func (wrappa *WebAuthWrappa) Wrap(handlers rata.Handlers) rata.Handlers {
wrapped := rata.Handlers{}
for name, handler := range handlers {
newHandler := handler
switch name {
case web.Index:
case web.Pipeline:
case web.TriggerBuild:
case web.GetBuild:
case web.GetBuilds:
case web.GetJoblessBuild:
case web.Public:
case web.GetResource:
case web.GetJob:
case web.LogIn:
case web.BasicAuth:
newHandler = auth.WrapHandler(
auth.CheckAuthHandler(
handler,
auth.BasicAuthRejector{},
),
wrappa.Validator,
wrappa.UserContextReader,
)
default:
panic("you missed a spot")
}
wrapped[name] = newHandler
}
return wrapped
}
teamNameChan = tn
teamIDChan = ti
isAdminChan = ia
foundChan = f
simpleHandler := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
a <- auth.IsAuthenticated(r)
teamName, teamID, isAdmin, found := auth.GetTeam(r)
f <- found
tn <- teamName
ti <- teamID
ia <- isAdmin
})
server = httptest.NewServer(auth.WrapHandler(
simpleHandler,
fakeValidator,
fakeUserContextReader,
))
client = &http.Client{
Transport: &http.Transport{},
}
})
Context("when a request is made", func() {
var request *http.Request
var response *http.Response
BeforeEach(func() {
var err error
func (wrappa *APIAuthWrappa) Wrap(handlers rata.Handlers) rata.Handlers {
wrapped := rata.Handlers{}
rejector := auth.UnauthorizedRejector{}
for name, handler := range handlers {
newHandler := handler
switch name {
// authenticated
case atc.GetAuthToken,
atc.AbortBuild,
atc.CreateBuild,
atc.CreatePipe,
atc.DeletePipeline,
atc.DisableResourceVersion,
atc.EnableResourceVersion,
atc.GetConfig,
atc.GetContainer,
atc.HijackContainer,
atc.ListContainers,
atc.ListJobInputs,
atc.ListWorkers,
atc.OrderPipelines,
atc.PauseJob,
atc.PausePipeline,
atc.PauseResource,
atc.ReadPipe,
atc.RegisterWorker,
atc.SaveConfig,
atc.SetLogLevel,
atc.SetTeam,
atc.UnpauseJob,
atc.UnpausePipeline,
atc.UnpauseResource,
atc.CheckResource,
atc.WritePipe,
atc.ListVolumes,
atc.GetVersionsDB,
atc.CreateJobBuild,
atc.RenamePipeline:
newHandler = auth.CheckAuthHandler(handler, rejector)
// unauthenticated
case atc.ListAuthMethods, atc.GetInfo:
// unauthenticated if publicly viewable
case atc.BuildEvents,
atc.DownloadCLI,
atc.GetBuild,
atc.GetJobBuild,
atc.BuildResources,
atc.GetJob,
atc.GetLogLevel,
atc.GetResource,
atc.ListResourceVersions,
atc.ListBuilds,
atc.ListBuildsWithVersionAsInput,
atc.ListBuildsWithVersionAsOutput,
atc.ListJobBuilds,
atc.ListJobs,
atc.ListPipelines,
atc.GetPipeline,
atc.ListResources,
atc.GetBuildPlan,
atc.GetBuildPreparation:
if !wrappa.PubliclyViewable {
newHandler = auth.CheckAuthHandler(handler, rejector)
}
// think about it!
