func (s *S) TestExportEnvironmentsBackward(c *gocheck.C) { envNames := []string{ "TSURU_APP_TOKEN", } app := App{Name: "moon", Platform: "opeth", Env: make(map[string]bind.EnvVar)} for _, name := range envNames { envVar := bind.EnvVar{Name: name, Value: name, Public: false} app.Env[name] = envVar } token, err := auth.CreateApplicationToken(app.Name) c.Assert(err, gocheck.IsNil) app.Env["TSURU_APP_TOKEN"] = bind.EnvVar{Name: "TSURU_APP_NAME", Value: token.Token} err = s.conn.Apps().Insert(app) c.Assert(err, gocheck.IsNil) defer s.conn.Apps().Remove(bson.M{"name": app.Name}) ctx := action.BWContext{Params: []interface{}{&app}} exportEnvironmentsAction.Backward(ctx) copy, err := GetByName(app.Name) c.Assert(err, gocheck.IsNil) for _, name := range envNames { if _, ok := copy.Env[name]; ok { c.Errorf("Variable %q should be unexported, but it's still exported.", name) } } _, err = auth.GetToken("bearer " + token.Token) c.Assert(err, gocheck.Equals, auth.ErrInvalidToken) }
func (fn AdminRequiredHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) { setVersionHeaders(w) defer func() { if r.Body != nil { r.Body.Close() } }() fw := io.FlushingWriter{ResponseWriter: w} header := r.Header.Get("Authorization") if header == "" { http.Error(&fw, "You must provide the Authorization header", http.StatusUnauthorized) } else if t, err := auth.GetToken(header); err != nil { http.Error(&fw, "Invalid token", http.StatusUnauthorized) } else if user, err := t.User(); err != nil || !user.IsAdmin() { http.Error(&fw, "Forbidden", http.StatusForbidden) } else if err = fn(&fw, r, t); err != nil { code := http.StatusInternalServerError if e, ok := err.(*errors.HTTP); ok { code = e.Code } if fw.Wrote() { fmt.Fprintln(&fw, err) } else { http.Error(&fw, err.Error(), code) } log.Error(err.Error()) } }
func (s *S) TestExportEnvironmentsForward(c *gocheck.C) { expectedHost := "localhost" config.Set("host", expectedHost) app := App{Name: "mist", Platform: "opeth"} err := s.conn.Apps().Insert(app) c.Assert(err, gocheck.IsNil) defer s.conn.Apps().Remove(bson.M{"name": app.Name}) ctx := action.FWContext{Params: []interface{}{&app}} result, err := exportEnvironmentsAction.Forward(ctx) c.Assert(err, gocheck.IsNil) c.Assert(result, gocheck.Equals, nil) gotApp, err := GetByName(app.Name) c.Assert(err, gocheck.IsNil) appEnv := gotApp.InstanceEnv("") c.Assert(appEnv["TSURU_APPNAME"].Value, gocheck.Equals, app.Name) c.Assert(appEnv["TSURU_APPNAME"].Public, gocheck.Equals, false) c.Assert(appEnv["TSURU_HOST"].Value, gocheck.Equals, expectedHost) c.Assert(appEnv["TSURU_HOST"].Public, gocheck.Equals, false) c.Assert(appEnv["TSURU_APP_TOKEN"].Value, gocheck.Not(gocheck.Equals), "") c.Assert(appEnv["TSURU_APP_TOKEN"].Public, gocheck.Equals, false) t, err := auth.GetToken("bearer " + appEnv["TSURU_APP_TOKEN"].Value) c.Assert(err, gocheck.IsNil) c.Assert(t.AppName, gocheck.Equals, app.Name) message, err := aqueue().Get(2e9) c.Assert(err, gocheck.IsNil) c.Assert(message.Action, gocheck.Equals, regenerateApprc) c.Assert(message.Args, gocheck.DeepEquals, []string{app.Name}) }
func validate(token string, r *http.Request) (*auth.Token, error) { if token == "" { return nil, &errors.HTTP{ Message: "You must provide the Authorization header", } } invalid := &errors.HTTP{Message: "Invalid token"} t, err := auth.GetToken(token) if err != nil { return nil, invalid } if t.AppName != "" { if q := r.URL.Query().Get(":app"); q != "" && t.AppName != q { return nil, invalid } } return t, nil }