mirror of
https://github.com/meilisearch/MeiliSearch
synced 2024-11-26 23:04:26 +01:00
Re-authorize master_key to access to all routes
This commit is contained in:
parent
1816db8c1f
commit
b2e2dc8558
@ -177,7 +177,7 @@ pub mod policies {
|
|||||||
// if master key is None only keys routes are inaccessible.
|
// if master key is None only keys routes are inaccessible.
|
||||||
if auth
|
if auth
|
||||||
.get_master_key()
|
.get_master_key()
|
||||||
.map_or_else(|| !is_keys_action(A), |mk| mk == token && is_keys_action(A))
|
.map_or_else(|| !is_keys_action(A), |mk| mk == token)
|
||||||
{
|
{
|
||||||
return Some(AuthFilter::default());
|
return Some(AuthFilter::default());
|
||||||
}
|
}
|
||||||
|
@ -188,41 +188,14 @@ async fn error_access_unauthorized_action() {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
#[actix_rt::test]
|
|
||||||
#[cfg_attr(target_os = "windows", ignore)]
|
|
||||||
async fn error_access_master_key() {
|
|
||||||
let mut server = Server::new_auth().await;
|
|
||||||
server.use_api_key("MASTER_KEY");
|
|
||||||
|
|
||||||
// master key must only have access to /keys
|
|
||||||
for ((method, route), _) in AUTHORIZATIONS
|
|
||||||
.iter()
|
|
||||||
.filter(|(_, action)| action.iter().all(|a| !a.starts_with("keys.")))
|
|
||||||
{
|
|
||||||
let (response, code) = server.dummy_request(method, route).await;
|
|
||||||
|
|
||||||
assert_eq!(
|
|
||||||
response,
|
|
||||||
INVALID_RESPONSE.clone(),
|
|
||||||
"on route: {:?} - {:?}",
|
|
||||||
method,
|
|
||||||
route
|
|
||||||
);
|
|
||||||
assert_eq!(403, code, "{:?}", &response);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
#[actix_rt::test]
|
#[actix_rt::test]
|
||||||
#[cfg_attr(target_os = "windows", ignore)]
|
#[cfg_attr(target_os = "windows", ignore)]
|
||||||
async fn access_authorized_master_key() {
|
async fn access_authorized_master_key() {
|
||||||
let mut server = Server::new_auth().await;
|
let mut server = Server::new_auth().await;
|
||||||
server.use_api_key("MASTER_KEY");
|
server.use_api_key("MASTER_KEY");
|
||||||
|
|
||||||
// master key must only have access to /keys
|
// master key must have access to all routes.
|
||||||
for ((method, route), _) in AUTHORIZATIONS
|
for ((method, route), _) in AUTHORIZATIONS.iter() {
|
||||||
.iter()
|
|
||||||
.filter(|(_, action)| action.iter().any(|a| a.starts_with("keys.")))
|
|
||||||
{
|
|
||||||
let (response, code) = server.dummy_request(method, route).await;
|
let (response, code) = server.dummy_request(method, route).await;
|
||||||
|
|
||||||
assert_ne!(
|
assert_ne!(
|
||||||
|
Loading…
Reference in New Issue
Block a user