default:
panic("you missed a spot")
}
newHandler = auth.WrapHandler(newHandler, wrappa.Validator, wrappa.UserContextReader)
wrapped[name] = newHandler
}
return wrapped
}
func (wrappa *WebAuthWrappa) Wrap(handlers rata.Handlers) rata.Handlers {
wrapped := rata.Handlers{}
loginPath, err := web.Routes.CreatePathForRoute(web.LogIn, nil)
if err != nil {
panic("could not construct login route")
}
loginRedirectRejector := auth.RedirectRejector{
Location: loginPath,
}
for name, handler := range handlers {
newHandler := handler
if name != web.LogIn && name != web.Public && !wrappa.PubliclyViewable {
newHandler = auth.CheckAuthHandler(
handler,
loginRedirectRejector,
)
}
switch name {
case web.Index:
case web.Pipeline:
case web.TriggerBuild:
newHandler = auth.CheckAuthHandler(
handler,
loginRedirectRejector,
)
case web.GetBuild:
case web.GetBuilds:
case web.GetJoblessBuild:
case web.Public:
case web.GetResource:
case web.GetJob:
case web.LogIn:
case web.BasicAuth:
newHandler = auth.CheckAuthHandler(
handler,
auth.BasicAuthRejector{},
)
case web.Debug:
newHandler = auth.CheckAuthHandler(
handler,
loginRedirectRejector,
)
default:
panic("you missed a spot")
}
newHandler = auth.WrapHandler(
newHandler,
wrappa.Validator,
)
wrapped[name] = newHandler
}
return wrapped
}
BeforeEach(func() {
fakeValidator = new(fakes.FakeValidator)
fakeRejector = new(fakes.FakeRejector)
fakeRejector.UnauthorizedStub = func(w http.ResponseWriter, r *http.Request) {
http.Error(w, "nope", http.StatusUnauthorized)
}
a := make(chan bool, 1)
authenticated = a
simpleHandler := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
a <- auth.IsAuthenticated(r)
})
server = httptest.NewServer(auth.WrapHandler(
simpleHandler,
fakeValidator,
))
client = &http.Client{
Transport: &http.Transport{},
}
})
Context("when a request is made", func() {
var request *http.Request
var response *http.Response
BeforeEach(func() {
var err error
request, err = http.NewRequest("GET", server.URL, bytes.NewBufferString("hello"))
expectedHandlers = rata.Handlers{
web.Index: inputHandlers[web.Index],
web.Pipeline: inputHandlers[web.Pipeline],
web.TriggerBuild: inputHandlers[web.TriggerBuild],
web.GetBuild: inputHandlers[web.GetBuild],
web.GetBuilds: inputHandlers[web.GetBuilds],
web.GetJoblessBuild: inputHandlers[web.GetJoblessBuild],
web.Public: inputHandlers[web.Public],
web.GetResource: inputHandlers[web.GetResource],
web.GetJob: inputHandlers[web.GetJob],
web.LogIn: inputHandlers[web.LogIn],
web.BasicAuth: auth.WrapHandler(
auth.CheckAuthHandler(
inputHandlers[web.BasicAuth],
auth.BasicAuthRejector{},
),
fakeValidator,
fakeUserContextReader,
),
}
})
JustBeforeEach(func() {
wrappedHandlers = wrappa.NewWebAuthWrappa(
fakeValidator,
fakeUserContextReader,
).Wrap(inputHandlers)
})
It("requires validation for the basic auth route", func() {
for name, _ := range inputHandlers {
. "github.com/onsi/ginkgo"
. "github.com/onsi/gomega"
)
var _ = Describe("APIAuthWrappa", func() {
var (
fakeValidator *fakes.FakeValidator
)
BeforeEach(func() {
fakeValidator = new(fakes.FakeValidator)
})
unauthed := func(handler http.Handler) http.Handler {
return auth.WrapHandler(
handler,
fakeValidator,
)
}
authed := func(handler http.Handler) http.Handler {
return auth.WrapHandler(
auth.CheckAuthHandler(
handler,
auth.UnauthorizedRejector{},
),
fakeValidator,
)
}
Describe("Wrap", func() {
var (
)
var _ = Describe("WebAuthWrappa", func() {
var (
publiclyViewable bool
fakeValidator *fakes.FakeValidator
)
BeforeEach(func() {
publiclyViewable = true
fakeValidator = new(fakes.FakeValidator)
})
unauthed := func(handler http.Handler) http.Handler {
return auth.WrapHandler(
handler,
fakeValidator,
)
}
authed := func(handler http.Handler) http.Handler {
return auth.WrapHandler(
auth.CheckAuthHandler(
handler,
auth.RedirectRejector{
Location: "/login",
},
),
fakeValidator,
)
}
