forked from nrabulinski/attic
75 lines
2.2 KiB
Rust
75 lines
2.2 KiB
Rust
use super::*;
|
|
|
|
use attic::cache::CacheName;
|
|
|
|
macro_rules! cache {
|
|
($n:expr) => {
|
|
CacheName::new($n.to_string()).unwrap()
|
|
};
|
|
}
|
|
|
|
#[test]
|
|
fn test_basic() {
|
|
// "very secure secret"
|
|
let base64_secret = "dmVyeSBzZWN1cmUgc2VjcmV0";
|
|
|
|
let dec_key = decode_token_hs256_secret_base64(base64_secret).unwrap();
|
|
|
|
/*
|
|
{
|
|
"sub": "meow",
|
|
"exp": 4102324986,
|
|
"https://jwt.attic.rs/v1": {
|
|
"caches": {
|
|
"cache-rw": {"r":1,"w":1},
|
|
"cache-ro": {"r":1},
|
|
"team-*": {"r":1,"w":1,"cc":1}
|
|
}
|
|
}
|
|
}
|
|
*/
|
|
|
|
let token = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJtZW93IiwiZXhwIjo0MTAyMzI0OTg2LCJodHRwczovL2p3dC5hdHRpYy5ycy92MSI6eyJjYWNoZXMiOnsiY2FjaGUtcnciOnsiciI6MSwidyI6MX0sImNhY2hlLXJvIjp7InIiOjF9LCJ0ZWFtLSoiOnsiciI6MSwidyI6MSwiY2MiOjF9fX19.UlsIM9bQHr9SXGAcSQcoVPo9No8Zhh6Y5xfX8vCmKmA";
|
|
|
|
let decoded = Token::from_jwt(token, &dec_key).unwrap();
|
|
|
|
let perm_rw = decoded.get_permission_for_cache(&cache! { "cache-rw" });
|
|
|
|
assert!(perm_rw.pull);
|
|
assert!(perm_rw.push);
|
|
assert!(!perm_rw.delete);
|
|
assert!(!perm_rw.create_cache);
|
|
|
|
assert!(perm_rw.require_pull().is_ok());
|
|
assert!(perm_rw.require_push().is_ok());
|
|
assert!(perm_rw.require_delete().is_err());
|
|
assert!(perm_rw.require_create_cache().is_err());
|
|
|
|
let perm_ro = decoded.get_permission_for_cache(&cache! { "cache-ro" });
|
|
|
|
assert!(perm_ro.pull);
|
|
assert!(!perm_ro.push);
|
|
assert!(!perm_ro.delete);
|
|
assert!(!perm_ro.create_cache);
|
|
|
|
assert!(perm_ro.require_pull().is_ok());
|
|
assert!(perm_ro.require_push().is_err());
|
|
assert!(perm_ro.require_delete().is_err());
|
|
assert!(perm_ro.require_create_cache().is_err());
|
|
|
|
let perm_team = decoded.get_permission_for_cache(&cache! { "team-xyz" });
|
|
|
|
assert!(perm_team.pull);
|
|
assert!(perm_team.push);
|
|
assert!(!perm_team.delete);
|
|
assert!(perm_team.create_cache);
|
|
|
|
assert!(perm_team.require_pull().is_ok());
|
|
assert!(perm_team.require_push().is_ok());
|
|
assert!(perm_team.require_delete().is_err());
|
|
assert!(perm_team.require_create_cache().is_ok());
|
|
|
|
assert!(!decoded
|
|
.get_permission_for_cache(&cache! { "forbidden-cache" })
|
|
.can_discover());
|
|
}
|