHandlers[web.GetJoblessBuild],
web.Public: inputHandlers[web.Public],
web.GetResource: inputHandlers[web.GetResource],
web.GetJob: inputHandlers[web.GetJob],
web.LogIn: inputHandlers[web.LogIn],
web.BasicAuth: auth.WrapHandler(
auth.CheckAuthHandler(
inputHandlers[web.BasicAuth],
auth.BasicAuthRejector{},
),
fakeValidator,
fakeUserContextReader,
),
}
})
JustBeforeEach(func() {
wrappedHandlers = wrappa.NewWebAuthWrappa(
fakeValidator,
fakeUserContextReader,
).Wrap(inputHandlers)
})
It("requires validation for the basic auth route", func() {
BeforeEach(func() {
fakeValidator = new(fakes.FakeValidator)
})
unauthed := func(handler http.Handler) http.Handler {
return auth.WrapHandler(
handler,
fakeValidator,
)
}
authed := func(handler http.Handler) http.Handler {
return auth.WrapHandler(
auth.CheckAuthHandler(
handler,
auth.UnauthorizedRejector{},
),
fakeValidator,
)
}
Describe("Wrap", func() {
var (
inputHandlers rata.Handlers
wrappedHandlers rata.Handlers
expectedHandlers rata.Handlers
)
BeforeEach(func() {
publiclyViewable = true
fakeValidator = new(fakes.FakeValidator)
})
unauthed := func(handler http.Handler) http.Handler {
return auth.WrapHandler(
handler,
fakeValidator,
)
}
authed := func(handler http.Handler) http.Handler {
return auth.WrapHandler(
auth.CheckAuthHandler(
handler,
auth.RedirectRejector{
Location: "/login",
},
),
fakeValidator,
)
}
Describe("Wrap", func() {
var (
inputHandlers rata.Handlers
wrappedHandlers rata.Handlers
)
BeforeEach(func() {
inputHandlers = rata.Handlers{}